syl's projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Sync 802.11 support with FreeBSD6:
[dragonfly.git] / sys / dev / netif / iwi / if_iwi.c
1 /*
2  * Copyright (c) 2004-2006
3  *      Damien Bergamini <damien.bergamini@free.fr>.
4  * Copyright (c) 2004, 2005
5  *      Andrew Atrens <atrens@nortelnetworks.com>.
6  *
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice unmodified, this list of conditions, and the following
14  *    disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  * $FreeBSD: src/sys/dev/iwi/if_iwi.c,v 1.8.2.6 2006/02/23 02:06:46 sam Exp $
32  * $DragonFly: src/sys/dev/netif/iwi/if_iwi.c,v 1.11 2006/05/18 13:51:45 sephe Exp $
33  */
34
35 /*-
36  * Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
37  * http://www.intel.com/network/connectivity/products/wireless/prowireless_mobile.htm
38  */
39
40 #include <sys/param.h>
41 #include <sys/sysctl.h>
42 #include <sys/sockio.h>
43 #include <sys/mbuf.h>
44 #include <sys/kernel.h>
45 #include <sys/kthread.h>
46 #include <sys/socket.h>
47 #include <sys/systm.h>
48 #include <sys/malloc.h>
49 #include <sys/module.h>
50 #include <sys/bus.h>
51 #include <sys/endian.h>
52 #include <sys/proc.h>
53 #include <sys/ucred.h>
54 #include <sys/serialize.h>
55
56 #include <machine/bus.h>
57 #include <machine/resource.h>
58 #include <sys/rman.h>
59
60 #include <bus/pci/pcireg.h>
61 #include <bus/pci/pcivar.h>
62
63 #include <net/bpf.h>
64 #include <net/if.h>
65 #include <net/if_arp.h>
66 #include <net/ethernet.h>
67 #include <net/if_dl.h>
68 #include <net/if_media.h>
69 #include <net/if_types.h>
70 #include <net/ifq_var.h>
71
72 #include <netproto/802_11/ieee80211_var.h>
73 #include <netproto/802_11/ieee80211_radiotap.h>
74
75 #include <netinet/in.h>
76 #include <netinet/in_systm.h>
77 #include <netinet/in_var.h>
78 #include <netinet/ip.h>
79 #include <netinet/if_ether.h>
80
81 #include <dev/netif/iwi/if_iwireg.h>
82 #include <dev/netif/iwi/if_iwivar.h>
83
84 #ifdef IWI_DEBUG
85 #define DPRINTF(x)      do { if (iwi_debug > 0) printf x; } while (0)
86 #define DPRINTFN(n, x)  do { if (iwi_debug >= (n)) printf x; } while (0)
87 int iwi_debug = 0;
88 SYSCTL_INT(_debug, OID_AUTO, iwi, CTLFLAG_RW, &iwi_debug, 0, "iwi debug level");
89 #else
90 #define DPRINTF(x)
91 #define DPRINTFN(n, x)
92 #endif
93
94 struct iwi_ident {
95         uint16_t        vendor;
96         uint16_t        device;
97         const char      *name;
98 };
99
100 static const struct iwi_ident iwi_ident_table[] = {
101         { 0x8086, 0x4220, "Intel(R) PRO/Wireless 2200BG" },
102         { 0x8086, 0x4221, "Intel(R) PRO/Wireless 2225BG" },
103         { 0x8086, 0x4223, "Intel(R) PRO/Wireless 2915ABG" },
104         { 0x8086, 0x4224, "Intel(R) PRO/Wireless 2915ABG" },
105
106         { 0, 0, NULL }
107 };
108
109 static void     iwi_dma_map_addr(void *, bus_dma_segment_t *, int, int);
110 static void     iwi_dma_map_mbuf(void *, bus_dma_segment_t *, int, bus_size_t,
111                                  int);
112 static int      iwi_alloc_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *,
113                     int);
114 static void     iwi_reset_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
115 static void     iwi_free_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
116 static int      iwi_alloc_tx_ring(struct iwi_softc *, struct iwi_tx_ring *,
117                     int, bus_addr_t, bus_addr_t);
118 static void     iwi_reset_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
119 static void     iwi_free_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
120 static int      iwi_alloc_rx_ring(struct iwi_softc *, struct iwi_rx_ring *,
121                     int);
122 static void     iwi_reset_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
123 static void     iwi_free_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
124 static struct   ieee80211_node *iwi_node_alloc(struct ieee80211_node_table *);
125 static void     iwi_node_free(struct ieee80211_node *);
126 static int      iwi_media_change(struct ifnet *);
127 static void     iwi_media_status(struct ifnet *, struct ifmediareq *);
128 static int      iwi_newstate(struct ieee80211com *, enum ieee80211_state, int);
129 static int      iwi_wme_update(struct ieee80211com *);
130 static uint16_t iwi_read_prom_word(struct iwi_softc *, uint8_t);
131 static void     iwi_fix_channel(struct ieee80211com *, struct mbuf *);
132 static void     iwi_frame_intr(struct iwi_softc *, struct iwi_rx_data *, int,
133                     struct iwi_frame *);
134 static void     iwi_notification_intr(struct iwi_softc *, struct iwi_notif *);
135 static void     iwi_rx_intr(struct iwi_softc *);
136 static void     iwi_tx_intr(struct iwi_softc *, struct iwi_tx_ring *);
137 static void     iwi_intr(void *);
138 static int      iwi_cmd(struct iwi_softc *, uint8_t, void *, uint8_t, int);
139 static void     iwi_write_ibssnode(struct iwi_softc *, const struct iwi_node *);
140 static int      iwi_tx_start(struct ifnet *, struct mbuf *,
141                     struct ieee80211_node *, int);
142 static void     iwi_start(struct ifnet *);
143 static void     iwi_watchdog(struct ifnet *);
144 static int      iwi_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
145 static void     iwi_stop_master(struct iwi_softc *);
146 static int      iwi_reset(struct iwi_softc *);
147 static int      iwi_load_ucode(struct iwi_softc *, void *, int);
148 static int      iwi_load_firmware(struct iwi_softc *, void *, int);
149 static int      iwi_cache_firmware(struct iwi_softc *, void *);
150 static void     iwi_free_firmware(struct iwi_softc *);
151 static int      iwi_config(struct iwi_softc *);
152 static int      iwi_set_chan(struct iwi_softc *, struct ieee80211_channel *);
153 static int      iwi_scan(struct iwi_softc *);
154 static int      iwi_auth_and_assoc(struct iwi_softc *);
155 static void     iwi_init(void *);
156 static void     iwi_stop(void *);
157 static int      iwi_sysctl_stats(SYSCTL_HANDLER_ARGS);
158 static int      iwi_sysctl_radio(SYSCTL_HANDLER_ARGS);
159
160 static int      iwi_probe(device_t);
161 static int      iwi_attach(device_t);
162 static int      iwi_detach(device_t);
163 static int      iwi_shutdown(device_t);
164 static int      iwi_suspend(device_t);
165 static int      iwi_resume(device_t);
166
167 static int      iwi_alloc_ibss_node(struct iwi_softc *);
168 static void     iwi_free_ibss_node(struct iwi_softc *, int);
169
170 static device_method_t iwi_methods[] = {
171         /* Device interface */
172         DEVMETHOD(device_probe,         iwi_probe),
173         DEVMETHOD(device_attach,        iwi_attach),
174         DEVMETHOD(device_detach,        iwi_detach),
175         DEVMETHOD(device_shutdown,      iwi_shutdown),
176         DEVMETHOD(device_suspend,       iwi_suspend),
177         DEVMETHOD(device_resume,        iwi_resume),
178
179         { 0, 0 }
180 };
181
182 static driver_t iwi_driver = {
183         "iwi",
184         iwi_methods,
185         sizeof (struct iwi_softc)
186 };
187
188 static devclass_t iwi_devclass;
189
190 DRIVER_MODULE(iwi, pci, iwi_driver, iwi_devclass, 0, 0);
191
192 MODULE_DEPEND(iwi, pci,  1, 1, 1);
193 MODULE_DEPEND(iwi, wlan, 1, 1, 1);
194
195 /*
196  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
197  */
198 static const struct ieee80211_rateset iwi_rateset_11a =
199         { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
200
201 static const struct ieee80211_rateset iwi_rateset_11b =
202         { 4, { 2, 4, 11, 22 } };
203
204 static const struct ieee80211_rateset iwi_rateset_11g =
205         { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
206
207 static int
208 iwi_probe(device_t dev)
209 {
210         const struct iwi_ident *ident;
211         uint16_t vid, did;
212
213         vid = pci_get_vendor(dev);
214         did = pci_get_device(dev);
215         for (ident = iwi_ident_table; ident->name != NULL; ident++) {
216                 if (vid == ident->vendor && did == ident->device) {
217                         device_set_desc(dev, ident->name);
218                         return 0;
219                 }
220         }
221         return ENXIO;
222 }
223
224 /* Base Address Register */
225 #define IWI_PCI_BAR0    0x10
226
227 static int
228 iwi_attach(device_t dev)
229 {
230         struct iwi_softc *sc = device_get_softc(dev);
231         struct ieee80211com *ic = &sc->sc_ic;
232         struct ifnet *ifp = &ic->ic_if;
233         uint16_t val;
234         int error, i;
235
236         sc->sc_dev = dev;
237         if_initname(ifp, device_get_name(dev), device_get_unit(dev));
238
239         if (pci_get_powerstate(dev) != PCI_POWERSTATE_D0) {
240                 device_printf(dev, "chip is in D%d power mode "
241                     "-- setting to D0\n", pci_get_powerstate(dev));
242                 pci_set_powerstate(dev, PCI_POWERSTATE_D0);
243         }
244
245         pci_write_config(dev, 0x41, 0, 1);
246
247         /* enable bus-mastering */
248         pci_enable_busmaster(dev);
249
250         sc->mem_rid = IWI_PCI_BAR0;
251         sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
252                                          RF_ACTIVE);
253         if (sc->mem == NULL) {
254                 device_printf(dev, "could not allocate memory resource\n");
255                 return ENXIO;
256         }
257         sc->sc_st = rman_get_bustag(sc->mem);
258         sc->sc_sh = rman_get_bushandle(sc->mem);
259
260         sc->irq_rid = 0;
261         sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
262                                          RF_ACTIVE | RF_SHAREABLE);
263         if (sc->irq == NULL) {
264                 device_printf(dev, "could not allocate interrupt resource\n");
265                 goto fail;
266         }
267
268         if (iwi_reset(sc) != 0) {
269                 device_printf(dev, "could not reset adapter\n");
270                 goto fail;
271         }
272
273         /*
274          * Allocate rings.
275          */
276         error = iwi_alloc_cmd_ring(sc, &sc->cmdq, IWI_CMD_RING_COUNT);
277         if (error != 0) {
278                 device_printf(dev, "could not allocate Cmd ring\n");
279                 goto fail;
280         }
281
282         error = iwi_alloc_tx_ring(sc, &sc->txq[0], IWI_TX_RING_COUNT,
283                                   IWI_CSR_TX1_RIDX, IWI_CSR_TX1_WIDX);
284         if (error != 0) {
285                 device_printf(dev, "could not allocate Tx ring 1\n");
286                 goto fail;
287         }
288
289         error = iwi_alloc_tx_ring(sc, &sc->txq[1], IWI_TX_RING_COUNT,
290                                   IWI_CSR_TX2_RIDX, IWI_CSR_TX2_WIDX);
291         if (error != 0) {
292                 device_printf(dev, "could not allocate Tx ring 2\n");
293                 goto fail;
294         }
295
296         error = iwi_alloc_tx_ring(sc, &sc->txq[2], IWI_TX_RING_COUNT,
297                                   IWI_CSR_TX3_RIDX, IWI_CSR_TX3_WIDX);
298         if (error != 0) {
299                 device_printf(dev, "could not allocate Tx ring 3\n");
300                 goto fail;
301         }
302
303         error = iwi_alloc_tx_ring(sc, &sc->txq[3], IWI_TX_RING_COUNT,
304                                   IWI_CSR_TX4_RIDX, IWI_CSR_TX4_WIDX);
305         if (error != 0) {
306                 device_printf(dev, "could not allocate Tx ring 4\n");
307                 goto fail;
308         }
309
310         error = iwi_alloc_rx_ring(sc, &sc->rxq, IWI_RX_RING_COUNT);
311         if (error != 0) {
312                 device_printf(dev, "could not allocate Rx ring\n");
313                 goto fail;
314         }
315
316         sysctl_ctx_init(&sc->sysctl_ctx);
317         sc->sysctl_tree = SYSCTL_ADD_NODE(&sc->sysctl_ctx,
318                                 SYSCTL_STATIC_CHILDREN(_hw),
319                                 OID_AUTO,
320                                 device_get_nameunit(dev),
321                                 CTLFLAG_RD,
322                                 0, "");
323         if (sc->sysctl_tree == NULL) {
324                 device_printf(dev, "sysctl add node failed\n");
325                 error = EIO;
326                 goto fail;
327         }
328
329         ifp->if_softc = sc;
330         ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
331         ifp->if_init = iwi_init;
332         ifp->if_ioctl = iwi_ioctl;
333         ifp->if_start = iwi_start;
334         ifp->if_watchdog = iwi_watchdog;
335         ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
336         ifq_set_ready(&ifp->if_snd);
337
338         ic->ic_wme.wme_update = iwi_wme_update;
339         ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
340         ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
341         ic->ic_state = IEEE80211_S_INIT;
342
343         /* set device capabilities */
344         ic->ic_caps =
345             IEEE80211_C_IBSS |          /* IBSS mode supported */
346             IEEE80211_C_MONITOR |       /* monitor mode supported */
347             IEEE80211_C_TXPMGT |        /* tx power management */
348             IEEE80211_C_SHPREAMBLE |    /* short preamble supported */
349             IEEE80211_C_WEP |           /* WEP */
350             IEEE80211_C_WPA |           /* 802.11i */
351             IEEE80211_C_WME;            /* 802.11e */
352
353         /* read MAC address from EEPROM */
354         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 0);
355         ic->ic_myaddr[0] = val & 0xff;
356         ic->ic_myaddr[1] = val >> 8;
357         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 1);
358         ic->ic_myaddr[2] = val & 0xff;
359         ic->ic_myaddr[3] = val >> 8;
360         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 2);
361         ic->ic_myaddr[4] = val & 0xff;
362         ic->ic_myaddr[5] = val >> 8;
363
364         if (pci_get_device(dev) >= 0x4223) {
365                 /* set supported .11a rates (2915ABG only) */
366                 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwi_rateset_11a;
367
368                 /* set supported .11a channels */
369                 for (i = 36; i <= 64; i += 4) {
370                         ic->ic_channels[i].ic_freq =
371                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
372                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
373                 }
374                 for (i = 149; i <= 165; i += 4) {
375                         ic->ic_channels[i].ic_freq =
376                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
377                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
378                 }
379         }
380
381         /* set supported .11b and .11g rates */
382         ic->ic_sup_rates[IEEE80211_MODE_11B] = iwi_rateset_11b;
383         ic->ic_sup_rates[IEEE80211_MODE_11G] = iwi_rateset_11g;
384
385         /* set supported .11b and .11g channels (1 through 14) */
386         for (i = 1; i <= 14; i++) {
387                 ic->ic_channels[i].ic_freq =
388                     ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
389                 ic->ic_channels[i].ic_flags =
390                     IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
391                     IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
392         }
393
394         ieee80211_ifattach(ic);
395         /* override default methods */
396         ic->ic_node_alloc = iwi_node_alloc;
397         sc->sc_node_free = ic->ic_node_free;
398         ic->ic_node_free = iwi_node_free;
399         /* override state transition machine */
400         sc->sc_newstate = ic->ic_newstate;
401         ic->ic_newstate = iwi_newstate;
402         ieee80211_media_init(ic, iwi_media_change, iwi_media_status);
403
404         bpfattach_dlt(ifp, DLT_IEEE802_11_RADIO,
405             sizeof (struct ieee80211_frame) + 64, &sc->sc_drvbpf);
406
407         sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
408         sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
409         sc->sc_rxtap.wr_ihdr.it_present = htole32(IWI_RX_RADIOTAP_PRESENT);
410
411         sc->sc_txtap_len = sizeof sc->sc_txtapu;
412         sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
413         sc->sc_txtap.wt_ihdr.it_present = htole32(IWI_TX_RADIOTAP_PRESENT);
414
415         /*
416          * Add a few sysctl knobs.
417          */
418         sc->dwelltime = 100;
419         sc->bluetooth = 1;
420         sc->antenna = 0;
421
422         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
423             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "radio",
424             CTLTYPE_INT | CTLFLAG_RD, sc, 0, iwi_sysctl_radio, "I",
425             "radio transmitter switch state (0=off, 1=on)");
426
427         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
428             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "stats",
429             CTLTYPE_OPAQUE | CTLFLAG_RD, sc, 0, iwi_sysctl_stats, "S",
430             "statistics");
431
432         SYSCTL_ADD_INT(&sc->sysctl_ctx,
433             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "dwell",
434             CTLFLAG_RW, &sc->dwelltime, 0,
435             "channel dwell time (ms) for AP/station scanning");
436
437         SYSCTL_ADD_INT(&sc->sysctl_ctx,
438             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "bluetooth",
439             CTLFLAG_RW, &sc->bluetooth, 0, "bluetooth coexistence");
440
441         SYSCTL_ADD_INT(&sc->sysctl_ctx,
442             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "antenna",
443             CTLFLAG_RW, &sc->antenna, 0, "antenna (0=auto)");
444
445         /*
446          * Hook our interrupt after all initialization is complete.
447          */
448         error = bus_setup_intr(dev, sc->irq, INTR_MPSAFE, iwi_intr, sc,
449                                &sc->sc_ih, ifp->if_serializer);
450         if (error != 0) {
451                 device_printf(dev, "could not set up interrupt\n");
452
453                 bpfdetach(ifp);
454                 ieee80211_ifdetach(ic);
455                 goto fail;
456         }
457
458         if (bootverbose)
459                 ieee80211_announce(ic);
460
461         return 0;
462 fail:
463         iwi_detach(dev);
464         return ENXIO;
465 }
466
467 static int
468 iwi_detach(device_t dev)
469 {
470         struct iwi_softc *sc = device_get_softc(dev);
471         struct ieee80211com *ic = &sc->sc_ic;
472         struct ifnet *ifp = ic->ic_ifp;
473
474         if (device_is_attached(dev)) {
475                 lwkt_serialize_enter(ifp->if_serializer);
476
477                 iwi_stop(sc);
478                 bus_teardown_intr(dev, sc->irq, sc->sc_ih);
479                 iwi_free_firmware(sc);
480
481                 lwkt_serialize_exit(ifp->if_serializer);
482
483                 bpfdetach(ifp);
484                 ieee80211_ifdetach(ic);
485         }
486
487         iwi_free_cmd_ring(sc, &sc->cmdq);
488         iwi_free_tx_ring(sc, &sc->txq[0]);
489         iwi_free_tx_ring(sc, &sc->txq[1]);
490         iwi_free_tx_ring(sc, &sc->txq[2]);
491         iwi_free_tx_ring(sc, &sc->txq[3]);
492         iwi_free_rx_ring(sc, &sc->rxq);
493
494         if (sc->irq != NULL)
495                 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq);
496
497         if (sc->mem != NULL)
498                 bus_release_resource(dev, SYS_RES_MEMORY, sc->mem_rid, sc->mem);
499
500         if (sc->sysctl_tree != NULL)
501                 sysctl_ctx_free(&sc->sysctl_ctx);
502
503         return 0;
504 }
505
506 static void
507 iwi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
508 {
509         if (error != 0)
510                 return;
511
512         KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
513
514         *(bus_addr_t *)arg = segs[0].ds_addr;
515 }
516
517 static int
518 iwi_alloc_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring, int count)
519 {
520         int error;
521
522         ring->count = count;
523         ring->queued = 0;
524         ring->cur = ring->next = 0;
525
526         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
527             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_CMD_DESC_SIZE, 1,
528             count * IWI_CMD_DESC_SIZE, 0, &ring->desc_dmat);
529         if (error != 0) {
530                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
531                 goto fail;
532         }
533
534         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
535             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
536         if (error != 0) {
537                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
538                 goto fail;
539         }
540
541         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
542             count * IWI_CMD_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
543         if (error != 0) {
544                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
545                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
546                 ring->desc = NULL;
547                 return error;
548         }
549
550         return 0;
551
552 fail:   iwi_free_cmd_ring(sc, ring);
553         return error;
554 }
555
556 static void
557 iwi_reset_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
558 {
559         ring->queued = 0;
560         ring->cur = ring->next = 0;
561 }
562
563 static void
564 iwi_free_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
565 {
566         if (ring->desc != NULL) {
567                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
568                     BUS_DMASYNC_POSTWRITE);
569                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
570                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
571                 ring->desc = NULL;
572         }
573
574         if (ring->desc_dmat != NULL) {
575                 bus_dma_tag_destroy(ring->desc_dmat);   
576                 ring->desc_dmat = NULL;
577         }
578 }
579
580 static int
581 iwi_alloc_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring, int count,
582     bus_addr_t csr_ridx, bus_addr_t csr_widx)
583 {
584         int i, error;
585
586         ring->count = count;
587         ring->queued = 0;
588         ring->cur = ring->next = 0;
589         ring->csr_ridx = csr_ridx;
590         ring->csr_widx = csr_widx;
591
592         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
593             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_TX_DESC_SIZE, 1,
594             count * IWI_TX_DESC_SIZE, 0, &ring->desc_dmat);
595         if (error != 0) {
596                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
597                 goto fail;
598         }
599
600         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
601             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
602         if (error != 0) {
603                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
604                 goto fail;
605         }
606
607         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
608             count * IWI_TX_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
609         if (error != 0) {
610                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
611
612                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
613                 ring->desc = NULL;
614                 goto fail;
615         }
616
617         ring->data = malloc(count * sizeof (struct iwi_tx_data), M_DEVBUF,
618             M_WAITOK | M_ZERO);
619
620         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
621             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, IWI_MAX_NSEG - 2,
622             MCLBYTES, 0, &ring->data_dmat);
623         if (error != 0) {
624                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
625                 goto fail;
626         }
627
628         for (i = 0; i < count; i++) {
629                 error = bus_dmamap_create(ring->data_dmat, 0,
630                     &ring->data[i].map);
631                 if (error != 0) {
632                         device_printf(sc->sc_dev, "could not create DMA map\n");
633                         goto fail;
634                 }
635         }
636
637         return 0;
638
639 fail:   iwi_free_tx_ring(sc, ring);
640         return error;
641 }
642
643 static void
644 iwi_reset_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
645 {
646         struct iwi_tx_data *data;
647         int i;
648
649         for (i = 0; i < ring->count; i++) {
650                 data = &ring->data[i];
651
652                 if (data->m != NULL) {
653                         bus_dmamap_sync(ring->data_dmat, data->map,
654                             BUS_DMASYNC_POSTWRITE);
655                         bus_dmamap_unload(ring->data_dmat, data->map);
656                         m_freem(data->m);
657                         data->m = NULL;
658                 }
659
660                 if (data->ni != NULL) {
661                         ieee80211_free_node(data->ni);
662                         data->ni = NULL;
663                 }
664         }
665
666         ring->queued = 0;
667         ring->cur = ring->next = 0;
668 }
669
670 static void
671 iwi_free_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
672 {
673         struct iwi_tx_data *data;
674         int i;
675
676         if (ring->desc != NULL) {
677                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
678                     BUS_DMASYNC_POSTWRITE);
679                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
680                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
681                 ring->desc = NULL;
682         }
683
684         if (ring->desc_dmat != NULL) {
685                 bus_dma_tag_destroy(ring->desc_dmat);
686                 ring->desc_dmat = NULL;
687         }
688
689         if (ring->data != NULL) {
690                 for (i = 0; i < ring->count; i++) {
691                         data = &ring->data[i];
692
693                         if (data->m != NULL) {
694                                 bus_dmamap_sync(ring->data_dmat, data->map,
695                                     BUS_DMASYNC_POSTWRITE);
696                                 bus_dmamap_unload(ring->data_dmat, data->map);
697                                 m_freem(data->m);
698                                 data->m = NULL;
699                         }
700
701                         if (data->ni != NULL) {
702                                 ieee80211_free_node(data->ni);
703                                 data->ni = NULL;
704                         }
705
706                         if (data->map != NULL) {
707                                 bus_dmamap_destroy(ring->data_dmat, data->map);
708                                 data->map = NULL;
709                         }
710                 }
711
712                 free(ring->data, M_DEVBUF);
713                 ring->data = NULL;
714         }
715
716         if (ring->data_dmat != NULL) {
717                 bus_dma_tag_destroy(ring->data_dmat);
718                 ring->data_dmat = NULL;
719         }
720 }
721
722 static int
723 iwi_alloc_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring, int count)
724 {
725         struct iwi_rx_data *data;
726         int i, error;
727
728         ring->count = count;
729         ring->cur = 0;
730
731         ring->data = malloc(count * sizeof (struct iwi_rx_data), M_DEVBUF,
732             M_WAITOK | M_ZERO);
733
734         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
735             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1, MCLBYTES, 0,
736             &ring->data_dmat);
737         if (error != 0) {
738                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
739                 goto fail;
740         }
741
742         for (i = 0; i < count; i++) {
743                 data = &ring->data[i];
744
745                 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
746                 if (error != 0) {
747                         device_printf(sc->sc_dev, "could not create DMA map\n");
748                         goto fail;
749                 }
750
751                 data->m = m_getcl(MB_WAIT, MT_DATA, M_PKTHDR);
752                 if (data->m == NULL) {
753                         device_printf(sc->sc_dev,
754                             "could not allocate rx mbuf\n");
755                         error = ENOMEM;
756                         goto fail;
757                 }
758
759                 error = bus_dmamap_load(ring->data_dmat, data->map,
760                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
761                     &data->physaddr, 0);
762                 if (error != 0) {
763                         device_printf(sc->sc_dev,
764                             "could not load rx buf DMA map");
765
766                         m_freem(data->m);
767                         data->m = NULL;
768                         goto fail;
769                 }
770
771                 data->reg = IWI_CSR_RX_BASE + i * 4;
772         }
773
774         return 0;
775
776 fail:   iwi_free_rx_ring(sc, ring);
777         return error;
778 }
779
780 static void
781 iwi_reset_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
782 {
783         ring->cur = 0;
784 }
785
786 static void
787 iwi_free_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
788 {
789         struct iwi_rx_data *data;
790         int i;
791
792         if (ring->data != NULL) {
793                 for (i = 0; i < ring->count; i++) {
794                         data = &ring->data[i];
795
796                         if (data->m != NULL) {
797                                 bus_dmamap_sync(ring->data_dmat, data->map,
798                                     BUS_DMASYNC_POSTREAD);
799                                 bus_dmamap_unload(ring->data_dmat, data->map);
800                                 m_freem(data->m);
801                                 data->m = NULL;
802                         }
803
804                         if (data->map != NULL) {
805                                 bus_dmamap_destroy(ring->data_dmat, data->map);
806                                 data->map = NULL;
807                         }
808                 }
809
810                 free(ring->data, M_DEVBUF);
811                 ring->data = NULL;
812         }
813
814         if (ring->data_dmat != NULL) {
815                 bus_dma_tag_destroy(ring->data_dmat);
816                 ring->data_dmat = NULL;
817         }
818 }
819
820 static int
821 iwi_shutdown(device_t dev)
822 {
823         struct iwi_softc *sc = device_get_softc(dev);
824         struct ifnet *ifp = &sc->sc_ic.ic_if;
825
826         lwkt_serialize_enter(ifp->if_serializer);
827         iwi_stop(sc);
828         lwkt_serialize_exit(ifp->if_serializer);
829
830         return 0;
831 }
832
833 static int
834 iwi_suspend(device_t dev)
835 {
836         struct iwi_softc *sc = device_get_softc(dev);
837         struct ifnet *ifp = &sc->sc_ic.ic_if;
838
839         lwkt_serialize_enter(ifp->if_serializer);
840         iwi_stop(sc);
841         lwkt_serialize_exit(ifp->if_serializer);
842
843         return 0;
844 }
845
846 static int
847 iwi_resume(device_t dev)
848 {
849         struct iwi_softc *sc = device_get_softc(dev);
850         struct ifnet *ifp = sc->sc_ic.ic_ifp;
851
852         lwkt_serialize_enter(ifp->if_serializer);
853
854         pci_write_config(dev, 0x41, 0, 1);
855
856         if (ifp->if_flags & IFF_UP) {
857                 ifp->if_init(ifp->if_softc);
858                 if (ifp->if_flags & IFF_RUNNING)
859                         ifp->if_start(ifp);
860         }
861
862         lwkt_serialize_exit(ifp->if_serializer);
863
864         return 0;
865 }
866
867 static struct ieee80211_node *
868 iwi_node_alloc(struct ieee80211_node_table *nt)
869 {
870         struct iwi_node *in;
871
872         in = malloc(sizeof (struct iwi_node), M_80211_NODE, M_NOWAIT | M_ZERO);
873         if (in == NULL)
874                 return NULL;
875
876         in->in_station = -1;
877
878         return &in->in_node;
879 }
880
881 static void
882 iwi_node_free(struct ieee80211_node *ni)
883 {
884         struct ieee80211com *ic = ni->ni_ic;
885         struct iwi_softc *sc = ic->ic_ifp->if_softc;
886         struct iwi_node *in = (struct iwi_node *)ni;
887
888         if (in->in_station != -1)
889                 iwi_free_ibss_node(sc, in->in_station);
890
891         sc->sc_node_free(ni);
892 }
893
894 static int
895 iwi_media_change(struct ifnet *ifp)
896 {
897         struct iwi_softc *sc = ifp->if_softc;
898         int error;
899
900         ASSERT_SERIALIZED(ifp->if_serializer);
901
902         error = ieee80211_media_change(ifp);
903         if (error != ENETRESET)
904                 return error;
905
906         if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
907                 iwi_init(sc);
908         return 0;
909 }
910
911 /*
912  * The firmware automatically adapts the transmit speed.  We report its current
913  * value here.
914  */
915 static void
916 iwi_media_status(struct ifnet *ifp, struct ifmediareq *imr)
917 {
918         struct iwi_softc *sc = ifp->if_softc;
919         struct ieee80211com *ic = &sc->sc_ic;
920 #define N(a)    (sizeof (a) / sizeof (a[0]))
921         static const struct {
922                 uint32_t        val;
923                 int             rate;
924         } rates[] = {
925                 { IWI_RATE_DS1,      2 },
926                 { IWI_RATE_DS2,      4 },
927                 { IWI_RATE_DS5,     11 },
928                 { IWI_RATE_DS11,    22 },
929                 { IWI_RATE_OFDM6,   12 },
930                 { IWI_RATE_OFDM9,   18 },
931                 { IWI_RATE_OFDM12,  24 },
932                 { IWI_RATE_OFDM18,  36 },
933                 { IWI_RATE_OFDM24,  48 },
934                 { IWI_RATE_OFDM36,  72 },
935                 { IWI_RATE_OFDM48,  96 },
936                 { IWI_RATE_OFDM54, 108 },
937         };
938         uint32_t val;
939         int rate, i;
940
941         imr->ifm_status = IFM_AVALID;
942         imr->ifm_active = IFM_IEEE80211;
943         if (ic->ic_state == IEEE80211_S_RUN)
944                 imr->ifm_status |= IFM_ACTIVE;
945
946         /* read current transmission rate from adapter */
947         val = CSR_READ_4(sc, IWI_CSR_CURRENT_TX_RATE);
948
949         /* convert rate to 802.11 rate */
950         for (i = 0; i < N(rates) && rates[i].val != val; i++);
951         rate = (i < N(rates)) ? rates[i].rate : 0;
952
953         imr->ifm_active |= ieee80211_rate2media(ic, rate, ic->ic_curmode);
954         switch (ic->ic_opmode) {
955         case IEEE80211_M_STA:
956                 break;
957
958         case IEEE80211_M_IBSS:
959                 imr->ifm_active |= IFM_IEEE80211_ADHOC;
960                 break;
961
962         case IEEE80211_M_MONITOR:
963                 imr->ifm_active |= IFM_IEEE80211_MONITOR;
964                 break;
965
966         case IEEE80211_M_AHDEMO:
967         case IEEE80211_M_HOSTAP:
968                 /* should not get there */
969                 break;
970         }
971 #undef N
972 }
973
974 static int
975 iwi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
976 {
977         struct ifnet *ifp = ic->ic_ifp;
978         struct iwi_softc *sc = ifp->if_softc;
979         enum ieee80211_state ostate;
980         uint32_t tmp;
981
982         ostate = ic->ic_state;
983
984         switch (nstate) {
985         case IEEE80211_S_SCAN:
986                 if (sc->flags & IWI_FLAG_SCANNING)
987                         break;
988
989                 ieee80211_node_table_reset(&ic->ic_scan);
990                 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN;
991                 sc->flags |= IWI_FLAG_SCANNING;
992                 iwi_scan(sc);
993                 break;
994
995         case IEEE80211_S_AUTH:
996                 iwi_auth_and_assoc(sc);
997                 break;
998
999         case IEEE80211_S_RUN:
1000                 if (ic->ic_opmode == IEEE80211_M_IBSS)
1001                         iwi_auth_and_assoc(sc);
1002                 else if (ic->ic_opmode == IEEE80211_M_MONITOR)
1003                         iwi_set_chan(sc, ic->ic_ibss_chan);
1004
1005                 /* assoc led on */
1006                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1007                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp | IWI_LED_ASSOC);
1008
1009                 return sc->sc_newstate(ic, nstate,
1010                     IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1011
1012         case IEEE80211_S_ASSOC:
1013                 break;
1014
1015         case IEEE80211_S_INIT:
1016                 sc->flags &= ~IWI_FLAG_SCANNING;
1017
1018                 if (ostate != IEEE80211_S_RUN)
1019                         break;
1020
1021                 /* assoc led off */
1022                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1023                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp & ~IWI_LED_ASSOC);
1024                 break;
1025         }
1026
1027         ic->ic_state = nstate;
1028
1029         return 0;
1030 }
1031
1032 /*
1033  * WME parameters coming from IEEE 802.11e specification.  These values are
1034  * already declared in ieee80211_proto.c, but they are static so they can't
1035  * be reused here.
1036  */
1037 static const struct wmeParams iwi_wme_cck_params[WME_NUM_AC] = {
1038         { 0, 3, 5,  7,   0 },   /* WME_AC_BE */
1039         { 0, 3, 5, 10,   0 },   /* WME_AC_BK */
1040         { 0, 2, 4,  5, 188 },   /* WME_AC_VI */
1041         { 0, 2, 3,  4, 102 }    /* WME_AC_VO */
1042 };
1043
1044 static const struct wmeParams iwi_wme_ofdm_params[WME_NUM_AC] = {
1045         { 0, 3, 4,  6,   0 },   /* WME_AC_BE */
1046         { 0, 3, 4, 10,   0 },   /* WME_AC_BK */
1047         { 0, 2, 3,  4,  94 },   /* WME_AC_VI */
1048         { 0, 2, 2,  3,  47 }    /* WME_AC_VO */
1049 };
1050
1051 static int
1052 iwi_wme_update(struct ieee80211com *ic)
1053 {
1054 #define IWI_EXP2(v)     htole16((1 << (v)) - 1)
1055 #define IWI_USEC(v)     htole16(IEEE80211_TXOP_TO_US(v))
1056         struct iwi_softc *sc = ic->ic_ifp->if_softc;
1057         struct iwi_wme_params wme[3];
1058         const struct wmeParams *wmep;
1059         int ac;
1060
1061         /*
1062          * We shall not override firmware default WME values if WME is not
1063          * actually enabled.
1064          */
1065         if (!(ic->ic_flags & IEEE80211_F_WME))
1066                 return 0;
1067
1068         for (ac = 0; ac < WME_NUM_AC; ac++) {
1069                 /* set WME values for current operating mode */
1070                 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac];
1071                 wme[0].aifsn[ac] = wmep->wmep_aifsn;
1072                 wme[0].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1073                 wme[0].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1074                 wme[0].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1075                 wme[0].acm[ac]   = wmep->wmep_acm;
1076
1077                 /* set WME values for CCK modulation */
1078                 wmep = &iwi_wme_cck_params[ac];
1079                 wme[1].aifsn[ac] = wmep->wmep_aifsn;
1080                 wme[1].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1081                 wme[1].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1082                 wme[1].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1083                 wme[1].acm[ac]   = wmep->wmep_acm;
1084
1085                 /* set WME values for OFDM modulation */
1086                 wmep = &iwi_wme_ofdm_params[ac];
1087                 wme[2].aifsn[ac] = wmep->wmep_aifsn;
1088                 wme[2].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1089                 wme[2].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1090                 wme[2].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1091                 wme[2].acm[ac]   = wmep->wmep_acm;
1092         }
1093
1094         DPRINTF(("Setting WME parameters\n"));
1095         return iwi_cmd(sc, IWI_CMD_SET_WME_PARAMS, wme, sizeof wme, 1);
1096 #undef IWI_USEC
1097 #undef IWI_EXP2
1098 }
1099
1100 /*
1101  * Read 16 bits at address 'addr' from the serial EEPROM.
1102  */
1103 static uint16_t
1104 iwi_read_prom_word(struct iwi_softc *sc, uint8_t addr)
1105 {
1106         uint32_t tmp;
1107         uint16_t val;
1108         int n;
1109
1110         /* Clock C once before the first command */
1111         IWI_EEPROM_CTL(sc, 0);
1112         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1113         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1114         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1115
1116         /* Write start bit (1) */
1117         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1118         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1119
1120         /* Write READ opcode (10) */
1121         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1122         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1123         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1124         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1125
1126         /* Write address A7-A0 */
1127         for (n = 7; n >= 0; n--) {
1128                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1129                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D));
1130                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1131                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D) | IWI_EEPROM_C);
1132         }
1133
1134         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1135
1136         /* Read data Q15-Q0 */
1137         val = 0;
1138         for (n = 15; n >= 0; n--) {
1139                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1140                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1141                 tmp = MEM_READ_4(sc, IWI_MEM_EEPROM_CTL);
1142                 val |= ((tmp & IWI_EEPROM_Q) >> IWI_EEPROM_SHIFT_Q) << n;
1143         }
1144
1145         IWI_EEPROM_CTL(sc, 0);
1146
1147         /* Clear Chip Select and clock C */
1148         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1149         IWI_EEPROM_CTL(sc, 0);
1150         IWI_EEPROM_CTL(sc, IWI_EEPROM_C);
1151
1152         return val;
1153 }
1154
1155 /*
1156  * XXX: Hack to set the current channel to the value advertised in beacons or
1157  * probe responses. Only used during AP detection.
1158  */
1159 static void
1160 iwi_fix_channel(struct ieee80211com *ic, struct mbuf *m)
1161 {
1162         struct ieee80211_frame *wh;
1163         uint8_t subtype;
1164         uint8_t *frm, *efrm;
1165
1166         wh = mtod(m, struct ieee80211_frame *);
1167
1168         if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT)
1169                 return;
1170
1171         subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
1172
1173         if (subtype != IEEE80211_FC0_SUBTYPE_BEACON &&
1174             subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP)
1175                 return;
1176
1177         frm = (uint8_t *)(wh + 1);
1178         efrm = mtod(m, uint8_t *) + m->m_len;
1179
1180         frm += 12;      /* skip tstamp, bintval and capinfo fields */
1181         while (frm < efrm) {
1182                 if (*frm == IEEE80211_ELEMID_DSPARMS)
1183 #if IEEE80211_CHAN_MAX < 255
1184                 if (frm[2] <= IEEE80211_CHAN_MAX)
1185 #endif
1186                         ic->ic_curchan = &ic->ic_channels[frm[2]];
1187
1188                 frm += frm[1] + 2;
1189         }
1190 }
1191
1192 static void
1193 iwi_frame_intr(struct iwi_softc *sc, struct iwi_rx_data *data, int i,
1194     struct iwi_frame *frame)
1195 {
1196         struct ieee80211com *ic = &sc->sc_ic;
1197         struct ifnet *ifp = ic->ic_ifp;
1198         struct mbuf *mnew, *m;
1199         struct ieee80211_frame *wh;
1200         struct ieee80211_node *ni;
1201         int error;
1202
1203         DPRINTFN(5, ("received frame len=%u chan=%u rssi=%u\n",
1204             le16toh(frame->len), frame->chan, frame->rssi_dbm));
1205
1206         if (le16toh(frame->len) < sizeof (struct ieee80211_frame))
1207                 return;
1208
1209         /*
1210          * Try to allocate a new mbuf for this ring element and load it before
1211          * processing the current mbuf. If the ring element cannot be loaded,
1212          * drop the received packet and reuse the old mbuf. In the unlikely
1213          * case that the old mbuf can't be reloaded either, explicitly panic.
1214          */
1215         mnew = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
1216         if (mnew == NULL) {
1217                 ifp->if_ierrors++;
1218                 return;
1219         }
1220
1221         bus_dmamap_unload(sc->rxq.data_dmat, data->map);
1222
1223         error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1224             mtod(mnew, void *), MCLBYTES, iwi_dma_map_addr, &data->physaddr,
1225             0);
1226         if (error != 0) {
1227                 m_freem(mnew);
1228
1229                 /* try to reload the old mbuf */
1230                 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1231                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
1232                     &data->physaddr, 0);
1233                 if (error != 0) {
1234                         /* very unlikely that it will fail... */
1235                         panic("%s: could not load old rx mbuf",
1236                             device_get_name(sc->sc_dev));
1237                 }
1238                 ifp->if_ierrors++;
1239                 return;
1240         }
1241
1242         /*
1243          * New mbuf successfully loaded, update Rx ring and continue
1244          * processing.
1245          */
1246         m = data->m;
1247         data->m = mnew;
1248         CSR_WRITE_4(sc, data->reg, data->physaddr);
1249
1250         /* Finalize mbuf */
1251         m->m_pkthdr.rcvif = ifp;
1252         m->m_pkthdr.len = m->m_len = sizeof (struct iwi_hdr) +
1253             sizeof (struct iwi_frame) + le16toh(frame->len);
1254
1255         m_adj(m, sizeof (struct iwi_hdr) + sizeof (struct iwi_frame));
1256
1257         if (ic->ic_state == IEEE80211_S_SCAN)
1258                 iwi_fix_channel(ic, m);
1259
1260         if (sc->sc_drvbpf != NULL) {
1261                 struct iwi_rx_radiotap_header *tap = &sc->sc_rxtap;
1262
1263                 tap->wr_flags = 0;
1264                 tap->wr_rate = frame->rate;
1265                 tap->wr_chan_freq =
1266                     htole16(ic->ic_channels[frame->chan].ic_freq);
1267                 tap->wr_chan_flags =
1268                     htole16(ic->ic_channels[frame->chan].ic_flags);
1269                 tap->wr_antsignal = frame->signal;
1270                 tap->wr_antenna = frame->antenna;
1271
1272                 bpf_ptap(sc->sc_drvbpf, m, tap, sc->sc_rxtap_len);
1273         }
1274
1275         wh = mtod(m, struct ieee80211_frame *);
1276         ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
1277
1278         /* send the frame to the 802.11 layer */
1279         ieee80211_input(ic, m, ni, frame->rssi_dbm, 0);
1280
1281         /* node is no longer needed */
1282         ieee80211_free_node(ni);
1283 }
1284
1285 static void
1286 iwi_notification_intr(struct iwi_softc *sc, struct iwi_notif *notif)
1287 {
1288         struct ieee80211com *ic = &sc->sc_ic;
1289         struct iwi_notif_scan_channel *chan;
1290         struct iwi_notif_scan_complete *scan;
1291         struct iwi_notif_authentication *auth;
1292         struct iwi_notif_association *assoc;
1293
1294         switch (notif->type) {
1295         case IWI_NOTIF_TYPE_SCAN_CHANNEL:
1296                 chan = (struct iwi_notif_scan_channel *)(notif + 1);
1297
1298                 DPRINTFN(2, ("Scanning channel (%u)\n", chan->nchan));
1299                 break;
1300
1301         case IWI_NOTIF_TYPE_SCAN_COMPLETE:
1302                 scan = (struct iwi_notif_scan_complete *)(notif + 1);
1303
1304                 DPRINTFN(2, ("Scan completed (%u, %u)\n", scan->nchan,
1305                     scan->status));
1306
1307                 /* monitor mode uses scan to set the channel ... */
1308                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1309                         sc->flags &= ~IWI_FLAG_SCANNING;
1310                         ieee80211_end_scan(ic);
1311                 } else
1312                         iwi_set_chan(sc, ic->ic_ibss_chan);
1313                 break;
1314
1315         case IWI_NOTIF_TYPE_AUTHENTICATION:
1316                 auth = (struct iwi_notif_authentication *)(notif + 1);
1317
1318                 DPRINTFN(2, ("Authentication (%u)\n", auth->state));
1319
1320                 switch (auth->state) {
1321                 case IWI_AUTHENTICATED:
1322                         ieee80211_node_authorize(ic->ic_bss);
1323                         ieee80211_new_state(ic, IEEE80211_S_ASSOC, -1);
1324                         break;
1325
1326                 case IWI_DEAUTHENTICATED:
1327                         break;
1328
1329                 default:
1330                         device_printf(sc->sc_dev,
1331                             "unknown authentication state %u\n", auth->state);
1332                 }
1333                 break;
1334
1335         case IWI_NOTIF_TYPE_ASSOCIATION:
1336                 assoc = (struct iwi_notif_association *)(notif + 1);
1337
1338                 DPRINTFN(2, ("Association (%u, %u)\n", assoc->state,
1339                     assoc->status));
1340
1341                 switch (assoc->state) {
1342                 case IWI_AUTHENTICATED:
1343                         /* re-association, do nothing */
1344                         break;
1345
1346                 case IWI_ASSOCIATED:
1347                         ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
1348                         break;
1349
1350                 case IWI_DEASSOCIATED:
1351                         ieee80211_begin_scan(ic, 1);
1352                         break;
1353
1354                 default:
1355                         device_printf(sc->sc_dev,
1356                             "unknown association state %u\n", assoc->state);
1357                 }
1358                 break;
1359
1360         default:
1361                 DPRINTFN(5, ("Notification (%u)\n", notif->type));
1362         }
1363 }
1364
1365 static void
1366 iwi_rx_intr(struct iwi_softc *sc)
1367 {
1368         struct iwi_rx_data *data;
1369         struct iwi_hdr *hdr;
1370         uint32_t hw;
1371
1372         hw = CSR_READ_4(sc, IWI_CSR_RX_RIDX);
1373
1374         for (; sc->rxq.cur != hw;) {
1375                 data = &sc->rxq.data[sc->rxq.cur];
1376
1377                 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
1378                     BUS_DMASYNC_POSTREAD);
1379
1380                 hdr = mtod(data->m, struct iwi_hdr *);
1381
1382                 switch (hdr->type) {
1383                 case IWI_HDR_TYPE_FRAME:
1384                         iwi_frame_intr(sc, data, sc->rxq.cur,
1385                             (struct iwi_frame *)(hdr + 1));
1386                         break;
1387
1388                 case IWI_HDR_TYPE_NOTIF:
1389                         iwi_notification_intr(sc,
1390                             (struct iwi_notif *)(hdr + 1));
1391                         break;
1392
1393                 default:
1394                         device_printf(sc->sc_dev, "unknown hdr type %u\n",
1395                             hdr->type);
1396                 }
1397
1398                 DPRINTFN(15, ("rx done idx=%u\n", sc->rxq.cur));
1399
1400                 sc->rxq.cur = (sc->rxq.cur + 1) % IWI_RX_RING_COUNT;
1401         }
1402
1403         /* Tell the firmware what we have processed */
1404         hw = (hw == 0) ? IWI_RX_RING_COUNT - 1 : hw - 1;
1405         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, hw);
1406 }
1407
1408 static void
1409 iwi_tx_intr(struct iwi_softc *sc, struct iwi_tx_ring *txq)
1410 {
1411         struct ieee80211com *ic = &sc->sc_ic;
1412         struct ifnet *ifp = ic->ic_ifp;
1413         struct iwi_tx_data *data;
1414         uint32_t hw;
1415
1416         hw = CSR_READ_4(sc, txq->csr_ridx);
1417
1418         for (; txq->next != hw;) {
1419                 data = &txq->data[txq->next];
1420
1421                 bus_dmamap_sync(txq->data_dmat, data->map,
1422                     BUS_DMASYNC_POSTWRITE);
1423                 bus_dmamap_unload(txq->data_dmat, data->map);
1424                 m_freem(data->m);
1425                 data->m = NULL;
1426                 ieee80211_free_node(data->ni);
1427                 data->ni = NULL;
1428
1429                 DPRINTFN(15, ("tx done idx=%u\n", txq->next));
1430
1431                 ifp->if_opackets++;
1432
1433                 txq->queued--;
1434                 txq->next = (txq->next + 1) % IWI_TX_RING_COUNT;
1435         }
1436
1437         sc->sc_tx_timer = 0;
1438         ifp->if_flags &= ~IFF_OACTIVE;
1439         iwi_start(ifp);
1440 }
1441
1442 static void
1443 iwi_intr(void *arg)
1444 {
1445         struct iwi_softc *sc = arg;
1446         uint32_t r;
1447
1448         r = CSR_READ_4(sc, IWI_CSR_INTR);
1449         if (r == 0 || r == 0xffffffff)
1450                 return;
1451
1452         /* disable interrupts */
1453         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1454
1455         if (r & (IWI_INTR_FATAL_ERROR | IWI_INTR_PARITY_ERROR)) {
1456                 device_printf(sc->sc_dev, "fatal error\n");
1457                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1458                 iwi_stop(sc);
1459         }
1460
1461         if (r & IWI_INTR_FW_INITED) {
1462                 if (!(r & (IWI_INTR_FATAL_ERROR | IWI_INTR_PARITY_ERROR)))
1463                         wakeup(IWI_FW_INITIALIZED(sc));
1464         }
1465
1466         if (r & IWI_INTR_RADIO_OFF) {
1467                 DPRINTF(("radio transmitter turned off\n"));
1468                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1469                 iwi_stop(sc);
1470         }
1471
1472         if (r & IWI_INTR_CMD_DONE)
1473                 wakeup(IWI_FW_CMD_ACKED(sc));
1474
1475         if (r & IWI_INTR_TX1_DONE)
1476                 iwi_tx_intr(sc, &sc->txq[0]);
1477
1478         if (r & IWI_INTR_TX2_DONE)
1479                 iwi_tx_intr(sc, &sc->txq[1]);
1480
1481         if (r & IWI_INTR_TX3_DONE)
1482                 iwi_tx_intr(sc, &sc->txq[2]);
1483
1484         if (r & IWI_INTR_TX4_DONE)
1485                 iwi_tx_intr(sc, &sc->txq[3]);
1486
1487         if (r & IWI_INTR_RX_DONE)
1488                 iwi_rx_intr(sc);
1489
1490         /* acknowledge interrupts */
1491         CSR_WRITE_4(sc, IWI_CSR_INTR, r);
1492
1493         /* re-enable interrupts */
1494         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
1495 }
1496
1497 static int
1498 iwi_cmd(struct iwi_softc *sc, uint8_t type, void *data, uint8_t len, int async)
1499 {
1500         struct iwi_cmd_desc *desc;
1501         struct ifnet *ifp = &sc->sc_ic.ic_if;
1502         int ret;
1503
1504         desc = &sc->cmdq.desc[sc->cmdq.cur];
1505
1506         desc->hdr.type = IWI_HDR_TYPE_COMMAND;
1507         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1508         desc->type = type;
1509         desc->len = len;
1510         memcpy(desc->data, data, len);
1511
1512         bus_dmamap_sync(sc->cmdq.desc_dmat, sc->cmdq.desc_map,
1513             BUS_DMASYNC_PREWRITE);
1514
1515         DPRINTFN(2, ("sending command idx=%u type=%u len=%u\n", sc->cmdq.cur,
1516             type, len));
1517
1518         sc->cmdq.cur = (sc->cmdq.cur + 1) % IWI_CMD_RING_COUNT;
1519         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
1520
1521         if (!async) {
1522                 ASSERT_SERIALIZED(ifp->if_serializer);
1523
1524                 crit_enter();
1525                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
1526                 lwkt_serialize_exit(ifp->if_serializer);
1527                 ret = tsleep(IWI_FW_CMD_ACKED(sc), 0, "iwicmd", hz);
1528                 crit_exit();
1529                 lwkt_serialize_enter(ifp->if_serializer);
1530         } else {
1531                 ret = 0;
1532         }
1533
1534         return ret;
1535 }
1536
1537 static void
1538 iwi_write_ibssnode(struct iwi_softc *sc, const struct iwi_node *in)
1539 {
1540         struct iwi_ibssnode node;
1541
1542         /* write node information into NIC memory */
1543         memset(&node, 0, sizeof node);
1544         IEEE80211_ADDR_COPY(node.bssid, in->in_node.ni_macaddr);
1545
1546         CSR_WRITE_REGION_1(sc,
1547             IWI_CSR_NODE_BASE + in->in_station * sizeof node,
1548             (uint8_t *)&node, sizeof node);
1549 }
1550
1551 struct iwi_dma_mapping {
1552         bus_dma_segment_t segs[IWI_MAX_NSEG];
1553         int nseg;
1554         bus_size_t mapsize;
1555 };
1556
1557 static void
1558 iwi_dma_map_mbuf(void *arg, bus_dma_segment_t *segs, int nseg,
1559                  bus_size_t mapsize, int error)
1560 {
1561         struct iwi_dma_mapping *map = arg;
1562
1563         if (error != 0)
1564                 return;
1565
1566         KASSERT(nseg <= IWI_MAX_NSEG, ("too many DMA segments %d", nseg));
1567
1568         bcopy(segs, map->segs, nseg * sizeof(bus_dma_segment_t));
1569         map->nseg = nseg;
1570         map->mapsize = mapsize;
1571 }
1572
1573 static int
1574 iwi_tx_start(struct ifnet *ifp, struct mbuf *m0, struct ieee80211_node *ni,
1575     int ac)
1576 {
1577         struct iwi_softc *sc = ifp->if_softc;
1578         struct ieee80211com *ic = &sc->sc_ic;
1579         struct iwi_node *in = (struct iwi_node *)ni;
1580         struct ieee80211_frame *wh;
1581         struct ieee80211_key *k;
1582         const struct chanAccParams *cap;
1583         struct iwi_tx_ring *txq = &sc->txq[ac];
1584         struct iwi_tx_data *data;
1585         struct iwi_tx_desc *desc;
1586         struct mbuf *mnew;
1587         struct iwi_dma_mapping map;
1588         int error, hdrlen, i, noack = 0;
1589
1590         wh = mtod(m0, struct ieee80211_frame *);
1591
1592         if (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS) {
1593                 hdrlen = sizeof (struct ieee80211_qosframe);
1594                 cap = &ic->ic_wme.wme_chanParams;
1595                 noack = cap->cap_wmeParams[ac].wmep_noackPolicy;
1596         } else
1597                 hdrlen = sizeof (struct ieee80211_frame);
1598
1599         /*
1600          * This is only used in IBSS mode where the firmware expect an index
1601          * in a h/w table instead of a destination address.
1602          */
1603         if (ic->ic_opmode == IEEE80211_M_IBSS && in->in_station == -1) {
1604                 in->in_station = iwi_alloc_ibss_node(sc);
1605                 if (in->in_station == -1) {     /* h/w table is full */
1606                         m_freem(m0);
1607                         ieee80211_free_node(ni);
1608                         ifp->if_oerrors++;
1609                         if_printf(ifp, "ibss table is full\n");
1610                         return 0;
1611                 }
1612                 iwi_write_ibssnode(sc, in);
1613         }
1614
1615         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1616                 k = ieee80211_crypto_encap(ic, ni, m0);
1617                 if (k == NULL) {
1618                         m_freem(m0);
1619                         return ENOBUFS;
1620                 }
1621
1622                 /* packet header may have moved, reset our local pointer */
1623                 wh = mtod(m0, struct ieee80211_frame *);
1624         }
1625
1626         if (sc->sc_drvbpf != NULL) {
1627                 struct iwi_tx_radiotap_header *tap = &sc->sc_txtap;
1628
1629                 tap->wt_flags = 0;
1630                 tap->wt_chan_freq = htole16(ic->ic_ibss_chan->ic_freq);
1631                 tap->wt_chan_flags = htole16(ic->ic_ibss_chan->ic_flags);
1632
1633                 bpf_ptap(sc->sc_drvbpf, m0, tap, sc->sc_txtap_len);
1634         }
1635
1636         data = &txq->data[txq->cur];
1637         desc = &txq->desc[txq->cur];
1638
1639         /* save and trim IEEE802.11 header */
1640         m_copydata(m0, 0, hdrlen, (caddr_t)&desc->wh);
1641         m_adj(m0, hdrlen);
1642
1643         error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1644                                      iwi_dma_map_mbuf, &map, BUS_DMA_NOWAIT);
1645         if (error != 0 && error != EFBIG) {
1646                 device_printf(sc->sc_dev, "could not map mbuf (error %d)\n",
1647                     error);
1648                 m_freem(m0);
1649                 return error;
1650         }
1651         if (error != 0) {
1652                 mnew = m_defrag(m0, MB_DONTWAIT);
1653                 if (mnew == NULL) {
1654                         device_printf(sc->sc_dev,
1655                             "could not defragment mbuf\n");
1656                         m_freem(m0);
1657                         return ENOBUFS;
1658                 }
1659                 m0 = mnew;
1660
1661                 error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1662                                              iwi_dma_map_mbuf, &map,
1663                                              BUS_DMA_NOWAIT);
1664                 if (error != 0) {
1665                         device_printf(sc->sc_dev,
1666                             "could not map mbuf (error %d)\n", error);
1667                         m_freem(m0);
1668                         return error;
1669                 }
1670         }
1671
1672         data->m = m0;
1673         data->ni = ni;
1674
1675         desc->hdr.type = IWI_HDR_TYPE_DATA;
1676         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1677         desc->station =
1678             (ic->ic_opmode == IEEE80211_M_IBSS) ? in->in_station : 0;
1679         desc->cmd = IWI_DATA_CMD_TX;
1680         desc->len = htole16(m0->m_pkthdr.len);
1681         desc->flags = 0;
1682         desc->xflags = 0;
1683
1684         if (!noack && !IEEE80211_IS_MULTICAST(desc->wh.i_addr1))
1685                 desc->flags |= IWI_DATA_FLAG_NEED_ACK;
1686
1687 #if 0
1688         if (ic->ic_flags & IEEE80211_F_PRIVACY) {
1689                 desc->wh.i_fc[1] |= IEEE80211_FC1_WEP;
1690                 desc->weptxkey = ic->ic_crypto.cs_def_txkey;
1691         } else
1692 #endif
1693                 desc->flags |= IWI_DATA_FLAG_NO_WEP;
1694
1695         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1696                 desc->flags |= IWI_DATA_FLAG_SHPREAMBLE;
1697
1698         if (desc->wh.i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS)
1699                 desc->xflags |= IWI_DATA_XFLAG_QOS;
1700
1701         desc->nseg = htole32(map.nseg);
1702         for (i = 0; i < map.nseg; i++) {
1703                 desc->seg_addr[i] = htole32(map.segs[i].ds_addr);
1704                 desc->seg_len[i]  = htole16(map.segs[i].ds_len);
1705         }
1706
1707         bus_dmamap_sync(txq->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
1708         bus_dmamap_sync(txq->desc_dmat, txq->desc_map, BUS_DMASYNC_PREWRITE);
1709
1710         DPRINTFN(5, ("sending data frame txq=%u idx=%u len=%u nseg=%u\n",
1711             ac, txq->cur, le16toh(desc->len), nsegs));
1712
1713         txq->queued++;
1714         txq->cur = (txq->cur + 1) % IWI_TX_RING_COUNT;
1715         CSR_WRITE_4(sc, txq->csr_widx, txq->cur);
1716
1717         return 0;
1718 }
1719
1720 static void
1721 iwi_start(struct ifnet *ifp)
1722 {
1723         struct iwi_softc *sc = ifp->if_softc;
1724         struct ieee80211com *ic = &sc->sc_ic;
1725         struct mbuf *m0;
1726         struct ether_header *eh;
1727         struct ieee80211_node *ni;
1728         int ac;
1729
1730         if (ic->ic_state != IEEE80211_S_RUN)
1731                 return;
1732
1733         for (;;) {
1734                 m0 = ifq_dequeue(&ifp->if_snd, NULL);
1735                 if (m0 == NULL)
1736                         break;
1737
1738                 if (m0->m_len < sizeof (struct ether_header) &&
1739                     (m0 = m_pullup(m0, sizeof (struct ether_header))) == NULL) {
1740                         ifp->if_oerrors++;
1741                         continue;
1742                 }
1743                 eh = mtod(m0, struct ether_header *);
1744                 ni = ieee80211_find_txnode(ic, eh->ether_dhost);
1745                 if (ni == NULL) {
1746                         m_freem(m0);
1747                         ifp->if_oerrors++;
1748                         continue;
1749                 }
1750
1751                 /* classify mbuf so we can find which tx ring to use */
1752                 if (ieee80211_classify(ic, m0, ni) != 0) {
1753                         m_freem(m0);
1754                         ieee80211_free_node(ni);
1755                         ifp->if_oerrors++;
1756                         continue;
1757                 }
1758
1759                 /* no QoS encapsulation for EAPOL frames */
1760                 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ?
1761                     M_WME_GETAC(m0) : WME_AC_BE;
1762
1763                 if (sc->txq[ac].queued > IWI_TX_RING_COUNT - 8) {
1764                         /* there is no place left in this ring */
1765                         m_freem(m0);
1766                         ieee80211_free_node(ni);
1767                         ifp->if_flags |= IFF_OACTIVE;
1768                         break;
1769                 }
1770
1771                 BPF_MTAP(ifp, m0);
1772
1773                 m0 = ieee80211_encap(ic, m0, ni);
1774                 if (m0 == NULL) {
1775                         ieee80211_free_node(ni);
1776                         ifp->if_oerrors++;
1777                         continue;
1778                 }
1779
1780                 if (ic->ic_rawbpf != NULL)
1781                         bpf_mtap(ic->ic_rawbpf, m0);
1782
1783                 if (iwi_tx_start(ifp, m0, ni, ac) != 0) {
1784                         ieee80211_free_node(ni);
1785                         ifp->if_oerrors++;
1786                         break;
1787                 }
1788
1789                 sc->sc_tx_timer = 5;
1790                 ifp->if_timer = 1;
1791         }
1792 }
1793
1794 static void
1795 iwi_watchdog(struct ifnet *ifp)
1796 {
1797         struct iwi_softc *sc = ifp->if_softc;
1798         struct ieee80211com *ic = &sc->sc_ic;
1799
1800         ifp->if_timer = 0;
1801
1802         if (sc->sc_tx_timer > 0) {
1803                 if (--sc->sc_tx_timer == 0) {
1804                         if_printf(ifp, "device timeout\n");
1805                         ifp->if_oerrors++;
1806                         ifp->if_flags &= ~IFF_UP;
1807                         iwi_stop(sc);
1808                         return;
1809                 }
1810                 ifp->if_timer = 1;
1811         }
1812
1813         ieee80211_watchdog(ic);
1814 }
1815
1816 static int
1817 iwi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
1818 {
1819         struct iwi_softc *sc = ifp->if_softc;
1820         struct ieee80211com *ic = &sc->sc_ic;
1821         struct ifreq *ifr;
1822         int error = 0;
1823
1824         switch (cmd) {
1825         case SIOCSIFFLAGS:
1826                 if (ifp->if_flags & IFF_UP) {
1827                         if (!(ifp->if_flags & IFF_RUNNING))
1828                                 iwi_init(sc);
1829                 } else {
1830                         if (ifp->if_flags & IFF_RUNNING)
1831                                 iwi_stop(sc);
1832                 }
1833                 break;
1834
1835         case SIOCSLOADFW:
1836                 /* only super-user can do that! */
1837                 error = suser_cred(cr, NULL_CRED_OKAY);
1838                 if (error != 0)
1839                         break;
1840
1841                 ifr = (struct ifreq *)data;
1842                 error = iwi_cache_firmware(sc, ifr->ifr_data);
1843                 break;
1844
1845         case SIOCSKILLFW:
1846                 /* only super-user can do that! */
1847                 error = suser_cred(cr, NULL_CRED_OKAY);
1848                 if (error != 0)
1849                         break;
1850
1851                 ifp->if_flags &= ~IFF_UP;
1852                 iwi_stop(sc);
1853                 iwi_free_firmware(sc);
1854                 break;
1855
1856         default:
1857                 error = ieee80211_ioctl(ic, cmd, data, cr);
1858         }
1859
1860         if (error == ENETRESET) {
1861                 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1862                     (IFF_UP | IFF_RUNNING) &&
1863                     (ic->ic_roaming != IEEE80211_ROAMING_MANUAL))
1864                         iwi_init(sc);
1865                 error = 0;
1866         }
1867
1868         return error;
1869 }
1870
1871 static void
1872 iwi_stop_master(struct iwi_softc *sc)
1873 {
1874         uint32_t tmp;
1875         int ntries;
1876
1877         /* disable interrupts */
1878         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1879
1880         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_STOP_MASTER);
1881         for (ntries = 0; ntries < 5; ntries++) {
1882                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
1883                         break;
1884                 DELAY(10);
1885         }
1886         if (ntries == 5)
1887                 if_printf(&sc->sc_ic.ic_if, "timeout waiting for master\n");
1888
1889         tmp = CSR_READ_4(sc, IWI_CSR_RST);
1890         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_PRINCETON_RESET);
1891
1892         sc->flags &= ~IWI_FLAG_FW_INITED;
1893 }
1894
1895 static int
1896 iwi_reset(struct iwi_softc *sc)
1897 {
1898         uint32_t tmp;
1899         int i, ntries;
1900
1901         iwi_stop_master(sc);
1902
1903         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
1904         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
1905
1906         CSR_WRITE_4(sc, IWI_CSR_READ_INT, IWI_READ_INT_INIT_HOST);
1907
1908         /* Wait for clock stabilization */
1909         for (ntries = 0; ntries < 1000; ntries++) {
1910                 if (CSR_READ_4(sc, IWI_CSR_CTL) & IWI_CTL_CLOCK_READY)
1911                         break;
1912                 DELAY(200);
1913         }
1914         if (ntries == 1000) {
1915                 if_printf(&sc->sc_ic.ic_if,
1916                           "timeout waiting for clock stabilization\n");
1917                 return EIO;
1918         }
1919
1920         tmp = CSR_READ_4(sc, IWI_CSR_RST);
1921         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_SOFT_RESET);
1922
1923         DELAY(10);
1924
1925         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
1926         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
1927
1928         /* Clear NIC memory */
1929         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0);
1930         for (i = 0; i < 0xc000; i++)
1931                 CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
1932
1933         return 0;
1934 }
1935
1936 static int
1937 iwi_load_ucode(struct iwi_softc *sc, void *uc, int size)
1938 {
1939         uint32_t tmp;
1940         uint16_t *w;
1941         int ntries, i;
1942
1943         CSR_WRITE_4(sc, IWI_CSR_RST, CSR_READ_4(sc, IWI_CSR_RST) |
1944             IWI_RST_STOP_MASTER);
1945         for (ntries = 0; ntries < 5; ntries++) {
1946                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
1947                         break;
1948                 DELAY(10);
1949         }
1950         if (ntries == 5) {
1951                 device_printf(sc->sc_dev, "timeout waiting for master\n");
1952                 return EIO;
1953         }
1954
1955         MEM_WRITE_4(sc, 0x3000e0, 0x80000000);
1956         DELAY(5000);
1957
1958         tmp = CSR_READ_4(sc, IWI_CSR_RST);
1959         tmp &= ~IWI_RST_PRINCETON_RESET;
1960         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
1961
1962         DELAY(5000);
1963         MEM_WRITE_4(sc, 0x3000e0, 0);
1964         DELAY(1000);
1965         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 1);
1966         DELAY(1000);
1967         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 0);
1968         DELAY(1000);
1969         MEM_WRITE_1(sc, 0x200000, 0x00);
1970         MEM_WRITE_1(sc, 0x200000, 0x40);
1971         DELAY(1000);
1972
1973         /* write microcode into adapter memory */
1974         for (w = uc; size > 0; w++, size -= 2)
1975                 MEM_WRITE_2(sc, 0x200010, htole16(*w));
1976
1977         MEM_WRITE_1(sc, 0x200000, 0x00);
1978         MEM_WRITE_1(sc, 0x200000, 0x80);
1979
1980         /* wait until we get an answer */
1981         for (ntries = 0; ntries < 100; ntries++) {
1982                 if (MEM_READ_1(sc, 0x200000) & 1)
1983                         break;
1984                 DELAY(100);
1985         }
1986         if (ntries == 100) {
1987                 device_printf(sc->sc_dev,
1988                     "timeout waiting for ucode to initialize\n");
1989                 return EIO;
1990         }
1991
1992         /* read the answer or the firmware will not initialize properly */
1993         for (i = 0; i < 7; i++)
1994                 MEM_READ_4(sc, 0x200004);
1995
1996         MEM_WRITE_1(sc, 0x200000, 0x00);
1997
1998         return 0;
1999 }
2000
2001 /* macro to handle unaligned little endian data in firmware image */
2002 #define GETLE32(p) ((p)[0] | (p)[1] << 8 | (p)[2] << 16 | (p)[3] << 24)
2003
2004 static int
2005 iwi_load_firmware(struct iwi_softc *sc, void *fw, int size)
2006 {
2007         bus_dma_tag_t dmat;
2008         bus_dmamap_t map;
2009         bus_addr_t physaddr;
2010         void *virtaddr;
2011         u_char *p, *end;
2012         uint32_t sentinel, ctl, src, dst, sum, len, mlen, tmp;
2013         int ntries, error = 0;
2014         struct ifnet *ifp = &sc->sc_ic.ic_if;
2015
2016         ASSERT_SERIALIZED(ifp->if_serializer);
2017
2018         /* Allocate DMA memory for mapping firmware image */
2019         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
2020             BUS_SPACE_MAXADDR, NULL, NULL, size, 1, size, 0, &dmat);
2021         if (error != 0) {
2022                 device_printf(sc->sc_dev,
2023                     "could not create firmware DMA tag\n");
2024                 goto fail1;
2025         }
2026
2027         error = bus_dmamem_alloc(dmat, &virtaddr, BUS_DMA_WAITOK, &map);
2028         if (error != 0) {
2029                 device_printf(sc->sc_dev,
2030                     "could not allocate firmware DMA memory\n");
2031                 goto fail2;
2032         }
2033
2034         error = bus_dmamap_load(dmat, map, virtaddr, size, iwi_dma_map_addr,
2035             &physaddr, 0);
2036         if (error != 0) {
2037                 device_printf(sc->sc_dev, "could not load firmware DMA map\n");
2038                 goto fail3;
2039         }
2040
2041         /* Copy firmware image to DMA memory */
2042         memcpy(virtaddr, fw, size);
2043
2044         /* Make sure the adapter will get up-to-date values */
2045         bus_dmamap_sync(dmat, map, BUS_DMASYNC_PREWRITE);
2046
2047         /* Tell the adapter where the command blocks are stored */
2048         MEM_WRITE_4(sc, 0x3000a0, 0x27000);
2049
2050         /*
2051          * Store command blocks into adapter's internal memory using register
2052          * indirections. The adapter will read the firmware image through DMA
2053          * using information stored in command blocks.
2054          */
2055         src = physaddr;
2056         p = virtaddr;
2057         end = p + size;
2058         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0x27000);
2059
2060         while (p < end) {
2061                 dst = GETLE32(p); p += 4; src += 4;
2062                 len = GETLE32(p); p += 4; src += 4;
2063                 p += len;
2064
2065                 while (len > 0) {
2066                         mlen = min(len, IWI_CB_MAXDATALEN);
2067
2068                         ctl = IWI_CB_DEFAULT_CTL | mlen;
2069                         sum = ctl ^ src ^ dst;
2070
2071                         /* Write a command block */
2072                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, ctl);
2073                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, src);
2074                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, dst);
2075                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, sum);
2076
2077                         src += mlen;
2078                         dst += mlen;
2079                         len -= mlen;
2080                 }
2081         }
2082
2083         /* Write a fictive final command block (sentinel) */
2084         sentinel = CSR_READ_4(sc, IWI_CSR_AUTOINC_ADDR);
2085         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2086
2087         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2088         tmp &= ~(IWI_RST_MASTER_DISABLED | IWI_RST_STOP_MASTER);
2089         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2090
2091         /* Tell the adapter to start processing command blocks */
2092         MEM_WRITE_4(sc, 0x3000a4, 0x540100);
2093
2094         /* Wait until the adapter reaches the sentinel */
2095         for (ntries = 0; ntries < 400; ntries++) {
2096                 if (MEM_READ_4(sc, 0x3000d0) >= sentinel)
2097                         break;
2098                 DELAY(100);
2099         }
2100         if (ntries == 400) {
2101                 device_printf(sc->sc_dev,
2102                     "timeout processing command blocks\n");
2103                 error = EIO;
2104                 goto fail4;
2105         }
2106
2107         /* We're done with command blocks processing */
2108         MEM_WRITE_4(sc, 0x3000a4, 0x540c00);
2109
2110         /* Allow interrupts so we know when the firmware is ready */
2111         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
2112
2113         /* Tell the adapter to initialize the firmware */
2114         CSR_WRITE_4(sc, IWI_CSR_RST, 0);
2115
2116         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2117         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_ALLOW_STANDBY);
2118
2119         /* wait at most one second for firmware initialization to complete */
2120         crit_enter();
2121         tsleep_interlock(IWI_FW_INITIALIZED(sc));
2122         lwkt_serialize_exit(ifp->if_serializer);
2123         error = tsleep(IWI_FW_INITIALIZED(sc), 0, "iwiinit", hz);
2124         crit_exit();
2125         lwkt_serialize_enter(ifp->if_serializer);
2126         if (error != 0) {
2127                 device_printf(sc->sc_dev, "timeout waiting for firmware "
2128                     "initialization to complete\n");
2129                 goto fail4;
2130         }
2131
2132 fail4:  bus_dmamap_sync(dmat, map, BUS_DMASYNC_POSTWRITE);
2133         bus_dmamap_unload(dmat, map);
2134 fail3:  bus_dmamem_free(dmat, virtaddr, map);
2135 fail2:  bus_dma_tag_destroy(dmat);
2136 fail1:
2137         return error;
2138 }
2139
2140 /*
2141  * Store firmware into kernel memory so we can download it when we need to,
2142  * e.g when the adapter wakes up from suspend mode.
2143  */
2144 static int
2145 iwi_cache_firmware(struct iwi_softc *sc, void *data)
2146 {
2147         struct iwi_firmware *kfw = &sc->fw;
2148         struct iwi_firmware ufw;
2149         int error;
2150
2151         iwi_free_firmware(sc);
2152
2153         if ((error = copyin(data, &ufw, sizeof ufw)) != 0)
2154                 return error;
2155
2156         kfw->boot_size  = ufw.boot_size;
2157         kfw->ucode_size = ufw.ucode_size;
2158         kfw->main_size  = ufw.main_size;
2159
2160         kfw->boot = malloc(kfw->boot_size, M_DEVBUF, M_WAITOK);
2161         kfw->ucode = malloc(kfw->ucode_size, M_DEVBUF, M_WAITOK);
2162         kfw->main = malloc(kfw->main_size, M_DEVBUF, M_WAITOK);
2163
2164         if ((error = copyin(ufw.boot, kfw->boot, kfw->boot_size)) != 0)
2165                 goto fail;
2166
2167         if ((error = copyin(ufw.ucode, kfw->ucode, kfw->ucode_size)) != 0)
2168                 goto fail;
2169
2170         if ((error = copyin(ufw.main, kfw->main, kfw->main_size)) != 0)
2171                 goto fail;
2172
2173         DPRINTF(("Firmware cached: boot %u, ucode %u, main %u\n",
2174             kfw->boot_size, kfw->ucode_size, kfw->main_size));
2175
2176         sc->flags |= IWI_FLAG_FW_CACHED;
2177
2178         return 0;
2179
2180 fail:
2181         free(kfw->boot, M_DEVBUF);
2182         free(kfw->ucode, M_DEVBUF);
2183         free(kfw->main, M_DEVBUF);
2184
2185         return error;
2186 }
2187
2188 static void
2189 iwi_free_firmware(struct iwi_softc *sc)
2190 {
2191         if (!(sc->flags & IWI_FLAG_FW_CACHED))
2192                 return;
2193
2194         free(sc->fw.boot, M_DEVBUF);
2195         free(sc->fw.ucode, M_DEVBUF);
2196         free(sc->fw.main, M_DEVBUF);
2197
2198         sc->flags &= ~IWI_FLAG_FW_CACHED;
2199 }
2200
2201 static int
2202 iwi_config(struct iwi_softc *sc)
2203 {
2204         struct ieee80211com *ic = &sc->sc_ic;
2205         struct ifnet *ifp = ic->ic_ifp;
2206         struct iwi_configuration config;
2207         struct iwi_rateset rs;
2208         struct iwi_txpower power;
2209         struct ieee80211_key *wk;
2210         struct iwi_wep_key wepkey;
2211         uint32_t data;
2212         int error, i;
2213
2214         IEEE80211_ADDR_COPY(ic->ic_myaddr, IF_LLADDR(ifp));
2215         DPRINTF(("Setting MAC address to %6D\n", ic->ic_myaddr, ":"));
2216         error = iwi_cmd(sc, IWI_CMD_SET_MAC_ADDRESS, ic->ic_myaddr,
2217             IEEE80211_ADDR_LEN, 0);
2218         if (error != 0)
2219                 return error;
2220
2221         memset(&config, 0, sizeof config);
2222         config.bluetooth_coexistence = sc->bluetooth;
2223         config.antenna = sc->antenna;
2224         config.multicast_enabled = 1;
2225         config.answer_pbreq = (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2226         config.disable_unicast_decryption = 1;
2227         config.disable_multicast_decryption = 1;
2228         DPRINTF(("Configuring adapter\n"));
2229         error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config, 0);
2230         if (error != 0)
2231                 return error;
2232
2233         data = htole32(IWI_POWER_MODE_CAM);
2234         DPRINTF(("Setting power mode to %u\n", le32toh(data)));
2235         error = iwi_cmd(sc, IWI_CMD_SET_POWER_MODE, &data, sizeof data, 0);
2236         if (error != 0)
2237                 return error;
2238
2239         data = htole32(ic->ic_rtsthreshold);
2240         DPRINTF(("Setting RTS threshold to %u\n", le32toh(data)));
2241         error = iwi_cmd(sc, IWI_CMD_SET_RTS_THRESHOLD, &data, sizeof data, 0);
2242         if (error != 0)
2243                 return error;
2244
2245         data = htole32(ic->ic_fragthreshold);
2246         DPRINTF(("Setting fragmentation threshold to %u\n", le32toh(data)));
2247         error = iwi_cmd(sc, IWI_CMD_SET_FRAG_THRESHOLD, &data, sizeof data, 0);
2248         if (error != 0)
2249                 return error;
2250
2251         if (ic->ic_opmode == IEEE80211_M_IBSS) {
2252                 power.mode = IWI_MODE_11B;
2253                 power.nchan = 11;
2254                 for (i = 0; i < 11; i++) {
2255                         power.chan[i].chan = i + 1;
2256                         power.chan[i].power = IWI_TXPOWER_MAX;
2257                 }
2258                 DPRINTF(("Setting .11b channels tx power\n"));
2259                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2260                     0);
2261                 if (error != 0)
2262                         return error;
2263
2264                 power.mode = IWI_MODE_11G;
2265                 DPRINTF(("Setting .11g channels tx power\n"));
2266                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2267                     0);
2268                 if (error != 0)
2269                         return error;
2270         }
2271
2272         rs.mode = IWI_MODE_11G;
2273         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2274         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11G].rs_nrates;
2275         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11G].rs_rates,
2276             rs.nrates);
2277         DPRINTF(("Setting .11bg supported rates (%u)\n", rs.nrates));
2278         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2279         if (error != 0)
2280                 return error;
2281
2282         rs.mode = IWI_MODE_11A;
2283         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2284         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11A].rs_nrates;
2285         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11A].rs_rates,
2286             rs.nrates);
2287         DPRINTF(("Setting .11a supported rates (%u)\n", rs.nrates));
2288         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2289         if (error != 0)
2290                 return error;
2291
2292         /* if we have a desired ESSID, set it now */
2293         if (ic->ic_des_esslen != 0) {
2294 #ifdef IWI_DEBUG
2295                 if (iwi_debug > 0) {
2296                         printf("Setting desired ESSID to ");
2297                         ieee80211_print_essid(ic->ic_des_essid,
2298                             ic->ic_des_esslen);
2299                         printf("\n");
2300                 }
2301 #endif
2302                 error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ic->ic_des_essid,
2303                     ic->ic_des_esslen, 0);
2304                 if (error != 0)
2305                         return error;
2306         }
2307
2308         data = htole32(arc4random());
2309         DPRINTF(("Setting initialization vector to %u\n", le32toh(data)));
2310         error = iwi_cmd(sc, IWI_CMD_SET_IV, &data, sizeof data, 0);
2311         if (error != 0)
2312                 return error;
2313
2314         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2315                 wk = &ic->ic_crypto.cs_nw_keys[i];
2316
2317                 wepkey.cmd = IWI_WEP_KEY_CMD_SETKEY;
2318                 wepkey.idx = i;
2319                 wepkey.len = wk->wk_keylen;
2320                 memset(wepkey.key, 0, sizeof wepkey.key);
2321                 memcpy(wepkey.key, wk->wk_key, wk->wk_keylen);
2322                 DPRINTF(("Setting wep key index %u len %u\n", wepkey.idx,
2323                     wepkey.len));
2324                 error = iwi_cmd(sc, IWI_CMD_SET_WEP_KEY, &wepkey,
2325                     sizeof wepkey, 0);
2326                 if (error != 0)
2327                         return error;
2328         }
2329
2330         /* Enable adapter */
2331         DPRINTF(("Enabling adapter\n"));
2332         return iwi_cmd(sc, IWI_CMD_ENABLE, NULL, 0, 0);
2333 }
2334
2335 static int
2336 iwi_set_chan(struct iwi_softc *sc, struct ieee80211_channel *chan)
2337 {
2338         struct ieee80211com *ic = &sc->sc_ic;
2339         struct iwi_scan scan;
2340
2341         memset(&scan, 0, sizeof scan);
2342         memset(scan.type, IWI_SCAN_TYPE_PASSIVE, sizeof scan.type);
2343         scan.passive = htole16(2000);
2344         scan.channels[0] = 1 |
2345             (IEEE80211_IS_CHAN_5GHZ(chan) ? IWI_CHAN_5GHZ : IWI_CHAN_2GHZ);
2346         scan.channels[1] = ieee80211_chan2ieee(ic, chan);
2347
2348         DPRINTF(("Setting channel to %u\n", ieee80211_chan2ieee(ic, chan)));
2349         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2350 }
2351
2352 static int
2353 iwi_scan(struct iwi_softc *sc)
2354 {
2355         struct ieee80211com *ic = &sc->sc_ic;
2356         struct iwi_scan scan;
2357         uint8_t *p;
2358         int i, count;
2359
2360         memset(&scan, 0, sizeof scan);
2361
2362         if (ic->ic_des_esslen != 0) {
2363                 scan.bdirected = htole16(sc->dwelltime);
2364                 memset(scan.type, IWI_SCAN_TYPE_BDIRECTED, sizeof scan.type);
2365         } else {
2366                 scan.broadcast = htole16(sc->dwelltime);
2367                 memset(scan.type, IWI_SCAN_TYPE_BROADCAST, sizeof scan.type);
2368         }
2369
2370         p = scan.channels;
2371         count = 0;
2372         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2373                 if (IEEE80211_IS_CHAN_5GHZ(&ic->ic_channels[i]) &&
2374                     isset(ic->ic_chan_active, i)) {
2375                         *++p = i;
2376                         count++;
2377                 }
2378         }
2379         *(p - count) = IWI_CHAN_5GHZ | count;
2380
2381         p = (count > 0) ? p + 1 : scan.channels;
2382         count = 0;
2383         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2384                 if (IEEE80211_IS_CHAN_2GHZ(&ic->ic_channels[i]) &&
2385                     isset(ic->ic_chan_active, i)) {
2386                         *++p = i;
2387                         count++;
2388                 }
2389         }
2390         *(p - count) = IWI_CHAN_2GHZ | count;
2391
2392         DPRINTF(("Start scanning\n"));
2393         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2394 }
2395
2396 static int
2397 iwi_auth_and_assoc(struct iwi_softc *sc)
2398 {
2399         struct ieee80211com *ic = &sc->sc_ic;
2400         struct ifnet *ifp = ic->ic_ifp;
2401         struct ieee80211_node *ni = ic->ic_bss;
2402         struct ieee80211_wme_info wme;
2403         struct iwi_configuration config;
2404         struct iwi_associate assoc;
2405         struct iwi_rateset rs;
2406         uint16_t capinfo;
2407         uint32_t data;
2408         int error;
2409
2410         if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
2411                 memset(&config, 0, sizeof config);
2412                 config.bluetooth_coexistence = sc->bluetooth;
2413                 config.antenna = sc->antenna;
2414                 config.multicast_enabled = 1;
2415                 config.use_protection = 1;
2416                 config.answer_pbreq =
2417                     (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2418                 config.disable_unicast_decryption = 1;
2419                 config.disable_multicast_decryption = 1;
2420                 DPRINTF(("Configuring adapter\n"));
2421                 error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config,
2422                     1);
2423                 if (error != 0)
2424                         return error;
2425         }
2426
2427 #ifdef IWI_DEBUG
2428         if (iwi_debug > 0) {
2429                 printf("Setting ESSID to ");
2430                 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
2431                 printf("\n");
2432         }
2433 #endif
2434         error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ni->ni_essid, ni->ni_esslen, 1);
2435         if (error != 0)
2436                 return error;
2437
2438         /* the rate set has already been "negotiated" */
2439         rs.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2440             IWI_MODE_11G;
2441         rs.type = IWI_RATESET_TYPE_NEGOTIATED;
2442         rs.nrates = ni->ni_rates.rs_nrates;
2443         memcpy(rs.rates, ni->ni_rates.rs_rates, rs.nrates);
2444         DPRINTF(("Setting negociated rates (%u)\n", rs.nrates));
2445         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 1);
2446         if (error != 0)
2447                 return error;
2448
2449         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) {
2450                 wme.wme_id = IEEE80211_ELEMID_VENDOR;
2451                 wme.wme_len = sizeof (struct ieee80211_wme_info) - 2;
2452                 wme.wme_oui[0] = 0x00;
2453                 wme.wme_oui[1] = 0x50;
2454                 wme.wme_oui[2] = 0xf2;
2455                 wme.wme_type = WME_OUI_TYPE;
2456                 wme.wme_subtype = WME_INFO_OUI_SUBTYPE;
2457                 wme.wme_version = WME_VERSION;
2458                 wme.wme_info = 0;
2459
2460                 DPRINTF(("Setting WME IE (len=%u)\n", wme.wme_len));
2461                 error = iwi_cmd(sc, IWI_CMD_SET_WMEIE, &wme, sizeof wme, 1);
2462                 if (error != 0)
2463                         return error;
2464         }
2465
2466         if (ic->ic_opt_ie != NULL) {
2467                 DPRINTF(("Setting optional IE (len=%u)\n", ic->ic_opt_ie_len));
2468                 error = iwi_cmd(sc, IWI_CMD_SET_OPTIE, ic->ic_opt_ie,
2469                     ic->ic_opt_ie_len, 1);
2470                 if (error != 0)
2471                         return error;
2472         }
2473
2474         data = htole32(ni->ni_rssi);
2475         DPRINTF(("Setting sensitivity to %d\n", (int8_t)ni->ni_rssi));
2476         error = iwi_cmd(sc, IWI_CMD_SET_SENSITIVITY, &data, sizeof data, 1);
2477         if (error != 0)
2478                 return error;
2479
2480         memset(&assoc, 0, sizeof assoc);
2481         assoc.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2482             IWI_MODE_11G;
2483         assoc.chan = ieee80211_chan2ieee(ic, ni->ni_chan);
2484         if (ni->ni_authmode == IEEE80211_AUTH_SHARED)
2485                 assoc.auth = ic->ic_crypto.cs_def_txkey << 4 | IWI_AUTH_SHARED;
2486         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL)
2487                 assoc.policy |= htole16(IWI_POLICY_WME);
2488         if (ic->ic_flags & IEEE80211_F_WPA)
2489                 assoc.policy |= htole16(IWI_POLICY_WPA);
2490         memcpy(assoc.tstamp, ni->ni_tstamp.data, 8);
2491
2492         if (ic->ic_opmode == IEEE80211_M_IBSS)
2493                 capinfo = IEEE80211_CAPINFO_IBSS;
2494         else
2495                 capinfo = IEEE80211_CAPINFO_ESS;
2496         if (ic->ic_flags & IEEE80211_F_PRIVACY)
2497                 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2498         if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2499             IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
2500                 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2501         if (ic->ic_flags & IEEE80211_F_SHSLOT)
2502                 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2503         assoc.capinfo = htole16(capinfo);
2504
2505         assoc.lintval = htole16(ic->ic_lintval);
2506         assoc.intval = htole16(ni->ni_intval);
2507         IEEE80211_ADDR_COPY(assoc.bssid, ni->ni_bssid);
2508         if (ic->ic_opmode == IEEE80211_M_IBSS)
2509                 IEEE80211_ADDR_COPY(assoc.dst, ifp->if_broadcastaddr);
2510         else
2511                 IEEE80211_ADDR_COPY(assoc.dst, ni->ni_bssid);
2512
2513         DPRINTF(("Trying to associate to %6D channel %u auth %u\n",
2514             assoc.bssid, ":", assoc.chan, assoc.auth));
2515         return iwi_cmd(sc, IWI_CMD_ASSOCIATE, &assoc, sizeof assoc, 1);
2516 }
2517
2518 static void
2519 iwi_init(void *priv)
2520 {
2521         struct iwi_softc *sc = priv;
2522         struct ieee80211com *ic = &sc->sc_ic;
2523         struct ifnet *ifp = ic->ic_ifp;
2524         struct iwi_firmware *fw = &sc->fw;
2525         struct iwi_rx_data *data;
2526         int i;
2527
2528         /* exit immediately if firmware has not been ioctl'd */
2529         if (!(sc->flags & IWI_FLAG_FW_CACHED)) {
2530                 if (!(sc->flags & IWI_FLAG_FW_WARNED))
2531                         device_printf(sc->sc_dev, "Please load firmware\n");
2532                 sc->flags |= IWI_FLAG_FW_WARNED;
2533                 ifp->if_flags &= ~IFF_UP;
2534                 return;
2535         }
2536
2537         iwi_stop(sc);
2538
2539         if (iwi_reset(sc) != 0) {
2540                 device_printf(sc->sc_dev, "could not reset adapter\n");
2541                 goto fail;
2542         }
2543
2544         if (iwi_load_firmware(sc, fw->boot, fw->boot_size) != 0) {
2545                 device_printf(sc->sc_dev, "could not load boot firmware\n");
2546                 goto fail;
2547         }
2548
2549         if (iwi_load_ucode(sc, fw->ucode, fw->ucode_size) != 0) {
2550                 device_printf(sc->sc_dev, "could not load microcode\n");
2551                 goto fail;
2552         }
2553
2554         iwi_stop_master(sc);
2555
2556         CSR_WRITE_4(sc, IWI_CSR_CMD_BASE, sc->cmdq.physaddr);
2557         CSR_WRITE_4(sc, IWI_CSR_CMD_SIZE, sc->cmdq.count);
2558         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
2559
2560         CSR_WRITE_4(sc, IWI_CSR_TX1_BASE, sc->txq[0].physaddr);
2561         CSR_WRITE_4(sc, IWI_CSR_TX1_SIZE, sc->txq[0].count);
2562         CSR_WRITE_4(sc, IWI_CSR_TX1_WIDX, sc->txq[0].cur);
2563
2564         CSR_WRITE_4(sc, IWI_CSR_TX2_BASE, sc->txq[1].physaddr);
2565         CSR_WRITE_4(sc, IWI_CSR_TX2_SIZE, sc->txq[1].count);
2566         CSR_WRITE_4(sc, IWI_CSR_TX2_WIDX, sc->txq[1].cur);
2567
2568         CSR_WRITE_4(sc, IWI_CSR_TX3_BASE, sc->txq[2].physaddr);
2569         CSR_WRITE_4(sc, IWI_CSR_TX3_SIZE, sc->txq[2].count);
2570         CSR_WRITE_4(sc, IWI_CSR_TX3_WIDX, sc->txq[2].cur);
2571
2572         CSR_WRITE_4(sc, IWI_CSR_TX4_BASE, sc->txq[3].physaddr);
2573         CSR_WRITE_4(sc, IWI_CSR_TX4_SIZE, sc->txq[3].count);
2574         CSR_WRITE_4(sc, IWI_CSR_TX4_WIDX, sc->txq[3].cur);
2575
2576         for (i = 0; i < sc->rxq.count; i++) {
2577                 data = &sc->rxq.data[i];
2578                 CSR_WRITE_4(sc, data->reg, data->physaddr);
2579         }
2580
2581         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, sc->rxq.count - 1);
2582
2583         if (iwi_load_firmware(sc, fw->main, fw->main_size) != 0) {
2584                 device_printf(sc->sc_dev, "could not load main firmware\n");
2585                 goto fail;
2586         }
2587
2588         sc->flags |= IWI_FLAG_FW_INITED;
2589
2590         if (iwi_config(sc) != 0) {
2591                 device_printf(sc->sc_dev, "device configuration failed\n");
2592                 goto fail;
2593         }
2594
2595         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
2596                 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)
2597                         ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2598         } else
2599                 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
2600
2601         ifp->if_flags &= ~IFF_OACTIVE;
2602         ifp->if_flags |= IFF_RUNNING;
2603
2604         return;
2605
2606 fail:   ifp->if_flags &= ~IFF_UP;
2607         iwi_stop(sc);
2608 }
2609
2610 static void
2611 iwi_stop(void *priv)
2612 {
2613         struct iwi_softc *sc = priv;
2614         struct ieee80211com *ic = &sc->sc_ic;
2615         struct ifnet *ifp = ic->ic_ifp;
2616
2617         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2618
2619         iwi_stop_master(sc);
2620
2621         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_SOFT_RESET);
2622
2623         /* reset rings */
2624         iwi_reset_cmd_ring(sc, &sc->cmdq);
2625         iwi_reset_tx_ring(sc, &sc->txq[0]);
2626         iwi_reset_tx_ring(sc, &sc->txq[1]);
2627         iwi_reset_tx_ring(sc, &sc->txq[2]);
2628         iwi_reset_tx_ring(sc, &sc->txq[3]);
2629         iwi_reset_rx_ring(sc, &sc->rxq);
2630
2631         sc->sc_tx_timer = 0;
2632         ifp->if_timer = 0;
2633         ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
2634 }
2635
2636 static int
2637 iwi_sysctl_stats(SYSCTL_HANDLER_ARGS)
2638 {
2639         struct iwi_softc *sc = arg1;
2640         struct ifnet *ifp = &sc->sc_ic.ic_if;
2641         uint32_t size, buf[128];
2642
2643         lwkt_serialize_enter(ifp->if_serializer);
2644
2645         if (!(sc->flags & IWI_FLAG_FW_INITED)) {
2646                 memset(buf, 0, sizeof buf);
2647                 goto back;
2648         }
2649
2650         size = min(CSR_READ_4(sc, IWI_CSR_TABLE0_SIZE), 128 - 1);
2651         CSR_READ_REGION_4(sc, IWI_CSR_TABLE0_BASE, &buf[1], size);
2652 back:
2653         lwkt_serialize_exit(ifp->if_serializer);
2654         return SYSCTL_OUT(req, buf, sizeof buf);
2655 }
2656
2657 static int
2658 iwi_sysctl_radio(SYSCTL_HANDLER_ARGS)
2659 {
2660         struct iwi_softc *sc = arg1;
2661         struct ifnet *ifp = &sc->sc_ic.ic_if;
2662         int val;
2663
2664         lwkt_serialize_enter(ifp->if_serializer);
2665         val = (CSR_READ_4(sc, IWI_CSR_IO) & IWI_IO_RADIO_ENABLED) ? 1 : 0;
2666         lwkt_serialize_exit(ifp->if_serializer);
2667
2668         return SYSCTL_OUT(req, &val, sizeof val);
2669 }
2670
2671 static const int8_t     iwi_bitmap[256] = {
2672         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2673         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2674         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2675         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2676         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2677         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2678         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2679         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 7, 
2680         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2681         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2682         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2683         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2684         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2685         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2686         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2687         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, -1
2688 };
2689
2690 static int
2691 iwi_alloc_ibss_node(struct iwi_softc *sc)
2692 {
2693         int i;
2694
2695         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2696
2697         for (i = 0; i < IWI_MAX_IBSSNODE_NBYTE; ++i) {
2698                 int ret;
2699
2700                 ret = iwi_bitmap[sc->sc_ibss_node[i]];
2701                 if (ret != -1) {
2702                         sc->sc_ibss_node[i] |= (1 << ret);
2703                         ret += (i * NBBY);
2704                         return ret;
2705                 }
2706         }
2707         return -1;
2708 }
2709
2710 static void
2711 iwi_free_ibss_node(struct iwi_softc *sc, int ibss_node)
2712 {
2713         int i, b;
2714
2715         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2716         KASSERT(ibss_node < IWI_MAX_IBSSNODE, ("free ibss node, out of range"));
2717
2718         i = ibss_node / NBBY;
2719         b = ibss_node % NBBY;
2720
2721         sc->sc_ibss_node[i] &= ~(1 << b);
2722 }
syl's DragonFly repo