1 /* $OpenBSD: if_iwm.c,v 1.42 2015/05/30 02:49:23 deraadt Exp $ */
4 * Copyright (c) 2014 genua mbh <info@genua.de>
5 * Copyright (c) 2014 Fixup Software Ltd.
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Based on BSD-licensed source modules in the Linux iwlwifi driver,
22 * which were used as the reference documentation for this implementation.
24 * Driver version we are currently based off of is
25 * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd)
27 ***********************************************************************
29 * This file is provided under a dual BSD/GPLv2 license. When using or
30 * redistributing this file, you may do so under either license.
34 * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved.
36 * This program is free software; you can redistribute it and/or modify
37 * it under the terms of version 2 of the GNU General Public License as
38 * published by the Free Software Foundation.
40 * This program is distributed in the hope that it will be useful, but
41 * WITHOUT ANY WARRANTY; without even the implied warranty of
42 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
43 * General Public License for more details.
45 * You should have received a copy of the GNU General Public License
46 * along with this program; if not, write to the Free Software
47 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
50 * The full GNU General Public License is included in this distribution
51 * in the file called COPYING.
53 * Contact Information:
54 * Intel Linux Wireless <ilw@linux.intel.com>
55 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
60 * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved.
61 * All rights reserved.
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
67 * * Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 * * Redistributions in binary form must reproduce the above copyright
70 * notice, this list of conditions and the following disclaimer in
71 * the documentation and/or other materials provided with the
73 * * Neither the name Intel Corporation nor the names of its
74 * contributors may be used to endorse or promote products derived
75 * from this software without specific prior written permission.
77 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
78 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
79 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
80 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
81 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
82 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
83 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
84 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
85 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
87 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
91 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
93 * Permission to use, copy, modify, and distribute this software for any
94 * purpose with or without fee is hereby granted, provided that the above
95 * copyright notice and this permission notice appear in all copies.
97 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
98 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
99 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
100 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
101 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
102 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
103 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
108 * NOTE: Relative to roughly August 8th sources, does not include FreeBSD
109 * changes to remove per-device network interface (DragonFly has not
110 * caught up to that yet on the WLAN side).
112 * Comprehensive list of adjustments for DragonFly not #ifdef'd:
113 * malloc -> kmalloc (in particular, changing improper M_NOWAIT
114 * specifications to M_INTWAIT. We still don't
115 * understand why FreeBSD uses M_NOWAIT for
116 * critical must-not-fail kmalloc()s).
119 * (bug fix) memset in iwm_reset_rx_ring.
120 * (debug) added several kprintf()s on error
122 * header file paths (DFly allows localized path specifications).
123 * minor header file differences.
125 * Comprehensive list of adjustments for DragonFly #ifdef'd:
126 * (safety) added register read-back serialization in iwm_reset_rx_ring().
129 * mtx -> lk (mtx functions -> lockmgr functions)
130 * callout differences
131 * taskqueue differences
133 * bus_setup_intr() differences
134 * minor PCI config register naming differences
136 #include <sys/cdefs.h>
137 __FBSDID("$FreeBSD$");
139 #include <sys/param.h>
141 #include <sys/endian.h>
142 #include <sys/firmware.h>
143 #include <sys/kernel.h>
144 #include <sys/malloc.h>
145 #include <sys/mbuf.h>
146 #include <sys/mutex.h>
147 #include <sys/module.h>
148 #include <sys/proc.h>
149 #include <sys/rman.h>
150 #include <sys/socket.h>
151 #include <sys/sockio.h>
152 #include <sys/sysctl.h>
153 #include <sys/linker.h>
155 #include <machine/endian.h>
157 #include <bus/pci/pcivar.h>
158 #include <bus/pci/pcireg.h>
163 #include <net/if_var.h>
164 #include <net/if_arp.h>
165 #include <net/if_dl.h>
166 #include <net/if_media.h>
167 #include <net/if_types.h>
169 #include <netinet/in.h>
170 #include <netinet/in_systm.h>
171 #include <netinet/if_ether.h>
172 #include <netinet/ip.h>
174 #include <netproto/802_11/ieee80211_var.h>
175 #include <netproto/802_11/ieee80211_regdomain.h>
176 #include <netproto/802_11/ieee80211_ratectl.h>
177 #include <netproto/802_11/ieee80211_radiotap.h>
179 #include "if_iwmreg.h"
180 #include "if_iwmvar.h"
181 #include "if_iwm_debug.h"
182 #include "if_iwm_util.h"
183 #include "if_iwm_binding.h"
184 #include "if_iwm_phy_db.h"
185 #include "if_iwm_mac_ctxt.h"
186 #include "if_iwm_phy_ctxt.h"
187 #include "if_iwm_time_event.h"
188 #include "if_iwm_power.h"
189 #include "if_iwm_scan.h"
190 #include "if_iwm_pcie_trans.h"
191 #include "if_iwm_led.h"
193 const uint8_t iwm_nvm_channels[] = {
195 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
197 36, 40, 44, 48, 52, 56, 60, 64,
198 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
199 149, 153, 157, 161, 165
201 _Static_assert(nitems(iwm_nvm_channels) <= IWM_NUM_CHANNELS,
202 "IWM_NUM_CHANNELS is too small");
204 const uint8_t iwm_nvm_channels_8000[] = {
206 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
208 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92,
209 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144,
210 149, 153, 157, 161, 165, 169, 173, 177, 181
212 _Static_assert(nitems(iwm_nvm_channels_8000) <= IWM_NUM_CHANNELS_8000,
213 "IWM_NUM_CHANNELS_8000 is too small");
215 #define IWM_NUM_2GHZ_CHANNELS 14
216 #define IWM_N_HW_ADDR_MASK 0xF
219 * XXX For now, there's simply a fixed set of rate table entries
220 * that are populated.
222 const struct iwm_rate {
226 { 2, IWM_RATE_1M_PLCP },
227 { 4, IWM_RATE_2M_PLCP },
228 { 11, IWM_RATE_5M_PLCP },
229 { 22, IWM_RATE_11M_PLCP },
230 { 12, IWM_RATE_6M_PLCP },
231 { 18, IWM_RATE_9M_PLCP },
232 { 24, IWM_RATE_12M_PLCP },
233 { 36, IWM_RATE_18M_PLCP },
234 { 48, IWM_RATE_24M_PLCP },
235 { 72, IWM_RATE_36M_PLCP },
236 { 96, IWM_RATE_48M_PLCP },
237 { 108, IWM_RATE_54M_PLCP },
239 #define IWM_RIDX_CCK 0
240 #define IWM_RIDX_OFDM 4
241 #define IWM_RIDX_MAX (nitems(iwm_rates)-1)
242 #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
243 #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
245 struct iwm_nvm_section {
250 static int iwm_store_cscheme(struct iwm_softc *, const uint8_t *, size_t);
251 static int iwm_firmware_store_section(struct iwm_softc *,
253 const uint8_t *, size_t);
254 static int iwm_set_default_calib(struct iwm_softc *, const void *);
255 static void iwm_fw_info_free(struct iwm_fw_info *);
256 static int iwm_read_firmware(struct iwm_softc *, enum iwm_ucode_type);
257 #if !defined(__DragonFly__)
258 static void iwm_dma_map_addr(void *, bus_dma_segment_t *, int, int);
260 static int iwm_dma_contig_alloc(bus_dma_tag_t, struct iwm_dma_info *,
261 bus_size_t, bus_size_t);
262 static void iwm_dma_contig_free(struct iwm_dma_info *);
263 static int iwm_alloc_fwmem(struct iwm_softc *);
264 static void iwm_free_fwmem(struct iwm_softc *);
265 static int iwm_alloc_sched(struct iwm_softc *);
266 static void iwm_free_sched(struct iwm_softc *);
267 static int iwm_alloc_kw(struct iwm_softc *);
268 static void iwm_free_kw(struct iwm_softc *);
269 static int iwm_alloc_ict(struct iwm_softc *);
270 static void iwm_free_ict(struct iwm_softc *);
271 static int iwm_alloc_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
272 static void iwm_disable_rx_dma(struct iwm_softc *);
273 static void iwm_reset_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
274 static void iwm_free_rx_ring(struct iwm_softc *, struct iwm_rx_ring *);
275 static int iwm_alloc_tx_ring(struct iwm_softc *, struct iwm_tx_ring *,
277 static void iwm_reset_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
278 static void iwm_free_tx_ring(struct iwm_softc *, struct iwm_tx_ring *);
279 static void iwm_enable_interrupts(struct iwm_softc *);
280 static void iwm_restore_interrupts(struct iwm_softc *);
281 static void iwm_disable_interrupts(struct iwm_softc *);
282 static void iwm_ict_reset(struct iwm_softc *);
283 static int iwm_allow_mcast(struct ieee80211vap *, struct iwm_softc *);
284 static void iwm_stop_device(struct iwm_softc *);
285 static void iwm_mvm_nic_config(struct iwm_softc *);
286 static int iwm_nic_rx_init(struct iwm_softc *);
287 static int iwm_nic_tx_init(struct iwm_softc *);
288 static int iwm_nic_init(struct iwm_softc *);
289 static int iwm_enable_txq(struct iwm_softc *, int, int, int);
290 static int iwm_post_alive(struct iwm_softc *);
291 static int iwm_nvm_read_chunk(struct iwm_softc *, uint16_t, uint16_t,
292 uint16_t, uint8_t *, uint16_t *);
293 static int iwm_nvm_read_section(struct iwm_softc *, uint16_t, uint8_t *,
295 static uint32_t iwm_eeprom_channel_flags(uint16_t);
296 static void iwm_add_channel_band(struct iwm_softc *,
297 struct ieee80211_channel[], int, int *, int, size_t,
299 static void iwm_init_channel_map(struct ieee80211com *, int, int *,
300 struct ieee80211_channel[]);
301 static int iwm_parse_nvm_data(struct iwm_softc *, const uint16_t *,
302 const uint16_t *, const uint16_t *,
303 const uint16_t *, const uint16_t *,
305 static void iwm_set_hw_address_8000(struct iwm_softc *,
306 struct iwm_nvm_data *,
307 const uint16_t *, const uint16_t *);
308 static int iwm_get_sku(const struct iwm_softc *, const uint16_t *,
310 static int iwm_get_nvm_version(const struct iwm_softc *, const uint16_t *);
311 static int iwm_get_radio_cfg(const struct iwm_softc *, const uint16_t *,
313 static int iwm_get_n_hw_addrs(const struct iwm_softc *,
315 static void iwm_set_radio_cfg(const struct iwm_softc *,
316 struct iwm_nvm_data *, uint32_t);
317 static int iwm_parse_nvm_sections(struct iwm_softc *,
318 struct iwm_nvm_section *);
319 static int iwm_nvm_init(struct iwm_softc *);
320 static int iwm_firmware_load_sect(struct iwm_softc *, uint32_t,
321 const uint8_t *, uint32_t);
322 static int iwm_firmware_load_chunk(struct iwm_softc *, uint32_t,
323 const uint8_t *, uint32_t);
324 static int iwm_load_firmware_7000(struct iwm_softc *, enum iwm_ucode_type);
325 static int iwm_load_cpu_sections_8000(struct iwm_softc *,
326 struct iwm_fw_sects *, int , int *);
327 static int iwm_load_firmware_8000(struct iwm_softc *, enum iwm_ucode_type);
328 static int iwm_load_firmware(struct iwm_softc *, enum iwm_ucode_type);
329 static int iwm_start_fw(struct iwm_softc *, enum iwm_ucode_type);
330 static int iwm_send_tx_ant_cfg(struct iwm_softc *, uint8_t);
331 static int iwm_send_phy_cfg_cmd(struct iwm_softc *);
332 static int iwm_mvm_load_ucode_wait_alive(struct iwm_softc *,
333 enum iwm_ucode_type);
334 static int iwm_run_init_mvm_ucode(struct iwm_softc *, int);
335 static int iwm_rx_addbuf(struct iwm_softc *, int, int);
336 static int iwm_mvm_calc_rssi(struct iwm_softc *, struct iwm_rx_phy_info *);
337 static int iwm_mvm_get_signal_strength(struct iwm_softc *,
338 struct iwm_rx_phy_info *);
339 static void iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *,
340 struct iwm_rx_packet *,
341 struct iwm_rx_data *);
342 static int iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *);
343 static void iwm_mvm_rx_rx_mpdu(struct iwm_softc *, struct iwm_rx_packet *,
344 struct iwm_rx_data *);
345 static int iwm_mvm_rx_tx_cmd_single(struct iwm_softc *,
346 struct iwm_rx_packet *,
348 static void iwm_mvm_rx_tx_cmd(struct iwm_softc *, struct iwm_rx_packet *,
349 struct iwm_rx_data *);
350 static void iwm_cmd_done(struct iwm_softc *, struct iwm_rx_packet *);
352 static void iwm_update_sched(struct iwm_softc *, int, int, uint8_t,
355 static const struct iwm_rate *
356 iwm_tx_fill_cmd(struct iwm_softc *, struct iwm_node *,
357 struct ieee80211_frame *, struct iwm_tx_cmd *);
358 static int iwm_tx(struct iwm_softc *, struct mbuf *,
359 struct ieee80211_node *, int);
360 static int iwm_raw_xmit(struct ieee80211_node *, struct mbuf *,
361 const struct ieee80211_bpf_params *);
362 static int iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *,
363 struct iwm_mvm_add_sta_cmd_v7 *,
365 static int iwm_mvm_sta_send_to_fw(struct iwm_softc *, struct iwm_node *,
367 static int iwm_mvm_add_sta(struct iwm_softc *, struct iwm_node *);
368 static int iwm_mvm_update_sta(struct iwm_softc *, struct iwm_node *);
369 static int iwm_mvm_add_int_sta_common(struct iwm_softc *,
370 struct iwm_int_sta *,
371 const uint8_t *, uint16_t, uint16_t);
372 static int iwm_mvm_add_aux_sta(struct iwm_softc *);
373 static int iwm_mvm_update_quotas(struct iwm_softc *, struct iwm_node *);
374 static int iwm_auth(struct ieee80211vap *, struct iwm_softc *);
375 static int iwm_assoc(struct ieee80211vap *, struct iwm_softc *);
376 static int iwm_release(struct iwm_softc *, struct iwm_node *);
377 static struct ieee80211_node *
378 iwm_node_alloc(struct ieee80211vap *,
379 const uint8_t[IEEE80211_ADDR_LEN]);
380 static void iwm_setrates(struct iwm_softc *, struct iwm_node *);
381 static int iwm_media_change(struct ifnet *);
382 static int iwm_newstate(struct ieee80211vap *, enum ieee80211_state, int);
383 static void iwm_endscan_cb(void *, int);
384 static void iwm_mvm_fill_sf_command(struct iwm_softc *,
385 struct iwm_sf_cfg_cmd *,
386 struct ieee80211_node *);
387 static int iwm_mvm_sf_config(struct iwm_softc *, enum iwm_sf_state);
388 static int iwm_send_bt_init_conf(struct iwm_softc *);
389 static int iwm_send_update_mcc_cmd(struct iwm_softc *, const char *);
390 static void iwm_mvm_tt_tx_backoff(struct iwm_softc *, uint32_t);
391 static int iwm_init_hw(struct iwm_softc *);
392 static void iwm_init(struct iwm_softc *);
393 static void iwm_start(struct iwm_softc *);
394 static void iwm_stop(struct iwm_softc *);
395 static void iwm_watchdog(void *);
396 static void iwm_parent(struct ieee80211com *);
399 iwm_desc_lookup(uint32_t);
400 static void iwm_nic_error(struct iwm_softc *);
401 static void iwm_nic_umac_error(struct iwm_softc *);
403 static void iwm_notif_intr(struct iwm_softc *);
404 static void iwm_intr(void *);
405 static int iwm_attach(device_t);
406 static int iwm_is_valid_ether_addr(uint8_t *);
407 static void iwm_preinit(void *);
408 static int iwm_detach_local(struct iwm_softc *sc, int);
409 static void iwm_init_task(void *);
410 static void iwm_radiotap_attach(struct iwm_softc *);
411 static struct ieee80211vap *
412 iwm_vap_create(struct ieee80211com *,
413 const char [IFNAMSIZ], int,
414 enum ieee80211_opmode, int,
415 const uint8_t [IEEE80211_ADDR_LEN],
416 const uint8_t [IEEE80211_ADDR_LEN]);
417 static void iwm_vap_delete(struct ieee80211vap *);
418 static void iwm_scan_start(struct ieee80211com *);
419 static void iwm_scan_end(struct ieee80211com *);
420 static void iwm_update_mcast(struct ieee80211com *);
421 static void iwm_set_channel(struct ieee80211com *);
422 static void iwm_scan_curchan(struct ieee80211_scan_state *, unsigned long);
423 static void iwm_scan_mindwell(struct ieee80211_scan_state *);
424 static int iwm_detach(device_t);
426 #if defined(__DragonFly__)
427 static int iwm_msi_enable = 1;
429 TUNABLE_INT("hw.iwm.msi.enable", &iwm_msi_enable);
438 iwm_store_cscheme(struct iwm_softc *sc, const uint8_t *data, size_t dlen)
440 const struct iwm_fw_cscheme_list *l = (const void *)data;
442 if (dlen < sizeof(*l) ||
443 dlen < sizeof(l->size) + l->size * sizeof(*l->cs))
446 /* we don't actually store anything for now, always use s/w crypto */
452 iwm_firmware_store_section(struct iwm_softc *sc,
453 enum iwm_ucode_type type, const uint8_t *data, size_t dlen)
455 struct iwm_fw_sects *fws;
456 struct iwm_fw_onesect *fwone;
458 if (type >= IWM_UCODE_TYPE_MAX)
460 if (dlen < sizeof(uint32_t))
463 fws = &sc->sc_fw.fw_sects[type];
464 if (fws->fw_count >= IWM_UCODE_SECT_MAX)
467 fwone = &fws->fw_sect[fws->fw_count];
469 /* first 32bit are device load offset */
470 memcpy(&fwone->fws_devoff, data, sizeof(uint32_t));
473 fwone->fws_data = data + sizeof(uint32_t);
474 fwone->fws_len = dlen - sizeof(uint32_t);
477 fws->fw_totlen += fwone->fws_len;
482 struct iwm_tlv_calib_data {
484 struct iwm_tlv_calib_ctrl calib;
488 iwm_set_default_calib(struct iwm_softc *sc, const void *data)
490 const struct iwm_tlv_calib_data *def_calib = data;
491 uint32_t ucode_type = le32toh(def_calib->ucode_type);
493 if (ucode_type >= IWM_UCODE_TYPE_MAX) {
494 device_printf(sc->sc_dev,
495 "Wrong ucode_type %u for default "
496 "calibration.\n", ucode_type);
500 sc->sc_default_calib[ucode_type].flow_trigger =
501 def_calib->calib.flow_trigger;
502 sc->sc_default_calib[ucode_type].event_trigger =
503 def_calib->calib.event_trigger;
509 iwm_fw_info_free(struct iwm_fw_info *fw)
511 firmware_put(fw->fw_fp, FIRMWARE_UNLOAD);
513 /* don't touch fw->fw_status */
514 memset(fw->fw_sects, 0, sizeof(fw->fw_sects));
518 iwm_read_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
520 struct iwm_fw_info *fw = &sc->sc_fw;
521 const struct iwm_tlv_ucode_header *uhdr;
522 struct iwm_ucode_tlv tlv;
523 enum iwm_ucode_tlv_type tlv_type;
524 const struct firmware *fwp;
529 if (fw->fw_status == IWM_FW_STATUS_DONE &&
530 ucode_type != IWM_UCODE_TYPE_INIT)
533 while (fw->fw_status == IWM_FW_STATUS_INPROGRESS) {
534 #if defined(__DragonFly__)
535 lksleep(&sc->sc_fw, &sc->sc_lk, 0, "iwmfwp", 0);
537 msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfwp", 0);
540 fw->fw_status = IWM_FW_STATUS_INPROGRESS;
542 if (fw->fw_fp != NULL)
543 iwm_fw_info_free(fw);
546 * Load firmware into driver memory.
550 fwp = firmware_get(sc->sc_fwname);
553 device_printf(sc->sc_dev,
554 "could not read firmware %s (error %d)\n",
555 sc->sc_fwname, error);
560 /* (Re-)Initialize default values. */
561 sc->sc_capaflags = 0;
562 sc->sc_capa_n_scan_channels = IWM_MAX_NUM_SCAN_CHANNELS;
563 memset(sc->sc_enabled_capa, 0, sizeof(sc->sc_enabled_capa));
564 memset(sc->sc_fw_mcc, 0, sizeof(sc->sc_fw_mcc));
567 * Parse firmware contents
570 uhdr = (const void *)fw->fw_fp->data;
571 if (*(const uint32_t *)fw->fw_fp->data != 0
572 || le32toh(uhdr->magic) != IWM_TLV_UCODE_MAGIC) {
573 device_printf(sc->sc_dev, "invalid firmware %s\n",
579 ksnprintf(sc->sc_fwver, sizeof(sc->sc_fwver), "%d.%d (API ver %d)",
580 IWM_UCODE_MAJOR(le32toh(uhdr->ver)),
581 IWM_UCODE_MINOR(le32toh(uhdr->ver)),
582 IWM_UCODE_API(le32toh(uhdr->ver)));
584 len = fw->fw_fp->datasize - sizeof(*uhdr);
586 while (len >= sizeof(tlv)) {
588 const void *tlv_data;
590 memcpy(&tlv, data, sizeof(tlv));
591 tlv_len = le32toh(tlv.length);
592 tlv_type = le32toh(tlv.type);
599 device_printf(sc->sc_dev,
600 "firmware too short: %zu bytes\n",
606 switch ((int)tlv_type) {
607 case IWM_UCODE_TLV_PROBE_MAX_LEN:
608 if (tlv_len < sizeof(uint32_t)) {
609 device_printf(sc->sc_dev,
610 "%s: PROBE_MAX_LEN (%d) < sizeof(uint32_t)\n",
616 sc->sc_capa_max_probe_len
617 = le32toh(*(const uint32_t *)tlv_data);
618 /* limit it to something sensible */
619 if (sc->sc_capa_max_probe_len >
620 IWM_SCAN_OFFLOAD_PROBE_REQ_SIZE) {
621 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
622 "%s: IWM_UCODE_TLV_PROBE_MAX_LEN "
623 "ridiculous\n", __func__);
628 case IWM_UCODE_TLV_PAN:
630 device_printf(sc->sc_dev,
631 "%s: IWM_UCODE_TLV_PAN: tlv_len (%d) > 0\n",
637 sc->sc_capaflags |= IWM_UCODE_TLV_FLAGS_PAN;
639 case IWM_UCODE_TLV_FLAGS:
640 if (tlv_len < sizeof(uint32_t)) {
641 device_printf(sc->sc_dev,
642 "%s: IWM_UCODE_TLV_FLAGS: tlv_len (%d) < sizeof(uint32_t)\n",
649 * Apparently there can be many flags, but Linux driver
650 * parses only the first one, and so do we.
652 * XXX: why does this override IWM_UCODE_TLV_PAN?
653 * Intentional or a bug? Observations from
654 * current firmware file:
655 * 1) TLV_PAN is parsed first
656 * 2) TLV_FLAGS contains TLV_FLAGS_PAN
657 * ==> this resets TLV_PAN to itself... hnnnk
659 sc->sc_capaflags = le32toh(*(const uint32_t *)tlv_data);
661 case IWM_UCODE_TLV_CSCHEME:
662 if ((error = iwm_store_cscheme(sc,
663 tlv_data, tlv_len)) != 0) {
664 device_printf(sc->sc_dev,
665 "%s: iwm_store_cscheme(): returned %d\n",
671 case IWM_UCODE_TLV_NUM_OF_CPU: {
673 if (tlv_len != sizeof(uint32_t)) {
674 device_printf(sc->sc_dev,
675 "%s: IWM_UCODE_TLV_NUM_OF_CPU: tlv_len (%d) < sizeof(uint32_t)\n",
681 num_cpu = le32toh(*(const uint32_t *)tlv_data);
682 if (num_cpu < 1 || num_cpu > 2) {
683 device_printf(sc->sc_dev,
684 "%s: Driver supports only 1 or 2 CPUs\n",
691 case IWM_UCODE_TLV_SEC_RT:
692 if ((error = iwm_firmware_store_section(sc,
693 IWM_UCODE_TYPE_REGULAR, tlv_data, tlv_len)) != 0) {
694 device_printf(sc->sc_dev,
695 "%s: IWM_UCODE_TYPE_REGULAR: iwm_firmware_store_section() failed; %d\n",
701 case IWM_UCODE_TLV_SEC_INIT:
702 if ((error = iwm_firmware_store_section(sc,
703 IWM_UCODE_TYPE_INIT, tlv_data, tlv_len)) != 0) {
704 device_printf(sc->sc_dev,
705 "%s: IWM_UCODE_TYPE_INIT: iwm_firmware_store_section() failed; %d\n",
711 case IWM_UCODE_TLV_SEC_WOWLAN:
712 if ((error = iwm_firmware_store_section(sc,
713 IWM_UCODE_TYPE_WOW, tlv_data, tlv_len)) != 0) {
714 device_printf(sc->sc_dev,
715 "%s: IWM_UCODE_TYPE_WOW: iwm_firmware_store_section() failed; %d\n",
721 case IWM_UCODE_TLV_DEF_CALIB:
722 if (tlv_len != sizeof(struct iwm_tlv_calib_data)) {
723 device_printf(sc->sc_dev,
724 "%s: IWM_UCODE_TLV_DEV_CALIB: tlv_len (%d) < sizeof(iwm_tlv_calib_data) (%d)\n",
727 (int) sizeof(struct iwm_tlv_calib_data));
731 if ((error = iwm_set_default_calib(sc, tlv_data)) != 0) {
732 device_printf(sc->sc_dev,
733 "%s: iwm_set_default_calib() failed: %d\n",
739 case IWM_UCODE_TLV_PHY_SKU:
740 if (tlv_len != sizeof(uint32_t)) {
742 device_printf(sc->sc_dev,
743 "%s: IWM_UCODE_TLV_PHY_SKU: tlv_len (%d) < sizeof(uint32_t)\n",
748 sc->sc_fw_phy_config =
749 le32toh(*(const uint32_t *)tlv_data);
752 case IWM_UCODE_TLV_API_CHANGES_SET: {
753 const struct iwm_ucode_api *api;
754 if (tlv_len != sizeof(*api)) {
758 api = (const struct iwm_ucode_api *)tlv_data;
759 /* Flags may exceed 32 bits in future firmware. */
760 if (le32toh(api->api_index) > 0) {
761 device_printf(sc->sc_dev,
762 "unsupported API index %d\n",
763 le32toh(api->api_index));
766 sc->sc_ucode_api = le32toh(api->api_flags);
770 case IWM_UCODE_TLV_ENABLED_CAPABILITIES: {
771 const struct iwm_ucode_capa *capa;
773 if (tlv_len != sizeof(*capa)) {
777 capa = (const struct iwm_ucode_capa *)tlv_data;
778 idx = le32toh(capa->api_index);
779 if (idx >= howmany(IWM_NUM_UCODE_TLV_CAPA, 32)) {
780 device_printf(sc->sc_dev,
781 "unsupported API index %d\n", idx);
784 for (i = 0; i < 32; i++) {
785 if ((le32toh(capa->api_capa) & (1U << i)) == 0)
787 setbit(sc->sc_enabled_capa, i + (32 * idx));
792 case 48: /* undocumented TLV */
793 case IWM_UCODE_TLV_SDIO_ADMA_ADDR:
794 case IWM_UCODE_TLV_FW_GSCAN_CAPA:
795 /* ignore, not used by current driver */
798 case IWM_UCODE_TLV_SEC_RT_USNIFFER:
799 if ((error = iwm_firmware_store_section(sc,
800 IWM_UCODE_TYPE_REGULAR_USNIFFER, tlv_data,
805 case IWM_UCODE_TLV_N_SCAN_CHANNELS:
806 if (tlv_len != sizeof(uint32_t)) {
810 sc->sc_capa_n_scan_channels =
811 le32toh(*(const uint32_t *)tlv_data);
814 case IWM_UCODE_TLV_FW_VERSION:
815 if (tlv_len != sizeof(uint32_t) * 3) {
819 ksnprintf(sc->sc_fwver, sizeof(sc->sc_fwver),
821 le32toh(((const uint32_t *)tlv_data)[0]),
822 le32toh(((const uint32_t *)tlv_data)[1]),
823 le32toh(((const uint32_t *)tlv_data)[2]));
827 device_printf(sc->sc_dev,
828 "%s: unknown firmware section %d, abort\n",
834 len -= roundup(tlv_len, 4);
835 data += roundup(tlv_len, 4);
838 KASSERT(error == 0, ("unhandled error"));
842 device_printf(sc->sc_dev, "firmware parse error %d, "
843 "section type %d\n", error, tlv_type);
846 if (!(sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_PM_CMD_SUPPORT)) {
847 device_printf(sc->sc_dev,
848 "device uses unsupported power ops\n");
854 fw->fw_status = IWM_FW_STATUS_NONE;
855 if (fw->fw_fp != NULL)
856 iwm_fw_info_free(fw);
858 fw->fw_status = IWM_FW_STATUS_DONE;
865 * DMA resource routines
868 #if !defined(__DragonFly__)
870 iwm_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error)
874 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs));
875 *(bus_addr_t *)arg = segs[0].ds_addr;
880 iwm_dma_contig_alloc(bus_dma_tag_t tag, struct iwm_dma_info *dma,
881 bus_size_t size, bus_size_t alignment)
890 #if defined(__DragonFly__)
892 error = bus_dmamem_coherent(tag, alignment, 0,
893 BUS_SPACE_MAXADDR_32BIT,
895 size, BUS_DMA_NOWAIT, &dmem);
899 dma->tag = dmem.dmem_tag;
900 dma->map = dmem.dmem_map;
901 dma->vaddr = dmem.dmem_addr;
902 dma->paddr = dmem.dmem_busaddr;
904 error = bus_dma_tag_create(tag, alignment,
905 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size,
906 1, size, 0, NULL, NULL, &dma->tag);
910 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr,
911 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map);
915 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size,
916 iwm_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT);
918 bus_dmamem_free(dma->tag, dma->vaddr, dma->map);
924 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
929 iwm_dma_contig_free(dma);
935 iwm_dma_contig_free(struct iwm_dma_info *dma)
937 if (dma->vaddr != NULL) {
938 bus_dmamap_sync(dma->tag, dma->map,
939 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
940 bus_dmamap_unload(dma->tag, dma->map);
941 bus_dmamem_free(dma->tag, dma->vaddr, dma->map);
944 if (dma->tag != NULL) {
945 bus_dma_tag_destroy(dma->tag);
950 /* fwmem is used to load firmware onto the card */
952 iwm_alloc_fwmem(struct iwm_softc *sc)
954 /* Must be aligned on a 16-byte boundary. */
955 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->fw_dma,
956 sc->sc_fwdmasegsz, 16);
960 iwm_free_fwmem(struct iwm_softc *sc)
962 iwm_dma_contig_free(&sc->fw_dma);
965 /* tx scheduler rings. not used? */
967 iwm_alloc_sched(struct iwm_softc *sc)
969 /* TX scheduler rings must be aligned on a 1KB boundary. */
970 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->sched_dma,
971 nitems(sc->txq) * sizeof(struct iwm_agn_scd_bc_tbl), 1024);
975 iwm_free_sched(struct iwm_softc *sc)
977 iwm_dma_contig_free(&sc->sched_dma);
980 /* keep-warm page is used internally by the card. see iwl-fh.h for more info */
982 iwm_alloc_kw(struct iwm_softc *sc)
984 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->kw_dma, 4096, 4096);
988 iwm_free_kw(struct iwm_softc *sc)
990 iwm_dma_contig_free(&sc->kw_dma);
993 /* interrupt cause table */
995 iwm_alloc_ict(struct iwm_softc *sc)
997 return iwm_dma_contig_alloc(sc->sc_dmat, &sc->ict_dma,
998 IWM_ICT_SIZE, 1<<IWM_ICT_PADDR_SHIFT);
1002 iwm_free_ict(struct iwm_softc *sc)
1004 iwm_dma_contig_free(&sc->ict_dma);
1008 iwm_alloc_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1015 /* Allocate RX descriptors (256-byte aligned). */
1016 size = IWM_RX_RING_COUNT * sizeof(uint32_t);
1017 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1019 device_printf(sc->sc_dev,
1020 "could not allocate RX ring DMA memory\n");
1023 ring->desc = ring->desc_dma.vaddr;
1025 /* Allocate RX status area (16-byte aligned). */
1026 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->stat_dma,
1027 sizeof(*ring->stat), 16);
1029 device_printf(sc->sc_dev,
1030 "could not allocate RX status DMA memory\n");
1033 ring->stat = ring->stat_dma.vaddr;
1035 /* Create RX buffer DMA tag. */
1036 #if defined(__DragonFly__)
1037 error = bus_dma_tag_create(sc->sc_dmat, PAGE_SIZE,
1039 BUS_SPACE_MAXADDR_32BIT,
1042 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE,
1043 BUS_DMA_NOWAIT, &ring->data_dmat);
1045 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
1046 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
1047 IWM_RBUF_SIZE, 1, IWM_RBUF_SIZE, 0, NULL, NULL, &ring->data_dmat);
1050 device_printf(sc->sc_dev,
1051 "%s: could not create RX buf DMA tag, error %d\n",
1056 /* Allocate spare bus_dmamap_t for iwm_rx_addbuf() */
1057 error = bus_dmamap_create(ring->data_dmat, 0, &ring->spare_map);
1059 device_printf(sc->sc_dev,
1060 "%s: could not create RX buf DMA map, error %d\n",
1065 * Allocate and map RX buffers.
1067 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1068 struct iwm_rx_data *data = &ring->data[i];
1069 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1071 device_printf(sc->sc_dev,
1072 "%s: could not create RX buf DMA map, error %d\n",
1078 if ((error = iwm_rx_addbuf(sc, IWM_RBUF_SIZE, i)) != 0) {
1084 fail: iwm_free_rx_ring(sc, ring);
1089 iwm_disable_rx_dma(struct iwm_softc *sc)
1091 /* XXX conditional nic locks are stupid */
1092 /* XXX print out if we can't lock the NIC? */
1093 if (iwm_nic_lock(sc)) {
1094 /* XXX handle if RX stop doesn't finish? */
1095 (void) iwm_pcie_rx_stop(sc);
1101 iwm_reset_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1103 /* Reset the ring state */
1107 * The hw rx ring index in shared memory must also be cleared,
1108 * otherwise the discrepancy can cause reprocessing chaos.
1110 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1114 iwm_free_rx_ring(struct iwm_softc *sc, struct iwm_rx_ring *ring)
1118 iwm_dma_contig_free(&ring->desc_dma);
1119 iwm_dma_contig_free(&ring->stat_dma);
1121 for (i = 0; i < IWM_RX_RING_COUNT; i++) {
1122 struct iwm_rx_data *data = &ring->data[i];
1124 if (data->m != NULL) {
1125 bus_dmamap_sync(ring->data_dmat, data->map,
1126 BUS_DMASYNC_POSTREAD);
1127 bus_dmamap_unload(ring->data_dmat, data->map);
1131 if (data->map != NULL) {
1132 bus_dmamap_destroy(ring->data_dmat, data->map);
1136 if (ring->spare_map != NULL) {
1137 bus_dmamap_destroy(ring->data_dmat, ring->spare_map);
1138 ring->spare_map = NULL;
1140 if (ring->data_dmat != NULL) {
1141 bus_dma_tag_destroy(ring->data_dmat);
1142 ring->data_dmat = NULL;
1147 iwm_alloc_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring, int qid)
1159 /* Allocate TX descriptors (256-byte aligned). */
1160 size = IWM_TX_RING_COUNT * sizeof (struct iwm_tfd);
1161 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->desc_dma, size, 256);
1163 device_printf(sc->sc_dev,
1164 "could not allocate TX ring DMA memory\n");
1167 ring->desc = ring->desc_dma.vaddr;
1170 * We only use rings 0 through 9 (4 EDCA + cmd) so there is no need
1171 * to allocate commands space for other rings.
1173 if (qid > IWM_MVM_CMD_QUEUE)
1176 size = IWM_TX_RING_COUNT * sizeof(struct iwm_device_cmd);
1177 error = iwm_dma_contig_alloc(sc->sc_dmat, &ring->cmd_dma, size, 4);
1179 device_printf(sc->sc_dev,
1180 "could not allocate TX cmd DMA memory\n");
1183 ring->cmd = ring->cmd_dma.vaddr;
1185 /* FW commands may require more mapped space than packets. */
1186 if (qid == IWM_MVM_CMD_QUEUE) {
1187 maxsize = IWM_RBUF_SIZE;
1191 nsegments = IWM_MAX_SCATTER - 2;
1194 #if defined(__DragonFly__)
1195 error = bus_dma_tag_create(sc->sc_dmat, PAGE_SIZE,
1197 BUS_SPACE_MAXADDR_32BIT,
1200 maxsize, nsegments, maxsize,
1201 BUS_DMA_NOWAIT, &ring->data_dmat);
1203 error = bus_dma_tag_create(sc->sc_dmat, 1, 0,
1204 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, maxsize,
1205 nsegments, maxsize, 0, NULL, NULL, &ring->data_dmat);
1208 device_printf(sc->sc_dev, "could not create TX buf DMA tag\n");
1212 paddr = ring->cmd_dma.paddr;
1213 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1214 struct iwm_tx_data *data = &ring->data[i];
1216 data->cmd_paddr = paddr;
1217 data->scratch_paddr = paddr + sizeof(struct iwm_cmd_header)
1218 + offsetof(struct iwm_tx_cmd, scratch);
1219 paddr += sizeof(struct iwm_device_cmd);
1221 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1223 device_printf(sc->sc_dev,
1224 "could not create TX buf DMA map\n");
1228 KASSERT(paddr == ring->cmd_dma.paddr + size,
1229 ("invalid physical address"));
1232 fail: iwm_free_tx_ring(sc, ring);
1237 iwm_reset_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1241 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1242 struct iwm_tx_data *data = &ring->data[i];
1244 if (data->m != NULL) {
1245 bus_dmamap_sync(ring->data_dmat, data->map,
1246 BUS_DMASYNC_POSTWRITE);
1247 bus_dmamap_unload(ring->data_dmat, data->map);
1252 /* Clear TX descriptors. */
1253 memset(ring->desc, 0, ring->desc_dma.size);
1254 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1255 BUS_DMASYNC_PREWRITE);
1256 sc->qfullmsk &= ~(1 << ring->qid);
1262 iwm_free_tx_ring(struct iwm_softc *sc, struct iwm_tx_ring *ring)
1266 iwm_dma_contig_free(&ring->desc_dma);
1267 iwm_dma_contig_free(&ring->cmd_dma);
1269 for (i = 0; i < IWM_TX_RING_COUNT; i++) {
1270 struct iwm_tx_data *data = &ring->data[i];
1272 if (data->m != NULL) {
1273 bus_dmamap_sync(ring->data_dmat, data->map,
1274 BUS_DMASYNC_POSTWRITE);
1275 bus_dmamap_unload(ring->data_dmat, data->map);
1279 if (data->map != NULL) {
1280 bus_dmamap_destroy(ring->data_dmat, data->map);
1284 if (ring->data_dmat != NULL) {
1285 bus_dma_tag_destroy(ring->data_dmat);
1286 ring->data_dmat = NULL;
1291 * High-level hardware frobbing routines
1295 iwm_enable_interrupts(struct iwm_softc *sc)
1297 sc->sc_intmask = IWM_CSR_INI_SET_MASK;
1298 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1302 iwm_restore_interrupts(struct iwm_softc *sc)
1304 IWM_WRITE(sc, IWM_CSR_INT_MASK, sc->sc_intmask);
1308 iwm_disable_interrupts(struct iwm_softc *sc)
1310 /* disable interrupts */
1311 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
1313 /* acknowledge all interrupts */
1314 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1315 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, ~0);
1319 iwm_ict_reset(struct iwm_softc *sc)
1321 iwm_disable_interrupts(sc);
1323 /* Reset ICT table. */
1324 memset(sc->ict_dma.vaddr, 0, IWM_ICT_SIZE);
1327 /* Set physical address of ICT table (4KB aligned). */
1328 IWM_WRITE(sc, IWM_CSR_DRAM_INT_TBL_REG,
1329 IWM_CSR_DRAM_INT_TBL_ENABLE
1330 | IWM_CSR_DRAM_INIT_TBL_WRITE_POINTER
1331 | IWM_CSR_DRAM_INIT_TBL_WRAP_CHECK
1332 | sc->ict_dma.paddr >> IWM_ICT_PADDR_SHIFT);
1334 /* Switch to ICT interrupt mode in driver. */
1335 sc->sc_flags |= IWM_FLAG_USE_ICT;
1337 /* Re-enable interrupts. */
1338 IWM_WRITE(sc, IWM_CSR_INT, ~0);
1339 iwm_enable_interrupts(sc);
1343 * Since this .. hard-resets things, it's time to actually
1344 * mark the first vap (if any) as having no mac context.
1345 * It's annoying, but since the driver is potentially being
1346 * stop/start'ed whilst active (thanks openbsd port!) we
1347 * have to correctly track this.
1350 iwm_stop_device(struct iwm_softc *sc)
1352 struct ieee80211com *ic = &sc->sc_ic;
1353 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1357 /* tell the device to stop sending interrupts */
1358 iwm_disable_interrupts(sc);
1361 * FreeBSD-local: mark the first vap as not-uploaded,
1362 * so the next transition through auth/assoc
1363 * will correctly populate the MAC context.
1366 struct iwm_vap *iv = IWM_VAP(vap);
1367 iv->is_uploaded = 0;
1370 /* device going down, Stop using ICT table */
1371 sc->sc_flags &= ~IWM_FLAG_USE_ICT;
1373 /* stop tx and rx. tx and rx bits, as usual, are from if_iwn */
1375 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1377 if (iwm_nic_lock(sc)) {
1378 /* Stop each Tx DMA channel */
1379 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1381 IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl), 0);
1382 mask |= IWM_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(chnl);
1385 /* Wait for DMA channels to be idle */
1386 if (!iwm_poll_bit(sc, IWM_FH_TSSR_TX_STATUS_REG, mask, mask,
1388 device_printf(sc->sc_dev,
1389 "Failing on timeout while stopping DMA channel: [0x%08x]\n",
1390 IWM_READ(sc, IWM_FH_TSSR_TX_STATUS_REG));
1394 iwm_disable_rx_dma(sc);
1397 iwm_reset_rx_ring(sc, &sc->rxq);
1399 /* Reset all TX rings. */
1400 for (qid = 0; qid < nitems(sc->txq); qid++)
1401 iwm_reset_tx_ring(sc, &sc->txq[qid]);
1404 * Power-down device's busmaster DMA clocks
1406 iwm_write_prph(sc, IWM_APMG_CLK_DIS_REG, IWM_APMG_CLK_VAL_DMA_CLK_RQT);
1409 /* Make sure (redundant) we've released our request to stay awake */
1410 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
1411 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1413 /* Stop the device, and put it in low power state */
1416 /* stop and reset the on-board processor */
1417 IWM_WRITE(sc, IWM_CSR_RESET, IWM_CSR_RESET_REG_FLAG_SW_RESET);
1421 * Upon stop, the APM issues an interrupt if HW RF kill is set.
1422 * This is a bug in certain verions of the hardware.
1423 * Certain devices also keep sending HW RF kill interrupt all
1424 * the time, unless the interrupt is ACKed even if the interrupt
1425 * should be masked. Re-ACK all the interrupts here.
1427 iwm_disable_interrupts(sc);
1430 * Even if we stop the HW, we still want the RF kill
1433 iwm_enable_rfkill_int(sc);
1434 iwm_check_rfkill(sc);
1438 iwm_mvm_nic_config(struct iwm_softc *sc)
1440 uint8_t radio_cfg_type, radio_cfg_step, radio_cfg_dash;
1441 uint32_t reg_val = 0;
1443 radio_cfg_type = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_TYPE) >>
1444 IWM_FW_PHY_CFG_RADIO_TYPE_POS;
1445 radio_cfg_step = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_STEP) >>
1446 IWM_FW_PHY_CFG_RADIO_STEP_POS;
1447 radio_cfg_dash = (sc->sc_fw_phy_config & IWM_FW_PHY_CFG_RADIO_DASH) >>
1448 IWM_FW_PHY_CFG_RADIO_DASH_POS;
1451 reg_val |= IWM_CSR_HW_REV_STEP(sc->sc_hw_rev) <<
1452 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_STEP;
1453 reg_val |= IWM_CSR_HW_REV_DASH(sc->sc_hw_rev) <<
1454 IWM_CSR_HW_IF_CONFIG_REG_POS_MAC_DASH;
1456 /* radio configuration */
1457 reg_val |= radio_cfg_type << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_TYPE;
1458 reg_val |= radio_cfg_step << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_STEP;
1459 reg_val |= radio_cfg_dash << IWM_CSR_HW_IF_CONFIG_REG_POS_PHY_DASH;
1461 IWM_WRITE(sc, IWM_CSR_HW_IF_CONFIG_REG, reg_val);
1463 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1464 "Radio type=0x%x-0x%x-0x%x\n", radio_cfg_type,
1465 radio_cfg_step, radio_cfg_dash);
1468 * W/A : NIC is stuck in a reset state after Early PCIe power off
1469 * (PCIe power is lost before PERST# is asserted), causing ME FW
1470 * to lose ownership and not being able to obtain it back.
1472 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
1473 iwm_set_bits_mask_prph(sc, IWM_APMG_PS_CTRL_REG,
1474 IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS,
1475 ~IWM_APMG_PS_CTRL_EARLY_PWR_OFF_RESET_DIS);
1480 iwm_nic_rx_init(struct iwm_softc *sc)
1482 if (!iwm_nic_lock(sc))
1486 * Initialize RX ring. This is from the iwn driver.
1488 memset(sc->rxq.stat, 0, sizeof(*sc->rxq.stat));
1491 iwm_disable_rx_dma(sc);
1492 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_RBDCB_WPTR, 0);
1493 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_FLUSH_RB_REQ, 0);
1494 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RDPTR, 0);
1495 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
1497 /* Set physical address of RX ring (256-byte aligned). */
1499 IWM_FH_RSCSR_CHNL0_RBDCB_BASE_REG, sc->rxq.desc_dma.paddr >> 8);
1501 /* Set physical address of RX status (16-byte aligned). */
1503 IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG, sc->rxq.stat_dma.paddr >> 4);
1505 #if defined(__DragonFly__)
1506 /* Force serialization (probably not needed but don't trust the HW) */
1507 IWM_READ(sc, IWM_FH_RSCSR_CHNL0_STTS_WPTR_REG);
1511 IWM_WRITE(sc, IWM_FH_MEM_RCSR_CHNL0_CONFIG_REG,
1512 IWM_FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
1513 IWM_FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY | /* HW bug */
1514 IWM_FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
1515 IWM_FH_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK |
1516 (IWM_RX_RB_TIMEOUT << IWM_FH_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS) |
1517 IWM_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
1518 IWM_RX_QUEUE_SIZE_LOG << IWM_FH_RCSR_RX_CONFIG_RBDCB_SIZE_POS);
1520 IWM_WRITE_1(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_TIMEOUT_DEF);
1522 /* W/A for interrupt coalescing bug in 7260 and 3160 */
1523 if (sc->host_interrupt_operation_mode)
1524 IWM_SETBITS(sc, IWM_CSR_INT_COALESCING, IWM_HOST_INT_OPER_MODE);
1527 * Thus sayeth el jefe (iwlwifi) via a comment:
1529 * This value should initially be 0 (before preparing any
1530 * RBs), should be 8 after preparing the first 8 RBs (for example)
1532 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, 8);
1540 iwm_nic_tx_init(struct iwm_softc *sc)
1544 if (!iwm_nic_lock(sc))
1547 /* Deactivate TX scheduler. */
1548 iwm_write_prph(sc, IWM_SCD_TXFACT, 0);
1550 /* Set physical address of "keep warm" page (16-byte aligned). */
1551 IWM_WRITE(sc, IWM_FH_KW_MEM_ADDR_REG, sc->kw_dma.paddr >> 4);
1553 /* Initialize TX rings. */
1554 for (qid = 0; qid < nitems(sc->txq); qid++) {
1555 struct iwm_tx_ring *txq = &sc->txq[qid];
1557 /* Set physical address of TX ring (256-byte aligned). */
1558 IWM_WRITE(sc, IWM_FH_MEM_CBBC_QUEUE(qid),
1559 txq->desc_dma.paddr >> 8);
1560 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
1561 "%s: loading ring %d descriptors (%p) at %lx\n",
1564 (unsigned long) (txq->desc_dma.paddr >> 8));
1567 iwm_write_prph(sc, IWM_SCD_GP_CTRL, IWM_SCD_GP_CTRL_AUTO_ACTIVE_MODE);
1575 iwm_nic_init(struct iwm_softc *sc)
1580 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
1583 iwm_mvm_nic_config(sc);
1585 if ((error = iwm_nic_rx_init(sc)) != 0)
1589 * Ditto for TX, from iwn
1591 if ((error = iwm_nic_tx_init(sc)) != 0)
1594 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1595 "%s: shadow registers enabled\n", __func__);
1596 IWM_SETBITS(sc, IWM_CSR_MAC_SHADOW_REG_CTRL, 0x800fffff);
1601 const uint8_t iwm_mvm_ac_to_tx_fifo[] = {
1609 iwm_enable_txq(struct iwm_softc *sc, int sta_id, int qid, int fifo)
1611 if (!iwm_nic_lock(sc)) {
1612 device_printf(sc->sc_dev,
1613 "%s: cannot enable txq %d\n",
1619 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, qid << 8 | 0);
1621 if (qid == IWM_MVM_CMD_QUEUE) {
1622 /* unactivate before configuration */
1623 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1624 (0 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE)
1625 | (1 << IWM_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
1627 iwm_clear_bits_prph(sc, IWM_SCD_AGGR_SEL, (1 << qid));
1629 iwm_write_prph(sc, IWM_SCD_QUEUE_RDPTR(qid), 0);
1631 iwm_write_mem32(sc, sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid), 0);
1632 /* Set scheduler window size and frame limit. */
1634 sc->sched_base + IWM_SCD_CONTEXT_QUEUE_OFFSET(qid) +
1636 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_POS) &
1637 IWM_SCD_QUEUE_CTX_REG2_WIN_SIZE_MSK) |
1638 ((IWM_FRAME_LIMIT << IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
1639 IWM_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK));
1641 iwm_write_prph(sc, IWM_SCD_QUEUE_STATUS_BITS(qid),
1642 (1 << IWM_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
1643 (fifo << IWM_SCD_QUEUE_STTS_REG_POS_TXF) |
1644 (1 << IWM_SCD_QUEUE_STTS_REG_POS_WSL) |
1645 IWM_SCD_QUEUE_STTS_REG_MSK);
1647 struct iwm_scd_txq_cfg_cmd cmd;
1652 memset(&cmd, 0, sizeof(cmd));
1653 cmd.scd_queue = qid;
1655 cmd.sta_id = sta_id;
1658 cmd.window = IWM_FRAME_LIMIT;
1660 error = iwm_mvm_send_cmd_pdu(sc, IWM_SCD_QUEUE_CFG, IWM_CMD_SYNC,
1663 device_printf(sc->sc_dev,
1664 "cannot enable txq %d\n", qid);
1668 if (!iwm_nic_lock(sc))
1672 iwm_write_prph(sc, IWM_SCD_EN_CTRL,
1673 iwm_read_prph(sc, IWM_SCD_EN_CTRL) | qid);
1677 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: enabled txq %d FIFO %d\n",
1678 __func__, qid, fifo);
1684 iwm_post_alive(struct iwm_softc *sc)
1690 if (!iwm_nic_lock(sc))
1693 base = iwm_read_prph(sc, IWM_SCD_SRAM_BASE_ADDR);
1694 if (sc->sched_base != base) {
1695 device_printf(sc->sc_dev,
1696 "%s: sched addr mismatch: alive: 0x%x prph: 0x%x\n",
1697 __func__, sc->sched_base, base);
1702 /* Clear TX scheduler state in SRAM. */
1703 nwords = (IWM_SCD_TRANS_TBL_MEM_UPPER_BOUND -
1704 IWM_SCD_CONTEXT_MEM_LOWER_BOUND)
1706 error = iwm_write_mem(sc,
1707 sc->sched_base + IWM_SCD_CONTEXT_MEM_LOWER_BOUND,
1712 /* Set physical address of TX scheduler rings (1KB aligned). */
1713 iwm_write_prph(sc, IWM_SCD_DRAM_BASE_ADDR, sc->sched_dma.paddr >> 10);
1715 iwm_write_prph(sc, IWM_SCD_CHAINEXT_EN, 0);
1719 /* enable command channel */
1720 error = iwm_enable_txq(sc, 0 /* unused */, IWM_MVM_CMD_QUEUE, 7);
1724 if (!iwm_nic_lock(sc))
1727 iwm_write_prph(sc, IWM_SCD_TXFACT, 0xff);
1729 /* Enable DMA channels. */
1730 for (chnl = 0; chnl < IWM_FH_TCSR_CHNL_NUM; chnl++) {
1731 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(chnl),
1732 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
1733 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
1736 IWM_SETBITS(sc, IWM_FH_TX_CHICKEN_BITS_REG,
1737 IWM_FH_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
1739 /* Enable L1-Active */
1740 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) {
1741 iwm_clear_bits_prph(sc, IWM_APMG_PCIDEV_STT_REG,
1742 IWM_APMG_PCIDEV_STT_VAL_L1_ACT_DIS);
1751 * NVM read access and content parsing. We do not support
1752 * external NVM or writing NVM.
1756 /* list of NVM sections we are allowed/need to read */
1757 const int nvm_to_read[] = {
1758 IWM_NVM_SECTION_TYPE_HW,
1759 IWM_NVM_SECTION_TYPE_SW,
1760 IWM_NVM_SECTION_TYPE_REGULATORY,
1761 IWM_NVM_SECTION_TYPE_CALIBRATION,
1762 IWM_NVM_SECTION_TYPE_PRODUCTION,
1763 IWM_NVM_SECTION_TYPE_HW_8000,
1764 IWM_NVM_SECTION_TYPE_MAC_OVERRIDE,
1765 IWM_NVM_SECTION_TYPE_PHY_SKU,
1768 /* Default NVM size to read */
1769 #define IWM_NVM_DEFAULT_CHUNK_SIZE (2*1024)
1770 #define IWM_MAX_NVM_SECTION_SIZE 8192
1772 #define IWM_NVM_WRITE_OPCODE 1
1773 #define IWM_NVM_READ_OPCODE 0
1775 /* load nvm chunk response */
1776 #define IWM_READ_NVM_CHUNK_SUCCEED 0
1777 #define IWM_READ_NVM_CHUNK_INVALID_ADDRESS 1
1780 iwm_nvm_read_chunk(struct iwm_softc *sc, uint16_t section,
1781 uint16_t offset, uint16_t length, uint8_t *data, uint16_t *len)
1784 struct iwm_nvm_access_cmd nvm_access_cmd = {
1785 .offset = htole16(offset),
1786 .length = htole16(length),
1787 .type = htole16(section),
1788 .op_code = IWM_NVM_READ_OPCODE,
1790 struct iwm_nvm_access_resp *nvm_resp;
1791 struct iwm_rx_packet *pkt;
1792 struct iwm_host_cmd cmd = {
1793 .id = IWM_NVM_ACCESS_CMD,
1794 .flags = IWM_CMD_SYNC | IWM_CMD_WANT_SKB |
1795 IWM_CMD_SEND_IN_RFKILL,
1796 .data = { &nvm_access_cmd, },
1798 int ret, offset_read;
1802 cmd.len[0] = sizeof(struct iwm_nvm_access_cmd);
1804 ret = iwm_send_cmd(sc, &cmd);
1806 device_printf(sc->sc_dev,
1807 "Could not send NVM_ACCESS command (error=%d)\n", ret);
1812 if (pkt->hdr.flags & IWM_CMD_FAILED_MSK) {
1813 device_printf(sc->sc_dev,
1814 "Bad return from IWM_NVM_ACCES_COMMAND (0x%08X)\n",
1820 /* Extract NVM response */
1821 nvm_resp = (void *)pkt->data;
1823 ret = le16toh(nvm_resp->status);
1824 bytes_read = le16toh(nvm_resp->length);
1825 offset_read = le16toh(nvm_resp->offset);
1826 resp_data = nvm_resp->data;
1828 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1829 "NVM access command failed with status %d\n", ret);
1834 if (offset_read != offset) {
1835 device_printf(sc->sc_dev,
1836 "NVM ACCESS response with invalid offset %d\n",
1842 if (bytes_read > length) {
1843 device_printf(sc->sc_dev,
1844 "NVM ACCESS response with too much data "
1845 "(%d bytes requested, %zd bytes received)\n",
1846 length, bytes_read);
1851 memcpy(data + offset, resp_data, bytes_read);
1855 iwm_free_resp(sc, &cmd);
1860 * Reads an NVM section completely.
1861 * NICs prior to 7000 family don't have a real NVM, but just read
1862 * section 0 which is the EEPROM. Because the EEPROM reading is unlimited
1863 * by uCode, we need to manually check in this case that we don't
1864 * overflow and try to read more than the EEPROM size.
1865 * For 7000 family NICs, we supply the maximal size we can read, and
1866 * the uCode fills the response with as much data as we can,
1867 * without overflowing, so no check is needed.
1870 iwm_nvm_read_section(struct iwm_softc *sc,
1871 uint16_t section, uint8_t *data, uint16_t *len, size_t max_len)
1873 uint16_t chunklen, seglen;
1876 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1877 "reading NVM section %d\n", section);
1879 chunklen = seglen = IWM_NVM_DEFAULT_CHUNK_SIZE;
1882 /* Read NVM chunks until exhausted (reading less than requested) */
1883 while (seglen == chunklen && *len < max_len) {
1884 error = iwm_nvm_read_chunk(sc,
1885 section, *len, chunklen, data, &seglen);
1887 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1888 "Cannot read from NVM section "
1889 "%d at offset %d\n", section, *len);
1895 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
1896 "NVM section %d read completed (%d bytes, error=%d)\n",
1897 section, *len, error);
1901 /* NVM offsets (in words) definitions */
1902 enum iwm_nvm_offsets {
1903 /* NVM HW-Section offset (in words) definitions */
1906 /* NVM SW-Section offset (in words) definitions */
1907 IWM_NVM_SW_SECTION = 0x1C0,
1908 IWM_NVM_VERSION = 0,
1912 IWM_NVM_CHANNELS = 0x1E0 - IWM_NVM_SW_SECTION,
1914 /* NVM calibration section offset (in words) definitions */
1915 IWM_NVM_CALIB_SECTION = 0x2B8,
1916 IWM_XTAL_CALIB = 0x316 - IWM_NVM_CALIB_SECTION
1919 enum iwm_8000_nvm_offsets {
1920 /* NVM HW-Section offset (in words) definitions */
1921 IWM_HW_ADDR0_WFPM_8000 = 0x12,
1922 IWM_HW_ADDR1_WFPM_8000 = 0x16,
1923 IWM_HW_ADDR0_PCIE_8000 = 0x8A,
1924 IWM_HW_ADDR1_PCIE_8000 = 0x8E,
1925 IWM_MAC_ADDRESS_OVERRIDE_8000 = 1,
1927 /* NVM SW-Section offset (in words) definitions */
1928 IWM_NVM_SW_SECTION_8000 = 0x1C0,
1929 IWM_NVM_VERSION_8000 = 0,
1930 IWM_RADIO_CFG_8000 = 0,
1932 IWM_N_HW_ADDRS_8000 = 3,
1934 /* NVM REGULATORY -Section offset (in words) definitions */
1935 IWM_NVM_CHANNELS_8000 = 0,
1936 IWM_NVM_LAR_OFFSET_8000_OLD = 0x4C7,
1937 IWM_NVM_LAR_OFFSET_8000 = 0x507,
1938 IWM_NVM_LAR_ENABLED_8000 = 0x7,
1940 /* NVM calibration section offset (in words) definitions */
1941 IWM_NVM_CALIB_SECTION_8000 = 0x2B8,
1942 IWM_XTAL_CALIB_8000 = 0x316 - IWM_NVM_CALIB_SECTION_8000
1945 /* SKU Capabilities (actual values from NVM definition) */
1947 IWM_NVM_SKU_CAP_BAND_24GHZ = (1 << 0),
1948 IWM_NVM_SKU_CAP_BAND_52GHZ = (1 << 1),
1949 IWM_NVM_SKU_CAP_11N_ENABLE = (1 << 2),
1950 IWM_NVM_SKU_CAP_11AC_ENABLE = (1 << 3),
1953 /* radio config bits (actual values from NVM definition) */
1954 #define IWM_NVM_RF_CFG_DASH_MSK(x) (x & 0x3) /* bits 0-1 */
1955 #define IWM_NVM_RF_CFG_STEP_MSK(x) ((x >> 2) & 0x3) /* bits 2-3 */
1956 #define IWM_NVM_RF_CFG_TYPE_MSK(x) ((x >> 4) & 0x3) /* bits 4-5 */
1957 #define IWM_NVM_RF_CFG_PNUM_MSK(x) ((x >> 6) & 0x3) /* bits 6-7 */
1958 #define IWM_NVM_RF_CFG_TX_ANT_MSK(x) ((x >> 8) & 0xF) /* bits 8-11 */
1959 #define IWM_NVM_RF_CFG_RX_ANT_MSK(x) ((x >> 12) & 0xF) /* bits 12-15 */
1961 #define IWM_NVM_RF_CFG_FLAVOR_MSK_8000(x) (x & 0xF)
1962 #define IWM_NVM_RF_CFG_DASH_MSK_8000(x) ((x >> 4) & 0xF)
1963 #define IWM_NVM_RF_CFG_STEP_MSK_8000(x) ((x >> 8) & 0xF)
1964 #define IWM_NVM_RF_CFG_TYPE_MSK_8000(x) ((x >> 12) & 0xFFF)
1965 #define IWM_NVM_RF_CFG_TX_ANT_MSK_8000(x) ((x >> 24) & 0xF)
1966 #define IWM_NVM_RF_CFG_RX_ANT_MSK_8000(x) ((x >> 28) & 0xF)
1968 #define DEFAULT_MAX_TX_POWER 16
1971 * enum iwm_nvm_channel_flags - channel flags in NVM
1972 * @IWM_NVM_CHANNEL_VALID: channel is usable for this SKU/geo
1973 * @IWM_NVM_CHANNEL_IBSS: usable as an IBSS channel
1974 * @IWM_NVM_CHANNEL_ACTIVE: active scanning allowed
1975 * @IWM_NVM_CHANNEL_RADAR: radar detection required
1976 * XXX cannot find this (DFS) flag in iwl-nvm-parse.c
1977 * @IWM_NVM_CHANNEL_DFS: dynamic freq selection candidate
1978 * @IWM_NVM_CHANNEL_WIDE: 20 MHz channel okay (?)
1979 * @IWM_NVM_CHANNEL_40MHZ: 40 MHz channel okay (?)
1980 * @IWM_NVM_CHANNEL_80MHZ: 80 MHz channel okay (?)
1981 * @IWM_NVM_CHANNEL_160MHZ: 160 MHz channel okay (?)
1983 enum iwm_nvm_channel_flags {
1984 IWM_NVM_CHANNEL_VALID = (1 << 0),
1985 IWM_NVM_CHANNEL_IBSS = (1 << 1),
1986 IWM_NVM_CHANNEL_ACTIVE = (1 << 3),
1987 IWM_NVM_CHANNEL_RADAR = (1 << 4),
1988 IWM_NVM_CHANNEL_DFS = (1 << 7),
1989 IWM_NVM_CHANNEL_WIDE = (1 << 8),
1990 IWM_NVM_CHANNEL_40MHZ = (1 << 9),
1991 IWM_NVM_CHANNEL_80MHZ = (1 << 10),
1992 IWM_NVM_CHANNEL_160MHZ = (1 << 11),
1996 * Translate EEPROM flags to net80211.
1999 iwm_eeprom_channel_flags(uint16_t ch_flags)
2004 if ((ch_flags & IWM_NVM_CHANNEL_ACTIVE) == 0)
2005 nflags |= IEEE80211_CHAN_PASSIVE;
2006 if ((ch_flags & IWM_NVM_CHANNEL_IBSS) == 0)
2007 nflags |= IEEE80211_CHAN_NOADHOC;
2008 if (ch_flags & IWM_NVM_CHANNEL_RADAR) {
2009 nflags |= IEEE80211_CHAN_DFS;
2011 nflags |= IEEE80211_CHAN_NOADHOC;
2018 iwm_add_channel_band(struct iwm_softc *sc, struct ieee80211_channel chans[],
2019 int maxchans, int *nchans, int ch_idx, size_t ch_num,
2020 const uint8_t bands[])
2022 const uint16_t * const nvm_ch_flags = sc->sc_nvm.nvm_ch_flags;
2028 for (; ch_idx < ch_num; ch_idx++) {
2029 ch_flags = le16_to_cpup(nvm_ch_flags + ch_idx);
2030 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
2031 ieee = iwm_nvm_channels[ch_idx];
2033 ieee = iwm_nvm_channels_8000[ch_idx];
2035 if (!(ch_flags & IWM_NVM_CHANNEL_VALID)) {
2036 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
2037 "Ch. %d Flags %x [%sGHz] - No traffic\n",
2039 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
2044 nflags = iwm_eeprom_channel_flags(ch_flags);
2045 error = ieee80211_add_channel(chans, maxchans, nchans,
2046 ieee, 0, 0, nflags, bands);
2050 IWM_DPRINTF(sc, IWM_DEBUG_EEPROM,
2051 "Ch. %d Flags %x [%sGHz] - Added\n",
2053 (ch_idx >= IWM_NUM_2GHZ_CHANNELS) ?
2059 iwm_init_channel_map(struct ieee80211com *ic, int maxchans, int *nchans,
2060 struct ieee80211_channel chans[])
2062 struct iwm_softc *sc = ic->ic_softc;
2063 struct iwm_nvm_data *data = &sc->sc_nvm;
2064 uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)];
2067 memset(bands, 0, sizeof(bands));
2068 /* 1-13: 11b/g channels. */
2069 setbit(bands, IEEE80211_MODE_11B);
2070 setbit(bands, IEEE80211_MODE_11G);
2071 iwm_add_channel_band(sc, chans, maxchans, nchans, 0,
2072 IWM_NUM_2GHZ_CHANNELS - 1, bands);
2074 /* 14: 11b channel only. */
2075 clrbit(bands, IEEE80211_MODE_11G);
2076 iwm_add_channel_band(sc, chans, maxchans, nchans,
2077 IWM_NUM_2GHZ_CHANNELS - 1, IWM_NUM_2GHZ_CHANNELS, bands);
2079 if (data->sku_cap_band_52GHz_enable) {
2080 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
2081 ch_num = nitems(iwm_nvm_channels);
2083 ch_num = nitems(iwm_nvm_channels_8000);
2084 memset(bands, 0, sizeof(bands));
2085 setbit(bands, IEEE80211_MODE_11A);
2086 iwm_add_channel_band(sc, chans, maxchans, nchans,
2087 IWM_NUM_2GHZ_CHANNELS, ch_num, bands);
2092 iwm_set_hw_address_8000(struct iwm_softc *sc, struct iwm_nvm_data *data,
2093 const uint16_t *mac_override, const uint16_t *nvm_hw)
2095 const uint8_t *hw_addr;
2098 static const uint8_t reserved_mac[] = {
2099 0x02, 0xcc, 0xaa, 0xff, 0xee, 0x00
2102 hw_addr = (const uint8_t *)(mac_override +
2103 IWM_MAC_ADDRESS_OVERRIDE_8000);
2106 * Store the MAC address from MAO section.
2107 * No byte swapping is required in MAO section
2109 IEEE80211_ADDR_COPY(data->hw_addr, hw_addr);
2112 * Force the use of the OTP MAC address in case of reserved MAC
2113 * address in the NVM, or if address is given but invalid.
2115 if (!IEEE80211_ADDR_EQ(reserved_mac, hw_addr) &&
2116 !IEEE80211_ADDR_EQ(ieee80211broadcastaddr, data->hw_addr) &&
2117 iwm_is_valid_ether_addr(data->hw_addr) &&
2118 !IEEE80211_IS_MULTICAST(data->hw_addr))
2121 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2122 "%s: mac address from nvm override section invalid\n",
2127 /* read the mac address from WFMP registers */
2128 uint32_t mac_addr0 =
2129 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_0));
2130 uint32_t mac_addr1 =
2131 htole32(iwm_read_prph(sc, IWM_WFMP_MAC_ADDR_1));
2133 hw_addr = (const uint8_t *)&mac_addr0;
2134 data->hw_addr[0] = hw_addr[3];
2135 data->hw_addr[1] = hw_addr[2];
2136 data->hw_addr[2] = hw_addr[1];
2137 data->hw_addr[3] = hw_addr[0];
2139 hw_addr = (const uint8_t *)&mac_addr1;
2140 data->hw_addr[4] = hw_addr[1];
2141 data->hw_addr[5] = hw_addr[0];
2146 device_printf(sc->sc_dev, "%s: mac address not found\n", __func__);
2147 memset(data->hw_addr, 0, sizeof(data->hw_addr));
2151 iwm_get_sku(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2152 const uint16_t *phy_sku)
2154 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000)
2155 return le16_to_cpup(nvm_sw + IWM_SKU);
2157 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_SKU_8000));
2161 iwm_get_nvm_version(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2163 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000)
2164 return le16_to_cpup(nvm_sw + IWM_NVM_VERSION);
2166 return le32_to_cpup((const uint32_t *)(nvm_sw +
2167 IWM_NVM_VERSION_8000));
2171 iwm_get_radio_cfg(const struct iwm_softc *sc, const uint16_t *nvm_sw,
2172 const uint16_t *phy_sku)
2174 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000)
2175 return le16_to_cpup(nvm_sw + IWM_RADIO_CFG);
2177 return le32_to_cpup((const uint32_t *)(phy_sku + IWM_RADIO_CFG_8000));
2181 iwm_get_n_hw_addrs(const struct iwm_softc *sc, const uint16_t *nvm_sw)
2185 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000)
2186 return le16_to_cpup(nvm_sw + IWM_N_HW_ADDRS);
2188 n_hw_addr = le32_to_cpup((const uint32_t *)(nvm_sw + IWM_N_HW_ADDRS_8000));
2190 return n_hw_addr & IWM_N_HW_ADDR_MASK;
2194 iwm_set_radio_cfg(const struct iwm_softc *sc, struct iwm_nvm_data *data,
2197 if (sc->sc_device_family != IWM_DEVICE_FAMILY_8000) {
2198 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK(radio_cfg);
2199 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK(radio_cfg);
2200 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK(radio_cfg);
2201 data->radio_cfg_pnum = IWM_NVM_RF_CFG_PNUM_MSK(radio_cfg);
2205 /* set the radio configuration for family 8000 */
2206 data->radio_cfg_type = IWM_NVM_RF_CFG_TYPE_MSK_8000(radio_cfg);
2207 data->radio_cfg_step = IWM_NVM_RF_CFG_STEP_MSK_8000(radio_cfg);
2208 data->radio_cfg_dash = IWM_NVM_RF_CFG_DASH_MSK_8000(radio_cfg);
2209 data->radio_cfg_pnum = IWM_NVM_RF_CFG_FLAVOR_MSK_8000(radio_cfg);
2210 data->valid_tx_ant = IWM_NVM_RF_CFG_TX_ANT_MSK_8000(radio_cfg);
2211 data->valid_rx_ant = IWM_NVM_RF_CFG_RX_ANT_MSK_8000(radio_cfg);
2215 iwm_parse_nvm_data(struct iwm_softc *sc,
2216 const uint16_t *nvm_hw, const uint16_t *nvm_sw,
2217 const uint16_t *nvm_calib, const uint16_t *mac_override,
2218 const uint16_t *phy_sku, const uint16_t *regulatory)
2220 struct iwm_nvm_data *data = &sc->sc_nvm;
2221 uint8_t hw_addr[IEEE80211_ADDR_LEN];
2222 uint32_t sku, radio_cfg;
2224 data->nvm_version = iwm_get_nvm_version(sc, nvm_sw);
2226 radio_cfg = iwm_get_radio_cfg(sc, nvm_sw, phy_sku);
2227 iwm_set_radio_cfg(sc, data, radio_cfg);
2229 sku = iwm_get_sku(sc, nvm_sw, phy_sku);
2230 data->sku_cap_band_24GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_24GHZ;
2231 data->sku_cap_band_52GHz_enable = sku & IWM_NVM_SKU_CAP_BAND_52GHZ;
2232 data->sku_cap_11n_enable = 0;
2234 data->n_hw_addrs = iwm_get_n_hw_addrs(sc, nvm_sw);
2236 /* The byte order is little endian 16 bit, meaning 214365 */
2237 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
2238 IEEE80211_ADDR_COPY(hw_addr, nvm_hw + IWM_HW_ADDR);
2239 data->hw_addr[0] = hw_addr[1];
2240 data->hw_addr[1] = hw_addr[0];
2241 data->hw_addr[2] = hw_addr[3];
2242 data->hw_addr[3] = hw_addr[2];
2243 data->hw_addr[4] = hw_addr[5];
2244 data->hw_addr[5] = hw_addr[4];
2246 iwm_set_hw_address_8000(sc, data, mac_override, nvm_hw);
2249 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
2250 memcpy(data->nvm_ch_flags, &nvm_sw[IWM_NVM_CHANNELS],
2251 IWM_NUM_CHANNELS * sizeof(uint16_t));
2253 memcpy(data->nvm_ch_flags, ®ulatory[IWM_NVM_CHANNELS_8000],
2254 IWM_NUM_CHANNELS_8000 * sizeof(uint16_t));
2256 data->calib_version = 255; /* TODO:
2257 this value will prevent some checks from
2258 failing, we need to check if this
2259 field is still needed, and if it does,
2260 where is it in the NVM */
2266 iwm_parse_nvm_sections(struct iwm_softc *sc, struct iwm_nvm_section *sections)
2268 const uint16_t *hw, *sw, *calib, *regulatory, *mac_override, *phy_sku;
2270 /* Checking for required sections */
2271 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000) {
2272 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2273 !sections[IWM_NVM_SECTION_TYPE_HW].data) {
2274 device_printf(sc->sc_dev,
2275 "Can't parse empty OTP/NVM sections\n");
2279 hw = (const uint16_t *) sections[IWM_NVM_SECTION_TYPE_HW].data;
2280 } else if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
2281 /* SW and REGULATORY sections are mandatory */
2282 if (!sections[IWM_NVM_SECTION_TYPE_SW].data ||
2283 !sections[IWM_NVM_SECTION_TYPE_REGULATORY].data) {
2284 device_printf(sc->sc_dev,
2285 "Can't parse empty OTP/NVM sections\n");
2288 /* MAC_OVERRIDE or at least HW section must exist */
2289 if (!sections[IWM_NVM_SECTION_TYPE_HW_8000].data &&
2290 !sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data) {
2291 device_printf(sc->sc_dev,
2292 "Can't parse mac_address, empty sections\n");
2296 /* PHY_SKU section is mandatory in B0 */
2297 if (!sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data) {
2298 device_printf(sc->sc_dev,
2299 "Can't parse phy_sku in B0, empty sections\n");
2303 hw = (const uint16_t *)
2304 sections[IWM_NVM_SECTION_TYPE_HW_8000].data;
2306 panic("unknown device family %d\n", sc->sc_device_family);
2309 sw = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_SW].data;
2310 calib = (const uint16_t *)
2311 sections[IWM_NVM_SECTION_TYPE_CALIBRATION].data;
2312 regulatory = (const uint16_t *)
2313 sections[IWM_NVM_SECTION_TYPE_REGULATORY].data;
2314 mac_override = (const uint16_t *)
2315 sections[IWM_NVM_SECTION_TYPE_MAC_OVERRIDE].data;
2316 phy_sku = (const uint16_t *)sections[IWM_NVM_SECTION_TYPE_PHY_SKU].data;
2318 return iwm_parse_nvm_data(sc, hw, sw, calib, mac_override,
2319 phy_sku, regulatory);
2323 iwm_nvm_init(struct iwm_softc *sc)
2325 struct iwm_nvm_section nvm_sections[IWM_NVM_NUM_OF_SECTIONS];
2326 int i, section, error;
2329 const size_t bufsz = IWM_MAX_NVM_SECTION_SIZE;
2331 memset(nvm_sections, 0 , sizeof(nvm_sections));
2333 buf = kmalloc(bufsz, M_DEVBUF, M_INTWAIT);
2337 for (i = 0; i < nitems(nvm_to_read); i++) {
2338 section = nvm_to_read[i];
2339 KKASSERT(section <= nitems(nvm_sections));
2341 error = iwm_nvm_read_section(sc, section, buf, &len, bufsz);
2346 nvm_sections[section].data = kmalloc(len, M_DEVBUF, M_INTWAIT);
2347 if (nvm_sections[section].data == NULL) {
2351 memcpy(nvm_sections[section].data, buf, len);
2352 nvm_sections[section].length = len;
2354 kfree(buf, M_DEVBUF);
2356 error = iwm_parse_nvm_sections(sc, nvm_sections);
2358 for (i = 0; i < IWM_NVM_NUM_OF_SECTIONS; i++) {
2359 if (nvm_sections[i].data != NULL)
2360 kfree(nvm_sections[i].data, M_DEVBUF);
2367 * Firmware loading gunk. This is kind of a weird hybrid between the
2368 * iwn driver and the Linux iwlwifi driver.
2372 iwm_firmware_load_sect(struct iwm_softc *sc, uint32_t dst_addr,
2373 const uint8_t *section, uint32_t byte_cnt)
2376 uint32_t chunk_sz, offset;
2378 chunk_sz = MIN(IWM_FH_MEM_TB_MAX_LENGTH, byte_cnt);
2380 for (offset = 0; offset < byte_cnt; offset += chunk_sz) {
2382 const uint8_t *data;
2384 addr = dst_addr + offset;
2385 len = MIN(chunk_sz, byte_cnt - offset);
2386 data = section + offset;
2388 error = iwm_firmware_load_chunk(sc, addr, data, len);
2397 iwm_firmware_load_chunk(struct iwm_softc *sc, uint32_t dst_addr,
2398 const uint8_t *chunk, uint32_t byte_cnt)
2400 struct iwm_dma_info *dma = &sc->fw_dma;
2403 /* Copy firmware chunk into pre-allocated DMA-safe memory. */
2404 memcpy(dma->vaddr, chunk, byte_cnt);
2405 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
2407 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2408 dst_addr <= IWM_FW_MEM_EXTENDED_END) {
2409 iwm_set_bits_prph(sc, IWM_LMPM_CHICK,
2410 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2413 sc->sc_fw_chunk_done = 0;
2415 if (!iwm_nic_lock(sc))
2418 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2419 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_PAUSE);
2420 IWM_WRITE(sc, IWM_FH_SRVC_CHNL_SRAM_ADDR_REG(IWM_FH_SRVC_CHNL),
2422 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL0_REG(IWM_FH_SRVC_CHNL),
2423 dma->paddr & IWM_FH_MEM_TFDIB_DRAM_ADDR_LSB_MSK);
2424 IWM_WRITE(sc, IWM_FH_TFDIB_CTRL1_REG(IWM_FH_SRVC_CHNL),
2425 (iwm_get_dma_hi_addr(dma->paddr)
2426 << IWM_FH_MEM_TFDIB_REG1_ADDR_BITSHIFT) | byte_cnt);
2427 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_BUF_STS_REG(IWM_FH_SRVC_CHNL),
2428 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_NUM |
2429 1 << IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_POS_TB_IDX |
2430 IWM_FH_TCSR_CHNL_TX_BUF_STS_REG_VAL_TFDB_VALID);
2431 IWM_WRITE(sc, IWM_FH_TCSR_CHNL_TX_CONFIG_REG(IWM_FH_SRVC_CHNL),
2432 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
2433 IWM_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_DISABLE |
2434 IWM_FH_TCSR_TX_CONFIG_REG_VAL_CIRQ_HOST_ENDTFD);
2438 /* wait 1s for this segment to load */
2440 while (!sc->sc_fw_chunk_done) {
2441 #if defined(__DragonFly__)
2442 error = lksleep(&sc->sc_fw, &sc->sc_lk, 0, "iwmfw", hz);
2444 error = msleep(&sc->sc_fw, &sc->sc_mtx, 0, "iwmfw", hz);
2450 if (!sc->sc_fw_chunk_done) {
2451 device_printf(sc->sc_dev,
2452 "fw chunk addr 0x%x len %d failed to load\n",
2453 dst_addr, byte_cnt);
2456 if (dst_addr >= IWM_FW_MEM_EXTENDED_START &&
2457 dst_addr <= IWM_FW_MEM_EXTENDED_END && iwm_nic_lock(sc)) {
2458 iwm_clear_bits_prph(sc, IWM_LMPM_CHICK,
2459 IWM_LMPM_CHICK_EXTENDED_ADDR_SPACE);
2467 iwm_load_cpu_sections_8000(struct iwm_softc *sc, struct iwm_fw_sects *fws,
2468 int cpu, int *first_ucode_section)
2471 int i, error = 0, sec_num = 0x1;
2472 uint32_t val, last_read_idx = 0;
2479 *first_ucode_section = 0;
2482 (*first_ucode_section)++;
2485 for (i = *first_ucode_section; i < IWM_UCODE_SECT_MAX; i++) {
2487 data = fws->fw_sect[i].fws_data;
2488 dlen = fws->fw_sect[i].fws_len;
2489 offset = fws->fw_sect[i].fws_devoff;
2492 * CPU1_CPU2_SEPARATOR_SECTION delimiter - separate between
2494 * PAGING_SEPARATOR_SECTION delimiter - separate between
2495 * CPU2 non paged to CPU2 paging sec.
2497 if (!data || offset == IWM_CPU1_CPU2_SEPARATOR_SECTION ||
2498 offset == IWM_PAGING_SEPARATOR_SECTION)
2501 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2502 "LOAD FIRMWARE chunk %d offset 0x%x len %d for cpu %d\n",
2503 i, offset, dlen, cpu);
2505 if (dlen > sc->sc_fwdmasegsz) {
2506 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
2507 "chunk %d too large (%d bytes)\n", i, dlen);
2510 error = iwm_firmware_load_sect(sc, offset, data, dlen);
2513 device_printf(sc->sc_dev,
2514 "could not load firmware chunk %d (error %d)\n",
2519 /* Notify the ucode of the loaded section number and status */
2520 if (iwm_nic_lock(sc)) {
2521 val = IWM_READ(sc, IWM_FH_UCODE_LOAD_STATUS);
2522 val = val | (sec_num << shift_param);
2523 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, val);
2524 sec_num = (sec_num << 1) | 0x1;
2528 * The firmware won't load correctly without this delay.
2534 *first_ucode_section = last_read_idx;
2536 if (iwm_nic_lock(sc)) {
2538 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFF);
2540 IWM_WRITE(sc, IWM_FH_UCODE_LOAD_STATUS, 0xFFFFFFFF);
2548 iwm_load_firmware_8000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
2550 struct iwm_fw_sects *fws;
2552 int first_ucode_section;
2554 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "loading ucode type %d\n",
2557 fws = &sc->sc_fw.fw_sects[ucode_type];
2559 /* configure the ucode to be ready to get the secured image */
2560 /* release CPU reset */
2561 iwm_write_prph(sc, IWM_RELEASE_CPU_RESET, IWM_RELEASE_CPU_RESET_BIT);
2563 /* load to FW the binary Secured sections of CPU1 */
2564 error = iwm_load_cpu_sections_8000(sc, fws, 1, &first_ucode_section);
2568 /* load to FW the binary sections of CPU2 */
2569 return iwm_load_cpu_sections_8000(sc, fws, 2, &first_ucode_section);
2573 iwm_load_firmware_7000(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
2575 struct iwm_fw_sects *fws;
2581 sc->sc_uc.uc_intr = 0;
2583 fws = &sc->sc_fw.fw_sects[ucode_type];
2584 for (i = 0; i < fws->fw_count; i++) {
2585 data = fws->fw_sect[i].fws_data;
2586 dlen = fws->fw_sect[i].fws_len;
2587 offset = fws->fw_sect[i].fws_devoff;
2588 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
2589 "LOAD FIRMWARE type %d offset %u len %d\n",
2590 ucode_type, offset, dlen);
2591 if (dlen > sc->sc_fwdmasegsz) {
2592 IWM_DPRINTF(sc, IWM_DEBUG_FIRMWARE_TLV,
2593 "chunk %d too large (%d bytes)\n", i, dlen);
2596 error = iwm_firmware_load_sect(sc, offset, data, dlen);
2599 device_printf(sc->sc_dev,
2600 "could not load firmware chunk %u of %u "
2601 "(error=%d)\n", i, fws->fw_count, error);
2606 IWM_WRITE(sc, IWM_CSR_RESET, 0);
2612 iwm_load_firmware(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
2616 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
2617 error = iwm_load_firmware_8000(sc, ucode_type);
2619 error = iwm_load_firmware_7000(sc, ucode_type);
2623 /* wait for the firmware to load */
2624 for (w = 0; !sc->sc_uc.uc_intr && w < 10; w++) {
2625 #if defined(__DragonFly__)
2626 error = lksleep(&sc->sc_uc, &sc->sc_lk, 0, "iwmuc", hz/10);
2628 error = msleep(&sc->sc_uc, &sc->sc_mtx, 0, "iwmuc", hz/10);
2631 if (error || !sc->sc_uc.uc_ok) {
2632 device_printf(sc->sc_dev, "could not load firmware\n");
2633 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
2634 device_printf(sc->sc_dev, "cpu1 status: 0x%x\n",
2635 iwm_read_prph(sc, IWM_SB_CPU_1_STATUS));
2636 device_printf(sc->sc_dev, "cpu2 status: 0x%x\n",
2637 iwm_read_prph(sc, IWM_SB_CPU_2_STATUS));
2642 * Give the firmware some time to initialize.
2643 * Accessing it too early causes errors.
2645 lksleep(&w, &sc->sc_lk, 0, "iwmfwinit", hz);
2651 iwm_start_fw(struct iwm_softc *sc, enum iwm_ucode_type ucode_type)
2655 IWM_WRITE(sc, IWM_CSR_INT, ~0);
2657 if ((error = iwm_nic_init(sc)) != 0) {
2658 device_printf(sc->sc_dev, "unable to init nic\n");
2662 /* make sure rfkill handshake bits are cleared */
2663 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2664 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR,
2665 IWM_CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
2667 /* clear (again), then enable host interrupts */
2668 IWM_WRITE(sc, IWM_CSR_INT, ~0);
2669 iwm_enable_interrupts(sc);
2671 /* really make sure rfkill handshake bits are cleared */
2672 /* maybe we should write a few times more? just to make sure */
2673 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2674 IWM_WRITE(sc, IWM_CSR_UCODE_DRV_GP1_CLR, IWM_CSR_UCODE_SW_BIT_RFKILL);
2676 /* Load the given image to the HW */
2677 return iwm_load_firmware(sc, ucode_type);
2681 iwm_send_tx_ant_cfg(struct iwm_softc *sc, uint8_t valid_tx_ant)
2683 struct iwm_tx_ant_cfg_cmd tx_ant_cmd = {
2684 .valid = htole32(valid_tx_ant),
2687 return iwm_mvm_send_cmd_pdu(sc, IWM_TX_ANT_CONFIGURATION_CMD,
2688 IWM_CMD_SYNC, sizeof(tx_ant_cmd), &tx_ant_cmd);
2692 iwm_send_phy_cfg_cmd(struct iwm_softc *sc)
2694 struct iwm_phy_cfg_cmd phy_cfg_cmd;
2695 enum iwm_ucode_type ucode_type = sc->sc_uc_current;
2697 /* Set parameters */
2698 phy_cfg_cmd.phy_cfg = htole32(sc->sc_fw_phy_config);
2699 phy_cfg_cmd.calib_control.event_trigger =
2700 sc->sc_default_calib[ucode_type].event_trigger;
2701 phy_cfg_cmd.calib_control.flow_trigger =
2702 sc->sc_default_calib[ucode_type].flow_trigger;
2704 IWM_DPRINTF(sc, IWM_DEBUG_CMD | IWM_DEBUG_RESET,
2705 "Sending Phy CFG command: 0x%x\n", phy_cfg_cmd.phy_cfg);
2706 return iwm_mvm_send_cmd_pdu(sc, IWM_PHY_CONFIGURATION_CMD, IWM_CMD_SYNC,
2707 sizeof(phy_cfg_cmd), &phy_cfg_cmd);
2711 iwm_mvm_load_ucode_wait_alive(struct iwm_softc *sc,
2712 enum iwm_ucode_type ucode_type)
2714 enum iwm_ucode_type old_type = sc->sc_uc_current;
2717 if ((error = iwm_read_firmware(sc, ucode_type)) != 0) {
2718 device_printf(sc->sc_dev, "iwm_read_firmware: failed %d\n",
2723 sc->sc_uc_current = ucode_type;
2724 error = iwm_start_fw(sc, ucode_type);
2726 device_printf(sc->sc_dev, "iwm_start_fw: failed %d\n", error);
2727 sc->sc_uc_current = old_type;
2731 error = iwm_post_alive(sc);
2733 device_printf(sc->sc_dev, "iwm_fw_alive: failed %d\n", error);
2743 iwm_run_init_mvm_ucode(struct iwm_softc *sc, int justnvm)
2747 /* do not operate with rfkill switch turned on */
2748 if ((sc->sc_flags & IWM_FLAG_RFKILL) && !justnvm) {
2749 device_printf(sc->sc_dev,
2750 "radio is disabled by hardware switch\n");
2754 sc->sc_init_complete = 0;
2755 if ((error = iwm_mvm_load_ucode_wait_alive(sc,
2756 IWM_UCODE_TYPE_INIT)) != 0) {
2757 device_printf(sc->sc_dev, "failed to load init firmware\n");
2762 if ((error = iwm_nvm_init(sc)) != 0) {
2763 device_printf(sc->sc_dev, "failed to read nvm\n");
2766 IEEE80211_ADDR_COPY(sc->sc_ic.ic_macaddr, sc->sc_nvm.hw_addr);
2771 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
2772 device_printf(sc->sc_dev,
2773 "failed to send bt coex configuration: %d\n", error);
2777 /* Init Smart FIFO. */
2778 error = iwm_mvm_sf_config(sc, IWM_SF_INIT_OFF);
2782 /* Send TX valid antennas before triggering calibrations */
2783 if ((error = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc))) != 0) {
2784 device_printf(sc->sc_dev,
2785 "failed to send antennas before calibration: %d\n", error);
2790 * Send phy configurations command to init uCode
2791 * to start the 16.0 uCode init image internal calibrations.
2793 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0 ) {
2794 device_printf(sc->sc_dev,
2795 "%s: failed to run internal calibration: %d\n",
2801 * Nothing to do but wait for the init complete notification
2804 while (!sc->sc_init_complete) {
2805 #if defined(__DragonFly__)
2806 error = lksleep(&sc->sc_init_complete, &sc->sc_lk,
2807 0, "iwminit", 2*hz);
2809 error = msleep(&sc->sc_init_complete, &sc->sc_mtx,
2810 0, "iwminit", 2*hz);
2813 device_printf(sc->sc_dev, "init complete failed: %d\n",
2814 sc->sc_init_complete);
2819 IWM_DPRINTF(sc, IWM_DEBUG_RESET, "init %scomplete\n",
2820 sc->sc_init_complete ? "" : "not ");
2829 /* (re)stock rx ring, called at init-time and at runtime */
2831 iwm_rx_addbuf(struct iwm_softc *sc, int size, int idx)
2833 struct iwm_rx_ring *ring = &sc->rxq;
2834 struct iwm_rx_data *data = &ring->data[idx];
2836 bus_dmamap_t dmamap = NULL;
2837 bus_dma_segment_t seg;
2840 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, IWM_RBUF_SIZE);
2844 m->m_len = m->m_pkthdr.len = m->m_ext.ext_size;
2845 #if defined(__DragonFly__)
2846 error = bus_dmamap_load_mbuf_segment(ring->data_dmat, ring->spare_map,
2847 m, &seg, 1, &nsegs, BUS_DMA_NOWAIT);
2849 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, ring->spare_map, m,
2850 &seg, &nsegs, BUS_DMA_NOWAIT);
2853 device_printf(sc->sc_dev,
2854 "%s: can't map mbuf, error %d\n", __func__, error);
2858 if (data->m != NULL)
2859 bus_dmamap_unload(ring->data_dmat, data->map);
2861 /* Swap ring->spare_map with data->map */
2863 data->map = ring->spare_map;
2864 ring->spare_map = dmamap;
2866 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREREAD);
2869 /* Update RX descriptor. */
2870 KKASSERT((seg.ds_addr & 255) == 0);
2871 ring->desc[idx] = htole32(seg.ds_addr >> 8);
2872 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2873 BUS_DMASYNC_PREWRITE);
2881 #define IWM_RSSI_OFFSET 50
2883 iwm_mvm_calc_rssi(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
2885 int rssi_a, rssi_b, rssi_a_dbm, rssi_b_dbm, max_rssi_dbm;
2886 uint32_t agc_a, agc_b;
2889 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_AGC_IDX]);
2890 agc_a = (val & IWM_OFDM_AGC_A_MSK) >> IWM_OFDM_AGC_A_POS;
2891 agc_b = (val & IWM_OFDM_AGC_B_MSK) >> IWM_OFDM_AGC_B_POS;
2893 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_RSSI_AB_IDX]);
2894 rssi_a = (val & IWM_OFDM_RSSI_INBAND_A_MSK) >> IWM_OFDM_RSSI_A_POS;
2895 rssi_b = (val & IWM_OFDM_RSSI_INBAND_B_MSK) >> IWM_OFDM_RSSI_B_POS;
2898 * dBm = rssi dB - agc dB - constant.
2899 * Higher AGC (higher radio gain) means lower signal.
2901 rssi_a_dbm = rssi_a - IWM_RSSI_OFFSET - agc_a;
2902 rssi_b_dbm = rssi_b - IWM_RSSI_OFFSET - agc_b;
2903 max_rssi_dbm = MAX(rssi_a_dbm, rssi_b_dbm);
2905 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2906 "Rssi In A %d B %d Max %d AGCA %d AGCB %d\n",
2907 rssi_a_dbm, rssi_b_dbm, max_rssi_dbm, agc_a, agc_b);
2909 return max_rssi_dbm;
2913 * iwm_mvm_get_signal_strength - use new rx PHY INFO API
2914 * values are reported by the fw as positive values - need to negate
2915 * to obtain their dBM. Account for missing antennas by replacing 0
2916 * values by -256dBm: practically 0 power and a non-feasible 8 bit value.
2919 iwm_mvm_get_signal_strength(struct iwm_softc *sc, struct iwm_rx_phy_info *phy_info)
2921 int energy_a, energy_b, energy_c, max_energy;
2924 val = le32toh(phy_info->non_cfg_phy[IWM_RX_INFO_ENERGY_ANT_ABC_IDX]);
2925 energy_a = (val & IWM_RX_INFO_ENERGY_ANT_A_MSK) >>
2926 IWM_RX_INFO_ENERGY_ANT_A_POS;
2927 energy_a = energy_a ? -energy_a : -256;
2928 energy_b = (val & IWM_RX_INFO_ENERGY_ANT_B_MSK) >>
2929 IWM_RX_INFO_ENERGY_ANT_B_POS;
2930 energy_b = energy_b ? -energy_b : -256;
2931 energy_c = (val & IWM_RX_INFO_ENERGY_ANT_C_MSK) >>
2932 IWM_RX_INFO_ENERGY_ANT_C_POS;
2933 energy_c = energy_c ? -energy_c : -256;
2934 max_energy = MAX(energy_a, energy_b);
2935 max_energy = MAX(max_energy, energy_c);
2937 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
2938 "energy In A %d B %d C %d , and max %d\n",
2939 energy_a, energy_b, energy_c, max_energy);
2945 iwm_mvm_rx_rx_phy_cmd(struct iwm_softc *sc,
2946 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2948 struct iwm_rx_phy_info *phy_info = (void *)pkt->data;
2950 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "received PHY stats\n");
2951 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
2953 memcpy(&sc->sc_last_phy_info, phy_info, sizeof(sc->sc_last_phy_info));
2957 * Retrieve the average noise (in dBm) among receivers.
2960 iwm_get_noise(const struct iwm_mvm_statistics_rx_non_phy *stats)
2962 int i, total, nbant, noise;
2964 total = nbant = noise = 0;
2965 for (i = 0; i < 3; i++) {
2966 noise = le32toh(stats->beacon_silence_rssi[i]) & 0xff;
2973 /* There should be at least one antenna but check anyway. */
2974 return (nbant == 0) ? -127 : (total / nbant) - 107;
2978 * iwm_mvm_rx_rx_mpdu - IWM_REPLY_RX_MPDU_CMD handler
2980 * Handles the actual data of the Rx packet from the fw
2983 iwm_mvm_rx_rx_mpdu(struct iwm_softc *sc,
2984 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
2986 struct ieee80211com *ic = &sc->sc_ic;
2987 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2988 struct ieee80211_frame *wh;
2989 struct ieee80211_node *ni;
2990 struct ieee80211_rx_stats rxs;
2992 struct iwm_rx_phy_info *phy_info;
2993 struct iwm_rx_mpdu_res_start *rx_res;
2995 uint32_t rx_pkt_status;
2998 bus_dmamap_sync(sc->rxq.data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3000 phy_info = &sc->sc_last_phy_info;
3001 rx_res = (struct iwm_rx_mpdu_res_start *)pkt->data;
3002 wh = (struct ieee80211_frame *)(pkt->data + sizeof(*rx_res));
3003 len = le16toh(rx_res->byte_count);
3004 rx_pkt_status = le32toh(*(uint32_t *)(pkt->data + sizeof(*rx_res) + len));
3007 m->m_data = pkt->data + sizeof(*rx_res);
3008 m->m_pkthdr.len = m->m_len = len;
3010 if (__predict_false(phy_info->cfg_phy_cnt > 20)) {
3011 device_printf(sc->sc_dev,
3012 "dsp size out of range [0,20]: %d\n",
3013 phy_info->cfg_phy_cnt);
3017 if (!(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_CRC_OK) ||
3018 !(rx_pkt_status & IWM_RX_MPDU_RES_STATUS_OVERRUN_OK)) {
3019 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3020 "Bad CRC or FIFO: 0x%08X.\n", rx_pkt_status);
3024 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_RX_ENERGY_API) {
3025 rssi = iwm_mvm_get_signal_strength(sc, phy_info);
3027 rssi = iwm_mvm_calc_rssi(sc, phy_info);
3029 rssi = (0 - IWM_MIN_DBM) + rssi; /* normalize */
3030 rssi = MIN(rssi, sc->sc_max_rssi); /* clip to max. 100% */
3032 /* replenish ring for the buffer we're going to feed to the sharks */
3033 if (iwm_rx_addbuf(sc, IWM_RBUF_SIZE, sc->rxq.cur) != 0) {
3034 device_printf(sc->sc_dev, "%s: unable to add more buffers\n",
3039 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
3041 IWM_DPRINTF(sc, IWM_DEBUG_RECV,
3042 "%s: phy_info: channel=%d, flags=0x%08x\n",
3044 le16toh(phy_info->channel),
3045 le16toh(phy_info->phy_flags));
3048 * Populate an RX state struct with the provided information.
3050 bzero(&rxs, sizeof(rxs));
3051 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
3052 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
3053 rxs.c_ieee = le16toh(phy_info->channel);
3054 if (le16toh(phy_info->phy_flags & IWM_RX_RES_PHY_FLAGS_BAND_24)) {
3055 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
3057 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_5GHZ);
3059 rxs.rssi = rssi - sc->sc_noise;
3060 rxs.nf = sc->sc_noise;
3062 if (ieee80211_radiotap_active_vap(vap)) {
3063 struct iwm_rx_radiotap_header *tap = &sc->sc_rxtap;
3066 if (phy_info->phy_flags & htole16(IWM_PHY_INFO_FLAG_SHPREAMBLE))
3067 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3068 tap->wr_chan_freq = htole16(rxs.c_freq);
3069 /* XXX only if ic->ic_curchan->ic_ieee == rxs.c_ieee */
3070 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
3071 tap->wr_dbm_antsignal = (int8_t)rssi;
3072 tap->wr_dbm_antnoise = (int8_t)sc->sc_noise;
3073 tap->wr_tsft = phy_info->system_timestamp;
3074 switch (phy_info->rate) {
3076 case 10: tap->wr_rate = 2; break;
3077 case 20: tap->wr_rate = 4; break;
3078 case 55: tap->wr_rate = 11; break;
3079 case 110: tap->wr_rate = 22; break;
3081 case 0xd: tap->wr_rate = 12; break;
3082 case 0xf: tap->wr_rate = 18; break;
3083 case 0x5: tap->wr_rate = 24; break;
3084 case 0x7: tap->wr_rate = 36; break;
3085 case 0x9: tap->wr_rate = 48; break;
3086 case 0xb: tap->wr_rate = 72; break;
3087 case 0x1: tap->wr_rate = 96; break;
3088 case 0x3: tap->wr_rate = 108; break;
3089 /* Unknown rate: should not happen. */
3090 default: tap->wr_rate = 0;
3096 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "input m %p\n", m);
3097 ieee80211_input_mimo(ni, m, &rxs);
3098 ieee80211_free_node(ni);
3100 IWM_DPRINTF(sc, IWM_DEBUG_RECV, "inputall m %p\n", m);
3101 ieee80211_input_mimo_all(ic, m, &rxs);
3107 iwm_mvm_rx_tx_cmd_single(struct iwm_softc *sc, struct iwm_rx_packet *pkt,
3108 struct iwm_node *in)
3110 struct iwm_mvm_tx_resp *tx_resp = (void *)pkt->data;
3111 struct ieee80211_node *ni = &in->in_ni;
3112 struct ieee80211vap *vap = ni->ni_vap;
3113 int status = le16toh(tx_resp->status.status) & IWM_TX_STATUS_MSK;
3114 int failack = tx_resp->failure_frame;
3116 KASSERT(tx_resp->frame_count == 1, ("too many frames"));
3118 /* Update rate control statistics. */
3119 IWM_DPRINTF(sc, IWM_DEBUG_XMIT, "%s: status=0x%04x, seq=%d, fc=%d, btc=%d, frts=%d, ff=%d, irate=%08x, wmt=%d\n",
3121 (int) le16toh(tx_resp->status.status),
3122 (int) le16toh(tx_resp->status.sequence),
3123 tx_resp->frame_count,
3124 tx_resp->bt_kill_count,
3125 tx_resp->failure_rts,
3126 tx_resp->failure_frame,
3127 le32toh(tx_resp->initial_rate),
3128 (int) le16toh(tx_resp->wireless_media_time));
3130 if (status != IWM_TX_STATUS_SUCCESS &&
3131 status != IWM_TX_STATUS_DIRECT_DONE) {
3132 ieee80211_ratectl_tx_complete(vap, ni,
3133 IEEE80211_RATECTL_TX_FAILURE, &failack, NULL);
3136 ieee80211_ratectl_tx_complete(vap, ni,
3137 IEEE80211_RATECTL_TX_SUCCESS, &failack, NULL);
3143 iwm_mvm_rx_tx_cmd(struct iwm_softc *sc,
3144 struct iwm_rx_packet *pkt, struct iwm_rx_data *data)
3146 struct iwm_cmd_header *cmd_hdr = &pkt->hdr;
3147 int idx = cmd_hdr->idx;
3148 int qid = cmd_hdr->qid;
3149 struct iwm_tx_ring *ring = &sc->txq[qid];
3150 struct iwm_tx_data *txd = &ring->data[idx];
3151 struct iwm_node *in = txd->in;
3152 struct mbuf *m = txd->m;
3155 KASSERT(txd->done == 0, ("txd not done"));
3156 KASSERT(txd->in != NULL, ("txd without node"));
3157 KASSERT(txd->m != NULL, ("txd without mbuf"));
3159 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
3161 sc->sc_tx_timer = 0;
3163 status = iwm_mvm_rx_tx_cmd_single(sc, pkt, in);
3165 /* Unmap and free mbuf. */
3166 bus_dmamap_sync(ring->data_dmat, txd->map, BUS_DMASYNC_POSTWRITE);
3167 bus_dmamap_unload(ring->data_dmat, txd->map);
3169 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3170 "free txd %p, in %p\n", txd, txd->in);
3175 ieee80211_tx_complete(&in->in_ni, m, status);
3177 if (--ring->queued < IWM_TX_RING_LOMARK) {
3178 sc->qfullmsk &= ~(1 << ring->qid);
3179 if (sc->qfullmsk == 0) {
3181 * Well, we're in interrupt context, but then again
3182 * I guess net80211 does all sorts of stunts in
3183 * interrupt context, so maybe this is no biggie.
3195 * Process a "command done" firmware notification. This is where we wakeup
3196 * processes waiting for a synchronous command completion.
3200 iwm_cmd_done(struct iwm_softc *sc, struct iwm_rx_packet *pkt)
3202 struct iwm_tx_ring *ring = &sc->txq[IWM_MVM_CMD_QUEUE];
3203 struct iwm_tx_data *data;
3205 if (pkt->hdr.qid != IWM_MVM_CMD_QUEUE) {
3206 return; /* Not a command ack. */
3209 data = &ring->data[pkt->hdr.idx];
3211 /* If the command was mapped in an mbuf, free it. */
3212 if (data->m != NULL) {
3213 bus_dmamap_sync(ring->data_dmat, data->map,
3214 BUS_DMASYNC_POSTWRITE);
3215 bus_dmamap_unload(ring->data_dmat, data->map);
3219 wakeup(&ring->desc[pkt->hdr.idx]);
3224 * necessary only for block ack mode
3227 iwm_update_sched(struct iwm_softc *sc, int qid, int idx, uint8_t sta_id,
3230 struct iwm_agn_scd_bc_tbl *scd_bc_tbl;
3233 scd_bc_tbl = sc->sched_dma.vaddr;
3235 len += 8; /* magic numbers came naturally from paris */
3236 if (sc->sc_capaflags & IWM_UCODE_TLV_FLAGS_DW_BC_TABLE)
3237 len = roundup(len, 4) / 4;
3239 w_val = htole16(sta_id << 12 | len);
3241 /* Update TX scheduler. */
3242 scd_bc_tbl[qid].tfd_offset[idx] = w_val;
3243 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3244 BUS_DMASYNC_PREWRITE);
3246 /* I really wonder what this is ?!? */
3247 if (idx < IWM_TFD_QUEUE_SIZE_BC_DUP) {
3248 scd_bc_tbl[qid].tfd_offset[IWM_TFD_QUEUE_SIZE_MAX + idx] = w_val;
3249 bus_dmamap_sync(sc->sched_dma.tag, sc->sched_dma.map,
3250 BUS_DMASYNC_PREWRITE);
3256 * Take an 802.11 (non-n) rate, find the relevant rate
3257 * table entry. return the index into in_ridx[].
3259 * The caller then uses that index back into in_ridx
3260 * to figure out the rate index programmed /into/
3261 * the firmware for this given node.
3264 iwm_tx_rateidx_lookup(struct iwm_softc *sc, struct iwm_node *in,
3270 for (i = 0; i < nitems(in->in_ridx); i++) {
3271 r = iwm_rates[in->in_ridx[i]].rate;
3275 /* XXX Return the first */
3276 /* XXX TODO: have it return the /lowest/ */
3281 * Fill in the rate related information for a transmit command.
3283 static const struct iwm_rate *
3284 iwm_tx_fill_cmd(struct iwm_softc *sc, struct iwm_node *in,
3285 struct ieee80211_frame *wh, struct iwm_tx_cmd *tx)
3287 struct ieee80211com *ic = &sc->sc_ic;
3288 struct ieee80211_node *ni = &in->in_ni;
3289 const struct iwm_rate *rinfo;
3290 int type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3291 int ridx, rate_flags;
3293 tx->rts_retry_limit = IWM_RTS_DFAULT_RETRY_LIMIT;
3294 tx->data_retry_limit = IWM_DEFAULT_TX_RETRY;
3297 * XXX TODO: everything about the rate selection here is terrible!
3300 if (type == IEEE80211_FC0_TYPE_DATA) {
3302 /* for data frames, use RS table */
3303 (void) ieee80211_ratectl_rate(ni, NULL, 0);
3304 i = iwm_tx_rateidx_lookup(sc, in, ni->ni_txrate);
3305 ridx = in->in_ridx[i];
3307 /* This is the index into the programmed table */
3308 tx->initial_rate_index = i;
3309 tx->tx_flags |= htole32(IWM_TX_CMD_FLG_STA_RATE);
3310 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TXRATE,
3311 "%s: start with i=%d, txrate %d\n",
3312 __func__, i, iwm_rates[ridx].rate);
3315 * For non-data, use the lowest supported rate for the given
3318 * Note: there may not be any rate control information available.
3319 * This driver currently assumes if we're transmitting data
3320 * frames, use the rate control table. Grr.
3322 * XXX TODO: use the configured rate for the traffic type!
3323 * XXX TODO: this should be per-vap, not curmode; as we later
3324 * on we'll want to handle off-channel stuff (eg TDLS).
3326 if (ic->ic_curmode == IEEE80211_MODE_11A) {
3328 * XXX this assumes the mode is either 11a or not 11a;
3329 * definitely won't work for 11n.
3331 ridx = IWM_RIDX_OFDM;
3333 ridx = IWM_RIDX_CCK;
3337 rinfo = &iwm_rates[ridx];
3339 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE, "%s: ridx=%d; rate=%d, CCK=%d\n",
3342 !! (IWM_RIDX_IS_CCK(ridx))
3345 /* XXX TODO: hard-coded TX antenna? */
3346 rate_flags = 1 << IWM_RATE_MCS_ANT_POS;
3347 if (IWM_RIDX_IS_CCK(ridx))
3348 rate_flags |= IWM_RATE_MCS_CCK_MSK;
3349 tx->rate_n_flags = htole32(rate_flags | rinfo->plcp);
3356 iwm_tx(struct iwm_softc *sc, struct mbuf *m, struct ieee80211_node *ni, int ac)
3358 struct ieee80211com *ic = &sc->sc_ic;
3359 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3360 struct iwm_node *in = IWM_NODE(ni);
3361 struct iwm_tx_ring *ring;
3362 struct iwm_tx_data *data;
3363 struct iwm_tfd *desc;
3364 struct iwm_device_cmd *cmd;
3365 struct iwm_tx_cmd *tx;
3366 struct ieee80211_frame *wh;
3367 struct ieee80211_key *k = NULL;
3368 #if !defined(__DragonFly__)
3371 const struct iwm_rate *rinfo;
3374 bus_dma_segment_t *seg, segs[IWM_MAX_SCATTER];
3377 int i, totlen, error, pad;
3379 wh = mtod(m, struct ieee80211_frame *);
3380 hdrlen = ieee80211_anyhdrsize(wh);
3381 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3383 ring = &sc->txq[ac];
3384 desc = &ring->desc[ring->cur];
3385 memset(desc, 0, sizeof(*desc));
3386 data = &ring->data[ring->cur];
3388 /* Fill out iwm_tx_cmd to send to the firmware */
3389 cmd = &ring->cmd[ring->cur];
3390 cmd->hdr.code = IWM_TX_CMD;
3392 cmd->hdr.qid = ring->qid;
3393 cmd->hdr.idx = ring->cur;
3395 tx = (void *)cmd->data;
3396 memset(tx, 0, sizeof(*tx));
3398 rinfo = iwm_tx_fill_cmd(sc, in, wh, tx);
3400 /* Encrypt the frame if need be. */
3401 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
3402 /* Retrieve key for TX && do software encryption. */
3403 k = ieee80211_crypto_encap(ni, m);
3408 /* 802.11 header may have moved. */
3409 wh = mtod(m, struct ieee80211_frame *);
3412 if (ieee80211_radiotap_active_vap(vap)) {
3413 struct iwm_tx_radiotap_header *tap = &sc->sc_txtap;
3416 tap->wt_chan_freq = htole16(ni->ni_chan->ic_freq);
3417 tap->wt_chan_flags = htole16(ni->ni_chan->ic_flags);
3418 tap->wt_rate = rinfo->rate;
3420 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
3421 ieee80211_radiotap_tx(vap, m);
3425 totlen = m->m_pkthdr.len;
3428 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3429 flags |= IWM_TX_CMD_FLG_ACK;
3432 if (type == IEEE80211_FC0_TYPE_DATA
3433 && (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold)
3434 && !IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3435 flags |= IWM_TX_CMD_FLG_PROT_REQUIRE;
3438 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3439 type != IEEE80211_FC0_TYPE_DATA)
3440 tx->sta_id = sc->sc_aux_sta.sta_id;
3442 tx->sta_id = IWM_STATION_ID;
3444 if (type == IEEE80211_FC0_TYPE_MGT) {
3445 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
3447 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
3448 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
3449 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_ASSOC);
3450 } else if (subtype == IEEE80211_FC0_SUBTYPE_ACTION) {
3451 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3453 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_MGMT);
3456 tx->pm_frame_timeout = htole16(IWM_PM_FRAME_NONE);
3460 /* First segment length must be a multiple of 4. */
3461 flags |= IWM_TX_CMD_FLG_MH_PAD;
3462 pad = 4 - (hdrlen & 3);
3466 tx->driver_txop = 0;
3467 tx->next_frame_len = 0;
3469 tx->len = htole16(totlen);
3470 tx->tid_tspec = tid;
3471 tx->life_time = htole32(IWM_TX_CMD_LIFE_TIME_INFINITE);
3473 /* Set physical address of "scratch area". */
3474 tx->dram_lsb_ptr = htole32(data->scratch_paddr);
3475 tx->dram_msb_ptr = iwm_get_dma_hi_addr(data->scratch_paddr);
3477 /* Copy 802.11 header in TX command. */
3478 memcpy(((uint8_t *)tx) + sizeof(*tx), wh, hdrlen);
3480 flags |= IWM_TX_CMD_FLG_BT_DIS | IWM_TX_CMD_FLG_SEQ_CTL;
3483 tx->tx_flags |= htole32(flags);
3485 /* Trim 802.11 header. */
3487 #if defined(__DragonFly__)
3488 error = bus_dmamap_load_mbuf_defrag(ring->data_dmat, data->map, &m,
3489 segs, IWM_MAX_SCATTER - 2,
3490 &nsegs, BUS_DMA_NOWAIT);
3492 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3493 segs, &nsegs, BUS_DMA_NOWAIT);
3496 #if defined(__DragonFly__)
3497 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3502 if (error != EFBIG) {
3503 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3508 /* Too many DMA segments, linearize mbuf. */
3509 m1 = m_collapse(m, M_NOWAIT, IWM_MAX_SCATTER - 2);
3511 device_printf(sc->sc_dev,
3512 "%s: could not defrag mbuf\n", __func__);
3518 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, m,
3519 segs, &nsegs, BUS_DMA_NOWAIT);
3521 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
3532 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3533 "sending txd %p, in %p\n", data, data->in);
3534 KASSERT(data->in != NULL, ("node is NULL"));
3536 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3537 "sending data: qid=%d idx=%d len=%d nsegs=%d txflags=0x%08x rate_n_flags=0x%08x rateidx=%u\n",
3538 ring->qid, ring->cur, totlen, nsegs,
3539 le32toh(tx->tx_flags),
3540 le32toh(tx->rate_n_flags),
3541 tx->initial_rate_index
3544 /* Fill TX descriptor. */
3545 desc->num_tbs = 2 + nsegs;
3547 desc->tbs[0].lo = htole32(data->cmd_paddr);
3548 desc->tbs[0].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3550 desc->tbs[1].lo = htole32(data->cmd_paddr + TB0_SIZE);
3551 desc->tbs[1].hi_n_len = htole16(iwm_get_dma_hi_addr(data->cmd_paddr)) |
3552 ((sizeof(struct iwm_cmd_header) + sizeof(*tx)
3553 + hdrlen + pad - TB0_SIZE) << 4);
3555 /* Other DMA segments are for data payload. */
3556 for (i = 0; i < nsegs; i++) {
3558 desc->tbs[i+2].lo = htole32(seg->ds_addr);
3559 desc->tbs[i+2].hi_n_len = \
3560 htole16(iwm_get_dma_hi_addr(seg->ds_addr))
3561 | ((seg->ds_len) << 4);
3564 bus_dmamap_sync(ring->data_dmat, data->map,
3565 BUS_DMASYNC_PREWRITE);
3566 bus_dmamap_sync(ring->cmd_dma.tag, ring->cmd_dma.map,
3567 BUS_DMASYNC_PREWRITE);
3568 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3569 BUS_DMASYNC_PREWRITE);
3572 iwm_update_sched(sc, ring->qid, ring->cur, tx->sta_id, le16toh(tx->len));
3576 ring->cur = (ring->cur + 1) % IWM_TX_RING_COUNT;
3577 IWM_WRITE(sc, IWM_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3579 /* Mark TX ring as full if we reach a certain threshold. */
3580 if (++ring->queued > IWM_TX_RING_HIMARK) {
3581 sc->qfullmsk |= 1 << ring->qid;
3588 iwm_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3589 const struct ieee80211_bpf_params *params)
3591 struct ieee80211com *ic = ni->ni_ic;
3592 struct iwm_softc *sc = ic->ic_softc;
3595 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3596 "->%s begin\n", __func__);
3598 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
3600 IWM_DPRINTF(sc, IWM_DEBUG_XMIT,
3601 "<-%s not RUNNING\n", __func__);
3607 if (params == NULL) {
3608 error = iwm_tx(sc, m, ni, 0);
3610 error = iwm_tx(sc, m, ni, 0);
3612 sc->sc_tx_timer = 5;
3624 * Note that there are transports that buffer frames before they reach
3625 * the firmware. This means that after flush_tx_path is called, the
3626 * queue might not be empty. The race-free way to handle this is to:
3627 * 1) set the station as draining
3628 * 2) flush the Tx path
3629 * 3) wait for the transport queues to be empty
3632 iwm_mvm_flush_tx_path(struct iwm_softc *sc, int tfd_msk, int sync)
3634 struct iwm_tx_path_flush_cmd flush_cmd = {
3635 .queues_ctl = htole32(tfd_msk),
3636 .flush_ctl = htole16(IWM_DUMP_TX_FIFO_FLUSH),
3640 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TXPATH_FLUSH,
3641 sync ? IWM_CMD_SYNC : IWM_CMD_ASYNC,
3642 sizeof(flush_cmd), &flush_cmd);
3644 device_printf(sc->sc_dev,
3645 "Flushing tx queue failed: %d\n", ret);
3651 iwm_mvm_send_add_sta_cmd_status(struct iwm_softc *sc,
3652 struct iwm_mvm_add_sta_cmd_v7 *cmd, int *status)
3654 return iwm_mvm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(*cmd),
3658 /* send station add/update command to firmware */
3660 iwm_mvm_sta_send_to_fw(struct iwm_softc *sc, struct iwm_node *in, int update)
3662 struct iwm_mvm_add_sta_cmd_v7 add_sta_cmd;
3666 memset(&add_sta_cmd, 0, sizeof(add_sta_cmd));
3668 add_sta_cmd.sta_id = IWM_STATION_ID;
3669 add_sta_cmd.mac_id_n_color
3670 = htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_DEFAULT_MACID,
3671 IWM_DEFAULT_COLOR));
3674 for (ac = 0; ac < WME_NUM_AC; ac++) {
3675 add_sta_cmd.tfd_queue_msk |=
3676 htole32(1 << iwm_mvm_ac_to_tx_fifo[ac]);
3678 IEEE80211_ADDR_COPY(&add_sta_cmd.addr, in->in_ni.ni_bssid);
3680 add_sta_cmd.add_modify = update ? 1 : 0;
3681 add_sta_cmd.station_flags_msk
3682 |= htole32(IWM_STA_FLG_FAT_EN_MSK | IWM_STA_FLG_MIMO_EN_MSK);
3683 add_sta_cmd.tid_disable_tx = htole16(0xffff);
3685 add_sta_cmd.modify_mask |= (IWM_STA_MODIFY_TID_DISABLE_TX);
3687 status = IWM_ADD_STA_SUCCESS;
3688 ret = iwm_mvm_send_add_sta_cmd_status(sc, &add_sta_cmd, &status);
3693 case IWM_ADD_STA_SUCCESS:
3697 device_printf(sc->sc_dev, "IWM_ADD_STA failed\n");
3705 iwm_mvm_add_sta(struct iwm_softc *sc, struct iwm_node *in)
3707 return iwm_mvm_sta_send_to_fw(sc, in, 0);
3711 iwm_mvm_update_sta(struct iwm_softc *sc, struct iwm_node *in)
3713 return iwm_mvm_sta_send_to_fw(sc, in, 1);
3717 iwm_mvm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta,
3718 const uint8_t *addr, uint16_t mac_id, uint16_t color)
3720 struct iwm_mvm_add_sta_cmd_v7 cmd;
3724 memset(&cmd, 0, sizeof(cmd));
3725 cmd.sta_id = sta->sta_id;
3726 cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color));
3728 cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk);
3729 cmd.tid_disable_tx = htole16(0xffff);
3732 IEEE80211_ADDR_COPY(cmd.addr, addr);
3734 ret = iwm_mvm_send_add_sta_cmd_status(sc, &cmd, &status);
3739 case IWM_ADD_STA_SUCCESS:
3740 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
3741 "%s: Internal station added.\n", __func__);
3744 device_printf(sc->sc_dev,
3745 "%s: Add internal station failed, status=0x%x\n",
3754 iwm_mvm_add_aux_sta(struct iwm_softc *sc)
3758 sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID;
3759 sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_MVM_AUX_QUEUE);
3761 ret = iwm_enable_txq(sc, 0, IWM_MVM_AUX_QUEUE, IWM_MVM_TX_FIFO_MCAST);
3765 ret = iwm_mvm_add_int_sta_common(sc,
3766 &sc->sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0);
3769 memset(&sc->sc_aux_sta, 0, sizeof(sc->sc_aux_sta));
3774 iwm_mvm_update_quotas(struct iwm_softc *sc, struct iwm_node *in)
3776 struct iwm_time_quota_cmd cmd;
3777 int i, idx, ret, num_active_macs, quota, quota_rem;
3778 int colors[IWM_MAX_BINDINGS] = { -1, -1, -1, -1, };
3779 int n_ifs[IWM_MAX_BINDINGS] = {0, };
3782 memset(&cmd, 0, sizeof(cmd));
3784 /* currently, PHY ID == binding ID */
3786 id = in->in_phyctxt->id;
3787 KASSERT(id < IWM_MAX_BINDINGS, ("invalid id"));
3788 colors[id] = in->in_phyctxt->color;
3795 * The FW's scheduling session consists of
3796 * IWM_MVM_MAX_QUOTA fragments. Divide these fragments
3797 * equally between all the bindings that require quota
3799 num_active_macs = 0;
3800 for (i = 0; i < IWM_MAX_BINDINGS; i++) {
3801 cmd.quotas[i].id_and_color = htole32(IWM_FW_CTXT_INVALID);
3802 num_active_macs += n_ifs[i];
3807 if (num_active_macs) {
3808 quota = IWM_MVM_MAX_QUOTA / num_active_macs;
3809 quota_rem = IWM_MVM_MAX_QUOTA % num_active_macs;
3812 for (idx = 0, i = 0; i < IWM_MAX_BINDINGS; i++) {
3816 cmd.quotas[idx].id_and_color =
3817 htole32(IWM_FW_CMD_ID_AND_COLOR(i, colors[i]));
3819 if (n_ifs[i] <= 0) {
3820 cmd.quotas[idx].quota = htole32(0);
3821 cmd.quotas[idx].max_duration = htole32(0);
3823 cmd.quotas[idx].quota = htole32(quota * n_ifs[i]);
3824 cmd.quotas[idx].max_duration = htole32(0);
3829 /* Give the remainder of the session to the first binding */
3830 cmd.quotas[0].quota = htole32(le32toh(cmd.quotas[0].quota) + quota_rem);
3832 ret = iwm_mvm_send_cmd_pdu(sc, IWM_TIME_QUOTA_CMD, IWM_CMD_SYNC,
3835 device_printf(sc->sc_dev,
3836 "%s: Failed to send quota: %d\n", __func__, ret);
3841 * ieee80211 routines
3845 * Change to AUTH state in 80211 state machine. Roughly matches what
3846 * Linux does in bss_info_changed().
3849 iwm_auth(struct ieee80211vap *vap, struct iwm_softc *sc)
3851 struct ieee80211_node *ni;
3852 struct iwm_node *in;
3853 struct iwm_vap *iv = IWM_VAP(vap);
3858 * XXX i have a feeling that the vap node is being
3859 * freed from underneath us. Grr.
3861 ni = ieee80211_ref_node(vap->iv_bss);
3863 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_STATE,
3864 "%s: called; vap=%p, bss ni=%p\n",
3871 error = iwm_mvm_sf_config(sc, IWM_SF_FULL_ON);
3875 error = iwm_allow_mcast(vap, sc);
3877 device_printf(sc->sc_dev,
3878 "%s: failed to set multicast\n", __func__);
3883 * This is where it deviates from what Linux does.
3885 * Linux iwlwifi doesn't reset the nic each time, nor does it
3886 * call ctxt_add() here. Instead, it adds it during vap creation,
3887 * and always does a mac_ctx_changed().
3889 * The openbsd port doesn't attempt to do that - it reset things
3890 * at odd states and does the add here.
3892 * So, until the state handling is fixed (ie, we never reset
3893 * the NIC except for a firmware failure, which should drag
3894 * the NIC back to IDLE, re-setup and re-add all the mac/phy
3895 * contexts that are required), let's do a dirty hack here.
3897 if (iv->is_uploaded) {
3898 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
3899 device_printf(sc->sc_dev,
3900 "%s: failed to update MAC\n", __func__);
3903 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
3904 in->in_ni.ni_chan, 1, 1)) != 0) {
3905 device_printf(sc->sc_dev,
3906 "%s: failed update phy ctxt\n", __func__);
3909 in->in_phyctxt = &sc->sc_phyctxt[0];
3911 if ((error = iwm_mvm_binding_update(sc, in)) != 0) {
3912 device_printf(sc->sc_dev,
3913 "%s: binding update cmd\n", __func__);
3916 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
3917 device_printf(sc->sc_dev,
3918 "%s: failed to update sta\n", __func__);
3922 if ((error = iwm_mvm_mac_ctxt_add(sc, vap)) != 0) {
3923 device_printf(sc->sc_dev,
3924 "%s: failed to add MAC\n", __func__);
3927 if ((error = iwm_mvm_phy_ctxt_changed(sc, &sc->sc_phyctxt[0],
3928 in->in_ni.ni_chan, 1, 1)) != 0) {
3929 device_printf(sc->sc_dev,
3930 "%s: failed add phy ctxt!\n", __func__);
3934 in->in_phyctxt = &sc->sc_phyctxt[0];
3936 if ((error = iwm_mvm_binding_add_vif(sc, in)) != 0) {
3937 device_printf(sc->sc_dev,
3938 "%s: binding add cmd\n", __func__);
3941 if ((error = iwm_mvm_add_sta(sc, in)) != 0) {
3942 device_printf(sc->sc_dev,
3943 "%s: failed to add sta\n", __func__);
3949 * Prevent the FW from wandering off channel during association
3950 * by "protecting" the session with a time event.
3952 /* XXX duration is in units of TU, not MS */
3953 duration = IWM_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS;
3954 iwm_mvm_protect_session(sc, in, duration, 500 /* XXX magic number */);
3959 ieee80211_free_node(ni);
3964 iwm_assoc(struct ieee80211vap *vap, struct iwm_softc *sc)
3966 struct iwm_node *in = IWM_NODE(vap->iv_bss);
3969 if ((error = iwm_mvm_update_sta(sc, in)) != 0) {
3970 device_printf(sc->sc_dev,
3971 "%s: failed to update STA\n", __func__);
3976 if ((error = iwm_mvm_mac_ctxt_changed(sc, vap)) != 0) {
3977 device_printf(sc->sc_dev,
3978 "%s: failed to update MAC\n", __func__);
3986 iwm_release(struct iwm_softc *sc, struct iwm_node *in)
3989 * Ok, so *technically* the proper set of calls for going
3990 * from RUN back to SCAN is:
3992 * iwm_mvm_power_mac_disable(sc, in);
3993 * iwm_mvm_mac_ctxt_changed(sc, in);
3994 * iwm_mvm_rm_sta(sc, in);
3995 * iwm_mvm_update_quotas(sc, NULL);
3996 * iwm_mvm_mac_ctxt_changed(sc, in);
3997 * iwm_mvm_binding_remove_vif(sc, in);
3998 * iwm_mvm_mac_ctxt_remove(sc, in);
4000 * However, that freezes the device not matter which permutations
4001 * and modifications are attempted. Obviously, this driver is missing
4002 * something since it works in the Linux driver, but figuring out what
4003 * is missing is a little more complicated. Now, since we're going
4004 * back to nothing anyway, we'll just do a complete device reset.
4005 * Up your's, device!
4007 /* iwm_mvm_flush_tx_path(sc, 0xf, 1); */
4008 iwm_stop_device(sc);
4017 iwm_mvm_power_mac_disable(sc, in);
4019 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
4020 device_printf(sc->sc_dev, "mac ctxt change fail 1 %d\n", error);
4024 if ((error = iwm_mvm_rm_sta(sc, in)) != 0) {
4025 device_printf(sc->sc_dev, "sta remove fail %d\n", error);
4028 error = iwm_mvm_rm_sta(sc, in);
4030 iwm_mvm_update_quotas(sc, NULL);
4031 if ((error = iwm_mvm_mac_ctxt_changed(sc, in)) != 0) {
4032 device_printf(sc->sc_dev, "mac ctxt change fail 2 %d\n", error);
4035 iwm_mvm_binding_remove_vif(sc, in);
4037 iwm_mvm_mac_ctxt_remove(sc, in);
4043 static struct ieee80211_node *
4044 iwm_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
4046 return kmalloc(sizeof (struct iwm_node), M_80211_NODE,
4047 M_INTWAIT | M_ZERO);
4051 iwm_setrates(struct iwm_softc *sc, struct iwm_node *in)
4053 struct ieee80211_node *ni = &in->in_ni;
4054 struct iwm_lq_cmd *lq = &in->in_lq;
4055 int nrates = ni->ni_rates.rs_nrates;
4056 int i, ridx, tab = 0;
4059 if (nrates > nitems(lq->rs_table)) {
4060 device_printf(sc->sc_dev,
4061 "%s: node supports %d rates, driver handles "
4062 "only %zu\n", __func__, nrates, nitems(lq->rs_table));
4066 device_printf(sc->sc_dev,
4067 "%s: node supports 0 rates, odd!\n", __func__);
4072 * XXX .. and most of iwm_node is not initialised explicitly;
4073 * it's all just 0x0 passed to the firmware.
4076 /* first figure out which rates we should support */
4077 /* XXX TODO: this isn't 11n aware /at all/ */
4078 memset(&in->in_ridx, -1, sizeof(in->in_ridx));
4079 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4080 "%s: nrates=%d\n", __func__, nrates);
4083 * Loop over nrates and populate in_ridx from the highest
4084 * rate to the lowest rate. Remember, in_ridx[] has
4085 * IEEE80211_RATE_MAXSIZE entries!
4087 for (i = 0; i < min(nrates, IEEE80211_RATE_MAXSIZE); i++) {
4088 int rate = ni->ni_rates.rs_rates[(nrates - 1) - i] & IEEE80211_RATE_VAL;
4090 /* Map 802.11 rate to HW rate index. */
4091 for (ridx = 0; ridx <= IWM_RIDX_MAX; ridx++)
4092 if (iwm_rates[ridx].rate == rate)
4094 if (ridx > IWM_RIDX_MAX) {
4095 device_printf(sc->sc_dev,
4096 "%s: WARNING: device rate for %d not found!\n",
4099 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4100 "%s: rate: i: %d, rate=%d, ridx=%d\n",
4105 in->in_ridx[i] = ridx;
4109 /* then construct a lq_cmd based on those */
4110 memset(lq, 0, sizeof(*lq));
4111 lq->sta_id = IWM_STATION_ID;
4113 /* For HT, always enable RTS/CTS to avoid excessive retries. */
4114 if (ni->ni_flags & IEEE80211_NODE_HT)
4115 lq->flags |= IWM_LQ_FLAG_USE_RTS_MSK;
4118 * are these used? (we don't do SISO or MIMO)
4119 * need to set them to non-zero, though, or we get an error.
4121 lq->single_stream_ant_msk = 1;
4122 lq->dual_stream_ant_msk = 1;
4125 * Build the actual rate selection table.
4126 * The lowest bits are the rates. Additionally,
4127 * CCK needs bit 9 to be set. The rest of the bits
4128 * we add to the table select the tx antenna
4129 * Note that we add the rates in the highest rate first
4130 * (opposite of ni_rates).
4133 * XXX TODO: this should be looping over the min of nrates
4134 * and LQ_MAX_RETRY_NUM. Sigh.
4136 for (i = 0; i < nrates; i++) {
4140 txant = iwm_fw_valid_tx_ant(sc);
4141 nextant = 1<<(ffs(txant)-1);
4145 * Map the rate id into a rate index into
4146 * our hardware table containing the
4147 * configuration to use for this rate.
4149 ridx = in->in_ridx[i];
4150 tab = iwm_rates[ridx].plcp;
4151 tab |= nextant << IWM_RATE_MCS_ANT_POS;
4152 if (IWM_RIDX_IS_CCK(ridx))
4153 tab |= IWM_RATE_MCS_CCK_MSK;
4154 IWM_DPRINTF(sc, IWM_DEBUG_TXRATE,
4155 "station rate i=%d, rate=%d, hw=%x\n",
4156 i, iwm_rates[ridx].rate, tab);
4157 lq->rs_table[i] = htole32(tab);
4159 /* then fill the rest with the lowest possible rate */
4160 for (i = nrates; i < nitems(lq->rs_table); i++) {
4161 KASSERT(tab != 0, ("invalid tab"));
4162 lq->rs_table[i] = htole32(tab);
4167 iwm_media_change(struct ifnet *ifp)
4169 struct ieee80211vap *vap = ifp->if_softc;
4170 struct ieee80211com *ic = vap->iv_ic;
4171 struct iwm_softc *sc = ic->ic_softc;
4174 error = ieee80211_media_change(ifp);
4175 if (error != ENETRESET)
4179 if (ic->ic_nrunning > 0) {
4189 iwm_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
4191 struct iwm_vap *ivp = IWM_VAP(vap);
4192 struct ieee80211com *ic = vap->iv_ic;
4193 struct iwm_softc *sc = ic->ic_softc;
4194 struct iwm_node *in;
4197 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4198 "switching state %s -> %s\n",
4199 ieee80211_state_name[vap->iv_state],
4200 ieee80211_state_name[nstate]);
4201 IEEE80211_UNLOCK(ic);
4204 if (vap->iv_state == IEEE80211_S_SCAN && nstate != vap->iv_state)
4205 iwm_led_blink_stop(sc);
4207 /* disable beacon filtering if we're hopping out of RUN */
4208 if (vap->iv_state == IEEE80211_S_RUN && nstate != vap->iv_state) {
4209 iwm_mvm_disable_beacon_filter(sc);
4211 if (((in = IWM_NODE(vap->iv_bss)) != NULL))
4214 iwm_release(sc, NULL);
4217 * It's impossible to directly go RUN->SCAN. If we iwm_release()
4218 * above then the card will be completely reinitialized,
4219 * so the driver must do everything necessary to bring the card
4220 * from INIT to SCAN.
4222 * Additionally, upon receiving deauth frame from AP,
4223 * OpenBSD 802.11 stack puts the driver in IEEE80211_S_AUTH
4224 * state. This will also fail with this driver, so bring the FSM
4225 * from IEEE80211_S_RUN to IEEE80211_S_SCAN in this case as well.
4227 * XXX TODO: fix this for FreeBSD!
4229 if (nstate == IEEE80211_S_SCAN ||
4230 nstate == IEEE80211_S_AUTH ||
4231 nstate == IEEE80211_S_ASSOC) {
4232 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4233 "Force transition to INIT; MGT=%d\n", arg);
4236 /* Always pass arg as -1 since we can't Tx right now. */
4238 * XXX arg is just ignored anyway when transitioning
4239 * to IEEE80211_S_INIT.
4241 vap->iv_newstate(vap, IEEE80211_S_INIT, -1);
4242 IWM_DPRINTF(sc, IWM_DEBUG_STATE,
4243 "Going INIT->SCAN\n");
4244 nstate = IEEE80211_S_SCAN;
4245 IEEE80211_UNLOCK(ic);
4251 case IEEE80211_S_INIT:
4254 case IEEE80211_S_AUTH:
4255 if ((error = iwm_auth(vap, sc)) != 0) {
4256 device_printf(sc->sc_dev,
4257 "%s: could not move to auth state: %d\n",
4263 case IEEE80211_S_ASSOC:
4264 if ((error = iwm_assoc(vap, sc)) != 0) {
4265 device_printf(sc->sc_dev,
4266 "%s: failed to associate: %d\n", __func__,
4272 case IEEE80211_S_RUN:
4274 struct iwm_host_cmd cmd = {
4276 .len = { sizeof(in->in_lq), },
4277 .flags = IWM_CMD_SYNC,
4280 /* Update the association state, now we have it all */
4281 /* (eg associd comes in at this point */
4282 error = iwm_assoc(vap, sc);
4284 device_printf(sc->sc_dev,
4285 "%s: failed to update association state: %d\n",
4291 in = IWM_NODE(vap->iv_bss);
4292 iwm_mvm_power_mac_update_mode(sc, in);
4293 iwm_mvm_enable_beacon_filter(sc, in);
4294 iwm_mvm_update_quotas(sc, in);
4295 iwm_setrates(sc, in);
4297 cmd.data[0] = &in->in_lq;
4298 if ((error = iwm_send_cmd(sc, &cmd)) != 0) {
4299 device_printf(sc->sc_dev,
4300 "%s: IWM_LQ_CMD failed\n", __func__);
4303 iwm_mvm_led_enable(sc);
4313 return (ivp->iv_newstate(vap, nstate, arg));
4317 iwm_endscan_cb(void *arg, int pending)
4319 struct iwm_softc *sc = arg;
4320 struct ieee80211com *ic = &sc->sc_ic;
4322 IWM_DPRINTF(sc, IWM_DEBUG_SCAN | IWM_DEBUG_TRACE,
4326 ieee80211_scan_done(TAILQ_FIRST(&ic->ic_vaps));
4330 * Aging and idle timeouts for the different possible scenarios
4331 * in default configuration
4333 static const uint32_t
4334 iwm_sf_full_timeout_def[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4336 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER_DEF),
4337 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER_DEF)
4340 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER_DEF),
4341 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER_DEF)
4344 htole32(IWM_SF_MCAST_AGING_TIMER_DEF),
4345 htole32(IWM_SF_MCAST_IDLE_TIMER_DEF)
4348 htole32(IWM_SF_BA_AGING_TIMER_DEF),
4349 htole32(IWM_SF_BA_IDLE_TIMER_DEF)
4352 htole32(IWM_SF_TX_RE_AGING_TIMER_DEF),
4353 htole32(IWM_SF_TX_RE_IDLE_TIMER_DEF)
4358 * Aging and idle timeouts for the different possible scenarios
4359 * in single BSS MAC configuration.
4361 static const uint32_t
4362 iwm_sf_full_timeout[IWM_SF_NUM_SCENARIO][IWM_SF_NUM_TIMEOUT_TYPES] = {
4364 htole32(IWM_SF_SINGLE_UNICAST_AGING_TIMER),
4365 htole32(IWM_SF_SINGLE_UNICAST_IDLE_TIMER)
4368 htole32(IWM_SF_AGG_UNICAST_AGING_TIMER),
4369 htole32(IWM_SF_AGG_UNICAST_IDLE_TIMER)
4372 htole32(IWM_SF_MCAST_AGING_TIMER),
4373 htole32(IWM_SF_MCAST_IDLE_TIMER)
4376 htole32(IWM_SF_BA_AGING_TIMER),
4377 htole32(IWM_SF_BA_IDLE_TIMER)
4380 htole32(IWM_SF_TX_RE_AGING_TIMER),
4381 htole32(IWM_SF_TX_RE_IDLE_TIMER)
4386 iwm_mvm_fill_sf_command(struct iwm_softc *sc, struct iwm_sf_cfg_cmd *sf_cmd,
4387 struct ieee80211_node *ni)
4389 int i, j, watermark;
4391 sf_cmd->watermark[IWM_SF_LONG_DELAY_ON] = htole32(IWM_SF_W_MARK_SCAN);
4394 * If we are in association flow - check antenna configuration
4395 * capabilities of the AP station, and choose the watermark accordingly.
4398 if (ni->ni_flags & IEEE80211_NODE_HT) {
4400 if (ni->ni_rxmcs[2] != 0)
4401 watermark = IWM_SF_W_MARK_MIMO3;
4402 else if (ni->ni_rxmcs[1] != 0)
4403 watermark = IWM_SF_W_MARK_MIMO2;
4406 watermark = IWM_SF_W_MARK_SISO;
4408 watermark = IWM_SF_W_MARK_LEGACY;
4410 /* default watermark value for unassociated mode. */
4412 watermark = IWM_SF_W_MARK_MIMO2;
4414 sf_cmd->watermark[IWM_SF_FULL_ON] = htole32(watermark);
4416 for (i = 0; i < IWM_SF_NUM_SCENARIO; i++) {
4417 for (j = 0; j < IWM_SF_NUM_TIMEOUT_TYPES; j++) {
4418 sf_cmd->long_delay_timeouts[i][j] =
4419 htole32(IWM_SF_LONG_DELAY_AGING_TIMER);
4424 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout,
4425 sizeof(iwm_sf_full_timeout));
4427 memcpy(sf_cmd->full_on_timeouts, iwm_sf_full_timeout_def,
4428 sizeof(iwm_sf_full_timeout_def));
4433 iwm_mvm_sf_config(struct iwm_softc *sc, enum iwm_sf_state new_state)
4435 struct ieee80211com *ic = &sc->sc_ic;
4436 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4437 struct iwm_sf_cfg_cmd sf_cmd = {
4438 .state = htole32(IWM_SF_FULL_ON),
4442 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
4443 sf_cmd.state |= htole32(IWM_SF_CFG_DUMMY_NOTIF_OFF);
4445 switch (new_state) {
4447 case IWM_SF_INIT_OFF:
4448 iwm_mvm_fill_sf_command(sc, &sf_cmd, NULL);
4450 case IWM_SF_FULL_ON:
4451 iwm_mvm_fill_sf_command(sc, &sf_cmd, vap->iv_bss);
4454 IWM_DPRINTF(sc, IWM_DEBUG_PWRSAVE,
4455 "Invalid state: %d. not sending Smart Fifo cmd\n",
4460 ret = iwm_mvm_send_cmd_pdu(sc, IWM_REPLY_SF_CFG_CMD, IWM_CMD_ASYNC,
4461 sizeof(sf_cmd), &sf_cmd);
4466 iwm_send_bt_init_conf(struct iwm_softc *sc)
4468 struct iwm_bt_coex_cmd bt_cmd;
4470 bt_cmd.mode = htole32(IWM_BT_COEX_WIFI);
4471 bt_cmd.enabled_modules = htole32(IWM_BT_COEX_HIGH_BAND_RET);
4473 return iwm_mvm_send_cmd_pdu(sc, IWM_BT_CONFIG, 0, sizeof(bt_cmd),
4478 iwm_send_update_mcc_cmd(struct iwm_softc *sc, const char *alpha2)
4480 struct iwm_mcc_update_cmd mcc_cmd;
4481 struct iwm_host_cmd hcmd = {
4482 .id = IWM_MCC_UPDATE_CMD,
4483 .flags = (IWM_CMD_SYNC | IWM_CMD_WANT_SKB),
4484 .data = { &mcc_cmd },
4488 struct iwm_rx_packet *pkt;
4489 struct iwm_mcc_update_resp_v1 *mcc_resp_v1 = NULL;
4490 struct iwm_mcc_update_resp *mcc_resp;
4494 int resp_v2 = isset(sc->sc_enabled_capa,
4495 IWM_UCODE_TLV_CAPA_LAR_SUPPORT_V2);
4497 memset(&mcc_cmd, 0, sizeof(mcc_cmd));
4498 mcc_cmd.mcc = htole16(alpha2[0] << 8 | alpha2[1]);
4499 if ((sc->sc_ucode_api & IWM_UCODE_TLV_API_WIFI_MCC_UPDATE) ||
4500 isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_MULTI_MCC))
4501 mcc_cmd.source_id = IWM_MCC_SOURCE_GET_CURRENT;
4503 mcc_cmd.source_id = IWM_MCC_SOURCE_OLD_FW;
4506 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd);
4508 hcmd.len[0] = sizeof(struct iwm_mcc_update_cmd_v1);
4510 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4511 "send MCC update to FW with '%c%c' src = %d\n",
4512 alpha2[0], alpha2[1], mcc_cmd.source_id);
4514 ret = iwm_send_cmd(sc, &hcmd);
4519 pkt = hcmd.resp_pkt;
4521 /* Extract MCC response */
4523 mcc_resp = (void *)pkt->data;
4524 mcc = mcc_resp->mcc;
4525 n_channels = le32toh(mcc_resp->n_channels);
4527 mcc_resp_v1 = (void *)pkt->data;
4528 mcc = mcc_resp_v1->mcc;
4529 n_channels = le32toh(mcc_resp_v1->n_channels);
4532 /* W/A for a FW/NVM issue - returns 0x00 for the world domain */
4534 mcc = 0x3030; /* "00" - world */
4536 IWM_DPRINTF(sc, IWM_DEBUG_NODE,
4537 "regulatory domain '%c%c' (%d channels available)\n",
4538 mcc >> 8, mcc & 0xff, n_channels);
4540 iwm_free_resp(sc, &hcmd);
4546 iwm_mvm_tt_tx_backoff(struct iwm_softc *sc, uint32_t backoff)
4548 struct iwm_host_cmd cmd = {
4549 .id = IWM_REPLY_THERMAL_MNG_BACKOFF,
4550 .len = { sizeof(uint32_t), },
4551 .data = { &backoff, },
4554 if (iwm_send_cmd(sc, &cmd) != 0) {
4555 device_printf(sc->sc_dev,
4556 "failed to change thermal tx backoff\n");
4561 iwm_init_hw(struct iwm_softc *sc)
4563 struct ieee80211com *ic = &sc->sc_ic;
4566 if ((error = iwm_start_hw(sc)) != 0) {
4567 kprintf("iwm_start_hw: failed %d\n", error);
4571 if ((error = iwm_run_init_mvm_ucode(sc, 0)) != 0) {
4572 kprintf("iwm_run_init_mvm_ucode: failed %d\n", error);
4577 * should stop and start HW since that INIT
4580 iwm_stop_device(sc);
4581 if ((error = iwm_start_hw(sc)) != 0) {
4582 device_printf(sc->sc_dev, "could not initialize hardware\n");
4586 /* omstart, this time with the regular firmware */
4587 error = iwm_mvm_load_ucode_wait_alive(sc, IWM_UCODE_TYPE_REGULAR);
4589 device_printf(sc->sc_dev, "could not load firmware\n");
4593 if ((error = iwm_send_bt_init_conf(sc)) != 0) {
4594 device_printf(sc->sc_dev, "bt init conf failed\n");
4598 if ((error = iwm_send_tx_ant_cfg(sc, iwm_fw_valid_tx_ant(sc))) != 0) {
4599 device_printf(sc->sc_dev, "antenna config failed\n");
4603 /* Send phy db control command and then phy db calibration*/
4604 if ((error = iwm_send_phy_db_data(sc)) != 0) {
4605 device_printf(sc->sc_dev, "phy_db_data failed\n");
4609 if ((error = iwm_send_phy_cfg_cmd(sc)) != 0) {
4610 device_printf(sc->sc_dev, "phy_cfg_cmd failed\n");
4614 /* Add auxiliary station for scanning */
4615 if ((error = iwm_mvm_add_aux_sta(sc)) != 0) {
4616 device_printf(sc->sc_dev, "add_aux_sta failed\n");
4620 for (i = 0; i < IWM_NUM_PHY_CTX; i++) {
4622 * The channel used here isn't relevant as it's
4623 * going to be overwritten in the other flows.
4624 * For now use the first channel we have.
4626 if ((error = iwm_mvm_phy_ctxt_add(sc,
4627 &sc->sc_phyctxt[i], &ic->ic_channels[1], 1, 1)) != 0)
4631 /* Initialize tx backoffs to the minimum. */
4632 if (sc->sc_device_family == IWM_DEVICE_FAMILY_7000)
4633 iwm_mvm_tt_tx_backoff(sc, 0);
4635 error = iwm_mvm_power_update_device(sc);
4639 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_LAR_SUPPORT)) {
4640 if ((error = iwm_send_update_mcc_cmd(sc, "ZZ")) != 0)
4644 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) {
4645 if ((error = iwm_mvm_config_umac_scan(sc)) != 0)
4649 /* Enable Tx queues. */
4650 for (ac = 0; ac < WME_NUM_AC; ac++) {
4651 error = iwm_enable_txq(sc, IWM_STATION_ID, ac,
4652 iwm_mvm_ac_to_tx_fifo[ac]);
4657 if ((error = iwm_mvm_disable_beacon_filter(sc)) != 0) {
4658 device_printf(sc->sc_dev, "failed to disable beacon filter\n");
4665 iwm_stop_device(sc);
4669 /* Allow multicast from our BSSID. */
4671 iwm_allow_mcast(struct ieee80211vap *vap, struct iwm_softc *sc)
4673 struct ieee80211_node *ni = vap->iv_bss;
4674 struct iwm_mcast_filter_cmd *cmd;
4678 size = roundup(sizeof(*cmd), 4);
4679 cmd = kmalloc(size, M_DEVBUF, M_INTWAIT | M_ZERO);
4682 cmd->filter_own = 1;
4686 IEEE80211_ADDR_COPY(cmd->bssid, ni->ni_bssid);
4688 error = iwm_mvm_send_cmd_pdu(sc, IWM_MCAST_FILTER_CMD,
4689 IWM_CMD_SYNC, size, cmd);
4690 kfree(cmd, M_DEVBUF);
4700 iwm_init(struct iwm_softc *sc)
4704 if (sc->sc_flags & IWM_FLAG_HW_INITED) {
4707 sc->sc_generation++;
4708 sc->sc_flags &= ~IWM_FLAG_STOPPED;
4710 if ((error = iwm_init_hw(sc)) != 0) {
4711 kprintf("iwm_init_hw failed %d\n", error);
4717 * Ok, firmware loaded and we are jogging
4719 sc->sc_flags |= IWM_FLAG_HW_INITED;
4720 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4724 iwm_transmit(struct ieee80211com *ic, struct mbuf *m)
4726 struct iwm_softc *sc;
4732 if ((sc->sc_flags & IWM_FLAG_HW_INITED) == 0) {
4736 error = mbufq_enqueue(&sc->sc_snd, m);
4747 * Dequeue packets from sendq and call send.
4750 iwm_start(struct iwm_softc *sc)
4752 struct ieee80211_node *ni;
4756 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "->%s\n", __func__);
4757 while (sc->qfullmsk == 0 &&
4758 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
4759 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
4760 if (iwm_tx(sc, m, ni, ac) != 0) {
4761 if_inc_counter(ni->ni_vap->iv_ifp,
4762 IFCOUNTER_OERRORS, 1);
4763 ieee80211_free_node(ni);
4766 sc->sc_tx_timer = 15;
4768 IWM_DPRINTF(sc, IWM_DEBUG_XMIT | IWM_DEBUG_TRACE, "<-%s\n", __func__);
4772 iwm_stop(struct iwm_softc *sc)
4775 sc->sc_flags &= ~IWM_FLAG_HW_INITED;
4776 sc->sc_flags |= IWM_FLAG_STOPPED;
4777 sc->sc_generation++;
4778 iwm_led_blink_stop(sc);
4779 sc->sc_tx_timer = 0;
4780 iwm_stop_device(sc);
4784 iwm_watchdog(void *arg)
4786 struct iwm_softc *sc = arg;
4788 if (sc->sc_tx_timer > 0) {
4789 if (--sc->sc_tx_timer == 0) {
4790 device_printf(sc->sc_dev, "device timeout\n");
4795 #if defined(__DragonFly__)
4796 ++sc->sc_ic.ic_oerrors;
4798 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
4803 callout_reset(&sc->sc_watchdog_to, hz, iwm_watchdog, sc);
4807 iwm_parent(struct ieee80211com *ic)
4809 struct iwm_softc *sc = ic->ic_softc;
4813 if (ic->ic_nrunning > 0) {
4814 if (!(sc->sc_flags & IWM_FLAG_HW_INITED)) {
4818 } else if (sc->sc_flags & IWM_FLAG_HW_INITED)
4822 ieee80211_start_all(ic);
4826 * The interrupt side of things
4830 * error dumping routines are from iwlwifi/mvm/utils.c
4834 * Note: This structure is read from the device with IO accesses,
4835 * and the reading already does the endian conversion. As it is
4836 * read with uint32_t-sized accesses, any members with a different size
4837 * need to be ordered correctly though!
4839 struct iwm_error_event_table {
4840 uint32_t valid; /* (nonzero) valid, (0) log is empty */
4841 uint32_t error_id; /* type of error */
4842 uint32_t trm_hw_status0; /* TRM HW status */
4843 uint32_t trm_hw_status1; /* TRM HW status */
4844 uint32_t blink2; /* branch link */
4845 uint32_t ilink1; /* interrupt link */
4846 uint32_t ilink2; /* interrupt link */
4847 uint32_t data1; /* error-specific data */
4848 uint32_t data2; /* error-specific data */
4849 uint32_t data3; /* error-specific data */
4850 uint32_t bcon_time; /* beacon timer */
4851 uint32_t tsf_low; /* network timestamp function timer */
4852 uint32_t tsf_hi; /* network timestamp function timer */
4853 uint32_t gp1; /* GP1 timer register */
4854 uint32_t gp2; /* GP2 timer register */
4855 uint32_t fw_rev_type; /* firmware revision type */
4856 uint32_t major; /* uCode version major */
4857 uint32_t minor; /* uCode version minor */
4858 uint32_t hw_ver; /* HW Silicon version */
4859 uint32_t brd_ver; /* HW board version */
4860 uint32_t log_pc; /* log program counter */
4861 uint32_t frame_ptr; /* frame pointer */
4862 uint32_t stack_ptr; /* stack pointer */
4863 uint32_t hcmd; /* last host command header */
4864 uint32_t isr0; /* isr status register LMPM_NIC_ISR0:
4866 uint32_t isr1; /* isr status register LMPM_NIC_ISR1:
4868 uint32_t isr2; /* isr status register LMPM_NIC_ISR2:
4870 uint32_t isr3; /* isr status register LMPM_NIC_ISR3:
4872 uint32_t isr4; /* isr status register LMPM_NIC_ISR4:
4874 uint32_t last_cmd_id; /* last HCMD id handled by the firmware */
4875 uint32_t wait_event; /* wait event() caller address */
4876 uint32_t l2p_control; /* L2pControlField */
4877 uint32_t l2p_duration; /* L2pDurationField */
4878 uint32_t l2p_mhvalid; /* L2pMhValidBits */
4879 uint32_t l2p_addr_match; /* L2pAddrMatchStat */
4880 uint32_t lmpm_pmg_sel; /* indicate which clocks are turned on
4882 uint32_t u_timestamp; /* indicate when the date and time of the
4884 uint32_t flow_handler; /* FH read/write pointers, RX credit */
4885 } __packed /* LOG_ERROR_TABLE_API_S_VER_3 */;
4888 * UMAC error struct - relevant starting from family 8000 chip.
4889 * Note: This structure is read from the device with IO accesses,
4890 * and the reading already does the endian conversion. As it is
4891 * read with u32-sized accesses, any members with a different size
4892 * need to be ordered correctly though!
4894 struct iwm_umac_error_event_table {
4895 uint32_t valid; /* (nonzero) valid, (0) log is empty */
4896 uint32_t error_id; /* type of error */
4897 uint32_t blink1; /* branch link */
4898 uint32_t blink2; /* branch link */
4899 uint32_t ilink1; /* interrupt link */
4900 uint32_t ilink2; /* interrupt link */
4901 uint32_t data1; /* error-specific data */
4902 uint32_t data2; /* error-specific data */
4903 uint32_t data3; /* error-specific data */
4904 uint32_t umac_major;
4905 uint32_t umac_minor;
4906 uint32_t frame_pointer; /* core register 27*/
4907 uint32_t stack_pointer; /* core register 28 */
4908 uint32_t cmd_header; /* latest host cmd sent to UMAC */
4909 uint32_t nic_isr_pref; /* ISR status register */
4912 #define ERROR_START_OFFSET (1 * sizeof(uint32_t))
4913 #define ERROR_ELEM_SIZE (7 * sizeof(uint32_t))
4919 } advanced_lookup[] = {
4920 { "NMI_INTERRUPT_WDG", 0x34 },
4921 { "SYSASSERT", 0x35 },
4922 { "UCODE_VERSION_MISMATCH", 0x37 },
4923 { "BAD_COMMAND", 0x38 },
4924 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
4925 { "FATAL_ERROR", 0x3D },
4926 { "NMI_TRM_HW_ERR", 0x46 },
4927 { "NMI_INTERRUPT_TRM", 0x4C },
4928 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
4929 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
4930 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
4931 { "NMI_INTERRUPT_HOST", 0x66 },
4932 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
4933 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
4934 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
4935 { "ADVANCED_SYSASSERT", 0 },
4939 iwm_desc_lookup(uint32_t num)
4943 for (i = 0; i < nitems(advanced_lookup) - 1; i++)
4944 if (advanced_lookup[i].num == num)
4945 return advanced_lookup[i].name;
4947 /* No entry matches 'num', so it is the last: ADVANCED_SYSASSERT */
4948 return advanced_lookup[i].name;
4952 iwm_nic_umac_error(struct iwm_softc *sc)
4954 struct iwm_umac_error_event_table table;
4957 base = sc->sc_uc.uc_umac_error_event_table;
4959 if (base < 0x800000) {
4960 device_printf(sc->sc_dev, "Invalid error log pointer 0x%08x\n",
4965 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
4966 device_printf(sc->sc_dev, "reading errlog failed\n");
4970 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
4971 device_printf(sc->sc_dev, "Start UMAC Error Log Dump:\n");
4972 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
4973 sc->sc_flags, table.valid);
4976 device_printf(sc->sc_dev, "0x%08X | %s\n", table.error_id,
4977 iwm_desc_lookup(table.error_id));
4978 device_printf(sc->sc_dev, "0x%08X | umac branchlink1\n", table.blink1);
4979 device_printf(sc->sc_dev, "0x%08X | umac branchlink2\n", table.blink2);
4980 device_printf(sc->sc_dev, "0x%08X | umac interruptlink1\n",
4982 device_printf(sc->sc_dev, "0x%08X | umac interruptlink2\n",
4984 device_printf(sc->sc_dev, "0x%08X | umac data1\n", table.data1);
4985 device_printf(sc->sc_dev, "0x%08X | umac data2\n", table.data2);
4986 device_printf(sc->sc_dev, "0x%08X | umac data3\n", table.data3);
4987 device_printf(sc->sc_dev, "0x%08X | umac major\n", table.umac_major);
4988 device_printf(sc->sc_dev, "0x%08X | umac minor\n", table.umac_minor);
4989 device_printf(sc->sc_dev, "0x%08X | frame pointer\n",
4990 table.frame_pointer);
4991 device_printf(sc->sc_dev, "0x%08X | stack pointer\n",
4992 table.stack_pointer);
4993 device_printf(sc->sc_dev, "0x%08X | last host cmd\n", table.cmd_header);
4994 device_printf(sc->sc_dev, "0x%08X | isr status reg\n",
4995 table.nic_isr_pref);
4999 * Support for dumping the error log seemed like a good idea ...
5000 * but it's mostly hex junk and the only sensible thing is the
5001 * hw/ucode revision (which we know anyway). Since it's here,
5002 * I'll just leave it in, just in case e.g. the Intel guys want to
5003 * help us decipher some "ADVANCED_SYSASSERT" later.
5006 iwm_nic_error(struct iwm_softc *sc)
5008 struct iwm_error_event_table table;
5011 device_printf(sc->sc_dev, "dumping device error log\n");
5012 base = sc->sc_uc.uc_error_event_table;
5013 if (base < 0x800000) {
5014 device_printf(sc->sc_dev,
5015 "Invalid error log pointer 0x%08x\n", base);
5019 if (iwm_read_mem(sc, base, &table, sizeof(table)/sizeof(uint32_t))) {
5020 device_printf(sc->sc_dev, "reading errlog failed\n");
5025 device_printf(sc->sc_dev, "errlog not found, skipping\n");
5029 if (ERROR_START_OFFSET <= table.valid * ERROR_ELEM_SIZE) {
5030 device_printf(sc->sc_dev, "Start Error Log Dump:\n");
5031 device_printf(sc->sc_dev, "Status: 0x%x, count: %d\n",
5032 sc->sc_flags, table.valid);
5035 device_printf(sc->sc_dev, "0x%08X | %-28s\n", table.error_id,
5036 iwm_desc_lookup(table.error_id));
5037 device_printf(sc->sc_dev, "%08X | trm_hw_status0\n",
5038 table.trm_hw_status0);
5039 device_printf(sc->sc_dev, "%08X | trm_hw_status1\n",
5040 table.trm_hw_status1);
5041 device_printf(sc->sc_dev, "%08X | branchlink2\n", table.blink2);
5042 device_printf(sc->sc_dev, "%08X | interruptlink1\n", table.ilink1);
5043 device_printf(sc->sc_dev, "%08X | interruptlink2\n", table.ilink2);
5044 device_printf(sc->sc_dev, "%08X | data1\n", table.data1);
5045 device_printf(sc->sc_dev, "%08X | data2\n", table.data2);
5046 device_printf(sc->sc_dev, "%08X | data3\n", table.data3);
5047 device_printf(sc->sc_dev, "%08X | beacon time\n", table.bcon_time);
5048 device_printf(sc->sc_dev, "%08X | tsf low\n", table.tsf_low);
5049 device_printf(sc->sc_dev, "%08X | tsf hi\n", table.tsf_hi);
5050 device_printf(sc->sc_dev, "%08X | time gp1\n", table.gp1);
5051 device_printf(sc->sc_dev, "%08X | time gp2\n", table.gp2);
5052 device_printf(sc->sc_dev, "%08X | uCode revision type\n",
5054 device_printf(sc->sc_dev, "%08X | uCode version major\n", table.major);
5055 device_printf(sc->sc_dev, "%08X | uCode version minor\n", table.minor);
5056 device_printf(sc->sc_dev, "%08X | hw version\n", table.hw_ver);
5057 device_printf(sc->sc_dev, "%08X | board version\n", table.brd_ver);
5058 device_printf(sc->sc_dev, "%08X | hcmd\n", table.hcmd);
5059 device_printf(sc->sc_dev, "%08X | isr0\n", table.isr0);
5060 device_printf(sc->sc_dev, "%08X | isr1\n", table.isr1);
5061 device_printf(sc->sc_dev, "%08X | isr2\n", table.isr2);
5062 device_printf(sc->sc_dev, "%08X | isr3\n", table.isr3);
5063 device_printf(sc->sc_dev, "%08X | isr4\n", table.isr4);
5064 device_printf(sc->sc_dev, "%08X | last cmd Id\n", table.last_cmd_id);
5065 device_printf(sc->sc_dev, "%08X | wait_event\n", table.wait_event);
5066 device_printf(sc->sc_dev, "%08X | l2p_control\n", table.l2p_control);
5067 device_printf(sc->sc_dev, "%08X | l2p_duration\n", table.l2p_duration);
5068 device_printf(sc->sc_dev, "%08X | l2p_mhvalid\n", table.l2p_mhvalid);
5069 device_printf(sc->sc_dev, "%08X | l2p_addr_match\n", table.l2p_addr_match);
5070 device_printf(sc->sc_dev, "%08X | lmpm_pmg_sel\n", table.lmpm_pmg_sel);
5071 device_printf(sc->sc_dev, "%08X | timestamp\n", table.u_timestamp);
5072 device_printf(sc->sc_dev, "%08X | flow_handler\n", table.flow_handler);
5074 if (sc->sc_uc.uc_umac_error_event_table)
5075 iwm_nic_umac_error(sc);
5079 #define SYNC_RESP_STRUCT(_var_, _pkt_) \
5081 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\
5082 _var_ = (void *)((_pkt_)+1); \
5083 } while (/*CONSTCOND*/0)
5085 #define SYNC_RESP_PTR(_ptr_, _len_, _pkt_) \
5087 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);\
5088 _ptr_ = (void *)((_pkt_)+1); \
5089 } while (/*CONSTCOND*/0)
5091 #define ADVANCE_RXQ(sc) (sc->rxq.cur = (sc->rxq.cur + 1) % IWM_RX_RING_COUNT);
5094 * Process an IWM_CSR_INT_BIT_FH_RX or IWM_CSR_INT_BIT_SW_RX interrupt.
5095 * Basic structure from if_iwn
5098 iwm_notif_intr(struct iwm_softc *sc)
5102 bus_dmamap_sync(sc->rxq.stat_dma.tag, sc->rxq.stat_dma.map,
5103 BUS_DMASYNC_POSTREAD);
5105 hw = le16toh(sc->rxq.stat->closed_rb_num) & 0xfff;
5110 while (sc->rxq.cur != hw) {
5111 struct iwm_rx_ring *ring = &sc->rxq;
5112 struct iwm_rx_data *data = &sc->rxq.data[sc->rxq.cur];
5113 struct iwm_rx_packet *pkt;
5114 struct iwm_cmd_response *cresp;
5117 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
5118 BUS_DMASYNC_POSTREAD);
5119 pkt = mtod(data->m, struct iwm_rx_packet *);
5121 qid = pkt->hdr.qid & ~0x80;
5124 code = IWM_WIDE_ID(pkt->hdr.flags, pkt->hdr.code);
5125 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5126 "rx packet qid=%d idx=%d type=%x %d %d\n",
5127 pkt->hdr.qid & ~0x80, pkt->hdr.idx, code, sc->rxq.cur, hw);
5130 * randomly get these from the firmware, no idea why.
5131 * they at least seem harmless, so just ignore them for now
5133 if (__predict_false((pkt->hdr.code == 0 && qid == 0 && idx == 0)
5134 || pkt->len_n_flags == htole32(0x55550000))) {
5140 case IWM_REPLY_RX_PHY_CMD:
5141 iwm_mvm_rx_rx_phy_cmd(sc, pkt, data);
5144 case IWM_REPLY_RX_MPDU_CMD:
5145 iwm_mvm_rx_rx_mpdu(sc, pkt, data);
5149 iwm_mvm_rx_tx_cmd(sc, pkt, data);
5152 case IWM_MISSED_BEACONS_NOTIFICATION: {
5153 struct iwm_missed_beacons_notif *resp;
5156 /* XXX look at mac_id to determine interface ID */
5157 struct ieee80211com *ic = &sc->sc_ic;
5158 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5160 SYNC_RESP_STRUCT(resp, pkt);
5161 missed = le32toh(resp->consec_missed_beacons);
5163 IWM_DPRINTF(sc, IWM_DEBUG_BEACON | IWM_DEBUG_STATE,
5164 "%s: MISSED_BEACON: mac_id=%d, "
5165 "consec_since_last_rx=%d, consec=%d, num_expect=%d "
5168 le32toh(resp->mac_id),
5169 le32toh(resp->consec_missed_beacons_since_last_rx),
5170 le32toh(resp->consec_missed_beacons),
5171 le32toh(resp->num_expected_beacons),
5172 le32toh(resp->num_recvd_beacons));
5178 /* XXX no net80211 locking? */
5179 if (vap->iv_state == IEEE80211_S_RUN &&
5180 (ic->ic_flags & IEEE80211_F_SCAN) == 0) {
5181 if (missed > vap->iv_bmissthreshold) {
5182 /* XXX bad locking; turn into task */
5184 ieee80211_beacon_miss(ic);
5191 case IWM_MFUART_LOAD_NOTIFICATION:
5194 case IWM_MVM_ALIVE: {
5195 struct iwm_mvm_alive_resp_v1 *resp1;
5196 struct iwm_mvm_alive_resp_v2 *resp2;
5197 struct iwm_mvm_alive_resp_v3 *resp3;
5199 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp1)) {
5200 SYNC_RESP_STRUCT(resp1, pkt);
5201 sc->sc_uc.uc_error_event_table
5202 = le32toh(resp1->error_event_table_ptr);
5203 sc->sc_uc.uc_log_event_table
5204 = le32toh(resp1->log_event_table_ptr);
5205 sc->sched_base = le32toh(resp1->scd_base_ptr);
5206 if (resp1->status == IWM_ALIVE_STATUS_OK)
5207 sc->sc_uc.uc_ok = 1;
5209 sc->sc_uc.uc_ok = 0;
5212 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp2)) {
5213 SYNC_RESP_STRUCT(resp2, pkt);
5214 sc->sc_uc.uc_error_event_table
5215 = le32toh(resp2->error_event_table_ptr);
5216 sc->sc_uc.uc_log_event_table
5217 = le32toh(resp2->log_event_table_ptr);
5218 sc->sched_base = le32toh(resp2->scd_base_ptr);
5219 sc->sc_uc.uc_umac_error_event_table
5220 = le32toh(resp2->error_info_addr);
5221 if (resp2->status == IWM_ALIVE_STATUS_OK)
5222 sc->sc_uc.uc_ok = 1;
5224 sc->sc_uc.uc_ok = 0;
5227 if (iwm_rx_packet_payload_len(pkt) == sizeof(*resp3)) {
5228 SYNC_RESP_STRUCT(resp3, pkt);
5229 sc->sc_uc.uc_error_event_table
5230 = le32toh(resp3->error_event_table_ptr);
5231 sc->sc_uc.uc_log_event_table
5232 = le32toh(resp3->log_event_table_ptr);
5233 sc->sched_base = le32toh(resp3->scd_base_ptr);
5234 sc->sc_uc.uc_umac_error_event_table
5235 = le32toh(resp3->error_info_addr);
5236 if (resp3->status == IWM_ALIVE_STATUS_OK)
5237 sc->sc_uc.uc_ok = 1;
5239 sc->sc_uc.uc_ok = 0;
5242 sc->sc_uc.uc_intr = 1;
5246 case IWM_CALIB_RES_NOTIF_PHY_DB: {
5247 struct iwm_calib_res_notif_phy_db *phy_db_notif;
5248 SYNC_RESP_STRUCT(phy_db_notif, pkt);
5250 iwm_phy_db_set_section(sc, phy_db_notif);
5254 case IWM_STATISTICS_NOTIFICATION: {
5255 struct iwm_notif_statistics *stats;
5256 SYNC_RESP_STRUCT(stats, pkt);
5257 memcpy(&sc->sc_stats, stats, sizeof(sc->sc_stats));
5258 sc->sc_noise = iwm_get_noise(&stats->rx.general);
5261 case IWM_NVM_ACCESS_CMD:
5262 case IWM_MCC_UPDATE_CMD:
5263 if (sc->sc_wantresp == ((qid << 16) | idx)) {
5264 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
5265 BUS_DMASYNC_POSTREAD);
5266 memcpy(sc->sc_cmd_resp,
5267 pkt, sizeof(sc->sc_cmd_resp));
5271 case IWM_MCC_CHUB_UPDATE_CMD: {
5272 struct iwm_mcc_chub_notif *notif;
5273 SYNC_RESP_STRUCT(notif, pkt);
5275 sc->sc_fw_mcc[0] = (notif->mcc & 0xff00) >> 8;
5276 sc->sc_fw_mcc[1] = notif->mcc & 0xff;
5277 sc->sc_fw_mcc[2] = '\0';
5278 IWM_DPRINTF(sc, IWM_DEBUG_RESET,
5279 "fw source %d sent CC '%s'\n",
5280 notif->source_id, sc->sc_fw_mcc);
5283 case IWM_DTS_MEASUREMENT_NOTIFICATION:
5286 case IWM_PHY_CONFIGURATION_CMD:
5287 case IWM_TX_ANT_CONFIGURATION_CMD:
5289 case IWM_MAC_CONTEXT_CMD:
5290 case IWM_REPLY_SF_CFG_CMD:
5291 case IWM_POWER_TABLE_CMD:
5292 case IWM_PHY_CONTEXT_CMD:
5293 case IWM_BINDING_CONTEXT_CMD:
5294 case IWM_TIME_EVENT_CMD:
5295 case IWM_SCAN_REQUEST_CMD:
5296 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_CFG_CMD):
5297 case IWM_WIDE_ID(IWM_ALWAYS_LONG_GROUP, IWM_SCAN_REQ_UMAC):
5298 case IWM_SCAN_OFFLOAD_REQUEST_CMD:
5299 case IWM_REPLY_BEACON_FILTERING_CMD:
5300 case IWM_MAC_PM_POWER_TABLE:
5301 case IWM_TIME_QUOTA_CMD:
5302 case IWM_REMOVE_STA:
5303 case IWM_TXPATH_FLUSH:
5306 case IWM_REPLY_THERMAL_MNG_BACKOFF:
5307 SYNC_RESP_STRUCT(cresp, pkt);
5308 if (sc->sc_wantresp == ((qid << 16) | idx)) {
5309 memcpy(sc->sc_cmd_resp,
5310 pkt, sizeof(*pkt)+sizeof(*cresp));
5315 case 0x6c: /* IWM_PHY_DB_CMD, no idea why it's not in fw-api.h */
5318 case IWM_INIT_COMPLETE_NOTIF:
5319 sc->sc_init_complete = 1;
5320 wakeup(&sc->sc_init_complete);
5323 case IWM_SCAN_OFFLOAD_COMPLETE: {
5324 struct iwm_periodic_scan_complete *notif;
5325 SYNC_RESP_STRUCT(notif, pkt);
5329 case IWM_SCAN_ITERATION_COMPLETE: {
5330 struct iwm_lmac_scan_complete_notif *notif;
5331 SYNC_RESP_STRUCT(notif, pkt);
5332 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task);
5335 case IWM_SCAN_COMPLETE_UMAC: {
5336 struct iwm_umac_scan_complete *notif;
5337 SYNC_RESP_STRUCT(notif, pkt);
5339 IWM_DPRINTF(sc, IWM_DEBUG_SCAN,
5340 "UMAC scan complete, status=0x%x\n",
5342 #if 0 /* XXX This would be a duplicate scan end call */
5343 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task);
5348 case IWM_SCAN_ITERATION_COMPLETE_UMAC: {
5349 struct iwm_umac_scan_iter_complete_notif *notif;
5350 SYNC_RESP_STRUCT(notif, pkt);
5352 IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "UMAC scan iteration "
5353 "complete, status=0x%x, %d channels scanned\n",
5354 notif->status, notif->scanned_channels);
5355 taskqueue_enqueue(sc->sc_tq, &sc->sc_es_task);
5359 case IWM_REPLY_ERROR: {
5360 struct iwm_error_resp *resp;
5361 SYNC_RESP_STRUCT(resp, pkt);
5363 device_printf(sc->sc_dev,
5364 "firmware error 0x%x, cmd 0x%x\n",
5365 le32toh(resp->error_type),
5369 case IWM_TIME_EVENT_NOTIFICATION: {
5370 struct iwm_time_event_notif *notif;
5371 SYNC_RESP_STRUCT(notif, pkt);
5373 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5374 "TE notif status = 0x%x action = 0x%x\n",
5375 notif->status, notif->action);
5378 case IWM_MCAST_FILTER_CMD:
5381 case IWM_SCD_QUEUE_CFG: {
5382 struct iwm_scd_txq_cfg_rsp *rsp;
5383 SYNC_RESP_STRUCT(rsp, pkt);
5385 IWM_DPRINTF(sc, IWM_DEBUG_CMD,
5386 "queue cfg token=0x%x sta_id=%d "
5387 "tid=%d scd_queue=%d\n",
5388 rsp->token, rsp->sta_id, rsp->tid,
5394 device_printf(sc->sc_dev,
5395 "frame %d/%d %x UNHANDLED (this should "
5396 "not happen)\n", qid, idx,
5402 * Why test bit 0x80? The Linux driver:
5404 * There is one exception: uCode sets bit 15 when it
5405 * originates the response/notification, i.e. when the
5406 * response/notification is not a direct response to a
5407 * command sent by the driver. For example, uCode issues
5408 * IWM_REPLY_RX when it sends a received frame to the driver;
5409 * it is not a direct response to any driver command.
5411 * Ok, so since when is 7 == 15? Well, the Linux driver
5412 * uses a slightly different format for pkt->hdr, and "qid"
5413 * is actually the upper byte of a two-byte field.
5415 if (!(pkt->hdr.qid & (1 << 7))) {
5416 iwm_cmd_done(sc, pkt);
5422 IWM_CLRBITS(sc, IWM_CSR_GP_CNTRL,
5423 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
5426 * Tell the firmware what we have processed.
5427 * Seems like the hardware gets upset unless we align
5430 hw = (hw == 0) ? IWM_RX_RING_COUNT - 1 : hw - 1;
5431 IWM_WRITE(sc, IWM_FH_RSCSR_CHNL0_WPTR, hw & ~7);
5437 struct iwm_softc *sc = arg;
5442 #if defined(__DragonFly__)
5443 if (sc->sc_mem == NULL) {
5444 kprintf("iwm_intr: detached\n");
5449 IWM_WRITE(sc, IWM_CSR_INT_MASK, 0);
5451 if (sc->sc_flags & IWM_FLAG_USE_ICT) {
5452 uint32_t *ict = sc->ict_dma.vaddr;
5455 tmp = htole32(ict[sc->ict_cur]);
5460 * ok, there was something. keep plowing until we have all.
5465 ict[sc->ict_cur] = 0;
5466 sc->ict_cur = (sc->ict_cur+1) % IWM_ICT_COUNT;
5467 tmp = htole32(ict[sc->ict_cur]);
5470 /* this is where the fun begins. don't ask */
5471 if (r1 == 0xffffffff)
5474 /* i am not expected to understand this */
5477 r1 = (0xff & r1) | ((0xff00 & r1) << 16);
5479 r1 = IWM_READ(sc, IWM_CSR_INT);
5480 /* "hardware gone" (where, fishing?) */
5481 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
5483 r2 = IWM_READ(sc, IWM_CSR_FH_INT_STATUS);
5485 if (r1 == 0 && r2 == 0) {
5489 IWM_WRITE(sc, IWM_CSR_INT, r1 | ~sc->sc_intmask);
5492 handled |= (r1 & (IWM_CSR_INT_BIT_ALIVE /*| IWM_CSR_INT_BIT_SCD*/));
5494 if (r1 & IWM_CSR_INT_BIT_SW_ERR) {
5496 struct ieee80211com *ic = &sc->sc_ic;
5497 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5502 /* Dump driver status (TX and RX rings) while we're here. */
5503 device_printf(sc->sc_dev, "driver status:\n");
5504 for (i = 0; i < IWM_MVM_MAX_QUEUES; i++) {
5505 struct iwm_tx_ring *ring = &sc->txq[i];
5506 device_printf(sc->sc_dev,
5507 " tx ring %2d: qid=%-2d cur=%-3d "
5509 i, ring->qid, ring->cur, ring->queued);
5511 device_printf(sc->sc_dev,
5512 " rx ring: cur=%d\n", sc->rxq.cur);
5513 device_printf(sc->sc_dev,
5514 " 802.11 state %d\n", (vap == NULL) ? -1 : vap->iv_state);
5516 /* Don't stop the device; just do a VAP restart */
5520 kprintf("%s: null vap\n", __func__);
5524 device_printf(sc->sc_dev, "%s: controller panicked, iv_state = %d; "
5525 "restarting\n", __func__, vap->iv_state);
5527 /* XXX TODO: turn this into a callout/taskqueue */
5528 ieee80211_restart_all(ic);
5532 if (r1 & IWM_CSR_INT_BIT_HW_ERR) {
5533 handled |= IWM_CSR_INT_BIT_HW_ERR;
5534 device_printf(sc->sc_dev, "hardware error, stopping device\n");
5540 /* firmware chunk loaded */
5541 if (r1 & IWM_CSR_INT_BIT_FH_TX) {
5542 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_TX_MASK);
5543 handled |= IWM_CSR_INT_BIT_FH_TX;
5544 sc->sc_fw_chunk_done = 1;
5548 if (r1 & IWM_CSR_INT_BIT_RF_KILL) {
5549 handled |= IWM_CSR_INT_BIT_RF_KILL;
5550 if (iwm_check_rfkill(sc)) {
5551 device_printf(sc->sc_dev,
5552 "%s: rfkill switch, disabling interface\n",
5559 * The Linux driver uses periodic interrupts to avoid races.
5560 * We cargo-cult like it's going out of fashion.
5562 if (r1 & IWM_CSR_INT_BIT_RX_PERIODIC) {
5563 handled |= IWM_CSR_INT_BIT_RX_PERIODIC;
5564 IWM_WRITE(sc, IWM_CSR_INT, IWM_CSR_INT_BIT_RX_PERIODIC);
5565 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) == 0)
5567 IWM_CSR_INT_PERIODIC_REG, IWM_CSR_INT_PERIODIC_DIS);
5571 if ((r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX)) || isperiodic) {
5572 handled |= (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX);
5573 IWM_WRITE(sc, IWM_CSR_FH_INT_STATUS, IWM_CSR_FH_INT_RX_MASK);
5577 /* enable periodic interrupt, see above */
5578 if (r1 & (IWM_CSR_INT_BIT_FH_RX | IWM_CSR_INT_BIT_SW_RX) && !isperiodic)
5579 IWM_WRITE_1(sc, IWM_CSR_INT_PERIODIC_REG,
5580 IWM_CSR_INT_PERIODIC_ENA);
5583 if (__predict_false(r1 & ~handled))
5584 IWM_DPRINTF(sc, IWM_DEBUG_INTR,
5585 "%s: unhandled interrupts: %x\n", __func__, r1);
5589 iwm_restore_interrupts(sc);
5596 * Autoconf glue-sniffing
5598 #define PCI_VENDOR_INTEL 0x8086
5599 #define PCI_PRODUCT_INTEL_WL_3160_1 0x08b3
5600 #define PCI_PRODUCT_INTEL_WL_3160_2 0x08b4
5601 #define PCI_PRODUCT_INTEL_WL_3165_1 0x3165
5602 #define PCI_PRODUCT_INTEL_WL_3165_2 0x3166
5603 #define PCI_PRODUCT_INTEL_WL_7260_1 0x08b1
5604 #define PCI_PRODUCT_INTEL_WL_7260_2 0x08b2
5605 #define PCI_PRODUCT_INTEL_WL_7265_1 0x095a
5606 #define PCI_PRODUCT_INTEL_WL_7265_2 0x095b
5607 #define PCI_PRODUCT_INTEL_WL_8260_1 0x24f3
5608 #define PCI_PRODUCT_INTEL_WL_8260_2 0x24f4
5610 static const struct iwm_devices {
5614 { PCI_PRODUCT_INTEL_WL_3160_1, "Intel Dual Band Wireless AC 3160" },
5615 { PCI_PRODUCT_INTEL_WL_3160_2, "Intel Dual Band Wireless AC 3160" },
5616 { PCI_PRODUCT_INTEL_WL_3165_1, "Intel Dual Band Wireless AC 3165" },
5617 { PCI_PRODUCT_INTEL_WL_3165_2, "Intel Dual Band Wireless AC 3165" },
5618 { PCI_PRODUCT_INTEL_WL_7260_1, "Intel Dual Band Wireless AC 7260" },
5619 { PCI_PRODUCT_INTEL_WL_7260_2, "Intel Dual Band Wireless AC 7260" },
5620 { PCI_PRODUCT_INTEL_WL_7265_1, "Intel Dual Band Wireless AC 7265" },
5621 { PCI_PRODUCT_INTEL_WL_7265_2, "Intel Dual Band Wireless AC 7265" },
5622 { PCI_PRODUCT_INTEL_WL_8260_1, "Intel Dual Band Wireless AC 8260" },
5623 { PCI_PRODUCT_INTEL_WL_8260_2, "Intel Dual Band Wireless AC 8260" },
5627 iwm_probe(device_t dev)
5631 for (i = 0; i < nitems(iwm_devices); i++) {
5632 if (pci_get_vendor(dev) == PCI_VENDOR_INTEL &&
5633 pci_get_device(dev) == iwm_devices[i].device) {
5634 device_set_desc(dev, iwm_devices[i].name);
5635 return (BUS_PROBE_DEFAULT);
5643 iwm_dev_check(device_t dev)
5645 struct iwm_softc *sc;
5647 sc = device_get_softc(dev);
5649 sc->sc_hw_rev = IWM_READ(sc, IWM_CSR_HW_REV);
5650 switch (pci_get_device(dev)) {
5651 case PCI_PRODUCT_INTEL_WL_3160_1:
5652 case PCI_PRODUCT_INTEL_WL_3160_2:
5653 sc->sc_fwname = "iwm3160fw";
5654 sc->host_interrupt_operation_mode = 1;
5655 sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
5656 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
5658 case PCI_PRODUCT_INTEL_WL_3165_1:
5659 case PCI_PRODUCT_INTEL_WL_3165_2:
5660 sc->sc_fwname = "iwm7265fw";
5661 sc->host_interrupt_operation_mode = 0;
5662 sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
5663 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
5665 case PCI_PRODUCT_INTEL_WL_7260_1:
5666 case PCI_PRODUCT_INTEL_WL_7260_2:
5667 sc->sc_fwname = "iwm7260fw";
5668 sc->host_interrupt_operation_mode = 1;
5669 sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
5670 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
5672 case PCI_PRODUCT_INTEL_WL_7265_1:
5673 case PCI_PRODUCT_INTEL_WL_7265_2:
5674 sc->sc_fwname = "iwm7265fw";
5675 sc->host_interrupt_operation_mode = 0;
5676 sc->sc_device_family = IWM_DEVICE_FAMILY_7000;
5677 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ;
5679 case PCI_PRODUCT_INTEL_WL_8260_1:
5680 case PCI_PRODUCT_INTEL_WL_8260_2:
5681 sc->sc_fwname = "iwm8000Cfw";
5682 sc->host_interrupt_operation_mode = 0;
5683 sc->sc_device_family = IWM_DEVICE_FAMILY_8000;
5684 sc->sc_fwdmasegsz = IWM_FWDMASEGSZ_8000;
5687 device_printf(dev, "unknown adapter type\n");
5693 iwm_pci_attach(device_t dev)
5695 struct iwm_softc *sc;
5696 int count, error, rid;
5698 #if defined(__DragonFly__)
5702 sc = device_get_softc(dev);
5704 /* Clear device-specific "PCI retry timeout" register (41h). */
5705 reg = pci_read_config(dev, 0x40, sizeof(reg));
5706 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg));
5708 /* Enable bus-mastering and hardware bug workaround. */
5709 pci_enable_busmaster(dev);
5710 reg = pci_read_config(dev, PCIR_STATUS, sizeof(reg));
5712 if (reg & PCIM_STATUS_INTxSTATE) {
5713 reg &= ~PCIM_STATUS_INTxSTATE;
5715 pci_write_config(dev, PCIR_STATUS, reg, sizeof(reg));
5718 sc->sc_mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
5720 if (sc->sc_mem == NULL) {
5721 device_printf(sc->sc_dev, "can't map mem space\n");
5724 sc->sc_st = rman_get_bustag(sc->sc_mem);
5725 sc->sc_sh = rman_get_bushandle(sc->sc_mem);
5727 /* Install interrupt handler. */
5730 #if defined(__DragonFly__)
5731 pci_alloc_1intr(dev, iwm_msi_enable, &rid, &irq_flags);
5732 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, irq_flags);
5734 if (pci_alloc_msi(dev, &count) == 0)
5736 sc->sc_irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
5737 (rid != 0 ? 0 : RF_SHAREABLE));
5739 if (sc->sc_irq == NULL) {
5740 device_printf(dev, "can't map interrupt\n");
5743 #if defined(__DragonFly__)
5744 error = bus_setup_intr(dev, sc->sc_irq, INTR_MPSAFE,
5745 iwm_intr, sc, &sc->sc_ih,
5746 &wlan_global_serializer);
5748 error = bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
5749 NULL, iwm_intr, sc, &sc->sc_ih);
5751 if (sc->sc_ih == NULL) {
5752 device_printf(dev, "can't establish interrupt");
5753 #if defined(__DragonFly__)
5754 pci_release_msi(dev);
5758 sc->sc_dmat = bus_get_dma_tag(sc->sc_dev);
5764 iwm_pci_detach(device_t dev)
5766 struct iwm_softc *sc = device_get_softc(dev);
5768 if (sc->sc_irq != NULL) {
5769 bus_teardown_intr(dev, sc->sc_irq, sc->sc_ih);
5770 bus_release_resource(dev, SYS_RES_IRQ,
5771 rman_get_rid(sc->sc_irq), sc->sc_irq);
5772 pci_release_msi(dev);
5773 #if defined(__DragonFly__)
5777 if (sc->sc_mem != NULL) {
5778 bus_release_resource(dev, SYS_RES_MEMORY,
5779 rman_get_rid(sc->sc_mem), sc->sc_mem);
5780 #if defined(__DragonFly__)
5789 iwm_attach(device_t dev)
5791 struct iwm_softc *sc = device_get_softc(dev);
5792 struct ieee80211com *ic = &sc->sc_ic;
5798 mbufq_init(&sc->sc_snd, ifqmaxlen);
5799 #if defined(__DragonFly__)
5800 callout_init_lk(&sc->sc_watchdog_to, &sc->sc_lk);
5802 callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
5804 callout_init(&sc->sc_led_blink_to);
5805 TASK_INIT(&sc->sc_es_task, 0, iwm_endscan_cb, sc);
5806 sc->sc_tq = taskqueue_create("iwm_taskq", M_WAITOK,
5807 taskqueue_thread_enqueue, &sc->sc_tq);
5808 #if defined(__DragonFly__)
5809 error = taskqueue_start_threads(&sc->sc_tq, 1, TDPRI_KERN_DAEMON,
5812 error = taskqueue_start_threads(&sc->sc_tq, 1, 0, "iwm_taskq");
5815 device_printf(dev, "can't start threads, error %d\n",
5821 error = iwm_pci_attach(dev);
5825 sc->sc_wantresp = -1;
5827 /* Check device type */
5828 error = iwm_dev_check(dev);
5833 * We now start fiddling with the hardware
5836 * In the 8000 HW family the format of the 4 bytes of CSR_HW_REV have
5837 * changed, and now the revision step also includes bit 0-1 (no more
5838 * "dash" value). To keep hw_rev backwards compatible - we'll store it
5839 * in the old format.
5841 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000)
5842 sc->sc_hw_rev = (sc->sc_hw_rev & 0xfff0) |
5843 (IWM_CSR_HW_REV_STEP(sc->sc_hw_rev << 2) << 2);
5845 if (iwm_prepare_card_hw(sc) != 0) {
5846 device_printf(dev, "could not initialize hardware\n");
5850 if (sc->sc_device_family == IWM_DEVICE_FAMILY_8000) {
5855 * In order to recognize C step the driver should read the
5856 * chip version id located at the AUX bus MISC address.
5858 IWM_SETBITS(sc, IWM_CSR_GP_CNTRL,
5859 IWM_CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
5862 ret = iwm_poll_bit(sc, IWM_CSR_GP_CNTRL,
5863 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
5864 IWM_CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY,
5867 device_printf(sc->sc_dev,
5868 "Failed to wake up the nic\n");
5872 if (iwm_nic_lock(sc)) {
5873 hw_step = iwm_read_prph(sc, IWM_WFPM_CTRL_REG);
5874 hw_step |= IWM_ENABLE_WFPM;
5875 iwm_write_prph(sc, IWM_WFPM_CTRL_REG, hw_step);
5876 hw_step = iwm_read_prph(sc, IWM_AUX_MISC_REG);
5877 hw_step = (hw_step >> IWM_HW_STEP_LOCATION_BITS) & 0xF;
5879 sc->sc_hw_rev = (sc->sc_hw_rev & 0xFFFFFFF3) |
5880 (IWM_SILICON_C_STEP << 2);
5883 device_printf(sc->sc_dev, "Failed to lock the nic\n");
5888 /* Allocate DMA memory for firmware transfers. */
5889 if ((error = iwm_alloc_fwmem(sc)) != 0) {
5890 device_printf(dev, "could not allocate memory for firmware\n");
5894 /* Allocate "Keep Warm" page. */
5895 if ((error = iwm_alloc_kw(sc)) != 0) {
5896 device_printf(dev, "could not allocate keep warm page\n");
5900 /* We use ICT interrupts */
5901 if ((error = iwm_alloc_ict(sc)) != 0) {
5902 device_printf(dev, "could not allocate ICT table\n");
5906 /* Allocate TX scheduler "rings". */
5907 if ((error = iwm_alloc_sched(sc)) != 0) {
5908 device_printf(dev, "could not allocate TX scheduler rings\n");
5912 /* Allocate TX rings */
5913 for (txq_i = 0; txq_i < nitems(sc->txq); txq_i++) {
5914 if ((error = iwm_alloc_tx_ring(sc,
5915 &sc->txq[txq_i], txq_i)) != 0) {
5917 "could not allocate TX ring %d\n",
5923 /* Allocate RX ring. */
5924 if ((error = iwm_alloc_rx_ring(sc, &sc->rxq)) != 0) {
5925 device_printf(dev, "could not allocate RX ring\n");
5929 /* Clear pending interrupts. */
5930 IWM_WRITE(sc, IWM_CSR_INT, 0xffffffff);
5933 ic->ic_name = device_get_nameunit(sc->sc_dev);
5934 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
5935 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
5937 /* Set device capabilities. */
5940 IEEE80211_C_WPA | /* WPA/RSN */
5942 IEEE80211_C_SHSLOT | /* short slot time supported */
5943 IEEE80211_C_SHPREAMBLE /* short preamble supported */
5944 // IEEE80211_C_BGSCAN /* capable of bg scanning */
5946 for (i = 0; i < nitems(sc->sc_phyctxt); i++) {
5947 sc->sc_phyctxt[i].id = i;
5948 sc->sc_phyctxt[i].color = 0;
5949 sc->sc_phyctxt[i].ref = 0;
5950 sc->sc_phyctxt[i].channel = NULL;
5954 sc->sc_max_rssi = IWM_MAX_DBM - IWM_MIN_DBM;
5955 sc->sc_preinit_hook.ich_func = iwm_preinit;
5956 sc->sc_preinit_hook.ich_arg = sc;
5957 sc->sc_preinit_hook.ich_desc = "iwm";
5958 if (config_intrhook_establish(&sc->sc_preinit_hook) != 0) {
5959 device_printf(dev, "config_intrhook_establish failed\n");
5964 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
5965 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug",
5966 CTLFLAG_RW, &sc->sc_debug, 0, "control debugging");
5969 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
5970 "<-%s\n", __func__);
5974 /* Free allocated memory if something failed during attachment. */
5976 iwm_detach_local(sc, 0);
5982 iwm_is_valid_ether_addr(uint8_t *addr)
5984 char zero_addr[IEEE80211_ADDR_LEN] = { 0, 0, 0, 0, 0, 0 };
5986 if ((addr[0] & 1) || IEEE80211_ADDR_EQ(zero_addr, addr))
5993 iwm_update_edca(struct ieee80211com *ic)
5995 struct iwm_softc *sc = ic->ic_softc;
5997 device_printf(sc->sc_dev, "%s: called\n", __func__);
6002 iwm_preinit(void *arg)
6004 struct iwm_softc *sc = arg;
6005 device_t dev = sc->sc_dev;
6006 struct ieee80211com *ic = &sc->sc_ic;
6009 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6010 "->%s\n", __func__);
6013 if ((error = iwm_start_hw(sc)) != 0) {
6014 device_printf(dev, "could not initialize hardware\n");
6019 error = iwm_run_init_mvm_ucode(sc, 1);
6020 iwm_stop_device(sc);
6026 "hw rev 0x%x, fw ver %s, address %s\n",
6027 sc->sc_hw_rev & IWM_CSR_HW_REV_TYPE_MSK,
6028 sc->sc_fwver, ether_sprintf(sc->sc_nvm.hw_addr));
6030 /* not all hardware can do 5GHz band */
6031 if (!sc->sc_nvm.sku_cap_band_52GHz_enable)
6032 memset(&ic->ic_sup_rates[IEEE80211_MODE_11A], 0,
6033 sizeof(ic->ic_sup_rates[IEEE80211_MODE_11A]));
6036 iwm_init_channel_map(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
6040 * At this point we've committed - if we fail to do setup,
6041 * we now also have to tear down the net80211 state.
6043 ieee80211_ifattach(ic);
6044 ic->ic_vap_create = iwm_vap_create;
6045 ic->ic_vap_delete = iwm_vap_delete;
6046 ic->ic_raw_xmit = iwm_raw_xmit;
6047 ic->ic_node_alloc = iwm_node_alloc;
6048 ic->ic_scan_start = iwm_scan_start;
6049 ic->ic_scan_end = iwm_scan_end;
6050 ic->ic_update_mcast = iwm_update_mcast;
6051 ic->ic_getradiocaps = iwm_init_channel_map;
6052 ic->ic_set_channel = iwm_set_channel;
6053 ic->ic_scan_curchan = iwm_scan_curchan;
6054 ic->ic_scan_mindwell = iwm_scan_mindwell;
6055 ic->ic_wme.wme_update = iwm_update_edca;
6056 ic->ic_parent = iwm_parent;
6057 ic->ic_transmit = iwm_transmit;
6058 iwm_radiotap_attach(sc);
6060 ieee80211_announce(ic);
6062 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6063 "<-%s\n", __func__);
6064 config_intrhook_disestablish(&sc->sc_preinit_hook);
6068 config_intrhook_disestablish(&sc->sc_preinit_hook);
6069 iwm_detach_local(sc, 0);
6073 * Attach the interface to 802.11 radiotap.
6076 iwm_radiotap_attach(struct iwm_softc *sc)
6078 struct ieee80211com *ic = &sc->sc_ic;
6080 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6081 "->%s begin\n", __func__);
6082 ieee80211_radiotap_attach(ic,
6083 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
6084 IWM_TX_RADIOTAP_PRESENT,
6085 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
6086 IWM_RX_RADIOTAP_PRESENT);
6087 IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_TRACE,
6088 "->%s end\n", __func__);
6091 static struct ieee80211vap *
6092 iwm_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
6093 enum ieee80211_opmode opmode, int flags,
6094 const uint8_t bssid[IEEE80211_ADDR_LEN],
6095 const uint8_t mac[IEEE80211_ADDR_LEN])
6097 struct iwm_vap *ivp;
6098 struct ieee80211vap *vap;
6100 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
6102 ivp = kmalloc(sizeof(struct iwm_vap), M_80211_VAP, M_INTWAIT | M_ZERO);
6104 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
6105 vap->iv_bmissthreshold = 10; /* override default */
6106 /* Override with driver methods. */
6107 ivp->iv_newstate = vap->iv_newstate;
6108 vap->iv_newstate = iwm_newstate;
6110 ieee80211_ratectl_init(vap);
6111 /* Complete setup. */
6112 ieee80211_vap_attach(vap, iwm_media_change, ieee80211_media_status,
6114 ic->ic_opmode = opmode;
6120 iwm_vap_delete(struct ieee80211vap *vap)
6122 struct iwm_vap *ivp = IWM_VAP(vap);
6124 ieee80211_ratectl_deinit(vap);
6125 ieee80211_vap_detach(vap);
6126 kfree(ivp, M_80211_VAP);
6130 iwm_scan_start(struct ieee80211com *ic)
6132 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6133 struct iwm_softc *sc = ic->ic_softc;
6137 if (isset(sc->sc_enabled_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN))
6138 error = iwm_mvm_umac_scan(sc);
6140 error = iwm_mvm_lmac_scan(sc);
6142 device_printf(sc->sc_dev, "could not initiate 2 GHz scan\n");
6144 ieee80211_cancel_scan(vap);
6146 iwm_led_blink_start(sc);
6152 iwm_scan_end(struct ieee80211com *ic)
6154 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6155 struct iwm_softc *sc = ic->ic_softc;
6158 iwm_led_blink_stop(sc);
6159 if (vap->iv_state == IEEE80211_S_RUN)
6160 iwm_mvm_led_enable(sc);
6165 iwm_update_mcast(struct ieee80211com *ic)
6170 iwm_set_channel(struct ieee80211com *ic)
6175 iwm_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
6180 iwm_scan_mindwell(struct ieee80211_scan_state *ss)
6186 iwm_init_task(void *arg1)
6188 struct iwm_softc *sc = arg1;
6191 while (sc->sc_flags & IWM_FLAG_BUSY) {
6192 #if defined(__DragonFly__)
6193 lksleep(&sc->sc_flags, &sc->sc_lk, 0, "iwmpwr", 0);
6195 msleep(&sc->sc_flags, &sc->sc_mtx, 0, "iwmpwr", 0);
6198 sc->sc_flags |= IWM_FLAG_BUSY;
6200 if (sc->sc_ic.ic_nrunning > 0)
6202 sc->sc_flags &= ~IWM_FLAG_BUSY;
6203 wakeup(&sc->sc_flags);
6208 iwm_resume(device_t dev)
6210 struct iwm_softc *sc = device_get_softc(dev);
6214 /* Clear device-specific "PCI retry timeout" register (41h). */
6215 reg = pci_read_config(dev, 0x40, sizeof(reg));
6216 pci_write_config(dev, 0x40, reg & ~0xff00, sizeof(reg));
6217 iwm_init_task(device_get_softc(dev));
6220 if (sc->sc_flags & IWM_FLAG_SCANNING) {
6221 sc->sc_flags &= ~IWM_FLAG_SCANNING;
6227 ieee80211_resume_all(&sc->sc_ic);
6233 iwm_suspend(device_t dev)
6236 struct iwm_softc *sc = device_get_softc(dev);
6238 do_stop = !! (sc->sc_ic.ic_nrunning > 0);
6240 ieee80211_suspend_all(&sc->sc_ic);
6245 sc->sc_flags |= IWM_FLAG_SCANNING;
6253 iwm_detach_local(struct iwm_softc *sc, int do_net80211)
6255 struct iwm_fw_info *fw = &sc->sc_fw;
6256 device_t dev = sc->sc_dev;
6260 #if defined(__DragonFly__)
6261 /* doesn't exist for DFly, DFly drains tasks on free */
6263 taskqueue_drain_all(sc->sc_tq);
6265 taskqueue_free(sc->sc_tq);
6266 #if defined(__DragonFly__)
6270 callout_drain(&sc->sc_led_blink_to);
6271 callout_drain(&sc->sc_watchdog_to);
6272 iwm_stop_device(sc);
6274 ieee80211_ifdetach(&sc->sc_ic);
6277 iwm_phy_db_free(sc);
6279 /* Free descriptor rings */
6280 iwm_free_rx_ring(sc, &sc->rxq);
6281 for (i = 0; i < nitems(sc->txq); i++)
6282 iwm_free_tx_ring(sc, &sc->txq[i]);
6285 if (fw->fw_fp != NULL)
6286 iwm_fw_info_free(fw);
6288 /* Free scheduler */
6290 if (sc->ict_dma.vaddr != NULL)
6292 if (sc->kw_dma.vaddr != NULL)
6294 if (sc->fw_dma.vaddr != NULL)
6297 /* Finished with the hardware - detach things */
6298 iwm_pci_detach(dev);
6300 mbufq_drain(&sc->sc_snd);
6301 IWM_LOCK_DESTROY(sc);
6307 iwm_detach(device_t dev)
6309 struct iwm_softc *sc = device_get_softc(dev);
6311 return (iwm_detach_local(sc, 1));
6314 static device_method_t iwm_pci_methods[] = {
6315 /* Device interface */
6316 DEVMETHOD(device_probe, iwm_probe),
6317 DEVMETHOD(device_attach, iwm_attach),
6318 DEVMETHOD(device_detach, iwm_detach),
6319 DEVMETHOD(device_suspend, iwm_suspend),
6320 DEVMETHOD(device_resume, iwm_resume),
6325 static driver_t iwm_pci_driver = {
6328 sizeof (struct iwm_softc)
6331 static devclass_t iwm_devclass;
6333 DRIVER_MODULE(iwm, pci, iwm_pci_driver, iwm_devclass, NULL, NULL);
6334 MODULE_DEPEND(iwm, firmware, 1, 1, 1);
6335 MODULE_DEPEND(iwm, pci, 1, 1, 1);
6336 MODULE_DEPEND(iwm, wlan, 1, 1, 1);
projects / dragonfly.git / blob