2 * Copyright (c) 2007-2009
3 * Damien Bergamini <damien.bergamini@free.fr>
5 * Benjamin Close <benjsc@FreeBSD.org>
6 * Copyright (c) 2008 Sam Leffler, Errno Consulting
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 * Driver for Intel WiFi Link 4965 and 1000/5000/6000 Series 802.11 network
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
29 #include <sys/param.h>
30 #include <sys/sockio.h>
31 #include <sys/sysctl.h>
33 #include <sys/kernel.h>
34 #include <sys/socket.h>
35 #include <sys/systm.h>
36 #include <sys/malloc.h>
39 #include <sys/endian.h>
40 #include <sys/firmware.h>
41 #include <sys/limits.h>
42 #include <sys/module.h>
43 #include <sys/queue.h>
44 #include <sys/taskqueue.h>
46 #include <machine/bus.h>
47 #include <machine/resource.h>
48 #include <machine/clock.h>
50 #include <dev/pci/pcireg.h>
51 #include <dev/pci/pcivar.h>
55 #include <net/if_arp.h>
56 #include <net/ethernet.h>
57 #include <net/if_dl.h>
58 #include <net/if_media.h>
59 #include <net/if_types.h>
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/in_var.h>
64 #include <netinet/if_ether.h>
65 #include <netinet/ip.h>
67 #include <net80211/ieee80211_var.h>
68 #include <net80211/ieee80211_radiotap.h>
69 #include <net80211/ieee80211_regdomain.h>
70 #include <net80211/ieee80211_ratectl.h>
72 #include <dev/iwn/if_iwnreg.h>
73 #include <dev/iwn/if_iwnvar.h>
81 static const struct iwn_ident iwn_ident_table[] = {
82 { 0x8086, 0x0082, "Intel Centrino Advanced-N 6205" },
83 { 0x8086, 0x0083, "Intel Centrino Wireless-N 1000" },
84 { 0x8086, 0x0084, "Intel Centrino Wireless-N 1000" },
85 { 0x8086, 0x0085, "Intel Centrino Advanced-N 6205" },
86 { 0x8086, 0x0087, "Intel Centrino Advanced-N + WiMAX 6250" },
87 { 0x8086, 0x0089, "Intel Centrino Advanced-N + WiMAX 6250" },
88 { 0x8086, 0x008a, "Intel Centrino Wireless-N 1030" },
89 { 0x8086, 0x008b, "Intel Centrino Wireless-N 1030" },
90 { 0x8086, 0x0090, "Intel Centrino Advanced-N 6230" },
91 { 0x8086, 0x0091, "Intel Centrino Advanced-N 6230" },
92 { 0x8086, 0x0885, "Intel Centrino Wireless-N + WiMAX 6150" },
93 { 0x8086, 0x0886, "Intel Centrino Wireless-N + WiMAX 6150" },
94 { 0x8086, 0x0896, "Intel Centrino Wireless-N 130" },
95 { 0x8086, 0x4229, "Intel Wireless WiFi Link 4965" },
96 { 0x8086, 0x422b, "Intel Centrino Ultimate-N 6300" },
97 { 0x8086, 0x422c, "Intel Centrino Advanced-N 6200" },
98 { 0x8086, 0x422d, "Intel Wireless WiFi Link 4965" },
99 { 0x8086, 0x4230, "Intel Wireless WiFi Link 4965" },
100 { 0x8086, 0x4232, "Intel WiFi Link 5100" },
101 { 0x8086, 0x4233, "Intel Wireless WiFi Link 4965" },
102 { 0x8086, 0x4235, "Intel Ultimate N WiFi Link 5300" },
103 { 0x8086, 0x4236, "Intel Ultimate N WiFi Link 5300" },
104 { 0x8086, 0x4237, "Intel WiFi Link 5100" },
105 { 0x8086, 0x4238, "Intel Centrino Ultimate-N 6300" },
106 { 0x8086, 0x4239, "Intel Centrino Advanced-N 6200" },
107 { 0x8086, 0x423a, "Intel WiMAX/WiFi Link 5350" },
108 { 0x8086, 0x423b, "Intel WiMAX/WiFi Link 5350" },
109 { 0x8086, 0x423c, "Intel WiMAX/WiFi Link 5150" },
110 { 0x8086, 0x423d, "Intel WiMAX/WiFi Link 5150" },
114 static int iwn_probe(device_t);
115 static int iwn_attach(device_t);
116 static int iwn4965_attach(struct iwn_softc *, uint16_t);
117 static int iwn5000_attach(struct iwn_softc *, uint16_t);
118 static void iwn_radiotap_attach(struct iwn_softc *);
119 static void iwn_sysctlattach(struct iwn_softc *);
120 static struct ieee80211vap *iwn_vap_create(struct ieee80211com *,
121 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
122 const uint8_t [IEEE80211_ADDR_LEN],
123 const uint8_t [IEEE80211_ADDR_LEN]);
124 static void iwn_vap_delete(struct ieee80211vap *);
125 static int iwn_detach(device_t);
126 static int iwn_shutdown(device_t);
127 static int iwn_suspend(device_t);
128 static int iwn_resume(device_t);
129 static int iwn_nic_lock(struct iwn_softc *);
130 static int iwn_eeprom_lock(struct iwn_softc *);
131 static int iwn_init_otprom(struct iwn_softc *);
132 static int iwn_read_prom_data(struct iwn_softc *, uint32_t, void *, int);
133 static void iwn_dma_map_addr(void *, bus_dma_segment_t *, int, int);
134 static int iwn_dma_contig_alloc(struct iwn_softc *, struct iwn_dma_info *,
135 void **, bus_size_t, bus_size_t);
136 static void iwn_dma_contig_free(struct iwn_dma_info *);
137 static int iwn_alloc_sched(struct iwn_softc *);
138 static void iwn_free_sched(struct iwn_softc *);
139 static int iwn_alloc_kw(struct iwn_softc *);
140 static void iwn_free_kw(struct iwn_softc *);
141 static int iwn_alloc_ict(struct iwn_softc *);
142 static void iwn_free_ict(struct iwn_softc *);
143 static int iwn_alloc_fwmem(struct iwn_softc *);
144 static void iwn_free_fwmem(struct iwn_softc *);
145 static int iwn_alloc_rx_ring(struct iwn_softc *, struct iwn_rx_ring *);
146 static void iwn_reset_rx_ring(struct iwn_softc *, struct iwn_rx_ring *);
147 static void iwn_free_rx_ring(struct iwn_softc *, struct iwn_rx_ring *);
148 static int iwn_alloc_tx_ring(struct iwn_softc *, struct iwn_tx_ring *,
150 static void iwn_reset_tx_ring(struct iwn_softc *, struct iwn_tx_ring *);
151 static void iwn_free_tx_ring(struct iwn_softc *, struct iwn_tx_ring *);
152 static void iwn5000_ict_reset(struct iwn_softc *);
153 static int iwn_read_eeprom(struct iwn_softc *,
154 uint8_t macaddr[IEEE80211_ADDR_LEN]);
155 static void iwn4965_read_eeprom(struct iwn_softc *);
156 static void iwn4965_print_power_group(struct iwn_softc *, int);
157 static void iwn5000_read_eeprom(struct iwn_softc *);
158 static uint32_t iwn_eeprom_channel_flags(struct iwn_eeprom_chan *);
159 static void iwn_read_eeprom_band(struct iwn_softc *, int);
160 static void iwn_read_eeprom_ht40(struct iwn_softc *, int);
161 static void iwn_read_eeprom_channels(struct iwn_softc *, int, uint32_t);
162 static struct iwn_eeprom_chan *iwn_find_eeprom_channel(struct iwn_softc *,
163 struct ieee80211_channel *);
164 static int iwn_setregdomain(struct ieee80211com *,
165 struct ieee80211_regdomain *, int,
166 struct ieee80211_channel[]);
167 static void iwn_read_eeprom_enhinfo(struct iwn_softc *);
168 static struct ieee80211_node *iwn_node_alloc(struct ieee80211vap *,
169 const uint8_t mac[IEEE80211_ADDR_LEN]);
170 static void iwn_newassoc(struct ieee80211_node *, int);
171 static int iwn_media_change(struct ifnet *);
172 static int iwn_newstate(struct ieee80211vap *, enum ieee80211_state, int);
173 static void iwn_calib_timeout(void *);
174 static void iwn_rx_phy(struct iwn_softc *, struct iwn_rx_desc *,
175 struct iwn_rx_data *);
176 static void iwn_rx_done(struct iwn_softc *, struct iwn_rx_desc *,
177 struct iwn_rx_data *);
178 static void iwn_rx_compressed_ba(struct iwn_softc *, struct iwn_rx_desc *,
179 struct iwn_rx_data *);
180 static void iwn5000_rx_calib_results(struct iwn_softc *,
181 struct iwn_rx_desc *, struct iwn_rx_data *);
182 static void iwn_rx_statistics(struct iwn_softc *, struct iwn_rx_desc *,
183 struct iwn_rx_data *);
184 static void iwn4965_tx_done(struct iwn_softc *, struct iwn_rx_desc *,
185 struct iwn_rx_data *);
186 static void iwn5000_tx_done(struct iwn_softc *, struct iwn_rx_desc *,
187 struct iwn_rx_data *);
188 static void iwn_tx_done(struct iwn_softc *, struct iwn_rx_desc *, int,
190 static void iwn_ampdu_tx_done(struct iwn_softc *, int, int, int, void *);
191 static void iwn_cmd_done(struct iwn_softc *, struct iwn_rx_desc *);
192 static void iwn_notif_intr(struct iwn_softc *);
193 static void iwn_wakeup_intr(struct iwn_softc *);
194 static void iwn_rftoggle_intr(struct iwn_softc *);
195 static void iwn_fatal_intr(struct iwn_softc *);
196 static void iwn_intr(void *);
197 static void iwn4965_update_sched(struct iwn_softc *, int, int, uint8_t,
199 static void iwn5000_update_sched(struct iwn_softc *, int, int, uint8_t,
202 static void iwn5000_reset_sched(struct iwn_softc *, int, int);
204 static int iwn_tx_data(struct iwn_softc *, struct mbuf *,
205 struct ieee80211_node *);
206 static int iwn_tx_data_raw(struct iwn_softc *, struct mbuf *,
207 struct ieee80211_node *,
208 const struct ieee80211_bpf_params *params);
209 static int iwn_raw_xmit(struct ieee80211_node *, struct mbuf *,
210 const struct ieee80211_bpf_params *);
211 static void iwn_start(struct ifnet *);
212 static void iwn_start_locked(struct ifnet *);
213 static void iwn_watchdog(void *);
214 static int iwn_ioctl(struct ifnet *, u_long, caddr_t);
215 static int iwn_cmd(struct iwn_softc *, int, const void *, int, int);
216 static int iwn4965_add_node(struct iwn_softc *, struct iwn_node_info *,
218 static int iwn5000_add_node(struct iwn_softc *, struct iwn_node_info *,
220 static int iwn_set_link_quality(struct iwn_softc *,
221 struct ieee80211_node *);
222 static int iwn_add_broadcast_node(struct iwn_softc *, int);
223 static int iwn_updateedca(struct ieee80211com *);
224 static void iwn_update_mcast(struct ifnet *);
225 static void iwn_set_led(struct iwn_softc *, uint8_t, uint8_t, uint8_t);
226 static int iwn_set_critical_temp(struct iwn_softc *);
227 static int iwn_set_timing(struct iwn_softc *, struct ieee80211_node *);
228 static void iwn4965_power_calibration(struct iwn_softc *, int);
229 static int iwn4965_set_txpower(struct iwn_softc *,
230 struct ieee80211_channel *, int);
231 static int iwn5000_set_txpower(struct iwn_softc *,
232 struct ieee80211_channel *, int);
233 static int iwn4965_get_rssi(struct iwn_softc *, struct iwn_rx_stat *);
234 static int iwn5000_get_rssi(struct iwn_softc *, struct iwn_rx_stat *);
235 static int iwn_get_noise(const struct iwn_rx_general_stats *);
236 static int iwn4965_get_temperature(struct iwn_softc *);
237 static int iwn5000_get_temperature(struct iwn_softc *);
238 static int iwn_init_sensitivity(struct iwn_softc *);
239 static void iwn_collect_noise(struct iwn_softc *,
240 const struct iwn_rx_general_stats *);
241 static int iwn4965_init_gains(struct iwn_softc *);
242 static int iwn5000_init_gains(struct iwn_softc *);
243 static int iwn4965_set_gains(struct iwn_softc *);
244 static int iwn5000_set_gains(struct iwn_softc *);
245 static void iwn_tune_sensitivity(struct iwn_softc *,
246 const struct iwn_rx_stats *);
247 static int iwn_send_sensitivity(struct iwn_softc *);
248 static int iwn_set_pslevel(struct iwn_softc *, int, int, int);
249 static int iwn_send_btcoex(struct iwn_softc *);
250 static int iwn_send_advanced_btcoex(struct iwn_softc *);
251 static int iwn5000_runtime_calib(struct iwn_softc *);
252 static int iwn_config(struct iwn_softc *);
253 static uint8_t *ieee80211_add_ssid(uint8_t *, const uint8_t *, u_int);
254 static int iwn_scan(struct iwn_softc *);
255 static int iwn_auth(struct iwn_softc *, struct ieee80211vap *vap);
256 static int iwn_run(struct iwn_softc *, struct ieee80211vap *vap);
257 static int iwn_ampdu_rx_start(struct ieee80211_node *,
258 struct ieee80211_rx_ampdu *, int, int, int);
259 static void iwn_ampdu_rx_stop(struct ieee80211_node *,
260 struct ieee80211_rx_ampdu *);
261 static int iwn_addba_request(struct ieee80211_node *,
262 struct ieee80211_tx_ampdu *, int, int, int);
263 static int iwn_addba_response(struct ieee80211_node *,
264 struct ieee80211_tx_ampdu *, int, int, int);
265 static int iwn_ampdu_tx_start(struct ieee80211com *,
266 struct ieee80211_node *, uint8_t);
267 static void iwn_ampdu_tx_stop(struct ieee80211_node *,
268 struct ieee80211_tx_ampdu *);
269 static void iwn4965_ampdu_tx_start(struct iwn_softc *,
270 struct ieee80211_node *, int, uint8_t, uint16_t);
271 static void iwn4965_ampdu_tx_stop(struct iwn_softc *, int,
273 static void iwn5000_ampdu_tx_start(struct iwn_softc *,
274 struct ieee80211_node *, int, uint8_t, uint16_t);
275 static void iwn5000_ampdu_tx_stop(struct iwn_softc *, int,
277 static int iwn5000_query_calibration(struct iwn_softc *);
278 static int iwn5000_send_calibration(struct iwn_softc *);
279 static int iwn5000_send_wimax_coex(struct iwn_softc *);
280 static int iwn5000_crystal_calib(struct iwn_softc *);
281 static int iwn5000_temp_offset_calib(struct iwn_softc *);
282 static int iwn4965_post_alive(struct iwn_softc *);
283 static int iwn5000_post_alive(struct iwn_softc *);
284 static int iwn4965_load_bootcode(struct iwn_softc *, const uint8_t *,
286 static int iwn4965_load_firmware(struct iwn_softc *);
287 static int iwn5000_load_firmware_section(struct iwn_softc *, uint32_t,
288 const uint8_t *, int);
289 static int iwn5000_load_firmware(struct iwn_softc *);
290 static int iwn_read_firmware_leg(struct iwn_softc *,
291 struct iwn_fw_info *);
292 static int iwn_read_firmware_tlv(struct iwn_softc *,
293 struct iwn_fw_info *, uint16_t);
294 static int iwn_read_firmware(struct iwn_softc *);
295 static int iwn_clock_wait(struct iwn_softc *);
296 static int iwn_apm_init(struct iwn_softc *);
297 static void iwn_apm_stop_master(struct iwn_softc *);
298 static void iwn_apm_stop(struct iwn_softc *);
299 static int iwn4965_nic_config(struct iwn_softc *);
300 static int iwn5000_nic_config(struct iwn_softc *);
301 static int iwn_hw_prepare(struct iwn_softc *);
302 static int iwn_hw_init(struct iwn_softc *);
303 static void iwn_hw_stop(struct iwn_softc *);
304 static void iwn_radio_on(void *, int);
305 static void iwn_radio_off(void *, int);
306 static void iwn_init_locked(struct iwn_softc *);
307 static void iwn_init(void *);
308 static void iwn_stop_locked(struct iwn_softc *);
309 static void iwn_stop(struct iwn_softc *);
310 static void iwn_scan_start(struct ieee80211com *);
311 static void iwn_scan_end(struct ieee80211com *);
312 static void iwn_set_channel(struct ieee80211com *);
313 static void iwn_scan_curchan(struct ieee80211_scan_state *, unsigned long);
314 static void iwn_scan_mindwell(struct ieee80211_scan_state *);
315 static void iwn_hw_reset(void *, int);
320 IWN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
321 IWN_DEBUG_RECV = 0x00000002, /* basic recv operation */
322 IWN_DEBUG_STATE = 0x00000004, /* 802.11 state transitions */
323 IWN_DEBUG_TXPOW = 0x00000008, /* tx power processing */
324 IWN_DEBUG_RESET = 0x00000010, /* reset processing */
325 IWN_DEBUG_OPS = 0x00000020, /* iwn_ops processing */
326 IWN_DEBUG_BEACON = 0x00000040, /* beacon handling */
327 IWN_DEBUG_WATCHDOG = 0x00000080, /* watchdog timeout */
328 IWN_DEBUG_INTR = 0x00000100, /* ISR */
329 IWN_DEBUG_CALIBRATE = 0x00000200, /* periodic calibration */
330 IWN_DEBUG_NODE = 0x00000400, /* node management */
331 IWN_DEBUG_LED = 0x00000800, /* led management */
332 IWN_DEBUG_CMD = 0x00001000, /* cmd submission */
333 IWN_DEBUG_FATAL = 0x80000000, /* fatal errors */
334 IWN_DEBUG_ANY = 0xffffffff
337 #define DPRINTF(sc, m, fmt, ...) do { \
338 if (sc->sc_debug & (m)) \
339 printf(fmt, __VA_ARGS__); \
343 iwn_intr_str(uint8_t cmd)
347 case IWN_UC_READY: return "UC_READY";
348 case IWN_ADD_NODE_DONE: return "ADD_NODE_DONE";
349 case IWN_TX_DONE: return "TX_DONE";
350 case IWN_START_SCAN: return "START_SCAN";
351 case IWN_STOP_SCAN: return "STOP_SCAN";
352 case IWN_RX_STATISTICS: return "RX_STATS";
353 case IWN_BEACON_STATISTICS: return "BEACON_STATS";
354 case IWN_STATE_CHANGED: return "STATE_CHANGED";
355 case IWN_BEACON_MISSED: return "BEACON_MISSED";
356 case IWN_RX_PHY: return "RX_PHY";
357 case IWN_MPDU_RX_DONE: return "MPDU_RX_DONE";
358 case IWN_RX_DONE: return "RX_DONE";
360 /* Command Notifications */
361 case IWN_CMD_RXON: return "IWN_CMD_RXON";
362 case IWN_CMD_RXON_ASSOC: return "IWN_CMD_RXON_ASSOC";
363 case IWN_CMD_EDCA_PARAMS: return "IWN_CMD_EDCA_PARAMS";
364 case IWN_CMD_TIMING: return "IWN_CMD_TIMING";
365 case IWN_CMD_LINK_QUALITY: return "IWN_CMD_LINK_QUALITY";
366 case IWN_CMD_SET_LED: return "IWN_CMD_SET_LED";
367 case IWN5000_CMD_WIMAX_COEX: return "IWN5000_CMD_WIMAX_COEX";
368 case IWN5000_CMD_CALIB_CONFIG: return "IWN5000_CMD_CALIB_CONFIG";
369 case IWN5000_CMD_CALIB_RESULT: return "IWN5000_CMD_CALIB_RESULT";
370 case IWN5000_CMD_CALIB_COMPLETE: return "IWN5000_CMD_CALIB_COMPLETE";
371 case IWN_CMD_SET_POWER_MODE: return "IWN_CMD_SET_POWER_MODE";
372 case IWN_CMD_SCAN: return "IWN_CMD_SCAN";
373 case IWN_CMD_SCAN_RESULTS: return "IWN_CMD_SCAN_RESULTS";
374 case IWN_CMD_TXPOWER: return "IWN_CMD_TXPOWER";
375 case IWN_CMD_TXPOWER_DBM: return "IWN_CMD_TXPOWER_DBM";
376 case IWN5000_CMD_TX_ANT_CONFIG: return "IWN5000_CMD_TX_ANT_CONFIG";
377 case IWN_CMD_BT_COEX: return "IWN_CMD_BT_COEX";
378 case IWN_CMD_SET_CRITICAL_TEMP: return "IWN_CMD_SET_CRITICAL_TEMP";
379 case IWN_CMD_SET_SENSITIVITY: return "IWN_CMD_SET_SENSITIVITY";
380 case IWN_CMD_PHY_CALIB: return "IWN_CMD_PHY_CALIB";
382 return "UNKNOWN INTR NOTIF/CMD";
385 #define DPRINTF(sc, m, fmt, ...) do { (void) sc; } while (0)
388 static device_method_t iwn_methods[] = {
389 /* Device interface */
390 DEVMETHOD(device_probe, iwn_probe),
391 DEVMETHOD(device_attach, iwn_attach),
392 DEVMETHOD(device_detach, iwn_detach),
393 DEVMETHOD(device_shutdown, iwn_shutdown),
394 DEVMETHOD(device_suspend, iwn_suspend),
395 DEVMETHOD(device_resume, iwn_resume),
399 static driver_t iwn_driver = {
402 sizeof(struct iwn_softc)
404 static devclass_t iwn_devclass;
406 DRIVER_MODULE(iwn, pci, iwn_driver, iwn_devclass, 0, 0);
408 MODULE_VERSION(iwn, 1);
410 MODULE_DEPEND(iwn, firmware, 1, 1, 1);
411 MODULE_DEPEND(iwn, pci, 1, 1, 1);
412 MODULE_DEPEND(iwn, wlan, 1, 1, 1);
415 iwn_probe(device_t dev)
417 const struct iwn_ident *ident;
419 for (ident = iwn_ident_table; ident->name != NULL; ident++) {
420 if (pci_get_vendor(dev) == ident->vendor &&
421 pci_get_device(dev) == ident->device) {
422 device_set_desc(dev, ident->name);
430 iwn_attach(device_t dev)
432 struct iwn_softc *sc = (struct iwn_softc *)device_get_softc(dev);
433 struct ieee80211com *ic;
436 int i, error, result;
437 uint8_t macaddr[IEEE80211_ADDR_LEN];
442 * Get the offset of the PCI Express Capability Structure in PCI
443 * Configuration Space.
445 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off);
447 device_printf(dev, "PCIe capability structure not found!\n");
451 /* Clear device-specific "PCI retry timeout" register (41h). */
452 pci_write_config(dev, 0x41, 0, 1);
454 /* Hardware bug workaround. */
455 reg = pci_read_config(dev, PCIR_COMMAND, 1);
456 if (reg & PCIM_CMD_INTxDIS) {
457 DPRINTF(sc, IWN_DEBUG_RESET, "%s: PCIe INTx Disable set\n",
459 reg &= ~PCIM_CMD_INTxDIS;
460 pci_write_config(dev, PCIR_COMMAND, reg, 1);
463 /* Enable bus-mastering. */
464 pci_enable_busmaster(dev);
466 sc->mem_rid = PCIR_BAR(0);
467 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
469 if (sc->mem == NULL) {
470 device_printf(dev, "can't map mem space\n");
474 sc->sc_st = rman_get_bustag(sc->mem);
475 sc->sc_sh = rman_get_bushandle(sc->mem);
478 if ((result = pci_msi_count(dev)) == 1 &&
479 pci_alloc_msi(dev, &result) == 0)
481 /* Install interrupt handler. */
482 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
483 RF_ACTIVE | RF_SHAREABLE);
484 if (sc->irq == NULL) {
485 device_printf(dev, "can't map interrupt\n");
492 /* Read hardware revision and attach. */
493 sc->hw_type = (IWN_READ(sc, IWN_HW_REV) >> 4) & 0xf;
494 if (sc->hw_type == IWN_HW_REV_TYPE_4965)
495 error = iwn4965_attach(sc, pci_get_device(dev));
497 error = iwn5000_attach(sc, pci_get_device(dev));
499 device_printf(dev, "could not attach device, error %d\n",
504 if ((error = iwn_hw_prepare(sc)) != 0) {
505 device_printf(dev, "hardware not ready, error %d\n", error);
509 /* Allocate DMA memory for firmware transfers. */
510 if ((error = iwn_alloc_fwmem(sc)) != 0) {
512 "could not allocate memory for firmware, error %d\n",
517 /* Allocate "Keep Warm" page. */
518 if ((error = iwn_alloc_kw(sc)) != 0) {
520 "could not allocate keep warm page, error %d\n", error);
524 /* Allocate ICT table for 5000 Series. */
525 if (sc->hw_type != IWN_HW_REV_TYPE_4965 &&
526 (error = iwn_alloc_ict(sc)) != 0) {
527 device_printf(dev, "could not allocate ICT table, error %d\n",
532 /* Allocate TX scheduler "rings". */
533 if ((error = iwn_alloc_sched(sc)) != 0) {
535 "could not allocate TX scheduler rings, error %d\n", error);
539 /* Allocate TX rings (16 on 4965AGN, 20 on >=5000). */
540 for (i = 0; i < sc->ntxqs; i++) {
541 if ((error = iwn_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) {
543 "could not allocate TX ring %d, error %d\n", i,
549 /* Allocate RX ring. */
550 if ((error = iwn_alloc_rx_ring(sc, &sc->rxq)) != 0) {
551 device_printf(dev, "could not allocate RX ring, error %d\n",
556 /* Clear pending interrupts. */
557 IWN_WRITE(sc, IWN_INT, 0xffffffff);
559 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
561 device_printf(dev, "can not allocate ifnet structure\n");
567 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
568 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
570 /* Set device capabilities. */
572 IEEE80211_C_STA /* station mode supported */
573 | IEEE80211_C_MONITOR /* monitor mode supported */
574 | IEEE80211_C_BGSCAN /* background scanning */
575 | IEEE80211_C_TXPMGT /* tx power management */
576 | IEEE80211_C_SHSLOT /* short slot time supported */
578 | IEEE80211_C_SHPREAMBLE /* short preamble supported */
580 | IEEE80211_C_IBSS /* ibss/adhoc mode */
582 | IEEE80211_C_WME /* WME */
585 /* Read MAC address, channels, etc from EEPROM. */
586 if ((error = iwn_read_eeprom(sc, macaddr)) != 0) {
587 device_printf(dev, "could not read EEPROM, error %d\n",
592 /* Count the number of available chains. */
594 ((sc->txchainmask >> 2) & 1) +
595 ((sc->txchainmask >> 1) & 1) +
596 ((sc->txchainmask >> 0) & 1);
598 ((sc->rxchainmask >> 2) & 1) +
599 ((sc->rxchainmask >> 1) & 1) +
600 ((sc->rxchainmask >> 0) & 1);
602 device_printf(dev, "MIMO %dT%dR, %.4s, address %6D\n",
603 sc->ntxchains, sc->nrxchains, sc->eeprom_domain,
607 if (sc->sc_flags & IWN_FLAG_HAS_11N) {
608 ic->ic_rxstream = sc->nrxchains;
609 ic->ic_txstream = sc->ntxchains;
611 IEEE80211_HTCAP_SMPS_OFF /* SMPS mode disabled */
612 | IEEE80211_HTCAP_SHORTGI20 /* short GI in 20MHz */
613 | IEEE80211_HTCAP_CHWIDTH40 /* 40MHz channel width*/
614 | IEEE80211_HTCAP_SHORTGI40 /* short GI in 40MHz */
616 | IEEE80211_HTCAP_GREENFIELD
617 #if IWN_RBUF_SIZE == 8192
618 | IEEE80211_HTCAP_MAXAMSDU_7935 /* max A-MSDU length */
620 | IEEE80211_HTCAP_MAXAMSDU_3839 /* max A-MSDU length */
623 /* s/w capabilities */
624 | IEEE80211_HTC_HT /* HT operation */
625 | IEEE80211_HTC_AMPDU /* tx A-MPDU */
627 | IEEE80211_HTC_AMSDU /* tx A-MSDU */
632 if_initname(ifp, device_get_name(dev), device_get_unit(dev));
634 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
635 ifp->if_init = iwn_init;
636 ifp->if_ioctl = iwn_ioctl;
637 ifp->if_start = iwn_start;
638 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
639 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
640 IFQ_SET_READY(&ifp->if_snd);
642 ieee80211_ifattach(ic, macaddr);
643 ic->ic_vap_create = iwn_vap_create;
644 ic->ic_vap_delete = iwn_vap_delete;
645 ic->ic_raw_xmit = iwn_raw_xmit;
646 ic->ic_node_alloc = iwn_node_alloc;
647 sc->sc_ampdu_rx_start = ic->ic_ampdu_rx_start;
648 ic->ic_ampdu_rx_start = iwn_ampdu_rx_start;
649 sc->sc_ampdu_rx_stop = ic->ic_ampdu_rx_stop;
650 ic->ic_ampdu_rx_stop = iwn_ampdu_rx_stop;
651 sc->sc_addba_request = ic->ic_addba_request;
652 ic->ic_addba_request = iwn_addba_request;
653 sc->sc_addba_response = ic->ic_addba_response;
654 ic->ic_addba_response = iwn_addba_response;
655 sc->sc_addba_stop = ic->ic_addba_stop;
656 ic->ic_addba_stop = iwn_ampdu_tx_stop;
657 ic->ic_newassoc = iwn_newassoc;
658 ic->ic_wme.wme_update = iwn_updateedca;
659 ic->ic_update_mcast = iwn_update_mcast;
660 ic->ic_scan_start = iwn_scan_start;
661 ic->ic_scan_end = iwn_scan_end;
662 ic->ic_set_channel = iwn_set_channel;
663 ic->ic_scan_curchan = iwn_scan_curchan;
664 ic->ic_scan_mindwell = iwn_scan_mindwell;
665 ic->ic_setregdomain = iwn_setregdomain;
667 iwn_radiotap_attach(sc);
669 callout_init_mtx(&sc->calib_to, &sc->sc_mtx, 0);
670 callout_init_mtx(&sc->watchdog_to, &sc->sc_mtx, 0);
671 TASK_INIT(&sc->sc_reinit_task, 0, iwn_hw_reset, sc);
672 TASK_INIT(&sc->sc_radioon_task, 0, iwn_radio_on, sc);
673 TASK_INIT(&sc->sc_radiooff_task, 0, iwn_radio_off, sc);
675 iwn_sysctlattach(sc);
678 * Hook our interrupt after all initialization is complete.
680 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE,
681 NULL, iwn_intr, sc, &sc->sc_ih);
683 device_printf(dev, "can't establish interrupt, error %d\n",
689 ieee80211_announce(ic);
697 iwn4965_attach(struct iwn_softc *sc, uint16_t pid)
699 struct iwn_ops *ops = &sc->ops;
701 ops->load_firmware = iwn4965_load_firmware;
702 ops->read_eeprom = iwn4965_read_eeprom;
703 ops->post_alive = iwn4965_post_alive;
704 ops->nic_config = iwn4965_nic_config;
705 ops->update_sched = iwn4965_update_sched;
706 ops->get_temperature = iwn4965_get_temperature;
707 ops->get_rssi = iwn4965_get_rssi;
708 ops->set_txpower = iwn4965_set_txpower;
709 ops->init_gains = iwn4965_init_gains;
710 ops->set_gains = iwn4965_set_gains;
711 ops->add_node = iwn4965_add_node;
712 ops->tx_done = iwn4965_tx_done;
713 ops->ampdu_tx_start = iwn4965_ampdu_tx_start;
714 ops->ampdu_tx_stop = iwn4965_ampdu_tx_stop;
715 sc->ntxqs = IWN4965_NTXQUEUES;
716 sc->firstaggqueue = IWN4965_FIRSTAGGQUEUE;
717 sc->ndmachnls = IWN4965_NDMACHNLS;
718 sc->broadcast_id = IWN4965_ID_BROADCAST;
719 sc->rxonsz = IWN4965_RXONSZ;
720 sc->schedsz = IWN4965_SCHEDSZ;
721 sc->fw_text_maxsz = IWN4965_FW_TEXT_MAXSZ;
722 sc->fw_data_maxsz = IWN4965_FW_DATA_MAXSZ;
723 sc->fwsz = IWN4965_FWSZ;
724 sc->sched_txfact_addr = IWN4965_SCHED_TXFACT;
725 sc->limits = &iwn4965_sensitivity_limits;
726 sc->fwname = "iwn4965fw";
727 /* Override chains masks, ROM is known to be broken. */
728 sc->txchainmask = IWN_ANT_AB;
729 sc->rxchainmask = IWN_ANT_ABC;
735 iwn5000_attach(struct iwn_softc *sc, uint16_t pid)
737 struct iwn_ops *ops = &sc->ops;
739 ops->load_firmware = iwn5000_load_firmware;
740 ops->read_eeprom = iwn5000_read_eeprom;
741 ops->post_alive = iwn5000_post_alive;
742 ops->nic_config = iwn5000_nic_config;
743 ops->update_sched = iwn5000_update_sched;
744 ops->get_temperature = iwn5000_get_temperature;
745 ops->get_rssi = iwn5000_get_rssi;
746 ops->set_txpower = iwn5000_set_txpower;
747 ops->init_gains = iwn5000_init_gains;
748 ops->set_gains = iwn5000_set_gains;
749 ops->add_node = iwn5000_add_node;
750 ops->tx_done = iwn5000_tx_done;
751 ops->ampdu_tx_start = iwn5000_ampdu_tx_start;
752 ops->ampdu_tx_stop = iwn5000_ampdu_tx_stop;
753 sc->ntxqs = IWN5000_NTXQUEUES;
754 sc->firstaggqueue = IWN5000_FIRSTAGGQUEUE;
755 sc->ndmachnls = IWN5000_NDMACHNLS;
756 sc->broadcast_id = IWN5000_ID_BROADCAST;
757 sc->rxonsz = IWN5000_RXONSZ;
758 sc->schedsz = IWN5000_SCHEDSZ;
759 sc->fw_text_maxsz = IWN5000_FW_TEXT_MAXSZ;
760 sc->fw_data_maxsz = IWN5000_FW_DATA_MAXSZ;
761 sc->fwsz = IWN5000_FWSZ;
762 sc->sched_txfact_addr = IWN5000_SCHED_TXFACT;
763 sc->reset_noise_gain = IWN5000_PHY_CALIB_RESET_NOISE_GAIN;
764 sc->noise_gain = IWN5000_PHY_CALIB_NOISE_GAIN;
766 switch (sc->hw_type) {
767 case IWN_HW_REV_TYPE_5100:
768 sc->limits = &iwn5000_sensitivity_limits;
769 sc->fwname = "iwn5000fw";
770 /* Override chains masks, ROM is known to be broken. */
771 sc->txchainmask = IWN_ANT_B;
772 sc->rxchainmask = IWN_ANT_AB;
774 case IWN_HW_REV_TYPE_5150:
775 sc->limits = &iwn5150_sensitivity_limits;
776 sc->fwname = "iwn5150fw";
778 case IWN_HW_REV_TYPE_5300:
779 case IWN_HW_REV_TYPE_5350:
780 sc->limits = &iwn5000_sensitivity_limits;
781 sc->fwname = "iwn5000fw";
783 case IWN_HW_REV_TYPE_1000:
784 sc->limits = &iwn1000_sensitivity_limits;
785 sc->fwname = "iwn1000fw";
787 case IWN_HW_REV_TYPE_6000:
788 sc->limits = &iwn6000_sensitivity_limits;
789 sc->fwname = "iwn6000fw";
790 if (pid == 0x422c || pid == 0x4239) {
791 sc->sc_flags |= IWN_FLAG_INTERNAL_PA;
792 /* Override chains masks, ROM is known to be broken. */
793 sc->txchainmask = IWN_ANT_BC;
794 sc->rxchainmask = IWN_ANT_BC;
797 case IWN_HW_REV_TYPE_6050:
798 sc->limits = &iwn6000_sensitivity_limits;
799 sc->fwname = "iwn6050fw";
800 /* Override chains masks, ROM is known to be broken. */
801 sc->txchainmask = IWN_ANT_AB;
802 sc->rxchainmask = IWN_ANT_AB;
804 case IWN_HW_REV_TYPE_6005:
805 sc->limits = &iwn6000_sensitivity_limits;
806 if (pid != 0x0082 && pid != 0x0085) {
807 sc->fwname = "iwn6000g2bfw";
808 sc->sc_flags |= IWN_FLAG_ADV_BTCOEX;
810 sc->fwname = "iwn6000g2afw";
813 device_printf(sc->sc_dev, "adapter type %d not supported\n",
821 * Attach the interface to 802.11 radiotap.
824 iwn_radiotap_attach(struct iwn_softc *sc)
826 struct ifnet *ifp = sc->sc_ifp;
827 struct ieee80211com *ic = ifp->if_l2com;
829 ieee80211_radiotap_attach(ic,
830 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
831 IWN_TX_RADIOTAP_PRESENT,
832 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
833 IWN_RX_RADIOTAP_PRESENT);
837 iwn_sysctlattach(struct iwn_softc *sc)
839 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev);
840 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev);
844 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
845 "debug", CTLFLAG_RW, &sc->sc_debug, 0, "control debugging printfs");
849 static struct ieee80211vap *
850 iwn_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
851 enum ieee80211_opmode opmode, int flags,
852 const uint8_t bssid[IEEE80211_ADDR_LEN],
853 const uint8_t mac[IEEE80211_ADDR_LEN])
856 struct ieee80211vap *vap;
858 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
860 ivp = (struct iwn_vap *) malloc(sizeof(struct iwn_vap),
861 M_80211_VAP, M_NOWAIT | M_ZERO);
865 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac);
866 vap->iv_bmissthreshold = 10; /* override default */
867 /* Override with driver methods. */
868 ivp->iv_newstate = vap->iv_newstate;
869 vap->iv_newstate = iwn_newstate;
871 ieee80211_ratectl_init(vap);
872 /* Complete setup. */
873 ieee80211_vap_attach(vap, iwn_media_change, ieee80211_media_status);
874 ic->ic_opmode = opmode;
879 iwn_vap_delete(struct ieee80211vap *vap)
881 struct iwn_vap *ivp = IWN_VAP(vap);
883 ieee80211_ratectl_deinit(vap);
884 ieee80211_vap_detach(vap);
885 free(ivp, M_80211_VAP);
889 iwn_detach(device_t dev)
891 struct iwn_softc *sc = device_get_softc(dev);
892 struct ifnet *ifp = sc->sc_ifp;
893 struct ieee80211com *ic;
899 ieee80211_draintask(ic, &sc->sc_reinit_task);
900 ieee80211_draintask(ic, &sc->sc_radioon_task);
901 ieee80211_draintask(ic, &sc->sc_radiooff_task);
904 callout_drain(&sc->watchdog_to);
905 callout_drain(&sc->calib_to);
906 ieee80211_ifdetach(ic);
909 /* Uninstall interrupt handler. */
910 if (sc->irq != NULL) {
911 bus_teardown_intr(dev, sc->irq, sc->sc_ih);
912 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq);
913 if (sc->irq_rid == 1)
914 pci_release_msi(dev);
917 /* Free DMA resources. */
918 iwn_free_rx_ring(sc, &sc->rxq);
919 for (qid = 0; qid < sc->ntxqs; qid++)
920 iwn_free_tx_ring(sc, &sc->txq[qid]);
928 bus_release_resource(dev, SYS_RES_MEMORY, sc->mem_rid, sc->mem);
933 IWN_LOCK_DESTROY(sc);
938 iwn_shutdown(device_t dev)
940 struct iwn_softc *sc = device_get_softc(dev);
947 iwn_suspend(device_t dev)
949 struct iwn_softc *sc = device_get_softc(dev);
950 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
952 ieee80211_suspend_all(ic);
957 iwn_resume(device_t dev)
959 struct iwn_softc *sc = device_get_softc(dev);
960 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
962 /* Clear device-specific "PCI retry timeout" register (41h). */
963 pci_write_config(dev, 0x41, 0, 1);
965 ieee80211_resume_all(ic);
970 iwn_nic_lock(struct iwn_softc *sc)
974 /* Request exclusive access to NIC. */
975 IWN_SETBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_MAC_ACCESS_REQ);
977 /* Spin until we actually get the lock. */
978 for (ntries = 0; ntries < 1000; ntries++) {
979 if ((IWN_READ(sc, IWN_GP_CNTRL) &
980 (IWN_GP_CNTRL_MAC_ACCESS_ENA | IWN_GP_CNTRL_SLEEP)) ==
981 IWN_GP_CNTRL_MAC_ACCESS_ENA)
989 iwn_nic_unlock(struct iwn_softc *sc)
991 IWN_CLRBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_MAC_ACCESS_REQ);
994 static __inline uint32_t
995 iwn_prph_read(struct iwn_softc *sc, uint32_t addr)
997 IWN_WRITE(sc, IWN_PRPH_RADDR, IWN_PRPH_DWORD | addr);
998 IWN_BARRIER_READ_WRITE(sc);
999 return IWN_READ(sc, IWN_PRPH_RDATA);
1002 static __inline void
1003 iwn_prph_write(struct iwn_softc *sc, uint32_t addr, uint32_t data)
1005 IWN_WRITE(sc, IWN_PRPH_WADDR, IWN_PRPH_DWORD | addr);
1006 IWN_BARRIER_WRITE(sc);
1007 IWN_WRITE(sc, IWN_PRPH_WDATA, data);
1010 static __inline void
1011 iwn_prph_setbits(struct iwn_softc *sc, uint32_t addr, uint32_t mask)
1013 iwn_prph_write(sc, addr, iwn_prph_read(sc, addr) | mask);
1016 static __inline void
1017 iwn_prph_clrbits(struct iwn_softc *sc, uint32_t addr, uint32_t mask)
1019 iwn_prph_write(sc, addr, iwn_prph_read(sc, addr) & ~mask);
1022 static __inline void
1023 iwn_prph_write_region_4(struct iwn_softc *sc, uint32_t addr,
1024 const uint32_t *data, int count)
1026 for (; count > 0; count--, data++, addr += 4)
1027 iwn_prph_write(sc, addr, *data);
1030 static __inline uint32_t
1031 iwn_mem_read(struct iwn_softc *sc, uint32_t addr)
1033 IWN_WRITE(sc, IWN_MEM_RADDR, addr);
1034 IWN_BARRIER_READ_WRITE(sc);
1035 return IWN_READ(sc, IWN_MEM_RDATA);
1038 static __inline void
1039 iwn_mem_write(struct iwn_softc *sc, uint32_t addr, uint32_t data)
1041 IWN_WRITE(sc, IWN_MEM_WADDR, addr);
1042 IWN_BARRIER_WRITE(sc);
1043 IWN_WRITE(sc, IWN_MEM_WDATA, data);
1046 static __inline void
1047 iwn_mem_write_2(struct iwn_softc *sc, uint32_t addr, uint16_t data)
1051 tmp = iwn_mem_read(sc, addr & ~3);
1053 tmp = (tmp & 0x0000ffff) | data << 16;
1055 tmp = (tmp & 0xffff0000) | data;
1056 iwn_mem_write(sc, addr & ~3, tmp);
1059 static __inline void
1060 iwn_mem_read_region_4(struct iwn_softc *sc, uint32_t addr, uint32_t *data,
1063 for (; count > 0; count--, addr += 4)
1064 *data++ = iwn_mem_read(sc, addr);
1067 static __inline void
1068 iwn_mem_set_region_4(struct iwn_softc *sc, uint32_t addr, uint32_t val,
1071 for (; count > 0; count--, addr += 4)
1072 iwn_mem_write(sc, addr, val);
1076 iwn_eeprom_lock(struct iwn_softc *sc)
1080 for (i = 0; i < 100; i++) {
1081 /* Request exclusive access to EEPROM. */
1082 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
1083 IWN_HW_IF_CONFIG_EEPROM_LOCKED);
1085 /* Spin until we actually get the lock. */
1086 for (ntries = 0; ntries < 100; ntries++) {
1087 if (IWN_READ(sc, IWN_HW_IF_CONFIG) &
1088 IWN_HW_IF_CONFIG_EEPROM_LOCKED)
1096 static __inline void
1097 iwn_eeprom_unlock(struct iwn_softc *sc)
1099 IWN_CLRBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_EEPROM_LOCKED);
1103 * Initialize access by host to One Time Programmable ROM.
1104 * NB: This kind of ROM can be found on 1000 or 6000 Series only.
1107 iwn_init_otprom(struct iwn_softc *sc)
1109 uint16_t prev, base, next;
1112 /* Wait for clock stabilization before accessing prph. */
1113 if ((error = iwn_clock_wait(sc)) != 0)
1116 if ((error = iwn_nic_lock(sc)) != 0)
1118 iwn_prph_setbits(sc, IWN_APMG_PS, IWN_APMG_PS_RESET_REQ);
1120 iwn_prph_clrbits(sc, IWN_APMG_PS, IWN_APMG_PS_RESET_REQ);
1123 /* Set auto clock gate disable bit for HW with OTP shadow RAM. */
1124 if (sc->hw_type != IWN_HW_REV_TYPE_1000) {
1125 IWN_SETBITS(sc, IWN_DBG_LINK_PWR_MGMT,
1126 IWN_RESET_LINK_PWR_MGMT_DIS);
1128 IWN_CLRBITS(sc, IWN_EEPROM_GP, IWN_EEPROM_GP_IF_OWNER);
1129 /* Clear ECC status. */
1130 IWN_SETBITS(sc, IWN_OTP_GP,
1131 IWN_OTP_GP_ECC_CORR_STTS | IWN_OTP_GP_ECC_UNCORR_STTS);
1134 * Find the block before last block (contains the EEPROM image)
1135 * for HW without OTP shadow RAM.
1137 if (sc->hw_type == IWN_HW_REV_TYPE_1000) {
1138 /* Switch to absolute addressing mode. */
1139 IWN_CLRBITS(sc, IWN_OTP_GP, IWN_OTP_GP_RELATIVE_ACCESS);
1141 for (count = 0; count < IWN1000_OTP_NBLOCKS; count++) {
1142 error = iwn_read_prom_data(sc, base, &next, 2);
1145 if (next == 0) /* End of linked-list. */
1148 base = le16toh(next);
1150 if (count == 0 || count == IWN1000_OTP_NBLOCKS)
1152 /* Skip "next" word. */
1153 sc->prom_base = prev + 1;
1159 iwn_read_prom_data(struct iwn_softc *sc, uint32_t addr, void *data, int count)
1161 uint8_t *out = data;
1165 addr += sc->prom_base;
1166 for (; count > 0; count -= 2, addr++) {
1167 IWN_WRITE(sc, IWN_EEPROM, addr << 2);
1168 for (ntries = 0; ntries < 10; ntries++) {
1169 val = IWN_READ(sc, IWN_EEPROM);
1170 if (val & IWN_EEPROM_READ_VALID)
1175 device_printf(sc->sc_dev,
1176 "timeout reading ROM at 0x%x\n", addr);
1179 if (sc->sc_flags & IWN_FLAG_HAS_OTPROM) {
1180 /* OTPROM, check for ECC errors. */
1181 tmp = IWN_READ(sc, IWN_OTP_GP);
1182 if (tmp & IWN_OTP_GP_ECC_UNCORR_STTS) {
1183 device_printf(sc->sc_dev,
1184 "OTPROM ECC error at 0x%x\n", addr);
1187 if (tmp & IWN_OTP_GP_ECC_CORR_STTS) {
1188 /* Correctable ECC error, clear bit. */
1189 IWN_SETBITS(sc, IWN_OTP_GP,
1190 IWN_OTP_GP_ECC_CORR_STTS);
1201 iwn_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error)
1205 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs));
1206 *(bus_addr_t *)arg = segs[0].ds_addr;
1210 iwn_dma_contig_alloc(struct iwn_softc *sc, struct iwn_dma_info *dma,
1211 void **kvap, bus_size_t size, bus_size_t alignment)
1218 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment,
1219 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size,
1220 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag);
1224 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr,
1225 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map);
1229 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size,
1230 iwn_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT);
1234 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
1241 fail: iwn_dma_contig_free(dma);
1246 iwn_dma_contig_free(struct iwn_dma_info *dma)
1248 if (dma->map != NULL) {
1249 if (dma->vaddr != NULL) {
1250 bus_dmamap_sync(dma->tag, dma->map,
1251 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
1252 bus_dmamap_unload(dma->tag, dma->map);
1253 bus_dmamem_free(dma->tag, &dma->vaddr, dma->map);
1256 bus_dmamap_destroy(dma->tag, dma->map);
1259 if (dma->tag != NULL) {
1260 bus_dma_tag_destroy(dma->tag);
1266 iwn_alloc_sched(struct iwn_softc *sc)
1268 /* TX scheduler rings must be aligned on a 1KB boundary. */
1269 return iwn_dma_contig_alloc(sc, &sc->sched_dma, (void **)&sc->sched,
1274 iwn_free_sched(struct iwn_softc *sc)
1276 iwn_dma_contig_free(&sc->sched_dma);
1280 iwn_alloc_kw(struct iwn_softc *sc)
1282 /* "Keep Warm" page must be aligned on a 4KB boundary. */
1283 return iwn_dma_contig_alloc(sc, &sc->kw_dma, NULL, 4096, 4096);
1287 iwn_free_kw(struct iwn_softc *sc)
1289 iwn_dma_contig_free(&sc->kw_dma);
1293 iwn_alloc_ict(struct iwn_softc *sc)
1295 /* ICT table must be aligned on a 4KB boundary. */
1296 return iwn_dma_contig_alloc(sc, &sc->ict_dma, (void **)&sc->ict,
1297 IWN_ICT_SIZE, 4096);
1301 iwn_free_ict(struct iwn_softc *sc)
1303 iwn_dma_contig_free(&sc->ict_dma);
1307 iwn_alloc_fwmem(struct iwn_softc *sc)
1309 /* Must be aligned on a 16-byte boundary. */
1310 return iwn_dma_contig_alloc(sc, &sc->fw_dma, NULL, sc->fwsz, 16);
1314 iwn_free_fwmem(struct iwn_softc *sc)
1316 iwn_dma_contig_free(&sc->fw_dma);
1320 iwn_alloc_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring)
1327 /* Allocate RX descriptors (256-byte aligned). */
1328 size = IWN_RX_RING_COUNT * sizeof (uint32_t);
1329 error = iwn_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc,
1332 device_printf(sc->sc_dev,
1333 "%s: could not allocate RX ring DMA memory, error %d\n",
1338 /* Allocate RX status area (16-byte aligned). */
1339 error = iwn_dma_contig_alloc(sc, &ring->stat_dma, (void **)&ring->stat,
1340 sizeof (struct iwn_rx_status), 16);
1342 device_printf(sc->sc_dev,
1343 "%s: could not allocate RX status DMA memory, error %d\n",
1348 /* Create RX buffer DMA tag. */
1349 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
1350 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
1351 IWN_RBUF_SIZE, 1, IWN_RBUF_SIZE, BUS_DMA_NOWAIT, NULL, NULL,
1354 device_printf(sc->sc_dev,
1355 "%s: could not create RX buf DMA tag, error %d\n",
1361 * Allocate and map RX buffers.
1363 for (i = 0; i < IWN_RX_RING_COUNT; i++) {
1364 struct iwn_rx_data *data = &ring->data[i];
1367 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1369 device_printf(sc->sc_dev,
1370 "%s: could not create RX buf DMA map, error %d\n",
1375 data->m = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR,
1377 if (data->m == NULL) {
1378 device_printf(sc->sc_dev,
1379 "%s: could not allocate RX mbuf\n", __func__);
1384 error = bus_dmamap_load(ring->data_dmat, data->map,
1385 mtod(data->m, void *), IWN_RBUF_SIZE, iwn_dma_map_addr,
1386 &paddr, BUS_DMA_NOWAIT);
1387 if (error != 0 && error != EFBIG) {
1388 device_printf(sc->sc_dev,
1389 "%s: can't not map mbuf, error %d\n", __func__,
1394 /* Set physical address of RX buffer (256-byte aligned). */
1395 ring->desc[i] = htole32(paddr >> 8);
1398 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1399 BUS_DMASYNC_PREWRITE);
1403 fail: iwn_free_rx_ring(sc, ring);
1408 iwn_reset_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring)
1412 if (iwn_nic_lock(sc) == 0) {
1413 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 0);
1414 for (ntries = 0; ntries < 1000; ntries++) {
1415 if (IWN_READ(sc, IWN_FH_RX_STATUS) &
1416 IWN_FH_RX_STATUS_IDLE)
1423 sc->last_rx_valid = 0;
1427 iwn_free_rx_ring(struct iwn_softc *sc, struct iwn_rx_ring *ring)
1431 iwn_dma_contig_free(&ring->desc_dma);
1432 iwn_dma_contig_free(&ring->stat_dma);
1434 for (i = 0; i < IWN_RX_RING_COUNT; i++) {
1435 struct iwn_rx_data *data = &ring->data[i];
1437 if (data->m != NULL) {
1438 bus_dmamap_sync(ring->data_dmat, data->map,
1439 BUS_DMASYNC_POSTREAD);
1440 bus_dmamap_unload(ring->data_dmat, data->map);
1444 if (data->map != NULL)
1445 bus_dmamap_destroy(ring->data_dmat, data->map);
1447 if (ring->data_dmat != NULL) {
1448 bus_dma_tag_destroy(ring->data_dmat);
1449 ring->data_dmat = NULL;
1454 iwn_alloc_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring, int qid)
1464 /* Allocate TX descriptors (256-byte aligned). */
1465 size = IWN_TX_RING_COUNT * sizeof (struct iwn_tx_desc);
1466 error = iwn_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc,
1469 device_printf(sc->sc_dev,
1470 "%s: could not allocate TX ring DMA memory, error %d\n",
1475 size = IWN_TX_RING_COUNT * sizeof (struct iwn_tx_cmd);
1476 error = iwn_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd,
1479 device_printf(sc->sc_dev,
1480 "%s: could not allocate TX cmd DMA memory, error %d\n",
1485 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
1486 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
1487 IWN_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL,
1490 device_printf(sc->sc_dev,
1491 "%s: could not create TX buf DMA tag, error %d\n",
1496 paddr = ring->cmd_dma.paddr;
1497 for (i = 0; i < IWN_TX_RING_COUNT; i++) {
1498 struct iwn_tx_data *data = &ring->data[i];
1500 data->cmd_paddr = paddr;
1501 data->scratch_paddr = paddr + 12;
1502 paddr += sizeof (struct iwn_tx_cmd);
1504 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1506 device_printf(sc->sc_dev,
1507 "%s: could not create TX buf DMA map, error %d\n",
1514 fail: iwn_free_tx_ring(sc, ring);
1519 iwn_reset_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring)
1523 for (i = 0; i < IWN_TX_RING_COUNT; i++) {
1524 struct iwn_tx_data *data = &ring->data[i];
1526 if (data->m != NULL) {
1527 bus_dmamap_sync(ring->data_dmat, data->map,
1528 BUS_DMASYNC_POSTWRITE);
1529 bus_dmamap_unload(ring->data_dmat, data->map);
1534 /* Clear TX descriptors. */
1535 memset(ring->desc, 0, ring->desc_dma.size);
1536 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1537 BUS_DMASYNC_PREWRITE);
1538 sc->qfullmsk &= ~(1 << ring->qid);
1544 iwn_free_tx_ring(struct iwn_softc *sc, struct iwn_tx_ring *ring)
1548 iwn_dma_contig_free(&ring->desc_dma);
1549 iwn_dma_contig_free(&ring->cmd_dma);
1551 for (i = 0; i < IWN_TX_RING_COUNT; i++) {
1552 struct iwn_tx_data *data = &ring->data[i];
1554 if (data->m != NULL) {
1555 bus_dmamap_sync(ring->data_dmat, data->map,
1556 BUS_DMASYNC_POSTWRITE);
1557 bus_dmamap_unload(ring->data_dmat, data->map);
1560 if (data->map != NULL)
1561 bus_dmamap_destroy(ring->data_dmat, data->map);
1563 if (ring->data_dmat != NULL) {
1564 bus_dma_tag_destroy(ring->data_dmat);
1565 ring->data_dmat = NULL;
1570 iwn5000_ict_reset(struct iwn_softc *sc)
1572 /* Disable interrupts. */
1573 IWN_WRITE(sc, IWN_INT_MASK, 0);
1575 /* Reset ICT table. */
1576 memset(sc->ict, 0, IWN_ICT_SIZE);
1579 /* Set physical address of ICT table (4KB aligned). */
1580 DPRINTF(sc, IWN_DEBUG_RESET, "%s: enabling ICT\n", __func__);
1581 IWN_WRITE(sc, IWN_DRAM_INT_TBL, IWN_DRAM_INT_TBL_ENABLE |
1582 IWN_DRAM_INT_TBL_WRAP_CHECK | sc->ict_dma.paddr >> 12);
1584 /* Enable periodic RX interrupt. */
1585 sc->int_mask |= IWN_INT_RX_PERIODIC;
1586 /* Switch to ICT interrupt mode in driver. */
1587 sc->sc_flags |= IWN_FLAG_USE_ICT;
1589 /* Re-enable interrupts. */
1590 IWN_WRITE(sc, IWN_INT, 0xffffffff);
1591 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
1595 iwn_read_eeprom(struct iwn_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN])
1597 struct iwn_ops *ops = &sc->ops;
1601 /* Check whether adapter has an EEPROM or an OTPROM. */
1602 if (sc->hw_type >= IWN_HW_REV_TYPE_1000 &&
1603 (IWN_READ(sc, IWN_OTP_GP) & IWN_OTP_GP_DEV_SEL_OTP))
1604 sc->sc_flags |= IWN_FLAG_HAS_OTPROM;
1605 DPRINTF(sc, IWN_DEBUG_RESET, "%s found\n",
1606 (sc->sc_flags & IWN_FLAG_HAS_OTPROM) ? "OTPROM" : "EEPROM");
1608 /* Adapter has to be powered on for EEPROM access to work. */
1609 if ((error = iwn_apm_init(sc)) != 0) {
1610 device_printf(sc->sc_dev,
1611 "%s: could not power ON adapter, error %d\n", __func__,
1616 if ((IWN_READ(sc, IWN_EEPROM_GP) & 0x7) == 0) {
1617 device_printf(sc->sc_dev, "%s: bad ROM signature\n", __func__);
1620 if ((error = iwn_eeprom_lock(sc)) != 0) {
1621 device_printf(sc->sc_dev, "%s: could not lock ROM, error %d\n",
1625 if (sc->sc_flags & IWN_FLAG_HAS_OTPROM) {
1626 if ((error = iwn_init_otprom(sc)) != 0) {
1627 device_printf(sc->sc_dev,
1628 "%s: could not initialize OTPROM, error %d\n",
1634 iwn_read_prom_data(sc, IWN_EEPROM_SKU_CAP, &val, 2);
1635 DPRINTF(sc, IWN_DEBUG_RESET, "SKU capabilities=0x%04x\n", le16toh(val));
1636 /* Check if HT support is bonded out. */
1637 if (val & htole16(IWN_EEPROM_SKU_CAP_11N))
1638 sc->sc_flags |= IWN_FLAG_HAS_11N;
1640 iwn_read_prom_data(sc, IWN_EEPROM_RFCFG, &val, 2);
1641 sc->rfcfg = le16toh(val);
1642 DPRINTF(sc, IWN_DEBUG_RESET, "radio config=0x%04x\n", sc->rfcfg);
1643 /* Read Tx/Rx chains from ROM unless it's known to be broken. */
1644 if (sc->txchainmask == 0)
1645 sc->txchainmask = IWN_RFCFG_TXANTMSK(sc->rfcfg);
1646 if (sc->rxchainmask == 0)
1647 sc->rxchainmask = IWN_RFCFG_RXANTMSK(sc->rfcfg);
1649 /* Read MAC address. */
1650 iwn_read_prom_data(sc, IWN_EEPROM_MAC, macaddr, 6);
1652 /* Read adapter-specific information from EEPROM. */
1653 ops->read_eeprom(sc);
1655 iwn_apm_stop(sc); /* Power OFF adapter. */
1657 iwn_eeprom_unlock(sc);
1662 iwn4965_read_eeprom(struct iwn_softc *sc)
1668 /* Read regulatory domain (4 ASCII characters). */
1669 iwn_read_prom_data(sc, IWN4965_EEPROM_DOMAIN, sc->eeprom_domain, 4);
1671 /* Read the list of authorized channels (20MHz ones only). */
1672 for (i = 0; i < 7; i++) {
1673 addr = iwn4965_regulatory_bands[i];
1674 iwn_read_eeprom_channels(sc, i, addr);
1677 /* Read maximum allowed TX power for 2GHz and 5GHz bands. */
1678 iwn_read_prom_data(sc, IWN4965_EEPROM_MAXPOW, &val, 2);
1679 sc->maxpwr2GHz = val & 0xff;
1680 sc->maxpwr5GHz = val >> 8;
1681 /* Check that EEPROM values are within valid range. */
1682 if (sc->maxpwr5GHz < 20 || sc->maxpwr5GHz > 50)
1683 sc->maxpwr5GHz = 38;
1684 if (sc->maxpwr2GHz < 20 || sc->maxpwr2GHz > 50)
1685 sc->maxpwr2GHz = 38;
1686 DPRINTF(sc, IWN_DEBUG_RESET, "maxpwr 2GHz=%d 5GHz=%d\n",
1687 sc->maxpwr2GHz, sc->maxpwr5GHz);
1689 /* Read samples for each TX power group. */
1690 iwn_read_prom_data(sc, IWN4965_EEPROM_BANDS, sc->bands,
1693 /* Read voltage at which samples were taken. */
1694 iwn_read_prom_data(sc, IWN4965_EEPROM_VOLTAGE, &val, 2);
1695 sc->eeprom_voltage = (int16_t)le16toh(val);
1696 DPRINTF(sc, IWN_DEBUG_RESET, "voltage=%d (in 0.3V)\n",
1697 sc->eeprom_voltage);
1700 /* Print samples. */
1701 if (sc->sc_debug & IWN_DEBUG_ANY) {
1702 for (i = 0; i < IWN_NBANDS; i++)
1703 iwn4965_print_power_group(sc, i);
1710 iwn4965_print_power_group(struct iwn_softc *sc, int i)
1712 struct iwn4965_eeprom_band *band = &sc->bands[i];
1713 struct iwn4965_eeprom_chan_samples *chans = band->chans;
1716 printf("===band %d===\n", i);
1717 printf("chan lo=%d, chan hi=%d\n", band->lo, band->hi);
1718 printf("chan1 num=%d\n", chans[0].num);
1719 for (c = 0; c < 2; c++) {
1720 for (j = 0; j < IWN_NSAMPLES; j++) {
1721 printf("chain %d, sample %d: temp=%d gain=%d "
1722 "power=%d pa_det=%d\n", c, j,
1723 chans[0].samples[c][j].temp,
1724 chans[0].samples[c][j].gain,
1725 chans[0].samples[c][j].power,
1726 chans[0].samples[c][j].pa_det);
1729 printf("chan2 num=%d\n", chans[1].num);
1730 for (c = 0; c < 2; c++) {
1731 for (j = 0; j < IWN_NSAMPLES; j++) {
1732 printf("chain %d, sample %d: temp=%d gain=%d "
1733 "power=%d pa_det=%d\n", c, j,
1734 chans[1].samples[c][j].temp,
1735 chans[1].samples[c][j].gain,
1736 chans[1].samples[c][j].power,
1737 chans[1].samples[c][j].pa_det);
1744 iwn5000_read_eeprom(struct iwn_softc *sc)
1746 struct iwn5000_eeprom_calib_hdr hdr;
1748 uint32_t base, addr;
1752 /* Read regulatory domain (4 ASCII characters). */
1753 iwn_read_prom_data(sc, IWN5000_EEPROM_REG, &val, 2);
1754 base = le16toh(val);
1755 iwn_read_prom_data(sc, base + IWN5000_EEPROM_DOMAIN,
1756 sc->eeprom_domain, 4);
1758 /* Read the list of authorized channels (20MHz ones only). */
1759 for (i = 0; i < 7; i++) {
1760 if (sc->hw_type >= IWN_HW_REV_TYPE_6000)
1761 addr = base + iwn6000_regulatory_bands[i];
1763 addr = base + iwn5000_regulatory_bands[i];
1764 iwn_read_eeprom_channels(sc, i, addr);
1767 /* Read enhanced TX power information for 6000 Series. */
1768 if (sc->hw_type >= IWN_HW_REV_TYPE_6000)
1769 iwn_read_eeprom_enhinfo(sc);
1771 iwn_read_prom_data(sc, IWN5000_EEPROM_CAL, &val, 2);
1772 base = le16toh(val);
1773 iwn_read_prom_data(sc, base, &hdr, sizeof hdr);
1774 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
1775 "%s: calib version=%u pa type=%u voltage=%u\n", __func__,
1776 hdr.version, hdr.pa_type, le16toh(hdr.volt));
1777 sc->calib_ver = hdr.version;
1779 if (sc->hw_type == IWN_HW_REV_TYPE_5150) {
1780 /* Compute temperature offset. */
1781 iwn_read_prom_data(sc, base + IWN5000_EEPROM_TEMP, &val, 2);
1782 sc->eeprom_temp = le16toh(val);
1783 iwn_read_prom_data(sc, base + IWN5000_EEPROM_VOLT, &val, 2);
1784 volt = le16toh(val);
1785 sc->temp_off = sc->eeprom_temp - (volt / -5);
1786 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "temp=%d volt=%d offset=%dK\n",
1787 sc->eeprom_temp, volt, sc->temp_off);
1789 /* Read crystal calibration. */
1790 iwn_read_prom_data(sc, base + IWN5000_EEPROM_CRYSTAL,
1791 &sc->eeprom_crystal, sizeof (uint32_t));
1792 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "crystal calibration 0x%08x\n",
1793 le32toh(sc->eeprom_crystal));
1798 * Translate EEPROM flags to net80211.
1801 iwn_eeprom_channel_flags(struct iwn_eeprom_chan *channel)
1806 if ((channel->flags & IWN_EEPROM_CHAN_ACTIVE) == 0)
1807 nflags |= IEEE80211_CHAN_PASSIVE;
1808 if ((channel->flags & IWN_EEPROM_CHAN_IBSS) == 0)
1809 nflags |= IEEE80211_CHAN_NOADHOC;
1810 if (channel->flags & IWN_EEPROM_CHAN_RADAR) {
1811 nflags |= IEEE80211_CHAN_DFS;
1812 /* XXX apparently IBSS may still be marked */
1813 nflags |= IEEE80211_CHAN_NOADHOC;
1820 iwn_read_eeprom_band(struct iwn_softc *sc, int n)
1822 struct ifnet *ifp = sc->sc_ifp;
1823 struct ieee80211com *ic = ifp->if_l2com;
1824 struct iwn_eeprom_chan *channels = sc->eeprom_channels[n];
1825 const struct iwn_chan_band *band = &iwn_bands[n];
1826 struct ieee80211_channel *c;
1830 for (i = 0; i < band->nchan; i++) {
1831 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) {
1832 DPRINTF(sc, IWN_DEBUG_RESET,
1833 "skip chan %d flags 0x%x maxpwr %d\n",
1834 band->chan[i], channels[i].flags,
1835 channels[i].maxpwr);
1838 chan = band->chan[i];
1839 nflags = iwn_eeprom_channel_flags(&channels[i]);
1841 c = &ic->ic_channels[ic->ic_nchans++];
1843 c->ic_maxregpower = channels[i].maxpwr;
1844 c->ic_maxpower = 2*c->ic_maxregpower;
1846 if (n == 0) { /* 2GHz band */
1847 c->ic_freq = ieee80211_ieee2mhz(chan, IEEE80211_CHAN_G);
1848 /* G =>'s B is supported */
1849 c->ic_flags = IEEE80211_CHAN_B | nflags;
1850 c = &ic->ic_channels[ic->ic_nchans++];
1852 c->ic_flags = IEEE80211_CHAN_G | nflags;
1853 } else { /* 5GHz band */
1854 c->ic_freq = ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A);
1855 c->ic_flags = IEEE80211_CHAN_A | nflags;
1858 /* Save maximum allowed TX power for this channel. */
1859 sc->maxpwr[chan] = channels[i].maxpwr;
1861 DPRINTF(sc, IWN_DEBUG_RESET,
1862 "add chan %d flags 0x%x maxpwr %d\n", chan,
1863 channels[i].flags, channels[i].maxpwr);
1865 if (sc->sc_flags & IWN_FLAG_HAS_11N) {
1866 /* add HT20, HT40 added separately */
1867 c = &ic->ic_channels[ic->ic_nchans++];
1869 c->ic_flags |= IEEE80211_CHAN_HT20;
1875 iwn_read_eeprom_ht40(struct iwn_softc *sc, int n)
1877 struct ifnet *ifp = sc->sc_ifp;
1878 struct ieee80211com *ic = ifp->if_l2com;
1879 struct iwn_eeprom_chan *channels = sc->eeprom_channels[n];
1880 const struct iwn_chan_band *band = &iwn_bands[n];
1881 struct ieee80211_channel *c, *cent, *extc;
1885 if (!(sc->sc_flags & IWN_FLAG_HAS_11N))
1888 for (i = 0; i < band->nchan; i++) {
1889 if (!(channels[i].flags & IWN_EEPROM_CHAN_VALID)) {
1890 DPRINTF(sc, IWN_DEBUG_RESET,
1891 "skip chan %d flags 0x%x maxpwr %d\n",
1892 band->chan[i], channels[i].flags,
1893 channels[i].maxpwr);
1896 chan = band->chan[i];
1897 nflags = iwn_eeprom_channel_flags(&channels[i]);
1900 * Each entry defines an HT40 channel pair; find the
1901 * center channel, then the extension channel above.
1903 cent = ieee80211_find_channel_byieee(ic, chan,
1904 (n == 5 ? IEEE80211_CHAN_G : IEEE80211_CHAN_A));
1905 if (cent == NULL) { /* XXX shouldn't happen */
1906 device_printf(sc->sc_dev,
1907 "%s: no entry for channel %d\n", __func__, chan);
1910 extc = ieee80211_find_channel(ic, cent->ic_freq+20,
1911 (n == 5 ? IEEE80211_CHAN_G : IEEE80211_CHAN_A));
1913 DPRINTF(sc, IWN_DEBUG_RESET,
1914 "%s: skip chan %d, extension channel not found\n",
1919 DPRINTF(sc, IWN_DEBUG_RESET,
1920 "add ht40 chan %d flags 0x%x maxpwr %d\n",
1921 chan, channels[i].flags, channels[i].maxpwr);
1923 c = &ic->ic_channels[ic->ic_nchans++];
1925 c->ic_extieee = extc->ic_ieee;
1926 c->ic_flags &= ~IEEE80211_CHAN_HT;
1927 c->ic_flags |= IEEE80211_CHAN_HT40U | nflags;
1928 c = &ic->ic_channels[ic->ic_nchans++];
1930 c->ic_extieee = cent->ic_ieee;
1931 c->ic_flags &= ~IEEE80211_CHAN_HT;
1932 c->ic_flags |= IEEE80211_CHAN_HT40D | nflags;
1937 iwn_read_eeprom_channels(struct iwn_softc *sc, int n, uint32_t addr)
1939 struct ifnet *ifp = sc->sc_ifp;
1940 struct ieee80211com *ic = ifp->if_l2com;
1942 iwn_read_prom_data(sc, addr, &sc->eeprom_channels[n],
1943 iwn_bands[n].nchan * sizeof (struct iwn_eeprom_chan));
1946 iwn_read_eeprom_band(sc, n);
1948 iwn_read_eeprom_ht40(sc, n);
1949 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans);
1952 static struct iwn_eeprom_chan *
1953 iwn_find_eeprom_channel(struct iwn_softc *sc, struct ieee80211_channel *c)
1955 int band, chan, i, j;
1957 if (IEEE80211_IS_CHAN_HT40(c)) {
1958 band = IEEE80211_IS_CHAN_5GHZ(c) ? 6 : 5;
1959 if (IEEE80211_IS_CHAN_HT40D(c))
1960 chan = c->ic_extieee;
1963 for (i = 0; i < iwn_bands[band].nchan; i++) {
1964 if (iwn_bands[band].chan[i] == chan)
1965 return &sc->eeprom_channels[band][i];
1968 for (j = 0; j < 5; j++) {
1969 for (i = 0; i < iwn_bands[j].nchan; i++) {
1970 if (iwn_bands[j].chan[i] == c->ic_ieee)
1971 return &sc->eeprom_channels[j][i];
1979 * Enforce flags read from EEPROM.
1982 iwn_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd,
1983 int nchan, struct ieee80211_channel chans[])
1985 struct iwn_softc *sc = ic->ic_ifp->if_softc;
1988 for (i = 0; i < nchan; i++) {
1989 struct ieee80211_channel *c = &chans[i];
1990 struct iwn_eeprom_chan *channel;
1992 channel = iwn_find_eeprom_channel(sc, c);
1993 if (channel == NULL) {
1994 if_printf(ic->ic_ifp,
1995 "%s: invalid channel %u freq %u/0x%x\n",
1996 __func__, c->ic_ieee, c->ic_freq, c->ic_flags);
1999 c->ic_flags |= iwn_eeprom_channel_flags(channel);
2005 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
2008 iwn_read_eeprom_enhinfo(struct iwn_softc *sc)
2010 struct iwn_eeprom_enhinfo enhinfo[35];
2011 struct ifnet *ifp = sc->sc_ifp;
2012 struct ieee80211com *ic = ifp->if_l2com;
2013 struct ieee80211_channel *c;
2019 iwn_read_prom_data(sc, IWN5000_EEPROM_REG, &val, 2);
2020 base = le16toh(val);
2021 iwn_read_prom_data(sc, base + IWN6000_EEPROM_ENHINFO,
2022 enhinfo, sizeof enhinfo);
2024 for (i = 0; i < nitems(enhinfo); i++) {
2025 flags = enhinfo[i].flags;
2026 if (!(flags & IWN_ENHINFO_VALID))
2027 continue; /* Skip invalid entries. */
2030 if (sc->txchainmask & IWN_ANT_A)
2031 maxpwr = MAX(maxpwr, enhinfo[i].chain[0]);
2032 if (sc->txchainmask & IWN_ANT_B)
2033 maxpwr = MAX(maxpwr, enhinfo[i].chain[1]);
2034 if (sc->txchainmask & IWN_ANT_C)
2035 maxpwr = MAX(maxpwr, enhinfo[i].chain[2]);
2036 if (sc->ntxchains == 2)
2037 maxpwr = MAX(maxpwr, enhinfo[i].mimo2);
2038 else if (sc->ntxchains == 3)
2039 maxpwr = MAX(maxpwr, enhinfo[i].mimo3);
2041 for (j = 0; j < ic->ic_nchans; j++) {
2042 c = &ic->ic_channels[j];
2043 if ((flags & IWN_ENHINFO_5GHZ)) {
2044 if (!IEEE80211_IS_CHAN_A(c))
2046 } else if ((flags & IWN_ENHINFO_OFDM)) {
2047 if (!IEEE80211_IS_CHAN_G(c))
2049 } else if (!IEEE80211_IS_CHAN_B(c))
2051 if ((flags & IWN_ENHINFO_HT40)) {
2052 if (!IEEE80211_IS_CHAN_HT40(c))
2055 if (IEEE80211_IS_CHAN_HT40(c))
2058 if (enhinfo[i].chan != 0 &&
2059 enhinfo[i].chan != c->ic_ieee)
2062 DPRINTF(sc, IWN_DEBUG_RESET,
2063 "channel %d(%x), maxpwr %d\n", c->ic_ieee,
2064 c->ic_flags, maxpwr / 2);
2065 c->ic_maxregpower = maxpwr / 2;
2066 c->ic_maxpower = maxpwr;
2071 static struct ieee80211_node *
2072 iwn_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2074 return malloc(sizeof (struct iwn_node), M_80211_NODE,M_NOWAIT | M_ZERO);
2080 switch (rate & 0xff) {
2081 case 12: return 0xd;
2082 case 18: return 0xf;
2083 case 24: return 0x5;
2084 case 36: return 0x7;
2085 case 48: return 0x9;
2086 case 72: return 0xb;
2087 case 96: return 0x1;
2088 case 108: return 0x3;
2092 case 22: return 110;
2098 iwn_newassoc(struct ieee80211_node *ni, int isnew)
2100 #define RV(v) ((v) & IEEE80211_RATE_VAL)
2101 struct ieee80211com *ic = ni->ni_ic;
2102 struct iwn_softc *sc = ic->ic_ifp->if_softc;
2103 struct iwn_node *wn = (void *)ni;
2104 uint8_t txant1, txant2;
2105 int i, plcp, rate, ridx;
2107 /* Use the first valid TX antenna. */
2108 txant1 = IWN_LSB(sc->txchainmask);
2109 txant2 = IWN_LSB(sc->txchainmask & ~txant1);
2111 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
2112 ridx = ni->ni_rates.rs_nrates - 1;
2113 for (i = ni->ni_htrates.rs_nrates - 1; i >= 0; i--) {
2114 plcp = RV(ni->ni_htrates.rs_rates[i]) | IWN_RFLAG_MCS;
2115 if (IEEE80211_IS_CHAN_HT40(ni->ni_chan)) {
2116 plcp |= IWN_RFLAG_HT40;
2117 if (ni->ni_htcap & IEEE80211_HTCAP_SHORTGI40)
2118 plcp |= IWN_RFLAG_SGI;
2119 } else if (ni->ni_htcap & IEEE80211_HTCAP_SHORTGI20)
2120 plcp |= IWN_RFLAG_SGI;
2121 if (RV(ni->ni_htrates.rs_rates[i]) > 7)
2122 plcp |= IWN_RFLAG_ANT(txant1 | txant2);
2124 plcp |= IWN_RFLAG_ANT(txant1);
2126 rate = RV(ni->ni_rates.rs_rates[ridx]);
2127 wn->ridx[rate] = plcp;
2129 wn->ridx[IEEE80211_RATE_MCS | i] = plcp;
2133 for (i = 0; i < ni->ni_rates.rs_nrates; i++) {
2134 rate = RV(ni->ni_rates.rs_rates[i]);
2135 plcp = rate2plcp(rate);
2136 ridx = ic->ic_rt->rateCodeToIndex[rate];
2137 if (ridx < IWN_RIDX_OFDM6 &&
2138 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
2139 plcp |= IWN_RFLAG_CCK;
2140 plcp |= IWN_RFLAG_ANT(txant1);
2141 wn->ridx[rate] = htole32(plcp);
2148 iwn_media_change(struct ifnet *ifp)
2152 error = ieee80211_media_change(ifp);
2153 /* NB: only the fixed rate can change and that doesn't need a reset */
2154 return (error == ENETRESET ? 0 : error);
2158 iwn_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2160 struct iwn_vap *ivp = IWN_VAP(vap);
2161 struct ieee80211com *ic = vap->iv_ic;
2162 struct iwn_softc *sc = ic->ic_ifp->if_softc;
2165 DPRINTF(sc, IWN_DEBUG_STATE, "%s: %s -> %s\n", __func__,
2166 ieee80211_state_name[vap->iv_state], ieee80211_state_name[nstate]);
2168 IEEE80211_UNLOCK(ic);
2170 callout_stop(&sc->calib_to);
2173 case IEEE80211_S_ASSOC:
2174 if (vap->iv_state != IEEE80211_S_RUN)
2177 case IEEE80211_S_AUTH:
2178 if (vap->iv_state == IEEE80211_S_AUTH)
2182 * !AUTH -> AUTH transition requires state reset to handle
2183 * reassociations correctly.
2185 sc->rxon.associd = 0;
2186 sc->rxon.filter &= ~htole32(IWN_FILTER_BSS);
2187 sc->calib.state = IWN_CALIB_STATE_INIT;
2189 if ((error = iwn_auth(sc, vap)) != 0) {
2190 device_printf(sc->sc_dev,
2191 "%s: could not move to auth state\n", __func__);
2195 case IEEE80211_S_RUN:
2197 * RUN -> RUN transition; Just restart the timers.
2199 if (vap->iv_state == IEEE80211_S_RUN) {
2205 * !RUN -> RUN requires setting the association id
2206 * which is done with a firmware cmd. We also defer
2207 * starting the timers until that work is done.
2209 if ((error = iwn_run(sc, vap)) != 0) {
2210 device_printf(sc->sc_dev,
2211 "%s: could not move to run state\n", __func__);
2215 case IEEE80211_S_INIT:
2216 sc->calib.state = IWN_CALIB_STATE_INIT;
2226 return ivp->iv_newstate(vap, nstate, arg);
2230 iwn_calib_timeout(void *arg)
2232 struct iwn_softc *sc = arg;
2234 IWN_LOCK_ASSERT(sc);
2236 /* Force automatic TX power calibration every 60 secs. */
2237 if (++sc->calib_cnt >= 120) {
2240 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s\n",
2241 "sending request for statistics");
2242 (void)iwn_cmd(sc, IWN_CMD_GET_STATISTICS, &flags,
2246 callout_reset(&sc->calib_to, msecs_to_ticks(500), iwn_calib_timeout,
2251 * Process an RX_PHY firmware notification. This is usually immediately
2252 * followed by an MPDU_RX_DONE notification.
2255 iwn_rx_phy(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2256 struct iwn_rx_data *data)
2258 struct iwn_rx_stat *stat = (struct iwn_rx_stat *)(desc + 1);
2260 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: received PHY stats\n", __func__);
2261 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2263 /* Save RX statistics, they will be used on MPDU_RX_DONE. */
2264 memcpy(&sc->last_rx_stat, stat, sizeof (*stat));
2265 sc->last_rx_valid = 1;
2269 * Process an RX_DONE (4965AGN only) or MPDU_RX_DONE firmware notification.
2270 * Each MPDU_RX_DONE notification must be preceded by an RX_PHY one.
2273 iwn_rx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2274 struct iwn_rx_data *data)
2276 struct iwn_ops *ops = &sc->ops;
2277 struct ifnet *ifp = sc->sc_ifp;
2278 struct ieee80211com *ic = ifp->if_l2com;
2279 struct iwn_rx_ring *ring = &sc->rxq;
2280 struct ieee80211_frame *wh;
2281 struct ieee80211_node *ni;
2282 struct mbuf *m, *m1;
2283 struct iwn_rx_stat *stat;
2287 int error, len, rssi, nf;
2289 if (desc->type == IWN_MPDU_RX_DONE) {
2290 /* Check for prior RX_PHY notification. */
2291 if (!sc->last_rx_valid) {
2292 DPRINTF(sc, IWN_DEBUG_ANY,
2293 "%s: missing RX_PHY\n", __func__);
2296 stat = &sc->last_rx_stat;
2298 stat = (struct iwn_rx_stat *)(desc + 1);
2300 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2302 if (stat->cfg_phy_len > IWN_STAT_MAXLEN) {
2303 device_printf(sc->sc_dev,
2304 "%s: invalid RX statistic header, len %d\n", __func__,
2308 if (desc->type == IWN_MPDU_RX_DONE) {
2309 struct iwn_rx_mpdu *mpdu = (struct iwn_rx_mpdu *)(desc + 1);
2310 head = (caddr_t)(mpdu + 1);
2311 len = le16toh(mpdu->len);
2313 head = (caddr_t)(stat + 1) + stat->cfg_phy_len;
2314 len = le16toh(stat->len);
2317 flags = le32toh(*(uint32_t *)(head + len));
2319 /* Discard frames with a bad FCS early. */
2320 if ((flags & IWN_RX_NOERROR) != IWN_RX_NOERROR) {
2321 DPRINTF(sc, IWN_DEBUG_RECV, "%s: RX flags error %x\n",
2326 /* Discard frames that are too short. */
2327 if (len < sizeof (*wh)) {
2328 DPRINTF(sc, IWN_DEBUG_RECV, "%s: frame too short: %d\n",
2334 m1 = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, IWN_RBUF_SIZE);
2336 DPRINTF(sc, IWN_DEBUG_ANY, "%s: no mbuf to restock ring\n",
2341 bus_dmamap_unload(ring->data_dmat, data->map);
2343 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *),
2344 IWN_RBUF_SIZE, iwn_dma_map_addr, &paddr, BUS_DMA_NOWAIT);
2345 if (error != 0 && error != EFBIG) {
2346 device_printf(sc->sc_dev,
2347 "%s: bus_dmamap_load failed, error %d\n", __func__, error);
2350 /* Try to reload the old mbuf. */
2351 error = bus_dmamap_load(ring->data_dmat, data->map,
2352 mtod(data->m, void *), IWN_RBUF_SIZE, iwn_dma_map_addr,
2353 &paddr, BUS_DMA_NOWAIT);
2354 if (error != 0 && error != EFBIG) {
2355 panic("%s: could not load old RX mbuf", __func__);
2357 /* Physical address may have changed. */
2358 ring->desc[ring->cur] = htole32(paddr >> 8);
2359 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map,
2360 BUS_DMASYNC_PREWRITE);
2367 /* Update RX descriptor. */
2368 ring->desc[ring->cur] = htole32(paddr >> 8);
2369 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2370 BUS_DMASYNC_PREWRITE);
2372 /* Finalize mbuf. */
2373 m->m_pkthdr.rcvif = ifp;
2375 m->m_pkthdr.len = m->m_len = len;
2377 /* Grab a reference to the source node. */
2378 wh = mtod(m, struct ieee80211_frame *);
2379 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
2380 nf = (ni != NULL && ni->ni_vap->iv_state == IEEE80211_S_RUN &&
2381 (ic->ic_flags & IEEE80211_F_SCAN) == 0) ? sc->noise : -95;
2383 rssi = ops->get_rssi(sc, stat);
2385 if (ieee80211_radiotap_active(ic)) {
2386 struct iwn_rx_radiotap_header *tap = &sc->sc_rxtap;
2389 if (stat->flags & htole16(IWN_STAT_FLAG_SHPREAMBLE))
2390 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2391 tap->wr_dbm_antsignal = (int8_t)rssi;
2392 tap->wr_dbm_antnoise = (int8_t)nf;
2393 tap->wr_tsft = stat->tstamp;
2394 switch (stat->rate) {
2396 case 10: tap->wr_rate = 2; break;
2397 case 20: tap->wr_rate = 4; break;
2398 case 55: tap->wr_rate = 11; break;
2399 case 110: tap->wr_rate = 22; break;
2401 case 0xd: tap->wr_rate = 12; break;
2402 case 0xf: tap->wr_rate = 18; break;
2403 case 0x5: tap->wr_rate = 24; break;
2404 case 0x7: tap->wr_rate = 36; break;
2405 case 0x9: tap->wr_rate = 48; break;
2406 case 0xb: tap->wr_rate = 72; break;
2407 case 0x1: tap->wr_rate = 96; break;
2408 case 0x3: tap->wr_rate = 108; break;
2409 /* Unknown rate: should not happen. */
2410 default: tap->wr_rate = 0;
2416 /* Send the frame to the 802.11 layer. */
2418 if (ni->ni_flags & IEEE80211_NODE_HT)
2419 m->m_flags |= M_AMPDU;
2420 (void)ieee80211_input(ni, m, rssi - nf, nf);
2421 /* Node is no longer needed. */
2422 ieee80211_free_node(ni);
2424 (void)ieee80211_input_all(ic, m, rssi - nf, nf);
2429 /* Process an incoming Compressed BlockAck. */
2431 iwn_rx_compressed_ba(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2432 struct iwn_rx_data *data)
2434 struct ifnet *ifp = sc->sc_ifp;
2435 struct iwn_node *wn;
2436 struct ieee80211_node *ni;
2437 struct iwn_compressed_ba *ba = (struct iwn_compressed_ba *)(desc + 1);
2438 struct iwn_tx_ring *txq;
2439 struct ieee80211_tx_ampdu *tap;
2442 int ackfailcnt = 0, i, shift;
2444 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2446 txq = &sc->txq[le16toh(ba->qid)];
2447 tap = sc->qid2tap[le16toh(ba->qid)];
2452 if (wn->agg[tid].bitmap == 0)
2455 shift = wn->agg[tid].startidx - ((le16toh(ba->seq) >> 4) & 0xff);
2459 if (wn->agg[tid].nframes > (64 - shift))
2462 bitmap = (le64toh(ba->bitmap) >> shift) & wn->agg[tid].bitmap;
2463 for (i = 0; bitmap; i++) {
2464 if ((bitmap & 1) == 0) {
2466 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
2467 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL);
2470 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
2471 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL);
2478 * Process a CALIBRATION_RESULT notification sent by the initialization
2479 * firmware on response to a CMD_CALIB_CONFIG command (5000 only).
2482 iwn5000_rx_calib_results(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2483 struct iwn_rx_data *data)
2485 struct iwn_phy_calib *calib = (struct iwn_phy_calib *)(desc + 1);
2488 /* Runtime firmware should not send such a notification. */
2489 if (sc->sc_flags & IWN_FLAG_CALIB_DONE)
2492 len = (le32toh(desc->len) & 0x3fff) - 4;
2493 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2495 switch (calib->code) {
2496 case IWN5000_PHY_CALIB_DC:
2497 if ((sc->sc_flags & IWN_FLAG_INTERNAL_PA) == 0 &&
2498 (sc->hw_type == IWN_HW_REV_TYPE_5150 ||
2499 sc->hw_type >= IWN_HW_REV_TYPE_6000) &&
2500 sc->hw_type != IWN_HW_REV_TYPE_6050)
2503 case IWN5000_PHY_CALIB_LO:
2506 case IWN5000_PHY_CALIB_TX_IQ:
2509 case IWN5000_PHY_CALIB_TX_IQ_PERIODIC:
2510 if (sc->hw_type < IWN_HW_REV_TYPE_6000 &&
2511 sc->hw_type != IWN_HW_REV_TYPE_5150)
2514 case IWN5000_PHY_CALIB_BASE_BAND:
2518 if (idx == -1) /* Ignore other results. */
2521 /* Save calibration result. */
2522 if (sc->calibcmd[idx].buf != NULL)
2523 free(sc->calibcmd[idx].buf, M_DEVBUF);
2524 sc->calibcmd[idx].buf = malloc(len, M_DEVBUF, M_NOWAIT);
2525 if (sc->calibcmd[idx].buf == NULL) {
2526 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
2527 "not enough memory for calibration result %d\n",
2531 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
2532 "saving calibration result code=%d len=%d\n", calib->code, len);
2533 sc->calibcmd[idx].len = len;
2534 memcpy(sc->calibcmd[idx].buf, calib, len);
2538 * Process an RX_STATISTICS or BEACON_STATISTICS firmware notification.
2539 * The latter is sent by the firmware after each received beacon.
2542 iwn_rx_statistics(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2543 struct iwn_rx_data *data)
2545 struct iwn_ops *ops = &sc->ops;
2546 struct ifnet *ifp = sc->sc_ifp;
2547 struct ieee80211com *ic = ifp->if_l2com;
2548 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2549 struct iwn_calib_state *calib = &sc->calib;
2550 struct iwn_stats *stats = (struct iwn_stats *)(desc + 1);
2553 /* Ignore statistics received during a scan. */
2554 if (vap->iv_state != IEEE80211_S_RUN ||
2555 (ic->ic_flags & IEEE80211_F_SCAN))
2558 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2560 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: received statistics, cmd %d\n",
2561 __func__, desc->type);
2562 sc->calib_cnt = 0; /* Reset TX power calibration timeout. */
2564 /* Test if temperature has changed. */
2565 if (stats->general.temp != sc->rawtemp) {
2566 /* Convert "raw" temperature to degC. */
2567 sc->rawtemp = stats->general.temp;
2568 temp = ops->get_temperature(sc);
2569 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: temperature %d\n",
2572 /* Update TX power if need be (4965AGN only). */
2573 if (sc->hw_type == IWN_HW_REV_TYPE_4965)
2574 iwn4965_power_calibration(sc, temp);
2577 if (desc->type != IWN_BEACON_STATISTICS)
2578 return; /* Reply to a statistics request. */
2580 sc->noise = iwn_get_noise(&stats->rx.general);
2581 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: noise %d\n", __func__, sc->noise);
2583 /* Test that RSSI and noise are present in stats report. */
2584 if (le32toh(stats->rx.general.flags) != 1) {
2585 DPRINTF(sc, IWN_DEBUG_ANY, "%s\n",
2586 "received statistics without RSSI");
2590 if (calib->state == IWN_CALIB_STATE_ASSOC)
2591 iwn_collect_noise(sc, &stats->rx.general);
2592 else if (calib->state == IWN_CALIB_STATE_RUN)
2593 iwn_tune_sensitivity(sc, &stats->rx);
2597 * Process a TX_DONE firmware notification. Unfortunately, the 4965AGN
2598 * and 5000 adapters have different incompatible TX status formats.
2601 iwn4965_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2602 struct iwn_rx_data *data)
2604 struct iwn4965_tx_stat *stat = (struct iwn4965_tx_stat *)(desc + 1);
2605 struct iwn_tx_ring *ring;
2608 qid = desc->qid & 0xf;
2609 ring = &sc->txq[qid];
2611 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: "
2612 "qid %d idx %d retries %d nkill %d rate %x duration %d status %x\n",
2613 __func__, desc->qid, desc->idx, stat->ackfailcnt,
2614 stat->btkillcnt, stat->rate, le16toh(stat->duration),
2615 le32toh(stat->status));
2617 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2618 if (qid >= sc->firstaggqueue) {
2619 iwn_ampdu_tx_done(sc, qid, desc->idx, stat->nframes,
2622 iwn_tx_done(sc, desc, stat->ackfailcnt,
2623 le32toh(stat->status) & 0xff);
2628 iwn5000_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc,
2629 struct iwn_rx_data *data)
2631 struct iwn5000_tx_stat *stat = (struct iwn5000_tx_stat *)(desc + 1);
2632 struct iwn_tx_ring *ring;
2635 qid = desc->qid & 0xf;
2636 ring = &sc->txq[qid];
2638 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: "
2639 "qid %d idx %d retries %d nkill %d rate %x duration %d status %x\n",
2640 __func__, desc->qid, desc->idx, stat->ackfailcnt,
2641 stat->btkillcnt, stat->rate, le16toh(stat->duration),
2642 le32toh(stat->status));
2645 /* Reset TX scheduler slot. */
2646 iwn5000_reset_sched(sc, desc->qid & 0xf, desc->idx);
2649 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2650 if (qid >= sc->firstaggqueue) {
2651 iwn_ampdu_tx_done(sc, qid, desc->idx, stat->nframes,
2654 iwn_tx_done(sc, desc, stat->ackfailcnt,
2655 le16toh(stat->status) & 0xff);
2660 * Adapter-independent backend for TX_DONE firmware notifications.
2663 iwn_tx_done(struct iwn_softc *sc, struct iwn_rx_desc *desc, int ackfailcnt,
2666 struct ifnet *ifp = sc->sc_ifp;
2667 struct iwn_tx_ring *ring = &sc->txq[desc->qid & 0xf];
2668 struct iwn_tx_data *data = &ring->data[desc->idx];
2670 struct ieee80211_node *ni;
2671 struct ieee80211vap *vap;
2673 KASSERT(data->ni != NULL, ("no node"));
2675 /* Unmap and free mbuf. */
2676 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE);
2677 bus_dmamap_unload(ring->data_dmat, data->map);
2678 m = data->m, data->m = NULL;
2679 ni = data->ni, data->ni = NULL;
2682 if (m->m_flags & M_TXCB) {
2684 * Channels marked for "radar" require traffic to be received
2685 * to unlock before we can transmit. Until traffic is seen
2686 * any attempt to transmit is returned immediately with status
2687 * set to IWN_TX_FAIL_TX_LOCKED. Unfortunately this can easily
2688 * happen on first authenticate after scanning. To workaround
2689 * this we ignore a failure of this sort in AUTH state so the
2690 * 802.11 layer will fall back to using a timeout to wait for
2691 * the AUTH reply. This allows the firmware time to see
2692 * traffic so a subsequent retry of AUTH succeeds. It's
2693 * unclear why the firmware does not maintain state for
2694 * channels recently visited as this would allow immediate
2695 * use of the channel after a scan (where we see traffic).
2697 if (status == IWN_TX_FAIL_TX_LOCKED &&
2698 ni->ni_vap->iv_state == IEEE80211_S_AUTH)
2699 ieee80211_process_callback(ni, m, 0);
2701 ieee80211_process_callback(ni, m,
2702 (status & IWN_TX_FAIL) != 0);
2706 * Update rate control statistics for the node.
2708 if (status & IWN_TX_FAIL) {
2710 ieee80211_ratectl_tx_complete(vap, ni,
2711 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL);
2714 ieee80211_ratectl_tx_complete(vap, ni,
2715 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL);
2718 ieee80211_free_node(ni);
2720 sc->sc_tx_timer = 0;
2721 if (--ring->queued < IWN_TX_RING_LOMARK) {
2722 sc->qfullmsk &= ~(1 << ring->qid);
2723 if (sc->qfullmsk == 0 &&
2724 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) {
2725 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2726 iwn_start_locked(ifp);
2732 * Process a "command done" firmware notification. This is where we wakeup
2733 * processes waiting for a synchronous command completion.
2736 iwn_cmd_done(struct iwn_softc *sc, struct iwn_rx_desc *desc)
2738 struct iwn_tx_ring *ring = &sc->txq[4];
2739 struct iwn_tx_data *data;
2741 if ((desc->qid & 0xf) != 4)
2742 return; /* Not a command ack. */
2744 data = &ring->data[desc->idx];
2746 /* If the command was mapped in an mbuf, free it. */
2747 if (data->m != NULL) {
2748 bus_dmamap_sync(ring->data_dmat, data->map,
2749 BUS_DMASYNC_POSTWRITE);
2750 bus_dmamap_unload(ring->data_dmat, data->map);
2754 wakeup(&ring->desc[desc->idx]);
2758 iwn_ampdu_tx_done(struct iwn_softc *sc, int qid, int idx, int nframes,
2761 struct ifnet *ifp = sc->sc_ifp;
2762 struct iwn_tx_ring *ring = &sc->txq[qid];
2763 struct iwn_tx_data *data;
2765 struct iwn_node *wn;
2766 struct ieee80211_node *ni;
2767 struct ieee80211vap *vap;
2768 struct ieee80211_tx_ampdu *tap;
2770 uint32_t *status = stat;
2771 uint16_t *aggstatus = stat;
2773 int bit, i, lastidx, seqno, shift, start;
2777 if ((*status & 0xff) != 1 && (*status & 0xff) != 2)
2778 printf("ieee80211_send_bar()\n");
2784 for (i = 0; i < nframes; i++) {
2785 if (le16toh(aggstatus[i * 2]) & 0xc)
2788 idx = le16toh(aggstatus[2*i + 1]) & 0xff;
2792 shift = 0x100 - idx + start;
2795 } else if (bit <= -64)
2796 bit = 0x100 - start + idx;
2798 shift = start - idx;
2802 bitmap = bitmap << shift;
2803 bitmap |= 1ULL << bit;
2805 tap = sc->qid2tap[qid];
2808 wn = (void *)tap->txa_ni;
2809 wn->agg[tid].bitmap = bitmap;
2810 wn->agg[tid].startidx = start;
2811 wn->agg[tid].nframes = nframes;
2814 seqno = le32toh(*(status + nframes)) & 0xfff;
2815 for (lastidx = (seqno & 0xff); ring->read != lastidx;) {
2816 data = &ring->data[ring->read];
2818 KASSERT(data->ni != NULL, ("no node"));
2820 /* Unmap and free mbuf. */
2821 bus_dmamap_sync(ring->data_dmat, data->map,
2822 BUS_DMASYNC_POSTWRITE);
2823 bus_dmamap_unload(ring->data_dmat, data->map);
2824 m = data->m, data->m = NULL;
2825 ni = data->ni, data->ni = NULL;
2828 if (m->m_flags & M_TXCB)
2829 ieee80211_process_callback(ni, m, 1);
2832 ieee80211_free_node(ni);
2835 ring->read = (ring->read + 1) % IWN_TX_RING_COUNT;
2838 sc->sc_tx_timer = 0;
2839 if (ring->queued < IWN_TX_RING_LOMARK) {
2840 sc->qfullmsk &= ~(1 << ring->qid);
2841 if (sc->qfullmsk == 0 &&
2842 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) {
2843 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2844 iwn_start_locked(ifp);
2850 * Process an INT_FH_RX or INT_SW_RX interrupt.
2853 iwn_notif_intr(struct iwn_softc *sc)
2855 struct iwn_ops *ops = &sc->ops;
2856 struct ifnet *ifp = sc->sc_ifp;
2857 struct ieee80211com *ic = ifp->if_l2com;
2858 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2861 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
2862 BUS_DMASYNC_POSTREAD);
2864 hw = le16toh(sc->rxq.stat->closed_count) & 0xfff;
2865 while (sc->rxq.cur != hw) {
2866 struct iwn_rx_data *data = &sc->rxq.data[sc->rxq.cur];
2867 struct iwn_rx_desc *desc;
2869 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2870 BUS_DMASYNC_POSTREAD);
2871 desc = mtod(data->m, struct iwn_rx_desc *);
2873 DPRINTF(sc, IWN_DEBUG_RECV,
2874 "%s: qid %x idx %d flags %x type %d(%s) len %d\n",
2875 __func__, desc->qid & 0xf, desc->idx, desc->flags,
2876 desc->type, iwn_intr_str(desc->type),
2877 le16toh(desc->len));
2879 if (!(desc->qid & 0x80)) /* Reply to a command. */
2880 iwn_cmd_done(sc, desc);
2882 switch (desc->type) {
2884 iwn_rx_phy(sc, desc, data);
2887 case IWN_RX_DONE: /* 4965AGN only. */
2888 case IWN_MPDU_RX_DONE:
2889 /* An 802.11 frame has been received. */
2890 iwn_rx_done(sc, desc, data);
2893 case IWN_RX_COMPRESSED_BA:
2894 /* A Compressed BlockAck has been received. */
2895 iwn_rx_compressed_ba(sc, desc, data);
2899 /* An 802.11 frame has been transmitted. */
2900 ops->tx_done(sc, desc, data);
2903 case IWN_RX_STATISTICS:
2904 case IWN_BEACON_STATISTICS:
2905 iwn_rx_statistics(sc, desc, data);
2908 case IWN_BEACON_MISSED:
2910 struct iwn_beacon_missed *miss =
2911 (struct iwn_beacon_missed *)(desc + 1);
2914 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2915 BUS_DMASYNC_POSTREAD);
2916 misses = le32toh(miss->consecutive);
2918 DPRINTF(sc, IWN_DEBUG_STATE,
2919 "%s: beacons missed %d/%d\n", __func__,
2920 misses, le32toh(miss->total));
2922 * If more than 5 consecutive beacons are missed,
2923 * reinitialize the sensitivity state machine.
2925 if (vap->iv_state == IEEE80211_S_RUN &&
2926 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
2928 (void)iwn_init_sensitivity(sc);
2929 if (misses >= vap->iv_bmissthreshold) {
2931 ieee80211_beacon_miss(ic);
2939 struct iwn_ucode_info *uc =
2940 (struct iwn_ucode_info *)(desc + 1);
2942 /* The microcontroller is ready. */
2943 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2944 BUS_DMASYNC_POSTREAD);
2945 DPRINTF(sc, IWN_DEBUG_RESET,
2946 "microcode alive notification version=%d.%d "
2947 "subtype=%x alive=%x\n", uc->major, uc->minor,
2948 uc->subtype, le32toh(uc->valid));
2950 if (le32toh(uc->valid) != 1) {
2951 device_printf(sc->sc_dev,
2952 "microcontroller initialization failed");
2955 if (uc->subtype == IWN_UCODE_INIT) {
2956 /* Save microcontroller report. */
2957 memcpy(&sc->ucode_info, uc, sizeof (*uc));
2959 /* Save the address of the error log in SRAM. */
2960 sc->errptr = le32toh(uc->errptr);
2963 case IWN_STATE_CHANGED:
2965 uint32_t *status = (uint32_t *)(desc + 1);
2968 * State change allows hardware switch change to be
2969 * noted. However, we handle this in iwn_intr as we
2970 * get both the enable/disble intr.
2972 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2973 BUS_DMASYNC_POSTREAD);
2974 DPRINTF(sc, IWN_DEBUG_INTR, "state changed to %x\n",
2978 case IWN_START_SCAN:
2980 struct iwn_start_scan *scan =
2981 (struct iwn_start_scan *)(desc + 1);
2983 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2984 BUS_DMASYNC_POSTREAD);
2985 DPRINTF(sc, IWN_DEBUG_ANY,
2986 "%s: scanning channel %d status %x\n",
2987 __func__, scan->chan, le32toh(scan->status));
2992 struct iwn_stop_scan *scan =
2993 (struct iwn_stop_scan *)(desc + 1);
2995 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2996 BUS_DMASYNC_POSTREAD);
2997 DPRINTF(sc, IWN_DEBUG_STATE,
2998 "scan finished nchan=%d status=%d chan=%d\n",
2999 scan->nchan, scan->status, scan->chan);
3002 ieee80211_scan_next(vap);
3006 case IWN5000_CALIBRATION_RESULT:
3007 iwn5000_rx_calib_results(sc, desc, data);
3010 case IWN5000_CALIBRATION_DONE:
3011 sc->sc_flags |= IWN_FLAG_CALIB_DONE;
3016 sc->rxq.cur = (sc->rxq.cur + 1) % IWN_RX_RING_COUNT;
3019 /* Tell the firmware what we have processed. */
3020 hw = (hw == 0) ? IWN_RX_RING_COUNT - 1 : hw - 1;
3021 IWN_WRITE(sc, IWN_FH_RX_WPTR, hw & ~7);
3025 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up
3026 * from power-down sleep mode.
3029 iwn_wakeup_intr(struct iwn_softc *sc)
3033 DPRINTF(sc, IWN_DEBUG_RESET, "%s: ucode wakeup from power-down sleep\n",
3036 /* Wakeup RX and TX rings. */
3037 IWN_WRITE(sc, IWN_FH_RX_WPTR, sc->rxq.cur & ~7);
3038 for (qid = 0; qid < sc->ntxqs; qid++) {
3039 struct iwn_tx_ring *ring = &sc->txq[qid];
3040 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | ring->cur);
3045 iwn_rftoggle_intr(struct iwn_softc *sc)
3047 struct ifnet *ifp = sc->sc_ifp;
3048 struct ieee80211com *ic = ifp->if_l2com;
3049 uint32_t tmp = IWN_READ(sc, IWN_GP_CNTRL);
3051 IWN_LOCK_ASSERT(sc);
3053 device_printf(sc->sc_dev, "RF switch: radio %s\n",
3054 (tmp & IWN_GP_CNTRL_RFKILL) ? "enabled" : "disabled");
3055 if (tmp & IWN_GP_CNTRL_RFKILL)
3056 ieee80211_runtask(ic, &sc->sc_radioon_task);
3058 ieee80211_runtask(ic, &sc->sc_radiooff_task);
3062 * Dump the error log of the firmware when a firmware panic occurs. Although
3063 * we can't debug the firmware because it is neither open source nor free, it
3064 * can help us to identify certain classes of problems.
3067 iwn_fatal_intr(struct iwn_softc *sc)
3069 struct iwn_fw_dump dump;
3072 IWN_LOCK_ASSERT(sc);
3074 /* Force a complete recalibration on next init. */
3075 sc->sc_flags &= ~IWN_FLAG_CALIB_DONE;
3077 /* Check that the error log address is valid. */
3078 if (sc->errptr < IWN_FW_DATA_BASE ||
3079 sc->errptr + sizeof (dump) >
3080 IWN_FW_DATA_BASE + sc->fw_data_maxsz) {
3081 printf("%s: bad firmware error log address 0x%08x\n", __func__,
3085 if (iwn_nic_lock(sc) != 0) {
3086 printf("%s: could not read firmware error log\n", __func__);
3089 /* Read firmware error log from SRAM. */
3090 iwn_mem_read_region_4(sc, sc->errptr, (uint32_t *)&dump,
3091 sizeof (dump) / sizeof (uint32_t));
3094 if (dump.valid == 0) {
3095 printf("%s: firmware error log is empty\n", __func__);
3098 printf("firmware error log:\n");
3099 printf(" error type = \"%s\" (0x%08X)\n",
3100 (dump.id < nitems(iwn_fw_errmsg)) ?
3101 iwn_fw_errmsg[dump.id] : "UNKNOWN",
3103 printf(" program counter = 0x%08X\n", dump.pc);
3104 printf(" source line = 0x%08X\n", dump.src_line);
3105 printf(" error data = 0x%08X%08X\n",
3106 dump.error_data[0], dump.error_data[1]);
3107 printf(" branch link = 0x%08X%08X\n",
3108 dump.branch_link[0], dump.branch_link[1]);
3109 printf(" interrupt link = 0x%08X%08X\n",
3110 dump.interrupt_link[0], dump.interrupt_link[1]);
3111 printf(" time = %u\n", dump.time[0]);
3113 /* Dump driver status (TX and RX rings) while we're here. */
3114 printf("driver status:\n");
3115 for (i = 0; i < sc->ntxqs; i++) {
3116 struct iwn_tx_ring *ring = &sc->txq[i];
3117 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n",
3118 i, ring->qid, ring->cur, ring->queued);
3120 printf(" rx ring: cur=%d\n", sc->rxq.cur);
3126 struct iwn_softc *sc = arg;
3127 struct ifnet *ifp = sc->sc_ifp;
3128 uint32_t r1, r2, tmp;
3132 /* Disable interrupts. */
3133 IWN_WRITE(sc, IWN_INT_MASK, 0);
3135 /* Read interrupts from ICT (fast) or from registers (slow). */
3136 if (sc->sc_flags & IWN_FLAG_USE_ICT) {
3138 while (sc->ict[sc->ict_cur] != 0) {
3139 tmp |= sc->ict[sc->ict_cur];
3140 sc->ict[sc->ict_cur] = 0; /* Acknowledge. */
3141 sc->ict_cur = (sc->ict_cur + 1) % IWN_ICT_COUNT;
3144 if (tmp == 0xffffffff) /* Shouldn't happen. */
3146 else if (tmp & 0xc0000) /* Workaround a HW bug. */
3148 r1 = (tmp & 0xff00) << 16 | (tmp & 0xff);
3149 r2 = 0; /* Unused. */
3151 r1 = IWN_READ(sc, IWN_INT);
3152 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
3153 return; /* Hardware gone! */
3154 r2 = IWN_READ(sc, IWN_FH_INT);
3157 DPRINTF(sc, IWN_DEBUG_INTR, "interrupt reg1=%x reg2=%x\n", r1, r2);
3159 if (r1 == 0 && r2 == 0)
3160 goto done; /* Interrupt not for us. */
3162 /* Acknowledge interrupts. */
3163 IWN_WRITE(sc, IWN_INT, r1);
3164 if (!(sc->sc_flags & IWN_FLAG_USE_ICT))
3165 IWN_WRITE(sc, IWN_FH_INT, r2);
3167 if (r1 & IWN_INT_RF_TOGGLED) {
3168 iwn_rftoggle_intr(sc);
3171 if (r1 & IWN_INT_CT_REACHED) {
3172 device_printf(sc->sc_dev, "%s: critical temperature reached!\n",
3175 if (r1 & (IWN_INT_SW_ERR | IWN_INT_HW_ERR)) {
3176 device_printf(sc->sc_dev, "%s: fatal firmware error\n",
3178 /* Dump firmware error log and stop. */
3180 ifp->if_flags &= ~IFF_UP;
3181 iwn_stop_locked(sc);
3184 if ((r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX | IWN_INT_RX_PERIODIC)) ||
3185 (r2 & IWN_FH_INT_RX)) {
3186 if (sc->sc_flags & IWN_FLAG_USE_ICT) {
3187 if (r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX))
3188 IWN_WRITE(sc, IWN_FH_INT, IWN_FH_INT_RX);
3189 IWN_WRITE_1(sc, IWN_INT_PERIODIC,
3190 IWN_INT_PERIODIC_DIS);
3192 if (r1 & (IWN_INT_FH_RX | IWN_INT_SW_RX)) {
3193 IWN_WRITE_1(sc, IWN_INT_PERIODIC,
3194 IWN_INT_PERIODIC_ENA);
3200 if ((r1 & IWN_INT_FH_TX) || (r2 & IWN_FH_INT_TX)) {
3201 if (sc->sc_flags & IWN_FLAG_USE_ICT)
3202 IWN_WRITE(sc, IWN_FH_INT, IWN_FH_INT_TX);
3203 wakeup(sc); /* FH DMA transfer completed. */
3206 if (r1 & IWN_INT_ALIVE)
3207 wakeup(sc); /* Firmware is alive. */
3209 if (r1 & IWN_INT_WAKEUP)
3210 iwn_wakeup_intr(sc);
3213 /* Re-enable interrupts. */
3214 if (ifp->if_flags & IFF_UP)
3215 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
3221 * Update TX scheduler ring when transmitting an 802.11 frame (4965AGN and
3222 * 5000 adapters use a slightly different format).
3225 iwn4965_update_sched(struct iwn_softc *sc, int qid, int idx, uint8_t id,
3228 uint16_t *w = &sc->sched[qid * IWN4965_SCHED_COUNT + idx];
3230 *w = htole16(len + 8);
3231 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3232 BUS_DMASYNC_PREWRITE);
3233 if (idx < IWN_SCHED_WINSZ) {
3234 *(w + IWN_TX_RING_COUNT) = *w;
3235 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3236 BUS_DMASYNC_PREWRITE);
3241 iwn5000_update_sched(struct iwn_softc *sc, int qid, int idx, uint8_t id,
3244 uint16_t *w = &sc->sched[qid * IWN5000_SCHED_COUNT + idx];
3246 *w = htole16(id << 12 | (len + 8));
3247 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3248 BUS_DMASYNC_PREWRITE);
3249 if (idx < IWN_SCHED_WINSZ) {
3250 *(w + IWN_TX_RING_COUNT) = *w;
3251 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3252 BUS_DMASYNC_PREWRITE);
3258 iwn5000_reset_sched(struct iwn_softc *sc, int qid, int idx)
3260 uint16_t *w = &sc->sched[qid * IWN5000_SCHED_COUNT + idx];
3262 *w = (*w & htole16(0xf000)) | htole16(1);
3263 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3264 BUS_DMASYNC_PREWRITE);
3265 if (idx < IWN_SCHED_WINSZ) {
3266 *(w + IWN_TX_RING_COUNT) = *w;
3267 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3268 BUS_DMASYNC_PREWRITE);
3274 iwn_tx_data(struct iwn_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3276 struct iwn_ops *ops = &sc->ops;
3277 const struct ieee80211_txparam *tp;
3278 struct ieee80211vap *vap = ni->ni_vap;
3279 struct ieee80211com *ic = ni->ni_ic;
3280 struct iwn_node *wn = (void *)ni;
3281 struct iwn_tx_ring *ring;
3282 struct iwn_tx_desc *desc;
3283 struct iwn_tx_data *data;
3284 struct iwn_tx_cmd *cmd;
3285 struct iwn_cmd_data *tx;
3286 struct ieee80211_frame *wh;
3287 struct ieee80211_key *k = NULL;
3292 bus_dma_segment_t *seg, segs[IWN_MAX_SCATTER];
3293 uint8_t tid, ridx, txant, type;
3294 int ac, i, totlen, error, pad, nsegs = 0, rate;
3296 IWN_LOCK_ASSERT(sc);
3298 wh = mtod(m, struct ieee80211_frame *);
3299 hdrlen = ieee80211_anyhdrsize(wh);
3300 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3302 /* Select EDCA Access Category and TX ring for this frame. */
3303 if (IEEE80211_QOS_HAS_SEQ(wh)) {
3304 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
3305 tid = qos & IEEE80211_QOS_TID;
3310 ac = M_WME_GETAC(m);
3311 if (m->m_flags & M_AMPDU_MPDU) {
3312 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[ac];
3314 ac = *(int *)tap->txa_private;
3315 *(uint16_t *)wh->i_seq =
3316 htole16(ni->ni_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT);
3317 ni->ni_txseqs[tid]++;
3319 ring = &sc->txq[ac];
3320 desc = &ring->desc[ring->cur];
3321 data = &ring->data[ring->cur];
3323 /* Choose a TX rate index. */
3324 tp = &vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)];
3325 if (type == IEEE80211_FC0_TYPE_MGT)
3326 rate = tp->mgmtrate;
3327 else if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3328 rate = tp->mcastrate;
3329 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3330 rate = tp->ucastrate;
3332 /* XXX pass pktlen */
3333 (void) ieee80211_ratectl_rate(ni, NULL, 0);
3334 rate = ni->ni_txrate;
3336 ridx = ic->ic_rt->rateCodeToIndex[rate];
3338 /* Encrypt the frame if need be. */
3339 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
3340 /* Retrieve key for TX. */
3341 k = ieee80211_crypto_encap(ni, m);
3346 /* 802.11 header may have moved. */
3347 wh = mtod(m, struct ieee80211_frame *);
3349 totlen = m->m_pkthdr.len;
3351 if (ieee80211_radiotap_active_vap(vap)) {
3352 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap;
3355 tap->wt_rate = rate;
3357 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
3359 ieee80211_radiotap_tx(vap, m);
3362 /* Prepare TX firmware command. */
3363 cmd = &ring->cmd[ring->cur];
3364 cmd->code = IWN_CMD_TX_DATA;
3366 cmd->qid = ring->qid;
3367 cmd->idx = ring->cur;
3369 tx = (struct iwn_cmd_data *)cmd->data;
3370 /* NB: No need to clear tx, all fields are reinitialized here. */
3371 tx->scratch = 0; /* clear "scratch" area */
3374 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3375 /* Unicast frame, check if an ACK is expected. */
3376 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3377 IEEE80211_QOS_ACKPOLICY_NOACK)
3378 flags |= IWN_TX_NEED_ACK;
3381 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3382 (IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_BAR))
3383 flags |= IWN_TX_IMM_BA; /* Cannot happen yet. */
3385 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG)
3386 flags |= IWN_TX_MORE_FRAG; /* Cannot happen yet. */
3388 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */
3389 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3390 /* NB: Group frames are sent using CCK in 802.11b/g. */
3391 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) {
3392 flags |= IWN_TX_NEED_RTS;
3393 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3394 ridx >= IWN_RIDX_OFDM6) {
3395 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
3396 flags |= IWN_TX_NEED_CTS;
3397 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
3398 flags |= IWN_TX_NEED_RTS;
3400 if (flags & (IWN_TX_NEED_RTS | IWN_TX_NEED_CTS)) {
3401 if (sc->hw_type != IWN_HW_REV_TYPE_4965) {
3402 /* 5000 autoselects RTS/CTS or CTS-to-self. */
3403 flags &= ~(IWN_TX_NEED_RTS | IWN_TX_NEED_CTS);
3404 flags |= IWN_TX_NEED_PROTECTION;
3406 flags |= IWN_TX_FULL_TXOP;
3410 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3411 type != IEEE80211_FC0_TYPE_DATA)
3412 tx->id = sc->broadcast_id;
3416 if (type == IEEE80211_FC0_TYPE_MGT) {
3417 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3419 /* Tell HW to set timestamp in probe responses. */
3420 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
3421 flags |= IWN_TX_INSERT_TSTAMP;
3422 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3423 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
3424 tx->timeout = htole16(3);
3426 tx->timeout = htole16(2);
3428 tx->timeout = htole16(0);
3431 /* First segment length must be a multiple of 4. */
3432 flags |= IWN_TX_NEED_PADDING;
3433 pad = 4 - (hdrlen & 3);
3437 tx->len = htole16(totlen);
3439 tx->rts_ntries = 60;
3440 tx->data_ntries = 15;
3441 tx->lifetime = htole32(IWN_LIFETIME_INFINITE);
3442 tx->rate = wn->ridx[rate];
3443 if (tx->id == sc->broadcast_id) {
3444 /* Group or management frame. */
3446 /* XXX Alternate between antenna A and B? */
3447 txant = IWN_LSB(sc->txchainmask);
3448 tx->rate |= htole32(IWN_RFLAG_ANT(txant));
3450 tx->linkq = ni->ni_rates.rs_nrates - ridx - 1;
3451 flags |= IWN_TX_LINKQ; /* enable MRR */
3453 /* Set physical address of "scratch area". */
3454 tx->loaddr = htole32(IWN_LOADDR(data->scratch_paddr));
3455 tx->hiaddr = IWN_HIADDR(data->scratch_paddr);
3457 /* Copy 802.11 header in TX command. */
3458 memcpy((uint8_t *)(tx + 1), wh, hdrlen);
3460 /* Trim 802.11 header. */
3463 tx->flags = htole32(flags);
3465 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, segs,
3466 &nsegs, BUS_DMA_NOWAIT);
3468 if (error != EFBIG) {
3469 device_printf(sc->sc_dev,
3470 "%s: can't map mbuf (error %d)\n", __func__, error);
3474 /* Too many DMA segments, linearize mbuf. */
3475 m1 = m_collapse(m, M_DONTWAIT, IWN_MAX_SCATTER);
3477 device_printf(sc->sc_dev,
3478 "%s: could not defrag mbuf\n", __func__);
3484 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3485 segs, &nsegs, BUS_DMA_NOWAIT);
3487 device_printf(sc->sc_dev,
3488 "%s: can't map mbuf (error %d)\n", __func__, error);
3497 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n",
3498 __func__, ring->qid, ring->cur, m->m_pkthdr.len, nsegs);
3500 /* Fill TX descriptor. */
3503 desc->nsegs += nsegs;
3504 /* First DMA segment is used by the TX command. */
3505 desc->segs[0].addr = htole32(IWN_LOADDR(data->cmd_paddr));
3506 desc->segs[0].len = htole16(IWN_HIADDR(data->cmd_paddr) |
3507 (4 + sizeof (*tx) + hdrlen + pad) << 4);
3508 /* Other DMA segments are for data payload. */
3510 for (i = 1; i <= nsegs; i++) {
3511 desc->segs[i].addr = htole32(IWN_LOADDR(seg->ds_addr));
3512 desc->segs[i].len = htole16(IWN_HIADDR(seg->ds_addr) |
3517 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
3518 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map,
3519 BUS_DMASYNC_PREWRITE);
3520 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3521 BUS_DMASYNC_PREWRITE);
3523 /* Update TX scheduler. */
3524 if (ring->qid >= sc->firstaggqueue)
3525 ops->update_sched(sc, ring->qid, ring->cur, tx->id, totlen);
3528 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT;
3529 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3531 /* Mark TX ring as full if we reach a certain threshold. */
3532 if (++ring->queued > IWN_TX_RING_HIMARK)
3533 sc->qfullmsk |= 1 << ring->qid;
3539 iwn_tx_data_raw(struct iwn_softc *sc, struct mbuf *m,
3540 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params)
3542 struct iwn_ops *ops = &sc->ops;
3543 struct ifnet *ifp = sc->sc_ifp;
3544 struct ieee80211vap *vap = ni->ni_vap;
3545 struct ieee80211com *ic = ifp->if_l2com;
3546 struct iwn_tx_cmd *cmd;
3547 struct iwn_cmd_data *tx;
3548 struct ieee80211_frame *wh;
3549 struct iwn_tx_ring *ring;
3550 struct iwn_tx_desc *desc;
3551 struct iwn_tx_data *data;
3553 bus_dma_segment_t *seg, segs[IWN_MAX_SCATTER];
3556 int ac, totlen, error, pad, nsegs = 0, i, rate;
3557 uint8_t ridx, type, txant;
3559 IWN_LOCK_ASSERT(sc);
3561 wh = mtod(m, struct ieee80211_frame *);
3562 hdrlen = ieee80211_anyhdrsize(wh);
3563 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3565 ac = params->ibp_pri & 3;
3567 ring = &sc->txq[ac];
3568 desc = &ring->desc[ring->cur];
3569 data = &ring->data[ring->cur];
3571 /* Choose a TX rate index. */
3572 rate = params->ibp_rate0;
3573 ridx = ic->ic_rt->rateCodeToIndex[rate];
3574 if (ridx == (uint8_t)-1) {
3575 /* XXX fall back to mcast/mgmt rate? */
3580 totlen = m->m_pkthdr.len;
3582 /* Prepare TX firmware command. */
3583 cmd = &ring->cmd[ring->cur];
3584 cmd->code = IWN_CMD_TX_DATA;
3586 cmd->qid = ring->qid;
3587 cmd->idx = ring->cur;
3589 tx = (struct iwn_cmd_data *)cmd->data;
3590 /* NB: No need to clear tx, all fields are reinitialized here. */
3591 tx->scratch = 0; /* clear "scratch" area */
3594 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3595 flags |= IWN_TX_NEED_ACK;
3596 if (params->ibp_flags & IEEE80211_BPF_RTS) {
3597 if (sc->hw_type != IWN_HW_REV_TYPE_4965) {
3598 /* 5000 autoselects RTS/CTS or CTS-to-self. */
3599 flags &= ~IWN_TX_NEED_RTS;
3600 flags |= IWN_TX_NEED_PROTECTION;
3602 flags |= IWN_TX_NEED_RTS | IWN_TX_FULL_TXOP;
3604 if (params->ibp_flags & IEEE80211_BPF_CTS) {
3605 if (sc->hw_type != IWN_HW_REV_TYPE_4965) {
3606 /* 5000 autoselects RTS/CTS or CTS-to-self. */
3607 flags &= ~IWN_TX_NEED_CTS;
3608 flags |= IWN_TX_NEED_PROTECTION;
3610 flags |= IWN_TX_NEED_CTS | IWN_TX_FULL_TXOP;
3612 if (type == IEEE80211_FC0_TYPE_MGT) {
3613 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3615 /* Tell HW to set timestamp in probe responses. */
3616 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
3617 flags |= IWN_TX_INSERT_TSTAMP;
3619 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3620 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
3621 tx->timeout = htole16(3);
3623 tx->timeout = htole16(2);
3625 tx->timeout = htole16(0);
3628 /* First segment length must be a multiple of 4. */
3629 flags |= IWN_TX_NEED_PADDING;
3630 pad = 4 - (hdrlen & 3);
3634 if (ieee80211_radiotap_active_vap(vap)) {
3635 struct iwn_tx_radiotap_header *tap = &sc->sc_txtap;
3638 tap->wt_rate = rate;
3640 ieee80211_radiotap_tx(vap, m);
3643 tx->len = htole16(totlen);
3645 tx->id = sc->broadcast_id;
3646 tx->rts_ntries = params->ibp_try1;
3647 tx->data_ntries = params->ibp_try0;
3648 tx->lifetime = htole32(IWN_LIFETIME_INFINITE);
3649 tx->rate = htole32(rate2plcp(rate));
3650 if (ridx < IWN_RIDX_OFDM6 &&
3651 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
3652 tx->rate |= htole32(IWN_RFLAG_CCK);
3653 /* Group or management frame. */
3655 txant = IWN_LSB(sc->txchainmask);
3656 tx->rate |= htole32(IWN_RFLAG_ANT(txant));
3657 /* Set physical address of "scratch area". */
3658 tx->loaddr = htole32(IWN_LOADDR(data->scratch_paddr));
3659 tx->hiaddr = IWN_HIADDR(data->scratch_paddr);
3661 /* Copy 802.11 header in TX command. */
3662 memcpy((uint8_t *)(tx + 1), wh, hdrlen);
3664 /* Trim 802.11 header. */
3667 tx->flags = htole32(flags);
3669 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m, segs,
3670 &nsegs, BUS_DMA_NOWAIT);
3672 if (error != EFBIG) {
3673 device_printf(sc->sc_dev,
3674 "%s: can't map mbuf (error %d)\n", __func__, error);
3678 /* Too many DMA segments, linearize mbuf. */
3679 m1 = m_collapse(m, M_DONTWAIT, IWN_MAX_SCATTER);
3681 device_printf(sc->sc_dev,
3682 "%s: could not defrag mbuf\n", __func__);
3688 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3689 segs, &nsegs, BUS_DMA_NOWAIT);
3691 device_printf(sc->sc_dev,
3692 "%s: can't map mbuf (error %d)\n", __func__, error);
3701 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n",
3702 __func__, ring->qid, ring->cur, m->m_pkthdr.len, nsegs);
3704 /* Fill TX descriptor. */
3707 desc->nsegs += nsegs;
3708 /* First DMA segment is used by the TX command. */
3709 desc->segs[0].addr = htole32(IWN_LOADDR(data->cmd_paddr));
3710 desc->segs[0].len = htole16(IWN_HIADDR(data->cmd_paddr) |
3711 (4 + sizeof (*tx) + hdrlen + pad) << 4);
3712 /* Other DMA segments are for data payload. */
3714 for (i = 1; i <= nsegs; i++) {
3715 desc->segs[i].addr = htole32(IWN_LOADDR(seg->ds_addr));
3716 desc->segs[i].len = htole16(IWN_HIADDR(seg->ds_addr) |
3721 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
3722 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map,
3723 BUS_DMASYNC_PREWRITE);
3724 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3725 BUS_DMASYNC_PREWRITE);
3727 /* Update TX scheduler. */
3728 if (ring->qid >= sc->firstaggqueue)
3729 ops->update_sched(sc, ring->qid, ring->cur, tx->id, totlen);
3732 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT;
3733 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3735 /* Mark TX ring as full if we reach a certain threshold. */
3736 if (++ring->queued > IWN_TX_RING_HIMARK)
3737 sc->qfullmsk |= 1 << ring->qid;
3743 iwn_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3744 const struct ieee80211_bpf_params *params)
3746 struct ieee80211com *ic = ni->ni_ic;
3747 struct ifnet *ifp = ic->ic_ifp;
3748 struct iwn_softc *sc = ifp->if_softc;
3751 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3752 ieee80211_free_node(ni);
3758 if (params == NULL) {
3760 * Legacy path; interpret frame contents to decide
3761 * precisely how to send the frame.
3763 error = iwn_tx_data(sc, m, ni);
3766 * Caller supplied explicit parameters to use in
3767 * sending the frame.
3769 error = iwn_tx_data_raw(sc, m, ni, params);
3772 /* NB: m is reclaimed on tx failure */
3773 ieee80211_free_node(ni);
3776 sc->sc_tx_timer = 5;
3783 iwn_start(struct ifnet *ifp)
3785 struct iwn_softc *sc = ifp->if_softc;
3788 iwn_start_locked(ifp);
3793 iwn_start_locked(struct ifnet *ifp)
3795 struct iwn_softc *sc = ifp->if_softc;
3796 struct ieee80211_node *ni;
3799 IWN_LOCK_ASSERT(sc);
3801 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
3802 (ifp->if_drv_flags & IFF_DRV_OACTIVE))
3806 if (sc->qfullmsk != 0) {
3807 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3810 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3813 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3814 if (iwn_tx_data(sc, m, ni) != 0) {
3815 ieee80211_free_node(ni);
3819 sc->sc_tx_timer = 5;
3824 iwn_watchdog(void *arg)
3826 struct iwn_softc *sc = arg;
3827 struct ifnet *ifp = sc->sc_ifp;
3828 struct ieee80211com *ic = ifp->if_l2com;
3830 IWN_LOCK_ASSERT(sc);
3832 KASSERT(ifp->if_drv_flags & IFF_DRV_RUNNING, ("not running"));
3834 if (sc->sc_tx_timer > 0) {
3835 if (--sc->sc_tx_timer == 0) {
3836 if_printf(ifp, "device timeout\n");
3837 ieee80211_runtask(ic, &sc->sc_reinit_task);
3841 callout_reset(&sc->watchdog_to, hz, iwn_watchdog, sc);
3845 iwn_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3847 struct iwn_softc *sc = ifp->if_softc;
3848 struct ieee80211com *ic = ifp->if_l2com;
3849 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3850 struct ifreq *ifr = (struct ifreq *) data;
3851 int error = 0, startall = 0, stop = 0;
3855 error = ether_ioctl(ifp, cmd, data);
3859 if (ifp->if_flags & IFF_UP) {
3860 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3861 iwn_init_locked(sc);
3862 if (IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_RFKILL)
3868 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
3869 iwn_stop_locked(sc);
3873 ieee80211_start_all(ic);
3874 else if (vap != NULL && stop)
3875 ieee80211_stop(vap);
3878 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3888 * Send a command to the firmware.
3891 iwn_cmd(struct iwn_softc *sc, int code, const void *buf, int size, int async)
3893 struct iwn_tx_ring *ring = &sc->txq[4];
3894 struct iwn_tx_desc *desc;
3895 struct iwn_tx_data *data;
3896 struct iwn_tx_cmd *cmd;
3902 IWN_LOCK_ASSERT(sc);
3904 desc = &ring->desc[ring->cur];
3905 data = &ring->data[ring->cur];
3908 if (size > sizeof cmd->data) {
3909 /* Command is too large to fit in a descriptor. */
3910 if (totlen > MCLBYTES)
3912 m = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE);
3915 cmd = mtod(m, struct iwn_tx_cmd *);
3916 error = bus_dmamap_load(ring->data_dmat, data->map, cmd,
3917 totlen, iwn_dma_map_addr, &paddr, BUS_DMA_NOWAIT);
3924 cmd = &ring->cmd[ring->cur];
3925 paddr = data->cmd_paddr;
3930 cmd->qid = ring->qid;
3931 cmd->idx = ring->cur;
3932 memcpy(cmd->data, buf, size);
3935 desc->segs[0].addr = htole32(IWN_LOADDR(paddr));
3936 desc->segs[0].len = htole16(IWN_HIADDR(paddr) | totlen << 4);
3938 DPRINTF(sc, IWN_DEBUG_CMD, "%s: %s (0x%x) flags %d qid %d idx %d\n",
3939 __func__, iwn_intr_str(cmd->code), cmd->code,
3940 cmd->flags, cmd->qid, cmd->idx);
3942 if (size > sizeof cmd->data) {
3943 bus_dmamap_sync(ring->data_dmat, data->map,
3944 BUS_DMASYNC_PREWRITE);
3946 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map,
3947 BUS_DMASYNC_PREWRITE);
3949 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3950 BUS_DMASYNC_PREWRITE);
3952 /* Kick command ring. */
3953 ring->cur = (ring->cur + 1) % IWN_TX_RING_COUNT;
3954 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3956 return async ? 0 : msleep(desc, &sc->sc_mtx, PCATCH, "iwncmd", hz);
3960 iwn4965_add_node(struct iwn_softc *sc, struct iwn_node_info *node, int async)
3962 struct iwn4965_node_info hnode;
3966 * We use the node structure for 5000 Series internally (it is
3967 * a superset of the one for 4965AGN). We thus copy the common
3968 * fields before sending the command.
3970 src = (caddr_t)node;
3971 dst = (caddr_t)&hnode;
3972 memcpy(dst, src, 48);
3973 /* Skip TSC, RX MIC and TX MIC fields from ``src''. */
3974 memcpy(dst + 48, src + 72, 20);
3975 return iwn_cmd(sc, IWN_CMD_ADD_NODE, &hnode, sizeof hnode, async);
3979 iwn5000_add_node(struct iwn_softc *sc, struct iwn_node_info *node, int async)
3981 /* Direct mapping. */
3982 return iwn_cmd(sc, IWN_CMD_ADD_NODE, node, sizeof (*node), async);
3986 iwn_set_link_quality(struct iwn_softc *sc, struct ieee80211_node *ni)
3988 #define RV(v) ((v) & IEEE80211_RATE_VAL)
3989 struct iwn_node *wn = (void *)ni;
3990 struct ieee80211_rateset *rs = &ni->ni_rates;
3991 struct iwn_cmd_link_quality linkq;
3993 int i, rate, txrate;
3995 /* Use the first valid TX antenna. */
3996 txant = IWN_LSB(sc->txchainmask);
3998 memset(&linkq, 0, sizeof linkq);
4000 linkq.antmsk_1stream = txant;
4001 linkq.antmsk_2stream = IWN_ANT_AB;
4002 linkq.ampdu_max = 64;
4003 linkq.ampdu_threshold = 3;
4004 linkq.ampdu_limit = htole16(4000); /* 4ms */
4006 /* Start at highest available bit-rate. */
4007 if (IEEE80211_IS_CHAN_HT(ni->ni_chan))
4008 txrate = ni->ni_htrates.rs_nrates - 1;
4010 txrate = rs->rs_nrates - 1;
4011 for (i = 0; i < IWN_MAX_TX_RETRIES; i++) {
4012 if (IEEE80211_IS_CHAN_HT(ni->ni_chan))
4013 rate = IEEE80211_RATE_MCS | txrate;
4015 rate = RV(rs->rs_rates[txrate]);
4016 linkq.retry[i] = wn->ridx[rate];
4018 if ((le32toh(wn->ridx[rate]) & IWN_RFLAG_MCS) &&
4019 RV(le32toh(wn->ridx[rate])) > 7)
4022 /* Next retry at immediate lower bit-rate. */
4026 return iwn_cmd(sc, IWN_CMD_LINK_QUALITY, &linkq, sizeof linkq, 1);
4031 * Broadcast node is used to send group-addressed and management frames.
4034 iwn_add_broadcast_node(struct iwn_softc *sc, int async)
4036 struct iwn_ops *ops = &sc->ops;
4037 struct ifnet *ifp = sc->sc_ifp;
4038 struct ieee80211com *ic = ifp->if_l2com;
4039 struct iwn_node_info node;
4040 struct iwn_cmd_link_quality linkq;
4044 memset(&node, 0, sizeof node);
4045 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr);
4046 node.id = sc->broadcast_id;
4047 DPRINTF(sc, IWN_DEBUG_RESET, "%s: adding broadcast node\n", __func__);
4048 if ((error = ops->add_node(sc, &node, async)) != 0)
4051 /* Use the first valid TX antenna. */
4052 txant = IWN_LSB(sc->txchainmask);
4054 memset(&linkq, 0, sizeof linkq);
4055 linkq.id = sc->broadcast_id;
4056 linkq.antmsk_1stream = txant;
4057 linkq.antmsk_2stream = IWN_ANT_AB;
4058 linkq.ampdu_max = 64;
4059 linkq.ampdu_threshold = 3;
4060 linkq.ampdu_limit = htole16(4000); /* 4ms */
4062 /* Use lowest mandatory bit-rate. */
4063 if (IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan))
4064 linkq.retry[0] = htole32(0xd);
4066 linkq.retry[0] = htole32(10 | IWN_RFLAG_CCK);
4067 linkq.retry[0] |= htole32(IWN_RFLAG_ANT(txant));
4068 /* Use same bit-rate for all TX retries. */
4069 for (i = 1; i < IWN_MAX_TX_RETRIES; i++) {
4070 linkq.retry[i] = linkq.retry[0];
4072 return iwn_cmd(sc, IWN_CMD_LINK_QUALITY, &linkq, sizeof linkq, async);
4076 iwn_updateedca(struct ieee80211com *ic)
4078 #define IWN_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */
4079 struct iwn_softc *sc = ic->ic_ifp->if_softc;
4080 struct iwn_edca_params cmd;
4083 memset(&cmd, 0, sizeof cmd);
4084 cmd.flags = htole32(IWN_EDCA_UPDATE);
4085 for (aci = 0; aci < WME_NUM_AC; aci++) {
4086 const struct wmeParams *ac =
4087 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci];
4088 cmd.ac[aci].aifsn = ac->wmep_aifsn;
4089 cmd.ac[aci].cwmin = htole16(IWN_EXP2(ac->wmep_logcwmin));
4090 cmd.ac[aci].cwmax = htole16(IWN_EXP2(ac->wmep_logcwmax));
4091 cmd.ac[aci].txoplimit =
4092 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit));
4094 IEEE80211_UNLOCK(ic);
4096 (void)iwn_cmd(sc, IWN_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1);
4104 iwn_update_mcast(struct ifnet *ifp)
4110 iwn_set_led(struct iwn_softc *sc, uint8_t which, uint8_t off, uint8_t on)
4112 struct iwn_cmd_led led;
4114 /* Clear microcode LED ownership. */
4115 IWN_CLRBITS(sc, IWN_LED, IWN_LED_BSM_CTRL);
4118 led.unit = htole32(10000); /* on/off in unit of 100ms */
4121 (void)iwn_cmd(sc, IWN_CMD_SET_LED, &led, sizeof led, 1);
4125 * Set the critical temperature at which the firmware will stop the radio
4129 iwn_set_critical_temp(struct iwn_softc *sc)
4131 struct iwn_critical_temp crit;
4134 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_CTEMP_STOP_RF);
4136 if (sc->hw_type == IWN_HW_REV_TYPE_5150)
4137 temp = (IWN_CTOK(110) - sc->temp_off) * -5;
4138 else if (sc->hw_type == IWN_HW_REV_TYPE_4965)
4139 temp = IWN_CTOK(110);
4142 memset(&crit, 0, sizeof crit);
4143 crit.tempR = htole32(temp);
4144 DPRINTF(sc, IWN_DEBUG_RESET, "setting critical temp to %d\n", temp);
4145 return iwn_cmd(sc, IWN_CMD_SET_CRITICAL_TEMP, &crit, sizeof crit, 0);
4149 iwn_set_timing(struct iwn_softc *sc, struct ieee80211_node *ni)
4151 struct iwn_cmd_timing cmd;
4154 memset(&cmd, 0, sizeof cmd);
4155 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t));
4156 cmd.bintval = htole16(ni->ni_intval);
4157 cmd.lintval = htole16(10);
4159 /* Compute remaining time until next beacon. */
4160 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU;
4161 mod = le64toh(cmd.tstamp) % val;
4162 cmd.binitval = htole32((uint32_t)(val - mod));
4164 DPRINTF(sc, IWN_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n",
4165 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod));
4167 return iwn_cmd(sc, IWN_CMD_TIMING, &cmd, sizeof cmd, 1);
4171 iwn4965_power_calibration(struct iwn_softc *sc, int temp)
4173 struct ifnet *ifp = sc->sc_ifp;
4174 struct ieee80211com *ic = ifp->if_l2com;
4176 /* Adjust TX power if need be (delta >= 3 degC). */
4177 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: temperature %d->%d\n",
4178 __func__, sc->temp, temp);
4179 if (abs(temp - sc->temp) >= 3) {
4180 /* Record temperature of last calibration. */
4182 (void)iwn4965_set_txpower(sc, ic->ic_bsschan, 1);
4187 * Set TX power for current channel (each rate has its own power settings).
4188 * This function takes into account the regulatory information from EEPROM,
4189 * the current temperature and the current voltage.
4192 iwn4965_set_txpower(struct iwn_softc *sc, struct ieee80211_channel *ch,
4195 /* Fixed-point arithmetic division using a n-bit fractional part. */
4196 #define fdivround(a, b, n) \
4197 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n))
4198 /* Linear interpolation. */
4199 #define interpolate(x, x1, y1, x2, y2, n) \
4200 ((y1) + fdivround(((int)(x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n))
4202 static const int tdiv[IWN_NATTEN_GROUPS] = { 9, 8, 8, 8, 6 };
4203 struct iwn_ucode_info *uc = &sc->ucode_info;
4204 struct iwn4965_cmd_txpower cmd;
4205 struct iwn4965_eeprom_chan_samples *chans;
4206 const uint8_t *rf_gain, *dsp_gain;
4207 int32_t vdiff, tdiff;
4208 int i, c, grp, maxpwr;
4211 /* Retrieve current channel from last RXON. */
4212 chan = sc->rxon.chan;
4213 DPRINTF(sc, IWN_DEBUG_RESET, "setting TX power for channel %d\n",
4216 memset(&cmd, 0, sizeof cmd);
4217 cmd.band = IEEE80211_IS_CHAN_5GHZ(ch) ? 0 : 1;
4220 if (IEEE80211_IS_CHAN_5GHZ(ch)) {
4221 maxpwr = sc->maxpwr5GHz;
4222 rf_gain = iwn4965_rf_gain_5ghz;
4223 dsp_gain = iwn4965_dsp_gain_5ghz;
4225 maxpwr = sc->maxpwr2GHz;
4226 rf_gain = iwn4965_rf_gain_2ghz;
4227 dsp_gain = iwn4965_dsp_gain_2ghz;
4230 /* Compute voltage compensation. */
4231 vdiff = ((int32_t)le32toh(uc->volt) - sc->eeprom_voltage) / 7;
4236 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
4237 "%s: voltage compensation=%d (UCODE=%d, EEPROM=%d)\n",
4238 __func__, vdiff, le32toh(uc->volt), sc->eeprom_voltage);
4240 /* Get channel attenuation group. */
4241 if (chan <= 20) /* 1-20 */
4243 else if (chan <= 43) /* 34-43 */
4245 else if (chan <= 70) /* 44-70 */
4247 else if (chan <= 124) /* 71-124 */
4251 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
4252 "%s: chan %d, attenuation group=%d\n", __func__, chan, grp);
4254 /* Get channel sub-band. */
4255 for (i = 0; i < IWN_NBANDS; i++)
4256 if (sc->bands[i].lo != 0 &&
4257 sc->bands[i].lo <= chan && chan <= sc->bands[i].hi)
4259 if (i == IWN_NBANDS) /* Can't happen in real-life. */
4261 chans = sc->bands[i].chans;
4262 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
4263 "%s: chan %d sub-band=%d\n", __func__, chan, i);
4265 for (c = 0; c < 2; c++) {
4266 uint8_t power, gain, temp;
4267 int maxchpwr, pwr, ridx, idx;
4269 power = interpolate(chan,
4270 chans[0].num, chans[0].samples[c][1].power,
4271 chans[1].num, chans[1].samples[c][1].power, 1);
4272 gain = interpolate(chan,
4273 chans[0].num, chans[0].samples[c][1].gain,
4274 chans[1].num, chans[1].samples[c][1].gain, 1);
4275 temp = interpolate(chan,
4276 chans[0].num, chans[0].samples[c][1].temp,
4277 chans[1].num, chans[1].samples[c][1].temp, 1);
4278 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
4279 "%s: Tx chain %d: power=%d gain=%d temp=%d\n",
4280 __func__, c, power, gain, temp);
4282 /* Compute temperature compensation. */
4283 tdiff = ((sc->temp - temp) * 2) / tdiv[grp];
4284 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
4285 "%s: temperature compensation=%d (current=%d, EEPROM=%d)\n",
4286 __func__, tdiff, sc->temp, temp);
4288 for (ridx = 0; ridx <= IWN_RIDX_MAX; ridx++) {
4289 /* Convert dBm to half-dBm. */
4290 maxchpwr = sc->maxpwr[chan] * 2;
4292 maxchpwr -= 6; /* MIMO 2T: -3dB */
4296 /* Adjust TX power based on rate. */
4297 if ((ridx % 8) == 5)
4298 pwr -= 15; /* OFDM48: -7.5dB */
4299 else if ((ridx % 8) == 6)
4300 pwr -= 17; /* OFDM54: -8.5dB */
4301 else if ((ridx % 8) == 7)
4302 pwr -= 20; /* OFDM60: -10dB */
4304 pwr -= 10; /* Others: -5dB */
4306 /* Do not exceed channel max TX power. */
4310 idx = gain - (pwr - power) - tdiff - vdiff;
4311 if ((ridx / 8) & 1) /* MIMO */
4312 idx += (int32_t)le32toh(uc->atten[grp][c]);
4315 idx += 9; /* 5GHz */
4316 if (ridx == IWN_RIDX_MAX)
4319 /* Make sure idx stays in a valid range. */
4322 else if (idx > IWN4965_MAX_PWR_INDEX)
4323 idx = IWN4965_MAX_PWR_INDEX;
4325 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
4326 "%s: Tx chain %d, rate idx %d: power=%d\n",
4327 __func__, c, ridx, idx);
4328 cmd.power[ridx].rf_gain[c] = rf_gain[idx];
4329 cmd.power[ridx].dsp_gain[c] = dsp_gain[idx];
4333 DPRINTF(sc, IWN_DEBUG_CALIBRATE | IWN_DEBUG_TXPOW,
4334 "%s: set tx power for chan %d\n", __func__, chan);
4335 return iwn_cmd(sc, IWN_CMD_TXPOWER, &cmd, sizeof cmd, async);
4342 iwn5000_set_txpower(struct iwn_softc *sc, struct ieee80211_channel *ch,
4345 struct iwn5000_cmd_txpower cmd;
4348 * TX power calibration is handled automatically by the firmware
4351 memset(&cmd, 0, sizeof cmd);
4352 cmd.global_limit = 2 * IWN5000_TXPOWER_MAX_DBM; /* 16 dBm */
4353 cmd.flags = IWN5000_TXPOWER_NO_CLOSED;
4354 cmd.srv_limit = IWN5000_TXPOWER_AUTO;
4355 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: setting TX power\n", __func__);
4356 return iwn_cmd(sc, IWN_CMD_TXPOWER_DBM, &cmd, sizeof cmd, async);
4360 * Retrieve the maximum RSSI (in dBm) among receivers.
4363 iwn4965_get_rssi(struct iwn_softc *sc, struct iwn_rx_stat *stat)
4365 struct iwn4965_rx_phystat *phy = (void *)stat->phybuf;
4369 mask = (le16toh(phy->antenna) >> 4) & IWN_ANT_ABC;
4370 agc = (le16toh(phy->agc) >> 7) & 0x7f;
4373 if (mask & IWN_ANT_A)
4374 rssi = MAX(rssi, phy->rssi[0]);
4375 if (mask & IWN_ANT_B)
4376 rssi = MAX(rssi, phy->rssi[2]);
4377 if (mask & IWN_ANT_C)
4378 rssi = MAX(rssi, phy->rssi[4]);
4380 DPRINTF(sc, IWN_DEBUG_RECV,
4381 "%s: agc %d mask 0x%x rssi %d %d %d result %d\n", __func__, agc,
4382 mask, phy->rssi[0], phy->rssi[2], phy->rssi[4],
4383 rssi - agc - IWN_RSSI_TO_DBM);
4384 return rssi - agc - IWN_RSSI_TO_DBM;
4388 iwn5000_get_rssi(struct iwn_softc *sc, struct iwn_rx_stat *stat)
4390 struct iwn5000_rx_phystat *phy = (void *)stat->phybuf;
4394 agc = (le32toh(phy->agc) >> 9) & 0x7f;
4396 rssi = MAX(le16toh(phy->rssi[0]) & 0xff,
4397 le16toh(phy->rssi[1]) & 0xff);
4398 rssi = MAX(le16toh(phy->rssi[2]) & 0xff, rssi);
4400 DPRINTF(sc, IWN_DEBUG_RECV,
4401 "%s: agc %d rssi %d %d %d result %d\n", __func__, agc,
4402 phy->rssi[0], phy->rssi[1], phy->rssi[2],
4403 rssi - agc - IWN_RSSI_TO_DBM);
4404 return rssi - agc - IWN_RSSI_TO_DBM;
4408 * Retrieve the average noise (in dBm) among receivers.
4411 iwn_get_noise(const struct iwn_rx_general_stats *stats)
4413 int i, total, nbant, noise;
4416 for (i = 0; i < 3; i++) {
4417 if ((noise = le32toh(stats->noise[i]) & 0xff) == 0)
4422 /* There should be at least one antenna but check anyway. */
4423 return (nbant == 0) ? -127 : (total / nbant) - 107;
4427 * Compute temperature (in degC) from last received statistics.
4430 iwn4965_get_temperature(struct iwn_softc *sc)
4432 struct iwn_ucode_info *uc = &sc->ucode_info;
4433 int32_t r1, r2, r3, r4, temp;
4435 r1 = le32toh(uc->temp[0].chan20MHz);
4436 r2 = le32toh(uc->temp[1].chan20MHz);
4437 r3 = le32toh(uc->temp[2].chan20MHz);
4438 r4 = le32toh(sc->rawtemp);
4440 if (r1 == r3) /* Prevents division by 0 (should not happen). */
4443 /* Sign-extend 23-bit R4 value to 32-bit. */
4444 r4 = ((r4 & 0xffffff) ^ 0x800000) - 0x800000;
4445 /* Compute temperature in Kelvin. */
4446 temp = (259 * (r4 - r2)) / (r3 - r1);
4447 temp = (temp * 97) / 100 + 8;
4449 DPRINTF(sc, IWN_DEBUG_ANY, "temperature %dK/%dC\n", temp,
4451 return IWN_KTOC(temp);
4455 iwn5000_get_temperature(struct iwn_softc *sc)
4460 * Temperature is not used by the driver for 5000 Series because
4461 * TX power calibration is handled by firmware.
4463 temp = le32toh(sc->rawtemp);
4464 if (sc->hw_type == IWN_HW_REV_TYPE_5150) {
4465 temp = (temp / -5) + sc->temp_off;
4466 temp = IWN_KTOC(temp);
4472 * Initialize sensitivity calibration state machine.
4475 iwn_init_sensitivity(struct iwn_softc *sc)
4477 struct iwn_ops *ops = &sc->ops;
4478 struct iwn_calib_state *calib = &sc->calib;
4482 /* Reset calibration state machine. */
4483 memset(calib, 0, sizeof (*calib));
4484 calib->state = IWN_CALIB_STATE_INIT;
4485 calib->cck_state = IWN_CCK_STATE_HIFA;
4486 /* Set initial correlation values. */
4487 calib->ofdm_x1 = sc->limits->min_ofdm_x1;
4488 calib->ofdm_mrc_x1 = sc->limits->min_ofdm_mrc_x1;
4489 calib->ofdm_x4 = sc->limits->min_ofdm_x4;
4490 calib->ofdm_mrc_x4 = sc->limits->min_ofdm_mrc_x4;
4491 calib->cck_x4 = 125;
4492 calib->cck_mrc_x4 = sc->limits->min_cck_mrc_x4;
4493 calib->energy_cck = sc->limits->energy_cck;
4495 /* Write initial sensitivity. */
4496 if ((error = iwn_send_sensitivity(sc)) != 0)
4499 /* Write initial gains. */
4500 if ((error = ops->init_gains(sc)) != 0)
4503 /* Request statistics at each beacon interval. */
4505 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: sending request for statistics\n",
4507 return iwn_cmd(sc, IWN_CMD_GET_STATISTICS, &flags, sizeof flags, 1);
4511 * Collect noise and RSSI statistics for the first 20 beacons received
4512 * after association and use them to determine connected antennas and
4513 * to set differential gains.
4516 iwn_collect_noise(struct iwn_softc *sc,
4517 const struct iwn_rx_general_stats *stats)
4519 struct iwn_ops *ops = &sc->ops;
4520 struct iwn_calib_state *calib = &sc->calib;
4524 /* Accumulate RSSI and noise for all 3 antennas. */
4525 for (i = 0; i < 3; i++) {
4526 calib->rssi[i] += le32toh(stats->rssi[i]) & 0xff;
4527 calib->noise[i] += le32toh(stats->noise[i]) & 0xff;
4529 /* NB: We update differential gains only once after 20 beacons. */
4530 if (++calib->nbeacons < 20)
4533 /* Determine highest average RSSI. */
4534 val = MAX(calib->rssi[0], calib->rssi[1]);
4535 val = MAX(calib->rssi[2], val);
4537 /* Determine which antennas are connected. */
4538 sc->chainmask = sc->rxchainmask;
4539 for (i = 0; i < 3; i++)
4540 if (val - calib->rssi[i] > 15 * 20)
4541 sc->chainmask &= ~(1 << i);
4542 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4543 "%s: RX chains mask: theoretical=0x%x, actual=0x%x\n",
4544 __func__, sc->rxchainmask, sc->chainmask);
4546 /* If none of the TX antennas are connected, keep at least one. */
4547 if ((sc->chainmask & sc->txchainmask) == 0)
4548 sc->chainmask |= IWN_LSB(sc->txchainmask);
4550 (void)ops->set_gains(sc);
4551 calib->state = IWN_CALIB_STATE_RUN;
4554 /* XXX Disable RX chains with no antennas connected. */
4555 sc->rxon.rxchain = htole16(IWN_RXCHAIN_SEL(sc->chainmask));
4556 (void)iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, sc->rxonsz, 1);
4561 /* Enable power-saving mode if requested by user. */
4562 if (sc->sc_ic.ic_flags & IEEE80211_F_PMGTON)
4563 (void)iwn_set_pslevel(sc, 0, 3, 1);
4568 iwn4965_init_gains(struct iwn_softc *sc)
4570 struct iwn_phy_calib_gain cmd;
4572 memset(&cmd, 0, sizeof cmd);
4573 cmd.code = IWN4965_PHY_CALIB_DIFF_GAIN;
4574 /* Differential gains initially set to 0 for all 3 antennas. */
4575 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4576 "%s: setting initial differential gains\n", __func__);
4577 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1);
4581 iwn5000_init_gains(struct iwn_softc *sc)
4583 struct iwn_phy_calib cmd;
4585 memset(&cmd, 0, sizeof cmd);
4586 cmd.code = sc->reset_noise_gain;
4589 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4590 "%s: setting initial differential gains\n", __func__);
4591 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1);
4595 iwn4965_set_gains(struct iwn_softc *sc)
4597 struct iwn_calib_state *calib = &sc->calib;
4598 struct iwn_phy_calib_gain cmd;
4599 int i, delta, noise;
4601 /* Get minimal noise among connected antennas. */
4602 noise = INT_MAX; /* NB: There's at least one antenna. */
4603 for (i = 0; i < 3; i++)
4604 if (sc->chainmask & (1 << i))
4605 noise = MIN(calib->noise[i], noise);
4607 memset(&cmd, 0, sizeof cmd);
4608 cmd.code = IWN4965_PHY_CALIB_DIFF_GAIN;
4609 /* Set differential gains for connected antennas. */
4610 for (i = 0; i < 3; i++) {
4611 if (sc->chainmask & (1 << i)) {
4612 /* Compute attenuation (in unit of 1.5dB). */
4613 delta = (noise - (int32_t)calib->noise[i]) / 30;
4614 /* NB: delta <= 0 */
4615 /* Limit to [-4.5dB,0]. */
4616 cmd.gain[i] = MIN(abs(delta), 3);
4618 cmd.gain[i] |= 1 << 2; /* sign bit */
4621 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4622 "setting differential gains Ant A/B/C: %x/%x/%x (%x)\n",
4623 cmd.gain[0], cmd.gain[1], cmd.gain[2], sc->chainmask);
4624 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1);
4628 iwn5000_set_gains(struct iwn_softc *sc)
4630 struct iwn_calib_state *calib = &sc->calib;
4631 struct iwn_phy_calib_gain cmd;
4632 int i, ant, div, delta;
4634 /* We collected 20 beacons and !=6050 need a 1.5 factor. */
4635 div = (sc->hw_type == IWN_HW_REV_TYPE_6050) ? 20 : 30;
4637 memset(&cmd, 0, sizeof cmd);
4638 cmd.code = sc->noise_gain;
4641 /* Get first available RX antenna as referential. */
4642 ant = IWN_LSB(sc->rxchainmask);
4643 /* Set differential gains for other antennas. */
4644 for (i = ant + 1; i < 3; i++) {
4645 if (sc->chainmask & (1 << i)) {
4646 /* The delta is relative to antenna "ant". */
4647 delta = ((int32_t)calib->noise[ant] -
4648 (int32_t)calib->noise[i]) / div;
4649 /* Limit to [-4.5dB,+4.5dB]. */
4650 cmd.gain[i - 1] = MIN(abs(delta), 3);
4652 cmd.gain[i - 1] |= 1 << 2; /* sign bit */
4655 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4656 "setting differential gains Ant B/C: %x/%x (%x)\n",
4657 cmd.gain[0], cmd.gain[1], sc->chainmask);
4658 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 1);
4662 * Tune RF RX sensitivity based on the number of false alarms detected
4663 * during the last beacon period.
4666 iwn_tune_sensitivity(struct iwn_softc *sc, const struct iwn_rx_stats *stats)
4668 #define inc(val, inc, max) \
4669 if ((val) < (max)) { \
4670 if ((val) < (max) - (inc)) \
4676 #define dec(val, dec, min) \
4677 if ((val) > (min)) { \
4678 if ((val) > (min) + (dec)) \
4685 const struct iwn_sensitivity_limits *limits = sc->limits;
4686 struct iwn_calib_state *calib = &sc->calib;
4687 uint32_t val, rxena, fa;
4688 uint32_t energy[3], energy_min;
4689 uint8_t noise[3], noise_ref;
4690 int i, needs_update = 0;
4692 /* Check that we've been enabled long enough. */
4693 if ((rxena = le32toh(stats->general.load)) == 0)
4696 /* Compute number of false alarms since last call for OFDM. */
4697 fa = le32toh(stats->ofdm.bad_plcp) - calib->bad_plcp_ofdm;
4698 fa += le32toh(stats->ofdm.fa) - calib->fa_ofdm;
4699 fa *= 200 * IEEE80211_DUR_TU; /* 200TU */
4701 /* Save counters values for next call. */
4702 calib->bad_plcp_ofdm = le32toh(stats->ofdm.bad_plcp);
4703 calib->fa_ofdm = le32toh(stats->ofdm.fa);
4705 if (fa > 50 * rxena) {
4706 /* High false alarm count, decrease sensitivity. */
4707 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4708 "%s: OFDM high false alarm count: %u\n", __func__, fa);
4709 inc(calib->ofdm_x1, 1, limits->max_ofdm_x1);
4710 inc(calib->ofdm_mrc_x1, 1, limits->max_ofdm_mrc_x1);
4711 inc(calib->ofdm_x4, 1, limits->max_ofdm_x4);
4712 inc(calib->ofdm_mrc_x4, 1, limits->max_ofdm_mrc_x4);
4714 } else if (fa < 5 * rxena) {
4715 /* Low false alarm count, increase sensitivity. */
4716 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4717 "%s: OFDM low false alarm count: %u\n", __func__, fa);
4718 dec(calib->ofdm_x1, 1, limits->min_ofdm_x1);
4719 dec(calib->ofdm_mrc_x1, 1, limits->min_ofdm_mrc_x1);
4720 dec(calib->ofdm_x4, 1, limits->min_ofdm_x4);
4721 dec(calib->ofdm_mrc_x4, 1, limits->min_ofdm_mrc_x4);
4724 /* Compute maximum noise among 3 receivers. */
4725 for (i = 0; i < 3; i++)
4726 noise[i] = (le32toh(stats->general.noise[i]) >> 8) & 0xff;
4727 val = MAX(noise[0], noise[1]);
4728 val = MAX(noise[2], val);
4729 /* Insert it into our samples table. */
4730 calib->noise_samples[calib->cur_noise_sample] = val;
4731 calib->cur_noise_sample = (calib->cur_noise_sample + 1) % 20;
4733 /* Compute maximum noise among last 20 samples. */
4734 noise_ref = calib->noise_samples[0];
4735 for (i = 1; i < 20; i++)
4736 noise_ref = MAX(noise_ref, calib->noise_samples[i]);
4738 /* Compute maximum energy among 3 receivers. */
4739 for (i = 0; i < 3; i++)
4740 energy[i] = le32toh(stats->general.energy[i]);
4741 val = MIN(energy[0], energy[1]);
4742 val = MIN(energy[2], val);
4743 /* Insert it into our samples table. */
4744 calib->energy_samples[calib->cur_energy_sample] = val;
4745 calib->cur_energy_sample = (calib->cur_energy_sample + 1) % 10;
4747 /* Compute minimum energy among last 10 samples. */
4748 energy_min = calib->energy_samples[0];
4749 for (i = 1; i < 10; i++)
4750 energy_min = MAX(energy_min, calib->energy_samples[i]);
4753 /* Compute number of false alarms since last call for CCK. */
4754 fa = le32toh(stats->cck.bad_plcp) - calib->bad_plcp_cck;
4755 fa += le32toh(stats->cck.fa) - calib->fa_cck;
4756 fa *= 200 * IEEE80211_DUR_TU; /* 200TU */
4758 /* Save counters values for next call. */
4759 calib->bad_plcp_cck = le32toh(stats->cck.bad_plcp);
4760 calib->fa_cck = le32toh(stats->cck.fa);
4762 if (fa > 50 * rxena) {
4763 /* High false alarm count, decrease sensitivity. */
4764 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4765 "%s: CCK high false alarm count: %u\n", __func__, fa);
4766 calib->cck_state = IWN_CCK_STATE_HIFA;
4769 if (calib->cck_x4 > 160) {
4770 calib->noise_ref = noise_ref;
4771 if (calib->energy_cck > 2)
4772 dec(calib->energy_cck, 2, energy_min);
4774 if (calib->cck_x4 < 160) {
4775 calib->cck_x4 = 161;
4778 inc(calib->cck_x4, 3, limits->max_cck_x4);
4780 inc(calib->cck_mrc_x4, 3, limits->max_cck_mrc_x4);
4782 } else if (fa < 5 * rxena) {
4783 /* Low false alarm count, increase sensitivity. */
4784 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4785 "%s: CCK low false alarm count: %u\n", __func__, fa);
4786 calib->cck_state = IWN_CCK_STATE_LOFA;
4789 if (calib->cck_state != IWN_CCK_STATE_INIT &&
4790 (((int32_t)calib->noise_ref - (int32_t)noise_ref) > 2 ||
4791 calib->low_fa > 100)) {
4792 inc(calib->energy_cck, 2, limits->min_energy_cck);
4793 dec(calib->cck_x4, 3, limits->min_cck_x4);
4794 dec(calib->cck_mrc_x4, 3, limits->min_cck_mrc_x4);
4797 /* Not worth to increase or decrease sensitivity. */
4798 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4799 "%s: CCK normal false alarm count: %u\n", __func__, fa);
4801 calib->noise_ref = noise_ref;
4803 if (calib->cck_state == IWN_CCK_STATE_HIFA) {
4804 /* Previous interval had many false alarms. */
4805 dec(calib->energy_cck, 8, energy_min);
4807 calib->cck_state = IWN_CCK_STATE_INIT;
4811 (void)iwn_send_sensitivity(sc);
4817 iwn_send_sensitivity(struct iwn_softc *sc)
4819 struct iwn_calib_state *calib = &sc->calib;
4820 struct iwn_enhanced_sensitivity_cmd cmd;
4823 memset(&cmd, 0, sizeof cmd);
4824 len = sizeof (struct iwn_sensitivity_cmd);
4825 cmd.which = IWN_SENSITIVITY_WORKTBL;
4826 /* OFDM modulation. */
4827 cmd.corr_ofdm_x1 = htole16(calib->ofdm_x1);
4828 cmd.corr_ofdm_mrc_x1 = htole16(calib->ofdm_mrc_x1);
4829 cmd.corr_ofdm_x4 = htole16(calib->ofdm_x4);
4830 cmd.corr_ofdm_mrc_x4 = htole16(calib->ofdm_mrc_x4);
4831 cmd.energy_ofdm = htole16(sc->limits->energy_ofdm);
4832 cmd.energy_ofdm_th = htole16(62);
4833 /* CCK modulation. */
4834 cmd.corr_cck_x4 = htole16(calib->cck_x4);
4835 cmd.corr_cck_mrc_x4 = htole16(calib->cck_mrc_x4);
4836 cmd.energy_cck = htole16(calib->energy_cck);
4837 /* Barker modulation: use default values. */
4838 cmd.corr_barker = htole16(190);
4839 cmd.corr_barker_mrc = htole16(390);
4841 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4842 "%s: set sensitivity %d/%d/%d/%d/%d/%d/%d\n", __func__,
4843 calib->ofdm_x1, calib->ofdm_mrc_x1, calib->ofdm_x4,
4844 calib->ofdm_mrc_x4, calib->cck_x4,
4845 calib->cck_mrc_x4, calib->energy_cck);
4847 if (!(sc->sc_flags & IWN_FLAG_ENH_SENS))
4849 /* Enhanced sensitivity settings. */
4850 len = sizeof (struct iwn_enhanced_sensitivity_cmd);
4851 cmd.ofdm_det_slope_mrc = htole16(668);
4852 cmd.ofdm_det_icept_mrc = htole16(4);
4853 cmd.ofdm_det_slope = htole16(486);
4854 cmd.ofdm_det_icept = htole16(37);
4855 cmd.cck_det_slope_mrc = htole16(853);
4856 cmd.cck_det_icept_mrc = htole16(4);
4857 cmd.cck_det_slope = htole16(476);
4858 cmd.cck_det_icept = htole16(99);
4860 return iwn_cmd(sc, IWN_CMD_SET_SENSITIVITY, &cmd, len, 1);
4864 * Set STA mode power saving level (between 0 and 5).
4865 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving.
4868 iwn_set_pslevel(struct iwn_softc *sc, int dtim, int level, int async)
4870 struct iwn_pmgt_cmd cmd;
4871 const struct iwn_pmgt *pmgt;
4872 uint32_t max, skip_dtim;
4876 /* Select which PS parameters to use. */
4878 pmgt = &iwn_pmgt[0][level];
4879 else if (dtim <= 10)
4880 pmgt = &iwn_pmgt[1][level];
4882 pmgt = &iwn_pmgt[2][level];
4884 memset(&cmd, 0, sizeof cmd);
4885 if (level != 0) /* not CAM */
4886 cmd.flags |= htole16(IWN_PS_ALLOW_SLEEP);
4888 cmd.flags |= htole16(IWN_PS_FAST_PD);
4889 /* Retrieve PCIe Active State Power Management (ASPM). */
4890 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1);
4891 if (!(reg & 0x1)) /* L0s Entry disabled. */
4892 cmd.flags |= htole16(IWN_PS_PCI_PMGT);
4893 cmd.rxtimeout = htole32(pmgt->rxtimeout * 1024);
4894 cmd.txtimeout = htole32(pmgt->txtimeout * 1024);
4900 skip_dtim = pmgt->skip_dtim;
4901 if (skip_dtim != 0) {
4902 cmd.flags |= htole16(IWN_PS_SLEEP_OVER_DTIM);
4903 max = pmgt->intval[4];
4904 if (max == (uint32_t)-1)
4905 max = dtim * (skip_dtim + 1);
4906 else if (max > dtim)
4907 max = (max / dtim) * dtim;
4910 for (i = 0; i < 5; i++)
4911 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i]));
4913 DPRINTF(sc, IWN_DEBUG_RESET, "setting power saving level to %d\n",
4915 return iwn_cmd(sc, IWN_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async);
4919 iwn_send_btcoex(struct iwn_softc *sc)
4921 struct iwn_bluetooth cmd;
4923 memset(&cmd, 0, sizeof cmd);
4924 cmd.flags = IWN_BT_COEX_CHAN_ANN | IWN_BT_COEX_BT_PRIO;
4925 cmd.lead_time = IWN_BT_LEAD_TIME_DEF;
4926 cmd.max_kill = IWN_BT_MAX_KILL_DEF;
4927 DPRINTF(sc, IWN_DEBUG_RESET, "%s: configuring bluetooth coexistence\n",
4929 return iwn_cmd(sc, IWN_CMD_BT_COEX, &cmd, sizeof(cmd), 0);
4933 iwn_send_advanced_btcoex(struct iwn_softc *sc)
4935 static const uint32_t btcoex_3wire[12] = {
4936 0xaaaaaaaa, 0xaaaaaaaa, 0xaeaaaaaa, 0xaaaaaaaa,
4937 0xcc00ff28, 0x0000aaaa, 0xcc00aaaa, 0x0000aaaa,
4938 0xc0004000, 0x00004000, 0xf0005000, 0xf0005000,
4940 struct iwn6000_btcoex_config btconfig;
4941 struct iwn_btcoex_priotable btprio;
4942 struct iwn_btcoex_prot btprot;
4945 memset(&btconfig, 0, sizeof btconfig);
4946 btconfig.flags = 145;
4947 btconfig.max_kill = 5;
4948 btconfig.bt3_t7_timer = 1;
4949 btconfig.kill_ack = htole32(0xffff0000);
4950 btconfig.kill_cts = htole32(0xffff0000);
4951 btconfig.sample_time = 2;
4952 btconfig.bt3_t2_timer = 0xc;
4953 for (i = 0; i < 12; i++)
4954 btconfig.lookup_table[i] = htole32(btcoex_3wire[i]);
4955 btconfig.valid = htole16(0xff);
4956 btconfig.prio_boost = 0xf0;
4957 DPRINTF(sc, IWN_DEBUG_RESET,
4958 "%s: configuring advanced bluetooth coexistence\n", __func__);
4959 error = iwn_cmd(sc, IWN_CMD_BT_COEX, &btconfig, sizeof(btconfig), 1);
4963 memset(&btprio, 0, sizeof btprio);
4964 btprio.calib_init1 = 0x6;
4965 btprio.calib_init2 = 0x7;
4966 btprio.calib_periodic_low1 = 0x2;
4967 btprio.calib_periodic_low2 = 0x3;
4968 btprio.calib_periodic_high1 = 0x4;
4969 btprio.calib_periodic_high2 = 0x5;
4971 btprio.scan52 = 0x8;
4972 btprio.scan24 = 0xa;
4973 error = iwn_cmd(sc, IWN_CMD_BT_COEX_PRIOTABLE, &btprio, sizeof(btprio),
4978 /* Force BT state machine change. */
4979 memset(&btprot, 0, sizeof btprio);
4982 error = iwn_cmd(sc, IWN_CMD_BT_COEX_PROT, &btprot, sizeof(btprot), 1);
4986 return iwn_cmd(sc, IWN_CMD_BT_COEX_PROT, &btprot, sizeof(btprot), 1);
4990 iwn5000_runtime_calib(struct iwn_softc *sc)
4992 struct iwn5000_calib_config cmd;
4994 memset(&cmd, 0, sizeof cmd);
4995 cmd.ucode.once.enable = 0xffffffff;
4996 cmd.ucode.once.start = IWN5000_CALIB_DC;
4997 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
4998 "%s: configuring runtime calibration\n", __func__);
4999 return iwn_cmd(sc, IWN5000_CMD_CALIB_CONFIG, &cmd, sizeof(cmd), 0);
5003 iwn_config(struct iwn_softc *sc)
5005 struct iwn_ops *ops = &sc->ops;
5006 struct ifnet *ifp = sc->sc_ifp;
5007 struct ieee80211com *ic = ifp->if_l2com;
5012 if (sc->hw_type == IWN_HW_REV_TYPE_6005) {
5013 /* Set radio temperature sensor offset. */
5014 error = iwn5000_temp_offset_calib(sc);
5016 device_printf(sc->sc_dev,
5017 "%s: could not set temperature offset\n", __func__);
5022 if (sc->hw_type == IWN_HW_REV_TYPE_6050) {
5023 /* Configure runtime DC calibration. */
5024 error = iwn5000_runtime_calib(sc);
5026 device_printf(sc->sc_dev,
5027 "%s: could not configure runtime calibration\n",
5033 /* Configure valid TX chains for >=5000 Series. */
5034 if (sc->hw_type != IWN_HW_REV_TYPE_4965) {
5035 txmask = htole32(sc->txchainmask);
5036 DPRINTF(sc, IWN_DEBUG_RESET,
5037 "%s: configuring valid TX chains 0x%x\n", __func__, txmask);
5038 error = iwn_cmd(sc, IWN5000_CMD_TX_ANT_CONFIG, &txmask,
5041 device_printf(sc->sc_dev,
5042 "%s: could not configure valid TX chains, "
5043 "error %d\n", __func__, error);
5048 /* Configure bluetooth coexistence. */
5049 if (sc->sc_flags & IWN_FLAG_ADV_BTCOEX)
5050 error = iwn_send_advanced_btcoex(sc);
5052 error = iwn_send_btcoex(sc);
5054 device_printf(sc->sc_dev,
5055 "%s: could not configure bluetooth coexistence, error %d\n",
5060 /* Set mode, channel, RX filter and enable RX. */
5061 memset(&sc->rxon, 0, sizeof (struct iwn_rxon));
5062 IEEE80211_ADDR_COPY(sc->rxon.myaddr, IF_LLADDR(ifp));
5063 IEEE80211_ADDR_COPY(sc->rxon.wlap, IF_LLADDR(ifp));
5064 sc->rxon.chan = ieee80211_chan2ieee(ic, ic->ic_curchan);
5065 sc->rxon.flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF);
5066 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
5067 sc->rxon.flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ);
5068 switch (ic->ic_opmode) {
5069 case IEEE80211_M_STA:
5070 sc->rxon.mode = IWN_MODE_STA;
5071 sc->rxon.filter = htole32(IWN_FILTER_MULTICAST);
5073 case IEEE80211_M_MONITOR:
5074 sc->rxon.mode = IWN_MODE_MONITOR;
5075 sc->rxon.filter = htole32(IWN_FILTER_MULTICAST |
5076 IWN_FILTER_CTL | IWN_FILTER_PROMISC);
5079 /* Should not get there. */
5082 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */
5083 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */
5084 sc->rxon.ht_single_mask = 0xff;
5085 sc->rxon.ht_dual_mask = 0xff;
5086 sc->rxon.ht_triple_mask = 0xff;
5088 IWN_RXCHAIN_VALID(sc->rxchainmask) |
5089 IWN_RXCHAIN_MIMO_COUNT(2) |
5090 IWN_RXCHAIN_IDLE_COUNT(2);
5091 sc->rxon.rxchain = htole16(rxchain);
5092 DPRINTF(sc, IWN_DEBUG_RESET, "%s: setting configuration\n", __func__);
5093 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, sc->rxonsz, 0);
5095 device_printf(sc->sc_dev, "%s: RXON command failed\n",
5100 if ((error = iwn_add_broadcast_node(sc, 0)) != 0) {
5101 device_printf(sc->sc_dev, "%s: could not add broadcast node\n",
5106 /* Configuration has changed, set TX power accordingly. */
5107 if ((error = ops->set_txpower(sc, ic->ic_curchan, 0)) != 0) {
5108 device_printf(sc->sc_dev, "%s: could not set TX power\n",
5113 if ((error = iwn_set_critical_temp(sc)) != 0) {
5114 device_printf(sc->sc_dev,
5115 "%s: could not set critical temperature\n", __func__);
5119 /* Set power saving level to CAM during initialization. */
5120 if ((error = iwn_set_pslevel(sc, 0, 0, 0)) != 0) {
5121 device_printf(sc->sc_dev,
5122 "%s: could not set power saving level\n", __func__);
5129 * Add an ssid element to a frame.
5132 ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len)
5134 *frm++ = IEEE80211_ELEMID_SSID;
5136 memcpy(frm, ssid, len);
5141 iwn_scan(struct iwn_softc *sc)
5143 struct ifnet *ifp = sc->sc_ifp;
5144 struct ieee80211com *ic = ifp->if_l2com;
5145 struct ieee80211_scan_state *ss = ic->ic_scan; /*XXX*/
5146 struct ieee80211_node *ni = ss->ss_vap->iv_bss;
5147 struct iwn_scan_hdr *hdr;
5148 struct iwn_cmd_data *tx;
5149 struct iwn_scan_essid *essid;
5150 struct iwn_scan_chan *chan;
5151 struct ieee80211_frame *wh;
5152 struct ieee80211_rateset *rs;
5153 struct ieee80211_channel *c;
5159 buf = malloc(IWN_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO);
5161 device_printf(sc->sc_dev,
5162 "%s: could not allocate buffer for scan command\n",
5166 hdr = (struct iwn_scan_hdr *)buf;
5168 * Move to the next channel if no frames are received within 10ms
5169 * after sending the probe request.
5171 hdr->quiet_time = htole16(10); /* timeout in milliseconds */
5172 hdr->quiet_threshold = htole16(1); /* min # of packets */
5174 /* Select antennas for scanning. */
5176 IWN_RXCHAIN_VALID(sc->rxchainmask) |
5177 IWN_RXCHAIN_FORCE_MIMO_SEL(sc->rxchainmask) |
5178 IWN_RXCHAIN_DRIVER_FORCE;
5179 if (IEEE80211_IS_CHAN_A(ic->ic_curchan) &&
5180 sc->hw_type == IWN_HW_REV_TYPE_4965) {
5181 /* Ant A must be avoided in 5GHz because of an HW bug. */
5182 rxchain |= IWN_RXCHAIN_FORCE_SEL(IWN_ANT_B);
5183 } else /* Use all available RX antennas. */
5184 rxchain |= IWN_RXCHAIN_FORCE_SEL(sc->rxchainmask);
5185 hdr->rxchain = htole16(rxchain);
5186 hdr->filter = htole32(IWN_FILTER_MULTICAST | IWN_FILTER_BEACON);
5188 tx = (struct iwn_cmd_data *)(hdr + 1);
5189 tx->flags = htole32(IWN_TX_AUTO_SEQ);
5190 tx->id = sc->broadcast_id;
5191 tx->lifetime = htole32(IWN_LIFETIME_INFINITE);
5193 if (IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan)) {
5194 /* Send probe requests at 6Mbps. */
5195 tx->rate = htole32(0xd);
5196 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A];
5198 hdr->flags = htole32(IWN_RXON_24GHZ | IWN_RXON_AUTO);
5199 if (sc->hw_type == IWN_HW_REV_TYPE_4965 &&
5200 sc->rxon.associd && sc->rxon.chan > 14)
5201 tx->rate = htole32(0xd);
5203 /* Send probe requests at 1Mbps. */
5204 tx->rate = htole32(10 | IWN_RFLAG_CCK);
5206 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G];
5208 /* Use the first valid TX antenna. */
5209 txant = IWN_LSB(sc->txchainmask);
5210 tx->rate |= htole32(IWN_RFLAG_ANT(txant));
5212 essid = (struct iwn_scan_essid *)(tx + 1);
5213 if (ss->ss_ssid[0].len != 0) {
5214 essid[0].id = IEEE80211_ELEMID_SSID;
5215 essid[0].len = ss->ss_ssid[0].len;
5216 memcpy(essid[0].data, ss->ss_ssid[0].ssid, ss->ss_ssid[0].len);
5219 * Build a probe request frame. Most of the following code is a
5220 * copy & paste of what is done in net80211.
5222 wh = (struct ieee80211_frame *)(essid + 20);
5223 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
5224 IEEE80211_FC0_SUBTYPE_PROBE_REQ;
5225 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
5226 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
5227 IEEE80211_ADDR_COPY(wh->i_addr2, IF_LLADDR(ifp));
5228 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr);
5229 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */
5230 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */
5232 frm = (uint8_t *)(wh + 1);
5233 frm = ieee80211_add_ssid(frm, NULL, 0);
5234 frm = ieee80211_add_rates(frm, rs);
5235 if (rs->rs_nrates > IEEE80211_RATE_SIZE)
5236 frm = ieee80211_add_xrates(frm, rs);
5237 if (ic->ic_htcaps & IEEE80211_HTC_HT)
5238 frm = ieee80211_add_htcap(frm, ni);
5240 /* Set length of probe request. */
5241 tx->len = htole16(frm - (uint8_t *)wh);
5244 chan = (struct iwn_scan_chan *)frm;
5245 chan->chan = htole16(ieee80211_chan2ieee(ic, c));
5247 if (ss->ss_nssid > 0)
5248 chan->flags |= htole32(IWN_CHAN_NPBREQS(1));
5249 chan->dsp_gain = 0x6e;
5250 if (IEEE80211_IS_CHAN_5GHZ(c) &&
5251 !(c->ic_flags & IEEE80211_CHAN_PASSIVE)) {
5252 chan->rf_gain = 0x3b;
5253 chan->active = htole16(24);
5254 chan->passive = htole16(110);
5255 chan->flags |= htole32(IWN_CHAN_ACTIVE);
5256 } else if (IEEE80211_IS_CHAN_5GHZ(c)) {
5257 chan->rf_gain = 0x3b;
5258 chan->active = htole16(24);
5259 if (sc->rxon.associd)
5260 chan->passive = htole16(78);
5262 chan->passive = htole16(110);
5263 hdr->crc_threshold = 0xffff;
5264 } else if (!(c->ic_flags & IEEE80211_CHAN_PASSIVE)) {
5265 chan->rf_gain = 0x28;
5266 chan->active = htole16(36);
5267 chan->passive = htole16(120);
5268 chan->flags |= htole32(IWN_CHAN_ACTIVE);
5270 chan->rf_gain = 0x28;
5271 chan->active = htole16(36);
5272 if (sc->rxon.associd)
5273 chan->passive = htole16(88);
5275 chan->passive = htole16(120);
5276 hdr->crc_threshold = 0xffff;
5279 DPRINTF(sc, IWN_DEBUG_STATE,
5280 "%s: chan %u flags 0x%x rf_gain 0x%x "
5281 "dsp_gain 0x%x active 0x%x passive 0x%x\n", __func__,
5282 chan->chan, chan->flags, chan->rf_gain, chan->dsp_gain,
5283 chan->active, chan->passive);
5287 buflen = (uint8_t *)chan - buf;
5288 hdr->len = htole16(buflen);
5290 DPRINTF(sc, IWN_DEBUG_STATE, "sending scan command nchan=%d\n",
5292 error = iwn_cmd(sc, IWN_CMD_SCAN, buf, buflen, 1);
5293 free(buf, M_DEVBUF);
5298 iwn_auth(struct iwn_softc *sc, struct ieee80211vap *vap)
5300 struct iwn_ops *ops = &sc->ops;
5301 struct ifnet *ifp = sc->sc_ifp;
5302 struct ieee80211com *ic = ifp->if_l2com;
5303 struct ieee80211_node *ni = vap->iv_bss;
5306 /* Update adapter configuration. */
5307 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid);
5308 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan);
5309 sc->rxon.flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF);
5310 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
5311 sc->rxon.flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ);
5312 if (ic->ic_flags & IEEE80211_F_SHSLOT)
5313 sc->rxon.flags |= htole32(IWN_RXON_SHSLOT);
5314 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5315 sc->rxon.flags |= htole32(IWN_RXON_SHPREAMBLE);
5316 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) {
5317 sc->rxon.cck_mask = 0;
5318 sc->rxon.ofdm_mask = 0x15;
5319 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) {
5320 sc->rxon.cck_mask = 0x03;
5321 sc->rxon.ofdm_mask = 0;
5323 /* Assume 802.11b/g. */
5324 sc->rxon.cck_mask = 0x0f;
5325 sc->rxon.ofdm_mask = 0x15;
5327 DPRINTF(sc, IWN_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n",
5328 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask,
5329 sc->rxon.ofdm_mask);
5330 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, sc->rxonsz, 1);
5332 device_printf(sc->sc_dev, "%s: RXON command failed, error %d\n",
5337 /* Configuration has changed, set TX power accordingly. */
5338 if ((error = ops->set_txpower(sc, ni->ni_chan, 1)) != 0) {
5339 device_printf(sc->sc_dev,
5340 "%s: could not set TX power, error %d\n", __func__, error);
5344 * Reconfiguring RXON clears the firmware nodes table so we must
5345 * add the broadcast node again.
5347 if ((error = iwn_add_broadcast_node(sc, 1)) != 0) {
5348 device_printf(sc->sc_dev,
5349 "%s: could not add broadcast node, error %d\n", __func__,
5357 iwn_run(struct iwn_softc *sc, struct ieee80211vap *vap)
5359 struct iwn_ops *ops = &sc->ops;
5360 struct ifnet *ifp = sc->sc_ifp;
5361 struct ieee80211com *ic = ifp->if_l2com;
5362 struct ieee80211_node *ni = vap->iv_bss;
5363 struct iwn_node_info node;
5364 uint32_t htflags = 0;
5367 if (ic->ic_opmode == IEEE80211_M_MONITOR) {
5368 /* Link LED blinks while monitoring. */
5369 iwn_set_led(sc, IWN_LED_LINK, 5, 5);
5372 if ((error = iwn_set_timing(sc, ni)) != 0) {
5373 device_printf(sc->sc_dev,
5374 "%s: could not set timing, error %d\n", __func__, error);
5378 /* Update adapter configuration. */
5379 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid);
5380 sc->rxon.associd = htole16(IEEE80211_AID(ni->ni_associd));
5381 sc->rxon.chan = ieee80211_chan2ieee(ic, ni->ni_chan);
5382 sc->rxon.flags = htole32(IWN_RXON_TSF | IWN_RXON_CTS_TO_SELF);
5383 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
5384 sc->rxon.flags |= htole32(IWN_RXON_AUTO | IWN_RXON_24GHZ);
5385 if (ic->ic_flags & IEEE80211_F_SHSLOT)
5386 sc->rxon.flags |= htole32(IWN_RXON_SHSLOT);
5387 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5388 sc->rxon.flags |= htole32(IWN_RXON_SHPREAMBLE);
5389 if (IEEE80211_IS_CHAN_A(ni->ni_chan)) {
5390 sc->rxon.cck_mask = 0;
5391 sc->rxon.ofdm_mask = 0x15;
5392 } else if (IEEE80211_IS_CHAN_B(ni->ni_chan)) {
5393 sc->rxon.cck_mask = 0x03;
5394 sc->rxon.ofdm_mask = 0;
5396 /* Assume 802.11b/g. */
5397 sc->rxon.cck_mask = 0x0f;
5398 sc->rxon.ofdm_mask = 0x15;
5400 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
5401 htflags |= IWN_RXON_HT_PROTMODE(ic->ic_curhtprotmode);
5402 if (IEEE80211_IS_CHAN_HT40(ni->ni_chan)) {
5403 switch (ic->ic_curhtprotmode) {
5404 case IEEE80211_HTINFO_OPMODE_HT20PR:
5405 htflags |= IWN_RXON_HT_MODEPURE40;
5408 htflags |= IWN_RXON_HT_MODEMIXED;
5412 if (IEEE80211_IS_CHAN_HT40D(ni->ni_chan))
5413 htflags |= IWN_RXON_HT_HT40MINUS;
5415 sc->rxon.flags |= htole32(htflags);
5416 sc->rxon.filter |= htole32(IWN_FILTER_BSS);
5417 DPRINTF(sc, IWN_DEBUG_STATE, "rxon chan %d flags %x\n",
5418 sc->rxon.chan, sc->rxon.flags);
5419 error = iwn_cmd(sc, IWN_CMD_RXON, &sc->rxon, sc->rxonsz, 1);
5421 device_printf(sc->sc_dev,
5422 "%s: could not update configuration, error %d\n", __func__,
5427 /* Configuration has changed, set TX power accordingly. */
5428 if ((error = ops->set_txpower(sc, ni->ni_chan, 1)) != 0) {
5429 device_printf(sc->sc_dev,
5430 "%s: could not set TX power, error %d\n", __func__, error);
5434 /* Fake a join to initialize the TX rate. */
5435 ((struct iwn_node *)ni)->id = IWN_ID_BSS;
5436 iwn_newassoc(ni, 1);
5439 memset(&node, 0, sizeof node);
5440 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr);
5441 node.id = IWN_ID_BSS;
5442 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
5443 switch (ni->ni_htcap & IEEE80211_HTCAP_SMPS) {
5444 case IEEE80211_HTCAP_SMPS_ENA:
5445 node.htflags |= htole32(IWN_SMPS_MIMO_DIS);
5447 case IEEE80211_HTCAP_SMPS_DYNAMIC:
5448 node.htflags |= htole32(IWN_SMPS_MIMO_PROT);
5451 node.htflags |= htole32(IWN_AMDPU_SIZE_FACTOR(3) |
5452 IWN_AMDPU_DENSITY(5)); /* 4us */
5453 if (IEEE80211_IS_CHAN_HT40(ni->ni_chan))
5454 node.htflags |= htole32(IWN_NODE_HT40);
5456 DPRINTF(sc, IWN_DEBUG_STATE, "%s: adding BSS node\n", __func__);
5457 error = ops->add_node(sc, &node, 1);
5459 device_printf(sc->sc_dev,
5460 "%s: could not add BSS node, error %d\n", __func__, error);
5463 DPRINTF(sc, IWN_DEBUG_STATE, "%s: setting link quality for node %d\n",
5465 if ((error = iwn_set_link_quality(sc, ni)) != 0) {
5466 device_printf(sc->sc_dev,
5467 "%s: could not setup link quality for node %d, error %d\n",
5468 __func__, node.id, error);
5472 if ((error = iwn_init_sensitivity(sc)) != 0) {
5473 device_printf(sc->sc_dev,
5474 "%s: could not set sensitivity, error %d\n", __func__,
5478 /* Start periodic calibration timer. */
5479 sc->calib.state = IWN_CALIB_STATE_ASSOC;
5481 callout_reset(&sc->calib_to, msecs_to_ticks(500), iwn_calib_timeout,
5484 /* Link LED always on while associated. */
5485 iwn_set_led(sc, IWN_LED_LINK, 0, 1);
5490 * This function is called by upper layer when an ADDBA request is received
5491 * from another STA and before the ADDBA response is sent.
5494 iwn_ampdu_rx_start(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap,
5495 int baparamset, int batimeout, int baseqctl)
5497 #define MS(_v, _f) (((_v) & _f) >> _f##_S)
5498 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
5499 struct iwn_ops *ops = &sc->ops;
5500 struct iwn_node *wn = (void *)ni;
5501 struct iwn_node_info node;
5506 tid = MS(le16toh(baparamset), IEEE80211_BAPS_TID);
5507 ssn = MS(le16toh(baseqctl), IEEE80211_BASEQ_START);
5509 memset(&node, 0, sizeof node);
5511 node.control = IWN_NODE_UPDATE;
5512 node.flags = IWN_FLAG_SET_ADDBA;
5513 node.addba_tid = tid;
5514 node.addba_ssn = htole16(ssn);
5515 DPRINTF(sc, IWN_DEBUG_RECV, "ADDBA RA=%d TID=%d SSN=%d\n",
5517 error = ops->add_node(sc, &node, 1);
5520 return sc->sc_ampdu_rx_start(ni, rap, baparamset, batimeout, baseqctl);
5525 * This function is called by upper layer on teardown of an HT-immediate
5526 * Block Ack agreement (eg. uppon receipt of a DELBA frame).
5529 iwn_ampdu_rx_stop(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap)
5531 struct ieee80211com *ic = ni->ni_ic;
5532 struct iwn_softc *sc = ic->ic_ifp->if_softc;
5533 struct iwn_ops *ops = &sc->ops;
5534 struct iwn_node *wn = (void *)ni;
5535 struct iwn_node_info node;
5538 /* XXX: tid as an argument */
5539 for (tid = 0; tid < WME_NUM_TID; tid++) {
5540 if (&ni->ni_rx_ampdu[tid] == rap)
5544 memset(&node, 0, sizeof node);
5546 node.control = IWN_NODE_UPDATE;
5547 node.flags = IWN_FLAG_SET_DELBA;
5548 node.delba_tid = tid;
5549 DPRINTF(sc, IWN_DEBUG_RECV, "DELBA RA=%d TID=%d\n", wn->id, tid);
5550 (void)ops->add_node(sc, &node, 1);
5551 sc->sc_ampdu_rx_stop(ni, rap);
5555 iwn_addba_request(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
5556 int dialogtoken, int baparamset, int batimeout)
5558 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
5561 for (qid = sc->firstaggqueue; qid < sc->ntxqs; qid++) {
5562 if (sc->qid2tap[qid] == NULL)
5565 if (qid == sc->ntxqs) {
5566 DPRINTF(sc, IWN_DEBUG_XMIT, "%s: not free aggregation queue\n",
5570 tap->txa_private = malloc(sizeof(int), M_DEVBUF, M_NOWAIT);
5571 if (tap->txa_private == NULL) {
5572 device_printf(sc->sc_dev,
5573 "%s: failed to alloc TX aggregation structure\n", __func__);
5576 sc->qid2tap[qid] = tap;
5577 *(int *)tap->txa_private = qid;
5578 return sc->sc_addba_request(ni, tap, dialogtoken, baparamset,
5583 iwn_addba_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
5584 int code, int baparamset, int batimeout)
5586 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
5587 int qid = *(int *)tap->txa_private;
5588 uint8_t tid = tap->txa_tid;
5591 if (code == IEEE80211_STATUS_SUCCESS) {
5592 ni->ni_txseqs[tid] = tap->txa_start & 0xfff;
5593 ret = iwn_ampdu_tx_start(ni->ni_ic, ni, tid);
5597 sc->qid2tap[qid] = NULL;
5598 free(tap->txa_private, M_DEVBUF);
5599 tap->txa_private = NULL;
5601 return sc->sc_addba_response(ni, tap, code, baparamset, batimeout);
5605 * This function is called by upper layer when an ADDBA response is received
5609 iwn_ampdu_tx_start(struct ieee80211com *ic, struct ieee80211_node *ni,
5612 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[tid];
5613 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
5614 struct iwn_ops *ops = &sc->ops;
5615 struct iwn_node *wn = (void *)ni;
5616 struct iwn_node_info node;
5619 /* Enable TX for the specified RA/TID. */
5620 wn->disable_tid &= ~(1 << tid);
5621 memset(&node, 0, sizeof node);
5623 node.control = IWN_NODE_UPDATE;
5624 node.flags = IWN_FLAG_SET_DISABLE_TID;
5625 node.disable_tid = htole16(wn->disable_tid);
5626 error = ops->add_node(sc, &node, 1);
5630 if ((error = iwn_nic_lock(sc)) != 0)
5632 qid = *(int *)tap->txa_private;
5633 ops->ampdu_tx_start(sc, ni, qid, tid, tap->txa_start & 0xfff);
5636 iwn_set_link_quality(sc, ni);
5641 iwn_ampdu_tx_stop(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
5643 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
5644 struct iwn_ops *ops = &sc->ops;
5645 uint8_t tid = tap->txa_tid;
5648 if (tap->txa_private == NULL)
5651 qid = *(int *)tap->txa_private;
5652 if (iwn_nic_lock(sc) != 0)
5654 ops->ampdu_tx_stop(sc, qid, tid, tap->txa_start & 0xfff);
5656 sc->qid2tap[qid] = NULL;
5657 free(tap->txa_private, M_DEVBUF);
5658 tap->txa_private = NULL;
5659 sc->sc_addba_stop(ni, tap);
5663 iwn4965_ampdu_tx_start(struct iwn_softc *sc, struct ieee80211_node *ni,
5664 int qid, uint8_t tid, uint16_t ssn)
5666 struct iwn_node *wn = (void *)ni;
5668 /* Stop TX scheduler while we're changing its configuration. */
5669 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
5670 IWN4965_TXQ_STATUS_CHGACT);
5672 /* Assign RA/TID translation to the queue. */
5673 iwn_mem_write_2(sc, sc->sched_base + IWN4965_SCHED_TRANS_TBL(qid),
5676 /* Enable chain-building mode for the queue. */
5677 iwn_prph_setbits(sc, IWN4965_SCHED_QCHAIN_SEL, 1 << qid);
5679 /* Set starting sequence number from the ADDBA request. */
5680 sc->txq[qid].cur = sc->txq[qid].read = (ssn & 0xff);
5681 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff));
5682 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), ssn);
5684 /* Set scheduler window size. */
5685 iwn_mem_write(sc, sc->sched_base + IWN4965_SCHED_QUEUE_OFFSET(qid),
5687 /* Set scheduler frame limit. */
5688 iwn_mem_write(sc, sc->sched_base + IWN4965_SCHED_QUEUE_OFFSET(qid) + 4,
5689 IWN_SCHED_LIMIT << 16);
5691 /* Enable interrupts for the queue. */
5692 iwn_prph_setbits(sc, IWN4965_SCHED_INTR_MASK, 1 << qid);
5694 /* Mark the queue as active. */
5695 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
5696 IWN4965_TXQ_STATUS_ACTIVE | IWN4965_TXQ_STATUS_AGGR_ENA |
5697 iwn_tid2fifo[tid] << 1);
5701 iwn4965_ampdu_tx_stop(struct iwn_softc *sc, int qid, uint8_t tid, uint16_t ssn)
5703 /* Stop TX scheduler while we're changing its configuration. */
5704 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
5705 IWN4965_TXQ_STATUS_CHGACT);
5707 /* Set starting sequence number from the ADDBA request. */
5708 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff));
5709 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), ssn);
5711 /* Disable interrupts for the queue. */
5712 iwn_prph_clrbits(sc, IWN4965_SCHED_INTR_MASK, 1 << qid);
5714 /* Mark the queue as inactive. */
5715 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
5716 IWN4965_TXQ_STATUS_INACTIVE | iwn_tid2fifo[tid] << 1);
5720 iwn5000_ampdu_tx_start(struct iwn_softc *sc, struct ieee80211_node *ni,
5721 int qid, uint8_t tid, uint16_t ssn)
5723 struct iwn_node *wn = (void *)ni;
5725 /* Stop TX scheduler while we're changing its configuration. */
5726 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
5727 IWN5000_TXQ_STATUS_CHGACT);
5729 /* Assign RA/TID translation to the queue. */
5730 iwn_mem_write_2(sc, sc->sched_base + IWN5000_SCHED_TRANS_TBL(qid),
5733 /* Enable chain-building mode for the queue. */
5734 iwn_prph_setbits(sc, IWN5000_SCHED_QCHAIN_SEL, 1 << qid);
5736 /* Enable aggregation for the queue. */
5737 iwn_prph_setbits(sc, IWN5000_SCHED_AGGR_SEL, 1 << qid);
5739 /* Set starting sequence number from the ADDBA request. */
5740 sc->txq[qid].cur = sc->txq[qid].read = (ssn & 0xff);
5741 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff));
5742 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), ssn);
5744 /* Set scheduler window size and frame limit. */
5745 iwn_mem_write(sc, sc->sched_base + IWN5000_SCHED_QUEUE_OFFSET(qid) + 4,
5746 IWN_SCHED_LIMIT << 16 | IWN_SCHED_WINSZ);
5748 /* Enable interrupts for the queue. */
5749 iwn_prph_setbits(sc, IWN5000_SCHED_INTR_MASK, 1 << qid);
5751 /* Mark the queue as active. */
5752 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
5753 IWN5000_TXQ_STATUS_ACTIVE | iwn_tid2fifo[tid]);
5757 iwn5000_ampdu_tx_stop(struct iwn_softc *sc, int qid, uint8_t tid, uint16_t ssn)
5759 /* Stop TX scheduler while we're changing its configuration. */
5760 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
5761 IWN5000_TXQ_STATUS_CHGACT);
5763 /* Disable aggregation for the queue. */
5764 iwn_prph_clrbits(sc, IWN5000_SCHED_AGGR_SEL, 1 << qid);
5766 /* Set starting sequence number from the ADDBA request. */
5767 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | (ssn & 0xff));
5768 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), ssn);
5770 /* Disable interrupts for the queue. */
5771 iwn_prph_clrbits(sc, IWN5000_SCHED_INTR_MASK, 1 << qid);
5773 /* Mark the queue as inactive. */
5774 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
5775 IWN5000_TXQ_STATUS_INACTIVE | iwn_tid2fifo[tid]);
5779 * Query calibration tables from the initialization firmware. We do this
5780 * only once at first boot. Called from a process context.
5783 iwn5000_query_calibration(struct iwn_softc *sc)
5785 struct iwn5000_calib_config cmd;
5788 memset(&cmd, 0, sizeof cmd);
5789 cmd.ucode.once.enable = 0xffffffff;
5790 cmd.ucode.once.start = 0xffffffff;
5791 cmd.ucode.once.send = 0xffffffff;
5792 cmd.ucode.flags = 0xffffffff;
5793 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "%s: sending calibration query\n",
5795 error = iwn_cmd(sc, IWN5000_CMD_CALIB_CONFIG, &cmd, sizeof cmd, 0);
5799 /* Wait at most two seconds for calibration to complete. */
5800 if (!(sc->sc_flags & IWN_FLAG_CALIB_DONE))
5801 error = msleep(sc, &sc->sc_mtx, PCATCH, "iwncal", 2 * hz);
5806 * Send calibration results to the runtime firmware. These results were
5807 * obtained on first boot from the initialization firmware.
5810 iwn5000_send_calibration(struct iwn_softc *sc)
5814 for (idx = 0; idx < 5; idx++) {
5815 if (sc->calibcmd[idx].buf == NULL)
5816 continue; /* No results available. */
5817 DPRINTF(sc, IWN_DEBUG_CALIBRATE,
5818 "send calibration result idx=%d len=%d\n", idx,
5819 sc->calibcmd[idx].len);
5820 error = iwn_cmd(sc, IWN_CMD_PHY_CALIB, sc->calibcmd[idx].buf,
5821 sc->calibcmd[idx].len, 0);
5823 device_printf(sc->sc_dev,
5824 "%s: could not send calibration result, error %d\n",
5833 iwn5000_send_wimax_coex(struct iwn_softc *sc)
5835 struct iwn5000_wimax_coex wimax;
5838 if (sc->hw_type == IWN_HW_REV_TYPE_6050) {
5839 /* Enable WiMAX coexistence for combo adapters. */
5841 IWN_WIMAX_COEX_ASSOC_WA_UNMASK |
5842 IWN_WIMAX_COEX_UNASSOC_WA_UNMASK |
5843 IWN_WIMAX_COEX_STA_TABLE_VALID |
5844 IWN_WIMAX_COEX_ENABLE;
5845 memcpy(wimax.events, iwn6050_wimax_events,
5846 sizeof iwn6050_wimax_events);
5850 /* Disable WiMAX coexistence. */
5852 memset(wimax.events, 0, sizeof wimax.events);
5854 DPRINTF(sc, IWN_DEBUG_RESET, "%s: Configuring WiMAX coexistence\n",
5856 return iwn_cmd(sc, IWN5000_CMD_WIMAX_COEX, &wimax, sizeof wimax, 0);
5860 iwn5000_crystal_calib(struct iwn_softc *sc)
5862 struct iwn5000_phy_calib_crystal cmd;
5864 memset(&cmd, 0, sizeof cmd);
5865 cmd.code = IWN5000_PHY_CALIB_CRYSTAL;
5868 cmd.cap_pin[0] = le32toh(sc->eeprom_crystal) & 0xff;
5869 cmd.cap_pin[1] = (le32toh(sc->eeprom_crystal) >> 16) & 0xff;
5870 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "sending crystal calibration %d, %d\n",
5871 cmd.cap_pin[0], cmd.cap_pin[1]);
5872 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0);
5876 iwn5000_temp_offset_calib(struct iwn_softc *sc)
5878 struct iwn5000_phy_calib_temp_offset cmd;
5880 memset(&cmd, 0, sizeof cmd);
5881 cmd.code = IWN5000_PHY_CALIB_TEMP_OFFSET;
5884 if (sc->eeprom_temp != 0)
5885 cmd.offset = htole16(sc->eeprom_temp);
5887 cmd.offset = htole16(IWN_DEFAULT_TEMP_OFFSET);
5888 DPRINTF(sc, IWN_DEBUG_CALIBRATE, "setting radio sensor offset to %d\n",
5889 le16toh(cmd.offset));
5890 return iwn_cmd(sc, IWN_CMD_PHY_CALIB, &cmd, sizeof cmd, 0);
5894 * This function is called after the runtime firmware notifies us of its
5895 * readiness (called in a process context).
5898 iwn4965_post_alive(struct iwn_softc *sc)
5902 if ((error = iwn_nic_lock(sc)) != 0)
5905 /* Clear TX scheduler state in SRAM. */
5906 sc->sched_base = iwn_prph_read(sc, IWN_SCHED_SRAM_ADDR);
5907 iwn_mem_set_region_4(sc, sc->sched_base + IWN4965_SCHED_CTX_OFF, 0,
5908 IWN4965_SCHED_CTX_LEN / sizeof (uint32_t));
5910 /* Set physical address of TX scheduler rings (1KB aligned). */
5911 iwn_prph_write(sc, IWN4965_SCHED_DRAM_ADDR, sc->sched_dma.paddr >> 10);
5913 IWN_SETBITS(sc, IWN_FH_TX_CHICKEN, IWN_FH_TX_CHICKEN_SCHED_RETRY);
5915 /* Disable chain mode for all our 16 queues. */
5916 iwn_prph_write(sc, IWN4965_SCHED_QCHAIN_SEL, 0);
5918 for (qid = 0; qid < IWN4965_NTXQUEUES; qid++) {
5919 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_RDPTR(qid), 0);
5920 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | 0);
5922 /* Set scheduler window size. */
5923 iwn_mem_write(sc, sc->sched_base +
5924 IWN4965_SCHED_QUEUE_OFFSET(qid), IWN_SCHED_WINSZ);
5925 /* Set scheduler frame limit. */
5926 iwn_mem_write(sc, sc->sched_base +
5927 IWN4965_SCHED_QUEUE_OFFSET(qid) + 4,
5928 IWN_SCHED_LIMIT << 16);
5931 /* Enable interrupts for all our 16 queues. */
5932 iwn_prph_write(sc, IWN4965_SCHED_INTR_MASK, 0xffff);
5933 /* Identify TX FIFO rings (0-7). */
5934 iwn_prph_write(sc, IWN4965_SCHED_TXFACT, 0xff);
5936 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */
5937 for (qid = 0; qid < 7; qid++) {
5938 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 4, 5, 6 };
5939 iwn_prph_write(sc, IWN4965_SCHED_QUEUE_STATUS(qid),
5940 IWN4965_TXQ_STATUS_ACTIVE | qid2fifo[qid] << 1);
5947 * This function is called after the initialization or runtime firmware
5948 * notifies us of its readiness (called in a process context).
5951 iwn5000_post_alive(struct iwn_softc *sc)
5955 /* Switch to using ICT interrupt mode. */
5956 iwn5000_ict_reset(sc);
5958 if ((error = iwn_nic_lock(sc)) != 0)
5961 /* Clear TX scheduler state in SRAM. */
5962 sc->sched_base = iwn_prph_read(sc, IWN_SCHED_SRAM_ADDR);
5963 iwn_mem_set_region_4(sc, sc->sched_base + IWN5000_SCHED_CTX_OFF, 0,
5964 IWN5000_SCHED_CTX_LEN / sizeof (uint32_t));
5966 /* Set physical address of TX scheduler rings (1KB aligned). */
5967 iwn_prph_write(sc, IWN5000_SCHED_DRAM_ADDR, sc->sched_dma.paddr >> 10);
5969 IWN_SETBITS(sc, IWN_FH_TX_CHICKEN, IWN_FH_TX_CHICKEN_SCHED_RETRY);
5971 /* Enable chain mode for all queues, except command queue. */
5972 iwn_prph_write(sc, IWN5000_SCHED_QCHAIN_SEL, 0xfffef);
5973 iwn_prph_write(sc, IWN5000_SCHED_AGGR_SEL, 0);
5975 for (qid = 0; qid < IWN5000_NTXQUEUES; qid++) {
5976 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_RDPTR(qid), 0);
5977 IWN_WRITE(sc, IWN_HBUS_TARG_WRPTR, qid << 8 | 0);
5979 iwn_mem_write(sc, sc->sched_base +
5980 IWN5000_SCHED_QUEUE_OFFSET(qid), 0);
5981 /* Set scheduler window size and frame limit. */
5982 iwn_mem_write(sc, sc->sched_base +
5983 IWN5000_SCHED_QUEUE_OFFSET(qid) + 4,
5984 IWN_SCHED_LIMIT << 16 | IWN_SCHED_WINSZ);
5987 /* Enable interrupts for all our 20 queues. */
5988 iwn_prph_write(sc, IWN5000_SCHED_INTR_MASK, 0xfffff);
5989 /* Identify TX FIFO rings (0-7). */
5990 iwn_prph_write(sc, IWN5000_SCHED_TXFACT, 0xff);
5992 /* Mark TX rings (4 EDCA + cmd + 2 HCCA) as active. */
5993 for (qid = 0; qid < 7; qid++) {
5994 static uint8_t qid2fifo[] = { 3, 2, 1, 0, 7, 5, 6 };
5995 iwn_prph_write(sc, IWN5000_SCHED_QUEUE_STATUS(qid),
5996 IWN5000_TXQ_STATUS_ACTIVE | qid2fifo[qid]);
6000 /* Configure WiMAX coexistence for combo adapters. */
6001 error = iwn5000_send_wimax_coex(sc);
6003 device_printf(sc->sc_dev,
6004 "%s: could not configure WiMAX coexistence, error %d\n",
6008 if (sc->hw_type != IWN_HW_REV_TYPE_5150) {
6009 /* Perform crystal calibration. */
6010 error = iwn5000_crystal_calib(sc);
6012 device_printf(sc->sc_dev,
6013 "%s: crystal calibration failed, error %d\n",
6018 if (!(sc->sc_flags & IWN_FLAG_CALIB_DONE)) {
6019 /* Query calibration from the initialization firmware. */
6020 if ((error = iwn5000_query_calibration(sc)) != 0) {
6021 device_printf(sc->sc_dev,
6022 "%s: could not query calibration, error %d\n",
6027 * We have the calibration results now, reboot with the
6028 * runtime firmware (call ourselves recursively!)
6031 error = iwn_hw_init(sc);
6033 /* Send calibration results to runtime firmware. */
6034 error = iwn5000_send_calibration(sc);
6040 * The firmware boot code is small and is intended to be copied directly into
6041 * the NIC internal memory (no DMA transfer).
6044 iwn4965_load_bootcode(struct iwn_softc *sc, const uint8_t *ucode, int size)
6048 size /= sizeof (uint32_t);
6050 if ((error = iwn_nic_lock(sc)) != 0)
6053 /* Copy microcode image into NIC memory. */
6054 iwn_prph_write_region_4(sc, IWN_BSM_SRAM_BASE,
6055 (const uint32_t *)ucode, size);
6057 iwn_prph_write(sc, IWN_BSM_WR_MEM_SRC, 0);
6058 iwn_prph_write(sc, IWN_BSM_WR_MEM_DST, IWN_FW_TEXT_BASE);
6059 iwn_prph_write(sc, IWN_BSM_WR_DWCOUNT, size);
6061 /* Start boot load now. */
6062 iwn_prph_write(sc, IWN_BSM_WR_CTRL, IWN_BSM_WR_CTRL_START);
6064 /* Wait for transfer to complete. */
6065 for (ntries = 0; ntries < 1000; ntries++) {
6066 if (!(iwn_prph_read(sc, IWN_BSM_WR_CTRL) &
6067 IWN_BSM_WR_CTRL_START))
6071 if (ntries == 1000) {
6072 device_printf(sc->sc_dev, "%s: could not load boot firmware\n",
6078 /* Enable boot after power up. */
6079 iwn_prph_write(sc, IWN_BSM_WR_CTRL, IWN_BSM_WR_CTRL_START_EN);
6086 iwn4965_load_firmware(struct iwn_softc *sc)
6088 struct iwn_fw_info *fw = &sc->fw;
6089 struct iwn_dma_info *dma = &sc->fw_dma;
6092 /* Copy initialization sections into pre-allocated DMA-safe memory. */
6093 memcpy(dma->vaddr, fw->init.data, fw->init.datasz);
6094 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
6095 memcpy(dma->vaddr + IWN4965_FW_DATA_MAXSZ,
6096 fw->init.text, fw->init.textsz);
6097 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
6099 /* Tell adapter where to find initialization sections. */
6100 if ((error = iwn_nic_lock(sc)) != 0)
6102 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_ADDR, dma->paddr >> 4);
6103 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_SIZE, fw->init.datasz);
6104 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_ADDR,
6105 (dma->paddr + IWN4965_FW_DATA_MAXSZ) >> 4);
6106 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_SIZE, fw->init.textsz);
6109 /* Load firmware boot code. */
6110 error = iwn4965_load_bootcode(sc, fw->boot.text, fw->boot.textsz);
6112 device_printf(sc->sc_dev, "%s: could not load boot firmware\n",
6116 /* Now press "execute". */
6117 IWN_WRITE(sc, IWN_RESET, 0);
6119 /* Wait at most one second for first alive notification. */
6120 if ((error = msleep(sc, &sc->sc_mtx, PCATCH, "iwninit", hz)) != 0) {
6121 device_printf(sc->sc_dev,
6122 "%s: timeout waiting for adapter to initialize, error %d\n",
6127 /* Retrieve current temperature for initial TX power calibration. */
6128 sc->rawtemp = sc->ucode_info.temp[3].chan20MHz;
6129 sc->temp = iwn4965_get_temperature(sc);
6131 /* Copy runtime sections into pre-allocated DMA-safe memory. */
6132 memcpy(dma->vaddr, fw->main.data, fw->main.datasz);
6133 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
6134 memcpy(dma->vaddr + IWN4965_FW_DATA_MAXSZ,
6135 fw->main.text, fw->main.textsz);
6136 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
6138 /* Tell adapter where to find runtime sections. */
6139 if ((error = iwn_nic_lock(sc)) != 0)
6141 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_ADDR, dma->paddr >> 4);
6142 iwn_prph_write(sc, IWN_BSM_DRAM_DATA_SIZE, fw->main.datasz);
6143 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_ADDR,
6144 (dma->paddr + IWN4965_FW_DATA_MAXSZ) >> 4);
6145 iwn_prph_write(sc, IWN_BSM_DRAM_TEXT_SIZE,
6146 IWN_FW_UPDATED | fw->main.textsz);
6153 iwn5000_load_firmware_section(struct iwn_softc *sc, uint32_t dst,
6154 const uint8_t *section, int size)
6156 struct iwn_dma_info *dma = &sc->fw_dma;
6159 /* Copy firmware section into pre-allocated DMA-safe memory. */
6160 memcpy(dma->vaddr, section, size);
6161 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
6163 if ((error = iwn_nic_lock(sc)) != 0)
6166 IWN_WRITE(sc, IWN_FH_TX_CONFIG(IWN_SRVC_DMACHNL),
6167 IWN_FH_TX_CONFIG_DMA_PAUSE);
6169 IWN_WRITE(sc, IWN_FH_SRAM_ADDR(IWN_SRVC_DMACHNL), dst);
6170 IWN_WRITE(sc, IWN_FH_TFBD_CTRL0(IWN_SRVC_DMACHNL),
6171 IWN_LOADDR(dma->paddr));
6172 IWN_WRITE(sc, IWN_FH_TFBD_CTRL1(IWN_SRVC_DMACHNL),
6173 IWN_HIADDR(dma->paddr) << 28 | size);
6174 IWN_WRITE(sc, IWN_FH_TXBUF_STATUS(IWN_SRVC_DMACHNL),
6175 IWN_FH_TXBUF_STATUS_TBNUM(1) |
6176 IWN_FH_TXBUF_STATUS_TBIDX(1) |
6177 IWN_FH_TXBUF_STATUS_TFBD_VALID);
6179 /* Kick Flow Handler to start DMA transfer. */
6180 IWN_WRITE(sc, IWN_FH_TX_CONFIG(IWN_SRVC_DMACHNL),
6181 IWN_FH_TX_CONFIG_DMA_ENA | IWN_FH_TX_CONFIG_CIRQ_HOST_ENDTFD);
6185 /* Wait at most five seconds for FH DMA transfer to complete. */
6186 return msleep(sc, &sc->sc_mtx, PCATCH, "iwninit", 5 * hz);
6190 iwn5000_load_firmware(struct iwn_softc *sc)
6192 struct iwn_fw_part *fw;
6195 /* Load the initialization firmware on first boot only. */
6196 fw = (sc->sc_flags & IWN_FLAG_CALIB_DONE) ?
6197 &sc->fw.main : &sc->fw.init;
6199 error = iwn5000_load_firmware_section(sc, IWN_FW_TEXT_BASE,
6200 fw->text, fw->textsz);
6202 device_printf(sc->sc_dev,
6203 "%s: could not load firmware %s section, error %d\n",
6204 __func__, ".text", error);
6207 error = iwn5000_load_firmware_section(sc, IWN_FW_DATA_BASE,
6208 fw->data, fw->datasz);
6210 device_printf(sc->sc_dev,
6211 "%s: could not load firmware %s section, error %d\n",
6212 __func__, ".data", error);
6216 /* Now press "execute". */
6217 IWN_WRITE(sc, IWN_RESET, 0);
6222 * Extract text and data sections from a legacy firmware image.
6225 iwn_read_firmware_leg(struct iwn_softc *sc, struct iwn_fw_info *fw)
6227 const uint32_t *ptr;
6231 ptr = (const uint32_t *)fw->data;
6232 rev = le32toh(*ptr++);
6234 /* Check firmware API version. */
6235 if (IWN_FW_API(rev) <= 1) {
6236 device_printf(sc->sc_dev,
6237 "%s: bad firmware, need API version >=2\n", __func__);
6240 if (IWN_FW_API(rev) >= 3) {
6241 /* Skip build number (version 2 header). */
6245 if (fw->size < hdrlen) {
6246 device_printf(sc->sc_dev, "%s: firmware too short: %zu bytes\n",
6247 __func__, fw->size);
6250 fw->main.textsz = le32toh(*ptr++);
6251 fw->main.datasz = le32toh(*ptr++);
6252 fw->init.textsz = le32toh(*ptr++);
6253 fw->init.datasz = le32toh(*ptr++);
6254 fw->boot.textsz = le32toh(*ptr++);
6256 /* Check that all firmware sections fit. */
6257 if (fw->size < hdrlen + fw->main.textsz + fw->main.datasz +
6258 fw->init.textsz + fw->init.datasz + fw->boot.textsz) {
6259 device_printf(sc->sc_dev, "%s: firmware too short: %zu bytes\n",
6260 __func__, fw->size);
6264 /* Get pointers to firmware sections. */
6265 fw->main.text = (const uint8_t *)ptr;
6266 fw->main.data = fw->main.text + fw->main.textsz;
6267 fw->init.text = fw->main.data + fw->main.datasz;
6268 fw->init.data = fw->init.text + fw->init.textsz;
6269 fw->boot.text = fw->init.data + fw->init.datasz;
6274 * Extract text and data sections from a TLV firmware image.
6277 iwn_read_firmware_tlv(struct iwn_softc *sc, struct iwn_fw_info *fw,
6280 const struct iwn_fw_tlv_hdr *hdr;
6281 const struct iwn_fw_tlv *tlv;
6282 const uint8_t *ptr, *end;
6286 if (fw->size < sizeof (*hdr)) {
6287 device_printf(sc->sc_dev, "%s: firmware too short: %zu bytes\n",
6288 __func__, fw->size);
6291 hdr = (const struct iwn_fw_tlv_hdr *)fw->data;
6292 if (hdr->signature != htole32(IWN_FW_SIGNATURE)) {
6293 device_printf(sc->sc_dev, "%s: bad firmware signature 0x%08x\n",
6294 __func__, le32toh(hdr->signature));
6297 DPRINTF(sc, IWN_DEBUG_RESET, "FW: \"%.64s\", build 0x%x\n", hdr->descr,
6298 le32toh(hdr->build));
6301 * Select the closest supported alternative that is less than
6302 * or equal to the specified one.
6304 altmask = le64toh(hdr->altmask);
6305 while (alt > 0 && !(altmask & (1ULL << alt)))
6306 alt--; /* Downgrade. */
6307 DPRINTF(sc, IWN_DEBUG_RESET, "using alternative %d\n", alt);
6309 ptr = (const uint8_t *)(hdr + 1);
6310 end = (const uint8_t *)(fw->data + fw->size);
6312 /* Parse type-length-value fields. */
6313 while (ptr + sizeof (*tlv) <= end) {
6314 tlv = (const struct iwn_fw_tlv *)ptr;
6315 len = le32toh(tlv->len);
6317 ptr += sizeof (*tlv);
6318 if (ptr + len > end) {
6319 device_printf(sc->sc_dev,
6320 "%s: firmware too short: %zu bytes\n", __func__,
6324 /* Skip other alternatives. */
6325 if (tlv->alt != 0 && tlv->alt != htole16(alt))
6328 switch (le16toh(tlv->type)) {
6329 case IWN_FW_TLV_MAIN_TEXT:
6330 fw->main.text = ptr;
6331 fw->main.textsz = len;
6333 case IWN_FW_TLV_MAIN_DATA:
6334 fw->main.data = ptr;
6335 fw->main.datasz = len;
6337 case IWN_FW_TLV_INIT_TEXT:
6338 fw->init.text = ptr;
6339 fw->init.textsz = len;
6341 case IWN_FW_TLV_INIT_DATA:
6342 fw->init.data = ptr;
6343 fw->init.datasz = len;
6345 case IWN_FW_TLV_BOOT_TEXT:
6346 fw->boot.text = ptr;
6347 fw->boot.textsz = len;
6349 case IWN_FW_TLV_ENH_SENS:
6351 sc->sc_flags |= IWN_FLAG_ENH_SENS;
6353 case IWN_FW_TLV_PHY_CALIB:
6354 tmp = htole32(*ptr);
6356 sc->reset_noise_gain = tmp;
6357 sc->noise_gain = tmp + 1;
6361 DPRINTF(sc, IWN_DEBUG_RESET,
6362 "TLV type %d not handled\n", le16toh(tlv->type));
6365 next: /* TLV fields are 32-bit aligned. */
6366 ptr += (len + 3) & ~3;
6372 iwn_read_firmware(struct iwn_softc *sc)
6374 struct iwn_fw_info *fw = &sc->fw;
6379 memset(fw, 0, sizeof (*fw));
6381 /* Read firmware image from filesystem. */
6382 sc->fw_fp = firmware_get(sc->fwname);
6383 if (sc->fw_fp == NULL) {
6384 device_printf(sc->sc_dev, "%s: could not read firmware %s\n",
6385 __func__, sc->fwname);
6391 fw->size = sc->fw_fp->datasize;
6392 fw->data = (const uint8_t *)sc->fw_fp->data;
6393 if (fw->size < sizeof (uint32_t)) {
6394 device_printf(sc->sc_dev, "%s: firmware too short: %zu bytes\n",
6395 __func__, fw->size);
6396 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
6401 /* Retrieve text and data sections. */
6402 if (*(const uint32_t *)fw->data != 0) /* Legacy image. */
6403 error = iwn_read_firmware_leg(sc, fw);
6405 error = iwn_read_firmware_tlv(sc, fw, 1);
6407 device_printf(sc->sc_dev,
6408 "%s: could not read firmware sections, error %d\n",
6410 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
6415 /* Make sure text and data sections fit in hardware memory. */
6416 if (fw->main.textsz > sc->fw_text_maxsz ||
6417 fw->main.datasz > sc->fw_data_maxsz ||
6418 fw->init.textsz > sc->fw_text_maxsz ||
6419 fw->init.datasz > sc->fw_data_maxsz ||
6420 fw->boot.textsz > IWN_FW_BOOT_TEXT_MAXSZ ||
6421 (fw->boot.textsz & 3) != 0) {
6422 device_printf(sc->sc_dev, "%s: firmware sections too large\n",
6424 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
6429 /* We can proceed with loading the firmware. */
6434 iwn_clock_wait(struct iwn_softc *sc)
6438 /* Set "initialization complete" bit. */
6439 IWN_SETBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_INIT_DONE);
6441 /* Wait for clock stabilization. */
6442 for (ntries = 0; ntries < 2500; ntries++) {
6443 if (IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_MAC_CLOCK_READY)
6447 device_printf(sc->sc_dev,
6448 "%s: timeout waiting for clock stabilization\n", __func__);
6453 iwn_apm_init(struct iwn_softc *sc)
6458 /* Disable L0s exit timer (NMI bug workaround). */
6459 IWN_SETBITS(sc, IWN_GIO_CHICKEN, IWN_GIO_CHICKEN_DIS_L0S_TIMER);
6460 /* Don't wait for ICH L0s (ICH bug workaround). */
6461 IWN_SETBITS(sc, IWN_GIO_CHICKEN, IWN_GIO_CHICKEN_L1A_NO_L0S_RX);
6463 /* Set FH wait threshold to max (HW bug under stress workaround). */
6464 IWN_SETBITS(sc, IWN_DBG_HPET_MEM, 0xffff0000);
6466 /* Enable HAP INTA to move adapter from L1a to L0s. */
6467 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_HAP_WAKE_L1A);
6469 /* Retrieve PCIe Active State Power Management (ASPM). */
6470 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1);
6471 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */
6472 if (reg & 0x02) /* L1 Entry enabled. */
6473 IWN_SETBITS(sc, IWN_GIO, IWN_GIO_L0S_ENA);
6475 IWN_CLRBITS(sc, IWN_GIO, IWN_GIO_L0S_ENA);
6477 if (sc->hw_type != IWN_HW_REV_TYPE_4965 &&
6478 sc->hw_type <= IWN_HW_REV_TYPE_1000)
6479 IWN_SETBITS(sc, IWN_ANA_PLL, IWN_ANA_PLL_INIT);
6481 /* Wait for clock stabilization before accessing prph. */
6482 if ((error = iwn_clock_wait(sc)) != 0)
6485 if ((error = iwn_nic_lock(sc)) != 0)
6487 if (sc->hw_type == IWN_HW_REV_TYPE_4965) {
6488 /* Enable DMA and BSM (Bootstrap State Machine). */
6489 iwn_prph_write(sc, IWN_APMG_CLK_EN,
6490 IWN_APMG_CLK_CTRL_DMA_CLK_RQT |
6491 IWN_APMG_CLK_CTRL_BSM_CLK_RQT);
6494 iwn_prph_write(sc, IWN_APMG_CLK_EN,
6495 IWN_APMG_CLK_CTRL_DMA_CLK_RQT);
6498 /* Disable L1-Active. */
6499 iwn_prph_setbits(sc, IWN_APMG_PCI_STT, IWN_APMG_PCI_STT_L1A_DIS);
6506 iwn_apm_stop_master(struct iwn_softc *sc)
6510 /* Stop busmaster DMA activity. */
6511 IWN_SETBITS(sc, IWN_RESET, IWN_RESET_STOP_MASTER);
6512 for (ntries = 0; ntries < 100; ntries++) {
6513 if (IWN_READ(sc, IWN_RESET) & IWN_RESET_MASTER_DISABLED)
6517 device_printf(sc->sc_dev, "%s: timeout waiting for master\n", __func__);
6521 iwn_apm_stop(struct iwn_softc *sc)
6523 iwn_apm_stop_master(sc);
6525 /* Reset the entire device. */
6526 IWN_SETBITS(sc, IWN_RESET, IWN_RESET_SW);
6528 /* Clear "initialization complete" bit. */
6529 IWN_CLRBITS(sc, IWN_GP_CNTRL, IWN_GP_CNTRL_INIT_DONE);
6533 iwn4965_nic_config(struct iwn_softc *sc)
6535 if (IWN_RFCFG_TYPE(sc->rfcfg) == 1) {
6537 * I don't believe this to be correct but this is what the
6538 * vendor driver is doing. Probably the bits should not be
6539 * shifted in IWN_RFCFG_*.
6541 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
6542 IWN_RFCFG_TYPE(sc->rfcfg) |
6543 IWN_RFCFG_STEP(sc->rfcfg) |
6544 IWN_RFCFG_DASH(sc->rfcfg));
6546 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
6547 IWN_HW_IF_CONFIG_RADIO_SI | IWN_HW_IF_CONFIG_MAC_SI);
6552 iwn5000_nic_config(struct iwn_softc *sc)
6557 if (IWN_RFCFG_TYPE(sc->rfcfg) < 3) {
6558 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
6559 IWN_RFCFG_TYPE(sc->rfcfg) |
6560 IWN_RFCFG_STEP(sc->rfcfg) |
6561 IWN_RFCFG_DASH(sc->rfcfg));
6563 IWN_SETBITS(sc, IWN_HW_IF_CONFIG,
6564 IWN_HW_IF_CONFIG_RADIO_SI | IWN_HW_IF_CONFIG_MAC_SI);
6566 if ((error = iwn_nic_lock(sc)) != 0)
6568 iwn_prph_setbits(sc, IWN_APMG_PS, IWN_APMG_PS_EARLY_PWROFF_DIS);
6570 if (sc->hw_type == IWN_HW_REV_TYPE_1000) {
6572 * Select first Switching Voltage Regulator (1.32V) to
6573 * solve a stability issue related to noisy DC2DC line
6574 * in the silicon of 1000 Series.
6576 tmp = iwn_prph_read(sc, IWN_APMG_DIGITAL_SVR);
6577 tmp &= ~IWN_APMG_DIGITAL_SVR_VOLTAGE_MASK;
6578 tmp |= IWN_APMG_DIGITAL_SVR_VOLTAGE_1_32;
6579 iwn_prph_write(sc, IWN_APMG_DIGITAL_SVR, tmp);
6583 if (sc->sc_flags & IWN_FLAG_INTERNAL_PA) {
6584 /* Use internal power amplifier only. */
6585 IWN_WRITE(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_RADIO_2X2_IPA);
6587 if ((sc->hw_type == IWN_HW_REV_TYPE_6050 ||
6588 sc->hw_type == IWN_HW_REV_TYPE_6005) && sc->calib_ver >= 6) {
6589 /* Indicate that ROM calibration version is >=6. */
6590 IWN_SETBITS(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_CALIB_VER6);
6592 if (sc->hw_type == IWN_HW_REV_TYPE_6005)
6593 IWN_SETBITS(sc, IWN_GP_DRIVER, IWN_GP_DRIVER_6050_1X2);
6598 * Take NIC ownership over Intel Active Management Technology (AMT).
6601 iwn_hw_prepare(struct iwn_softc *sc)
6605 /* Check if hardware is ready. */
6606 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_NIC_READY);
6607 for (ntries = 0; ntries < 5; ntries++) {
6608 if (IWN_READ(sc, IWN_HW_IF_CONFIG) &
6609 IWN_HW_IF_CONFIG_NIC_READY)
6614 /* Hardware not ready, force into ready state. */
6615 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_PREPARE);
6616 for (ntries = 0; ntries < 15000; ntries++) {
6617 if (!(IWN_READ(sc, IWN_HW_IF_CONFIG) &
6618 IWN_HW_IF_CONFIG_PREPARE_DONE))
6622 if (ntries == 15000)
6625 /* Hardware should be ready now. */
6626 IWN_SETBITS(sc, IWN_HW_IF_CONFIG, IWN_HW_IF_CONFIG_NIC_READY);
6627 for (ntries = 0; ntries < 5; ntries++) {
6628 if (IWN_READ(sc, IWN_HW_IF_CONFIG) &
6629 IWN_HW_IF_CONFIG_NIC_READY)
6637 iwn_hw_init(struct iwn_softc *sc)
6639 struct iwn_ops *ops = &sc->ops;
6640 int error, chnl, qid;
6642 /* Clear pending interrupts. */
6643 IWN_WRITE(sc, IWN_INT, 0xffffffff);
6645 if ((error = iwn_apm_init(sc)) != 0) {
6646 device_printf(sc->sc_dev,
6647 "%s: could not power ON adapter, error %d\n", __func__,
6652 /* Select VMAIN power source. */
6653 if ((error = iwn_nic_lock(sc)) != 0)
6655 iwn_prph_clrbits(sc, IWN_APMG_PS, IWN_APMG_PS_PWR_SRC_MASK);
6658 /* Perform adapter-specific initialization. */
6659 if ((error = ops->nic_config(sc)) != 0)
6662 /* Initialize RX ring. */
6663 if ((error = iwn_nic_lock(sc)) != 0)
6665 IWN_WRITE(sc, IWN_FH_RX_CONFIG, 0);
6666 IWN_WRITE(sc, IWN_FH_RX_WPTR, 0);
6667 /* Set physical address of RX ring (256-byte aligned). */
6668 IWN_WRITE(sc, IWN_FH_RX_BASE, sc->rxq.desc_dma.paddr >> 8);
6669 /* Set physical address of RX status (16-byte aligned). */
6670 IWN_WRITE(sc, IWN_FH_STATUS_WPTR, sc->rxq.stat_dma.paddr >> 4);
6672 IWN_WRITE(sc, IWN_FH_RX_CONFIG,
6673 IWN_FH_RX_CONFIG_ENA |
6674 IWN_FH_RX_CONFIG_IGN_RXF_EMPTY | /* HW bug workaround */
6675 IWN_FH_RX_CONFIG_IRQ_DST_HOST |
6676 IWN_FH_RX_CONFIG_SINGLE_FRAME |
6677 IWN_FH_RX_CONFIG_RB_TIMEOUT(0) |
6678 IWN_FH_RX_CONFIG_NRBD(IWN_RX_RING_COUNT_LOG));
6680 IWN_WRITE(sc, IWN_FH_RX_WPTR, (IWN_RX_RING_COUNT - 1) & ~7);
6682 if ((error = iwn_nic_lock(sc)) != 0)
6685 /* Initialize TX scheduler. */
6686 iwn_prph_write(sc, sc->sched_txfact_addr, 0);
6688 /* Set physical address of "keep warm" page (16-byte aligned). */
6689 IWN_WRITE(sc, IWN_FH_KW_ADDR, sc->kw_dma.paddr >> 4);
6691 /* Initialize TX rings. */
6692 for (qid = 0; qid < sc->ntxqs; qid++) {
6693 struct iwn_tx_ring *txq = &sc->txq[qid];
6695 /* Set physical address of TX ring (256-byte aligned). */
6696 IWN_WRITE(sc, IWN_FH_CBBC_QUEUE(qid),
6697 txq->desc_dma.paddr >> 8);
6701 /* Enable DMA channels. */
6702 for (chnl = 0; chnl < sc->ndmachnls; chnl++) {
6703 IWN_WRITE(sc, IWN_FH_TX_CONFIG(chnl),
6704 IWN_FH_TX_CONFIG_DMA_ENA |
6705 IWN_FH_TX_CONFIG_DMA_CREDIT_ENA);
6708 /* Clear "radio off" and "commands blocked" bits. */
6709 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL);
6710 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_CMD_BLOCKED);
6712 /* Clear pending interrupts. */
6713 IWN_WRITE(sc, IWN_INT, 0xffffffff);
6714 /* Enable interrupt coalescing. */
6715 IWN_WRITE(sc, IWN_INT_COALESCING, 512 / 8);
6716 /* Enable interrupts. */
6717 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
6719 /* _Really_ make sure "radio off" bit is cleared! */
6720 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL);
6721 IWN_WRITE(sc, IWN_UCODE_GP1_CLR, IWN_UCODE_GP1_RFKILL);
6723 /* Enable shadow registers. */
6724 if (sc->hw_type >= IWN_HW_REV_TYPE_6000)
6725 IWN_SETBITS(sc, IWN_SHADOW_REG_CTRL, 0x800fffff);
6727 if ((error = ops->load_firmware(sc)) != 0) {
6728 device_printf(sc->sc_dev,
6729 "%s: could not load firmware, error %d\n", __func__,
6733 /* Wait at most one second for firmware alive notification. */
6734 if ((error = msleep(sc, &sc->sc_mtx, PCATCH, "iwninit", hz)) != 0) {
6735 device_printf(sc->sc_dev,
6736 "%s: timeout waiting for adapter to initialize, error %d\n",
6740 /* Do post-firmware initialization. */
6741 return ops->post_alive(sc);
6745 iwn_hw_stop(struct iwn_softc *sc)
6747 int chnl, qid, ntries;
6749 IWN_WRITE(sc, IWN_RESET, IWN_RESET_NEVO);
6751 /* Disable interrupts. */
6752 IWN_WRITE(sc, IWN_INT_MASK, 0);
6753 IWN_WRITE(sc, IWN_INT, 0xffffffff);
6754 IWN_WRITE(sc, IWN_FH_INT, 0xffffffff);
6755 sc->sc_flags &= ~IWN_FLAG_USE_ICT;
6757 /* Make sure we no longer hold the NIC lock. */
6760 /* Stop TX scheduler. */
6761 iwn_prph_write(sc, sc->sched_txfact_addr, 0);
6763 /* Stop all DMA channels. */
6764 if (iwn_nic_lock(sc) == 0) {
6765 for (chnl = 0; chnl < sc->ndmachnls; chnl++) {
6766 IWN_WRITE(sc, IWN_FH_TX_CONFIG(chnl), 0);
6767 for (ntries = 0; ntries < 200; ntries++) {
6768 if (IWN_READ(sc, IWN_FH_TX_STATUS) &
6769 IWN_FH_TX_STATUS_IDLE(chnl))
6778 iwn_reset_rx_ring(sc, &sc->rxq);
6780 /* Reset all TX rings. */
6781 for (qid = 0; qid < sc->ntxqs; qid++)
6782 iwn_reset_tx_ring(sc, &sc->txq[qid]);
6784 if (iwn_nic_lock(sc) == 0) {
6785 iwn_prph_write(sc, IWN_APMG_CLK_DIS,
6786 IWN_APMG_CLK_CTRL_DMA_CLK_RQT);
6790 /* Power OFF adapter. */
6795 iwn_radio_on(void *arg0, int pending)
6797 struct iwn_softc *sc = arg0;
6798 struct ifnet *ifp = sc->sc_ifp;
6799 struct ieee80211com *ic = ifp->if_l2com;
6800 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6804 ieee80211_init(vap);
6809 iwn_radio_off(void *arg0, int pending)
6811 struct iwn_softc *sc = arg0;
6812 struct ifnet *ifp = sc->sc_ifp;
6813 struct ieee80211com *ic = ifp->if_l2com;
6814 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6818 ieee80211_stop(vap);
6820 /* Enable interrupts to get RF toggle notification. */
6822 IWN_WRITE(sc, IWN_INT, 0xffffffff);
6823 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
6828 iwn_init_locked(struct iwn_softc *sc)
6830 struct ifnet *ifp = sc->sc_ifp;
6833 IWN_LOCK_ASSERT(sc);
6835 if ((error = iwn_hw_prepare(sc)) != 0) {
6836 device_printf(sc->sc_dev, "%s: hardware not ready, error %d\n",
6841 /* Initialize interrupt mask to default value. */
6842 sc->int_mask = IWN_INT_MASK_DEF;
6843 sc->sc_flags &= ~IWN_FLAG_USE_ICT;
6845 /* Check that the radio is not disabled by hardware switch. */
6846 if (!(IWN_READ(sc, IWN_GP_CNTRL) & IWN_GP_CNTRL_RFKILL)) {
6847 device_printf(sc->sc_dev,
6848 "radio is disabled by hardware switch\n");
6849 /* Enable interrupts to get RF toggle notifications. */
6850 IWN_WRITE(sc, IWN_INT, 0xffffffff);
6851 IWN_WRITE(sc, IWN_INT_MASK, sc->int_mask);
6855 /* Read firmware images from the filesystem. */
6856 if ((error = iwn_read_firmware(sc)) != 0) {
6857 device_printf(sc->sc_dev,
6858 "%s: could not read firmware, error %d\n", __func__,
6863 /* Initialize hardware and upload firmware. */
6864 error = iwn_hw_init(sc);
6865 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
6868 device_printf(sc->sc_dev,
6869 "%s: could not initialize hardware, error %d\n", __func__,
6874 /* Configure adapter now that it is ready. */
6875 if ((error = iwn_config(sc)) != 0) {
6876 device_printf(sc->sc_dev,
6877 "%s: could not configure device, error %d\n", __func__,
6882 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
6883 ifp->if_drv_flags |= IFF_DRV_RUNNING;
6885 callout_reset(&sc->watchdog_to, hz, iwn_watchdog, sc);
6888 fail: iwn_stop_locked(sc);
6894 struct iwn_softc *sc = arg;
6895 struct ifnet *ifp = sc->sc_ifp;
6896 struct ieee80211com *ic = ifp->if_l2com;
6899 iwn_init_locked(sc);
6902 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6903 ieee80211_start_all(ic);
6907 iwn_stop_locked(struct iwn_softc *sc)
6909 struct ifnet *ifp = sc->sc_ifp;
6911 IWN_LOCK_ASSERT(sc);
6913 sc->sc_tx_timer = 0;
6914 callout_stop(&sc->watchdog_to);
6915 callout_stop(&sc->calib_to);
6916 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
6918 /* Power OFF hardware. */
6923 iwn_stop(struct iwn_softc *sc)
6926 iwn_stop_locked(sc);
6931 * Callback from net80211 to start a scan.
6934 iwn_scan_start(struct ieee80211com *ic)
6936 struct ifnet *ifp = ic->ic_ifp;
6937 struct iwn_softc *sc = ifp->if_softc;
6940 /* make the link LED blink while we're scanning */
6941 iwn_set_led(sc, IWN_LED_LINK, 20, 2);
6946 * Callback from net80211 to terminate a scan.
6949 iwn_scan_end(struct ieee80211com *ic)
6951 struct ifnet *ifp = ic->ic_ifp;
6952 struct iwn_softc *sc = ifp->if_softc;
6953 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6956 if (vap->iv_state == IEEE80211_S_RUN) {
6957 /* Set link LED to ON status if we are associated */
6958 iwn_set_led(sc, IWN_LED_LINK, 0, 1);
6964 * Callback from net80211 to force a channel change.
6967 iwn_set_channel(struct ieee80211com *ic)
6969 const struct ieee80211_channel *c = ic->ic_curchan;
6970 struct ifnet *ifp = ic->ic_ifp;
6971 struct iwn_softc *sc = ifp->if_softc;
6975 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq);
6976 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags);
6977 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq);
6978 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags);
6981 * Only need to set the channel in Monitor mode. AP scanning and auth
6982 * are already taken care of by their respective firmware commands.
6984 if (ic->ic_opmode == IEEE80211_M_MONITOR) {
6985 error = iwn_config(sc);
6987 device_printf(sc->sc_dev,
6988 "%s: error %d settting channel\n", __func__, error);
6994 * Callback from net80211 to start scanning of the current channel.
6997 iwn_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
6999 struct ieee80211vap *vap = ss->ss_vap;
7000 struct iwn_softc *sc = vap->iv_ic->ic_ifp->if_softc;
7004 error = iwn_scan(sc);
7007 ieee80211_cancel_scan(vap);
7011 * Callback from net80211 to handle the minimum dwell time being met.
7012 * The intent is to terminate the scan but we just let the firmware
7013 * notify us when it's finished as we have no safe way to abort it.
7016 iwn_scan_mindwell(struct ieee80211_scan_state *ss)
7018 /* NB: don't try to abort scan; wait for firmware to finish */
7022 iwn_hw_reset(void *arg0, int pending)
7024 struct iwn_softc *sc = arg0;
7025 struct ifnet *ifp = sc->sc_ifp;
7026 struct ieee80211com *ic = ifp->if_l2com;
7030 ieee80211_notify_radio(ic, 1);
projects / FreeBSD / FreeBSD.git / blob