1 /* $OpenBSD: if_iwm.c,v 1.167 2017/04/04 00:40:52 claudio Exp $ */
2
3 /*
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /*-
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
23 *
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
26 *
27 ***********************************************************************
28 *
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
31 *
32 * GPL LICENSE SUMMARY
33 *
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
35 *
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
39 *
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
44 *
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
48 * USA
49 *
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
52 *
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
56 *
57 *
58 * BSD LICENSE
59 *
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
62 *
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
65 * are met:
66 *
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
72 * distribution.
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
76 *
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
88 */
89
90 /*-
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
92 *
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
96 *
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
104 */
105 #include <sys/cdefs.h>
106 #include "opt_wlan.h"
107 #include "opt_iwm.h"
108
109 #include <sys/param.h>
110 #include <sys/bus.h>
111 #include <sys/conf.h>
112 #include <sys/endian.h>
113 #include <sys/firmware.h>
114 #include <sys/kernel.h>
115 #include <sys/malloc.h>
116 #include <sys/mbuf.h>
117 #include <sys/mutex.h>
118 #include <sys/module.h>
119 #include <sys/proc.h>
120 #include <sys/rman.h>
121 #include <sys/socket.h>
122 #include <sys/sockio.h>
123 #include <sys/sysctl.h>
124 #include <sys/linker.h>
125
126 #include <machine/bus.h>
127 #include <machine/endian.h>
128 #include <machine/resource.h>
129
130 #include <dev/pci/pcivar.h>
131 #include <dev/pci/pcireg.h>
132
133 #include <net/bpf.h>
134
135 #include <net/if.h>
136 #include <net/if_var.h>
137 #include <net/if_arp.h>
138 #include <net/if_dl.h>
139 #include <net/if_media.h>
140 #include <net/if_types.h>
141
142 #include <netinet/in.h>
143 #include <netinet/in_systm.h>
144 #include <netinet/if_ether.h>
145 #include <netinet/ip.h>
146
147 #include <net80211/ieee80211_var.h>
148 #include <net80211/ieee80211_regdomain.h>
149 #include <net80211/ieee80211_ratectl.h>
150 #include <net80211/ieee80211_radiotap.h>
151
152 #include <dev/iwm/if_iwmreg.h>
153 #include <dev/iwm/if_iwmvar.h>
154 #include <dev/iwm/if_iwm_config.h>
155 #include <dev/iwm/if_iwm_debug.h>
156 #include <dev/iwm/if_iwm_notif_wait.h>
157 #include <dev/iwm/if_iwm_util.h>
158 #include <dev/iwm/if_iwm_binding.h>
159 #include <dev/iwm/if_iwm_phy_db.h>
160 #include <dev/iwm/if_iwm_mac_ctxt.h>
161 #include <dev/iwm/if_iwm_phy_ctxt.h>
162 #include <dev/iwm/if_iwm_time_event.h>
163 #include <dev/iwm/if_iwm_power.h>
164 #include <dev/iwm/if_iwm_scan.h>
165 #include <dev/iwm/if_iwm_sf.h>
166 #include <dev/iwm/if_iwm_sta.h>
167
168 #include <dev/iwm/if_iwm_pcie_trans.h>
169 #include <dev/iwm/if_iwm_led.h>
170 #include <dev/iwm/if_iwm_fw.h>
171
172 /* From DragonflyBSD */
173 #define mtodoff(m, t, off) ((t)((m)->m_data + (off)))
174
175 const uint8_t iwm_nvm_channels[] = {
176 /* 2.4 GHz */
177 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
178 /* 5 GHz */
179 36, 40, 44, 48, 52, 56, 60, 64,
180 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
181 149, 153, 157, 161, 165
182 };
183 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS,
184 "IWM_NUM_CHANNELS is too small");
185
186 const uint8_t iwm_nvm_channels_8000[] = {
187 /* 2.4 GHz */
188 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
189 /* 5 GHz */
190 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92,
191 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
192 149, 153, 157, 161, 165, 169, 173, 177, 181
193 };
194 _Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000,
195 "IWM_NUM_CHANNELS_8000 is too small");
196
197 #define IWM_NUM_2GHZ_CHANNELS 14
198 #define IWM_N_HW_ADDR_MASK 0xF
199
200 /*
201 * XXX For now, there's simply a fixed set of rate table entries
202 * that are populated.
203 */
204 const struct iwm_rate {
205 uint8_t rate;
206 uint8_t plcp;
207 } iwm_rates[] = {
208 { 2, IWM_RATE_1M_PLCP },
209 { 4, IWM_RATE_2M_PLCP },
210 { 11, IWM_RATE_5M_PLCP },
211 { 22, IWM_RATE_11M_PLCP },
212 { 12, IWM_RATE_6M_PLCP },
213 { 18, IWM_RATE_9M_PLCP },
214 { 24, IWM_RATE_12M_PLCP },
215 { 36, IWM_RATE_18M_PLCP },
216 { 48, IWM_RATE_24M_PLCP },
217 { 72, IWM_RATE_36M_PLCP },
218 { 96, IWM_RATE_48M_PLCP },
219 { 108, IWM_RATE_54M_PLCP },
220 };
221 #define IWM_RIDX_CCK 0
222 #define IWM_RIDX_OFDM 4
223 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
224 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
225 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
226
227 struct iwm_nvm_section {
228 uint16_t length;
229 uint8_t *data;
230 };
231
232 #define IWM_UCODE_ALIVE_TIMEOUT hz
233 #define IWM_UCODE_CALIB_TIMEOUT (2*hz)
234
235 struct iwm_alive_data {
236 int valid;
237 uint32_t scd_base_addr;
238 };
239
240 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
241 static int iwm_firmware_store_section(struct iwm_softc *,
242 enum iwm_ucode_type,
243 const uint8_t *, size_t);
244 static int iwm_set_default_calib(struct iwm_softc *, const void *);
245 static void iwm_fw_info_free(struct iwm_fw_info *);
246 static int iwm_read_firmware(struct iwm_softc *);
247 static int iwm_alloc_fwmem(struct iwm_softc *);
248 static int iwm_alloc_sched(struct iwm_softc *);
249 static int iwm_alloc_kw(struct iwm_softc *);
250 static int iwm_alloc_ict(struct iwm_softc *);
251 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
252 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
253 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
254 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
255 int);
256 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
257 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
258 static void iwm_enable_interrupts(struct iwm_softc *);
259 static void iwm_restore_interrupts(struct iwm_softc *);
260 static void iwm_disable_interrupts(struct iwm_softc *);
261 static void iwm_ict_reset(struct iwm_softc *);
262 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
263 static void iwm_stop_device(struct iwm_softc *);
264 static void iwm_nic_config(struct iwm_softc *);
265 static int iwm_nic_rx_init(struct iwm_softc *);
266 static int iwm_nic_tx_init(struct iwm_softc *);
267 static int iwm_nic_init(struct iwm_softc *);
268 static int iwm_trans_pcie_fw_alive(struct iwm_softc *, uint32_t);
269 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
270 uint16_t, uint8_t *, uint16_t *);
271 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
272 uint16_t *, uint32_t);
273 static uint32_t iwm_eeprom_channel_flags(uint16_t);
274 static void iwm_add_channel_band(struct iwm_softc *,
275 struct ieee80211_channel[], int, int *, int, size_t,
276 const uint8_t[]);
277 static void iwm_init_channel_map(struct ieee80211com *, int, int *,
278 struct ieee80211_channel[]);
279 static struct iwm_nvm_data *
280 iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
281 const uint16_t *, const uint16_t *,
282 const uint16_t *, const uint16_t *,
283 const uint16_t *);
284 static void iwm_free_nvm_data(struct iwm_nvm_data *);
285 static void iwm_set_hw_address_family_8000(struct iwm_softc *,
286 struct iwm_nvm_data *,
287 const uint16_t *,
288 const uint16_t *);
289 static int iwm_get_sku(const struct iwm_softc *, const uint16_t *,
290 const uint16_t *);
291 static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *);
292 static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *,
293 const uint16_t *);
294 static int iwm_get_n_hw_addrs(const struct iwm_softc *,
295 const uint16_t *);
296 static void iwm_set_radio_cfg(const struct iwm_softc *,
297 struct iwm_nvm_data *, uint32_t);
298 static struct iwm_nvm_data *
299 iwm_parse_nvm_sections(struct iwm_softc *, struct iwm_nvm_section *);
300 static int iwm_nvm_init(struct iwm_softc *);
301 static int iwm_pcie_load_section(struct iwm_softc *, uint8_t,
302 const struct iwm_fw_desc *);
303 static int iwm_pcie_load_firmware_chunk(struct iwm_softc *, uint32_t,
304 bus_addr_t, uint32_t);
305 static int iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
306 const struct iwm_fw_img *,
307 int, int *);
308 static int iwm_pcie_load_cpu_sections(struct iwm_softc *,
309 const struct iwm_fw_img *,
310 int, int *);
311 static int iwm_pcie_load_given_ucode_8000(struct iwm_softc *,
312 const struct iwm_fw_img *);
313 static int iwm_pcie_load_given_ucode(struct iwm_softc *,
314 const struct iwm_fw_img *);
315 static int iwm_start_fw(struct iwm_softc *, const struct iwm_fw_img *);
316 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
317 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
318 static int iwm_load_ucode_wait_alive(struct iwm_softc *,
319 enum iwm_ucode_type);
320 static int iwm_run_init_ucode(struct iwm_softc *, int);
321 static int iwm_config_ltr(struct iwm_softc *sc);
322 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
323 static void iwm_rx_rx_phy_cmd(struct iwm_softc *,
324 struct iwm_rx_packet *);
325 static int iwm_get_noise(struct iwm_softc *,
326 const struct iwm_statistics_rx_non_phy *);
327 static void iwm_handle_rx_statistics(struct iwm_softc *,
328 struct iwm_rx_packet *);
329 static bool iwm_rx_mpdu(struct iwm_softc *, struct mbuf *,
330 uint32_t, bool);
331 static int iwm_rx_tx_cmd_single(struct iwm_softc *,
332 struct iwm_rx_packet *,
333 struct iwm_node *);
334 static void iwm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *);
335 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
336 #if 0
337 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
338 uint16_t);
339 #endif
340 static const struct iwm_rate *
341 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
342 struct mbuf *, struct iwm_tx_cmd *);
343 static int iwm_tx(struct iwm_softc *, struct mbuf *,
344 struct ieee80211_node *, int);
345 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
346 const struct ieee80211_bpf_params *);
347 static int iwm_update_quotas(struct iwm_softc *, struct iwm_vap *);
348 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
349 static struct ieee80211_node *
350 iwm_node_alloc(struct ieee80211vap *,
351 const uint8_t[IEEE80211_ADDR_LEN]);
352 static uint8_t iwm_rate_from_ucode_rate(uint32_t);
353 static int iwm_rate2ridx(struct iwm_softc *, uint8_t);
354 static void iwm_setrates(struct iwm_softc *, struct iwm_node *, int);
355 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
356 static void iwm_endscan_cb(void *, int);
357 static int iwm_send_bt_init_conf(struct iwm_softc *);
358 static boolean_t iwm_is_lar_supported(struct iwm_softc *);
359 static boolean_t iwm_is_wifi_mcc_supported(struct iwm_softc *);
360 static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *);
361 static void iwm_tt_tx_backoff(struct iwm_softc *, uint32_t);
362 static int iwm_init_hw(struct iwm_softc *);
363 static void iwm_init(struct iwm_softc *);
364 static void iwm_start(struct iwm_softc *);
365 static void iwm_stop(struct iwm_softc *);
366 static void iwm_watchdog(void *);
367 static void iwm_parent(struct ieee80211com *);
368 #ifdef IWM_DEBUG
369 static const char *
370 iwm_desc_lookup(uint32_t);
371 static void iwm_nic_error(struct iwm_softc *);
372 static void iwm_nic_umac_error(struct iwm_softc *);
373 #endif
374 static void iwm_handle_rxb(struct iwm_softc *, struct mbuf *);
375 static void iwm_notif_intr(struct iwm_softc *);
376 static void iwm_intr(void *);
377 static int iwm_attach(device_t);
378 static int iwm_is_valid_ether_addr(uint8_t *);
379 static void iwm_preinit(void *);
380 static int iwm_detach_local(struct iwm_softc *sc, int);
381 static void iwm_init_task(void *);
382 static void iwm_radiotap_attach(struct iwm_softc *);
383 static struct ieee80211vap *
384 iwm_vap_create(struct ieee80211com *,
385 const char [IFNAMSIZ], int,
386 enum ieee80211_opmode, int,
387 const uint8_t [IEEE80211_ADDR_LEN],
388 const uint8_t [IEEE80211_ADDR_LEN]);
389 static void iwm_vap_delete(struct ieee80211vap *);
390 static void iwm_xmit_queue_drain(struct iwm_softc *);
391 static void iwm_scan_start(struct ieee80211com *);
392 static void iwm_scan_end(struct ieee80211com *);
393 static void iwm_update_mcast(struct ieee80211com *);
394 static void iwm_set_channel(struct ieee80211com *);
395 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
396 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
397 static int iwm_detach(device_t);
398
399 static int iwm_lar_disable = 0;
400 TUNABLE_INT("hw.iwm.lar.disable", &iwm_lar_disable);
401
402 /*
403 * Firmware parser.
404 */
405
406 static int
iwm_store_cscheme(struct iwm_softc * sc,const uint8_t * data,size_t dlen)407 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
408 {
409 const struct iwm_fw_cscheme_list *l = (const void *)data;
410
411 if (dlen < sizeof(*l) ||
412 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
413 return EINVAL;
414
415 /* we don't actually store anything for now, always use s/w crypto */
416
417 return 0;
418 }
419
420 static int
iwm_firmware_store_section(struct iwm_softc * sc,enum iwm_ucode_type type,const uint8_t * data,size_t dlen)421 iwm_firmware_store_section(struct iwm_softc *sc,
422 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
423 {
424 struct iwm_fw_img *fws;
425 struct iwm_fw_desc *fwone;
426
427 if (type >= IWM_UCODE_TYPE_MAX)
428 return EINVAL;
429 if (dlen < sizeof(uint32_t))
430 return EINVAL;
431
432 fws = &sc->sc_fw.img[type];
433 if (fws->fw_count >= IWM_UCODE_SECTION_MAX)
434 return EINVAL;
435
436 fwone = &fws->sec[fws->fw_count];
437
438 /* first 32bit are device load offset */
439 memcpy(&fwone->offset, data, sizeof(uint32_t));
440
441 /* rest is data */
442 fwone->data = data + sizeof(uint32_t);
443 fwone->len = dlen - sizeof(uint32_t);
444
445 fws->fw_count++;
446
447 return 0;
448 }
449
450 #define IWM_DEFAULT_SCAN_CHANNELS 40
451
452 /* iwlwifi: iwl-drv.c */
453 struct iwm_tlv_calib_data {
454 uint32_t ucode_type;
455 struct iwm_tlv_calib_ctrl calib;
456 } __packed;
457
458 static int
iwm_set_default_calib(struct iwm_softc * sc,const void * data)459 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
460 {
461 const struct iwm_tlv_calib_data *def_calib = data;
462 uint32_t ucode_type = le32toh(def_calib->ucode_type);
463
464 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
465 device_printf(sc->sc_dev,
466 "Wrong ucode_type %u for default "
467 "calibration.\n", ucode_type);
468 return EINVAL;
469 }
470
471 sc->sc_default_calib[ucode_type].flow_trigger =
472 def_calib->calib.flow_trigger;
473 sc->sc_default_calib[ucode_type].event_trigger =
474 def_calib->calib.event_trigger;
475
476 return 0;
477 }
478
479 static int
iwm_set_ucode_api_flags(struct iwm_softc * sc,const uint8_t * data,struct iwm_ucode_capabilities * capa)480 iwm_set_ucode_api_flags(struct iwm_softc *sc, const uint8_t *data,
481 struct iwm_ucode_capabilities *capa)
482 {
483 const struct iwm_ucode_api *ucode_api = (const void *)data;
484 uint32_t api_index = le32toh(ucode_api->api_index);
485 uint32_t api_flags = le32toh(ucode_api->api_flags);
486 int i;
487
488 if (api_index >= howmany(IWM_NUM_UCODE_TLV_API, 32)) {
489 device_printf(sc->sc_dev,
490 "api flags index %d larger than supported by driver\n",
491 api_index);
492 /* don't return an error so we can load FW that has more bits */
493 return 0;
494 }
495
496 for (i = 0; i < 32; i++) {
497 if (api_flags & (1U << i))
498 setbit(capa->enabled_api, i + 32 * api_index);
499 }
500
501 return 0;
502 }
503
504 static int
iwm_set_ucode_capabilities(struct iwm_softc * sc,const uint8_t * data,struct iwm_ucode_capabilities * capa)505 iwm_set_ucode_capabilities(struct iwm_softc *sc, const uint8_t *data,
506 struct iwm_ucode_capabilities *capa)
507 {
508 const struct iwm_ucode_capa *ucode_capa = (const void *)data;
509 uint32_t api_index = le32toh(ucode_capa->api_index);
510 uint32_t api_flags = le32toh(ucode_capa->api_capa);
511 int i;
512
513 if (api_index >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) {
514 device_printf(sc->sc_dev,
515 "capa flags index %d larger than supported by driver\n",
516 api_index);
517 /* don't return an error so we can load FW that has more bits */
518 return 0;
519 }
520
521 for (i = 0; i < 32; i++) {
522 if (api_flags & (1U << i))
523 setbit(capa->enabled_capa, i + 32 * api_index);
524 }
525
526 return 0;
527 }
528
529 static void
iwm_fw_info_free(struct iwm_fw_info * fw)530 iwm_fw_info_free(struct iwm_fw_info *fw)
531 {
532 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD);
533 fw->fw_fp = NULL;
534 memset(fw->img, 0, sizeof(fw->img));
535 }
536
537 static int
iwm_read_firmware(struct iwm_softc * sc)538 iwm_read_firmware(struct iwm_softc *sc)
539 {
540 struct iwm_fw_info *fw = &sc->sc_fw;
541 const struct iwm_tlv_ucode_header *uhdr;
542 const struct iwm_ucode_tlv *tlv;
543 struct iwm_ucode_capabilities *capa = &sc->sc_fw.ucode_capa;
544 enum iwm_ucode_tlv_type tlv_type;
545 const struct firmware *fwp;
546 const uint8_t *data;
547 uint32_t tlv_len;
548 uint32_t usniffer_img;
549 const uint8_t *tlv_data;
550 uint32_t paging_mem_size;
551 int num_of_cpus;
552 int error = 0;
553 size_t len;
554
555 /*
556 * Load firmware into driver memory.
557 * fw_fp will be set.
558 */
559 fwp = firmware_get(sc->cfg->fw_name);
560 if (fwp == NULL) {
561 device_printf(sc->sc_dev,
562 "could not read firmware %s (error %d)\n",
563 sc->cfg->fw_name, error);
564 goto out;
565 }
566 fw->fw_fp = fwp;
567
568 /* (Re-)Initialize default values. */
569 capa->flags = 0;
570 capa->max_probe_length = IWM_DEFAULT_MAX_PROBE_LENGTH;
571 capa->n_scan_channels = IWM_DEFAULT_SCAN_CHANNELS;
572 memset(capa->enabled_capa, 0, sizeof(capa->enabled_capa));
573 memset(capa->enabled_api, 0, sizeof(capa->enabled_api));
574 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc));
575
576 /*
577 * Parse firmware contents
578 */
579
580 uhdr = (const void *)fw->fw_fp->data;
581 if (*(const uint32_t *)fw->fw_fp->data != 0
582 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
583 device_printf(sc->sc_dev, "invalid firmware %s\n",
584 sc->cfg->fw_name);
585 error = EINVAL;
586 goto out;
587 }
588
589 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%u.%u (API ver %u)",
590 IWM_UCODE_MAJOR(le32toh(uhdr->ver)),
591 IWM_UCODE_MINOR(le32toh(uhdr->ver)),
592 IWM_UCODE_API(le32toh(uhdr->ver)));
593 data = uhdr->data;
594 len = fw->fw_fp->datasize - sizeof(*uhdr);
595
596 while (len >= sizeof(*tlv)) {
597 len -= sizeof(*tlv);
598 tlv = (const void *)data;
599
600 tlv_len = le32toh(tlv->length);
601 tlv_type = le32toh(tlv->type);
602 tlv_data = tlv->data;
603
604 if (len < tlv_len) {
605 device_printf(sc->sc_dev,
606 "firmware too short: %zu bytes\n",
607 len);
608 error = EINVAL;
609 goto parse_out;
610 }
611 len -= roundup2(tlv_len, 4);
612 data += sizeof(*tlv) + roundup2(tlv_len, 4);
613
614 switch ((int)tlv_type) {
615 case IWM_UCODE_TLV_PROBE_MAX_LEN:
616 if (tlv_len != sizeof(uint32_t)) {
617 device_printf(sc->sc_dev,
618 "%s: PROBE_MAX_LEN (%u) != sizeof(uint32_t)\n",
619 __func__, tlv_len);
620 error = EINVAL;
621 goto parse_out;
622 }
623 capa->max_probe_length =
624 le32_to_cpup((const uint32_t *)tlv_data);
625 /* limit it to something sensible */
626 if (capa->max_probe_length >
627 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) {
628 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
629 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
630 "ridiculous\n", __func__);
631 error = EINVAL;
632 goto parse_out;
633 }
634 break;
635 case IWM_UCODE_TLV_PAN:
636 if (tlv_len) {
637 device_printf(sc->sc_dev,
638 "%s: IWM_UCODE_TLV_PAN: tlv_len (%u) > 0\n",
639 __func__, tlv_len);
640 error = EINVAL;
641 goto parse_out;
642 }
643 capa->flags |= IWM_UCODE_TLV_FLAGS_PAN;
644 break;
645 case IWM_UCODE_TLV_FLAGS:
646 if (tlv_len < sizeof(uint32_t)) {
647 device_printf(sc->sc_dev,
648 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%u) < sizeof(uint32_t)\n",
649 __func__, tlv_len);
650 error = EINVAL;
651 goto parse_out;
652 }
653 if (tlv_len % sizeof(uint32_t)) {
654 device_printf(sc->sc_dev,
655 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%u) %% sizeof(uint32_t)\n",
656 __func__, tlv_len);
657 error = EINVAL;
658 goto parse_out;
659 }
660 /*
661 * Apparently there can be many flags, but Linux driver
662 * parses only the first one, and so do we.
663 *
664 * XXX: why does this override IWM_UCODE_TLV_PAN?
665 * Intentional or a bug? Observations from
666 * current firmware file:
667 * 1) TLV_PAN is parsed first
668 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
669 * ==> this resets TLV_PAN to itself... hnnnk
670 */
671 capa->flags = le32_to_cpup((const uint32_t *)tlv_data);
672 break;
673 case IWM_UCODE_TLV_CSCHEME:
674 if ((error = iwm_store_cscheme(sc,
675 tlv_data, tlv_len)) != 0) {
676 device_printf(sc->sc_dev,
677 "%s: iwm_store_cscheme(): returned %d\n",
678 __func__, error);
679 goto parse_out;
680 }
681 break;
682 case IWM_UCODE_TLV_NUM_OF_CPU:
683 if (tlv_len != sizeof(uint32_t)) {
684 device_printf(sc->sc_dev,
685 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%u) != sizeof(uint32_t)\n",
686 __func__, tlv_len);
687 error = EINVAL;
688 goto parse_out;
689 }
690 num_of_cpus = le32_to_cpup((const uint32_t *)tlv_data);
691 if (num_of_cpus == 2) {
692 fw->img[IWM_UCODE_REGULAR].is_dual_cpus =
693 TRUE;
694 fw->img[IWM_UCODE_INIT].is_dual_cpus =
695 TRUE;
696 fw->img[IWM_UCODE_WOWLAN].is_dual_cpus =
697 TRUE;
698 } else if ((num_of_cpus > 2) || (num_of_cpus < 1)) {
699 device_printf(sc->sc_dev,
700 "%s: Driver supports only 1 or 2 CPUs\n",
701 __func__);
702 error = EINVAL;
703 goto parse_out;
704 }
705 break;
706 case IWM_UCODE_TLV_SEC_RT:
707 if ((error = iwm_firmware_store_section(sc,
708 IWM_UCODE_REGULAR, tlv_data, tlv_len)) != 0) {
709 device_printf(sc->sc_dev,
710 "%s: IWM_UCODE_REGULAR: iwm_firmware_store_section() failed; %d\n",
711 __func__, error);
712 goto parse_out;
713 }
714 break;
715 case IWM_UCODE_TLV_SEC_INIT:
716 if ((error = iwm_firmware_store_section(sc,
717 IWM_UCODE_INIT, tlv_data, tlv_len)) != 0) {
718 device_printf(sc->sc_dev,
719 "%s: IWM_UCODE_INIT: iwm_firmware_store_section() failed; %d\n",
720 __func__, error);
721 goto parse_out;
722 }
723 break;
724 case IWM_UCODE_TLV_SEC_WOWLAN:
725 if ((error = iwm_firmware_store_section(sc,
726 IWM_UCODE_WOWLAN, tlv_data, tlv_len)) != 0) {
727 device_printf(sc->sc_dev,
728 "%s: IWM_UCODE_WOWLAN: iwm_firmware_store_section() failed; %d\n",
729 __func__, error);
730 goto parse_out;
731 }
732 break;
733 case IWM_UCODE_TLV_DEF_CALIB:
734 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
735 device_printf(sc->sc_dev,
736 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%u) < sizeof(iwm_tlv_calib_data) (%zu)\n",
737 __func__, tlv_len,
738 sizeof(struct iwm_tlv_calib_data));
739 error = EINVAL;
740 goto parse_out;
741 }
742 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
743 device_printf(sc->sc_dev,
744 "%s: iwm_set_default_calib() failed: %d\n",
745 __func__, error);
746 goto parse_out;
747 }
748 break;
749 case IWM_UCODE_TLV_PHY_SKU:
750 if (tlv_len != sizeof(uint32_t)) {
751 error = EINVAL;
752 device_printf(sc->sc_dev,
753 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%u) < sizeof(uint32_t)\n",
754 __func__, tlv_len);
755 goto parse_out;
756 }
757 sc->sc_fw.phy_config =
758 le32_to_cpup((const uint32_t *)tlv_data);
759 sc->sc_fw.valid_tx_ant = (sc->sc_fw.phy_config &
760 IWM_FW_PHY_CFG_TX_CHAIN) >>
761 IWM_FW_PHY_CFG_TX_CHAIN_POS;
762 sc->sc_fw.valid_rx_ant = (sc->sc_fw.phy_config &
763 IWM_FW_PHY_CFG_RX_CHAIN) >>
764 IWM_FW_PHY_CFG_RX_CHAIN_POS;
765 break;
766
767 case IWM_UCODE_TLV_API_CHANGES_SET: {
768 if (tlv_len != sizeof(struct iwm_ucode_api)) {
769 error = EINVAL;
770 goto parse_out;
771 }
772 if (iwm_set_ucode_api_flags(sc, tlv_data, capa)) {
773 error = EINVAL;
774 goto parse_out;
775 }
776 break;
777 }
778
779 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: {
780 if (tlv_len != sizeof(struct iwm_ucode_capa)) {
781 error = EINVAL;
782 goto parse_out;
783 }
784 if (iwm_set_ucode_capabilities(sc, tlv_data, capa)) {
785 error = EINVAL;
786 goto parse_out;
787 }
788 break;
789 }
790
791 case IWM_UCODE_TLV_CMD_VERSIONS:
792 case IWM_UCODE_TLV_SDIO_ADMA_ADDR:
793 case IWM_UCODE_TLV_FW_GSCAN_CAPA:
794 /* ignore, not used by current driver */
795 break;
796
797 case IWM_UCODE_TLV_SEC_RT_USNIFFER:
798 if ((error = iwm_firmware_store_section(sc,
799 IWM_UCODE_REGULAR_USNIFFER, tlv_data,
800 tlv_len)) != 0)
801 goto parse_out;
802 break;
803
804 case IWM_UCODE_TLV_PAGING:
805 if (tlv_len != sizeof(uint32_t)) {
806 error = EINVAL;
807 goto parse_out;
808 }
809 paging_mem_size = le32_to_cpup((const uint32_t *)tlv_data);
810
811 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
812 "%s: Paging: paging enabled (size = %u bytes)\n",
813 __func__, paging_mem_size);
814 if (paging_mem_size > IWM_MAX_PAGING_IMAGE_SIZE) {
815 device_printf(sc->sc_dev,
816 "%s: Paging: driver supports up to %u bytes for paging image\n",
817 __func__, IWM_MAX_PAGING_IMAGE_SIZE);
818 error = EINVAL;
819 goto out;
820 }
821 if (paging_mem_size & (IWM_FW_PAGING_SIZE - 1)) {
822 device_printf(sc->sc_dev,
823 "%s: Paging: image isn't multiple %u\n",
824 __func__, IWM_FW_PAGING_SIZE);
825 error = EINVAL;
826 goto out;
827 }
828
829 sc->sc_fw.img[IWM_UCODE_REGULAR].paging_mem_size =
830 paging_mem_size;
831 usniffer_img = IWM_UCODE_REGULAR_USNIFFER;
832 sc->sc_fw.img[usniffer_img].paging_mem_size =
833 paging_mem_size;
834 break;
835
836 case IWM_UCODE_TLV_N_SCAN_CHANNELS:
837 if (tlv_len != sizeof(uint32_t)) {
838 error = EINVAL;
839 goto parse_out;
840 }
841 capa->n_scan_channels =
842 le32_to_cpup((const uint32_t *)tlv_data);
843 break;
844
845 case IWM_UCODE_TLV_FW_VERSION:
846 if (tlv_len != sizeof(uint32_t) * 3) {
847 error = EINVAL;
848 goto parse_out;
849 }
850 snprintf(sc->sc_fwver, sizeof(sc->sc_fwver),
851 "%u.%u.%u",
852 le32toh(((const uint32_t *)tlv_data)[0]),
853 le32toh(((const uint32_t *)tlv_data)[1]),
854 le32toh(((const uint32_t *)tlv_data)[2]));
855 break;
856
857 case IWM_UCODE_TLV_FW_MEM_SEG:
858 break;
859
860 default:
861 device_printf(sc->sc_dev,
862 "%s: unknown firmware section %d, abort\n",
863 __func__, tlv_type);
864 error = EINVAL;
865 goto parse_out;
866 }
867 }
868
869 KASSERT(error == 0, ("unhandled error"));
870
871 parse_out:
872 if (error) {
873 device_printf(sc->sc_dev, "firmware parse error %d, "
874 "section type %d\n", error, tlv_type);
875 }
876
877 out:
878 if (error) {
879 if (fw->fw_fp != NULL)
880 iwm_fw_info_free(fw);
881 }
882
883 return error;
884 }
885
886 /*
887 * DMA resource routines
888 */
889
890 /* fwmem is used to load firmware onto the card */
891 static int
iwm_alloc_fwmem(struct iwm_softc * sc)892 iwm_alloc_fwmem(struct iwm_softc *sc)
893 {
894 /* Must be aligned on a 16-byte boundary. */
895 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
896 IWM_FH_MEM_TB_MAX_LENGTH, 16);
897 }
898
899 /* tx scheduler rings. not used? */
900 static int
iwm_alloc_sched(struct iwm_softc * sc)901 iwm_alloc_sched(struct iwm_softc *sc)
902 {
903 /* TX scheduler rings must be aligned on a 1KB boundary. */
904 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
905 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
906 }
907
908 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
909 static int
iwm_alloc_kw(struct iwm_softc * sc)910 iwm_alloc_kw(struct iwm_softc *sc)
911 {
912 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
913 }
914
915 /* interrupt cause table */
916 static int
iwm_alloc_ict(struct iwm_softc * sc)917 iwm_alloc_ict(struct iwm_softc *sc)
918 {
919 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
920 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
921 }
922
923 static int
iwm_alloc_rx_ring(struct iwm_softc * sc,struct iwm_rx_ring * ring)924 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
925 {
926 bus_size_t size;
927 size_t descsz;
928 int count, i, error;
929
930 ring->cur = 0;
931 if (sc->cfg->mqrx_supported) {
932 count = IWM_RX_MQ_RING_COUNT;
933 descsz = sizeof(uint64_t);
934 } else {
935 count = IWM_RX_LEGACY_RING_COUNT;
936 descsz = sizeof(uint32_t);
937 }
938
939 /* Allocate RX descriptors (256-byte aligned). */
940 size = count * descsz;
941 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->free_desc_dma, size,
942 256);
943 if (error != 0) {
944 device_printf(sc->sc_dev,
945 "could not allocate RX ring DMA memory\n");
946 goto fail;
947 }
948 ring->desc = ring->free_desc_dma.vaddr;
949
950 /* Allocate RX status area (16-byte aligned). */
951 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
952 sizeof(*ring->stat), 16);
953 if (error != 0) {
954 device_printf(sc->sc_dev,
955 "could not allocate RX status DMA memory\n");
956 goto fail;
957 }
958 ring->stat = ring->stat_dma.vaddr;
959
960 if (sc->cfg->mqrx_supported) {
961 size = count * sizeof(uint32_t);
962 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->used_desc_dma,
963 size, 256);
964 if (error != 0) {
965 device_printf(sc->sc_dev,
966 "could not allocate RX ring DMA memory\n");
967 goto fail;
968 }
969 }
970
971 /* Create RX buffer DMA tag. */
972 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
973 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
974 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat);
975 if (error != 0) {
976 device_printf(sc->sc_dev,
977 "%s: could not create RX buf DMA tag, error %d\n",
978 __func__, error);
979 goto fail;
980 }
981
982 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */
983 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map);
984 if (error != 0) {
985 device_printf(sc->sc_dev,
986 "%s: could not create RX buf DMA map, error %d\n",
987 __func__, error);
988 goto fail;
989 }
990
991 /*
992 * Allocate and map RX buffers.
993 */
994 for (i = 0; i < count; i++) {
995 struct iwm_rx_data *data = &ring->data[i];
996 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
997 if (error != 0) {
998 device_printf(sc->sc_dev,
999 "%s: could not create RX buf DMA map, error %d\n",
1000 __func__, error);
1001 goto fail;
1002 }
1003 data->m = NULL;
1004
1005 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
1006 goto fail;
1007 }
1008 }
1009 return 0;
1010
1011 fail: iwm_free_rx_ring(sc, ring);
1012 return error;
1013 }
1014
1015 static void
iwm_reset_rx_ring(struct iwm_softc * sc,struct iwm_rx_ring * ring)1016 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1017 {
1018 /* Reset the ring state */
1019 ring->cur = 0;
1020
1021 /*
1022 * The hw rx ring index in shared memory must also be cleared,
1023 * otherwise the discrepancy can cause reprocessing chaos.
1024 */
1025 if (sc->rxq.stat)
1026 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1027 }
1028
1029 static void
iwm_free_rx_ring(struct iwm_softc * sc,struct iwm_rx_ring * ring)1030 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1031 {
1032 int count, i;
1033
1034 iwm_dma_contig_free(&ring->free_desc_dma);
1035 iwm_dma_contig_free(&ring->stat_dma);
1036 iwm_dma_contig_free(&ring->used_desc_dma);
1037
1038 count = sc->cfg->mqrx_supported ? IWM_RX_MQ_RING_COUNT :
1039 IWM_RX_LEGACY_RING_COUNT;
1040
1041 for (i = 0; i < count; i++) {
1042 struct iwm_rx_data *data = &ring->data[i];
1043
1044 if (data->m != NULL) {
1045 bus_dmamap_sync(ring->data_dmat, data->map,
1046 BUS_DMASYNC_POSTREAD);
1047 bus_dmamap_unload(ring->data_dmat, data->map);
1048 m_freem(data->m);
1049 data->m = NULL;
1050 }
1051 if (data->map != NULL) {
1052 bus_dmamap_destroy(ring->data_dmat, data->map);
1053 data->map = NULL;
1054 }
1055 }
1056 if (ring->spare_map != NULL) {
1057 bus_dmamap_destroy(ring->data_dmat, ring->spare_map);
1058 ring->spare_map = NULL;
1059 }
1060 if (ring->data_dmat != NULL) {
1061 bus_dma_tag_destroy(ring->data_dmat);
1062 ring->data_dmat = NULL;
1063 }
1064 }
1065
1066 static int
iwm_alloc_tx_ring(struct iwm_softc * sc,struct iwm_tx_ring * ring,int qid)1067 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
1068 {
1069 bus_addr_t paddr;
1070 bus_size_t size;
1071 size_t maxsize;
1072 int nsegments;
1073 int i, error;
1074
1075 ring->qid = qid;
1076 ring->queued = 0;
1077 ring->cur = 0;
1078
1079 /* Allocate TX descriptors (256-byte aligned). */
1080 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
1081 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1082 if (error != 0) {
1083 device_printf(sc->sc_dev,
1084 "could not allocate TX ring DMA memory\n");
1085 goto fail;
1086 }
1087 ring->desc = ring->desc_dma.vaddr;
1088
1089 /*
1090 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
1091 * to allocate commands space for other rings.
1092 */
1093 if (qid > IWM_CMD_QUEUE)
1094 return 0;
1095
1096 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
1097 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
1098 if (error != 0) {
1099 device_printf(sc->sc_dev,
1100 "could not allocate TX cmd DMA memory\n");
1101 goto fail;
1102 }
1103 ring->cmd = ring->cmd_dma.vaddr;
1104
1105 /* FW commands may require more mapped space than packets. */
1106 if (qid == IWM_CMD_QUEUE) {
1107 maxsize = IWM_RBUF_SIZE;
1108 nsegments = 1;
1109 } else {
1110 maxsize = MCLBYTES;
1111 nsegments = IWM_MAX_SCATTER - 2;
1112 }
1113
1114 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
1115 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize,
1116 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat);
1117 if (error != 0) {
1118 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
1119 goto fail;
1120 }
1121
1122 paddr = ring->cmd_dma.paddr;
1123 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1124 struct iwm_tx_data *data = &ring->data[i];
1125
1126 data->cmd_paddr = paddr;
1127 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
1128 + offsetof(struct iwm_tx_cmd, scratch);
1129 paddr += sizeof(struct iwm_device_cmd);
1130
1131 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1132 if (error != 0) {
1133 device_printf(sc->sc_dev,
1134 "could not create TX buf DMA map\n");
1135 goto fail;
1136 }
1137 }
1138 KASSERT(paddr == ring->cmd_dma.paddr + size,
1139 ("invalid physical address"));
1140 return 0;
1141
1142 fail: iwm_free_tx_ring(sc, ring);
1143 return error;
1144 }
1145
1146 static void
iwm_reset_tx_ring(struct iwm_softc * sc,struct iwm_tx_ring * ring)1147 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1148 {
1149 int i;
1150
1151 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1152 struct iwm_tx_data *data = &ring->data[i];
1153
1154 if (data->m != NULL) {
1155 bus_dmamap_sync(ring->data_dmat, data->map,
1156 BUS_DMASYNC_POSTWRITE);
1157 bus_dmamap_unload(ring->data_dmat, data->map);
1158 m_freem(data->m);
1159 data->m = NULL;
1160 }
1161 }
1162 /* Clear TX descriptors. */
1163 memset(ring->desc, 0, ring->desc_dma.size);
1164 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1165 BUS_DMASYNC_PREWRITE);
1166 sc->qfullmsk &= ~(1 << ring->qid);
1167 ring->queued = 0;
1168 ring->cur = 0;
1169
1170 if (ring->qid == IWM_CMD_QUEUE && sc->cmd_hold_nic_awake)
1171 iwm_pcie_clear_cmd_in_flight(sc);
1172 }
1173
1174 static void
iwm_free_tx_ring(struct iwm_softc * sc,struct iwm_tx_ring * ring)1175 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1176 {
1177 int i;
1178
1179 iwm_dma_contig_free(&ring->desc_dma);
1180 iwm_dma_contig_free(&ring->cmd_dma);
1181
1182 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1183 struct iwm_tx_data *data = &ring->data[i];
1184
1185 if (data->m != NULL) {
1186 bus_dmamap_sync(ring->data_dmat, data->map,
1187 BUS_DMASYNC_POSTWRITE);
1188 bus_dmamap_unload(ring->data_dmat, data->map);
1189 m_freem(data->m);
1190 data->m = NULL;
1191 }
1192 if (data->map != NULL) {
1193 bus_dmamap_destroy(ring->data_dmat, data->map);
1194 data->map = NULL;
1195 }
1196 }
1197 if (ring->data_dmat != NULL) {
1198 bus_dma_tag_destroy(ring->data_dmat);
1199 ring->data_dmat = NULL;
1200 }
1201 }
1202
1203 /*
1204 * High-level hardware frobbing routines
1205 */
1206
1207 static void
iwm_enable_interrupts(struct iwm_softc * sc)1208 iwm_enable_interrupts(struct iwm_softc *sc)
1209 {
1210 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1211 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1212 }
1213
1214 static void
iwm_restore_interrupts(struct iwm_softc * sc)1215 iwm_restore_interrupts(struct iwm_softc *sc)
1216 {
1217 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1218 }
1219
1220 static void
iwm_disable_interrupts(struct iwm_softc * sc)1221 iwm_disable_interrupts(struct iwm_softc *sc)
1222 {
1223 /* disable interrupts */
1224 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1225
1226 /* acknowledge all interrupts */
1227 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1228 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1229 }
1230
1231 static void
iwm_ict_reset(struct iwm_softc * sc)1232 iwm_ict_reset(struct iwm_softc *sc)
1233 {
1234 iwm_disable_interrupts(sc);
1235
1236 /* Reset ICT table. */
1237 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1238 sc->ict_cur = 0;
1239
1240 /* Set physical address of ICT table (4KB aligned). */
1241 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1242 IWM_CSR_DRAM_INT_TBL_ENABLE
1243 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER
1244 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1245 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1246
1247 /* Switch to ICT interrupt mode in driver. */
1248 sc->sc_flags |= IWM_FLAG_USE_ICT;
1249
1250 /* Re-enable interrupts. */
1251 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1252 iwm_enable_interrupts(sc);
1253 }
1254
1255 /* iwlwifi pcie/trans.c */
1256
1257 /*
1258 * Since this .. hard-resets things, it's time to actually
1259 * mark the first vap (if any) as having no mac context.
1260 * It's annoying, but since the driver is potentially being
1261 * stop/start'ed whilst active (thanks openbsd port!) we
1262 * have to correctly track this.
1263 */
1264 static void
iwm_stop_device(struct iwm_softc * sc)1265 iwm_stop_device(struct iwm_softc *sc)
1266 {
1267 struct ieee80211com *ic = &sc->sc_ic;
1268 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1269 int chnl, qid;
1270 uint32_t mask = 0;
1271
1272 /* tell the device to stop sending interrupts */
1273 iwm_disable_interrupts(sc);
1274
1275 /*
1276 * FreeBSD-local: mark the first vap as not-uploaded,
1277 * so the next transition through auth/assoc
1278 * will correctly populate the MAC context.
1279 */
1280 if (vap) {
1281 struct iwm_vap *iv = IWM_VAP(vap);
1282 iv->phy_ctxt = NULL;
1283 iv->is_uploaded = 0;
1284 }
1285 sc->sc_firmware_state = 0;
1286 sc->sc_flags &= ~IWM_FLAG_TE_ACTIVE;
1287
1288 /* device going down, Stop using ICT table */
1289 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1290
1291 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1292
1293 if (iwm_nic_lock(sc)) {
1294 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1295
1296 /* Stop each Tx DMA channel */
1297 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1298 IWM_WRITE(sc,
1299 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1300 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl);
1301 }
1302
1303 /* Wait for DMA channels to be idle */
1304 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask,
1305 5000)) {
1306 device_printf(sc->sc_dev,
1307 "Failing on timeout while stopping DMA channel: [0x%08x]\n",
1308 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG));
1309 }
1310 iwm_nic_unlock(sc);
1311 }
1312 iwm_pcie_rx_stop(sc);
1313
1314 /* Stop RX ring. */
1315 iwm_reset_rx_ring(sc, &sc->rxq);
1316
1317 /* Reset all TX rings. */
1318 for (qid = 0; qid < nitems(sc->txq); qid++)
1319 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1320
1321 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1322 /* Power-down device's busmaster DMA clocks */
1323 if (iwm_nic_lock(sc)) {
1324 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG,
1325 IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1326 iwm_nic_unlock(sc);
1327 }
1328 DELAY(5);
1329 }
1330
1331 /* Make sure (redundant) we've released our request to stay awake */
1332 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1333 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1334
1335 /* Stop the device, and put it in low power state */
1336 iwm_apm_stop(sc);
1337
1338 /* stop and reset the on-board processor */
1339 IWM_SETBITS(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1340 DELAY(5000);
1341
1342 /*
1343 * Upon stop, the APM issues an interrupt if HW RF kill is set.
1344 */
1345 iwm_disable_interrupts(sc);
1346
1347 /*
1348 * Even if we stop the HW, we still want the RF kill
1349 * interrupt
1350 */
1351 iwm_enable_rfkill_int(sc);
1352 iwm_check_rfkill(sc);
1353
1354 iwm_prepare_card_hw(sc);
1355 }
1356
1357 /* iwlwifi: mvm/ops.c */
1358 static void
iwm_nic_config(struct iwm_softc * sc)1359 iwm_nic_config(struct iwm_softc *sc)
1360 {
1361 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1362 uint32_t reg_val = 0;
1363 uint32_t phy_config = iwm_get_phy_config(sc);
1364
1365 radio_cfg_type = (phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1366 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1367 radio_cfg_step = (phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1368 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1369 radio_cfg_dash = (phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1370 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1371
1372 /* SKU control */
1373 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1374 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1375 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1376 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1377
1378 /* radio configuration */
1379 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1380 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1381 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1382
1383 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG,
1384 IWM_CSR_HW_IF_CONFIG_REG_MSK_MAC_DASH |
1385 IWM_CSR_HW_IF_CONFIG_REG_MSK_MAC_STEP |
1386 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_STEP |
1387 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_DASH |
1388 IWM_CSR_HW_IF_CONFIG_REG_MSK_PHY_TYPE |
1389 IWM_CSR_HW_IF_CONFIG_REG_BIT_RADIO_SI |
1390 IWM_CSR_HW_IF_CONFIG_REG_BIT_MAC_SI |
1391 reg_val);
1392
1393 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1394 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1395 radio_cfg_step, radio_cfg_dash);
1396
1397 /*
1398 * W/A : NIC is stuck in a reset state after Early PCIe power off
1399 * (PCIe power is lost before PERST# is asserted), causing ME FW
1400 * to lose ownership and not being able to obtain it back.
1401 */
1402 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
1403 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1404 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1405 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1406 }
1407 }
1408
1409 static int
iwm_nic_rx_mq_init(struct iwm_softc * sc)1410 iwm_nic_rx_mq_init(struct iwm_softc *sc)
1411 {
1412 int enabled;
1413
1414 if (!iwm_nic_lock(sc))
1415 return EBUSY;
1416
1417 /* Stop RX DMA. */
1418 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG, 0);
1419 /* Disable RX used and free queue operation. */
1420 iwm_write_prph(sc, IWM_RFH_RXF_RXQ_ACTIVE, 0);
1421
1422 iwm_write_prph64(sc, IWM_RFH_Q0_FRBDCB_BA_LSB,
1423 sc->rxq.free_desc_dma.paddr);
1424 iwm_write_prph64(sc, IWM_RFH_Q0_URBDCB_BA_LSB,
1425 sc->rxq.used_desc_dma.paddr);
1426 iwm_write_prph64(sc, IWM_RFH_Q0_URBD_STTS_WPTR_LSB,
1427 sc->rxq.stat_dma.paddr);
1428 iwm_write_prph(sc, IWM_RFH_Q0_FRBDCB_WIDX, 0);
1429 iwm_write_prph(sc, IWM_RFH_Q0_FRBDCB_RIDX, 0);
1430 iwm_write_prph(sc, IWM_RFH_Q0_URBDCB_WIDX, 0);
1431
1432 /* We configure only queue 0 for now. */
1433 enabled = ((1 << 0) << 16) | (1 << 0);
1434
1435 /* Enable RX DMA, 4KB buffer size. */
1436 iwm_write_prph(sc, IWM_RFH_RXF_DMA_CFG,
1437 IWM_RFH_DMA_EN_ENABLE_VAL |
1438 IWM_RFH_RXF_DMA_RB_SIZE_4K |
1439 IWM_RFH_RXF_DMA_MIN_RB_4_8 |
1440 IWM_RFH_RXF_DMA_DROP_TOO_LARGE_MASK |
1441 IWM_RFH_RXF_DMA_RBDCB_SIZE_512);
1442
1443 /* Enable RX DMA snooping. */
1444 iwm_write_prph(sc, IWM_RFH_GEN_CFG,
1445 IWM_RFH_GEN_CFG_RFH_DMA_SNOOP |
1446 IWM_RFH_GEN_CFG_SERVICE_DMA_SNOOP |
1447 (sc->cfg->integrated ? IWM_RFH_GEN_CFG_RB_CHUNK_SIZE_64 :
1448 IWM_RFH_GEN_CFG_RB_CHUNK_SIZE_128));
1449
1450 /* Enable the configured queue(s). */
1451 iwm_write_prph(sc, IWM_RFH_RXF_RXQ_ACTIVE, enabled);
1452
1453 iwm_nic_unlock(sc);
1454
1455 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1456
1457 IWM_WRITE(sc, IWM_RFH_Q0_FRBDCB_WIDX_TRG, 8);
1458
1459 return (0);
1460 }
1461
1462 static int
iwm_nic_rx_legacy_init(struct iwm_softc * sc)1463 iwm_nic_rx_legacy_init(struct iwm_softc *sc)
1464 {
1465
1466 /* Stop Rx DMA */
1467 iwm_pcie_rx_stop(sc);
1468
1469 if (!iwm_nic_lock(sc))
1470 return EBUSY;
1471
1472 /* reset and flush pointers */
1473 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1474 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1475 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1476 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1477
1478 /* Set physical address of RX ring (256-byte aligned). */
1479 IWM_WRITE(sc,
1480 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG,
1481 sc->rxq.free_desc_dma.paddr >> 8);
1482
1483 /* Set physical address of RX status (16-byte aligned). */
1484 IWM_WRITE(sc,
1485 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1486
1487 /* Enable Rx DMA
1488 * XXX 5000 HW isn't supported by the iwm(4) driver.
1489 * IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY is set because of HW bug in
1490 * the credit mechanism in 5000 HW RX FIFO
1491 * Direct rx interrupts to hosts
1492 * Rx buffer size 4 or 8k or 12k
1493 * RB timeout 0x10
1494 * 256 RBDs
1495 */
1496 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1497 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1498 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1499 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1500 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1501 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1502 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1503
1504 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1505
1506 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1507 if (sc->cfg->host_interrupt_operation_mode)
1508 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1509
1510 iwm_nic_unlock(sc);
1511
1512 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1513
1514 return 0;
1515 }
1516
1517 static int
iwm_nic_rx_init(struct iwm_softc * sc)1518 iwm_nic_rx_init(struct iwm_softc *sc)
1519 {
1520 if (sc->cfg->mqrx_supported)
1521 return iwm_nic_rx_mq_init(sc);
1522 else
1523 return iwm_nic_rx_legacy_init(sc);
1524 }
1525
1526 static int
iwm_nic_tx_init(struct iwm_softc * sc)1527 iwm_nic_tx_init(struct iwm_softc *sc)
1528 {
1529 int qid;
1530
1531 if (!iwm_nic_lock(sc))
1532 return EBUSY;
1533
1534 /* Deactivate TX scheduler. */
1535 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1536
1537 /* Set physical address of "keep warm" page (16-byte aligned). */
1538 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1539
1540 /* Initialize TX rings. */
1541 for (qid = 0; qid < nitems(sc->txq); qid++) {
1542 struct iwm_tx_ring *txq = &sc->txq[qid];
1543
1544 /* Set physical address of TX ring (256-byte aligned). */
1545 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1546 txq->desc_dma.paddr >> 8);
1547 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1548 "%s: loading ring %d descriptors (%p) at %lx\n",
1549 __func__,
1550 qid, txq->desc,
1551 (unsigned long) (txq->desc_dma.paddr >> 8));
1552 }
1553
1554 iwm_set_bits_prph(sc, IWM_SCD_GP_CTRL,
1555 IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE |
1556 IWM_SCD_GP_CTRL_ENABLE_31_QUEUES);
1557
1558 iwm_nic_unlock(sc);
1559
1560 return 0;
1561 }
1562
1563 static int
iwm_nic_init(struct iwm_softc * sc)1564 iwm_nic_init(struct iwm_softc *sc)
1565 {
1566 int error;
1567
1568 iwm_apm_init(sc);
1569 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
1570 iwm_set_pwr(sc);
1571
1572 iwm_nic_config(sc);
1573
1574 if ((error = iwm_nic_rx_init(sc)) != 0)
1575 return error;
1576
1577 /*
1578 * Ditto for TX, from iwn
1579 */
1580 if ((error = iwm_nic_tx_init(sc)) != 0)
1581 return error;
1582
1583 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1584 "%s: shadow registers enabled\n", __func__);
1585 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1586
1587 return 0;
1588 }
1589
1590 int
iwm_enable_txq(struct iwm_softc * sc,int sta_id,int qid,int fifo)1591 iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo)
1592 {
1593 int qmsk;
1594
1595 qmsk = 1 << qid;
1596
1597 if (!iwm_nic_lock(sc)) {
1598 device_printf(sc->sc_dev, "%s: cannot enable txq %d\n",
1599 __func__, qid);
1600 return EBUSY;
1601 }
1602
1603 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1604
1605 if (qid == IWM_CMD_QUEUE) {
1606 /* Disable the scheduler. */
1607 iwm_write_prph(sc, IWM_SCD_EN_CTRL, 0);
1608
1609 /* Stop the TX queue prior to configuration. */
1610 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1611 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1612 (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1613
1614 iwm_nic_unlock(sc);
1615
1616 /* Disable aggregations for this queue. */
1617 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, qmsk);
1618
1619 if (!iwm_nic_lock(sc)) {
1620 device_printf(sc->sc_dev,
1621 "%s: cannot enable txq %d\n", __func__, qid);
1622 return EBUSY;
1623 }
1624 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1625 iwm_nic_unlock(sc);
1626
1627 iwm_write_mem32(sc,
1628 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1629 /* Set scheduler window size and frame limit. */
1630 iwm_write_mem32(sc,
1631 sc->scd_base_addr + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1632 sizeof(uint32_t),
1633 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1634 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1635 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1636 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1637
1638 if (!iwm_nic_lock(sc)) {
1639 device_printf(sc->sc_dev,
1640 "%s: cannot enable txq %d\n", __func__, qid);
1641 return EBUSY;
1642 }
1643 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1644 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1645 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1646 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1647 IWM_SCD_QUEUE_STTS_REG_MSK);
1648
1649 /* Enable the scheduler for this queue. */
1650 iwm_write_prph(sc, IWM_SCD_EN_CTRL, qmsk);
1651 } else {
1652 struct iwm_scd_txq_cfg_cmd cmd;
1653 int error;
1654
1655 iwm_nic_unlock(sc);
1656
1657 memset(&cmd, 0, sizeof(cmd));
1658 cmd.scd_queue = qid;
1659 cmd.enable = 1;
1660 cmd.sta_id = sta_id;
1661 cmd.tx_fifo = fifo;
1662 cmd.aggregate = 0;
1663 cmd.window = IWM_FRAME_LIMIT;
1664
1665 error = iwm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC,
1666 sizeof(cmd), &cmd);
1667 if (error) {
1668 device_printf(sc->sc_dev,
1669 "cannot enable txq %d\n", qid);
1670 return error;
1671 }
1672
1673 if (!iwm_nic_lock(sc))
1674 return EBUSY;
1675 }
1676
1677 iwm_nic_unlock(sc);
1678
1679 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n",
1680 __func__, qid, fifo);
1681
1682 return 0;
1683 }
1684
1685 static int
iwm_trans_pcie_fw_alive(struct iwm_softc * sc,uint32_t scd_base_addr)1686 iwm_trans_pcie_fw_alive(struct iwm_softc *sc, uint32_t scd_base_addr)
1687 {
1688 int error, chnl;
1689
1690 int clear_dwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1691 IWM_SCD_CONTEXT_MEM_LOWER_BOUND) / sizeof(uint32_t);
1692
1693 if (!iwm_nic_lock(sc))
1694 return EBUSY;
1695
1696 iwm_ict_reset(sc);
1697
1698 sc->scd_base_addr = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR);
1699 if (scd_base_addr != 0 &&
1700 scd_base_addr != sc->scd_base_addr) {
1701 device_printf(sc->sc_dev,
1702 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n",
1703 __func__, sc->scd_base_addr, scd_base_addr);
1704 }
1705
1706 iwm_nic_unlock(sc);
1707
1708 /* reset context data, TX status and translation data */
1709 error = iwm_write_mem(sc,
1710 sc->scd_base_addr + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1711 NULL, clear_dwords);
1712 if (error)
1713 return EBUSY;
1714
1715 if (!iwm_nic_lock(sc))
1716 return EBUSY;
1717
1718 /* Set physical address of TX scheduler rings (1KB aligned). */
1719 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1720
1721 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1722
1723 iwm_nic_unlock(sc);
1724
1725 /* enable command channel */
1726 error = iwm_enable_txq(sc, 0 /* unused */, IWM_CMD_QUEUE, 7);
1727 if (error)
1728 return error;
1729
1730 if (!iwm_nic_lock(sc))
1731 return EBUSY;
1732
1733 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1734
1735 /* Enable DMA channels. */
1736 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1737 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1738 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1739 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1740 }
1741
1742 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1743 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1744
1745 iwm_nic_unlock(sc);
1746
1747 /* Enable L1-Active */
1748 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
1749 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1750 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1751 }
1752
1753 return error;
1754 }
1755
1756 /*
1757 * NVM read access and content parsing. We do not support
1758 * external NVM or writing NVM.
1759 * iwlwifi/mvm/nvm.c
1760 */
1761
1762 /* Default NVM size to read */
1763 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1764
1765 #define IWM_NVM_WRITE_OPCODE 1
1766 #define IWM_NVM_READ_OPCODE 0
1767
1768 /* load nvm chunk response */
1769 enum {
1770 IWM_READ_NVM_CHUNK_SUCCEED = 0,
1771 IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS = 1
1772 };
1773
1774 static int
iwm_nvm_read_chunk(struct iwm_softc * sc,uint16_t section,uint16_t offset,uint16_t length,uint8_t * data,uint16_t * len)1775 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1776 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1777 {
1778 struct iwm_nvm_access_cmd nvm_access_cmd = {
1779 .offset = htole16(offset),
1780 .length = htole16(length),
1781 .type = htole16(section),
1782 .op_code = IWM_NVM_READ_OPCODE,
1783 };
1784 struct iwm_nvm_access_resp *nvm_resp;
1785 struct iwm_rx_packet *pkt;
1786 struct iwm_host_cmd cmd = {
1787 .id = IWM_NVM_ACCESS_CMD,
1788 .flags = IWM_CMD_WANT_SKB | IWM_CMD_SEND_IN_RFKILL,
1789 .data = { &nvm_access_cmd, },
1790 };
1791 int ret, bytes_read, offset_read;
1792 uint8_t *resp_data;
1793
1794 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1795
1796 ret = iwm_send_cmd(sc, &cmd);
1797 if (ret) {
1798 device_printf(sc->sc_dev,
1799 "Could not send NVM_ACCESS command (error=%d)\n", ret);
1800 return ret;
1801 }
1802
1803 pkt = cmd.resp_pkt;
1804
1805 /* Extract NVM response */
1806 nvm_resp = (void *)pkt->data;
1807 ret = le16toh(nvm_resp->status);
1808 bytes_read = le16toh(nvm_resp->length);
1809 offset_read = le16toh(nvm_resp->offset);
1810 resp_data = nvm_resp->data;
1811 if (ret) {
1812 if ((offset != 0) &&
1813 (ret == IWM_READ_NVM_CHUNK_NOT_VALID_ADDRESS)) {
1814 /*
1815 * meaning of NOT_VALID_ADDRESS:
1816 * driver try to read chunk from address that is
1817 * multiple of 2K and got an error since addr is empty.
1818 * meaning of (offset != 0): driver already
1819 * read valid data from another chunk so this case
1820 * is not an error.
1821 */
1822 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1823 "NVM access command failed on offset 0x%x since that section size is multiple 2K\n",
1824 offset);
1825 *len = 0;
1826 ret = 0;
1827 } else {
1828 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1829 "NVM access command failed with status %d\n", ret);
1830 ret = EIO;
1831 }
1832 goto exit;
1833 }
1834
1835 if (offset_read != offset) {
1836 device_printf(sc->sc_dev,
1837 "NVM ACCESS response with invalid offset %d\n",
1838 offset_read);
1839 ret = EINVAL;
1840 goto exit;
1841 }
1842
1843 if (bytes_read > length) {
1844 device_printf(sc->sc_dev,
1845 "NVM ACCESS response with too much data "
1846 "(%d bytes requested, %d bytes received)\n",
1847 length, bytes_read);
1848 ret = EINVAL;
1849 goto exit;
1850 }
1851
1852 /* Write data to NVM */
1853 memcpy(data + offset, resp_data, bytes_read);
1854 *len = bytes_read;
1855
1856 exit:
1857 iwm_free_resp(sc, &cmd);
1858 return ret;
1859 }
1860
1861 /*
1862 * Reads an NVM section completely.
1863 * NICs prior to 7000 family don't have a real NVM, but just read
1864 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1865 * by uCode, we need to manually check in this case that we don't
1866 * overflow and try to read more than the EEPROM size.
1867 * For 7000 family NICs, we supply the maximal size we can read, and
1868 * the uCode fills the response with as much data as we can,
1869 * without overflowing, so no check is needed.
1870 */
1871 static int
iwm_nvm_read_section(struct iwm_softc * sc,uint16_t section,uint8_t * data,uint16_t * len,uint32_t size_read)1872 iwm_nvm_read_section(struct iwm_softc *sc,
1873 uint16_t section, uint8_t *data, uint16_t *len, uint32_t size_read)
1874 {
1875 uint16_t seglen, length, offset = 0;
1876 int ret;
1877
1878 /* Set nvm section read length */
1879 length = IWM_NVM_DEFAULT_CHUNK_SIZE;
1880
1881 seglen = length;
1882
1883 /* Read the NVM until exhausted (reading less than requested) */
1884 while (seglen == length) {
1885 /* Check no memory assumptions fail and cause an overflow */
1886 if ((size_read + offset + length) >
1887 sc->cfg->eeprom_size) {
1888 device_printf(sc->sc_dev,
1889 "EEPROM size is too small for NVM\n");
1890 return ENOBUFS;
1891 }
1892
1893 ret = iwm_nvm_read_chunk(sc, section, offset, length, data, &seglen);
1894 if (ret) {
1895 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1896 "Cannot read NVM from section %d offset %d, length %d\n",
1897 section, offset, length);
1898 return ret;
1899 }
1900 offset += seglen;
1901 }
1902
1903 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
1904 "NVM section %d read completed\n", section);
1905 *len = offset;
1906 return 0;
1907 }
1908
1909 /*
1910 * BEGIN IWM_NVM_PARSE
1911 */
1912
1913 /* iwlwifi/iwl-nvm-parse.c */
1914
1915 /* NVM offsets (in words) definitions */
1916 enum iwm_nvm_offsets {
1917 /* NVM HW-Section offset (in words) definitions */
1918 IWM_HW_ADDR = 0x15,
1919
1920 /* NVM SW-Section offset (in words) definitions */
1921 IWM_NVM_SW_SECTION = 0x1C0,
1922 IWM_NVM_VERSION = 0,
1923 IWM_RADIO_CFG = 1,
1924 IWM_SKU = 2,
1925 IWM_N_HW_ADDRS = 3,
1926 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1927
1928 /* NVM calibration section offset (in words) definitions */
1929 IWM_NVM_CALIB_SECTION = 0x2B8,
1930 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1931 };
1932
1933 enum iwm_8000_nvm_offsets {
1934 /* NVM HW-Section offset (in words) definitions */
1935 IWM_HW_ADDR0_WFPM_8000 = 0x12,
1936 IWM_HW_ADDR1_WFPM_8000 = 0x16,
1937 IWM_HW_ADDR0_PCIE_8000 = 0x8A,
1938 IWM_HW_ADDR1_PCIE_8000 = 0x8E,
1939 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1,
1940
1941 /* NVM SW-Section offset (in words) definitions */
1942 IWM_NVM_SW_SECTION_8000 = 0x1C0,
1943 IWM_NVM_VERSION_8000 = 0,
1944 IWM_RADIO_CFG_8000 = 0,
1945 IWM_SKU_8000 = 2,
1946 IWM_N_HW_ADDRS_8000 = 3,
1947
1948 /* NVM REGULATORY -Section offset (in words) definitions */
1949 IWM_NVM_CHANNELS_8000 = 0,
1950 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7,
1951 IWM_NVM_LAR_OFFSET_8000 = 0x507,
1952 IWM_NVM_LAR_ENABLED_8000 = 0x7,
1953
1954 /* NVM calibration section offset (in words) definitions */
1955 IWM_NVM_CALIB_SECTION_8000 = 0x2B8,
1956 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000
1957 };
1958
1959 /* SKU Capabilities (actual values from NVM definition) */
1960 enum nvm_sku_bits {
1961 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1962 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1963 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1964 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1965 };
1966
1967 /* radio config bits (actual values from NVM definition) */
1968 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1969 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1970 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1971 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1972 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1973 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1974
1975 #define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF)
1976 #define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF)
1977 #define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF)
1978 #define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF)
1979 #define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF)
1980 #define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF)
1981
1982 /**
1983 * enum iwm_nvm_channel_flags - channel flags in NVM
1984 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1985 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1986 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1987 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1988 * XXX cannot find this (DFS) flag in iwm-nvm-parse.c
1989 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1990 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1991 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1992 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1993 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1994 */
1995 enum iwm_nvm_channel_flags {
1996 IWM_NVM_CHANNEL_VALID = (1 << 0),
1997 IWM_NVM_CHANNEL_IBSS = (1 << 1),
1998 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
1999 IWM_NVM_CHANNEL_RADAR = (1 << 4),
2000 IWM_NVM_CHANNEL_DFS = (1 << 7),
2001 IWM_NVM_CHANNEL_WIDE = (1 << 8),
2002 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
2003 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
2004 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
2005 };
2006
2007 /*
2008 * Translate EEPROM flags to net80211.
2009 */
2010 static uint32_t
iwm_eeprom_channel_flags(uint16_t ch_flags)2011 iwm_eeprom_channel_flags(uint16_t ch_flags)
2012 {
2013 uint32_t nflags;
2014
2015 nflags = 0;
2016 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0)
2017 nflags |= IEEE80211_CHAN_PASSIVE;
2018 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0)
2019 nflags |= IEEE80211_CHAN_NOADHOC;
2020 if (ch_flags & IWM_NVM_CHANNEL_RADAR) {
2021 nflags |= IEEE80211_CHAN_DFS;
2022 /* Just in case. */
2023 nflags |= IEEE80211_CHAN_NOADHOC;
2024 }
2025
2026 return (nflags);
2027 }
2028
2029 static void
iwm_add_channel_band(struct iwm_softc * sc,struct ieee80211_channel chans[],int maxchans,int * nchans,int ch_idx,size_t ch_num,const uint8_t bands[])2030 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[],
2031 int maxchans, int *nchans, int ch_idx, size_t ch_num,
2032 const uint8_t bands[])
2033 {
2034 const uint16_t * const nvm_ch_flags = sc->nvm_data->nvm_ch_flags;
2035 uint32_t nflags;
2036 uint16_t ch_flags;
2037 uint8_t ieee;
2038 int error;
2039
2040 for (; ch_idx < ch_num; ch_idx++) {
2041 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
2042 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
2043 ieee = iwm_nvm_channels[ch_idx];
2044 else
2045 ieee = iwm_nvm_channels_8000[ch_idx];
2046
2047 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
2048 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
2049 "Ch. %d Flags %x [%sGHz] - No traffic\n",
2050 ieee, ch_flags,
2051 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
2052 "5.2" : "2.4");
2053 continue;
2054 }
2055
2056 nflags = iwm_eeprom_channel_flags(ch_flags);
2057 error = ieee80211_add_channel(chans, maxchans, nchans,
2058 ieee, 0, 0, nflags, bands);
2059 if (error != 0)
2060 break;
2061
2062 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
2063 "Ch. %d Flags %x [%sGHz] - Added\n",
2064 ieee, ch_flags,
2065 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
2066 "5.2" : "2.4");
2067 }
2068 }
2069
2070 static void
iwm_init_channel_map(struct ieee80211com * ic,int maxchans,int * nchans,struct ieee80211_channel chans[])2071 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans,
2072 struct ieee80211_channel chans[])
2073 {
2074 struct iwm_softc *sc = ic->ic_softc;
2075 struct iwm_nvm_data *data = sc->nvm_data;
2076 uint8_t bands[IEEE80211_MODE_BYTES];
2077 size_t ch_num;
2078
2079 memset(bands, 0, sizeof(bands));
2080 /* 1-13: 11b/g channels. */
2081 setbit(bands, IEEE80211_MODE_11B);
2082 setbit(bands, IEEE80211_MODE_11G);
2083 iwm_add_channel_band(sc, chans, maxchans, nchans, 0,
2084 IWM_NUM_2GHZ_CHANNELS - 1, bands);
2085
2086 /* 14: 11b channel only. */
2087 clrbit(bands, IEEE80211_MODE_11G);
2088 iwm_add_channel_band(sc, chans, maxchans, nchans,
2089 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands);
2090
2091 if (data->sku_cap_band_52GHz_enable) {
2092 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
2093 ch_num = nitems(iwm_nvm_channels);
2094 else
2095 ch_num = nitems(iwm_nvm_channels_8000);
2096 memset(bands, 0, sizeof(bands));
2097 setbit(bands, IEEE80211_MODE_11A);
2098 iwm_add_channel_band(sc, chans, maxchans, nchans,
2099 IWM_NUM_2GHZ_CHANNELS, ch_num, bands);
2100 }
2101 }
2102
2103 static void
iwm_set_hw_address_family_8000(struct iwm_softc * sc,struct iwm_nvm_data * data,const uint16_t * mac_override,const uint16_t * nvm_hw)2104 iwm_set_hw_address_family_8000(struct iwm_softc *sc, struct iwm_nvm_data *data,
2105 const uint16_t *mac_override, const uint16_t *nvm_hw)
2106 {
2107 const uint8_t *hw_addr;
2108
2109 if (mac_override) {
2110 static const uint8_t reserved_mac[] = {
2111 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00
2112 };
2113
2114 hw_addr = (const uint8_t *)(mac_override +
2115 IWM_MAC_ADDRESS_OVERRIDE_8000);
2116
2117 /*
2118 * Store the MAC address from MAO section.
2119 * No byte swapping is required in MAO section
2120 */
2121 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr);
2122
2123 /*
2124 * Force the use of the OTP MAC address in case of reserved MAC
2125 * address in the NVM, or if address is given but invalid.
2126 */
2127 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) &&
2128 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) &&
2129 iwm_is_valid_ether_addr(data->hw_addr) &&
2130 !IEEE80211_IS_MULTICAST(data->hw_addr))
2131 return;
2132
2133 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2134 "%s: mac address from nvm override section invalid\n",
2135 __func__);
2136 }
2137
2138 if (nvm_hw) {
2139 /* read the mac address from WFMP registers */
2140 uint32_t mac_addr0 =
2141 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0));
2142 uint32_t mac_addr1 =
2143 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1));
2144
2145 hw_addr = (const uint8_t *)&mac_addr0;
2146 data->hw_addr[0] = hw_addr[3];
2147 data->hw_addr[1] = hw_addr[2];
2148 data->hw_addr[2] = hw_addr[1];
2149 data->hw_addr[3] = hw_addr[0];
2150
2151 hw_addr = (const uint8_t *)&mac_addr1;
2152 data->hw_addr[4] = hw_addr[1];
2153 data->hw_addr[5] = hw_addr[0];
2154
2155 return;
2156 }
2157
2158 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__);
2159 memset(data->hw_addr, 0, sizeof(data->hw_addr));
2160 }
2161
2162 static int
iwm_get_sku(const struct iwm_softc * sc,const uint16_t * nvm_sw,const uint16_t * phy_sku)2163 iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2164 const uint16_t *phy_sku)
2165 {
2166 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000)
2167 return le16_to_cpup(nvm_sw + IWM_SKU);
2168
2169 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000));
2170 }
2171
2172 static int
iwm_get_nvm_version(const struct iwm_softc * sc,const uint16_t * nvm_sw)2173 iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2174 {
2175 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000)
2176 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
2177 else
2178 return le32_to_cpup((const uint32_t *)(nvm_sw +
2179 IWM_NVM_VERSION_8000));
2180 }
2181
2182 static int
iwm_get_radio_cfg(const struct iwm_softc * sc,const uint16_t * nvm_sw,const uint16_t * phy_sku)2183 iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2184 const uint16_t *phy_sku)
2185 {
2186 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000)
2187 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
2188
2189 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000));
2190 }
2191
2192 static int
iwm_get_n_hw_addrs(const struct iwm_softc * sc,const uint16_t * nvm_sw)2193 iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2194 {
2195 int n_hw_addr;
2196
2197 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000)
2198 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
2199
2200 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000));
2201
2202 return n_hw_addr & IWM_N_HW_ADDR_MASK;
2203 }
2204
2205 static void
iwm_set_radio_cfg(const struct iwm_softc * sc,struct iwm_nvm_data * data,uint32_t radio_cfg)2206 iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data,
2207 uint32_t radio_cfg)
2208 {
2209 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
2210 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
2211 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
2212 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
2213 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
2214 return;
2215 }
2216
2217 /* set the radio configuration for family 8000 */
2218 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg);
2219 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg);
2220 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg);
2221 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg);
2222 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg);
2223 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg);
2224 }
2225
2226 static int
iwm_set_hw_address(struct iwm_softc * sc,struct iwm_nvm_data * data,const uint16_t * nvm_hw,const uint16_t * mac_override)2227 iwm_set_hw_address(struct iwm_softc *sc, struct iwm_nvm_data *data,
2228 const uint16_t *nvm_hw, const uint16_t *mac_override)
2229 {
2230 #ifdef notyet /* for FAMILY 9000 */
2231 if (cfg->mac_addr_from_csr) {
2232 iwm_set_hw_address_from_csr(sc, data);
2233 } else
2234 #endif
2235 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
2236 const uint8_t *hw_addr = (const uint8_t *)(nvm_hw + IWM_HW_ADDR);
2237
2238 /* The byte order is little endian 16 bit, meaning 214365 */
2239 data->hw_addr[0] = hw_addr[1];
2240 data->hw_addr[1] = hw_addr[0];
2241 data->hw_addr[2] = hw_addr[3];
2242 data->hw_addr[3] = hw_addr[2];
2243 data->hw_addr[4] = hw_addr[5];
2244 data->hw_addr[5] = hw_addr[4];
2245 } else {
2246 iwm_set_hw_address_family_8000(sc, data, mac_override, nvm_hw);
2247 }
2248
2249 if (!iwm_is_valid_ether_addr(data->hw_addr)) {
2250 device_printf(sc->sc_dev, "no valid mac address was found\n");
2251 return EINVAL;
2252 }
2253
2254 return 0;
2255 }
2256
2257 static struct iwm_nvm_data *
iwm_parse_nvm_data(struct iwm_softc * sc,const uint16_t * nvm_hw,const uint16_t * nvm_sw,const uint16_t * nvm_calib,const uint16_t * mac_override,const uint16_t * phy_sku,const uint16_t * regulatory)2258 iwm_parse_nvm_data(struct iwm_softc *sc,
2259 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
2260 const uint16_t *nvm_calib, const uint16_t *mac_override,
2261 const uint16_t *phy_sku, const uint16_t *regulatory)
2262 {
2263 struct iwm_nvm_data *data;
2264 uint32_t sku, radio_cfg;
2265 uint16_t lar_config;
2266
2267 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
2268 data = malloc(sizeof(*data) +
2269 IWM_NUM_CHANNELS * sizeof(uint16_t),
2270 M_DEVBUF, M_NOWAIT | M_ZERO);
2271 } else {
2272 data = malloc(sizeof(*data) +
2273 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t),
2274 M_DEVBUF, M_NOWAIT | M_ZERO);
2275 }
2276 if (!data)
2277 return NULL;
2278
2279 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw);
2280
2281 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku);
2282 iwm_set_radio_cfg(sc, data, radio_cfg);
2283
2284 sku = iwm_get_sku(sc, nvm_sw, phy_sku);
2285 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
2286 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
2287 data->sku_cap_11n_enable = 0;
2288
2289 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw);
2290
2291 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) {
2292 /* TODO: use IWL_NVM_EXT */
2293 uint16_t lar_offset = data->nvm_version < 0xE39 ?
2294 IWM_NVM_LAR_OFFSET_8000_OLD :
2295 IWM_NVM_LAR_OFFSET_8000;
2296
2297 lar_config = le16_to_cpup(regulatory + lar_offset);
2298 data->lar_enabled = !!(lar_config &
2299 IWM_NVM_LAR_ENABLED_8000);
2300 }
2301
2302 /* If no valid mac address was found - bail out */
2303 if (iwm_set_hw_address(sc, data, nvm_hw, mac_override)) {
2304 free(data, M_DEVBUF);
2305 return NULL;
2306 }
2307
2308 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2309 memcpy(data->nvm_ch_flags, sc->cfg->nvm_type == IWM_NVM_SDP ?
2310 ®ulatory[0] : &nvm_sw[IWM_NVM_CHANNELS],
2311 IWM_NUM_CHANNELS * sizeof(uint16_t));
2312 } else {
2313 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000],
2314 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t));
2315 }
2316
2317 return data;
2318 }
2319
2320 static void
iwm_free_nvm_data(struct iwm_nvm_data * data)2321 iwm_free_nvm_data(struct iwm_nvm_data *data)
2322 {
2323 if (data != NULL)
2324 free(data, M_DEVBUF);
2325 }
2326
2327 static struct iwm_nvm_data *
iwm_parse_nvm_sections(struct iwm_softc * sc,struct iwm_nvm_section * sections)2328 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
2329 {
2330 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku;
2331
2332 /* Checking for required sections */
2333 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000) {
2334 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2335 !sections[sc->cfg->nvm_hw_section_num].data) {
2336 device_printf(sc->sc_dev,
2337 "Can't parse empty OTP/NVM sections\n");
2338 return NULL;
2339 }
2340 } else if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) {
2341 /* SW and REGULATORY sections are mandatory */
2342 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2343 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) {
2344 device_printf(sc->sc_dev,
2345 "Can't parse empty OTP/NVM sections\n");
2346 return NULL;
2347 }
2348 /* MAC_OVERRIDE or at least HW section must exist */
2349 if (!sections[sc->cfg->nvm_hw_section_num].data &&
2350 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) {
2351 device_printf(sc->sc_dev,
2352 "Can't parse mac_address, empty sections\n");
2353 return NULL;
2354 }
2355
2356 /* PHY_SKU section is mandatory in B0 */
2357 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) {
2358 device_printf(sc->sc_dev,
2359 "Can't parse phy_sku in B0, empty sections\n");
2360 return NULL;
2361 }
2362 } else {
2363 panic("unknown device family %d\n", sc->cfg->device_family);
2364 }
2365
2366 hw = (const uint16_t *) sections[sc->cfg->nvm_hw_section_num].data;
2367 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
2368 calib = (const uint16_t *)
2369 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
2370 regulatory = sc->cfg->nvm_type == IWM_NVM_SDP ?
2371 (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_REGULATORY_SDP].data :
2372 (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_REGULATORY].data;
2373 mac_override = (const uint16_t *)
2374 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data;
2375 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data;
2376
2377 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override,
2378 phy_sku, regulatory);
2379 }
2380
2381 static int
iwm_nvm_init(struct iwm_softc * sc)2382 iwm_nvm_init(struct iwm_softc *sc)
2383 {
2384 struct iwm_nvm_section nvm_sections[IWM_NVM_MAX_NUM_SECTIONS];
2385 int i, ret, section;
2386 uint32_t size_read = 0;
2387 uint8_t *nvm_buffer, *temp;
2388 uint16_t len;
2389
2390 memset(nvm_sections, 0, sizeof(nvm_sections));
2391
2392 if (sc->cfg->nvm_hw_section_num >= IWM_NVM_MAX_NUM_SECTIONS)
2393 return EINVAL;
2394
2395 /* load NVM values from nic */
2396 /* Read From FW NVM */
2397 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM, "Read from NVM\n");
2398
2399 nvm_buffer = malloc(sc->cfg->eeprom_size, M_DEVBUF, M_NOWAIT | M_ZERO);
2400 if (!nvm_buffer)
2401 return ENOMEM;
2402 for (section = 0; section < IWM_NVM_MAX_NUM_SECTIONS; section++) {
2403 /* we override the constness for initial read */
2404 ret = iwm_nvm_read_section(sc, section, nvm_buffer,
2405 &len, size_read);
2406 if (ret)
2407 continue;
2408 size_read += len;
2409 temp = malloc(len, M_DEVBUF, M_NOWAIT);
2410 if (!temp) {
2411 ret = ENOMEM;
2412 break;
2413 }
2414 memcpy(temp, nvm_buffer, len);
2415
2416 nvm_sections[section].data = temp;
2417 nvm_sections[section].length = len;
2418 }
2419 if (!size_read)
2420 device_printf(sc->sc_dev, "OTP is blank\n");
2421 free(nvm_buffer, M_DEVBUF);
2422
2423 sc->nvm_data = iwm_parse_nvm_sections(sc, nvm_sections);
2424 if (!sc->nvm_data)
2425 return EINVAL;
2426 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM | IWM_DEBUG_RESET,
2427 "nvm version = %x\n", sc->nvm_data->nvm_version);
2428
2429 for (i = 0; i < IWM_NVM_MAX_NUM_SECTIONS; i++) {
2430 if (nvm_sections[i].data != NULL)
2431 free(nvm_sections[i].data, M_DEVBUF);
2432 }
2433
2434 return 0;
2435 }
2436
2437 static int
iwm_pcie_load_section(struct iwm_softc * sc,uint8_t section_num,const struct iwm_fw_desc * section)2438 iwm_pcie_load_section(struct iwm_softc *sc, uint8_t section_num,
2439 const struct iwm_fw_desc *section)
2440 {
2441 struct iwm_dma_info *dma = &sc->fw_dma;
2442 uint8_t *v_addr;
2443 bus_addr_t p_addr;
2444 uint32_t offset, chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, section->len);
2445 int ret = 0;
2446
2447 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2448 "%s: [%d] uCode section being loaded...\n",
2449 __func__, section_num);
2450
2451 v_addr = dma->vaddr;
2452 p_addr = dma->paddr;
2453
2454 for (offset = 0; offset < section->len; offset += chunk_sz) {
2455 uint32_t copy_size, dst_addr;
2456 int extended_addr = FALSE;
2457
2458 copy_size = MIN(chunk_sz, section->len - offset);
2459 dst_addr = section->offset + offset;
2460
2461 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2462 dst_addr <= IWM_FW_MEM_EXTENDED_END)
2463 extended_addr = TRUE;
2464
2465 if (extended_addr)
2466 iwm_set_bits_prph(sc, IWM_LMPM_CHICK,
2467 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2468
2469 memcpy(v_addr, (const uint8_t *)section->data + offset,
2470 copy_size);
2471 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
2472 ret = iwm_pcie_load_firmware_chunk(sc, dst_addr, p_addr,
2473 copy_size);
2474
2475 if (extended_addr)
2476 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK,
2477 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2478
2479 if (ret) {
2480 device_printf(sc->sc_dev,
2481 "%s: Could not load the [%d] uCode section\n",
2482 __func__, section_num);
2483 break;
2484 }
2485 }
2486
2487 return ret;
2488 }
2489
2490 /*
2491 * ucode
2492 */
2493 static int
iwm_pcie_load_firmware_chunk(struct iwm_softc * sc,uint32_t dst_addr,bus_addr_t phy_addr,uint32_t byte_cnt)2494 iwm_pcie_load_firmware_chunk(struct iwm_softc *sc, uint32_t dst_addr,
2495 bus_addr_t phy_addr, uint32_t byte_cnt)
2496 {
2497 sc->sc_fw_chunk_done = 0;
2498
2499 if (!iwm_nic_lock(sc))
2500 return EBUSY;
2501
2502 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2503 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
2504
2505 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
2506 dst_addr);
2507
2508 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
2509 phy_addr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
2510
2511 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
2512 (iwm_get_dma_hi_addr(phy_addr)
2513 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
2514
2515 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
2516 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
2517 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
2518 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
2519
2520 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2521 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
2522 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
2523 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
2524
2525 iwm_nic_unlock(sc);
2526
2527 /* wait up to 5s for this segment to load */
2528 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz * 5);
2529
2530 if (!sc->sc_fw_chunk_done) {
2531 device_printf(sc->sc_dev,
2532 "fw chunk addr 0x%x len %d failed to load\n",
2533 dst_addr, byte_cnt);
2534 return ETIMEDOUT;
2535 }
2536
2537 return 0;
2538 }
2539
2540 static int
iwm_pcie_load_cpu_sections_8000(struct iwm_softc * sc,const struct iwm_fw_img * image,int cpu,int * first_ucode_section)2541 iwm_pcie_load_cpu_sections_8000(struct iwm_softc *sc,
2542 const struct iwm_fw_img *image, int cpu, int *first_ucode_section)
2543 {
2544 int shift_param;
2545 int i, ret = 0, sec_num = 0x1;
2546 uint32_t val, last_read_idx = 0;
2547
2548 if (cpu == 1) {
2549 shift_param = 0;
2550 *first_ucode_section = 0;
2551 } else {
2552 shift_param = 16;
2553 (*first_ucode_section)++;
2554 }
2555
2556 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2557 last_read_idx = i;
2558
2559 /*
2560 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2561 * CPU1 to CPU2.
2562 * PAGING_SEPARATOR_SECTION delimiter - separate between
2563 * CPU2 non paged to CPU2 paging sec.
2564 */
2565 if (!image->sec[i].data ||
2566 image->sec[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2567 image->sec[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2568 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2569 "Break since Data not valid or Empty section, sec = %d\n",
2570 i);
2571 break;
2572 }
2573 ret = iwm_pcie_load_section(sc, i, &image->sec[i]);
2574 if (ret)
2575 return ret;
2576
2577 /* Notify the ucode of the loaded section number and status */
2578 if (iwm_nic_lock(sc)) {
2579 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS);
2580 val = val | (sec_num << shift_param);
2581 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val);
2582 sec_num = (sec_num << 1) | 0x1;
2583 iwm_nic_unlock(sc);
2584 }
2585 }
2586
2587 *first_ucode_section = last_read_idx;
2588
2589 iwm_enable_interrupts(sc);
2590
2591 if (iwm_nic_lock(sc)) {
2592 if (cpu == 1)
2593 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF);
2594 else
2595 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
2596 iwm_nic_unlock(sc);
2597 }
2598
2599 return 0;
2600 }
2601
2602 static int
iwm_pcie_load_cpu_sections(struct iwm_softc * sc,const struct iwm_fw_img * image,int cpu,int * first_ucode_section)2603 iwm_pcie_load_cpu_sections(struct iwm_softc *sc,
2604 const struct iwm_fw_img *image, int cpu, int *first_ucode_section)
2605 {
2606 int shift_param;
2607 int i, ret = 0;
2608 uint32_t last_read_idx = 0;
2609
2610 if (cpu == 1) {
2611 shift_param = 0;
2612 *first_ucode_section = 0;
2613 } else {
2614 shift_param = 16;
2615 (*first_ucode_section)++;
2616 }
2617
2618 for (i = *first_ucode_section; i < IWM_UCODE_SECTION_MAX; i++) {
2619 last_read_idx = i;
2620
2621 /*
2622 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2623 * CPU1 to CPU2.
2624 * PAGING_SEPARATOR_SECTION delimiter - separate between
2625 * CPU2 non paged to CPU2 paging sec.
2626 */
2627 if (!image->sec[i].data ||
2628 image->sec[i].offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2629 image->sec[i].offset == IWM_PAGING_SEPARATOR_SECTION) {
2630 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2631 "Break since Data not valid or Empty section, sec = %d\n",
2632 i);
2633 break;
2634 }
2635
2636 ret = iwm_pcie_load_section(sc, i, &image->sec[i]);
2637 if (ret)
2638 return ret;
2639 }
2640
2641 *first_ucode_section = last_read_idx;
2642
2643 return 0;
2644
2645 }
2646
2647 static int
iwm_pcie_load_given_ucode(struct iwm_softc * sc,const struct iwm_fw_img * image)2648 iwm_pcie_load_given_ucode(struct iwm_softc *sc, const struct iwm_fw_img *image)
2649 {
2650 int ret = 0;
2651 int first_ucode_section;
2652
2653 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2654 image->is_dual_cpus ? "Dual" : "Single");
2655
2656 /* load to FW the binary non secured sections of CPU1 */
2657 ret = iwm_pcie_load_cpu_sections(sc, image, 1, &first_ucode_section);
2658 if (ret)
2659 return ret;
2660
2661 if (image->is_dual_cpus) {
2662 /* set CPU2 header address */
2663 if (iwm_nic_lock(sc)) {
2664 iwm_write_prph(sc,
2665 IWM_LMPM_SECURE_UCODE_LOAD_CPU2_HDR_ADDR,
2666 IWM_LMPM_SECURE_CPU2_HDR_MEM_SPACE);
2667 iwm_nic_unlock(sc);
2668 }
2669
2670 /* load to FW the binary sections of CPU2 */
2671 ret = iwm_pcie_load_cpu_sections(sc, image, 2,
2672 &first_ucode_section);
2673 if (ret)
2674 return ret;
2675 }
2676
2677 iwm_enable_interrupts(sc);
2678
2679 /* release CPU reset */
2680 IWM_WRITE(sc, IWM_CSR_RESET, 0);
2681
2682 return 0;
2683 }
2684
2685 int
iwm_pcie_load_given_ucode_8000(struct iwm_softc * sc,const struct iwm_fw_img * image)2686 iwm_pcie_load_given_ucode_8000(struct iwm_softc *sc,
2687 const struct iwm_fw_img *image)
2688 {
2689 int ret = 0;
2690 int first_ucode_section;
2691
2692 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "working with %s CPU\n",
2693 image->is_dual_cpus ? "Dual" : "Single");
2694
2695 /* configure the ucode to be ready to get the secured image */
2696 /* release CPU reset */
2697 if (iwm_nic_lock(sc)) {
2698 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET,
2699 IWM_RELEASE_CPU_RESET_BIT);
2700 iwm_nic_unlock(sc);
2701 }
2702
2703 /* load to FW the binary Secured sections of CPU1 */
2704 ret = iwm_pcie_load_cpu_sections_8000(sc, image, 1,
2705 &first_ucode_section);
2706 if (ret)
2707 return ret;
2708
2709 /* load to FW the binary sections of CPU2 */
2710 return iwm_pcie_load_cpu_sections_8000(sc, image, 2,
2711 &first_ucode_section);
2712 }
2713
2714 /* XXX Get rid of this definition */
2715 static inline void
iwm_enable_fw_load_int(struct iwm_softc * sc)2716 iwm_enable_fw_load_int(struct iwm_softc *sc)
2717 {
2718 IWM_DPRINTF(sc, IWM_DEBUG_INTR, "Enabling FW load interrupt\n");
2719 sc->sc_intmask = IWM_CSR_INT_BIT_FH_TX;
2720 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
2721 }
2722
2723 /* XXX Add proper rfkill support code */
2724 static int
iwm_start_fw(struct iwm_softc * sc,const struct iwm_fw_img * fw)2725 iwm_start_fw(struct iwm_softc *sc, const struct iwm_fw_img *fw)
2726 {
2727 int ret;
2728
2729 /* This may fail if AMT took ownership of the device */
2730 if (iwm_prepare_card_hw(sc)) {
2731 device_printf(sc->sc_dev,
2732 "%s: Exit HW not ready\n", __func__);
2733 ret = EIO;
2734 goto out;
2735 }
2736
2737 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2738
2739 iwm_disable_interrupts(sc);
2740
2741 /* make sure rfkill handshake bits are cleared */
2742 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2743 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
2744 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
2745
2746 /* clear (again), then enable host interrupts */
2747 IWM_WRITE(sc, IWM_CSR_INT, 0xFFFFFFFF);
2748
2749 ret = iwm_nic_init(sc);
2750 if (ret) {
2751 device_printf(sc->sc_dev, "%s: Unable to init nic\n", __func__);
2752 goto out;
2753 }
2754
2755 /*
2756 * Now, we load the firmware and don't want to be interrupted, even
2757 * by the RF-Kill interrupt (hence mask all the interrupt besides the
2758 * FH_TX interrupt which is needed to load the firmware). If the
2759 * RF-Kill switch is toggled, we will find out after having loaded
2760 * the firmware and return the proper value to the caller.
2761 */
2762 iwm_enable_fw_load_int(sc);
2763
2764 /* really make sure rfkill handshake bits are cleared */
2765 /* maybe we should write a few times more? just to make sure */
2766 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2767 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2768
2769 /* Load the given image to the HW */
2770 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000)
2771 ret = iwm_pcie_load_given_ucode_8000(sc, fw);
2772 else
2773 ret = iwm_pcie_load_given_ucode(sc, fw);
2774
2775 /* XXX re-check RF-Kill state */
2776
2777 out:
2778 return ret;
2779 }
2780
2781 static int
iwm_send_tx_ant_cfg(struct iwm_softc * sc,uint8_t valid_tx_ant)2782 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2783 {
2784 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2785 .valid = htole32(valid_tx_ant),
2786 };
2787
2788 return iwm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2789 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2790 }
2791
2792 /* iwlwifi: mvm/fw.c */
2793 static int
iwm_send_phy_cfg_cmd(struct iwm_softc * sc)2794 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2795 {
2796 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2797 enum iwm_ucode_type ucode_type = sc->cur_ucode;
2798
2799 /* Set parameters */
2800 phy_cfg_cmd.phy_cfg = htole32(iwm_get_phy_config(sc));
2801 phy_cfg_cmd.calib_control.event_trigger =
2802 sc->sc_default_calib[ucode_type].event_trigger;
2803 phy_cfg_cmd.calib_control.flow_trigger =
2804 sc->sc_default_calib[ucode_type].flow_trigger;
2805
2806 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2807 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2808 return iwm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2809 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2810 }
2811
2812 static int
iwm_alive_fn(struct iwm_softc * sc,struct iwm_rx_packet * pkt,void * data)2813 iwm_alive_fn(struct iwm_softc *sc, struct iwm_rx_packet *pkt, void *data)
2814 {
2815 struct iwm_alive_data *alive_data = data;
2816 struct iwm_alive_resp_v3 *palive3;
2817 struct iwm_alive_resp *palive;
2818 struct iwm_umac_alive *umac;
2819 struct iwm_lmac_alive *lmac1;
2820 struct iwm_lmac_alive *lmac2 = NULL;
2821 uint16_t status;
2822
2823 if (iwm_rx_packet_payload_len(pkt) == sizeof(*palive)) {
2824 palive = (void *)pkt->data;
2825 umac = &palive->umac_data;
2826 lmac1 = &palive->lmac_data[0];
2827 lmac2 = &palive->lmac_data[1];
2828 status = le16toh(palive->status);
2829 } else {
2830 palive3 = (void *)pkt->data;
2831 umac = &palive3->umac_data;
2832 lmac1 = &palive3->lmac_data;
2833 status = le16toh(palive3->status);
2834 }
2835
2836 sc->error_event_table[0] = le32toh(lmac1->error_event_table_ptr);
2837 if (lmac2)
2838 sc->error_event_table[1] =
2839 le32toh(lmac2->error_event_table_ptr);
2840 sc->log_event_table = le32toh(lmac1->log_event_table_ptr);
2841 sc->umac_error_event_table = le32toh(umac->error_info_addr);
2842 alive_data->scd_base_addr = le32toh(lmac1->scd_base_ptr);
2843 alive_data->valid = status == IWM_ALIVE_STATUS_OK;
2844 if (sc->umac_error_event_table)
2845 sc->support_umac_log = TRUE;
2846
2847 IWM_DPRINTF(sc, IWM_DEBUG_FW,
2848 "Alive ucode status 0x%04x revision 0x%01X 0x%01X\n",
2849 status, lmac1->ver_type, lmac1->ver_subtype);
2850
2851 if (lmac2)
2852 IWM_DPRINTF(sc, IWM_DEBUG_FW, "Alive ucode CDB\n");
2853
2854 IWM_DPRINTF(sc, IWM_DEBUG_FW,
2855 "UMAC version: Major - 0x%x, Minor - 0x%x\n",
2856 le32toh(umac->umac_major),
2857 le32toh(umac->umac_minor));
2858
2859 return TRUE;
2860 }
2861
2862 static int
iwm_wait_phy_db_entry(struct iwm_softc * sc,struct iwm_rx_packet * pkt,void * data)2863 iwm_wait_phy_db_entry(struct iwm_softc *sc,
2864 struct iwm_rx_packet *pkt, void *data)
2865 {
2866 struct iwm_phy_db *phy_db = data;
2867
2868 if (pkt->hdr.code != IWM_CALIB_RES_NOTIF_PHY_DB) {
2869 if(pkt->hdr.code != IWM_INIT_COMPLETE_NOTIF) {
2870 device_printf(sc->sc_dev, "%s: Unexpected cmd: %d\n",
2871 __func__, pkt->hdr.code);
2872 }
2873 return TRUE;
2874 }
2875
2876 if (iwm_phy_db_set_section(phy_db, pkt)) {
2877 device_printf(sc->sc_dev,
2878 "%s: iwm_phy_db_set_section failed\n", __func__);
2879 }
2880
2881 return FALSE;
2882 }
2883
2884 static int
iwm_load_ucode_wait_alive(struct iwm_softc * sc,enum iwm_ucode_type ucode_type)2885 iwm_load_ucode_wait_alive(struct iwm_softc *sc,
2886 enum iwm_ucode_type ucode_type)
2887 {
2888 struct iwm_notification_wait alive_wait;
2889 struct iwm_alive_data alive_data;
2890 const struct iwm_fw_img *fw;
2891 enum iwm_ucode_type old_type = sc->cur_ucode;
2892 int error;
2893 static const uint16_t alive_cmd[] = { IWM_ALIVE };
2894
2895 fw = &sc->sc_fw.img[ucode_type];
2896 sc->cur_ucode = ucode_type;
2897 sc->ucode_loaded = FALSE;
2898
2899 memset(&alive_data, 0, sizeof(alive_data));
2900 iwm_init_notification_wait(sc->sc_notif_wait, &alive_wait,
2901 alive_cmd, nitems(alive_cmd),
2902 iwm_alive_fn, &alive_data);
2903
2904 error = iwm_start_fw(sc, fw);
2905 if (error) {
2906 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error);
2907 sc->cur_ucode = old_type;
2908 iwm_remove_notification(sc->sc_notif_wait, &alive_wait);
2909 return error;
2910 }
2911
2912 /*
2913 * Some things may run in the background now, but we
2914 * just wait for the ALIVE notification here.
2915 */
2916 IWM_UNLOCK(sc);
2917 error = iwm_wait_notification(sc->sc_notif_wait, &alive_wait,
2918 IWM_UCODE_ALIVE_TIMEOUT);
2919 IWM_LOCK(sc);
2920 if (error) {
2921 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) {
2922 uint32_t a = 0x5a5a5a5a, b = 0x5a5a5a5a;
2923 if (iwm_nic_lock(sc)) {
2924 a = iwm_read_prph(sc, IWM_SB_CPU_1_STATUS);
2925 b = iwm_read_prph(sc, IWM_SB_CPU_2_STATUS);
2926 iwm_nic_unlock(sc);
2927 }
2928 device_printf(sc->sc_dev,
2929 "SecBoot CPU1 Status: 0x%x, CPU2 Status: 0x%x\n",
2930 a, b);
2931 }
2932 sc->cur_ucode = old_type;
2933 return error;
2934 }
2935
2936 if (!alive_data.valid) {
2937 device_printf(sc->sc_dev, "%s: Loaded ucode is not valid\n",
2938 __func__);
2939 sc->cur_ucode = old_type;
2940 return EIO;
2941 }
2942
2943 iwm_trans_pcie_fw_alive(sc, alive_data.scd_base_addr);
2944
2945 /*
2946 * configure and operate fw paging mechanism.
2947 * driver configures the paging flow only once, CPU2 paging image
2948 * included in the IWM_UCODE_INIT image.
2949 */
2950 if (fw->paging_mem_size) {
2951 error = iwm_save_fw_paging(sc, fw);
2952 if (error) {
2953 device_printf(sc->sc_dev,
2954 "%s: failed to save the FW paging image\n",
2955 __func__);
2956 return error;
2957 }
2958
2959 error = iwm_send_paging_cmd(sc, fw);
2960 if (error) {
2961 device_printf(sc->sc_dev,
2962 "%s: failed to send the paging cmd\n", __func__);
2963 iwm_free_fw_paging(sc);
2964 return error;
2965 }
2966 }
2967
2968 if (!error)
2969 sc->ucode_loaded = TRUE;
2970 return error;
2971 }
2972
2973 /*
2974 * mvm misc bits
2975 */
2976
2977 /*
2978 * follows iwlwifi/fw.c
2979 */
2980 static int
iwm_run_init_ucode(struct iwm_softc * sc,int justnvm)2981 iwm_run_init_ucode(struct iwm_softc *sc, int justnvm)
2982 {
2983 struct iwm_notification_wait calib_wait;
2984 static const uint16_t init_complete[] = {
2985 IWM_INIT_COMPLETE_NOTIF,
2986 IWM_CALIB_RES_NOTIF_PHY_DB
2987 };
2988 int ret;
2989
2990 /* do not operate with rfkill switch turned on */
2991 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2992 device_printf(sc->sc_dev,
2993 "radio is disabled by hardware switch\n");
2994 return EPERM;
2995 }
2996
2997 iwm_init_notification_wait(sc->sc_notif_wait,
2998 &calib_wait,
2999 init_complete,
3000 nitems(init_complete),
3001 iwm_wait_phy_db_entry,
3002 sc->sc_phy_db);
3003
3004 /* Will also start the device */
3005 ret = iwm_load_ucode_wait_alive(sc, IWM_UCODE_INIT);
3006 if (ret) {
3007 device_printf(sc->sc_dev, "Failed to start INIT ucode: %d\n",
3008 ret);
3009 goto error;
3010 }
3011
3012 if (sc->cfg->device_family < IWM_DEVICE_FAMILY_8000) {
3013 ret = iwm_send_bt_init_conf(sc);
3014 if (ret) {
3015 device_printf(sc->sc_dev,
3016 "failed to send bt coex configuration: %d\n", ret);
3017 goto error;
3018 }
3019 }
3020
3021 if (justnvm) {
3022 /* Read nvm */
3023 ret = iwm_nvm_init(sc);
3024 if (ret) {
3025 device_printf(sc->sc_dev, "failed to read nvm\n");
3026 goto error;
3027 }
3028 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->nvm_data->hw_addr);
3029 goto error;
3030 }
3031
3032 /* Send TX valid antennas before triggering calibrations */
3033 ret = iwm_send_tx_ant_cfg(sc, iwm_get_valid_tx_ant(sc));
3034 if (ret) {
3035 device_printf(sc->sc_dev,
3036 "failed to send antennas before calibration: %d\n", ret);
3037 goto error;
3038 }
3039
3040 /*
3041 * Send phy configurations command to init uCode
3042 * to start the 16.0 uCode init image internal calibrations.
3043 */
3044 ret = iwm_send_phy_cfg_cmd(sc);
3045 if (ret) {
3046 device_printf(sc->sc_dev,
3047 "%s: Failed to run INIT calibrations: %d\n",
3048 __func__, ret);
3049 goto error;
3050 }
3051
3052 /*
3053 * Nothing to do but wait for the init complete notification
3054 * from the firmware.
3055 */
3056 IWM_UNLOCK(sc);
3057 ret = iwm_wait_notification(sc->sc_notif_wait, &calib_wait,
3058 IWM_UCODE_CALIB_TIMEOUT);
3059 IWM_LOCK(sc);
3060
3061
3062 goto out;
3063
3064 error:
3065 iwm_remove_notification(sc->sc_notif_wait, &calib_wait);
3066 out:
3067 return ret;
3068 }
3069
3070 static int
iwm_config_ltr(struct iwm_softc * sc)3071 iwm_config_ltr(struct iwm_softc *sc)
3072 {
3073 struct iwm_ltr_config_cmd cmd = {
3074 .flags = htole32(IWM_LTR_CFG_FLAG_FEATURE_ENABLE),
3075 };
3076
3077 if (!sc->sc_ltr_enabled)
3078 return 0;
3079
3080 return iwm_send_cmd_pdu(sc, IWM_LTR_CONFIG, 0, sizeof(cmd), &cmd);
3081 }
3082
3083 /*
3084 * receive side
3085 */
3086
3087 /* (re)stock rx ring, called at init-time and at runtime */
3088 static int
iwm_rx_addbuf(struct iwm_softc * sc,int size,int idx)3089 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
3090 {
3091 struct iwm_rx_ring *ring = &sc->rxq;
3092 struct iwm_rx_data *data = &ring->data[idx];
3093 struct mbuf *m;
3094 bus_dmamap_t dmamap;
3095 bus_dma_segment_t seg;
3096 int nsegs, error;
3097
3098 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
3099 if (m == NULL)
3100 return ENOBUFS;
3101
3102 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
3103 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m,
3104 &seg, &nsegs, BUS_DMA_NOWAIT);
3105 if (error != 0) {
3106 device_printf(sc->sc_dev,
3107 "%s: can't map mbuf, error %d\n", __func__, error);
3108 m_freem(m);
3109 return error;
3110 }
3111
3112 if (data->m != NULL)
3113 bus_dmamap_unload(ring->data_dmat, data->map);
3114
3115 /* Swap ring->spare_map with data->map */
3116 dmamap = data->map;
3117 data->map = ring->spare_map;
3118 ring->spare_map = dmamap;
3119
3120 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
3121 data->m = m;
3122
3123 /* Update RX descriptor. */
3124 KASSERT((seg.ds_addr & 255) == 0, ("seg.ds_addr not aligned"));
3125 if (sc->cfg->mqrx_supported)
3126 ((uint64_t *)ring->desc)[idx] = htole64(seg.ds_addr);
3127 else
3128 ((uint32_t *)ring->desc)[idx] = htole32(seg.ds_addr >> 8);
3129 bus_dmamap_sync(ring->free_desc_dma.tag, ring->free_desc_dma.map,
3130 BUS_DMASYNC_PREWRITE);
3131
3132 return 0;
3133 }
3134
3135 static void
iwm_rx_rx_phy_cmd(struct iwm_softc * sc,struct iwm_rx_packet * pkt)3136 iwm_rx_rx_phy_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3137 {
3138 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
3139
3140 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
3141
3142 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
3143 }
3144
3145 /*
3146 * Retrieve the average noise (in dBm) among receivers.
3147 */
3148 static int
iwm_get_noise(struct iwm_softc * sc,const struct iwm_statistics_rx_non_phy * stats)3149 iwm_get_noise(struct iwm_softc *sc,
3150 const struct iwm_statistics_rx_non_phy *stats)
3151 {
3152 int i, total, nbant, noise;
3153
3154 total = nbant = noise = 0;
3155 for (i = 0; i < 3; i++) {
3156 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
3157 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: i=%d, noise=%d\n",
3158 __func__,
3159 i,
3160 noise);
3161
3162 if (noise) {
3163 total += noise;
3164 nbant++;
3165 }
3166 }
3167
3168 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "%s: nbant=%d, total=%d\n",
3169 __func__, nbant, total);
3170 #if 0
3171 /* There should be at least one antenna but check anyway. */
3172 return (nbant == 0) ? -127 : (total / nbant) - 107;
3173 #else
3174 /* For now, just hard-code it to -96 to be safe */
3175 return (-96);
3176 #endif
3177 }
3178
3179 static void
iwm_handle_rx_statistics(struct iwm_softc * sc,struct iwm_rx_packet * pkt)3180 iwm_handle_rx_statistics(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3181 {
3182 struct iwm_notif_statistics_v10 *stats = (void *)&pkt->data;
3183
3184 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
3185 sc->sc_noise = iwm_get_noise(sc, &stats->rx.general);
3186 }
3187
3188 /* iwlwifi: mvm/rx.c */
3189 /*
3190 * iwm_get_signal_strength - use new rx PHY INFO API
3191 * values are reported by the fw as positive values - need to negate
3192 * to obtain their dBM. Account for missing antennas by replacing 0
3193 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
3194 */
3195 static int
iwm_rx_get_signal_strength(struct iwm_softc * sc,struct iwm_rx_phy_info * phy_info)3196 iwm_rx_get_signal_strength(struct iwm_softc *sc,
3197 struct iwm_rx_phy_info *phy_info)
3198 {
3199 int energy_a, energy_b, energy_c, max_energy;
3200 uint32_t val;
3201
3202 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
3203 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
3204 IWM_RX_INFO_ENERGY_ANT_A_POS;
3205 energy_a = energy_a ? -energy_a : -256;
3206 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
3207 IWM_RX_INFO_ENERGY_ANT_B_POS;
3208 energy_b = energy_b ? -energy_b : -256;
3209 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
3210 IWM_RX_INFO_ENERGY_ANT_C_POS;
3211 energy_c = energy_c ? -energy_c : -256;
3212 max_energy = MAX(energy_a, energy_b);
3213 max_energy = MAX(max_energy, energy_c);
3214
3215 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3216 "energy In A %d B %d C %d , and max %d\n",
3217 energy_a, energy_b, energy_c, max_energy);
3218
3219 return max_energy;
3220 }
3221
3222 static int
iwm_rxmq_get_signal_strength(struct iwm_softc * sc,struct iwm_rx_mpdu_desc * desc)3223 iwm_rxmq_get_signal_strength(struct iwm_softc *sc,
3224 struct iwm_rx_mpdu_desc *desc)
3225 {
3226 int energy_a, energy_b;
3227
3228 energy_a = desc->v1.energy_a;
3229 energy_b = desc->v1.energy_b;
3230 energy_a = energy_a ? -energy_a : -256;
3231 energy_b = energy_b ? -energy_b : -256;
3232 return MAX(energy_a, energy_b);
3233 }
3234
3235 /*
3236 * iwm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
3237 *
3238 * Handles the actual data of the Rx packet from the fw
3239 */
3240 static bool
iwm_rx_rx_mpdu(struct iwm_softc * sc,struct mbuf * m,uint32_t offset,bool stolen)3241 iwm_rx_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset,
3242 bool stolen)
3243 {
3244 struct ieee80211com *ic = &sc->sc_ic;
3245 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3246 struct ieee80211_frame *wh;
3247 struct ieee80211_rx_stats rxs;
3248 struct iwm_rx_phy_info *phy_info;
3249 struct iwm_rx_mpdu_res_start *rx_res;
3250 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *, offset);
3251 uint32_t len;
3252 uint32_t rx_pkt_status;
3253 int rssi;
3254
3255 phy_info = &sc->sc_last_phy_info;
3256 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
3257 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
3258 len = le16toh(rx_res->byte_count);
3259 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
3260
3261 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
3262 device_printf(sc->sc_dev,
3263 "dsp size out of range [0,20]: %d\n",
3264 phy_info->cfg_phy_cnt);
3265 return false;
3266 }
3267
3268 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
3269 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
3270 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3271 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
3272 return false;
3273 }
3274
3275 rssi = iwm_rx_get_signal_strength(sc, phy_info);
3276
3277 /* Map it to relative value */
3278 rssi = rssi - sc->sc_noise;
3279
3280 /* replenish ring for the buffer we're going to feed to the sharks */
3281 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
3282 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
3283 __func__);
3284 return false;
3285 }
3286
3287 m->m_data = pkt->data + sizeof(*rx_res);
3288 m->m_pkthdr.len = m->m_len = len;
3289
3290 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3291 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise);
3292
3293 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3294 "%s: phy_info: channel=%d, flags=0x%08x\n",
3295 __func__,
3296 le16toh(phy_info->channel),
3297 le16toh(phy_info->phy_flags));
3298
3299 /*
3300 * Populate an RX state struct with the provided information.
3301 */
3302 bzero(&rxs, sizeof(rxs));
3303 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
3304 rxs.r_flags |= IEEE80211_R_BAND;
3305 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
3306 rxs.c_ieee = le16toh(phy_info->channel);
3307 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
3308 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
3309 rxs.c_band = IEEE80211_CHAN_2GHZ;
3310 } else {
3311 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
3312 rxs.c_band = IEEE80211_CHAN_5GHZ;
3313 }
3314
3315 /* rssi is in 1/2db units */
3316 rxs.c_rssi = rssi * 2;
3317 rxs.c_nf = sc->sc_noise;
3318 if (ieee80211_add_rx_params(m, &rxs) == 0)
3319 return false;
3320
3321 if (ieee80211_radiotap_active_vap(vap)) {
3322 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
3323
3324 tap->wr_flags = 0;
3325 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
3326 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3327 tap->wr_chan_freq = htole16(rxs.c_freq);
3328 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
3329 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
3330 tap->wr_dbm_antsignal = (int8_t)rssi;
3331 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
3332 tap->wr_tsft = phy_info->system_timestamp;
3333 switch (phy_info->rate) {
3334 /* CCK rates. */
3335 case 10: tap->wr_rate = 2; break;
3336 case 20: tap->wr_rate = 4; break;
3337 case 55: tap->wr_rate = 11; break;
3338 case 110: tap->wr_rate = 22; break;
3339 /* OFDM rates. */
3340 case 0xd: tap->wr_rate = 12; break;
3341 case 0xf: tap->wr_rate = 18; break;
3342 case 0x5: tap->wr_rate = 24; break;
3343 case 0x7: tap->wr_rate = 36; break;
3344 case 0x9: tap->wr_rate = 48; break;
3345 case 0xb: tap->wr_rate = 72; break;
3346 case 0x1: tap->wr_rate = 96; break;
3347 case 0x3: tap->wr_rate = 108; break;
3348 /* Unknown rate: should not happen. */
3349 default: tap->wr_rate = 0;
3350 }
3351 }
3352
3353 return true;
3354 }
3355
3356 static bool
iwm_rx_mpdu_mq(struct iwm_softc * sc,struct mbuf * m,uint32_t offset,bool stolen)3357 iwm_rx_mpdu_mq(struct iwm_softc *sc, struct mbuf *m, uint32_t offset,
3358 bool stolen)
3359 {
3360 struct ieee80211com *ic = &sc->sc_ic;
3361 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3362 struct ieee80211_frame *wh;
3363 struct ieee80211_rx_stats rxs;
3364 struct iwm_rx_mpdu_desc *desc;
3365 struct iwm_rx_packet *pkt;
3366 int rssi;
3367 uint32_t hdrlen, len, rate_n_flags;
3368 uint16_t phy_info;
3369 uint8_t channel;
3370
3371 pkt = mtodo(m, offset);
3372 desc = (void *)pkt->data;
3373
3374 if (!(desc->status & htole16(IWM_RX_MPDU_RES_STATUS_CRC_OK)) ||
3375 !(desc->status & htole16(IWM_RX_MPDU_RES_STATUS_OVERRUN_OK))) {
3376 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3377 "Bad CRC or FIFO: 0x%08X.\n", desc->status);
3378 return false;
3379 }
3380
3381 channel = desc->v1.channel;
3382 len = le16toh(desc->mpdu_len);
3383 phy_info = le16toh(desc->phy_info);
3384 rate_n_flags = desc->v1.rate_n_flags;
3385
3386 wh = mtodo(m, sizeof(*desc));
3387 m->m_data = pkt->data + sizeof(*desc);
3388 m->m_pkthdr.len = m->m_len = len;
3389 m->m_len = len;
3390
3391 /* Account for padding following the frame header. */
3392 if ((desc->mac_flags2 & IWM_RX_MPDU_MFLG2_PAD)) {
3393 hdrlen = ieee80211_anyhdrsize(wh);
3394 memmove(mtodo(m, 2), mtodo(m, 0), hdrlen);
3395 m->m_data = mtodo(m, 2);
3396 wh = mtod(m, struct ieee80211_frame *);
3397 }
3398
3399 /* Map it to relative value */
3400 rssi = iwm_rxmq_get_signal_strength(sc, desc);
3401 rssi = rssi - sc->sc_noise;
3402
3403 /* replenish ring for the buffer we're going to feed to the sharks */
3404 if (!stolen && iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
3405 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
3406 __func__);
3407 return false;
3408 }
3409
3410 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3411 "%s: rssi=%d, noise=%d\n", __func__, rssi, sc->sc_noise);
3412
3413 /*
3414 * Populate an RX state struct with the provided information.
3415 */
3416 bzero(&rxs, sizeof(rxs));
3417 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
3418 rxs.r_flags |= IEEE80211_R_BAND;
3419 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
3420 rxs.c_ieee = channel;
3421 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee,
3422 channel <= 14 ? IEEE80211_CHAN_2GHZ : IEEE80211_CHAN_5GHZ);
3423 rxs.c_band = channel <= 14 ? IEEE80211_CHAN_2GHZ : IEEE80211_CHAN_5GHZ;
3424
3425 /* rssi is in 1/2db units */
3426 rxs.c_rssi = rssi * 2;
3427 rxs.c_nf = sc->sc_noise;
3428 if (ieee80211_add_rx_params(m, &rxs) == 0)
3429 return false;
3430
3431 if (ieee80211_radiotap_active_vap(vap)) {
3432 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
3433
3434 tap->wr_flags = 0;
3435 if ((phy_info & IWM_RX_MPDU_PHY_SHORT_PREAMBLE) != 0)
3436 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3437 tap->wr_chan_freq = htole16(rxs.c_freq);
3438 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
3439 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
3440 tap->wr_dbm_antsignal = (int8_t)rssi;
3441 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
3442 tap->wr_tsft = desc->v1.gp2_on_air_rise;
3443 switch ((rate_n_flags & 0xff)) {
3444 /* CCK rates. */
3445 case 10: tap->wr_rate = 2; break;
3446 case 20: tap->wr_rate = 4; break;
3447 case 55: tap->wr_rate = 11; break;
3448 case 110: tap->wr_rate = 22; break;
3449 /* OFDM rates. */
3450 case 0xd: tap->wr_rate = 12; break;
3451 case 0xf: tap->wr_rate = 18; break;
3452 case 0x5: tap->wr_rate = 24; break;
3453 case 0x7: tap->wr_rate = 36; break;
3454 case 0x9: tap->wr_rate = 48; break;
3455 case 0xb: tap->wr_rate = 72; break;
3456 case 0x1: tap->wr_rate = 96; break;
3457 case 0x3: tap->wr_rate = 108; break;
3458 /* Unknown rate: should not happen. */
3459 default: tap->wr_rate = 0;
3460 }
3461 }
3462
3463 return true;
3464 }
3465
3466 static bool
iwm_rx_mpdu(struct iwm_softc * sc,struct mbuf * m,uint32_t offset,bool stolen)3467 iwm_rx_mpdu(struct iwm_softc *sc, struct mbuf *m, uint32_t offset,
3468 bool stolen)
3469 {
3470 struct ieee80211com *ic;
3471 struct ieee80211_frame *wh;
3472 struct ieee80211_node *ni;
3473 bool ret;
3474
3475 ic = &sc->sc_ic;
3476
3477 ret = sc->cfg->mqrx_supported ?
3478 iwm_rx_mpdu_mq(sc, m, offset, stolen) :
3479 iwm_rx_rx_mpdu(sc, m, offset, stolen);
3480 if (!ret) {
3481 counter_u64_add(ic->ic_ierrors, 1);
3482 return (ret);
3483 }
3484
3485 wh = mtod(m, struct ieee80211_frame *);
3486 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
3487
3488 IWM_UNLOCK(sc);
3489 if (ni != NULL) {
3490 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
3491 ieee80211_input_mimo(ni, m);
3492 ieee80211_free_node(ni);
3493 } else {
3494 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
3495 ieee80211_input_mimo_all(ic, m);
3496 }
3497 IWM_LOCK(sc);
3498
3499 return true;
3500 }
3501
3502 static int
iwm_rx_tx_cmd_single(struct iwm_softc * sc,struct iwm_rx_packet * pkt,struct iwm_node * in)3503 iwm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
3504 struct iwm_node *in)
3505 {
3506 struct iwm_tx_resp *tx_resp = (void *)pkt->data;
3507 struct ieee80211_ratectl_tx_status *txs = &sc->sc_txs;
3508 struct ieee80211_node *ni = &in->in_ni;
3509 struct ieee80211vap *vap = ni->ni_vap;
3510 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
3511 int new_rate, cur_rate = vap->iv_bss->ni_txrate;
3512 boolean_t rate_matched;
3513 uint8_t tx_resp_rate;
3514
3515 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
3516
3517 /* Update rate control statistics. */
3518 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n",
3519 __func__,
3520 (int) le16toh(tx_resp->status.status),
3521 (int) le16toh(tx_resp->status.sequence),
3522 tx_resp->frame_count,
3523 tx_resp->bt_kill_count,
3524 tx_resp->failure_rts,
3525 tx_resp->failure_frame,
3526 le32toh(tx_resp->initial_rate),
3527 (int) le16toh(tx_resp->wireless_media_time));
3528
3529 tx_resp_rate = iwm_rate_from_ucode_rate(le32toh(tx_resp->initial_rate));
3530
3531 /* For rate control, ignore frames sent at different initial rate */
3532 rate_matched = (tx_resp_rate != 0 && tx_resp_rate == cur_rate);
3533
3534 if (tx_resp_rate != 0 && cur_rate != 0 && !rate_matched) {
3535 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3536 "tx_resp_rate doesn't match ni_txrate (tx_resp_rate=%u "
3537 "ni_txrate=%d)\n", tx_resp_rate, cur_rate);
3538 }
3539
3540 txs->flags = IEEE80211_RATECTL_STATUS_SHORT_RETRY |
3541 IEEE80211_RATECTL_STATUS_LONG_RETRY;
3542 txs->short_retries = tx_resp->failure_rts;
3543 txs->long_retries = tx_resp->failure_frame;
3544 if (status != IWM_TX_STATUS_SUCCESS &&
3545 status != IWM_TX_STATUS_DIRECT_DONE) {
3546 switch (status) {
3547 case IWM_TX_STATUS_FAIL_SHORT_LIMIT:
3548 txs->status = IEEE80211_RATECTL_TX_FAIL_SHORT;
3549 break;
3550 case IWM_TX_STATUS_FAIL_LONG_LIMIT:
3551 txs->status = IEEE80211_RATECTL_TX_FAIL_LONG;
3552 break;
3553 case IWM_TX_STATUS_FAIL_LIFE_EXPIRE:
3554 txs->status = IEEE80211_RATECTL_TX_FAIL_EXPIRED;
3555 break;
3556 default:
3557 txs->status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED;
3558 break;
3559 }
3560 } else {
3561 txs->status = IEEE80211_RATECTL_TX_SUCCESS;
3562 }
3563
3564 if (rate_matched) {
3565 ieee80211_ratectl_tx_complete(ni, txs);
3566
3567 int rix = ieee80211_ratectl_rate(vap->iv_bss, NULL, 0);
3568 new_rate = vap->iv_bss->ni_txrate;
3569 if (new_rate != 0 && new_rate != cur_rate) {
3570 struct iwm_node *in = IWM_NODE(vap->iv_bss);
3571 iwm_setrates(sc, in, rix);
3572 iwm_send_lq_cmd(sc, &in->in_lq, FALSE);
3573 }
3574 }
3575
3576 return (txs->status != IEEE80211_RATECTL_TX_SUCCESS);
3577 }
3578
3579 static void
iwm_rx_tx_cmd(struct iwm_softc * sc,struct iwm_rx_packet * pkt)3580 iwm_rx_tx_cmd(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3581 {
3582 struct iwm_cmd_header *cmd_hdr;
3583 struct iwm_tx_ring *ring;
3584 struct iwm_tx_data *txd;
3585 struct iwm_node *in;
3586 struct mbuf *m;
3587 int idx, qid, qmsk, status;
3588
3589 cmd_hdr = &pkt->hdr;
3590 idx = cmd_hdr->idx;
3591 qid = cmd_hdr->qid;
3592
3593 ring = &sc->txq[qid];
3594 txd = &ring->data[idx];
3595 in = txd->in;
3596 m = txd->m;
3597
3598 KASSERT(txd->done == 0, ("txd not done"));
3599 KASSERT(txd->in != NULL, ("txd without node"));
3600 KASSERT(txd->m != NULL, ("txd without mbuf"));
3601
3602 sc->sc_tx_timer = 0;
3603
3604 status = iwm_rx_tx_cmd_single(sc, pkt, in);
3605
3606 /* Unmap and free mbuf. */
3607 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
3608 bus_dmamap_unload(ring->data_dmat, txd->map);
3609
3610 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3611 "free txd %p, in %p\n", txd, txd->in);
3612 txd->done = 1;
3613 txd->m = NULL;
3614 txd->in = NULL;
3615
3616 ieee80211_tx_complete(&in->in_ni, m, status);
3617
3618 qmsk = 1 << qid;
3619 if (--ring->queued < IWM_TX_RING_LOMARK && (sc->qfullmsk & qmsk) != 0) {
3620 sc->qfullmsk &= ~qmsk;
3621 if (sc->qfullmsk == 0)
3622 iwm_start(sc);
3623 }
3624 }
3625
3626 /*
3627 * transmit side
3628 */
3629
3630 /*
3631 * Process a "command done" firmware notification. This is where we wakeup
3632 * processes waiting for a synchronous command completion.
3633 * from if_iwn
3634 */
3635 static void
iwm_cmd_done(struct iwm_softc * sc,struct iwm_rx_packet * pkt)3636 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3637 {
3638 struct iwm_tx_ring *ring = &sc->txq[IWM_CMD_QUEUE];
3639 struct iwm_tx_data *data;
3640
3641 if (pkt->hdr.qid != IWM_CMD_QUEUE) {
3642 return; /* Not a command ack. */
3643 }
3644
3645 /* XXX wide commands? */
3646 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
3647 "cmd notification type 0x%x qid %d idx %d\n",
3648 pkt->hdr.code, pkt->hdr.qid, pkt->hdr.idx);
3649
3650 data = &ring->data[pkt->hdr.idx];
3651
3652 /* If the command was mapped in an mbuf, free it. */
3653 if (data->m != NULL) {
3654 bus_dmamap_sync(ring->data_dmat, data->map,
3655 BUS_DMASYNC_POSTWRITE);
3656 bus_dmamap_unload(ring->data_dmat, data->map);
3657 m_freem(data->m);
3658 data->m = NULL;
3659 }
3660 wakeup(&ring->desc[pkt->hdr.idx]);
3661
3662 if (((pkt->hdr.idx + ring->queued) % IWM_TX_RING_COUNT) != ring->cur) {
3663 device_printf(sc->sc_dev,
3664 "%s: Some HCMDs skipped?: idx=%d queued=%d cur=%d\n",
3665 __func__, pkt->hdr.idx, ring->queued, ring->cur);
3666 /* XXX call iwm_force_nmi() */
3667 }
3668
3669 KASSERT(ring->queued > 0, ("ring->queued is empty?"));
3670 ring->queued--;
3671 if (ring->queued == 0)
3672 iwm_pcie_clear_cmd_in_flight(sc);
3673 }
3674
3675 #if 0
3676 /*
3677 * necessary only for block ack mode
3678 */
3679 void
3680 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
3681 uint16_t len)
3682 {
3683 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
3684 uint16_t w_val;
3685
3686 scd_bc_tbl = sc->sched_dma.vaddr;
3687
3688 len += 8; /* magic numbers came naturally from paris */
3689 len = roundup(len, 4) / 4;
3690
3691 w_val = htole16(sta_id << 12 | len);
3692
3693 /* Update TX scheduler. */
3694 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
3695 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3696 BUS_DMASYNC_PREWRITE);
3697
3698 /* I really wonder what this is ?!? */
3699 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
3700 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
3701 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3702 BUS_DMASYNC_PREWRITE);
3703 }
3704 }
3705 #endif
3706
3707 static int
iwm_tx_rateidx_global_lookup(struct iwm_softc * sc,uint8_t rate)3708 iwm_tx_rateidx_global_lookup(struct iwm_softc *sc, uint8_t rate)
3709 {
3710 int i;
3711
3712 for (i = 0; i < nitems(iwm_rates); i++) {
3713 if (iwm_rates[i].rate == rate)
3714 return (i);
3715 }
3716 /* XXX error? */
3717 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3718 "%s: couldn't find an entry for rate=%d\n",
3719 __func__,
3720 rate);
3721 return (0);
3722 }
3723
3724 /*
3725 * Fill in the rate related information for a transmit command.
3726 */
3727 static const struct iwm_rate *
iwm_tx_fill_cmd(struct iwm_softc * sc,struct iwm_node * in,struct mbuf * m,struct iwm_tx_cmd * tx)3728 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
3729 struct mbuf *m, struct iwm_tx_cmd *tx)
3730 {
3731 struct ieee80211_node *ni = &in->in_ni;
3732 struct ieee80211_frame *wh;
3733 const struct ieee80211_txparam *tp = ni->ni_txparms;
3734 const struct iwm_rate *rinfo;
3735 int type;
3736 int ridx, rate_flags;
3737
3738 wh = mtod(m, struct ieee80211_frame *);
3739 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3740
3741 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
3742 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
3743
3744 if (type == IEEE80211_FC0_TYPE_MGT ||
3745 type == IEEE80211_FC0_TYPE_CTL ||
3746 (m->m_flags & M_EAPOL) != 0) {
3747 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mgmtrate);
3748 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3749 "%s: MGT (%d)\n", __func__, tp->mgmtrate);
3750 } else if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3751 ridx = iwm_tx_rateidx_global_lookup(sc, tp->mcastrate);
3752 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3753 "%s: MCAST (%d)\n", __func__, tp->mcastrate);
3754 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
3755 ridx = iwm_tx_rateidx_global_lookup(sc, tp->ucastrate);
3756 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
3757 "%s: FIXED_RATE (%d)\n", __func__, tp->ucastrate);
3758 } else {
3759 /* for data frames, use RS table */
3760 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: DATA\n", __func__);
3761 ridx = iwm_rate2ridx(sc, ni->ni_txrate);
3762 if (ridx == -1)
3763 ridx = 0;
3764
3765 /* This is the index into the programmed table */
3766 tx->initial_rate_index = 0;
3767 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
3768 }
3769
3770 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3771 "%s: frame type=%d txrate %d\n",
3772 __func__, type, iwm_rates[ridx].rate);
3773
3774 rinfo = &iwm_rates[ridx];
3775
3776 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
3777 __func__, ridx,
3778 rinfo->rate,
3779 !! (IWM_RIDX_IS_CCK(ridx))
3780 );
3781
3782 /* XXX TODO: hard-coded TX antenna? */
3783 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_9000)
3784 rate_flags = IWM_RATE_MCS_ANT_B_MSK;
3785 else
3786 rate_flags = IWM_RATE_MCS_ANT_A_MSK;
3787 if (IWM_RIDX_IS_CCK(ridx))
3788 rate_flags |= IWM_RATE_MCS_CCK_MSK;
3789 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
3790
3791 return rinfo;
3792 }
3793
3794 #define TB0_SIZE 16
3795 static int
iwm_tx(struct iwm_softc * sc,struct mbuf * m,struct ieee80211_node * ni,int ac)3796 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
3797 {
3798 struct ieee80211com *ic = &sc->sc_ic;
3799 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3800 struct iwm_node *in = IWM_NODE(ni);
3801 struct iwm_tx_ring *ring;
3802 struct iwm_tx_data *data;
3803 struct iwm_tfd *desc;
3804 struct iwm_device_cmd *cmd;
3805 struct iwm_tx_cmd *tx;
3806 struct ieee80211_frame *wh;
3807 struct ieee80211_key *k = NULL;
3808 struct mbuf *m1;
3809 const struct iwm_rate *rinfo;
3810 uint32_t flags;
3811 u_int hdrlen;
3812 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
3813 int nsegs;
3814 uint8_t tid, type;
3815 int i, totlen, error, pad;
3816
3817 wh = mtod(m, struct ieee80211_frame *);
3818 hdrlen = ieee80211_anyhdrsize(wh);
3819 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3820 tid = 0;
3821 ring = &sc->txq[ac];
3822 desc = &ring->desc[ring->cur];
3823 data = &ring->data[ring->cur];
3824
3825 /* Fill out iwm_tx_cmd to send to the firmware */
3826 cmd = &ring->cmd[ring->cur];
3827 cmd->hdr.code = IWM_TX_CMD;
3828 cmd->hdr.flags = 0;
3829 cmd->hdr.qid = ring->qid;
3830 cmd->hdr.idx = ring->cur;
3831
3832 tx = (void *)cmd->data;
3833 memset(tx, 0, sizeof(*tx));
3834
3835 rinfo = iwm_tx_fill_cmd(sc, in, m, tx);
3836
3837 /* Encrypt the frame if need be. */
3838 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
3839 /* Retrieve key for TX && do software encryption. */
3840 k = ieee80211_crypto_encap(ni, m);
3841 if (k == NULL) {
3842 m_freem(m);
3843 return (ENOBUFS);
3844 }
3845 /* 802.11 header may have moved. */
3846 wh = mtod(m, struct ieee80211_frame *);
3847 }
3848
3849 if (ieee80211_radiotap_active_vap(vap)) {
3850 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
3851
3852 tap->wt_flags = 0;
3853 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
3854 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
3855 tap->wt_rate = rinfo->rate;
3856 if (k != NULL)
3857 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
3858 ieee80211_radiotap_tx(vap, m);
3859 }
3860
3861 flags = 0;
3862 totlen = m->m_pkthdr.len;
3863 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3864 flags |= IWM_TX_CMD_FLG_ACK;
3865 }
3866
3867 if (type == IEEE80211_FC0_TYPE_DATA &&
3868 totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold &&
3869 !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3870 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
3871 }
3872
3873 tx->sta_id = IWM_STATION_ID;
3874
3875 if (type == IEEE80211_FC0_TYPE_MGT) {
3876 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3877
3878 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3879 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
3880 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC);
3881 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) {
3882 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3883 } else {
3884 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT);
3885 }
3886 } else {
3887 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3888 }
3889
3890 if (hdrlen & 3) {
3891 /* First segment length must be a multiple of 4. */
3892 flags |= IWM_TX_CMD_FLG_MH_PAD;
3893 tx->offload_assist |= htole16(1 << IWM_TX_CMD_OFFLD_PAD);
3894 pad = 4 - (hdrlen & 3);
3895 } else {
3896 tx->offload_assist = 0;
3897 pad = 0;
3898 }
3899
3900 tx->len = htole16(totlen);
3901 tx->tid_tspec = tid;
3902 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
3903
3904 /* Set physical address of "scratch area". */
3905 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
3906 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
3907
3908 /* Copy 802.11 header in TX command. */
3909 memcpy((uint8_t *)tx + sizeof(*tx), wh, hdrlen);
3910
3911 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
3912
3913 tx->sec_ctl = 0;
3914 tx->tx_flags |= htole32(flags);
3915
3916 /* Trim 802.11 header. */
3917 m_adj(m, hdrlen);
3918 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3919 segs, &nsegs, BUS_DMA_NOWAIT);
3920 if (error != 0) {
3921 if (error != EFBIG) {
3922 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3923 error);
3924 m_freem(m);
3925 return error;
3926 }
3927 /* Too many DMA segments, linearize mbuf. */
3928 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2);
3929 if (m1 == NULL) {
3930 device_printf(sc->sc_dev,
3931 "%s: could not defrag mbuf\n", __func__);
3932 m_freem(m);
3933 return (ENOBUFS);
3934 }
3935 m = m1;
3936
3937 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3938 segs, &nsegs, BUS_DMA_NOWAIT);
3939 if (error != 0) {
3940 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3941 error);
3942 m_freem(m);
3943 return error;
3944 }
3945 }
3946 data->m = m;
3947 data->in = in;
3948 data->done = 0;
3949
3950 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3951 "sending txd %p, in %p\n", data, data->in);
3952 KASSERT(data->in != NULL, ("node is NULL"));
3953
3954 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3955 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n",
3956 ring->qid, ring->cur, totlen, nsegs,
3957 le32toh(tx->tx_flags),
3958 le32toh(tx->rate_n_flags),
3959 tx->initial_rate_index
3960 );
3961
3962 /* Fill TX descriptor. */
3963 memset(desc, 0, sizeof(*desc));
3964 desc->num_tbs = 2 + nsegs;
3965
3966 desc->tbs[0].lo = htole32(data->cmd_paddr);
3967 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr) |
3968 (TB0_SIZE << 4));
3969 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
3970 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr) |
3971 ((sizeof(struct iwm_cmd_header) + sizeof(*tx) +
3972 hdrlen + pad - TB0_SIZE) << 4));
3973
3974 /* Other DMA segments are for data payload. */
3975 for (i = 0; i < nsegs; i++) {
3976 seg = &segs[i];
3977 desc->tbs[i + 2].lo = htole32(seg->ds_addr);
3978 desc->tbs[i + 2].hi_n_len =
3979 htole16(iwm_get_dma_hi_addr(seg->ds_addr)) |
3980 (seg->ds_len << 4);
3981 }
3982
3983 bus_dmamap_sync(ring->data_dmat, data->map,
3984 BUS_DMASYNC_PREWRITE);
3985 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
3986 BUS_DMASYNC_PREWRITE);
3987 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3988 BUS_DMASYNC_PREWRITE);
3989
3990 #if 0
3991 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
3992 #endif
3993
3994 /* Kick TX ring. */
3995 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
3996 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3997
3998 /* Mark TX ring as full if we reach a certain threshold. */
3999 if (++ring->queued > IWM_TX_RING_HIMARK) {
4000 sc->qfullmsk |= 1 << ring->qid;
4001 }
4002
4003 return 0;
4004 }
4005
4006 static int
iwm_raw_xmit(struct ieee80211_node * ni,struct mbuf * m,const struct ieee80211_bpf_params * params)4007 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
4008 const struct ieee80211_bpf_params *params)
4009 {
4010 struct ieee80211com *ic = ni->ni_ic;
4011 struct iwm_softc *sc = ic->ic_softc;
4012 int error = 0;
4013
4014 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
4015 "->%s begin\n", __func__);
4016
4017 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
4018 m_freem(m);
4019 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
4020 "<-%s not RUNNING\n", __func__);
4021 return (ENETDOWN);
4022 }
4023
4024 IWM_LOCK(sc);
4025 /* XXX fix this */
4026 if (params == NULL) {
4027 error = iwm_tx(sc, m, ni, 0);
4028 } else {
4029 error = iwm_tx(sc, m, ni, 0);
4030 }
4031 if (sc->sc_tx_timer == 0)
4032 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4033 sc->sc_tx_timer = 5;
4034 IWM_UNLOCK(sc);
4035
4036 return (error);
4037 }
4038
4039 /*
4040 * mvm/tx.c
4041 */
4042
4043 /*
4044 * Note that there are transports that buffer frames before they reach
4045 * the firmware. This means that after flush_tx_path is called, the
4046 * queue might not be empty. The race-free way to handle this is to:
4047 * 1) set the station as draining
4048 * 2) flush the Tx path
4049 * 3) wait for the transport queues to be empty
4050 */
4051 int
iwm_flush_tx_path(struct iwm_softc * sc,uint32_t tfd_msk,uint32_t flags)4052 iwm_flush_tx_path(struct iwm_softc *sc, uint32_t tfd_msk, uint32_t flags)
4053 {
4054 int ret;
4055 struct iwm_tx_path_flush_cmd flush_cmd = {
4056 .queues_ctl = htole32(tfd_msk),
4057 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
4058 };
4059
4060 ret = iwm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH, flags,
4061 sizeof(flush_cmd), &flush_cmd);
4062 if (ret)
4063 device_printf(sc->sc_dev,
4064 "Flushing tx queue failed: %d\n", ret);
4065 return ret;
4066 }
4067
4068 /*
4069 * BEGIN mvm/quota.c
4070 */
4071
4072 static int
iwm_update_quotas(struct iwm_softc * sc,struct iwm_vap * ivp)4073 iwm_update_quotas(struct iwm_softc *sc, struct iwm_vap *ivp)
4074 {
4075 struct iwm_time_quota_cmd cmd;
4076 int i, idx, ret, num_active_macs, quota, quota_rem;
4077 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
4078 int n_ifs[IWM_MAX_BINDINGS] = {0, };
4079 uint16_t id;
4080
4081 memset(&cmd, 0, sizeof(cmd));
4082
4083 /* currently, PHY ID == binding ID */
4084 if (ivp) {
4085 id = ivp->phy_ctxt->id;
4086 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
4087 colors[id] = ivp->phy_ctxt->color;
4088
4089 if (1)
4090 n_ifs[id] = 1;
4091 }
4092
4093 /*
4094 * The FW's scheduling session consists of
4095 * IWM_MAX_QUOTA fragments. Divide these fragments
4096 * equally between all the bindings that require quota
4097 */
4098 num_active_macs = 0;
4099 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
4100 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
4101 num_active_macs += n_ifs[i];
4102 }
4103
4104 quota = 0;
4105 quota_rem = 0;
4106 if (num_active_macs) {
4107 quota = IWM_MAX_QUOTA / num_active_macs;
4108 quota_rem = IWM_MAX_QUOTA % num_active_macs;
4109 }
4110
4111 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
4112 if (colors[i] < 0)
4113 continue;
4114
4115 cmd.quotas[idx].id_and_color =
4116 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
4117
4118 if (n_ifs[i] <= 0) {
4119 cmd.quotas[idx].quota = htole32(0);
4120 cmd.quotas[idx].max_duration = htole32(0);
4121 } else {
4122 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
4123 cmd.quotas[idx].max_duration = htole32(0);
4124 }
4125 idx++;
4126 }
4127
4128 /* Give the remainder of the session to the first binding */
4129 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
4130
4131 ret = iwm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
4132 sizeof(cmd), &cmd);
4133 if (ret)
4134 device_printf(sc->sc_dev,
4135 "%s: Failed to send quota: %d\n", __func__, ret);
4136 return ret;
4137 }
4138
4139 /*
4140 * END mvm/quota.c
4141 */
4142
4143 /*
4144 * ieee80211 routines
4145 */
4146
4147 /*
4148 * Change to AUTH state in 80211 state machine. Roughly matches what
4149 * Linux does in bss_info_changed().
4150 */
4151 static int
iwm_auth(struct ieee80211vap * vap,struct iwm_softc * sc)4152 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
4153 {
4154 struct ieee80211_node *ni;
4155 struct iwm_node *in;
4156 struct iwm_vap *iv = IWM_VAP(vap);
4157 uint32_t duration;
4158 int error;
4159
4160 /*
4161 * XXX i have a feeling that the vap node is being
4162 * freed from underneath us. Grr.
4163 */
4164 ni = ieee80211_ref_node(vap->iv_bss);
4165 in = IWM_NODE(ni);
4166 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
4167 "%s: called; vap=%p, bss ni=%p\n",
4168 __func__,
4169 vap,
4170 ni);
4171 IWM_DPRINTF(sc, IWM_DEBUG_STATE, "%s: Current node bssid: %s\n",
4172 __func__, ether_sprintf(ni->ni_bssid));
4173
4174 in->in_assoc = 0;
4175 iv->iv_auth = 1;
4176
4177 /*
4178 * Firmware bug - it'll crash if the beacon interval is less
4179 * than 16. We can't avoid connecting at all, so refuse the
4180 * station state change, this will cause net80211 to abandon
4181 * attempts to connect to this AP, and eventually wpa_s will
4182 * blacklist the AP...
4183 */
4184 if (ni->ni_intval < 16) {
4185 device_printf(sc->sc_dev,
4186 "AP %s beacon interval is %d, refusing due to firmware bug!\n",
4187 ether_sprintf(ni->ni_bssid), ni->ni_intval);
4188 error = EINVAL;
4189 goto out;
4190 }
4191
4192 error = iwm_allow_mcast(vap, sc);
4193 if (error) {
4194 device_printf(sc->sc_dev,
4195 "%s: failed to set multicast\n", __func__);
4196 goto out;
4197 }
4198
4199 /*
4200 * This is where it deviates from what Linux does.
4201 *
4202 * Linux iwlwifi doesn't reset the nic each time, nor does it
4203 * call ctxt_add() here. Instead, it adds it during vap creation,
4204 * and always does a mac_ctx_changed().
4205 *
4206 * The openbsd port doesn't attempt to do that - it reset things
4207 * at odd states and does the add here.
4208 *
4209 * So, until the state handling is fixed (ie, we never reset
4210 * the NIC except for a firmware failure, which should drag
4211 * the NIC back to IDLE, re-setup and re-add all the mac/phy
4212 * contexts that are required), let's do a dirty hack here.
4213 */
4214 if (iv->is_uploaded) {
4215 if ((error = iwm_mac_ctxt_changed(sc, vap)) != 0) {
4216 device_printf(sc->sc_dev,
4217 "%s: failed to update MAC\n", __func__);
4218 goto out;
4219 }
4220 } else {
4221 if ((error = iwm_mac_ctxt_add(sc, vap)) != 0) {
4222 device_printf(sc->sc_dev,
4223 "%s: failed to add MAC\n", __func__);
4224 goto out;
4225 }
4226 }
4227 sc->sc_firmware_state = 1;
4228
4229 if ((error = iwm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
4230 in->in_ni.ni_chan, 1, 1)) != 0) {
4231 device_printf(sc->sc_dev,
4232 "%s: failed update phy ctxt\n", __func__);
4233 goto out;
4234 }
4235 iv->phy_ctxt = &sc->sc_phyctxt[0];
4236
4237 if ((error = iwm_binding_add_vif(sc, iv)) != 0) {
4238 device_printf(sc->sc_dev,
4239 "%s: binding update cmd\n", __func__);
4240 goto out;
4241 }
4242 sc->sc_firmware_state = 2;
4243 /*
4244 * Authentication becomes unreliable when powersaving is left enabled
4245 * here. Powersaving will be activated again when association has
4246 * finished or is aborted.
4247 */
4248 iv->ps_disabled = TRUE;
4249 error = iwm_power_update_mac(sc);
4250 iv->ps_disabled = FALSE;
4251 if (error != 0) {
4252 device_printf(sc->sc_dev,
4253 "%s: failed to update power management\n",
4254 __func__);
4255 goto out;
4256 }
4257 if ((error = iwm_add_sta(sc, in)) != 0) {
4258 device_printf(sc->sc_dev,
4259 "%s: failed to add sta\n", __func__);
4260 goto out;
4261 }
4262 sc->sc_firmware_state = 3;
4263
4264 /*
4265 * Prevent the FW from wandering off channel during association
4266 * by "protecting" the session with a time event.
4267 */
4268 /* XXX duration is in units of TU, not MS */
4269 duration = IWM_TE_SESSION_PROTECTION_MAX_TIME_MS;
4270 iwm_protect_session(sc, iv, duration, 500 /* XXX magic number */, TRUE);
4271
4272 error = 0;
4273 out:
4274 if (error != 0)
4275 iv->iv_auth = 0;
4276 ieee80211_free_node(ni);
4277 return (error);
4278 }
4279
4280 static struct ieee80211_node *
iwm_node_alloc(struct ieee80211vap * vap,const uint8_t mac[IEEE80211_ADDR_LEN])4281 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
4282 {
4283 return malloc(sizeof (struct iwm_node), M_80211_NODE,
4284 M_NOWAIT | M_ZERO);
4285 }
4286
4287 static uint8_t
iwm_rate_from_ucode_rate(uint32_t rate_n_flags)4288 iwm_rate_from_ucode_rate(uint32_t rate_n_flags)
4289 {
4290 uint8_t plcp = rate_n_flags & 0xff;
4291 int i;
4292
4293 for (i = 0; i <= IWM_RIDX_MAX; i++) {
4294 if (iwm_rates[i].plcp == plcp)
4295 return iwm_rates[i].rate;
4296 }
4297 return 0;
4298 }
4299
4300 uint8_t
iwm_ridx2rate(struct ieee80211_rateset * rs,int ridx)4301 iwm_ridx2rate(struct ieee80211_rateset *rs, int ridx)
4302 {
4303 int i;
4304 uint8_t rval;
4305
4306 for (i = 0; i < rs->rs_nrates; i++) {
4307 rval = (rs->rs_rates[i] & IEEE80211_RATE_VAL);
4308 if (rval == iwm_rates[ridx].rate)
4309 return rs->rs_rates[i];
4310 }
4311
4312 return 0;
4313 }
4314
4315 static int
iwm_rate2ridx(struct iwm_softc * sc,uint8_t rate)4316 iwm_rate2ridx(struct iwm_softc *sc, uint8_t rate)
4317 {
4318 int i;
4319
4320 for (i = 0; i <= IWM_RIDX_MAX; i++) {
4321 if (iwm_rates[i].rate == rate)
4322 return i;
4323 }
4324
4325 device_printf(sc->sc_dev,
4326 "%s: WARNING: device rate for %u not found!\n",
4327 __func__, rate);
4328
4329 return -1;
4330 }
4331
4332
4333 static void
iwm_setrates(struct iwm_softc * sc,struct iwm_node * in,int rix)4334 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in, int rix)
4335 {
4336 struct ieee80211_node *ni = &in->in_ni;
4337 struct iwm_lq_cmd *lq = &in->in_lq;
4338 struct ieee80211_rateset *rs = &ni->ni_rates;
4339 int nrates = rs->rs_nrates;
4340 int i, ridx, tab = 0;
4341 // int txant = 0;
4342
4343 KASSERT(rix >= 0 && rix < nrates, ("invalid rix"));
4344
4345 if (nrates > nitems(lq->rs_table)) {
4346 device_printf(sc->sc_dev,
4347 "%s: node supports %d rates, driver handles "
4348 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
4349 return;
4350 }
4351 if (nrates == 0) {
4352 device_printf(sc->sc_dev,
4353 "%s: node supports 0 rates, odd!\n", __func__);
4354 return;
4355 }
4356 nrates = imin(rix + 1, nrates);
4357
4358 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4359 "%s: nrates=%d\n", __func__, nrates);
4360
4361 /* then construct a lq_cmd based on those */
4362 memset(lq, 0, sizeof(*lq));
4363 lq->sta_id = IWM_STATION_ID;
4364
4365 /* For HT, always enable RTS/CTS to avoid excessive retries. */
4366 if (ni->ni_flags & IEEE80211_NODE_HT)
4367 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK;
4368
4369 /*
4370 * are these used? (we don't do SISO or MIMO)
4371 * need to set them to non-zero, though, or we get an error.
4372 */
4373 lq->single_stream_ant_msk = 1;
4374 lq->dual_stream_ant_msk = 1;
4375
4376 /*
4377 * Build the actual rate selection table.
4378 * The lowest bits are the rates. Additionally,
4379 * CCK needs bit 9 to be set. The rest of the bits
4380 * we add to the table select the tx antenna
4381 * Note that we add the rates in the highest rate first
4382 * (opposite of ni_rates).
4383 */
4384 for (i = 0; i < nrates; i++) {
4385 int rate = rs->rs_rates[rix - i] & IEEE80211_RATE_VAL;
4386 int nextant;
4387
4388 /* Map 802.11 rate to HW rate index. */
4389 ridx = iwm_rate2ridx(sc, rate);
4390 if (ridx == -1)
4391 continue;
4392
4393 #if 0
4394 if (txant == 0)
4395 txant = iwm_get_valid_tx_ant(sc);
4396 nextant = 1<<(ffs(txant)-1);
4397 txant &= ~nextant;
4398 #else
4399 nextant = iwm_get_valid_tx_ant(sc);
4400 #endif
4401 tab = iwm_rates[ridx].plcp;
4402 tab |= nextant << IWM_RATE_MCS_ANT_POS;
4403 if (IWM_RIDX_IS_CCK(ridx))
4404 tab |= IWM_RATE_MCS_CCK_MSK;
4405 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4406 "station rate i=%d, rate=%d, hw=%x\n",
4407 i, iwm_rates[ridx].rate, tab);
4408 lq->rs_table[i] = htole32(tab);
4409 }
4410 /* then fill the rest with the lowest possible rate */
4411 for (i = nrates; i < nitems(lq->rs_table); i++) {
4412 KASSERT(tab != 0, ("invalid tab"));
4413 lq->rs_table[i] = htole32(tab);
4414 }
4415 }
4416
4417 static void
iwm_bring_down_firmware(struct iwm_softc * sc,struct ieee80211vap * vap)4418 iwm_bring_down_firmware(struct iwm_softc *sc, struct ieee80211vap *vap)
4419 {
4420 struct iwm_vap *ivp = IWM_VAP(vap);
4421 int error;
4422
4423 /* Avoid Tx watchdog triggering, when transfers get dropped here. */
4424 sc->sc_tx_timer = 0;
4425
4426 ivp->iv_auth = 0;
4427 if (sc->sc_firmware_state == 3) {
4428 iwm_xmit_queue_drain(sc);
4429 // iwm_flush_tx_path(sc, 0xf, IWM_CMD_SYNC);
4430 error = iwm_rm_sta(sc, vap, TRUE);
4431 if (error) {
4432 device_printf(sc->sc_dev,
4433 "%s: Failed to remove station: %d\n",
4434 __func__, error);
4435 }
4436 }
4437 if (sc->sc_firmware_state == 3) {
4438 error = iwm_mac_ctxt_changed(sc, vap);
4439 if (error) {
4440 device_printf(sc->sc_dev,
4441 "%s: Failed to change mac context: %d\n",
4442 __func__, error);
4443 }
4444 }
4445 if (sc->sc_firmware_state == 3) {
4446 error = iwm_sf_update(sc, vap, FALSE);
4447 if (error) {
4448 device_printf(sc->sc_dev,
4449 "%s: Failed to update smart FIFO: %d\n",
4450 __func__, error);
4451 }
4452 }
4453 if (sc->sc_firmware_state == 3) {
4454 error = iwm_rm_sta_id(sc, vap);
4455 if (error) {
4456 device_printf(sc->sc_dev,
4457 "%s: Failed to remove station id: %d\n",
4458 __func__, error);
4459 }
4460 }
4461 if (sc->sc_firmware_state == 3) {
4462 error = iwm_update_quotas(sc, NULL);
4463 if (error) {
4464 device_printf(sc->sc_dev,
4465 "%s: Failed to update PHY quota: %d\n",
4466 __func__, error);
4467 }
4468 }
4469 if (sc->sc_firmware_state == 3) {
4470 /* XXX Might need to specify bssid correctly. */
4471 error = iwm_mac_ctxt_changed(sc, vap);
4472 if (error) {
4473 device_printf(sc->sc_dev,
4474 "%s: Failed to change mac context: %d\n",
4475 __func__, error);
4476 }
4477 }
4478 if (sc->sc_firmware_state == 3) {
4479 sc->sc_firmware_state = 2;
4480 }
4481 if (sc->sc_firmware_state > 1) {
4482 error = iwm_binding_remove_vif(sc, ivp);
4483 if (error) {
4484 device_printf(sc->sc_dev,
4485 "%s: Failed to remove channel ctx: %d\n",
4486 __func__, error);
4487 }
4488 }
4489 if (sc->sc_firmware_state > 1) {
4490 sc->sc_firmware_state = 1;
4491 }
4492 ivp->phy_ctxt = NULL;
4493 if (sc->sc_firmware_state > 0) {
4494 error = iwm_mac_ctxt_changed(sc, vap);
4495 if (error) {
4496 device_printf(sc->sc_dev,
4497 "%s: Failed to change mac context: %d\n",
4498 __func__, error);
4499 }
4500 }
4501 if (sc->sc_firmware_state > 0) {
4502 error = iwm_power_update_mac(sc);
4503 if (error != 0) {
4504 device_printf(sc->sc_dev,
4505 "%s: failed to update power management\n",
4506 __func__);
4507 }
4508 }
4509 sc->sc_firmware_state = 0;
4510 }
4511
4512 static int
iwm_newstate(struct ieee80211vap * vap,enum ieee80211_state nstate,int arg)4513 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
4514 {
4515 struct iwm_vap *ivp = IWM_VAP(vap);
4516 struct ieee80211com *ic = vap->iv_ic;
4517 struct iwm_softc *sc = ic->ic_softc;
4518 struct iwm_node *in;
4519 int error;
4520
4521 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4522 "switching state %s -> %s arg=0x%x\n",
4523 ieee80211_state_name[vap->iv_state],
4524 ieee80211_state_name[nstate],
4525 arg);
4526
4527 IEEE80211_UNLOCK(ic);
4528 IWM_LOCK(sc);
4529
4530 if ((sc->sc_flags & IWM_FLAG_SCAN_RUNNING) &&
4531 (nstate == IEEE80211_S_AUTH ||
4532 nstate == IEEE80211_S_ASSOC ||
4533 nstate == IEEE80211_S_RUN)) {
4534 /* Stop blinking for a scan, when authenticating. */
4535 iwm_led_blink_stop(sc);
4536 }
4537
4538 if (vap->iv_state == IEEE80211_S_RUN && nstate != IEEE80211_S_RUN) {
4539 iwm_led_disable(sc);
4540 /* disable beacon filtering if we're hopping out of RUN */
4541 iwm_disable_beacon_filter(sc);
4542 if (((in = IWM_NODE(vap->iv_bss)) != NULL))
4543 in->in_assoc = 0;
4544 }
4545
4546 if ((vap->iv_state == IEEE80211_S_AUTH ||
4547 vap->iv_state == IEEE80211_S_ASSOC ||
4548 vap->iv_state == IEEE80211_S_RUN) &&
4549 (nstate == IEEE80211_S_INIT ||
4550 nstate == IEEE80211_S_SCAN ||
4551 nstate == IEEE80211_S_AUTH)) {
4552 iwm_stop_session_protection(sc, ivp);
4553 }
4554
4555 if ((vap->iv_state == IEEE80211_S_RUN ||
4556 vap->iv_state == IEEE80211_S_ASSOC) &&
4557 nstate == IEEE80211_S_INIT) {
4558 /*
4559 * In this case, iv_newstate() wants to send an 80211 frame on
4560 * the network that we are leaving. So we need to call it,
4561 * before tearing down all the firmware state.
4562 */
4563 IWM_UNLOCK(sc);
4564 IEEE80211_LOCK(ic);
4565 ivp->iv_newstate(vap, nstate, arg);
4566 IEEE80211_UNLOCK(ic);
4567 IWM_LOCK(sc);
4568 iwm_bring_down_firmware(sc, vap);
4569 IWM_UNLOCK(sc);
4570 IEEE80211_LOCK(ic);
4571 return 0;
4572 }
4573
4574 switch (nstate) {
4575 case IEEE80211_S_INIT:
4576 case IEEE80211_S_SCAN:
4577 break;
4578
4579 case IEEE80211_S_AUTH:
4580 iwm_bring_down_firmware(sc, vap);
4581 if ((error = iwm_auth(vap, sc)) != 0) {
4582 device_printf(sc->sc_dev,
4583 "%s: could not move to auth state: %d\n",
4584 __func__, error);
4585 iwm_bring_down_firmware(sc, vap);
4586 IWM_UNLOCK(sc);
4587 IEEE80211_LOCK(ic);
4588 return 1;
4589 }
4590 break;
4591
4592 case IEEE80211_S_ASSOC:
4593 /*
4594 * EBS may be disabled due to previous failures reported by FW.
4595 * Reset EBS status here assuming environment has been changed.
4596 */
4597 sc->last_ebs_successful = TRUE;
4598 break;
4599
4600 case IEEE80211_S_RUN:
4601 in = IWM_NODE(vap->iv_bss);
4602 /* Update the association state, now we have it all */
4603 /* (eg associd comes in at this point */
4604 error = iwm_update_sta(sc, in);
4605 if (error != 0) {
4606 device_printf(sc->sc_dev,
4607 "%s: failed to update STA\n", __func__);
4608 IWM_UNLOCK(sc);
4609 IEEE80211_LOCK(ic);
4610 return error;
4611 }
4612 in->in_assoc = 1;
4613 error = iwm_mac_ctxt_changed(sc, vap);
4614 if (error != 0) {
4615 device_printf(sc->sc_dev,
4616 "%s: failed to update MAC: %d\n", __func__, error);
4617 }
4618
4619 iwm_sf_update(sc, vap, FALSE);
4620 iwm_enable_beacon_filter(sc, ivp);
4621 iwm_power_update_mac(sc);
4622 iwm_update_quotas(sc, ivp);
4623 int rix = ieee80211_ratectl_rate(&in->in_ni, NULL, 0);
4624 iwm_setrates(sc, in, rix);
4625
4626 if ((error = iwm_send_lq_cmd(sc, &in->in_lq, TRUE)) != 0) {
4627 device_printf(sc->sc_dev,
4628 "%s: IWM_LQ_CMD failed: %d\n", __func__, error);
4629 }
4630
4631 iwm_led_enable(sc);
4632 break;
4633
4634 default:
4635 break;
4636 }
4637 IWM_UNLOCK(sc);
4638 IEEE80211_LOCK(ic);
4639
4640 return (ivp->iv_newstate(vap, nstate, arg));
4641 }
4642
4643 void
iwm_endscan_cb(void * arg,int pending)4644 iwm_endscan_cb(void *arg, int pending)
4645 {
4646 struct iwm_softc *sc = arg;
4647 struct ieee80211com *ic = &sc->sc_ic;
4648
4649 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
4650 "%s: scan ended\n",
4651 __func__);
4652
4653 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
4654 }
4655
4656 static int
iwm_send_bt_init_conf(struct iwm_softc * sc)4657 iwm_send_bt_init_conf(struct iwm_softc *sc)
4658 {
4659 struct iwm_bt_coex_cmd bt_cmd;
4660
4661 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI);
4662 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET);
4663
4664 return iwm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd),
4665 &bt_cmd);
4666 }
4667
4668 static boolean_t
iwm_is_lar_supported(struct iwm_softc * sc)4669 iwm_is_lar_supported(struct iwm_softc *sc)
4670 {
4671 boolean_t nvm_lar = sc->nvm_data->lar_enabled;
4672 boolean_t tlv_lar = iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_SUPPORT);
4673
4674 if (iwm_lar_disable)
4675 return FALSE;
4676
4677 /*
4678 * Enable LAR only if it is supported by the FW (TLV) &&
4679 * enabled in the NVM
4680 */
4681 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000)
4682 return nvm_lar && tlv_lar;
4683 else
4684 return tlv_lar;
4685 }
4686
4687 static boolean_t
iwm_is_wifi_mcc_supported(struct iwm_softc * sc)4688 iwm_is_wifi_mcc_supported(struct iwm_softc *sc)
4689 {
4690 return iwm_fw_has_api(sc, IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) ||
4691 iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC);
4692 }
4693
4694 static int
iwm_send_update_mcc_cmd(struct iwm_softc * sc,const char * alpha2)4695 iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2)
4696 {
4697 struct iwm_mcc_update_cmd mcc_cmd;
4698 struct iwm_host_cmd hcmd = {
4699 .id = IWM_MCC_UPDATE_CMD,
4700 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB),
4701 .data = { &mcc_cmd },
4702 };
4703 int ret;
4704 #ifdef IWM_DEBUG
4705 struct iwm_rx_packet *pkt;
4706 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL;
4707 struct iwm_mcc_update_resp *mcc_resp;
4708 int n_channels;
4709 uint16_t mcc;
4710 #endif
4711 int resp_v2 = iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2);
4712
4713 if (!iwm_is_lar_supported(sc)) {
4714 IWM_DPRINTF(sc, IWM_DEBUG_LAR, "%s: no LAR support\n",
4715 __func__);
4716 return 0;
4717 }
4718
4719 memset(&mcc_cmd, 0, sizeof(mcc_cmd));
4720 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]);
4721 if (iwm_is_wifi_mcc_supported(sc))
4722 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT;
4723 else
4724 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW;
4725
4726 if (resp_v2)
4727 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd);
4728 else
4729 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1);
4730
4731 IWM_DPRINTF(sc, IWM_DEBUG_LAR,
4732 "send MCC update to FW with '%c%c' src = %d\n",
4733 alpha2[0], alpha2[1], mcc_cmd.source_id);
4734
4735 ret = iwm_send_cmd(sc, &hcmd);
4736 if (ret)
4737 return ret;
4738
4739 #ifdef IWM_DEBUG
4740 pkt = hcmd.resp_pkt;
4741
4742 /* Extract MCC response */
4743 if (resp_v2) {
4744 mcc_resp = (void *)pkt->data;
4745 mcc = mcc_resp->mcc;
4746 n_channels = le32toh(mcc_resp->n_channels);
4747 } else {
4748 mcc_resp_v1 = (void *)pkt->data;
4749 mcc = mcc_resp_v1->mcc;
4750 n_channels = le32toh(mcc_resp_v1->n_channels);
4751 }
4752
4753 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */
4754 if (mcc == 0)
4755 mcc = 0x3030; /* "00" - world */
4756
4757 IWM_DPRINTF(sc, IWM_DEBUG_LAR,
4758 "regulatory domain '%c%c' (%d channels available)\n",
4759 mcc >> 8, mcc & 0xff, n_channels);
4760 #endif
4761 iwm_free_resp(sc, &hcmd);
4762
4763 return 0;
4764 }
4765
4766 static void
iwm_tt_tx_backoff(struct iwm_softc * sc,uint32_t backoff)4767 iwm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff)
4768 {
4769 struct iwm_host_cmd cmd = {
4770 .id = IWM_REPLY_THERMAL_MNG_BACKOFF,
4771 .len = { sizeof(uint32_t), },
4772 .data = { &backoff, },
4773 };
4774
4775 if (iwm_send_cmd(sc, &cmd) != 0) {
4776 device_printf(sc->sc_dev,
4777 "failed to change thermal tx backoff\n");
4778 }
4779 }
4780
4781 static int
iwm_init_hw(struct iwm_softc * sc)4782 iwm_init_hw(struct iwm_softc *sc)
4783 {
4784 struct ieee80211com *ic = &sc->sc_ic;
4785 int error, i, ac;
4786
4787 sc->sf_state = IWM_SF_UNINIT;
4788
4789 if ((error = iwm_start_hw(sc)) != 0) {
4790 printf("iwm_start_hw: failed %d\n", error);
4791 return error;
4792 }
4793
4794 if ((error = iwm_run_init_ucode(sc, 0)) != 0) {
4795 printf("iwm_run_init_ucode: failed %d\n", error);
4796 return error;
4797 }
4798
4799 /*
4800 * should stop and start HW since that INIT
4801 * image just loaded
4802 */
4803 iwm_stop_device(sc);
4804 sc->sc_ps_disabled = FALSE;
4805 if ((error = iwm_start_hw(sc)) != 0) {
4806 device_printf(sc->sc_dev, "could not initialize hardware\n");
4807 return error;
4808 }
4809
4810 /* omstart, this time with the regular firmware */
4811 error = iwm_load_ucode_wait_alive(sc, IWM_UCODE_REGULAR);
4812 if (error) {
4813 device_printf(sc->sc_dev, "could not load firmware\n");
4814 goto error;
4815 }
4816
4817 error = iwm_sf_update(sc, NULL, FALSE);
4818 if (error)
4819 device_printf(sc->sc_dev, "Failed to initialize Smart Fifo\n");
4820
4821 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
4822 device_printf(sc->sc_dev, "bt init conf failed\n");
4823 goto error;
4824 }
4825
4826 error = iwm_send_tx_ant_cfg(sc, iwm_get_valid_tx_ant(sc));
4827 if (error != 0) {
4828 device_printf(sc->sc_dev, "antenna config failed\n");
4829 goto error;
4830 }
4831
4832 /* Send phy db control command and then phy db calibration */
4833 if ((error = iwm_send_phy_db_data(sc->sc_phy_db)) != 0)
4834 goto error;
4835
4836 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) {
4837 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n");
4838 goto error;
4839 }
4840
4841 /* Add auxiliary station for scanning */
4842 if ((error = iwm_add_aux_sta(sc)) != 0) {
4843 device_printf(sc->sc_dev, "add_aux_sta failed\n");
4844 goto error;
4845 }
4846
4847 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
4848 /*
4849 * The channel used here isn't relevant as it's
4850 * going to be overwritten in the other flows.
4851 * For now use the first channel we have.
4852 */
4853 if ((error = iwm_phy_ctxt_add(sc,
4854 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
4855 goto error;
4856 }
4857
4858 /* Initialize tx backoffs to the minimum. */
4859 if (sc->cfg->device_family == IWM_DEVICE_FAMILY_7000)
4860 iwm_tt_tx_backoff(sc, 0);
4861
4862 if (iwm_config_ltr(sc) != 0)
4863 device_printf(sc->sc_dev, "PCIe LTR configuration failed\n");
4864
4865 error = iwm_power_update_device(sc);
4866 if (error)
4867 goto error;
4868
4869 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0)
4870 goto error;
4871
4872 if (iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) {
4873 if ((error = iwm_config_umac_scan(sc)) != 0)
4874 goto error;
4875 }
4876
4877 /* Enable Tx queues. */
4878 for (ac = 0; ac < WME_NUM_AC; ac++) {
4879 error = iwm_enable_txq(sc, IWM_STATION_ID, ac,
4880 iwm_ac_to_tx_fifo[ac]);
4881 if (error)
4882 goto error;
4883 }
4884
4885 if ((error = iwm_disable_beacon_filter(sc)) != 0) {
4886 device_printf(sc->sc_dev, "failed to disable beacon filter\n");
4887 goto error;
4888 }
4889
4890 return 0;
4891
4892 error:
4893 iwm_stop_device(sc);
4894 return error;
4895 }
4896
4897 /* Allow multicast from our BSSID. */
4898 static int
iwm_allow_mcast(struct ieee80211vap * vap,struct iwm_softc * sc)4899 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
4900 {
4901 struct ieee80211_node *ni = vap->iv_bss;
4902 struct iwm_mcast_filter_cmd *cmd;
4903 size_t size;
4904 int error;
4905
4906 size = roundup(sizeof(*cmd), 4);
4907 cmd = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO);
4908 if (cmd == NULL)
4909 return ENOMEM;
4910 cmd->filter_own = 1;
4911 cmd->port_id = 0;
4912 cmd->count = 0;
4913 cmd->pass_all = 1;
4914 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
4915
4916 error = iwm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
4917 IWM_CMD_SYNC, size, cmd);
4918 free(cmd, M_DEVBUF);
4919
4920 return (error);
4921 }
4922
4923 /*
4924 * ifnet interfaces
4925 */
4926
4927 static void
iwm_init(struct iwm_softc * sc)4928 iwm_init(struct iwm_softc *sc)
4929 {
4930 int error;
4931
4932 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
4933 return;
4934 }
4935 sc->sc_generation++;
4936 sc->sc_flags &= ~IWM_FLAG_STOPPED;
4937
4938 if ((error = iwm_init_hw(sc)) != 0) {
4939 printf("iwm_init_hw failed %d\n", error);
4940 iwm_stop(sc);
4941 return;
4942 }
4943
4944 /*
4945 * Ok, firmware loaded and we are jogging
4946 */
4947 sc->sc_flags |= IWM_FLAG_HW_INITED;
4948 }
4949
4950 static int
iwm_transmit(struct ieee80211com * ic,struct mbuf * m)4951 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
4952 {
4953 struct iwm_softc *sc;
4954 int error;
4955
4956 sc = ic->ic_softc;
4957
4958 IWM_LOCK(sc);
4959 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
4960 IWM_UNLOCK(sc);
4961 return (ENXIO);
4962 }
4963 error = mbufq_enqueue(&sc->sc_snd, m);
4964 if (error) {
4965 IWM_UNLOCK(sc);
4966 return (error);
4967 }
4968 iwm_start(sc);
4969 IWM_UNLOCK(sc);
4970 return (0);
4971 }
4972
4973 /*
4974 * Dequeue packets from sendq and call send.
4975 */
4976 static void
iwm_start(struct iwm_softc * sc)4977 iwm_start(struct iwm_softc *sc)
4978 {
4979 struct ieee80211_node *ni;
4980 struct mbuf *m;
4981 int ac = 0;
4982
4983 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
4984 while (sc->qfullmsk == 0 &&
4985 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
4986 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
4987 if (iwm_tx(sc, m, ni, ac) != 0) {
4988 if_inc_counter(ni->ni_vap->iv_ifp,
4989 IFCOUNTER_OERRORS, 1);
4990 ieee80211_free_node(ni);
4991 continue;
4992 }
4993 if (sc->sc_tx_timer == 0) {
4994 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog,
4995 sc);
4996 }
4997 sc->sc_tx_timer = 15;
4998 }
4999 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
5000 }
5001
5002 static void
iwm_stop(struct iwm_softc * sc)5003 iwm_stop(struct iwm_softc *sc)
5004 {
5005
5006 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
5007 sc->sc_flags |= IWM_FLAG_STOPPED;
5008 sc->sc_generation++;
5009 iwm_led_blink_stop(sc);
5010 sc->sc_tx_timer = 0;
5011 iwm_stop_device(sc);
5012 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5013 }
5014
5015 static void
iwm_watchdog(void * arg)5016 iwm_watchdog(void *arg)
5017 {
5018 struct iwm_softc *sc = arg;
5019 struct ieee80211com *ic = &sc->sc_ic;
5020
5021 if (sc->sc_attached == 0)
5022 return;
5023
5024 if (sc->sc_tx_timer > 0) {
5025 if (--sc->sc_tx_timer == 0) {
5026 device_printf(sc->sc_dev, "device timeout\n");
5027 #ifdef IWM_DEBUG
5028 iwm_nic_error(sc);
5029 #endif
5030 ieee80211_restart_all(ic);
5031 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
5032 return;
5033 }
5034 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
5035 }
5036 }
5037
5038 static void
iwm_parent(struct ieee80211com * ic)5039 iwm_parent(struct ieee80211com *ic)
5040 {
5041 struct iwm_softc *sc = ic->ic_softc;
5042 int startall = 0;
5043 int rfkill = 0;
5044
5045 IWM_LOCK(sc);
5046 if (ic->ic_nrunning > 0) {
5047 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
5048 iwm_init(sc);
5049 rfkill = iwm_check_rfkill(sc);
5050 if (!rfkill)
5051 startall = 1;
5052 }
5053 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
5054 iwm_stop(sc);
5055 IWM_UNLOCK(sc);
5056 if (startall)
5057 ieee80211_start_all(ic);
5058 else if (rfkill)
5059 taskqueue_enqueue(sc->sc_tq, &sc->sc_rftoggle_task);
5060 }
5061
5062 static void
iwm_rftoggle_task(void * arg,int npending __unused)5063 iwm_rftoggle_task(void *arg, int npending __unused)
5064 {
5065 struct iwm_softc *sc = arg;
5066 struct ieee80211com *ic = &sc->sc_ic;
5067 int rfkill;
5068
5069 IWM_LOCK(sc);
5070 rfkill = iwm_check_rfkill(sc);
5071 IWM_UNLOCK(sc);
5072 if (rfkill) {
5073 device_printf(sc->sc_dev,
5074 "%s: rfkill switch, disabling interface\n", __func__);
5075 ieee80211_suspend_all(ic);
5076 ieee80211_notify_radio(ic, 0);
5077 } else {
5078 device_printf(sc->sc_dev,
5079 "%s: rfkill cleared, re-enabling interface\n", __func__);
5080 ieee80211_resume_all(ic);
5081 ieee80211_notify_radio(ic, 1);
5082 }
5083 }
5084
5085 /*
5086 * The interrupt side of things
5087 */
5088
5089 /*
5090 * error dumping routines are from iwlwifi/mvm/utils.c
5091 */
5092
5093 /*
5094 * Note: This structure is read from the device with IO accesses,
5095 * and the reading already does the endian conversion. As it is
5096 * read with uint32_t-sized accesses, any members with a different size
5097 * need to be ordered correctly though!
5098 */
5099 struct iwm_error_event_table {
5100 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5101 uint32_t error_id; /* type of error */
5102 uint32_t trm_hw_status0; /* TRM HW status */
5103 uint32_t trm_hw_status1; /* TRM HW status */
5104 uint32_t blink2; /* branch link */
5105 uint32_t ilink1; /* interrupt link */
5106 uint32_t ilink2; /* interrupt link */
5107 uint32_t data1; /* error-specific data */
5108 uint32_t data2; /* error-specific data */
5109 uint32_t data3; /* error-specific data */
5110 uint32_t bcon_time; /* beacon timer */
5111 uint32_t tsf_low; /* network timestamp function timer */
5112 uint32_t tsf_hi; /* network timestamp function timer */
5113 uint32_t gp1; /* GP1 timer register */
5114 uint32_t gp2; /* GP2 timer register */
5115 uint32_t fw_rev_type; /* firmware revision type */
5116 uint32_t major; /* uCode version major */
5117 uint32_t minor; /* uCode version minor */
5118 uint32_t hw_ver; /* HW Silicon version */
5119 uint32_t brd_ver; /* HW board version */
5120 uint32_t log_pc; /* log program counter */
5121 uint32_t frame_ptr; /* frame pointer */
5122 uint32_t stack_ptr; /* stack pointer */
5123 uint32_t hcmd; /* last host command header */
5124 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
5125 * rxtx_flag */
5126 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
5127 * host_flag */
5128 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
5129 * enc_flag */
5130 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
5131 * time_flag */
5132 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
5133 * wico interrupt */
5134 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */
5135 uint32_t wait_event; /* wait event() caller address */
5136 uint32_t l2p_control; /* L2pControlField */
5137 uint32_t l2p_duration; /* L2pDurationField */
5138 uint32_t l2p_mhvalid; /* L2pMhValidBits */
5139 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
5140 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
5141 * (LMPM_PMG_SEL) */
5142 uint32_t u_timestamp; /* indicate when the date and time of the
5143 * compilation */
5144 uint32_t flow_handler; /* FH read/write pointers, RX credit */
5145 } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */;
5146
5147 /*
5148 * UMAC error struct - relevant starting from family 8000 chip.
5149 * Note: This structure is read from the device with IO accesses,
5150 * and the reading already does the endian conversion. As it is
5151 * read with u32-sized accesses, any members with a different size
5152 * need to be ordered correctly though!
5153 */
5154 struct iwm_umac_error_event_table {
5155 uint32_t valid; /* (nonzero) valid, (0) log is empty */
5156 uint32_t error_id; /* type of error */
5157 uint32_t blink1; /* branch link */
5158 uint32_t blink2; /* branch link */
5159 uint32_t ilink1; /* interrupt link */
5160 uint32_t ilink2; /* interrupt link */
5161 uint32_t data1; /* error-specific data */
5162 uint32_t data2; /* error-specific data */
5163 uint32_t data3; /* error-specific data */
5164 uint32_t umac_major;
5165 uint32_t umac_minor;
5166 uint32_t frame_pointer; /* core register 27*/
5167 uint32_t stack_pointer; /* core register 28 */
5168 uint32_t cmd_header; /* latest host cmd sent to UMAC */
5169 uint32_t nic_isr_pref; /* ISR status register */
5170 } __packed;
5171
5172 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
5173 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
5174
5175 #ifdef IWM_DEBUG
5176 struct {
5177 const char *name;
5178 uint8_t num;
5179 } advanced_lookup[] = {
5180 { "NMI_INTERRUPT_WDG", 0x34 },
5181 { "SYSASSERT", 0x35 },
5182 { "UCODE_VERSION_MISMATCH", 0x37 },
5183 { "BAD_COMMAND", 0x38 },
5184 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
5185 { "FATAL_ERROR", 0x3D },
5186 { "NMI_TRM_HW_ERR", 0x46 },
5187 { "NMI_INTERRUPT_TRM", 0x4C },
5188 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
5189 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
5190 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
5191 { "NMI_INTERRUPT_HOST", 0x66 },
5192 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
5193 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
5194 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
5195 { "ADVANCED_SYSASSERT", 0 },
5196 };
5197
5198 static const char *
iwm_desc_lookup(uint32_t num)5199 iwm_desc_lookup(uint32_t num)
5200 {
5201 int i;
5202
5203 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
5204 if (advanced_lookup[i].num == num)
5205 return advanced_lookup[i].name;
5206
5207 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
5208 return advanced_lookup[i].name;
5209 }
5210
5211 static void
iwm_nic_umac_error(struct iwm_softc * sc)5212 iwm_nic_umac_error(struct iwm_softc *sc)
5213 {
5214 struct iwm_umac_error_event_table table;
5215 uint32_t base;
5216
5217 base = sc->umac_error_event_table;
5218
5219 if (base < 0x800000) {
5220 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n",
5221 base);
5222 return;
5223 }
5224
5225 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5226 device_printf(sc->sc_dev, "reading errlog failed\n");
5227 return;
5228 }
5229
5230 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5231 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n");
5232 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5233 sc->sc_flags, table.valid);
5234 }
5235
5236 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id,
5237 iwm_desc_lookup(table.error_id));
5238 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1);
5239 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2);
5240 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n",
5241 table.ilink1);
5242 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n",
5243 table.ilink2);
5244 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1);
5245 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2);
5246 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3);
5247 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major);
5248 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor);
5249 device_printf(sc->sc_dev, "0x%08X | frame pointer\n",
5250 table.frame_pointer);
5251 device_printf(sc->sc_dev, "0x%08X | stack pointer\n",
5252 table.stack_pointer);
5253 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header);
5254 device_printf(sc->sc_dev, "0x%08X | isr status reg\n",
5255 table.nic_isr_pref);
5256 }
5257
5258 /*
5259 * Support for dumping the error log seemed like a good idea ...
5260 * but it's mostly hex junk and the only sensible thing is the
5261 * hw/ucode revision (which we know anyway). Since it's here,
5262 * I'll just leave it in, just in case e.g. the Intel guys want to
5263 * help us decipher some "ADVANCED_SYSASSERT" later.
5264 */
5265 static void
iwm_nic_error(struct iwm_softc * sc)5266 iwm_nic_error(struct iwm_softc *sc)
5267 {
5268 struct iwm_error_event_table table;
5269 uint32_t base;
5270
5271 device_printf(sc->sc_dev, "dumping device error log\n");
5272 base = sc->error_event_table[0];
5273 if (base < 0x800000) {
5274 device_printf(sc->sc_dev,
5275 "Invalid error log pointer 0x%08x\n", base);
5276 return;
5277 }
5278
5279 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5280 device_printf(sc->sc_dev, "reading errlog failed\n");
5281 return;
5282 }
5283
5284 if (!table.valid) {
5285 device_printf(sc->sc_dev, "errlog not found, skipping\n");
5286 return;
5287 }
5288
5289 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5290 device_printf(sc->sc_dev, "Start Error Log Dump:\n");
5291 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5292 sc->sc_flags, table.valid);
5293 }
5294
5295 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
5296 iwm_desc_lookup(table.error_id));
5297 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n",
5298 table.trm_hw_status0);
5299 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n",
5300 table.trm_hw_status1);
5301 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
5302 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
5303 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
5304 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
5305 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
5306 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
5307 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
5308 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
5309 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
5310 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
5311 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
5312 device_printf(sc->sc_dev, "%08X | uCode revision type\n",
5313 table.fw_rev_type);
5314 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major);
5315 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor);
5316 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
5317 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
5318 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
5319 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
5320 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
5321 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
5322 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
5323 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
5324 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id);
5325 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
5326 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
5327 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
5328 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
5329 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
5330 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
5331 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
5332 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
5333
5334 if (sc->umac_error_event_table)
5335 iwm_nic_umac_error(sc);
5336 }
5337 #endif
5338
5339 static void
iwm_handle_rxb(struct iwm_softc * sc,struct mbuf * m)5340 iwm_handle_rxb(struct iwm_softc *sc, struct mbuf *m)
5341 {
5342 struct ieee80211com *ic = &sc->sc_ic;
5343 struct iwm_cmd_response *cresp;
5344 struct mbuf *m1;
5345 uint32_t offset = 0;
5346 uint32_t maxoff = IWM_RBUF_SIZE;
5347 uint32_t nextoff;
5348 boolean_t stolen = FALSE;
5349
5350 #define HAVEROOM(a) \
5351 ((a) + sizeof(uint32_t) + sizeof(struct iwm_cmd_header) < maxoff)
5352
5353 while (HAVEROOM(offset)) {
5354 struct iwm_rx_packet *pkt = mtodoff(m, struct iwm_rx_packet *,
5355 offset);
5356 int qid, idx, code, len;
5357
5358 qid = pkt->hdr.qid;
5359 idx = pkt->hdr.idx;
5360
5361 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code);
5362
5363 /*
5364 * randomly get these from the firmware, no idea why.
5365 * they at least seem harmless, so just ignore them for now
5366 */
5367 if ((pkt->hdr.code == 0 && (qid & ~0x80) == 0 && idx == 0) ||
5368 pkt->len_n_flags == htole32(IWM_FH_RSCSR_FRAME_INVALID)) {
5369 break;
5370 }
5371
5372 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5373 "rx packet qid=%d idx=%d type=%x\n",
5374 qid & ~0x80, pkt->hdr.idx, code);
5375
5376 len = iwm_rx_packet_len(pkt);
5377 len += sizeof(uint32_t); /* account for status word */
5378 nextoff = offset + roundup2(len, IWM_FH_RSCSR_FRAME_ALIGN);
5379
5380 iwm_notification_wait_notify(sc->sc_notif_wait, code, pkt);
5381
5382 switch (code) {
5383 case IWM_REPLY_RX_PHY_CMD:
5384 iwm_rx_rx_phy_cmd(sc, pkt);
5385 break;
5386
5387 case IWM_REPLY_RX_MPDU_CMD: {
5388 /*
5389 * If this is the last frame in the RX buffer, we
5390 * can directly feed the mbuf to the sharks here.
5391 */
5392 struct iwm_rx_packet *nextpkt = mtodoff(m,
5393 struct iwm_rx_packet *, nextoff);
5394 if (!HAVEROOM(nextoff) ||
5395 (nextpkt->hdr.code == 0 &&
5396 (nextpkt->hdr.qid & ~0x80) == 0 &&
5397 nextpkt->hdr.idx == 0) ||
5398 (nextpkt->len_n_flags ==
5399 htole32(IWM_FH_RSCSR_FRAME_INVALID))) {
5400 if (iwm_rx_mpdu(sc, m, offset, stolen)) {
5401 stolen = FALSE;
5402 /* Make sure we abort the loop */
5403 nextoff = maxoff;
5404 }
5405 break;
5406 }
5407
5408 /*
5409 * Use m_copym instead of m_split, because that
5410 * makes it easier to keep a valid rx buffer in
5411 * the ring, when iwm_rx_mpdu() fails.
5412 *
5413 * We need to start m_copym() at offset 0, to get the
5414 * M_PKTHDR flag preserved.
5415 */
5416 m1 = m_copym(m, 0, M_COPYALL, M_NOWAIT);
5417 if (m1) {
5418 if (iwm_rx_mpdu(sc, m1, offset, stolen))
5419 stolen = TRUE;
5420 else
5421 m_freem(m1);
5422 }
5423 break;
5424 }
5425
5426 case IWM_TX_CMD:
5427 iwm_rx_tx_cmd(sc, pkt);
5428 break;
5429
5430 case IWM_MISSED_BEACONS_NOTIFICATION: {
5431 struct iwm_missed_beacons_notif *resp;
5432 int missed;
5433
5434 /* XXX look at mac_id to determine interface ID */
5435 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5436
5437 resp = (void *)pkt->data;
5438 missed = le32toh(resp->consec_missed_beacons);
5439
5440 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
5441 "%s: MISSED_BEACON: mac_id=%d, "
5442 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
5443 "num_rx=%d\n",
5444 __func__,
5445 le32toh(resp->mac_id),
5446 le32toh(resp->consec_missed_beacons_since_last_rx),
5447 le32toh(resp->consec_missed_beacons),
5448 le32toh(resp->num_expected_beacons),
5449 le32toh(resp->num_recvd_beacons));
5450
5451 /* Be paranoid */
5452 if (vap == NULL)
5453 break;
5454
5455 /* XXX no net80211 locking? */
5456 if (vap->iv_state == IEEE80211_S_RUN &&
5457 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
5458 if (missed > vap->iv_bmissthreshold) {
5459 /* XXX bad locking; turn into task */
5460 IWM_UNLOCK(sc);
5461 ieee80211_beacon_miss(ic);
5462 IWM_LOCK(sc);
5463 }
5464 }
5465
5466 break;
5467 }
5468
5469 case IWM_MFUART_LOAD_NOTIFICATION:
5470 break;
5471
5472 case IWM_ALIVE:
5473 break;
5474
5475 case IWM_CALIB_RES_NOTIF_PHY_DB:
5476 break;
5477
5478 case IWM_STATISTICS_NOTIFICATION:
5479 iwm_handle_rx_statistics(sc, pkt);
5480 break;
5481
5482 case IWM_NVM_ACCESS_CMD:
5483 case IWM_MCC_UPDATE_CMD:
5484 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) {
5485 memcpy(sc->sc_cmd_resp,
5486 pkt, sizeof(sc->sc_cmd_resp));
5487 }
5488 break;
5489
5490 case IWM_MCC_CHUB_UPDATE_CMD: {
5491 struct iwm_mcc_chub_notif *notif;
5492 notif = (void *)pkt->data;
5493
5494 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8;
5495 sc->sc_fw_mcc[1] = notif->mcc & 0xff;
5496 sc->sc_fw_mcc[2] = '\0';
5497 IWM_DPRINTF(sc, IWM_DEBUG_LAR,
5498 "fw source %d sent CC '%s'\n",
5499 notif->source_id, sc->sc_fw_mcc);
5500 break;
5501 }
5502
5503 case IWM_DTS_MEASUREMENT_NOTIFICATION:
5504 case IWM_WIDE_ID(IWM_PHY_OPS_GROUP,
5505 IWM_DTS_MEASUREMENT_NOTIF_WIDE): {
5506 struct iwm_dts_measurement_notif_v1 *notif;
5507
5508 if (iwm_rx_packet_payload_len(pkt) < sizeof(*notif)) {
5509 device_printf(sc->sc_dev,
5510 "Invalid DTS_MEASUREMENT_NOTIFICATION\n");
5511 break;
5512 }
5513 notif = (void *)pkt->data;
5514 IWM_DPRINTF(sc, IWM_DEBUG_TEMP,
5515 "IWM_DTS_MEASUREMENT_NOTIFICATION - %d\n",
5516 notif->temp);
5517 break;
5518 }
5519
5520 case IWM_PHY_CONFIGURATION_CMD:
5521 case IWM_TX_ANT_CONFIGURATION_CMD:
5522 case IWM_ADD_STA:
5523 case IWM_MAC_CONTEXT_CMD:
5524 case IWM_REPLY_SF_CFG_CMD:
5525 case IWM_POWER_TABLE_CMD:
5526 case IWM_LTR_CONFIG:
5527 case IWM_PHY_CONTEXT_CMD:
5528 case IWM_BINDING_CONTEXT_CMD:
5529 case IWM_TIME_EVENT_CMD:
5530 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD):
5531 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC):
5532 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_ABORT_UMAC):
5533 case IWM_SCAN_OFFLOAD_REQUEST_CMD:
5534 case IWM_SCAN_OFFLOAD_ABORT_CMD:
5535 case IWM_REPLY_BEACON_FILTERING_CMD:
5536 case IWM_MAC_PM_POWER_TABLE:
5537 case IWM_TIME_QUOTA_CMD:
5538 case IWM_REMOVE_STA:
5539 case IWM_TXPATH_FLUSH:
5540 case IWM_LQ_CMD:
5541 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP,
5542 IWM_FW_PAGING_BLOCK_CMD):
5543 case IWM_BT_CONFIG:
5544 case IWM_REPLY_THERMAL_MNG_BACKOFF:
5545 cresp = (void *)pkt->data;
5546 if (sc->sc_wantresp == (((qid & ~0x80) << 16) | idx)) {
5547 memcpy(sc->sc_cmd_resp,
5548 pkt, sizeof(*pkt)+sizeof(*cresp));
5549 }
5550 break;
5551
5552 /* ignore */
5553 case IWM_PHY_DB_CMD:
5554 break;
5555
5556 case IWM_INIT_COMPLETE_NOTIF:
5557 break;
5558
5559 case IWM_SCAN_OFFLOAD_COMPLETE:
5560 iwm_rx_lmac_scan_complete_notif(sc, pkt);
5561 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5562 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5563 ieee80211_runtask(ic, &sc->sc_es_task);
5564 }
5565 break;
5566
5567 case IWM_SCAN_ITERATION_COMPLETE: {
5568 struct iwm_lmac_scan_complete_notif *notif;
5569 notif = (void *)pkt->data;
5570 break;
5571 }
5572
5573 case IWM_SCAN_COMPLETE_UMAC:
5574 iwm_rx_umac_scan_complete_notif(sc, pkt);
5575 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
5576 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
5577 ieee80211_runtask(ic, &sc->sc_es_task);
5578 }
5579 break;
5580
5581 case IWM_SCAN_ITERATION_COMPLETE_UMAC: {
5582 struct iwm_umac_scan_iter_complete_notif *notif;
5583 notif = (void *)pkt->data;
5584
5585 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration "
5586 "complete, status=0x%x, %d channels scanned\n",
5587 notif->status, notif->scanned_channels);
5588 break;
5589 }
5590
5591 case IWM_REPLY_ERROR: {
5592 struct iwm_error_resp *resp;
5593 resp = (void *)pkt->data;
5594
5595 device_printf(sc->sc_dev,
5596 "firmware error 0x%x, cmd 0x%x\n",
5597 le32toh(resp->error_type),
5598 resp->cmd_id);
5599 break;
5600 }
5601
5602 case IWM_TIME_EVENT_NOTIFICATION:
5603 iwm_rx_time_event_notif(sc, pkt);
5604 break;
5605
5606 /*
5607 * Firmware versions 21 and 22 generate some DEBUG_LOG_MSG
5608 * messages. Just ignore them for now.
5609 */
5610 case IWM_DEBUG_LOG_MSG:
5611 break;
5612
5613 case IWM_MCAST_FILTER_CMD:
5614 break;
5615
5616 case IWM_SCD_QUEUE_CFG: {
5617 struct iwm_scd_txq_cfg_rsp *rsp;
5618 rsp = (void *)pkt->data;
5619
5620 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
5621 "queue cfg token=0x%x sta_id=%d "
5622 "tid=%d scd_queue=%d\n",
5623 rsp->token, rsp->sta_id, rsp->tid,
5624 rsp->scd_queue);
5625 break;
5626 }
5627
5628 default:
5629 device_printf(sc->sc_dev,
5630 "code %x, frame %d/%d %x unhandled\n",
5631 code, qid & ~0x80, idx, pkt->len_n_flags);
5632 break;
5633 }
5634
5635 /*
5636 * Why test bit 0x80? The Linux driver:
5637 *
5638 * There is one exception: uCode sets bit 15 when it
5639 * originates the response/notification, i.e. when the
5640 * response/notification is not a direct response to a
5641 * command sent by the driver. For example, uCode issues
5642 * IWM_REPLY_RX when it sends a received frame to the driver;
5643 * it is not a direct response to any driver command.
5644 *
5645 * Ok, so since when is 7 == 15? Well, the Linux driver
5646 * uses a slightly different format for pkt->hdr, and "qid"
5647 * is actually the upper byte of a two-byte field.
5648 */
5649 if (!(qid & (1 << 7)))
5650 iwm_cmd_done(sc, pkt);
5651
5652 offset = nextoff;
5653 }
5654 if (stolen)
5655 m_freem(m);
5656 #undef HAVEROOM
5657 }
5658
5659 /*
5660 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
5661 * Basic structure from if_iwn
5662 */
5663 static void
iwm_notif_intr(struct iwm_softc * sc)5664 iwm_notif_intr(struct iwm_softc *sc)
5665 {
5666 int count;
5667 uint32_t wreg;
5668 uint16_t hw;
5669
5670 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
5671 BUS_DMASYNC_POSTREAD);
5672
5673 if (sc->cfg->mqrx_supported) {
5674 count = IWM_RX_MQ_RING_COUNT;
5675 wreg = IWM_RFH_Q0_FRBDCB_WIDX_TRG;
5676 } else {
5677 count = IWM_RX_LEGACY_RING_COUNT;
5678 wreg = IWM_FH_RSCSR_CHNL0_WPTR;
5679 }
5680
5681 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
5682
5683 /*
5684 * Process responses
5685 */
5686 while (sc->rxq.cur != hw) {
5687 struct iwm_rx_ring *ring = &sc->rxq;
5688 struct iwm_rx_data *data = &ring->data[ring->cur];
5689
5690 bus_dmamap_sync(ring->data_dmat, data->map,
5691 BUS_DMASYNC_POSTREAD);
5692
5693 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5694 "%s: hw = %d cur = %d\n", __func__, hw, ring->cur);
5695 iwm_handle_rxb(sc, data->m);
5696
5697 ring->cur = (ring->cur + 1) % count;
5698 }
5699
5700 /*
5701 * Tell the firmware that it can reuse the ring entries that
5702 * we have just processed.
5703 * Seems like the hardware gets upset unless we align
5704 * the write by 8??
5705 */
5706 hw = (hw == 0) ? count - 1 : hw - 1;
5707 IWM_WRITE(sc, wreg, rounddown2(hw, 8));
5708 }
5709
5710 static void
iwm_intr(void * arg)5711 iwm_intr(void *arg)
5712 {
5713 struct iwm_softc *sc = arg;
5714 int handled = 0;
5715 int r1, r2;
5716 int isperiodic = 0;
5717
5718 IWM_LOCK(sc);
5719 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
5720
5721 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
5722 uint32_t *ict = sc->ict_dma.vaddr;
5723 int tmp;
5724
5725 tmp = htole32(ict[sc->ict_cur]);
5726 if (!tmp)
5727 goto out_ena;
5728
5729 /*
5730 * ok, there was something. keep plowing until we have all.
5731 */
5732 r1 = r2 = 0;
5733 while (tmp) {
5734 r1 |= tmp;
5735 ict[sc->ict_cur] = 0;
5736 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
5737 tmp = htole32(ict[sc->ict_cur]);
5738 }
5739
5740 /* this is where the fun begins. don't ask */
5741 if (r1 == 0xffffffff)
5742 r1 = 0;
5743
5744 /* i am not expected to understand this */
5745 if (r1 & 0xc0000)
5746 r1 |= 0x8000;
5747 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
5748 } else {
5749 r1 = IWM_READ(sc, IWM_CSR_INT);
5750 /* "hardware gone" (where, fishing?) */
5751 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
5752 goto out;
5753 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
5754 }
5755 if (r1 == 0 && r2 == 0) {
5756 goto out_ena;
5757 }
5758
5759 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
5760
5761 /* Safely ignore these bits for debug checks below */
5762 r1 &= ~(IWM_CSR_INT_BIT_ALIVE | IWM_CSR_INT_BIT_SCD);
5763
5764 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
5765 int i;
5766 struct ieee80211com *ic = &sc->sc_ic;
5767 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5768
5769 #ifdef IWM_DEBUG
5770 iwm_nic_error(sc);
5771 #endif
5772 /* Dump driver status (TX and RX rings) while we're here. */
5773 device_printf(sc->sc_dev, "driver status:\n");
5774 for (i = 0; i < IWM_MAX_QUEUES; i++) {
5775 struct iwm_tx_ring *ring = &sc->txq[i];
5776 device_printf(sc->sc_dev,
5777 " tx ring %2d: qid=%-2d cur=%-3d "
5778 "queued=%-3d\n",
5779 i, ring->qid, ring->cur, ring->queued);
5780 }
5781 device_printf(sc->sc_dev,
5782 " rx ring: cur=%d\n", sc->rxq.cur);
5783 device_printf(sc->sc_dev,
5784 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state);
5785
5786 /* Reset our firmware state tracking. */
5787 sc->sc_firmware_state = 0;
5788 /* Don't stop the device; just do a VAP restart */
5789 IWM_UNLOCK(sc);
5790
5791 if (vap == NULL) {
5792 printf("%s: null vap\n", __func__);
5793 return;
5794 }
5795
5796 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; "
5797 "restarting\n", __func__, vap->iv_state);
5798
5799 ieee80211_restart_all(ic);
5800 return;
5801 }
5802
5803 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
5804 handled |= IWM_CSR_INT_BIT_HW_ERR;
5805 device_printf(sc->sc_dev, "hardware error, stopping device\n");
5806 iwm_stop(sc);
5807 goto out;
5808 }
5809
5810 /* firmware chunk loaded */
5811 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
5812 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
5813 handled |= IWM_CSR_INT_BIT_FH_TX;
5814 sc->sc_fw_chunk_done = 1;
5815 wakeup(&sc->sc_fw);
5816 }
5817
5818 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
5819 handled |= IWM_CSR_INT_BIT_RF_KILL;
5820 taskqueue_enqueue(sc->sc_tq, &sc->sc_rftoggle_task);
5821 }
5822
5823 /*
5824 * The Linux driver uses periodic interrupts to avoid races.
5825 * We cargo-cult like it's going out of fashion.
5826 */
5827 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
5828 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
5829 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
5830 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
5831 IWM_WRITE_1(sc,
5832 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
5833 isperiodic = 1;
5834 }
5835
5836 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
5837 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
5838 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
5839
5840 iwm_notif_intr(sc);
5841
5842 /* enable periodic interrupt, see above */
5843 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
5844 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
5845 IWM_CSR_INT_PERIODIC_ENA);
5846 }
5847
5848 if (__predict_false(r1 & ~handled))
5849 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5850 "%s: unhandled interrupts: %x\n", __func__, r1);
5851 out_ena:
5852 iwm_restore_interrupts(sc);
5853 out:
5854 IWM_UNLOCK(sc);
5855 return;
5856 }
5857
5858 /*
5859 * Autoconf glue-sniffing
5860 */
5861 #define PCI_VENDOR_INTEL 0x8086
5862 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
5863 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
5864 #define PCI_PRODUCT_INTEL_WL_3165_1 0x3165
5865 #define PCI_PRODUCT_INTEL_WL_3165_2 0x3166
5866 #define PCI_PRODUCT_INTEL_WL_3168_1 0x24fb
5867 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
5868 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
5869 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
5870 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
5871 #define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3
5872 #define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4
5873 #define PCI_PRODUCT_INTEL_WL_8265_1 0x24fd
5874 #define PCI_PRODUCT_INTEL_WL_9560_1 0x9df0
5875 #define PCI_PRODUCT_INTEL_WL_9560_2 0xa370
5876 #define PCI_PRODUCT_INTEL_WL_9560_3 0x31dc
5877 #define PCI_PRODUCT_INTEL_WL_9260_1 0x2526
5878
5879 static const struct iwm_devices {
5880 uint16_t device;
5881 const struct iwm_cfg *cfg;
5882 } iwm_devices[] = {
5883 { PCI_PRODUCT_INTEL_WL_3160_1, &iwm3160_cfg },
5884 { PCI_PRODUCT_INTEL_WL_3160_2, &iwm3160_cfg },
5885 { PCI_PRODUCT_INTEL_WL_3165_1, &iwm3165_cfg },
5886 { PCI_PRODUCT_INTEL_WL_3165_2, &iwm3165_cfg },
5887 { PCI_PRODUCT_INTEL_WL_3168_1, &iwm3168_cfg },
5888 { PCI_PRODUCT_INTEL_WL_7260_1, &iwm7260_cfg },
5889 { PCI_PRODUCT_INTEL_WL_7260_2, &iwm7260_cfg },
5890 { PCI_PRODUCT_INTEL_WL_7265_1, &iwm7265_cfg },
5891 { PCI_PRODUCT_INTEL_WL_7265_2, &iwm7265_cfg },
5892 { PCI_PRODUCT_INTEL_WL_8260_1, &iwm8260_cfg },
5893 { PCI_PRODUCT_INTEL_WL_8260_2, &iwm8260_cfg },
5894 { PCI_PRODUCT_INTEL_WL_8265_1, &iwm8265_cfg },
5895 { PCI_PRODUCT_INTEL_WL_9560_1, &iwm9560_cfg },
5896 { PCI_PRODUCT_INTEL_WL_9560_2, &iwm9560_cfg },
5897 { PCI_PRODUCT_INTEL_WL_9560_3, &iwm9560_cfg },
5898 { PCI_PRODUCT_INTEL_WL_9260_1, &iwm9260_cfg },
5899 };
5900
5901 static int
iwm_probe(device_t dev)5902 iwm_probe(device_t dev)
5903 {
5904 int i;
5905
5906 for (i = 0; i < nitems(iwm_devices); i++) {
5907 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
5908 pci_get_device(dev) == iwm_devices[i].device) {
5909 device_set_desc(dev, iwm_devices[i].cfg->name);
5910 return (BUS_PROBE_DEFAULT);
5911 }
5912 }
5913
5914 return (ENXIO);
5915 }
5916
5917 static int
iwm_dev_check(device_t dev)5918 iwm_dev_check(device_t dev)
5919 {
5920 struct iwm_softc *sc;
5921 uint16_t devid;
5922 int i;
5923
5924 sc = device_get_softc(dev);
5925
5926 devid = pci_get_device(dev);
5927 for (i = 0; i < nitems(iwm_devices); i++) {
5928 if (iwm_devices[i].device == devid) {
5929 sc->cfg = iwm_devices[i].cfg;
5930 return (0);
5931 }
5932 }
5933 device_printf(dev, "unknown adapter type\n");
5934 return ENXIO;
5935 }
5936
5937 /* PCI registers */
5938 #define PCI_CFG_RETRY_TIMEOUT 0x041
5939
5940 static int
iwm_pci_attach(device_t dev)5941 iwm_pci_attach(device_t dev)
5942 {
5943 struct iwm_softc *sc;
5944 int count, error, rid;
5945 uint16_t reg;
5946
5947 sc = device_get_softc(dev);
5948
5949 /* We disable the RETRY_TIMEOUT register (0x41) to keep
5950 * PCI Tx retries from interfering with C3 CPU state */
5951 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
5952
5953 /* Enable bus-mastering and hardware bug workaround. */
5954 pci_enable_busmaster(dev);
5955 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
5956 /* if !MSI */
5957 if (reg & PCIM_STATUS_INTxSTATE) {
5958 reg &= ~PCIM_STATUS_INTxSTATE;
5959 }
5960 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
5961
5962 rid = PCIR_BAR(0);
5963 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
5964 RF_ACTIVE);
5965 if (sc->sc_mem == NULL) {
5966 device_printf(sc->sc_dev, "can't map mem space\n");
5967 return (ENXIO);
5968 }
5969 sc->sc_st = rman_get_bustag(sc->sc_mem);
5970 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
5971
5972 /* Install interrupt handler. */
5973 count = 1;
5974 rid = 0;
5975 if (pci_alloc_msi(dev, &count) == 0)
5976 rid = 1;
5977 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
5978 (rid != 0 ? 0 : RF_SHAREABLE));
5979 if (sc->sc_irq == NULL) {
5980 device_printf(dev, "can't map interrupt\n");
5981 return (ENXIO);
5982 }
5983 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
5984 NULL, iwm_intr, sc, &sc->sc_ih);
5985 if (error != 0) {
5986 device_printf(dev, "can't establish interrupt");
5987 return (error);
5988 }
5989 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
5990
5991 return (0);
5992 }
5993
5994 static void
iwm_pci_detach(device_t dev)5995 iwm_pci_detach(device_t dev)
5996 {
5997 struct iwm_softc *sc = device_get_softc(dev);
5998
5999 if (sc->sc_irq != NULL) {
6000 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
6001 bus_release_resource(dev, SYS_RES_IRQ,
6002 rman_get_rid(sc->sc_irq), sc->sc_irq);
6003 pci_release_msi(dev);
6004 }
6005 if (sc->sc_mem != NULL)
6006 bus_release_resource(dev, SYS_RES_MEMORY,
6007 rman_get_rid(sc->sc_mem), sc->sc_mem);
6008 }
6009
6010 static int
iwm_attach(device_t dev)6011 iwm_attach(device_t dev)
6012 {
6013 struct iwm_softc *sc = device_get_softc(dev);
6014 struct ieee80211com *ic = &sc->sc_ic;
6015 int error;
6016 int txq_i, i;
6017
6018 sc->sc_dev = dev;
6019 sc->sc_attached = 1;
6020 IWM_LOCK_INIT(sc);
6021 mbufq_init(&sc->sc_snd, ifqmaxlen);
6022 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
6023 callout_init_mtx(&sc->sc_led_blink_to, &sc->sc_mtx, 0);
6024 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
6025 TASK_INIT(&sc->sc_rftoggle_task, 0, iwm_rftoggle_task, sc);
6026
6027 sc->sc_tq = taskqueue_create("iwm_taskq", M_WAITOK,
6028 taskqueue_thread_enqueue, &sc->sc_tq);
6029 error = taskqueue_start_threads(&sc->sc_tq, 1, 0, "iwm_taskq");
6030 if (error != 0) {
6031 device_printf(dev, "can't start taskq thread, error %d\n",
6032 error);
6033 goto fail;
6034 }
6035
6036 error = iwm_dev_check(dev);
6037 if (error != 0)
6038 goto fail;
6039
6040 sc->sc_notif_wait = iwm_notification_wait_init(sc);
6041 if (sc->sc_notif_wait == NULL) {
6042 device_printf(dev, "failed to init notification wait struct\n");
6043 goto fail;
6044 }
6045
6046 sc->sf_state = IWM_SF_UNINIT;
6047
6048 /* Init phy db */
6049 sc->sc_phy_db = iwm_phy_db_init(sc);
6050 if (!sc->sc_phy_db) {
6051 device_printf(dev, "Cannot init phy_db\n");
6052 goto fail;
6053 }
6054
6055 /* Set EBS as successful as long as not stated otherwise by the FW. */
6056 sc->last_ebs_successful = TRUE;
6057
6058 /* PCI attach */
6059 error = iwm_pci_attach(dev);
6060 if (error != 0)
6061 goto fail;
6062
6063 sc->sc_wantresp = -1;
6064
6065 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
6066 /*
6067 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have
6068 * changed, and now the revision step also includes bit 0-1 (no more
6069 * "dash" value). To keep hw_rev backwards compatible - we'll store it
6070 * in the old format.
6071 */
6072 if (sc->cfg->device_family >= IWM_DEVICE_FAMILY_8000) {
6073 int ret;
6074 uint32_t hw_step;
6075
6076 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) |
6077 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2);
6078
6079 if (iwm_prepare_card_hw(sc) != 0) {
6080 device_printf(dev, "could not initialize hardware\n");
6081 goto fail;
6082 }
6083
6084 /*
6085 * In order to recognize C step the driver should read the
6086 * chip version id located at the AUX bus MISC address.
6087 */
6088 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
6089 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
6090 DELAY(2);
6091
6092 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
6093 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6094 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
6095 25000);
6096 if (!ret) {
6097 device_printf(sc->sc_dev,
6098 "Failed to wake up the nic\n");
6099 goto fail;
6100 }
6101
6102 if (iwm_nic_lock(sc)) {
6103 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG);
6104 hw_step |= IWM_ENABLE_WFPM;
6105 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step);
6106 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG);
6107 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF;
6108 if (hw_step == 0x3)
6109 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) |
6110 (IWM_SILICON_C_STEP << 2);
6111 iwm_nic_unlock(sc);
6112 } else {
6113 device_printf(sc->sc_dev, "Failed to lock the nic\n");
6114 goto fail;
6115 }
6116 }
6117
6118 /* special-case 7265D, it has the same PCI IDs. */
6119 if (sc->cfg == &iwm7265_cfg &&
6120 (sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK) == IWM_CSR_HW_REV_TYPE_7265D) {
6121 sc->cfg = &iwm7265d_cfg;
6122 }
6123
6124 /* Allocate DMA memory for firmware transfers. */
6125 if ((error = iwm_alloc_fwmem(sc)) != 0) {
6126 device_printf(dev, "could not allocate memory for firmware\n");
6127 goto fail;
6128 }
6129
6130 /* Allocate "Keep Warm" page. */
6131 if ((error = iwm_alloc_kw(sc)) != 0) {
6132 device_printf(dev, "could not allocate keep warm page\n");
6133 goto fail;
6134 }
6135
6136 /* We use ICT interrupts */
6137 if ((error = iwm_alloc_ict(sc)) != 0) {
6138 device_printf(dev, "could not allocate ICT table\n");
6139 goto fail;
6140 }
6141
6142 /* Allocate TX scheduler "rings". */
6143 if ((error = iwm_alloc_sched(sc)) != 0) {
6144 device_printf(dev, "could not allocate TX scheduler rings\n");
6145 goto fail;
6146 }
6147
6148 /* Allocate TX rings */
6149 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
6150 if ((error = iwm_alloc_tx_ring(sc,
6151 &sc->txq[txq_i], txq_i)) != 0) {
6152 device_printf(dev,
6153 "could not allocate TX ring %d\n",
6154 txq_i);
6155 goto fail;
6156 }
6157 }
6158
6159 /* Allocate RX ring. */
6160 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
6161 device_printf(dev, "could not allocate RX ring\n");
6162 goto fail;
6163 }
6164
6165 /* Clear pending interrupts. */
6166 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
6167
6168 ic->ic_softc = sc;
6169 ic->ic_name = device_get_nameunit(sc->sc_dev);
6170 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
6171 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
6172
6173 /* Set device capabilities. */
6174 ic->ic_caps =
6175 IEEE80211_C_STA |
6176 IEEE80211_C_WPA | /* WPA/RSN */
6177 IEEE80211_C_WME |
6178 IEEE80211_C_PMGT |
6179 IEEE80211_C_SHSLOT | /* short slot time supported */
6180 IEEE80211_C_SHPREAMBLE /* short preamble supported */
6181 // IEEE80211_C_BGSCAN /* capable of bg scanning */
6182 ;
6183 /* Advertise full-offload scanning */
6184 ic->ic_flags_ext = IEEE80211_FEXT_SCAN_OFFLOAD;
6185 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
6186 sc->sc_phyctxt[i].id = i;
6187 sc->sc_phyctxt[i].color = 0;
6188 sc->sc_phyctxt[i].ref = 0;
6189 sc->sc_phyctxt[i].channel = NULL;
6190 }
6191
6192 /* Default noise floor */
6193 sc->sc_noise = -96;
6194
6195 /* Max RSSI */
6196 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
6197
6198 #ifdef IWM_DEBUG
6199 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
6200 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
6201 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
6202 #endif
6203
6204 error = iwm_read_firmware(sc);
6205 if (error) {
6206 goto fail;
6207 } else if (sc->sc_fw.fw_fp == NULL) {
6208 /*
6209 * XXX Add a solution for properly deferring firmware load
6210 * during bootup.
6211 */
6212 goto fail;
6213 } else {
6214 sc->sc_preinit_hook.ich_func = iwm_preinit;
6215 sc->sc_preinit_hook.ich_arg = sc;
6216 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
6217 device_printf(dev,
6218 "config_intrhook_establish failed\n");
6219 goto fail;
6220 }
6221 }
6222
6223 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6224 "<-%s\n", __func__);
6225
6226 return 0;
6227
6228 /* Free allocated memory if something failed during attachment. */
6229 fail:
6230 iwm_detach_local(sc, 0);
6231
6232 return ENXIO;
6233 }
6234
6235 static int
iwm_is_valid_ether_addr(uint8_t * addr)6236 iwm_is_valid_ether_addr(uint8_t *addr)
6237 {
6238 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 };
6239
6240 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr))
6241 return (FALSE);
6242
6243 return (TRUE);
6244 }
6245
6246 static int
iwm_wme_update(struct ieee80211com * ic)6247 iwm_wme_update(struct ieee80211com *ic)
6248 {
6249 #define IWM_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */
6250 struct iwm_softc *sc = ic->ic_softc;
6251 struct chanAccParams chp;
6252 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6253 struct iwm_vap *ivp = IWM_VAP(vap);
6254 struct iwm_node *in;
6255 struct wmeParams tmp[WME_NUM_AC];
6256 int aci, error;
6257
6258 if (vap == NULL)
6259 return (0);
6260
6261 ieee80211_wme_ic_getparams(ic, &chp);
6262
6263 IEEE80211_LOCK(ic);
6264 for (aci = 0; aci < WME_NUM_AC; aci++)
6265 tmp[aci] = chp.cap_wmeParams[aci];
6266 IEEE80211_UNLOCK(ic);
6267
6268 IWM_LOCK(sc);
6269 for (aci = 0; aci < WME_NUM_AC; aci++) {
6270 const struct wmeParams *ac = &tmp[aci];
6271 ivp->queue_params[aci].aifsn = ac->wmep_aifsn;
6272 ivp->queue_params[aci].cw_min = IWM_EXP2(ac->wmep_logcwmin);
6273 ivp->queue_params[aci].cw_max = IWM_EXP2(ac->wmep_logcwmax);
6274 ivp->queue_params[aci].edca_txop =
6275 IEEE80211_TXOP_TO_US(ac->wmep_txopLimit);
6276 }
6277 ivp->have_wme = TRUE;
6278 if (ivp->is_uploaded && vap->iv_bss != NULL) {
6279 in = IWM_NODE(vap->iv_bss);
6280 if (in->in_assoc) {
6281 if ((error = iwm_mac_ctxt_changed(sc, vap)) != 0) {
6282 device_printf(sc->sc_dev,
6283 "%s: failed to update MAC\n", __func__);
6284 }
6285 }
6286 }
6287 IWM_UNLOCK(sc);
6288
6289 return (0);
6290 #undef IWM_EXP2
6291 }
6292
6293 static void
iwm_preinit(void * arg)6294 iwm_preinit(void *arg)
6295 {
6296 struct iwm_softc *sc = arg;
6297 device_t dev = sc->sc_dev;
6298 struct ieee80211com *ic = &sc->sc_ic;
6299 int error;
6300
6301 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6302 "->%s\n", __func__);
6303
6304 IWM_LOCK(sc);
6305 if ((error = iwm_start_hw(sc)) != 0) {
6306 device_printf(dev, "could not initialize hardware\n");
6307 IWM_UNLOCK(sc);
6308 goto fail;
6309 }
6310
6311 error = iwm_run_init_ucode(sc, 1);
6312 iwm_stop_device(sc);
6313 if (error) {
6314 IWM_UNLOCK(sc);
6315 goto fail;
6316 }
6317 device_printf(dev,
6318 "hw rev 0x%x, fw ver %s, address %s\n",
6319 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
6320 sc->sc_fwver, ether_sprintf(sc->nvm_data->hw_addr));
6321
6322 /* not all hardware can do 5GHz band */
6323 if (!sc->nvm_data->sku_cap_band_52GHz_enable)
6324 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
6325 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
6326 IWM_UNLOCK(sc);
6327
6328 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
6329 ic->ic_channels);
6330
6331 /*
6332 * At this point we've committed - if we fail to do setup,
6333 * we now also have to tear down the net80211 state.
6334 */
6335 ieee80211_ifattach(ic);
6336 ic->ic_vap_create = iwm_vap_create;
6337 ic->ic_vap_delete = iwm_vap_delete;
6338 ic->ic_raw_xmit = iwm_raw_xmit;
6339 ic->ic_node_alloc = iwm_node_alloc;
6340 ic->ic_scan_start = iwm_scan_start;
6341 ic->ic_scan_end = iwm_scan_end;
6342 ic->ic_update_mcast = iwm_update_mcast;
6343 ic->ic_getradiocaps = iwm_init_channel_map;
6344 ic->ic_set_channel = iwm_set_channel;
6345 ic->ic_scan_curchan = iwm_scan_curchan;
6346 ic->ic_scan_mindwell = iwm_scan_mindwell;
6347 ic->ic_wme.wme_update = iwm_wme_update;
6348 ic->ic_parent = iwm_parent;
6349 ic->ic_transmit = iwm_transmit;
6350 iwm_radiotap_attach(sc);
6351 if (bootverbose)
6352 ieee80211_announce(ic);
6353
6354 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6355 "<-%s\n", __func__);
6356 config_intrhook_disestablish(&sc->sc_preinit_hook);
6357
6358 return;
6359 fail:
6360 config_intrhook_disestablish(&sc->sc_preinit_hook);
6361 iwm_detach_local(sc, 0);
6362 }
6363
6364 /*
6365 * Attach the interface to 802.11 radiotap.
6366 */
6367 static void
iwm_radiotap_attach(struct iwm_softc * sc)6368 iwm_radiotap_attach(struct iwm_softc *sc)
6369 {
6370 struct ieee80211com *ic = &sc->sc_ic;
6371
6372 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6373 "->%s begin\n", __func__);
6374 ieee80211_radiotap_attach(ic,
6375 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
6376 IWM_TX_RADIOTAP_PRESENT,
6377 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
6378 IWM_RX_RADIOTAP_PRESENT);
6379 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6380 "->%s end\n", __func__);
6381 }
6382
6383 static struct ieee80211vap *
iwm_vap_create(struct ieee80211com * ic,const char name[IFNAMSIZ],int unit,enum ieee80211_opmode opmode,int flags,const uint8_t bssid[IEEE80211_ADDR_LEN],const uint8_t mac[IEEE80211_ADDR_LEN])6384 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
6385 enum ieee80211_opmode opmode, int flags,
6386 const uint8_t bssid[IEEE80211_ADDR_LEN],
6387 const uint8_t mac[IEEE80211_ADDR_LEN])
6388 {
6389 struct iwm_vap *ivp;
6390 struct ieee80211vap *vap;
6391
6392 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
6393 return NULL;
6394 ivp = malloc(sizeof(struct iwm_vap), M_80211_VAP, M_WAITOK | M_ZERO);
6395 vap = &ivp->iv_vap;
6396 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
6397 vap->iv_bmissthreshold = 10; /* override default */
6398 /* Override with driver methods. */
6399 ivp->iv_newstate = vap->iv_newstate;
6400 vap->iv_newstate = iwm_newstate;
6401
6402 ivp->id = IWM_DEFAULT_MACID;
6403 ivp->color = IWM_DEFAULT_COLOR;
6404
6405 ivp->have_wme = FALSE;
6406 ivp->ps_disabled = FALSE;
6407
6408 ieee80211_ratectl_init(vap);
6409 /* Complete setup. */
6410 ieee80211_vap_attach(vap, ieee80211_media_change,
6411 ieee80211_media_status, mac);
6412 ic->ic_opmode = opmode;
6413
6414 return vap;
6415 }
6416
6417 static void
iwm_vap_delete(struct ieee80211vap * vap)6418 iwm_vap_delete(struct ieee80211vap *vap)
6419 {
6420 struct iwm_vap *ivp = IWM_VAP(vap);
6421
6422 ieee80211_ratectl_deinit(vap);
6423 ieee80211_vap_detach(vap);
6424 free(ivp, M_80211_VAP);
6425 }
6426
6427 static void
iwm_xmit_queue_drain(struct iwm_softc * sc)6428 iwm_xmit_queue_drain(struct iwm_softc *sc)
6429 {
6430 struct mbuf *m;
6431 struct ieee80211_node *ni;
6432
6433 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
6434 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
6435 ieee80211_free_node(ni);
6436 m_freem(m);
6437 }
6438 }
6439
6440 static void
iwm_scan_start(struct ieee80211com * ic)6441 iwm_scan_start(struct ieee80211com *ic)
6442 {
6443 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6444 struct iwm_softc *sc = ic->ic_softc;
6445 int error;
6446
6447 IWM_LOCK(sc);
6448 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6449 /* This should not be possible */
6450 device_printf(sc->sc_dev,
6451 "%s: Previous scan not completed yet\n", __func__);
6452 }
6453 if (iwm_fw_has_capa(sc, IWM_UCODE_TLV_CAPA_UMAC_SCAN))
6454 error = iwm_umac_scan(sc);
6455 else
6456 error = iwm_lmac_scan(sc);
6457 if (error != 0) {
6458 device_printf(sc->sc_dev, "could not initiate scan\n");
6459 IWM_UNLOCK(sc);
6460 ieee80211_cancel_scan(vap);
6461 } else {
6462 sc->sc_flags |= IWM_FLAG_SCAN_RUNNING;
6463 iwm_led_blink_start(sc);
6464 IWM_UNLOCK(sc);
6465 }
6466 }
6467
6468 static void
iwm_scan_end(struct ieee80211com * ic)6469 iwm_scan_end(struct ieee80211com *ic)
6470 {
6471 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6472 struct iwm_softc *sc = ic->ic_softc;
6473
6474 IWM_LOCK(sc);
6475 iwm_led_blink_stop(sc);
6476 if (vap->iv_state == IEEE80211_S_RUN)
6477 iwm_led_enable(sc);
6478 if (sc->sc_flags & IWM_FLAG_SCAN_RUNNING) {
6479 /*
6480 * Removing IWM_FLAG_SCAN_RUNNING now, is fine because
6481 * both iwm_scan_end and iwm_scan_start run in the ic->ic_tq
6482 * taskqueue.
6483 */
6484 sc->sc_flags &= ~IWM_FLAG_SCAN_RUNNING;
6485 iwm_scan_stop_wait(sc);
6486 }
6487 IWM_UNLOCK(sc);
6488
6489 /*
6490 * Make sure we don't race, if sc_es_task is still enqueued here.
6491 * This is to make sure that it won't call ieee80211_scan_done
6492 * when we have already started the next scan.
6493 */
6494 taskqueue_cancel(ic->ic_tq, &sc->sc_es_task, NULL);
6495 }
6496
6497 static void
iwm_update_mcast(struct ieee80211com * ic)6498 iwm_update_mcast(struct ieee80211com *ic)
6499 {
6500 }
6501
6502 static void
iwm_set_channel(struct ieee80211com * ic)6503 iwm_set_channel(struct ieee80211com *ic)
6504 {
6505 }
6506
6507 static void
iwm_scan_curchan(struct ieee80211_scan_state * ss,unsigned long maxdwell)6508 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
6509 {
6510 }
6511
6512 static void
iwm_scan_mindwell(struct ieee80211_scan_state * ss)6513 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
6514 {
6515 }
6516
6517 void
iwm_init_task(void * arg1)6518 iwm_init_task(void *arg1)
6519 {
6520 struct iwm_softc *sc = arg1;
6521
6522 IWM_LOCK(sc);
6523 while (sc->sc_flags & IWM_FLAG_BUSY)
6524 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
6525 sc->sc_flags |= IWM_FLAG_BUSY;
6526 iwm_stop(sc);
6527 if (sc->sc_ic.ic_nrunning > 0)
6528 iwm_init(sc);
6529 sc->sc_flags &= ~IWM_FLAG_BUSY;
6530 wakeup(&sc->sc_flags);
6531 IWM_UNLOCK(sc);
6532 }
6533
6534 static int
iwm_resume(device_t dev)6535 iwm_resume(device_t dev)
6536 {
6537 struct iwm_softc *sc = device_get_softc(dev);
6538 int do_reinit = 0;
6539
6540 /*
6541 * We disable the RETRY_TIMEOUT register (0x41) to keep
6542 * PCI Tx retries from interfering with C3 CPU state.
6543 */
6544 pci_write_config(dev, PCI_CFG_RETRY_TIMEOUT, 0x00, 1);
6545
6546 if (!sc->sc_attached)
6547 return 0;
6548
6549 iwm_init_task(device_get_softc(dev));
6550
6551 IWM_LOCK(sc);
6552 if (sc->sc_flags & IWM_FLAG_SCANNING) {
6553 sc->sc_flags &= ~IWM_FLAG_SCANNING;
6554 do_reinit = 1;
6555 }
6556 IWM_UNLOCK(sc);
6557
6558 if (do_reinit)
6559 ieee80211_resume_all(&sc->sc_ic);
6560
6561 return 0;
6562 }
6563
6564 static int
iwm_suspend(device_t dev)6565 iwm_suspend(device_t dev)
6566 {
6567 int do_stop = 0;
6568 struct iwm_softc *sc = device_get_softc(dev);
6569
6570 do_stop = !! (sc->sc_ic.ic_nrunning > 0);
6571
6572 if (!sc->sc_attached)
6573 return (0);
6574
6575 ieee80211_suspend_all(&sc->sc_ic);
6576
6577 if (do_stop) {
6578 IWM_LOCK(sc);
6579 iwm_stop(sc);
6580 sc->sc_flags |= IWM_FLAG_SCANNING;
6581 IWM_UNLOCK(sc);
6582 }
6583
6584 return (0);
6585 }
6586
6587 static int
iwm_detach_local(struct iwm_softc * sc,int do_net80211)6588 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
6589 {
6590 struct iwm_fw_info *fw = &sc->sc_fw;
6591 device_t dev = sc->sc_dev;
6592 int i;
6593
6594 if (!sc->sc_attached)
6595 return 0;
6596 sc->sc_attached = 0;
6597 if (do_net80211) {
6598 ieee80211_draintask(&sc->sc_ic, &sc->sc_es_task);
6599 }
6600 iwm_stop_device(sc);
6601 taskqueue_drain_all(sc->sc_tq);
6602 taskqueue_free(sc->sc_tq);
6603 if (do_net80211) {
6604 IWM_LOCK(sc);
6605 iwm_xmit_queue_drain(sc);
6606 IWM_UNLOCK(sc);
6607 ieee80211_ifdetach(&sc->sc_ic);
6608 }
6609 callout_drain(&sc->sc_led_blink_to);
6610 callout_drain(&sc->sc_watchdog_to);
6611
6612 iwm_phy_db_free(sc->sc_phy_db);
6613 sc->sc_phy_db = NULL;
6614
6615 iwm_free_nvm_data(sc->nvm_data);
6616
6617 /* Free descriptor rings */
6618 iwm_free_rx_ring(sc, &sc->rxq);
6619 for (i = 0; i < nitems(sc->txq); i++)
6620 iwm_free_tx_ring(sc, &sc->txq[i]);
6621
6622 /* Free firmware */
6623 if (fw->fw_fp != NULL)
6624 iwm_fw_info_free(fw);
6625
6626 /* Free scheduler */
6627 iwm_dma_contig_free(&sc->sched_dma);
6628 iwm_dma_contig_free(&sc->ict_dma);
6629 iwm_dma_contig_free(&sc->kw_dma);
6630 iwm_dma_contig_free(&sc->fw_dma);
6631
6632 iwm_free_fw_paging(sc);
6633
6634 /* Finished with the hardware - detach things */
6635 iwm_pci_detach(dev);
6636
6637 if (sc->sc_notif_wait != NULL) {
6638 iwm_notification_wait_free(sc->sc_notif_wait);
6639 sc->sc_notif_wait = NULL;
6640 }
6641
6642 IWM_LOCK_DESTROY(sc);
6643
6644 return (0);
6645 }
6646
6647 static int
iwm_detach(device_t dev)6648 iwm_detach(device_t dev)
6649 {
6650 struct iwm_softc *sc = device_get_softc(dev);
6651
6652 return (iwm_detach_local(sc, 1));
6653 }
6654
6655 static device_method_t iwm_pci_methods[] = {
6656 /* Device interface */
6657 DEVMETHOD(device_probe, iwm_probe),
6658 DEVMETHOD(device_attach, iwm_attach),
6659 DEVMETHOD(device_detach, iwm_detach),
6660 DEVMETHOD(device_suspend, iwm_suspend),
6661 DEVMETHOD(device_resume, iwm_resume),
6662
6663 DEVMETHOD_END
6664 };
6665
6666 static driver_t iwm_pci_driver = {
6667 "iwm",
6668 iwm_pci_methods,
6669 sizeof (struct iwm_softc)
6670 };
6671
6672 static devclass_t iwm_devclass;
6673
6674 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
6675 MODULE_PNP_INFO("U16:device;P:#;T:vendor=0x8086", pci, iwm_pci_driver,
6676 iwm_devices, nitems(iwm_devices));
6677 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
6678 MODULE_DEPEND(iwm, pci, 1, 1, 1);
6679 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
6680