1 /******************************************************************************
3 * Copyright(c) 2003 - 2011 Intel Corporation. All rights reserved.
5 * Portions of this file are derived from the ipw3945 project, as well
6 * as portions of the ieee80211 subsystem header files.
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of version 2 of the GNU General Public License as
10 * published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 * You should have received a copy of the GNU General Public License along with
18 * this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
21 * The full GNU General Public License is included in this distribution in the
22 * file called LICENSE.
24 * Contact Information:
25 * Intel Linux Wireless <ilw@linux.intel.com>
26 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
28 *****************************************************************************/
30 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
32 #include <linux/kernel.h>
33 #include <linux/module.h>
34 #include <linux/init.h>
35 #include <linux/pci.h>
36 #include <linux/pci-aspm.h>
37 #include <linux/slab.h>
38 #include <linux/dma-mapping.h>
39 #include <linux/delay.h>
40 #include <linux/sched.h>
41 #include <linux/skbuff.h>
42 #include <linux/netdevice.h>
43 #include <linux/firmware.h>
44 #include <linux/etherdevice.h>
45 #include <linux/if_arp.h>
47 #include <net/mac80211.h>
49 #include <asm/div64.h>
51 #define DRV_NAME "iwl4965"
57 /******************************************************************************
61 ******************************************************************************/
64 * module name, copyright, version, etc.
66 #define DRV_DESCRIPTION "Intel(R) Wireless WiFi 4965 driver for Linux"
68 #ifdef CONFIG_IWLEGACY_DEBUG
74 #define DRV_VERSION IWLWIFI_VERSION VD
77 MODULE_DESCRIPTION(DRV_DESCRIPTION);
78 MODULE_VERSION(DRV_VERSION);
79 MODULE_AUTHOR(DRV_COPYRIGHT " " DRV_AUTHOR);
80 MODULE_LICENSE("GPL");
81 MODULE_ALIAS("iwl4965");
83 void il4965_check_abort_status(struct il_priv *il,
84 u8 frame_count, u32 status)
86 if (frame_count == 1 && status == TX_STATUS_FAIL_RFKILL_FLUSH) {
87 IL_ERR("Tx flush command to flush out all frames\n");
88 if (!test_bit(S_EXIT_PENDING, &il->status))
89 queue_work(il->workqueue, &il->tx_flush);
96 struct il_mod_params il4965_mod_params = {
99 /* the rest are 0 by default */
102 void il4965_rx_queue_reset(struct il_priv *il, struct il_rx_queue *rxq)
106 spin_lock_irqsave(&rxq->lock, flags);
107 INIT_LIST_HEAD(&rxq->rx_free);
108 INIT_LIST_HEAD(&rxq->rx_used);
109 /* Fill the rx_used queue with _all_ of the Rx buffers */
110 for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++) {
111 /* In the reset function, these buffers may have been allocated
112 * to an SKB, so we need to unmap and free potential storage */
113 if (rxq->pool[i].page != NULL) {
114 pci_unmap_page(il->pci_dev, rxq->pool[i].page_dma,
115 PAGE_SIZE << il->hw_params.rx_page_order,
117 __il_free_pages(il, rxq->pool[i].page);
118 rxq->pool[i].page = NULL;
120 list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
123 for (i = 0; i < RX_QUEUE_SIZE; i++)
124 rxq->queue[i] = NULL;
126 /* Set us so that we have processed and used all buffers, but have
127 * not restocked the Rx queue with fresh buffers */
128 rxq->read = rxq->write = 0;
129 rxq->write_actual = 0;
131 spin_unlock_irqrestore(&rxq->lock, flags);
134 int il4965_rx_init(struct il_priv *il, struct il_rx_queue *rxq)
137 const u32 rfdnlog = RX_QUEUE_SIZE_LOG; /* 256 RBDs */
140 if (il->cfg->mod_params->amsdu_size_8K)
141 rb_size = FH49_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_8K;
143 rb_size = FH49_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K;
146 il_wr(il, FH49_MEM_RCSR_CHNL0_CONFIG_REG, 0);
148 /* Reset driver's Rx queue write idx */
149 il_wr(il, FH49_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
151 /* Tell device where to find RBD circular buffer in DRAM */
152 il_wr(il, FH49_RSCSR_CHNL0_RBDCB_BASE_REG,
153 (u32)(rxq->bd_dma >> 8));
155 /* Tell device where in DRAM to update its Rx status */
156 il_wr(il, FH49_RSCSR_CHNL0_STTS_WPTR_REG,
157 rxq->rb_stts_dma >> 4);
160 * Direct rx interrupts to hosts
161 * Rx buffer size 4 or 8k
165 il_wr(il, FH49_MEM_RCSR_CHNL0_CONFIG_REG,
166 FH49_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
167 FH49_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
168 FH49_RCSR_CHNL0_RX_CONFIG_SINGLE_FRAME_MSK |
170 (rb_timeout << FH49_RCSR_RX_CONFIG_REG_IRQ_RBTH_POS)|
171 (rfdnlog << FH49_RCSR_RX_CONFIG_RBDCB_SIZE_POS));
173 /* Set interrupt coalescing timer to default (2048 usecs) */
174 il_write8(il, CSR_INT_COALESCING, IL_HOST_INT_TIMEOUT_DEF);
179 static void il4965_set_pwr_vmain(struct il_priv *il)
182 * (for documentation purposes)
183 * to set power to V_AUX, do:
185 if (pci_pme_capable(il->pci_dev, PCI_D3cold))
186 il_set_bits_mask_prph(il, APMG_PS_CTRL_REG,
187 APMG_PS_CTRL_VAL_PWR_SRC_VAUX,
188 ~APMG_PS_CTRL_MSK_PWR_SRC);
191 il_set_bits_mask_prph(il, APMG_PS_CTRL_REG,
192 APMG_PS_CTRL_VAL_PWR_SRC_VMAIN,
193 ~APMG_PS_CTRL_MSK_PWR_SRC);
196 int il4965_hw_nic_init(struct il_priv *il)
199 struct il_rx_queue *rxq = &il->rxq;
203 spin_lock_irqsave(&il->lock, flags);
204 il->cfg->ops->lib->apm_ops.init(il);
206 /* Set interrupt coalescing calibration timer to default (512 usecs) */
207 il_write8(il, CSR_INT_COALESCING, IL_HOST_INT_CALIB_TIMEOUT_DEF);
209 spin_unlock_irqrestore(&il->lock, flags);
211 il4965_set_pwr_vmain(il);
213 il->cfg->ops->lib->apm_ops.config(il);
215 /* Allocate the RX queue, or reset if it is already allocated */
217 ret = il_rx_queue_alloc(il);
219 IL_ERR("Unable to initialize Rx queue\n");
223 il4965_rx_queue_reset(il, rxq);
225 il4965_rx_replenish(il);
227 il4965_rx_init(il, rxq);
229 spin_lock_irqsave(&il->lock, flags);
231 rxq->need_update = 1;
232 il_rx_queue_update_write_ptr(il, rxq);
234 spin_unlock_irqrestore(&il->lock, flags);
236 /* Allocate or reset and init all Tx and Command queues */
238 ret = il4965_txq_ctx_alloc(il);
242 il4965_txq_ctx_reset(il);
244 set_bit(S_INIT, &il->status);
250 * il4965_dma_addr2rbd_ptr - convert a DMA address to a uCode read buffer ptr
252 static inline __le32 il4965_dma_addr2rbd_ptr(struct il_priv *il,
255 return cpu_to_le32((u32)(dma_addr >> 8));
259 * il4965_rx_queue_restock - refill RX queue from pre-allocated pool
261 * If there are slots in the RX queue that need to be restocked,
262 * and we have free pre-allocated buffers, fill the ranks as much
263 * as we can, pulling from rx_free.
265 * This moves the 'write' idx forward to catch up with 'processed', and
266 * also updates the memory address in the firmware to reference the new
269 void il4965_rx_queue_restock(struct il_priv *il)
271 struct il_rx_queue *rxq = &il->rxq;
272 struct list_head *element;
273 struct il_rx_buf *rxb;
276 spin_lock_irqsave(&rxq->lock, flags);
277 while (il_rx_queue_space(rxq) > 0 && rxq->free_count) {
278 /* The overwritten rxb must be a used one */
279 rxb = rxq->queue[rxq->write];
280 BUG_ON(rxb && rxb->page);
282 /* Get next free Rx buffer, remove from free list */
283 element = rxq->rx_free.next;
284 rxb = list_entry(element, struct il_rx_buf, list);
287 /* Point to Rx buffer via next RBD in circular buffer */
288 rxq->bd[rxq->write] = il4965_dma_addr2rbd_ptr(il,
290 rxq->queue[rxq->write] = rxb;
291 rxq->write = (rxq->write + 1) & RX_QUEUE_MASK;
294 spin_unlock_irqrestore(&rxq->lock, flags);
295 /* If the pre-allocated buffer pool is dropping low, schedule to
297 if (rxq->free_count <= RX_LOW_WATERMARK)
298 queue_work(il->workqueue, &il->rx_replenish);
301 /* If we've added more space for the firmware to place data, tell it.
302 * Increment device's write pointer in multiples of 8. */
303 if (rxq->write_actual != (rxq->write & ~0x7)) {
304 spin_lock_irqsave(&rxq->lock, flags);
305 rxq->need_update = 1;
306 spin_unlock_irqrestore(&rxq->lock, flags);
307 il_rx_queue_update_write_ptr(il, rxq);
312 * il4965_rx_replenish - Move all used packet from rx_used to rx_free
314 * When moving to rx_free an SKB is allocated for the slot.
316 * Also restock the Rx queue via il_rx_queue_restock.
317 * This is called as a scheduled work item (except for during initialization)
319 static void il4965_rx_allocate(struct il_priv *il, gfp_t priority)
321 struct il_rx_queue *rxq = &il->rxq;
322 struct list_head *element;
323 struct il_rx_buf *rxb;
326 gfp_t gfp_mask = priority;
329 spin_lock_irqsave(&rxq->lock, flags);
330 if (list_empty(&rxq->rx_used)) {
331 spin_unlock_irqrestore(&rxq->lock, flags);
334 spin_unlock_irqrestore(&rxq->lock, flags);
336 if (rxq->free_count > RX_LOW_WATERMARK)
337 gfp_mask |= __GFP_NOWARN;
339 if (il->hw_params.rx_page_order > 0)
340 gfp_mask |= __GFP_COMP;
342 /* Alloc a new receive buffer */
343 page = alloc_pages(gfp_mask, il->hw_params.rx_page_order);
346 D_INFO("alloc_pages failed, "
348 il->hw_params.rx_page_order);
350 if (rxq->free_count <= RX_LOW_WATERMARK &&
353 "Failed to alloc_pages with %s. "
354 "Only %u free buffers remaining.\n",
355 priority == GFP_ATOMIC ?
356 "GFP_ATOMIC" : "GFP_KERNEL",
358 /* We don't reschedule replenish work here -- we will
359 * call the restock method and if it still needs
360 * more buffers it will schedule replenish */
364 spin_lock_irqsave(&rxq->lock, flags);
366 if (list_empty(&rxq->rx_used)) {
367 spin_unlock_irqrestore(&rxq->lock, flags);
368 __free_pages(page, il->hw_params.rx_page_order);
371 element = rxq->rx_used.next;
372 rxb = list_entry(element, struct il_rx_buf, list);
375 spin_unlock_irqrestore(&rxq->lock, flags);
379 /* Get physical address of the RB */
380 rxb->page_dma = pci_map_page(il->pci_dev, page, 0,
381 PAGE_SIZE << il->hw_params.rx_page_order,
383 /* dma address must be no more than 36 bits */
384 BUG_ON(rxb->page_dma & ~DMA_BIT_MASK(36));
385 /* and also 256 byte aligned! */
386 BUG_ON(rxb->page_dma & DMA_BIT_MASK(8));
388 spin_lock_irqsave(&rxq->lock, flags);
390 list_add_tail(&rxb->list, &rxq->rx_free);
392 il->alloc_rxb_page++;
394 spin_unlock_irqrestore(&rxq->lock, flags);
398 void il4965_rx_replenish(struct il_priv *il)
402 il4965_rx_allocate(il, GFP_KERNEL);
404 spin_lock_irqsave(&il->lock, flags);
405 il4965_rx_queue_restock(il);
406 spin_unlock_irqrestore(&il->lock, flags);
409 void il4965_rx_replenish_now(struct il_priv *il)
411 il4965_rx_allocate(il, GFP_ATOMIC);
413 il4965_rx_queue_restock(il);
416 /* Assumes that the skb field of the buffers in 'pool' is kept accurate.
417 * If an SKB has been detached, the POOL needs to have its SKB set to NULL
418 * This free routine walks the list of POOL entries and if SKB is set to
419 * non NULL it is unmapped and freed
421 void il4965_rx_queue_free(struct il_priv *il, struct il_rx_queue *rxq)
424 for (i = 0; i < RX_QUEUE_SIZE + RX_FREE_BUFFERS; i++) {
425 if (rxq->pool[i].page != NULL) {
426 pci_unmap_page(il->pci_dev, rxq->pool[i].page_dma,
427 PAGE_SIZE << il->hw_params.rx_page_order,
429 __il_free_pages(il, rxq->pool[i].page);
430 rxq->pool[i].page = NULL;
434 dma_free_coherent(&il->pci_dev->dev, 4 * RX_QUEUE_SIZE, rxq->bd,
436 dma_free_coherent(&il->pci_dev->dev, sizeof(struct il_rb_status),
437 rxq->rb_stts, rxq->rb_stts_dma);
442 int il4965_rxq_stop(struct il_priv *il)
446 il_wr(il, FH49_MEM_RCSR_CHNL0_CONFIG_REG, 0);
447 il_poll_bit(il, FH49_MEM_RSSR_RX_STATUS_REG,
448 FH49_RSSR_CHNL0_RX_STATUS_CHNL_IDLE, 1000);
453 int il4965_hwrate_to_mac80211_idx(u32 rate_n_flags, enum ieee80211_band band)
458 /* HT rate format: mac80211 wants an MCS number, which is just LSB */
459 if (rate_n_flags & RATE_MCS_HT_MSK) {
460 idx = (rate_n_flags & 0xff);
462 /* Legacy rate format, search for match in table */
464 if (band == IEEE80211_BAND_5GHZ)
465 band_offset = IL_FIRST_OFDM_RATE;
466 for (idx = band_offset; idx < RATE_COUNT_LEGACY; idx++)
467 if (il_rates[idx].plcp == (rate_n_flags & 0xFF))
468 return idx - band_offset;
474 static int il4965_calc_rssi(struct il_priv *il,
475 struct il_rx_phy_res *rx_resp)
477 /* data from PHY/DSP regarding signal strength, etc.,
478 * contents are always there, not configurable by host. */
479 struct il4965_rx_non_cfg_phy *ncphy =
480 (struct il4965_rx_non_cfg_phy *)rx_resp->non_cfg_phy_buf;
481 u32 agc = (le16_to_cpu(ncphy->agc_info) & IL49_AGC_DB_MASK)
485 (le16_to_cpu(rx_resp->phy_flags) & IL49_RX_PHY_FLAGS_ANTENNAE_MASK)
486 >> IL49_RX_PHY_FLAGS_ANTENNAE_OFFSET;
490 /* Find max rssi among 3 possible receivers.
491 * These values are measured by the digital signal processor (DSP).
492 * They should stay fairly constant even as the signal strength varies,
493 * if the radio's automatic gain control (AGC) is working right.
494 * AGC value (see below) will provide the "interesting" info. */
495 for (i = 0; i < 3; i++)
496 if (valid_antennae & (1 << i))
497 max_rssi = max(ncphy->rssi_info[i << 1], max_rssi);
499 D_STATS("Rssi In A %d B %d C %d Max %d AGC dB %d\n",
500 ncphy->rssi_info[0], ncphy->rssi_info[2], ncphy->rssi_info[4],
503 /* dBm = max_rssi dB - agc dB - constant.
504 * Higher AGC (higher radio gain) means lower signal. */
505 return max_rssi - agc - IL4965_RSSI_OFFSET;
509 static u32 il4965_translate_rx_status(struct il_priv *il, u32 decrypt_in)
513 if ((decrypt_in & RX_RES_STATUS_STATION_FOUND) ==
514 RX_RES_STATUS_STATION_FOUND)
515 decrypt_out |= (RX_RES_STATUS_STATION_FOUND |
516 RX_RES_STATUS_NO_STATION_INFO_MISMATCH);
518 decrypt_out |= (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK);
520 /* packet was not encrypted */
521 if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) ==
522 RX_RES_STATUS_SEC_TYPE_NONE)
525 /* packet was encrypted with unknown alg */
526 if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) ==
527 RX_RES_STATUS_SEC_TYPE_ERR)
530 /* decryption was not done in HW */
531 if ((decrypt_in & RX_MPDU_RES_STATUS_DEC_DONE_MSK) !=
532 RX_MPDU_RES_STATUS_DEC_DONE_MSK)
535 switch (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) {
537 case RX_RES_STATUS_SEC_TYPE_CCMP:
538 /* alg is CCM: check MIC only */
539 if (!(decrypt_in & RX_MPDU_RES_STATUS_MIC_OK))
541 decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC;
543 decrypt_out |= RX_RES_STATUS_DECRYPT_OK;
547 case RX_RES_STATUS_SEC_TYPE_TKIP:
548 if (!(decrypt_in & RX_MPDU_RES_STATUS_TTAK_OK)) {
550 decrypt_out |= RX_RES_STATUS_BAD_KEY_TTAK;
553 /* fall through if TTAK OK */
555 if (!(decrypt_in & RX_MPDU_RES_STATUS_ICV_OK))
556 decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC;
558 decrypt_out |= RX_RES_STATUS_DECRYPT_OK;
562 D_RX("decrypt_in:0x%x decrypt_out = 0x%x\n",
563 decrypt_in, decrypt_out);
568 static void il4965_pass_packet_to_mac80211(struct il_priv *il,
569 struct ieee80211_hdr *hdr,
572 struct il_rx_buf *rxb,
573 struct ieee80211_rx_status *stats)
576 __le16 fc = hdr->frame_control;
578 /* We only process data packets if the interface is open */
579 if (unlikely(!il->is_open)) {
581 "Dropping packet while interface is not open.\n");
585 /* In case of HW accelerated crypto and bad decryption, drop */
586 if (!il->cfg->mod_params->sw_crypto &&
587 il_set_decrypted_flag(il, hdr, ampdu_status, stats))
590 skb = dev_alloc_skb(128);
592 IL_ERR("dev_alloc_skb failed\n");
596 skb_add_rx_frag(skb, 0, rxb->page, (void *)hdr - rxb_addr(rxb), len);
598 il_update_stats(il, false, fc, len);
599 memcpy(IEEE80211_SKB_RXCB(skb), stats, sizeof(*stats));
601 ieee80211_rx(il->hw, skb);
602 il->alloc_rxb_page--;
606 /* Called for N_RX (legacy ABG frames), or
607 * N_RX_MPDU (HT high-throughput N frames). */
608 void il4965_hdl_rx(struct il_priv *il,
609 struct il_rx_buf *rxb)
611 struct ieee80211_hdr *header;
612 struct ieee80211_rx_status rx_status;
613 struct il_rx_pkt *pkt = rxb_addr(rxb);
614 struct il_rx_phy_res *phy_res;
615 __le32 rx_pkt_status;
616 struct il_rx_mpdu_res_start *amsdu;
622 * N_RX and N_RX_MPDU are handled differently.
623 * N_RX: physical layer info is in this buffer
624 * N_RX_MPDU: physical layer info was sent in separate
625 * command and cached in il->last_phy_res
627 * Here we set up local variables depending on which command is
630 if (pkt->hdr.cmd == N_RX) {
631 phy_res = (struct il_rx_phy_res *)pkt->u.raw;
632 header = (struct ieee80211_hdr *)(pkt->u.raw + sizeof(*phy_res)
633 + phy_res->cfg_phy_cnt);
635 len = le16_to_cpu(phy_res->byte_count);
636 rx_pkt_status = *(__le32 *)(pkt->u.raw + sizeof(*phy_res) +
637 phy_res->cfg_phy_cnt + len);
638 ampdu_status = le32_to_cpu(rx_pkt_status);
640 if (!il->_4965.last_phy_res_valid) {
641 IL_ERR("MPDU frame without cached PHY data\n");
644 phy_res = &il->_4965.last_phy_res;
645 amsdu = (struct il_rx_mpdu_res_start *)pkt->u.raw;
646 header = (struct ieee80211_hdr *)(pkt->u.raw + sizeof(*amsdu));
647 len = le16_to_cpu(amsdu->byte_count);
648 rx_pkt_status = *(__le32 *)(pkt->u.raw + sizeof(*amsdu) + len);
649 ampdu_status = il4965_translate_rx_status(il,
650 le32_to_cpu(rx_pkt_status));
653 if ((unlikely(phy_res->cfg_phy_cnt > 20))) {
654 D_DROP("dsp size out of range [0,20]: %d/n",
655 phy_res->cfg_phy_cnt);
659 if (!(rx_pkt_status & RX_RES_STATUS_NO_CRC32_ERROR) ||
660 !(rx_pkt_status & RX_RES_STATUS_NO_RXE_OVERFLOW)) {
661 D_RX("Bad CRC or FIFO: 0x%08X.\n",
662 le32_to_cpu(rx_pkt_status));
666 /* This will be used in several places later */
667 rate_n_flags = le32_to_cpu(phy_res->rate_n_flags);
669 /* rx_status carries information about the packet to mac80211 */
670 rx_status.mactime = le64_to_cpu(phy_res->timestamp);
671 rx_status.band = (phy_res->phy_flags & RX_RES_PHY_FLAGS_BAND_24_MSK) ?
672 IEEE80211_BAND_2GHZ : IEEE80211_BAND_5GHZ;
674 ieee80211_channel_to_frequency(le16_to_cpu(phy_res->channel),
677 il4965_hwrate_to_mac80211_idx(rate_n_flags, rx_status.band);
680 /* TSF isn't reliable. In order to allow smooth user experience,
681 * this W/A doesn't propagate it to the mac80211 */
682 /*rx_status.flag |= RX_FLAG_MACTIME_MPDU;*/
684 il->ucode_beacon_time = le32_to_cpu(phy_res->beacon_time_stamp);
686 /* Find max signal strength (dBm) among 3 antenna/receiver chains */
687 rx_status.signal = il4965_calc_rssi(il, phy_res);
689 il_dbg_log_rx_data_frame(il, len, header);
690 D_STATS("Rssi %d, TSF %llu\n",
691 rx_status.signal, (unsigned long long)rx_status.mactime);
696 * It seems that the antenna field in the phy flags value
697 * is actually a bit field. This is undefined by radiotap,
698 * it wants an actual antenna number but I always get "7"
699 * for most legacy frames I receive indicating that the
700 * same frame was received on all three RX chains.
702 * I think this field should be removed in favor of a
703 * new 802.11n radiotap field "RX chains" that is defined
707 (le16_to_cpu(phy_res->phy_flags) & RX_RES_PHY_FLAGS_ANTENNA_MSK)
708 >> RX_RES_PHY_FLAGS_ANTENNA_POS;
710 /* set the preamble flag if appropriate */
711 if (phy_res->phy_flags & RX_RES_PHY_FLAGS_SHORT_PREAMBLE_MSK)
712 rx_status.flag |= RX_FLAG_SHORTPRE;
714 /* Set up the HT phy flags */
715 if (rate_n_flags & RATE_MCS_HT_MSK)
716 rx_status.flag |= RX_FLAG_HT;
717 if (rate_n_flags & RATE_MCS_HT40_MSK)
718 rx_status.flag |= RX_FLAG_40MHZ;
719 if (rate_n_flags & RATE_MCS_SGI_MSK)
720 rx_status.flag |= RX_FLAG_SHORT_GI;
722 il4965_pass_packet_to_mac80211(il, header, len, ampdu_status,
726 /* Cache phy data (Rx signal strength, etc) for HT frame (N_RX_PHY).
727 * This will be used later in il_hdl_rx() for N_RX_MPDU. */
728 void il4965_hdl_rx_phy(struct il_priv *il,
729 struct il_rx_buf *rxb)
731 struct il_rx_pkt *pkt = rxb_addr(rxb);
732 il->_4965.last_phy_res_valid = true;
733 memcpy(&il->_4965.last_phy_res, pkt->u.raw,
734 sizeof(struct il_rx_phy_res));
737 static int il4965_get_channels_for_scan(struct il_priv *il,
738 struct ieee80211_vif *vif,
739 enum ieee80211_band band,
740 u8 is_active, u8 n_probes,
741 struct il_scan_channel *scan_ch)
743 struct ieee80211_channel *chan;
744 const struct ieee80211_supported_band *sband;
745 const struct il_channel_info *ch_info;
746 u16 passive_dwell = 0;
747 u16 active_dwell = 0;
751 sband = il_get_hw_mode(il, band);
755 active_dwell = il_get_active_dwell_time(il, band, n_probes);
756 passive_dwell = il_get_passive_dwell_time(il, band, vif);
758 if (passive_dwell <= active_dwell)
759 passive_dwell = active_dwell + 1;
761 for (i = 0, added = 0; i < il->scan_request->n_channels; i++) {
762 chan = il->scan_request->channels[i];
764 if (chan->band != band)
767 channel = chan->hw_value;
768 scan_ch->channel = cpu_to_le16(channel);
770 ch_info = il_get_channel_info(il, band, channel);
771 if (!il_is_channel_valid(ch_info)) {
773 "Channel %d is INVALID for this band.\n",
778 if (!is_active || il_is_channel_passive(ch_info) ||
779 (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN))
780 scan_ch->type = SCAN_CHANNEL_TYPE_PASSIVE;
782 scan_ch->type = SCAN_CHANNEL_TYPE_ACTIVE;
785 scan_ch->type |= IL_SCAN_PROBE_MASK(n_probes);
787 scan_ch->active_dwell = cpu_to_le16(active_dwell);
788 scan_ch->passive_dwell = cpu_to_le16(passive_dwell);
790 /* Set txpower levels to defaults */
791 scan_ch->dsp_atten = 110;
793 /* NOTE: if we were doing 6Mb OFDM for scans we'd use
795 * scan_ch->tx_gain = ((1 << 5) | (2 << 3)) | 3;
797 if (band == IEEE80211_BAND_5GHZ)
798 scan_ch->tx_gain = ((1 << 5) | (3 << 3)) | 3;
800 scan_ch->tx_gain = ((1 << 5) | (5 << 3));
802 D_SCAN("Scanning ch=%d prob=0x%X [%s %d]\n",
803 channel, le32_to_cpu(scan_ch->type),
804 (scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ?
805 "ACTIVE" : "PASSIVE",
806 (scan_ch->type & SCAN_CHANNEL_TYPE_ACTIVE) ?
807 active_dwell : passive_dwell);
813 D_SCAN("total channels to scan %d\n", added);
817 static inline u32 il4965_ant_idx_to_flags(u8 ant_idx)
819 return BIT(ant_idx) << RATE_MCS_ANT_POS;
822 int il4965_request_scan(struct il_priv *il, struct ieee80211_vif *vif)
824 struct il_host_cmd cmd = {
826 .len = sizeof(struct il_scan_cmd),
827 .flags = CMD_SIZE_HUGE,
829 struct il_scan_cmd *scan;
830 struct il_rxon_context *ctx = &il->ctx;
834 enum ieee80211_band band;
836 u8 rx_ant = il->hw_params.valid_rx_ant;
838 bool is_active = false;
841 u8 scan_tx_antennas = il->hw_params.valid_tx_ant;
844 lockdep_assert_held(&il->mutex);
847 ctx = il_rxon_ctx_from_vif(vif);
850 il->scan_cmd = kmalloc(sizeof(struct il_scan_cmd) +
851 IL_MAX_SCAN_SIZE, GFP_KERNEL);
854 "fail to allocate memory for scan\n");
859 memset(scan, 0, sizeof(struct il_scan_cmd) + IL_MAX_SCAN_SIZE);
861 scan->quiet_plcp_th = IL_PLCP_QUIET_THRESH;
862 scan->quiet_time = IL_ACTIVE_QUIET_TIME;
864 if (il_is_any_associated(il)) {
867 u32 suspend_time = 100;
868 u32 scan_suspend_time = 100;
870 D_INFO("Scanning while associated...\n");
871 interval = vif->bss_conf.beacon_int;
873 scan->suspend_time = 0;
874 scan->max_out_time = cpu_to_le32(200 * 1024);
876 interval = suspend_time;
878 extra = (suspend_time / interval) << 22;
879 scan_suspend_time = (extra |
880 ((suspend_time % interval) * 1024));
881 scan->suspend_time = cpu_to_le32(scan_suspend_time);
882 D_SCAN("suspend_time 0x%X beacon interval %d\n",
883 scan_suspend_time, interval);
886 if (il->scan_request->n_ssids) {
888 D_SCAN("Kicking off active scan\n");
889 for (i = 0; i < il->scan_request->n_ssids; i++) {
890 /* always does wildcard anyway */
891 if (!il->scan_request->ssids[i].ssid_len)
893 scan->direct_scan[p].id = WLAN_EID_SSID;
894 scan->direct_scan[p].len =
895 il->scan_request->ssids[i].ssid_len;
896 memcpy(scan->direct_scan[p].ssid,
897 il->scan_request->ssids[i].ssid,
898 il->scan_request->ssids[i].ssid_len);
904 D_SCAN("Start passive scan.\n");
906 scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK;
907 scan->tx_cmd.sta_id = ctx->bcast_sta_id;
908 scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
910 switch (il->scan_band) {
911 case IEEE80211_BAND_2GHZ:
912 scan->flags = RXON_FLG_BAND_24G_MSK | RXON_FLG_AUTO_DETECT_MSK;
913 chan_mod = le32_to_cpu(
914 il->ctx.active.flags &
915 RXON_FLG_CHANNEL_MODE_MSK)
916 >> RXON_FLG_CHANNEL_MODE_POS;
917 if (chan_mod == CHANNEL_MODE_PURE_40) {
921 rate_flags = RATE_MCS_CCK_MSK;
924 case IEEE80211_BAND_5GHZ:
928 IL_WARN("Invalid scan band\n");
933 * If active scanning is requested but a certain channel is
934 * marked passive, we can do active scanning if we detect
937 * There is an issue with some firmware versions that triggers
938 * a sysassert on a "good CRC threshold" of zero (== disabled),
939 * on a radar channel even though this means that we should NOT
942 * The "good CRC threshold" is the number of frames that we
943 * need to receive during our dwell time on a channel before
944 * sending out probes -- setting this to a huge value will
945 * mean we never reach it, but at the same time work around
946 * the aforementioned issue. Thus use IL_GOOD_CRC_TH_NEVER
947 * here instead of IL_GOOD_CRC_TH_DISABLED.
949 scan->good_CRC_th = is_active ? IL_GOOD_CRC_TH_DEFAULT :
950 IL_GOOD_CRC_TH_NEVER;
952 band = il->scan_band;
954 if (il->cfg->scan_rx_antennas[band])
955 rx_ant = il->cfg->scan_rx_antennas[band];
957 il->scan_tx_ant[band] = il4965_toggle_tx_ant(il,
958 il->scan_tx_ant[band],
960 rate_flags |= il4965_ant_idx_to_flags(il->scan_tx_ant[band]);
961 scan->tx_cmd.rate_n_flags = il4965_hw_set_rate_n_flags(rate, rate_flags);
963 /* In power save mode use one chain, otherwise use all chains */
964 if (test_bit(S_POWER_PMI, &il->status)) {
965 /* rx_ant has been set to all valid chains previously */
966 active_chains = rx_ant &
967 ((u8)(il->chain_noise_data.active_chains));
969 active_chains = rx_ant;
971 D_SCAN("chain_noise_data.active_chains: %u\n",
972 il->chain_noise_data.active_chains);
974 rx_ant = il4965_first_antenna(active_chains);
977 /* MIMO is not used here, but value is required */
978 rx_chain |= il->hw_params.valid_rx_ant << RXON_RX_CHAIN_VALID_POS;
979 rx_chain |= rx_ant << RXON_RX_CHAIN_FORCE_MIMO_SEL_POS;
980 rx_chain |= rx_ant << RXON_RX_CHAIN_FORCE_SEL_POS;
981 rx_chain |= 0x1 << RXON_RX_CHAIN_DRIVER_FORCE_POS;
982 scan->rx_chain = cpu_to_le16(rx_chain);
984 cmd_len = il_fill_probe_req(il,
985 (struct ieee80211_mgmt *)scan->data,
987 il->scan_request->ie,
988 il->scan_request->ie_len,
989 IL_MAX_SCAN_SIZE - sizeof(*scan));
990 scan->tx_cmd.len = cpu_to_le16(cmd_len);
992 scan->filter_flags |= (RXON_FILTER_ACCEPT_GRP_MSK |
993 RXON_FILTER_BCON_AWARE_MSK);
995 scan->channel_count = il4965_get_channels_for_scan(il, vif, band,
997 (void *)&scan->data[cmd_len]);
998 if (scan->channel_count == 0) {
999 D_SCAN("channel count %d\n", scan->channel_count);
1003 cmd.len += le16_to_cpu(scan->tx_cmd.len) +
1004 scan->channel_count * sizeof(struct il_scan_channel);
1006 scan->len = cpu_to_le16(cmd.len);
1008 set_bit(S_SCAN_HW, &il->status);
1010 ret = il_send_cmd_sync(il, &cmd);
1012 clear_bit(S_SCAN_HW, &il->status);
1017 int il4965_manage_ibss_station(struct il_priv *il,
1018 struct ieee80211_vif *vif, bool add)
1020 struct il_vif_priv *vif_priv = (void *)vif->drv_priv;
1023 return il4965_add_bssid_station(il, vif_priv->ctx,
1024 vif->bss_conf.bssid,
1025 &vif_priv->ibss_bssid_sta_id);
1026 return il_remove_station(il, vif_priv->ibss_bssid_sta_id,
1027 vif->bss_conf.bssid);
1030 void il4965_free_tfds_in_queue(struct il_priv *il,
1031 int sta_id, int tid, int freed)
1033 lockdep_assert_held(&il->sta_lock);
1035 if (il->stations[sta_id].tid[tid].tfds_in_queue >= freed)
1036 il->stations[sta_id].tid[tid].tfds_in_queue -= freed;
1038 D_TX("free more than tfds_in_queue (%u:%d)\n",
1039 il->stations[sta_id].tid[tid].tfds_in_queue,
1041 il->stations[sta_id].tid[tid].tfds_in_queue = 0;
1045 #define IL_TX_QUEUE_MSK 0xfffff
1047 static bool il4965_is_single_rx_stream(struct il_priv *il)
1049 return il->current_ht_config.smps == IEEE80211_SMPS_STATIC ||
1050 il->current_ht_config.single_chain_sufficient;
1053 #define IL_NUM_RX_CHAINS_MULTIPLE 3
1054 #define IL_NUM_RX_CHAINS_SINGLE 2
1055 #define IL_NUM_IDLE_CHAINS_DUAL 2
1056 #define IL_NUM_IDLE_CHAINS_SINGLE 1
1059 * Determine how many receiver/antenna chains to use.
1061 * More provides better reception via diversity. Fewer saves power
1062 * at the expense of throughput, but only when not in powersave to
1065 * MIMO (dual stream) requires at least 2, but works better with 3.
1066 * This does not determine *which* chains to use, just how many.
1068 static int il4965_get_active_rx_chain_count(struct il_priv *il)
1070 /* # of Rx chains to use when expecting MIMO. */
1071 if (il4965_is_single_rx_stream(il))
1072 return IL_NUM_RX_CHAINS_SINGLE;
1074 return IL_NUM_RX_CHAINS_MULTIPLE;
1078 * When we are in power saving mode, unless device support spatial
1079 * multiplexing power save, use the active count for rx chain count.
1082 il4965_get_idle_rx_chain_count(struct il_priv *il, int active_cnt)
1084 /* # Rx chains when idling, depending on SMPS mode */
1085 switch (il->current_ht_config.smps) {
1086 case IEEE80211_SMPS_STATIC:
1087 case IEEE80211_SMPS_DYNAMIC:
1088 return IL_NUM_IDLE_CHAINS_SINGLE;
1089 case IEEE80211_SMPS_OFF:
1092 WARN(1, "invalid SMPS mode %d",
1093 il->current_ht_config.smps);
1098 /* up to 4 chains */
1099 static u8 il4965_count_chain_bitmap(u32 chain_bitmap)
1102 res = (chain_bitmap & BIT(0)) >> 0;
1103 res += (chain_bitmap & BIT(1)) >> 1;
1104 res += (chain_bitmap & BIT(2)) >> 2;
1105 res += (chain_bitmap & BIT(3)) >> 3;
1110 * il4965_set_rxon_chain - Set up Rx chain usage in "staging" RXON image
1112 * Selects how many and which Rx receivers/antennas/chains to use.
1113 * This should not be used for scan command ... it puts data in wrong place.
1115 void il4965_set_rxon_chain(struct il_priv *il, struct il_rxon_context *ctx)
1117 bool is_single = il4965_is_single_rx_stream(il);
1118 bool is_cam = !test_bit(S_POWER_PMI, &il->status);
1119 u8 idle_rx_cnt, active_rx_cnt, valid_rx_cnt;
1123 /* Tell uCode which antennas are actually connected.
1124 * Before first association, we assume all antennas are connected.
1125 * Just after first association, il4965_chain_noise_calibration()
1126 * checks which antennas actually *are* connected. */
1127 if (il->chain_noise_data.active_chains)
1128 active_chains = il->chain_noise_data.active_chains;
1130 active_chains = il->hw_params.valid_rx_ant;
1132 rx_chain = active_chains << RXON_RX_CHAIN_VALID_POS;
1134 /* How many receivers should we use? */
1135 active_rx_cnt = il4965_get_active_rx_chain_count(il);
1136 idle_rx_cnt = il4965_get_idle_rx_chain_count(il, active_rx_cnt);
1139 /* correct rx chain count according hw settings
1140 * and chain noise calibration
1142 valid_rx_cnt = il4965_count_chain_bitmap(active_chains);
1143 if (valid_rx_cnt < active_rx_cnt)
1144 active_rx_cnt = valid_rx_cnt;
1146 if (valid_rx_cnt < idle_rx_cnt)
1147 idle_rx_cnt = valid_rx_cnt;
1149 rx_chain |= active_rx_cnt << RXON_RX_CHAIN_MIMO_CNT_POS;
1150 rx_chain |= idle_rx_cnt << RXON_RX_CHAIN_CNT_POS;
1152 ctx->staging.rx_chain = cpu_to_le16(rx_chain);
1154 if (!is_single && active_rx_cnt >= IL_NUM_RX_CHAINS_SINGLE && is_cam)
1155 ctx->staging.rx_chain |= RXON_RX_CHAIN_MIMO_FORCE_MSK;
1157 ctx->staging.rx_chain &= ~RXON_RX_CHAIN_MIMO_FORCE_MSK;
1159 D_ASSOC("rx_chain=0x%X active=%d idle=%d\n",
1160 ctx->staging.rx_chain,
1161 active_rx_cnt, idle_rx_cnt);
1163 WARN_ON(active_rx_cnt == 0 || idle_rx_cnt == 0 ||
1164 active_rx_cnt < idle_rx_cnt);
1167 u8 il4965_toggle_tx_ant(struct il_priv *il, u8 ant, u8 valid)
1172 for (i = 0; i < RATE_ANT_NUM - 1; i++) {
1173 ind = (ind + 1) < RATE_ANT_NUM ? ind + 1 : 0;
1174 if (valid & BIT(ind))
1180 static const char *il4965_get_fh_string(int cmd)
1183 IL_CMD(FH49_RSCSR_CHNL0_STTS_WPTR_REG);
1184 IL_CMD(FH49_RSCSR_CHNL0_RBDCB_BASE_REG);
1185 IL_CMD(FH49_RSCSR_CHNL0_WPTR);
1186 IL_CMD(FH49_MEM_RCSR_CHNL0_CONFIG_REG);
1187 IL_CMD(FH49_MEM_RSSR_SHARED_CTRL_REG);
1188 IL_CMD(FH49_MEM_RSSR_RX_STATUS_REG);
1189 IL_CMD(FH49_MEM_RSSR_RX_ENABLE_ERR_IRQ2DRV);
1190 IL_CMD(FH49_TSSR_TX_STATUS_REG);
1191 IL_CMD(FH49_TSSR_TX_ERROR_REG);
1197 int il4965_dump_fh(struct il_priv *il, char **buf, bool display)
1200 #ifdef CONFIG_IWLEGACY_DEBUG
1204 static const u32 fh_tbl[] = {
1205 FH49_RSCSR_CHNL0_STTS_WPTR_REG,
1206 FH49_RSCSR_CHNL0_RBDCB_BASE_REG,
1207 FH49_RSCSR_CHNL0_WPTR,
1208 FH49_MEM_RCSR_CHNL0_CONFIG_REG,
1209 FH49_MEM_RSSR_SHARED_CTRL_REG,
1210 FH49_MEM_RSSR_RX_STATUS_REG,
1211 FH49_MEM_RSSR_RX_ENABLE_ERR_IRQ2DRV,
1212 FH49_TSSR_TX_STATUS_REG,
1213 FH49_TSSR_TX_ERROR_REG
1215 #ifdef CONFIG_IWLEGACY_DEBUG
1217 bufsz = ARRAY_SIZE(fh_tbl) * 48 + 40;
1218 *buf = kmalloc(bufsz, GFP_KERNEL);
1221 pos += scnprintf(*buf + pos, bufsz - pos,
1222 "FH register values:\n");
1223 for (i = 0; i < ARRAY_SIZE(fh_tbl); i++) {
1224 pos += scnprintf(*buf + pos, bufsz - pos,
1226 il4965_get_fh_string(fh_tbl[i]),
1227 il_rd(il, fh_tbl[i]));
1232 IL_ERR("FH register values:\n");
1233 for (i = 0; i < ARRAY_SIZE(fh_tbl); i++) {
1234 IL_ERR(" %34s: 0X%08x\n",
1235 il4965_get_fh_string(fh_tbl[i]),
1236 il_rd(il, fh_tbl[i]));
1240 void il4965_hdl_missed_beacon(struct il_priv *il,
1241 struct il_rx_buf *rxb)
1244 struct il_rx_pkt *pkt = rxb_addr(rxb);
1245 struct il_missed_beacon_notif *missed_beacon;
1247 missed_beacon = &pkt->u.missed_beacon;
1248 if (le32_to_cpu(missed_beacon->consecutive_missed_beacons) >
1249 il->missed_beacon_threshold) {
1251 "missed bcn cnsq %d totl %d rcd %d expctd %d\n",
1252 le32_to_cpu(missed_beacon->consecutive_missed_beacons),
1253 le32_to_cpu(missed_beacon->total_missed_becons),
1254 le32_to_cpu(missed_beacon->num_recvd_beacons),
1255 le32_to_cpu(missed_beacon->num_expected_beacons));
1256 if (!test_bit(S_SCANNING, &il->status))
1257 il4965_init_sensitivity(il);
1261 /* Calculate noise level, based on measurements during network silence just
1262 * before arriving beacon. This measurement can be done only if we know
1263 * exactly when to expect beacons, therefore only when we're associated. */
1264 static void il4965_rx_calc_noise(struct il_priv *il)
1266 struct stats_rx_non_phy *rx_info;
1267 int num_active_rx = 0;
1268 int total_silence = 0;
1269 int bcn_silence_a, bcn_silence_b, bcn_silence_c;
1272 rx_info = &(il->_4965.stats.rx.general);
1274 le32_to_cpu(rx_info->beacon_silence_rssi_a) & IN_BAND_FILTER;
1276 le32_to_cpu(rx_info->beacon_silence_rssi_b) & IN_BAND_FILTER;
1278 le32_to_cpu(rx_info->beacon_silence_rssi_c) & IN_BAND_FILTER;
1280 if (bcn_silence_a) {
1281 total_silence += bcn_silence_a;
1284 if (bcn_silence_b) {
1285 total_silence += bcn_silence_b;
1288 if (bcn_silence_c) {
1289 total_silence += bcn_silence_c;
1293 /* Average among active antennas */
1295 last_rx_noise = (total_silence / num_active_rx) - 107;
1297 last_rx_noise = IL_NOISE_MEAS_NOT_AVAILABLE;
1299 D_CALIB("inband silence a %u, b %u, c %u, dBm %d\n",
1300 bcn_silence_a, bcn_silence_b, bcn_silence_c,
1304 #ifdef CONFIG_IWLEGACY_DEBUGFS
1306 * based on the assumption of all stats counter are in DWORD
1307 * FIXME: This function is for debugging, do not deal with
1308 * the case of counters roll-over.
1310 static void il4965_accumulative_stats(struct il_priv *il,
1316 u32 *delta, *max_delta;
1317 struct stats_general_common *general, *accum_general;
1318 struct stats_tx *tx, *accum_tx;
1320 prev_stats = (__le32 *)&il->_4965.stats;
1321 accum_stats = (u32 *)&il->_4965.accum_stats;
1322 size = sizeof(struct il_notif_stats);
1323 general = &il->_4965.stats.general.common;
1324 accum_general = &il->_4965.accum_stats.general.common;
1325 tx = &il->_4965.stats.tx;
1326 accum_tx = &il->_4965.accum_stats.tx;
1327 delta = (u32 *)&il->_4965.delta_stats;
1328 max_delta = (u32 *)&il->_4965.max_delta;
1330 for (i = sizeof(__le32); i < size;
1331 i += sizeof(__le32), stats++, prev_stats++, delta++,
1332 max_delta++, accum_stats++) {
1333 if (le32_to_cpu(*stats) > le32_to_cpu(*prev_stats)) {
1334 *delta = (le32_to_cpu(*stats) -
1335 le32_to_cpu(*prev_stats));
1336 *accum_stats += *delta;
1337 if (*delta > *max_delta)
1338 *max_delta = *delta;
1342 /* reset accumulative stats for "no-counter" type stats */
1343 accum_general->temperature = general->temperature;
1344 accum_general->ttl_timestamp = general->ttl_timestamp;
1348 #define REG_RECALIB_PERIOD (60)
1350 void il4965_hdl_stats(struct il_priv *il,
1351 struct il_rx_buf *rxb)
1354 struct il_rx_pkt *pkt = rxb_addr(rxb);
1357 "Statistics notification received (%d vs %d).\n",
1358 (int)sizeof(struct il_notif_stats),
1359 le32_to_cpu(pkt->len_n_flags) &
1360 IL_RX_FRAME_SIZE_MSK);
1362 change = ((il->_4965.stats.general.common.temperature !=
1363 pkt->u.stats.general.common.temperature) ||
1364 ((il->_4965.stats.flag &
1365 STATS_REPLY_FLG_HT40_MODE_MSK) !=
1366 (pkt->u.stats.flag &
1367 STATS_REPLY_FLG_HT40_MODE_MSK)));
1368 #ifdef CONFIG_IWLEGACY_DEBUGFS
1369 il4965_accumulative_stats(il, (__le32 *)&pkt->u.stats);
1372 /* TODO: reading some of stats is unneeded */
1373 memcpy(&il->_4965.stats, &pkt->u.stats,
1374 sizeof(il->_4965.stats));
1376 set_bit(S_STATS, &il->status);
1378 /* Reschedule the stats timer to occur in
1379 * REG_RECALIB_PERIOD seconds to ensure we get a
1380 * thermal update even if the uCode doesn't give
1382 mod_timer(&il->stats_periodic, jiffies +
1383 msecs_to_jiffies(REG_RECALIB_PERIOD * 1000));
1385 if (unlikely(!test_bit(S_SCANNING, &il->status)) &&
1386 (pkt->hdr.cmd == N_STATS)) {
1387 il4965_rx_calc_noise(il);
1388 queue_work(il->workqueue, &il->run_time_calib_work);
1390 if (il->cfg->ops->lib->temp_ops.temperature && change)
1391 il->cfg->ops->lib->temp_ops.temperature(il);
1394 void il4965_hdl_c_stats(struct il_priv *il,
1395 struct il_rx_buf *rxb)
1397 struct il_rx_pkt *pkt = rxb_addr(rxb);
1399 if (le32_to_cpu(pkt->u.stats.flag) & UCODE_STATS_CLEAR_MSK) {
1400 #ifdef CONFIG_IWLEGACY_DEBUGFS
1401 memset(&il->_4965.accum_stats, 0,
1402 sizeof(struct il_notif_stats));
1403 memset(&il->_4965.delta_stats, 0,
1404 sizeof(struct il_notif_stats));
1405 memset(&il->_4965.max_delta, 0,
1406 sizeof(struct il_notif_stats));
1408 D_RX("Statistics have been cleared\n");
1410 il4965_hdl_stats(il, rxb);
1415 * mac80211 queues, ACs, hardware queues, FIFOs.
1417 * Cf. http://wireless.kernel.org/en/developers/Documentation/mac80211/queues
1419 * Mac80211 uses the following numbers, which we get as from it
1420 * by way of skb_get_queue_mapping(skb):
1428 * Regular (not A-MPDU) frames are put into hardware queues corresponding
1429 * to the FIFOs, see comments in iwl-prph.h. Aggregated frames get their
1430 * own queue per aggregation session (RA/TID combination), such queues are
1431 * set up to map into FIFOs too, for which we need an AC->FIFO mapping. In
1432 * order to map frames to the right queue, we also need an AC->hw queue
1433 * mapping. This is implemented here.
1435 * Due to the way hw queues are set up (by the hw specific modules like
1436 * 4965.c), the AC->hw queue mapping is the identity
1440 static const u8 tid_to_ac[] = {
1451 static inline int il4965_get_ac_from_tid(u16 tid)
1453 if (likely(tid < ARRAY_SIZE(tid_to_ac)))
1454 return tid_to_ac[tid];
1456 /* no support for TIDs 8-15 yet */
1461 il4965_get_fifo_from_tid(struct il_rxon_context *ctx, u16 tid)
1463 if (likely(tid < ARRAY_SIZE(tid_to_ac)))
1464 return ctx->ac_to_fifo[tid_to_ac[tid]];
1466 /* no support for TIDs 8-15 yet */
1471 * handle build C_TX command notification.
1473 static void il4965_tx_cmd_build_basic(struct il_priv *il,
1474 struct sk_buff *skb,
1475 struct il_tx_cmd *tx_cmd,
1476 struct ieee80211_tx_info *info,
1477 struct ieee80211_hdr *hdr,
1480 __le16 fc = hdr->frame_control;
1481 __le32 tx_flags = tx_cmd->tx_flags;
1483 tx_cmd->stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
1484 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK)) {
1485 tx_flags |= TX_CMD_FLG_ACK_MSK;
1486 if (ieee80211_is_mgmt(fc))
1487 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
1488 if (ieee80211_is_probe_resp(fc) &&
1489 !(le16_to_cpu(hdr->seq_ctrl) & 0xf))
1490 tx_flags |= TX_CMD_FLG_TSF_MSK;
1492 tx_flags &= (~TX_CMD_FLG_ACK_MSK);
1493 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
1496 if (ieee80211_is_back_req(fc))
1497 tx_flags |= TX_CMD_FLG_ACK_MSK | TX_CMD_FLG_IMM_BA_RSP_MASK;
1499 tx_cmd->sta_id = std_id;
1500 if (ieee80211_has_morefrags(fc))
1501 tx_flags |= TX_CMD_FLG_MORE_FRAG_MSK;
1503 if (ieee80211_is_data_qos(fc)) {
1504 u8 *qc = ieee80211_get_qos_ctl(hdr);
1505 tx_cmd->tid_tspec = qc[0] & 0xf;
1506 tx_flags &= ~TX_CMD_FLG_SEQ_CTL_MSK;
1508 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
1511 il_tx_cmd_protection(il, info, fc, &tx_flags);
1513 tx_flags &= ~(TX_CMD_FLG_ANT_SEL_MSK);
1514 if (ieee80211_is_mgmt(fc)) {
1515 if (ieee80211_is_assoc_req(fc) || ieee80211_is_reassoc_req(fc))
1516 tx_cmd->timeout.pm_frame_timeout = cpu_to_le16(3);
1518 tx_cmd->timeout.pm_frame_timeout = cpu_to_le16(2);
1520 tx_cmd->timeout.pm_frame_timeout = 0;
1523 tx_cmd->driver_txop = 0;
1524 tx_cmd->tx_flags = tx_flags;
1525 tx_cmd->next_frame_len = 0;
1528 #define RTS_DFAULT_RETRY_LIMIT 60
1530 static void il4965_tx_cmd_build_rate(struct il_priv *il,
1531 struct il_tx_cmd *tx_cmd,
1532 struct ieee80211_tx_info *info,
1538 u8 data_retry_limit;
1541 /* Set retry limit on DATA packets and Probe Responses*/
1542 if (ieee80211_is_probe_resp(fc))
1543 data_retry_limit = 3;
1545 data_retry_limit = IL4965_DEFAULT_TX_RETRY;
1546 tx_cmd->data_retry_limit = data_retry_limit;
1548 /* Set retry limit on RTS packets */
1549 rts_retry_limit = RTS_DFAULT_RETRY_LIMIT;
1550 if (data_retry_limit < rts_retry_limit)
1551 rts_retry_limit = data_retry_limit;
1552 tx_cmd->rts_retry_limit = rts_retry_limit;
1554 /* DATA packets will use the uCode station table for rate/antenna
1556 if (ieee80211_is_data(fc)) {
1557 tx_cmd->initial_rate_idx = 0;
1558 tx_cmd->tx_flags |= TX_CMD_FLG_STA_RATE_MSK;
1563 * If the current TX rate stored in mac80211 has the MCS bit set, it's
1564 * not really a TX rate. Thus, we use the lowest supported rate for
1565 * this band. Also use the lowest supported rate if the stored rate
1568 rate_idx = info->control.rates[0].idx;
1569 if ((info->control.rates[0].flags & IEEE80211_TX_RC_MCS) ||
1570 rate_idx < 0 || rate_idx > RATE_COUNT_LEGACY)
1571 rate_idx = rate_lowest_index(&il->bands[info->band],
1573 /* For 5 GHZ band, remap mac80211 rate indices into driver indices */
1574 if (info->band == IEEE80211_BAND_5GHZ)
1575 rate_idx += IL_FIRST_OFDM_RATE;
1576 /* Get PLCP rate for tx_cmd->rate_n_flags */
1577 rate_plcp = il_rates[rate_idx].plcp;
1578 /* Zero out flags for this packet */
1581 /* Set CCK flag as needed */
1582 if (rate_idx >= IL_FIRST_CCK_RATE && rate_idx <= IL_LAST_CCK_RATE)
1583 rate_flags |= RATE_MCS_CCK_MSK;
1585 /* Set up antennas */
1586 il->mgmt_tx_ant = il4965_toggle_tx_ant(il, il->mgmt_tx_ant,
1587 il->hw_params.valid_tx_ant);
1589 rate_flags |= il4965_ant_idx_to_flags(il->mgmt_tx_ant);
1591 /* Set the rate in the TX cmd */
1592 tx_cmd->rate_n_flags = il4965_hw_set_rate_n_flags(rate_plcp, rate_flags);
1595 static void il4965_tx_cmd_build_hwcrypto(struct il_priv *il,
1596 struct ieee80211_tx_info *info,
1597 struct il_tx_cmd *tx_cmd,
1598 struct sk_buff *skb_frag,
1601 struct ieee80211_key_conf *keyconf = info->control.hw_key;
1603 switch (keyconf->cipher) {
1604 case WLAN_CIPHER_SUITE_CCMP:
1605 tx_cmd->sec_ctl = TX_CMD_SEC_CCM;
1606 memcpy(tx_cmd->key, keyconf->key, keyconf->keylen);
1607 if (info->flags & IEEE80211_TX_CTL_AMPDU)
1608 tx_cmd->tx_flags |= TX_CMD_FLG_AGG_CCMP_MSK;
1609 D_TX("tx_cmd with AES hwcrypto\n");
1612 case WLAN_CIPHER_SUITE_TKIP:
1613 tx_cmd->sec_ctl = TX_CMD_SEC_TKIP;
1614 ieee80211_get_tkip_p2k(keyconf, skb_frag, tx_cmd->key);
1615 D_TX("tx_cmd with tkip hwcrypto\n");
1618 case WLAN_CIPHER_SUITE_WEP104:
1619 tx_cmd->sec_ctl |= TX_CMD_SEC_KEY128;
1621 case WLAN_CIPHER_SUITE_WEP40:
1622 tx_cmd->sec_ctl |= (TX_CMD_SEC_WEP |
1623 (keyconf->keyidx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT);
1625 memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen);
1627 D_TX("Configuring packet for WEP encryption "
1628 "with key %d\n", keyconf->keyidx);
1632 IL_ERR("Unknown encode cipher %x\n", keyconf->cipher);
1638 * start C_TX command process
1640 int il4965_tx_skb(struct il_priv *il, struct sk_buff *skb)
1642 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1643 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1644 struct ieee80211_sta *sta = info->control.sta;
1645 struct il_station_priv *sta_priv = NULL;
1646 struct il_tx_queue *txq;
1648 struct il_device_cmd *out_cmd;
1649 struct il_cmd_meta *out_meta;
1650 struct il_tx_cmd *tx_cmd;
1651 struct il_rxon_context *ctx = &il->ctx;
1653 dma_addr_t phys_addr;
1654 dma_addr_t txcmd_phys;
1655 dma_addr_t scratch_phys;
1656 u16 len, firstlen, secondlen;
1661 u8 wait_write_ptr = 0;
1664 unsigned long flags;
1665 bool is_agg = false;
1667 if (info->control.vif)
1668 ctx = il_rxon_ctx_from_vif(info->control.vif);
1670 spin_lock_irqsave(&il->lock, flags);
1671 if (il_is_rfkill(il)) {
1672 D_DROP("Dropping - RF KILL\n");
1676 fc = hdr->frame_control;
1678 #ifdef CONFIG_IWLEGACY_DEBUG
1679 if (ieee80211_is_auth(fc))
1680 D_TX("Sending AUTH frame\n");
1681 else if (ieee80211_is_assoc_req(fc))
1682 D_TX("Sending ASSOC frame\n");
1683 else if (ieee80211_is_reassoc_req(fc))
1684 D_TX("Sending REASSOC frame\n");
1687 hdr_len = ieee80211_hdrlen(fc);
1689 /* For management frames use broadcast id to do not break aggregation */
1690 if (!ieee80211_is_data(fc))
1691 sta_id = ctx->bcast_sta_id;
1693 /* Find idx into station table for destination station */
1694 sta_id = il_sta_id_or_broadcast(il, ctx, info->control.sta);
1696 if (sta_id == IL_INVALID_STATION) {
1697 D_DROP("Dropping - INVALID STATION: %pM\n",
1703 D_TX("station Id %d\n", sta_id);
1706 sta_priv = (void *)sta->drv_priv;
1708 if (sta_priv && sta_priv->asleep &&
1709 (info->flags & IEEE80211_TX_CTL_POLL_RESPONSE)) {
1711 * This sends an asynchronous command to the device,
1712 * but we can rely on it being processed before the
1713 * next frame is processed -- and the next frame to
1714 * this station is the one that will consume this
1716 * For now set the counter to just 1 since we do not
1717 * support uAPSD yet.
1719 il4965_sta_modify_sleep_tx_count(il, sta_id, 1);
1723 * Send this frame after DTIM -- there's a special queue
1724 * reserved for this for contexts that support AP mode.
1726 if (info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM) {
1727 txq_id = ctx->mcast_queue;
1729 * The microcode will clear the more data
1730 * bit in the last frame it transmits.
1732 hdr->frame_control |=
1733 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1735 txq_id = ctx->ac_to_queue[skb_get_queue_mapping(skb)];
1737 /* irqs already disabled/saved above when locking il->lock */
1738 spin_lock(&il->sta_lock);
1740 if (ieee80211_is_data_qos(fc)) {
1741 qc = ieee80211_get_qos_ctl(hdr);
1742 tid = qc[0] & IEEE80211_QOS_CTL_TID_MASK;
1743 if (WARN_ON_ONCE(tid >= MAX_TID_COUNT)) {
1744 spin_unlock(&il->sta_lock);
1747 seq_number = il->stations[sta_id].tid[tid].seq_number;
1748 seq_number &= IEEE80211_SCTL_SEQ;
1749 hdr->seq_ctrl = hdr->seq_ctrl &
1750 cpu_to_le16(IEEE80211_SCTL_FRAG);
1751 hdr->seq_ctrl |= cpu_to_le16(seq_number);
1753 /* aggregation is on for this <sta,tid> */
1754 if (info->flags & IEEE80211_TX_CTL_AMPDU &&
1755 il->stations[sta_id].tid[tid].agg.state == IL_AGG_ON) {
1756 txq_id = il->stations[sta_id].tid[tid].agg.txq_id;
1761 txq = &il->txq[txq_id];
1764 if (unlikely(il_queue_space(q) < q->high_mark)) {
1765 spin_unlock(&il->sta_lock);
1769 if (ieee80211_is_data_qos(fc)) {
1770 il->stations[sta_id].tid[tid].tfds_in_queue++;
1771 if (!ieee80211_has_morefrags(fc))
1772 il->stations[sta_id].tid[tid].seq_number = seq_number;
1775 spin_unlock(&il->sta_lock);
1777 /* Set up driver data for this TFD */
1778 memset(&(txq->txb[q->write_ptr]), 0, sizeof(struct il_tx_info));
1779 txq->txb[q->write_ptr].skb = skb;
1780 txq->txb[q->write_ptr].ctx = ctx;
1782 /* Set up first empty entry in queue's array of Tx/cmd buffers */
1783 out_cmd = txq->cmd[q->write_ptr];
1784 out_meta = &txq->meta[q->write_ptr];
1785 tx_cmd = &out_cmd->cmd.tx;
1786 memset(&out_cmd->hdr, 0, sizeof(out_cmd->hdr));
1787 memset(tx_cmd, 0, sizeof(struct il_tx_cmd));
1790 * Set up the Tx-command (not MAC!) header.
1791 * Store the chosen Tx queue and TFD idx within the sequence field;
1792 * after Tx, uCode's Tx response will return this value so driver can
1793 * locate the frame within the tx queue and do post-tx processing.
1795 out_cmd->hdr.cmd = C_TX;
1796 out_cmd->hdr.sequence = cpu_to_le16((u16)(QUEUE_TO_SEQ(txq_id) |
1797 IDX_TO_SEQ(q->write_ptr)));
1799 /* Copy MAC header from skb into command buffer */
1800 memcpy(tx_cmd->hdr, hdr, hdr_len);
1803 /* Total # bytes to be transmitted */
1804 len = (u16)skb->len;
1805 tx_cmd->len = cpu_to_le16(len);
1807 if (info->control.hw_key)
1808 il4965_tx_cmd_build_hwcrypto(il, info, tx_cmd, skb, sta_id);
1810 /* TODO need this for burst mode later on */
1811 il4965_tx_cmd_build_basic(il, skb, tx_cmd, info, hdr, sta_id);
1812 il_dbg_log_tx_data_frame(il, len, hdr);
1814 il4965_tx_cmd_build_rate(il, tx_cmd, info, fc);
1816 il_update_stats(il, true, fc, len);
1818 * Use the first empty entry in this queue's command buffer array
1819 * to contain the Tx command and MAC header concatenated together
1820 * (payload data will be in another buffer).
1821 * Size of this varies, due to varying MAC header length.
1822 * If end is not dword aligned, we'll have 2 extra bytes at the end
1823 * of the MAC header (device reads on dword boundaries).
1824 * We'll tell device about this padding later.
1826 len = sizeof(struct il_tx_cmd) +
1827 sizeof(struct il_cmd_header) + hdr_len;
1828 firstlen = (len + 3) & ~3;
1830 /* Tell NIC about any 2-byte padding after MAC header */
1831 if (firstlen != len)
1832 tx_cmd->tx_flags |= TX_CMD_FLG_MH_PAD_MSK;
1834 /* Physical address of this Tx command's header (not MAC header!),
1835 * within command buffer array. */
1836 txcmd_phys = pci_map_single(il->pci_dev,
1837 &out_cmd->hdr, firstlen,
1838 PCI_DMA_BIDIRECTIONAL);
1839 dma_unmap_addr_set(out_meta, mapping, txcmd_phys);
1840 dma_unmap_len_set(out_meta, len, firstlen);
1841 /* Add buffer containing Tx command and MAC(!) header to TFD's
1843 il->cfg->ops->lib->txq_attach_buf_to_tfd(il, txq,
1844 txcmd_phys, firstlen, 1, 0);
1846 if (!ieee80211_has_morefrags(hdr->frame_control)) {
1847 txq->need_update = 1;
1850 txq->need_update = 0;
1853 /* Set up TFD's 2nd entry to point directly to remainder of skb,
1854 * if any (802.11 null frames have no payload). */
1855 secondlen = skb->len - hdr_len;
1856 if (secondlen > 0) {
1857 phys_addr = pci_map_single(il->pci_dev, skb->data + hdr_len,
1858 secondlen, PCI_DMA_TODEVICE);
1859 il->cfg->ops->lib->txq_attach_buf_to_tfd(il, txq,
1860 phys_addr, secondlen,
1864 scratch_phys = txcmd_phys + sizeof(struct il_cmd_header) +
1865 offsetof(struct il_tx_cmd, scratch);
1867 /* take back ownership of DMA buffer to enable update */
1868 pci_dma_sync_single_for_cpu(il->pci_dev, txcmd_phys,
1869 firstlen, PCI_DMA_BIDIRECTIONAL);
1870 tx_cmd->dram_lsb_ptr = cpu_to_le32(scratch_phys);
1871 tx_cmd->dram_msb_ptr = il_get_dma_hi_addr(scratch_phys);
1873 D_TX("sequence nr = 0X%x\n",
1874 le16_to_cpu(out_cmd->hdr.sequence));
1875 D_TX("tx_flags = 0X%x\n", le32_to_cpu(tx_cmd->tx_flags));
1876 il_print_hex_dump(il, IL_DL_TX, (u8 *)tx_cmd, sizeof(*tx_cmd));
1877 il_print_hex_dump(il, IL_DL_TX, (u8 *)tx_cmd->hdr, hdr_len);
1879 /* Set up entry for this TFD in Tx byte-count array */
1880 if (info->flags & IEEE80211_TX_CTL_AMPDU)
1881 il->cfg->ops->lib->txq_update_byte_cnt_tbl(il, txq,
1882 le16_to_cpu(tx_cmd->len));
1884 pci_dma_sync_single_for_device(il->pci_dev, txcmd_phys,
1885 firstlen, PCI_DMA_BIDIRECTIONAL);
1887 /* Tell device the write idx *just past* this latest filled TFD */
1888 q->write_ptr = il_queue_inc_wrap(q->write_ptr, q->n_bd);
1889 il_txq_update_write_ptr(il, txq);
1890 spin_unlock_irqrestore(&il->lock, flags);
1893 * At this point the frame is "transmitted" successfully
1894 * and we will get a TX status notification eventually,
1895 * regardless of the value of ret. "ret" only indicates
1896 * whether or not we should update the write pointer.
1900 * Avoid atomic ops if it isn't an associated client.
1901 * Also, if this is a packet for aggregation, don't
1902 * increase the counter because the ucode will stop
1903 * aggregation queues when their respective station
1906 if (sta_priv && sta_priv->client && !is_agg)
1907 atomic_inc(&sta_priv->pending_frames);
1909 if (il_queue_space(q) < q->high_mark && il->mac80211_registered) {
1910 if (wait_write_ptr) {
1911 spin_lock_irqsave(&il->lock, flags);
1912 txq->need_update = 1;
1913 il_txq_update_write_ptr(il, txq);
1914 spin_unlock_irqrestore(&il->lock, flags);
1916 il_stop_queue(il, txq);
1923 spin_unlock_irqrestore(&il->lock, flags);
1927 static inline int il4965_alloc_dma_ptr(struct il_priv *il,
1928 struct il_dma_ptr *ptr, size_t size)
1930 ptr->addr = dma_alloc_coherent(&il->pci_dev->dev, size, &ptr->dma,
1938 static inline void il4965_free_dma_ptr(struct il_priv *il,
1939 struct il_dma_ptr *ptr)
1941 if (unlikely(!ptr->addr))
1944 dma_free_coherent(&il->pci_dev->dev, ptr->size, ptr->addr, ptr->dma);
1945 memset(ptr, 0, sizeof(*ptr));
1949 * il4965_hw_txq_ctx_free - Free TXQ Context
1951 * Destroy all TX DMA queues and structures
1953 void il4965_hw_txq_ctx_free(struct il_priv *il)
1959 for (txq_id = 0; txq_id < il->hw_params.max_txq_num; txq_id++)
1960 if (txq_id == il->cmd_queue)
1961 il_cmd_queue_free(il);
1963 il_tx_queue_free(il, txq_id);
1965 il4965_free_dma_ptr(il, &il->kw);
1967 il4965_free_dma_ptr(il, &il->scd_bc_tbls);
1969 /* free tx queue structure */
1974 * il4965_txq_ctx_alloc - allocate TX queue context
1975 * Allocate all Tx DMA structures and initialize them
1978 * @return error code
1980 int il4965_txq_ctx_alloc(struct il_priv *il)
1983 int txq_id, slots_num;
1984 unsigned long flags;
1986 /* Free all tx/cmd queues and keep-warm buffer */
1987 il4965_hw_txq_ctx_free(il);
1989 ret = il4965_alloc_dma_ptr(il, &il->scd_bc_tbls,
1990 il->hw_params.scd_bc_tbls_size);
1992 IL_ERR("Scheduler BC Table allocation failed\n");
1995 /* Alloc keep-warm buffer */
1996 ret = il4965_alloc_dma_ptr(il, &il->kw, IL_KW_SIZE);
1998 IL_ERR("Keep Warm allocation failed\n");
2002 /* allocate tx queue structure */
2003 ret = il_alloc_txq_mem(il);
2007 spin_lock_irqsave(&il->lock, flags);
2009 /* Turn off all Tx DMA fifos */
2010 il4965_txq_set_sched(il, 0);
2012 /* Tell NIC where to find the "keep warm" buffer */
2013 il_wr(il, FH49_KW_MEM_ADDR_REG, il->kw.dma >> 4);
2015 spin_unlock_irqrestore(&il->lock, flags);
2017 /* Alloc and init all Tx queues, including the command queue (#4/#9) */
2018 for (txq_id = 0; txq_id < il->hw_params.max_txq_num; txq_id++) {
2019 slots_num = (txq_id == il->cmd_queue) ?
2020 TFD_CMD_SLOTS : TFD_TX_CMD_SLOTS;
2021 ret = il_tx_queue_init(il,
2022 &il->txq[txq_id], slots_num,
2025 IL_ERR("Tx %d queue init failed\n", txq_id);
2033 il4965_hw_txq_ctx_free(il);
2034 il4965_free_dma_ptr(il, &il->kw);
2036 il4965_free_dma_ptr(il, &il->scd_bc_tbls);
2041 void il4965_txq_ctx_reset(struct il_priv *il)
2043 int txq_id, slots_num;
2044 unsigned long flags;
2046 spin_lock_irqsave(&il->lock, flags);
2048 /* Turn off all Tx DMA fifos */
2049 il4965_txq_set_sched(il, 0);
2051 /* Tell NIC where to find the "keep warm" buffer */
2052 il_wr(il, FH49_KW_MEM_ADDR_REG, il->kw.dma >> 4);
2054 spin_unlock_irqrestore(&il->lock, flags);
2056 /* Alloc and init all Tx queues, including the command queue (#4) */
2057 for (txq_id = 0; txq_id < il->hw_params.max_txq_num; txq_id++) {
2058 slots_num = txq_id == il->cmd_queue ?
2059 TFD_CMD_SLOTS : TFD_TX_CMD_SLOTS;
2060 il_tx_queue_reset(il, &il->txq[txq_id],
2066 * il4965_txq_ctx_stop - Stop all Tx DMA channels
2068 void il4965_txq_ctx_stop(struct il_priv *il)
2071 unsigned long flags;
2073 /* Turn off all Tx DMA fifos */
2074 spin_lock_irqsave(&il->lock, flags);
2076 il4965_txq_set_sched(il, 0);
2078 /* Stop each Tx DMA channel, and wait for it to be idle */
2079 for (ch = 0; ch < il->hw_params.dma_chnl_num; ch++) {
2081 FH49_TCSR_CHNL_TX_CONFIG_REG(ch), 0x0);
2082 if (il_poll_bit(il, FH49_TSSR_TX_STATUS_REG,
2083 FH49_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(ch),
2085 IL_ERR("Failing on timeout while stopping"
2086 " DMA channel %d [0x%08x]", ch,
2088 FH49_TSSR_TX_STATUS_REG));
2090 spin_unlock_irqrestore(&il->lock, flags);
2095 /* Unmap DMA from host system and free skb's */
2096 for (txq_id = 0; txq_id < il->hw_params.max_txq_num; txq_id++)
2097 if (txq_id == il->cmd_queue)
2098 il_cmd_queue_unmap(il);
2100 il_tx_queue_unmap(il, txq_id);
2104 * Find first available (lowest unused) Tx Queue, mark it "active".
2105 * Called only when finding queue for aggregation.
2106 * Should never return anything < 7, because they should already
2107 * be in use as EDCA AC (0-3), Command (4), reserved (5, 6)
2109 static int il4965_txq_ctx_activate_free(struct il_priv *il)
2113 for (txq_id = 0; txq_id < il->hw_params.max_txq_num; txq_id++)
2114 if (!test_and_set_bit(txq_id, &il->txq_ctx_active_msk))
2120 * il4965_tx_queue_stop_scheduler - Stop queue, but keep configuration
2122 static void il4965_tx_queue_stop_scheduler(struct il_priv *il,
2125 /* Simply stop the queue, but don't change any configuration;
2126 * the SCD_ACT_EN bit is the write-enable mask for the ACTIVE bit. */
2128 IL49_SCD_QUEUE_STATUS_BITS(txq_id),
2129 (0 << IL49_SCD_QUEUE_STTS_REG_POS_ACTIVE)|
2130 (1 << IL49_SCD_QUEUE_STTS_REG_POS_SCD_ACT_EN));
2134 * il4965_tx_queue_set_q2ratid - Map unique receiver/tid combination to a queue
2136 static int il4965_tx_queue_set_q2ratid(struct il_priv *il, u16 ra_tid,
2143 scd_q2ratid = ra_tid & IL_SCD_QUEUE_RA_TID_MAP_RATID_MSK;
2145 tbl_dw_addr = il->scd_base_addr +
2146 IL49_SCD_TRANSLATE_TBL_OFFSET_QUEUE(txq_id);
2148 tbl_dw = il_read_targ_mem(il, tbl_dw_addr);
2151 tbl_dw = (scd_q2ratid << 16) | (tbl_dw & 0x0000FFFF);
2153 tbl_dw = scd_q2ratid | (tbl_dw & 0xFFFF0000);
2155 il_write_targ_mem(il, tbl_dw_addr, tbl_dw);
2161 * il4965_tx_queue_agg_enable - Set up & enable aggregation for selected queue
2163 * NOTE: txq_id must be greater than IL49_FIRST_AMPDU_QUEUE,
2164 * i.e. it must be one of the higher queues used for aggregation
2166 static int il4965_txq_agg_enable(struct il_priv *il, int txq_id,
2167 int tx_fifo, int sta_id, int tid, u16 ssn_idx)
2169 unsigned long flags;
2173 if ((IL49_FIRST_AMPDU_QUEUE > txq_id) ||
2174 (IL49_FIRST_AMPDU_QUEUE +
2175 il->cfg->base_params->num_of_ampdu_queues <= txq_id)) {
2177 "queue number out of range: %d, must be %d to %d\n",
2178 txq_id, IL49_FIRST_AMPDU_QUEUE,
2179 IL49_FIRST_AMPDU_QUEUE +
2180 il->cfg->base_params->num_of_ampdu_queues - 1);
2184 ra_tid = BUILD_RAxTID(sta_id, tid);
2186 /* Modify device's station table to Tx this TID */
2187 ret = il4965_sta_tx_modify_enable_tid(il, sta_id, tid);
2191 spin_lock_irqsave(&il->lock, flags);
2193 /* Stop this Tx queue before configuring it */
2194 il4965_tx_queue_stop_scheduler(il, txq_id);
2196 /* Map receiver-address / traffic-ID to this queue */
2197 il4965_tx_queue_set_q2ratid(il, ra_tid, txq_id);
2199 /* Set this queue as a chain-building queue */
2200 il_set_bits_prph(il, IL49_SCD_QUEUECHAIN_SEL, (1 << txq_id));
2202 /* Place first TFD at idx corresponding to start sequence number.
2203 * Assumes that ssn_idx is valid (!= 0xFFF) */
2204 il->txq[txq_id].q.read_ptr = (ssn_idx & 0xff);
2205 il->txq[txq_id].q.write_ptr = (ssn_idx & 0xff);
2206 il4965_set_wr_ptrs(il, txq_id, ssn_idx);
2208 /* Set up Tx win size and frame limit for this queue */
2209 il_write_targ_mem(il,
2210 il->scd_base_addr + IL49_SCD_CONTEXT_QUEUE_OFFSET(txq_id),
2211 (SCD_WIN_SIZE << IL49_SCD_QUEUE_CTX_REG1_WIN_SIZE_POS) &
2212 IL49_SCD_QUEUE_CTX_REG1_WIN_SIZE_MSK);
2214 il_write_targ_mem(il, il->scd_base_addr +
2215 IL49_SCD_CONTEXT_QUEUE_OFFSET(txq_id) + sizeof(u32),
2216 (SCD_FRAME_LIMIT << IL49_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS)
2217 & IL49_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK);
2219 il_set_bits_prph(il, IL49_SCD_INTERRUPT_MASK, (1 << txq_id));
2221 /* Set up Status area in SRAM, map to Tx DMA/FIFO, activate the queue */
2222 il4965_tx_queue_set_status(il, &il->txq[txq_id], tx_fifo, 1);
2224 spin_unlock_irqrestore(&il->lock, flags);
2230 int il4965_tx_agg_start(struct il_priv *il, struct ieee80211_vif *vif,
2231 struct ieee80211_sta *sta, u16 tid, u16 *ssn)
2237 unsigned long flags;
2238 struct il_tid_data *tid_data;
2240 tx_fifo = il4965_get_fifo_from_tid(il_rxon_ctx_from_vif(vif), tid);
2241 if (unlikely(tx_fifo < 0))
2244 IL_WARN("%s on ra = %pM tid = %d\n",
2245 __func__, sta->addr, tid);
2247 sta_id = il_sta_id(sta);
2248 if (sta_id == IL_INVALID_STATION) {
2249 IL_ERR("Start AGG on invalid station\n");
2252 if (unlikely(tid >= MAX_TID_COUNT))
2255 if (il->stations[sta_id].tid[tid].agg.state != IL_AGG_OFF) {
2256 IL_ERR("Start AGG when state is not IL_AGG_OFF !\n");
2260 txq_id = il4965_txq_ctx_activate_free(il);
2262 IL_ERR("No free aggregation queue available\n");
2266 spin_lock_irqsave(&il->sta_lock, flags);
2267 tid_data = &il->stations[sta_id].tid[tid];
2268 *ssn = SEQ_TO_SN(tid_data->seq_number);
2269 tid_data->agg.txq_id = txq_id;
2270 il_set_swq_id(&il->txq[txq_id],
2271 il4965_get_ac_from_tid(tid), txq_id);
2272 spin_unlock_irqrestore(&il->sta_lock, flags);
2274 ret = il4965_txq_agg_enable(il, txq_id, tx_fifo,
2279 spin_lock_irqsave(&il->sta_lock, flags);
2280 tid_data = &il->stations[sta_id].tid[tid];
2281 if (tid_data->tfds_in_queue == 0) {
2282 D_HT("HW queue is empty\n");
2283 tid_data->agg.state = IL_AGG_ON;
2284 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
2287 "HW queue is NOT empty: %d packets in HW queue\n",
2288 tid_data->tfds_in_queue);
2289 tid_data->agg.state = IL_EMPTYING_HW_QUEUE_ADDBA;
2291 spin_unlock_irqrestore(&il->sta_lock, flags);
2296 * txq_id must be greater than IL49_FIRST_AMPDU_QUEUE
2297 * il->lock must be held by the caller
2299 static int il4965_txq_agg_disable(struct il_priv *il, u16 txq_id,
2300 u16 ssn_idx, u8 tx_fifo)
2302 if ((IL49_FIRST_AMPDU_QUEUE > txq_id) ||
2303 (IL49_FIRST_AMPDU_QUEUE +
2304 il->cfg->base_params->num_of_ampdu_queues <= txq_id)) {
2306 "queue number out of range: %d, must be %d to %d\n",
2307 txq_id, IL49_FIRST_AMPDU_QUEUE,
2308 IL49_FIRST_AMPDU_QUEUE +
2309 il->cfg->base_params->num_of_ampdu_queues - 1);
2313 il4965_tx_queue_stop_scheduler(il, txq_id);
2315 il_clear_bits_prph(il,
2316 IL49_SCD_QUEUECHAIN_SEL, (1 << txq_id));
2318 il->txq[txq_id].q.read_ptr = (ssn_idx & 0xff);
2319 il->txq[txq_id].q.write_ptr = (ssn_idx & 0xff);
2320 /* supposes that ssn_idx is valid (!= 0xFFF) */
2321 il4965_set_wr_ptrs(il, txq_id, ssn_idx);
2323 il_clear_bits_prph(il,
2324 IL49_SCD_INTERRUPT_MASK, (1 << txq_id));
2325 il_txq_ctx_deactivate(il, txq_id);
2326 il4965_tx_queue_set_status(il, &il->txq[txq_id], tx_fifo, 0);
2331 int il4965_tx_agg_stop(struct il_priv *il, struct ieee80211_vif *vif,
2332 struct ieee80211_sta *sta, u16 tid)
2334 int tx_fifo_id, txq_id, sta_id, ssn;
2335 struct il_tid_data *tid_data;
2336 int write_ptr, read_ptr;
2337 unsigned long flags;
2339 tx_fifo_id = il4965_get_fifo_from_tid(il_rxon_ctx_from_vif(vif), tid);
2340 if (unlikely(tx_fifo_id < 0))
2343 sta_id = il_sta_id(sta);
2345 if (sta_id == IL_INVALID_STATION) {
2346 IL_ERR("Invalid station for AGG tid %d\n", tid);
2350 spin_lock_irqsave(&il->sta_lock, flags);
2352 tid_data = &il->stations[sta_id].tid[tid];
2353 ssn = (tid_data->seq_number & IEEE80211_SCTL_SEQ) >> 4;
2354 txq_id = tid_data->agg.txq_id;
2356 switch (il->stations[sta_id].tid[tid].agg.state) {
2357 case IL_EMPTYING_HW_QUEUE_ADDBA:
2359 * This can happen if the peer stops aggregation
2360 * again before we've had a chance to drain the
2361 * queue we selected previously, i.e. before the
2362 * session was really started completely.
2364 D_HT("AGG stop before setup done\n");
2369 IL_WARN("Stopping AGG while state not ON or starting\n");
2372 write_ptr = il->txq[txq_id].q.write_ptr;
2373 read_ptr = il->txq[txq_id].q.read_ptr;
2375 /* The queue is not empty */
2376 if (write_ptr != read_ptr) {
2377 D_HT("Stopping a non empty AGG HW QUEUE\n");
2378 il->stations[sta_id].tid[tid].agg.state =
2379 IL_EMPTYING_HW_QUEUE_DELBA;
2380 spin_unlock_irqrestore(&il->sta_lock, flags);
2384 D_HT("HW queue is empty\n");
2386 il->stations[sta_id].tid[tid].agg.state = IL_AGG_OFF;
2388 /* do not restore/save irqs */
2389 spin_unlock(&il->sta_lock);
2390 spin_lock(&il->lock);
2393 * the only reason this call can fail is queue number out of range,
2394 * which can happen if uCode is reloaded and all the station
2395 * information are lost. if it is outside the range, there is no need
2396 * to deactivate the uCode queue, just return "success" to allow
2397 * mac80211 to clean up it own data.
2399 il4965_txq_agg_disable(il, txq_id, ssn, tx_fifo_id);
2400 spin_unlock_irqrestore(&il->lock, flags);
2402 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
2407 int il4965_txq_check_empty(struct il_priv *il,
2408 int sta_id, u8 tid, int txq_id)
2410 struct il_queue *q = &il->txq[txq_id].q;
2411 u8 *addr = il->stations[sta_id].sta.sta.addr;
2412 struct il_tid_data *tid_data = &il->stations[sta_id].tid[tid];
2413 struct il_rxon_context *ctx;
2417 lockdep_assert_held(&il->sta_lock);
2419 switch (il->stations[sta_id].tid[tid].agg.state) {
2420 case IL_EMPTYING_HW_QUEUE_DELBA:
2421 /* We are reclaiming the last packet of the */
2422 /* aggregated HW queue */
2423 if (txq_id == tid_data->agg.txq_id &&
2424 q->read_ptr == q->write_ptr) {
2425 u16 ssn = SEQ_TO_SN(tid_data->seq_number);
2426 int tx_fifo = il4965_get_fifo_from_tid(ctx, tid);
2428 "HW queue empty: continue DELBA flow\n");
2429 il4965_txq_agg_disable(il, txq_id, ssn, tx_fifo);
2430 tid_data->agg.state = IL_AGG_OFF;
2431 ieee80211_stop_tx_ba_cb_irqsafe(ctx->vif, addr, tid);
2434 case IL_EMPTYING_HW_QUEUE_ADDBA:
2435 /* We are reclaiming the last packet of the queue */
2436 if (tid_data->tfds_in_queue == 0) {
2438 "HW queue empty: continue ADDBA flow\n");
2439 tid_data->agg.state = IL_AGG_ON;
2440 ieee80211_start_tx_ba_cb_irqsafe(ctx->vif, addr, tid);
2448 static void il4965_non_agg_tx_status(struct il_priv *il,
2449 struct il_rxon_context *ctx,
2452 struct ieee80211_sta *sta;
2453 struct il_station_priv *sta_priv;
2456 sta = ieee80211_find_sta(ctx->vif, addr1);
2458 sta_priv = (void *)sta->drv_priv;
2459 /* avoid atomic ops if this isn't a client */
2460 if (sta_priv->client &&
2461 atomic_dec_return(&sta_priv->pending_frames) == 0)
2462 ieee80211_sta_block_awake(il->hw, sta, false);
2468 il4965_tx_status(struct il_priv *il, struct il_tx_info *tx_info,
2471 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx_info->skb->data;
2474 il4965_non_agg_tx_status(il, tx_info->ctx, hdr->addr1);
2476 ieee80211_tx_status_irqsafe(il->hw, tx_info->skb);
2479 int il4965_tx_queue_reclaim(struct il_priv *il, int txq_id, int idx)
2481 struct il_tx_queue *txq = &il->txq[txq_id];
2482 struct il_queue *q = &txq->q;
2483 struct il_tx_info *tx_info;
2485 struct ieee80211_hdr *hdr;
2487 if (idx >= q->n_bd || il_queue_used(q, idx) == 0) {
2488 IL_ERR("Read idx for DMA queue txq id (%d), idx %d, "
2489 "is out of range [0-%d] %d %d.\n", txq_id,
2490 idx, q->n_bd, q->write_ptr, q->read_ptr);
2494 for (idx = il_queue_inc_wrap(idx, q->n_bd);
2496 q->read_ptr = il_queue_inc_wrap(q->read_ptr, q->n_bd)) {
2498 tx_info = &txq->txb[txq->q.read_ptr];
2500 if (WARN_ON_ONCE(tx_info->skb == NULL))
2503 hdr = (struct ieee80211_hdr *)tx_info->skb->data;
2504 if (ieee80211_is_data_qos(hdr->frame_control))
2507 il4965_tx_status(il, tx_info,
2508 txq_id >= IL4965_FIRST_AMPDU_QUEUE);
2509 tx_info->skb = NULL;
2511 il->cfg->ops->lib->txq_free_tfd(il, txq);
2517 * il4965_tx_status_reply_compressed_ba - Update tx status from block-ack
2519 * Go through block-ack's bitmap of ACK'd frames, update driver's record of
2520 * ACK vs. not. This gets sent to mac80211, then to rate scaling algo.
2522 static int il4965_tx_status_reply_compressed_ba(struct il_priv *il,
2523 struct il_ht_agg *agg,
2524 struct il_compressed_ba_resp *ba_resp)
2528 u16 seq_ctl = le16_to_cpu(ba_resp->seq_ctl);
2529 u16 scd_flow = le16_to_cpu(ba_resp->scd_flow);
2531 struct ieee80211_tx_info *info;
2532 u64 bitmap, sent_bitmap;
2534 if (unlikely(!agg->wait_for_ba)) {
2535 if (unlikely(ba_resp->bitmap))
2536 IL_ERR("Received BA when not expected\n");
2540 /* Mark that the expected block-ack response arrived */
2541 agg->wait_for_ba = 0;
2542 D_TX_REPLY("BA %d %d\n", agg->start_idx,
2545 /* Calculate shift to align block-ack bits with our Tx win bits */
2546 sh = agg->start_idx - SEQ_TO_IDX(seq_ctl >> 4);
2547 if (sh < 0) /* tbw something is wrong with indices */
2550 if (agg->frame_count > (64 - sh)) {
2551 D_TX_REPLY("more frames than bitmap size");
2555 /* don't use 64-bit values for now */
2556 bitmap = le64_to_cpu(ba_resp->bitmap) >> sh;
2558 /* check for success or failure according to the
2559 * transmitted bitmap and block-ack bitmap */
2560 sent_bitmap = bitmap & agg->bitmap;
2562 /* For each frame attempted in aggregation,
2563 * update driver's record of tx frame's status. */
2565 while (sent_bitmap) {
2566 ack = sent_bitmap & 1ULL;
2568 D_TX_REPLY("%s ON i=%d idx=%d raw=%d\n",
2569 ack ? "ACK" : "NACK", i,
2570 (agg->start_idx + i) & 0xff,
2571 agg->start_idx + i);
2576 D_TX_REPLY("Bitmap %llx\n",
2577 (unsigned long long)bitmap);
2579 info = IEEE80211_SKB_CB(il->txq[scd_flow].txb[agg->start_idx].skb);
2580 memset(&info->status, 0, sizeof(info->status));
2581 info->flags |= IEEE80211_TX_STAT_ACK;
2582 info->flags |= IEEE80211_TX_STAT_AMPDU;
2583 info->status.ampdu_ack_len = successes;
2584 info->status.ampdu_len = agg->frame_count;
2585 il4965_hwrate_to_tx_control(il, agg->rate_n_flags, info);
2591 * translate ucode response to mac80211 tx status control values
2593 void il4965_hwrate_to_tx_control(struct il_priv *il, u32 rate_n_flags,
2594 struct ieee80211_tx_info *info)
2596 struct ieee80211_tx_rate *r = &info->control.rates[0];
2598 info->antenna_sel_tx =
2599 ((rate_n_flags & RATE_MCS_ANT_ABC_MSK) >> RATE_MCS_ANT_POS);
2600 if (rate_n_flags & RATE_MCS_HT_MSK)
2601 r->flags |= IEEE80211_TX_RC_MCS;
2602 if (rate_n_flags & RATE_MCS_GF_MSK)
2603 r->flags |= IEEE80211_TX_RC_GREEN_FIELD;
2604 if (rate_n_flags & RATE_MCS_HT40_MSK)
2605 r->flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
2606 if (rate_n_flags & RATE_MCS_DUP_MSK)
2607 r->flags |= IEEE80211_TX_RC_DUP_DATA;
2608 if (rate_n_flags & RATE_MCS_SGI_MSK)
2609 r->flags |= IEEE80211_TX_RC_SHORT_GI;
2610 r->idx = il4965_hwrate_to_mac80211_idx(rate_n_flags, info->band);
2614 * il4965_hdl_compressed_ba - Handler for N_COMPRESSED_BA
2616 * Handles block-acknowledge notification from device, which reports success
2617 * of frames sent via aggregation.
2619 void il4965_hdl_compressed_ba(struct il_priv *il,
2620 struct il_rx_buf *rxb)
2622 struct il_rx_pkt *pkt = rxb_addr(rxb);
2623 struct il_compressed_ba_resp *ba_resp = &pkt->u.compressed_ba;
2624 struct il_tx_queue *txq = NULL;
2625 struct il_ht_agg *agg;
2629 unsigned long flags;
2631 /* "flow" corresponds to Tx queue */
2632 u16 scd_flow = le16_to_cpu(ba_resp->scd_flow);
2634 /* "ssn" is start of block-ack Tx win, corresponds to idx
2635 * (in Tx queue's circular buffer) of first TFD/frame in win */
2636 u16 ba_resp_scd_ssn = le16_to_cpu(ba_resp->scd_ssn);
2638 if (scd_flow >= il->hw_params.max_txq_num) {
2640 "BUG_ON scd_flow is bigger than number of queues\n");
2644 txq = &il->txq[scd_flow];
2645 sta_id = ba_resp->sta_id;
2647 agg = &il->stations[sta_id].tid[tid].agg;
2648 if (unlikely(agg->txq_id != scd_flow)) {
2650 * FIXME: this is a uCode bug which need to be addressed,
2651 * log the information and return for now!
2652 * since it is possible happen very often and in order
2653 * not to fill the syslog, don't enable the logging by default
2656 "BA scd_flow %d does not match txq_id %d\n",
2657 scd_flow, agg->txq_id);
2661 /* Find idx just before block-ack win */
2662 idx = il_queue_dec_wrap(ba_resp_scd_ssn & 0xff, txq->q.n_bd);
2664 spin_lock_irqsave(&il->sta_lock, flags);
2666 D_TX_REPLY("N_COMPRESSED_BA [%d] Received from %pM, "
2669 (u8 *) &ba_resp->sta_addr_lo32,
2671 D_TX_REPLY("TID = %d, SeqCtl = %d, bitmap = 0x%llx,"
2673 "%d, scd_ssn = %d\n",
2676 (unsigned long long)le64_to_cpu(ba_resp->bitmap),
2679 D_TX_REPLY("DAT start_idx = %d, bitmap = 0x%llx\n",
2681 (unsigned long long)agg->bitmap);
2683 /* Update driver's record of ACK vs. not for each frame in win */
2684 il4965_tx_status_reply_compressed_ba(il, agg, ba_resp);
2686 /* Release all TFDs before the SSN, i.e. all TFDs in front of
2687 * block-ack win (we assume that they've been successfully
2688 * transmitted ... if not, it's too late anyway). */
2689 if (txq->q.read_ptr != (ba_resp_scd_ssn & 0xff)) {
2690 /* calculate mac80211 ampdu sw queue to wake */
2691 int freed = il4965_tx_queue_reclaim(il, scd_flow, idx);
2692 il4965_free_tfds_in_queue(il, sta_id, tid, freed);
2694 if (il_queue_space(&txq->q) > txq->q.low_mark &&
2695 il->mac80211_registered &&
2696 agg->state != IL_EMPTYING_HW_QUEUE_DELBA)
2697 il_wake_queue(il, txq);
2699 il4965_txq_check_empty(il, sta_id, tid, scd_flow);
2702 spin_unlock_irqrestore(&il->sta_lock, flags);
2705 #ifdef CONFIG_IWLEGACY_DEBUG
2706 const char *il4965_get_tx_fail_reason(u32 status)
2708 #define TX_STATUS_FAIL(x) case TX_STATUS_FAIL_ ## x: return #x
2709 #define TX_STATUS_POSTPONE(x) case TX_STATUS_POSTPONE_ ## x: return #x
2711 switch (status & TX_STATUS_MSK) {
2712 case TX_STATUS_SUCCESS:
2714 TX_STATUS_POSTPONE(DELAY);
2715 TX_STATUS_POSTPONE(FEW_BYTES);
2716 TX_STATUS_POSTPONE(QUIET_PERIOD);
2717 TX_STATUS_POSTPONE(CALC_TTAK);
2718 TX_STATUS_FAIL(INTERNAL_CROSSED_RETRY);
2719 TX_STATUS_FAIL(SHORT_LIMIT);
2720 TX_STATUS_FAIL(LONG_LIMIT);
2721 TX_STATUS_FAIL(FIFO_UNDERRUN);
2722 TX_STATUS_FAIL(DRAIN_FLOW);
2723 TX_STATUS_FAIL(RFKILL_FLUSH);
2724 TX_STATUS_FAIL(LIFE_EXPIRE);
2725 TX_STATUS_FAIL(DEST_PS);
2726 TX_STATUS_FAIL(HOST_ABORTED);
2727 TX_STATUS_FAIL(BT_RETRY);
2728 TX_STATUS_FAIL(STA_INVALID);
2729 TX_STATUS_FAIL(FRAG_DROPPED);
2730 TX_STATUS_FAIL(TID_DISABLE);
2731 TX_STATUS_FAIL(FIFO_FLUSHED);
2732 TX_STATUS_FAIL(INSUFFICIENT_CF_POLL);
2733 TX_STATUS_FAIL(PASSIVE_NO_RX);
2734 TX_STATUS_FAIL(NO_BEACON_ON_RADAR);
2739 #undef TX_STATUS_FAIL
2740 #undef TX_STATUS_POSTPONE
2742 #endif /* CONFIG_IWLEGACY_DEBUG */
2744 static struct il_link_quality_cmd *
2745 il4965_sta_alloc_lq(struct il_priv *il, u8 sta_id)
2748 struct il_link_quality_cmd *link_cmd;
2750 __le32 rate_n_flags;
2752 link_cmd = kzalloc(sizeof(struct il_link_quality_cmd), GFP_KERNEL);
2754 IL_ERR("Unable to allocate memory for LQ cmd.\n");
2757 /* Set up the rate scaling to start at selected rate, fall back
2758 * all the way down to 1M in IEEE order, and then spin on 1M */
2759 if (il->band == IEEE80211_BAND_5GHZ)
2764 if (r >= IL_FIRST_CCK_RATE && r <= IL_LAST_CCK_RATE)
2765 rate_flags |= RATE_MCS_CCK_MSK;
2767 rate_flags |= il4965_first_antenna(il->hw_params.valid_tx_ant) <<
2769 rate_n_flags = il4965_hw_set_rate_n_flags(il_rates[r].plcp,
2771 for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++)
2772 link_cmd->rs_table[i].rate_n_flags = rate_n_flags;
2774 link_cmd->general_params.single_stream_ant_msk =
2775 il4965_first_antenna(il->hw_params.valid_tx_ant);
2777 link_cmd->general_params.dual_stream_ant_msk =
2778 il->hw_params.valid_tx_ant &
2779 ~il4965_first_antenna(il->hw_params.valid_tx_ant);
2780 if (!link_cmd->general_params.dual_stream_ant_msk) {
2781 link_cmd->general_params.dual_stream_ant_msk = ANT_AB;
2782 } else if (il4965_num_of_ant(il->hw_params.valid_tx_ant) == 2) {
2783 link_cmd->general_params.dual_stream_ant_msk =
2784 il->hw_params.valid_tx_ant;
2787 link_cmd->agg_params.agg_dis_start_th = LINK_QUAL_AGG_DISABLE_START_DEF;
2788 link_cmd->agg_params.agg_time_limit =
2789 cpu_to_le16(LINK_QUAL_AGG_TIME_LIMIT_DEF);
2791 link_cmd->sta_id = sta_id;
2797 * il4965_add_bssid_station - Add the special IBSS BSSID station
2802 il4965_add_bssid_station(struct il_priv *il, struct il_rxon_context *ctx,
2803 const u8 *addr, u8 *sta_id_r)
2807 struct il_link_quality_cmd *link_cmd;
2808 unsigned long flags;
2811 *sta_id_r = IL_INVALID_STATION;
2813 ret = il_add_station_common(il, ctx, addr, 0, NULL, &sta_id);
2815 IL_ERR("Unable to add station %pM\n", addr);
2822 spin_lock_irqsave(&il->sta_lock, flags);
2823 il->stations[sta_id].used |= IL_STA_LOCAL;
2824 spin_unlock_irqrestore(&il->sta_lock, flags);
2826 /* Set up default rate scaling table in device's station table */
2827 link_cmd = il4965_sta_alloc_lq(il, sta_id);
2830 "Unable to initialize rate scaling for station %pM.\n",
2835 ret = il_send_lq_cmd(il, ctx, link_cmd, CMD_SYNC, true);
2837 IL_ERR("Link quality command failed (%d)\n", ret);
2839 spin_lock_irqsave(&il->sta_lock, flags);
2840 il->stations[sta_id].lq = link_cmd;
2841 spin_unlock_irqrestore(&il->sta_lock, flags);
2846 static int il4965_static_wepkey_cmd(struct il_priv *il,
2847 struct il_rxon_context *ctx,
2850 int i, not_empty = 0;
2851 u8 buff[sizeof(struct il_wep_cmd) +
2852 sizeof(struct il_wep_key) * WEP_KEYS_MAX];
2853 struct il_wep_cmd *wep_cmd = (struct il_wep_cmd *)buff;
2854 size_t cmd_size = sizeof(struct il_wep_cmd);
2855 struct il_host_cmd cmd = {
2856 .id = ctx->wep_key_cmd,
2863 memset(wep_cmd, 0, cmd_size +
2864 (sizeof(struct il_wep_key) * WEP_KEYS_MAX));
2866 for (i = 0; i < WEP_KEYS_MAX ; i++) {
2867 wep_cmd->key[i].key_idx = i;
2868 if (ctx->wep_keys[i].key_size) {
2869 wep_cmd->key[i].key_offset = i;
2872 wep_cmd->key[i].key_offset = WEP_INVALID_OFFSET;
2875 wep_cmd->key[i].key_size = ctx->wep_keys[i].key_size;
2876 memcpy(&wep_cmd->key[i].key[3], ctx->wep_keys[i].key,
2877 ctx->wep_keys[i].key_size);
2880 wep_cmd->global_key_type = WEP_KEY_WEP_TYPE;
2881 wep_cmd->num_keys = WEP_KEYS_MAX;
2883 cmd_size += sizeof(struct il_wep_key) * WEP_KEYS_MAX;
2887 if (not_empty || send_if_empty)
2888 return il_send_cmd(il, &cmd);
2893 int il4965_restore_default_wep_keys(struct il_priv *il,
2894 struct il_rxon_context *ctx)
2896 lockdep_assert_held(&il->mutex);
2898 return il4965_static_wepkey_cmd(il, ctx, false);
2901 int il4965_remove_default_wep_key(struct il_priv *il,
2902 struct il_rxon_context *ctx,
2903 struct ieee80211_key_conf *keyconf)
2907 lockdep_assert_held(&il->mutex);
2909 D_WEP("Removing default WEP key: idx=%d\n",
2912 memset(&ctx->wep_keys[keyconf->keyidx], 0, sizeof(ctx->wep_keys[0]));
2913 if (il_is_rfkill(il)) {
2915 "Not sending C_WEPKEY command due to RFKILL.\n");
2916 /* but keys in device are clear anyway so return success */
2919 ret = il4965_static_wepkey_cmd(il, ctx, 1);
2920 D_WEP("Remove default WEP key: idx=%d ret=%d\n",
2921 keyconf->keyidx, ret);
2926 int il4965_set_default_wep_key(struct il_priv *il,
2927 struct il_rxon_context *ctx,
2928 struct ieee80211_key_conf *keyconf)
2932 lockdep_assert_held(&il->mutex);
2934 if (keyconf->keylen != WEP_KEY_LEN_128 &&
2935 keyconf->keylen != WEP_KEY_LEN_64) {
2936 D_WEP("Bad WEP key length %d\n", keyconf->keylen);
2940 keyconf->flags &= ~IEEE80211_KEY_FLAG_GENERATE_IV;
2941 keyconf->hw_key_idx = HW_KEY_DEFAULT;
2942 il->stations[ctx->ap_sta_id].keyinfo.cipher = keyconf->cipher;
2944 ctx->wep_keys[keyconf->keyidx].key_size = keyconf->keylen;
2945 memcpy(&ctx->wep_keys[keyconf->keyidx].key, &keyconf->key,
2948 ret = il4965_static_wepkey_cmd(il, ctx, false);
2949 D_WEP("Set default WEP key: len=%d idx=%d ret=%d\n",
2950 keyconf->keylen, keyconf->keyidx, ret);
2955 static int il4965_set_wep_dynamic_key_info(struct il_priv *il,
2956 struct il_rxon_context *ctx,
2957 struct ieee80211_key_conf *keyconf,
2960 unsigned long flags;
2961 __le16 key_flags = 0;
2962 struct il_addsta_cmd sta_cmd;
2964 lockdep_assert_held(&il->mutex);
2966 keyconf->flags &= ~IEEE80211_KEY_FLAG_GENERATE_IV;
2968 key_flags |= (STA_KEY_FLG_WEP | STA_KEY_FLG_MAP_KEY_MSK);
2969 key_flags |= cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
2970 key_flags &= ~STA_KEY_FLG_INVALID;
2972 if (keyconf->keylen == WEP_KEY_LEN_128)
2973 key_flags |= STA_KEY_FLG_KEY_SIZE_MSK;
2975 if (sta_id == ctx->bcast_sta_id)
2976 key_flags |= STA_KEY_MULTICAST_MSK;
2978 spin_lock_irqsave(&il->sta_lock, flags);
2980 il->stations[sta_id].keyinfo.cipher = keyconf->cipher;
2981 il->stations[sta_id].keyinfo.keylen = keyconf->keylen;
2982 il->stations[sta_id].keyinfo.keyidx = keyconf->keyidx;
2984 memcpy(il->stations[sta_id].keyinfo.key,
2985 keyconf->key, keyconf->keylen);
2987 memcpy(&il->stations[sta_id].sta.key.key[3],
2988 keyconf->key, keyconf->keylen);
2990 if ((il->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_ENCRYPT_MSK)
2991 == STA_KEY_FLG_NO_ENC)
2992 il->stations[sta_id].sta.key.key_offset =
2993 il_get_free_ucode_key_idx(il);
2994 /* else, we are overriding an existing key => no need to allocated room
2997 WARN(il->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET,
2998 "no space for a new key");
3000 il->stations[sta_id].sta.key.key_flags = key_flags;
3001 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
3002 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3004 memcpy(&sta_cmd, &il->stations[sta_id].sta,
3005 sizeof(struct il_addsta_cmd));
3006 spin_unlock_irqrestore(&il->sta_lock, flags);
3008 return il_send_add_sta(il, &sta_cmd, CMD_SYNC);
3011 static int il4965_set_ccmp_dynamic_key_info(struct il_priv *il,
3012 struct il_rxon_context *ctx,
3013 struct ieee80211_key_conf *keyconf,
3016 unsigned long flags;
3017 __le16 key_flags = 0;
3018 struct il_addsta_cmd sta_cmd;
3020 lockdep_assert_held(&il->mutex);
3022 key_flags |= (STA_KEY_FLG_CCMP | STA_KEY_FLG_MAP_KEY_MSK);
3023 key_flags |= cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
3024 key_flags &= ~STA_KEY_FLG_INVALID;
3026 if (sta_id == ctx->bcast_sta_id)
3027 key_flags |= STA_KEY_MULTICAST_MSK;
3029 keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3031 spin_lock_irqsave(&il->sta_lock, flags);
3032 il->stations[sta_id].keyinfo.cipher = keyconf->cipher;
3033 il->stations[sta_id].keyinfo.keylen = keyconf->keylen;
3035 memcpy(il->stations[sta_id].keyinfo.key, keyconf->key,
3038 memcpy(il->stations[sta_id].sta.key.key, keyconf->key,
3041 if ((il->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_ENCRYPT_MSK)
3042 == STA_KEY_FLG_NO_ENC)
3043 il->stations[sta_id].sta.key.key_offset =
3044 il_get_free_ucode_key_idx(il);
3045 /* else, we are overriding an existing key => no need to allocated room
3048 WARN(il->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET,
3049 "no space for a new key");
3051 il->stations[sta_id].sta.key.key_flags = key_flags;
3052 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
3053 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3055 memcpy(&sta_cmd, &il->stations[sta_id].sta,
3056 sizeof(struct il_addsta_cmd));
3057 spin_unlock_irqrestore(&il->sta_lock, flags);
3059 return il_send_add_sta(il, &sta_cmd, CMD_SYNC);
3062 static int il4965_set_tkip_dynamic_key_info(struct il_priv *il,
3063 struct il_rxon_context *ctx,
3064 struct ieee80211_key_conf *keyconf,
3067 unsigned long flags;
3069 __le16 key_flags = 0;
3071 key_flags |= (STA_KEY_FLG_TKIP | STA_KEY_FLG_MAP_KEY_MSK);
3072 key_flags |= cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
3073 key_flags &= ~STA_KEY_FLG_INVALID;
3075 if (sta_id == ctx->bcast_sta_id)
3076 key_flags |= STA_KEY_MULTICAST_MSK;
3078 keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3079 keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
3081 spin_lock_irqsave(&il->sta_lock, flags);
3083 il->stations[sta_id].keyinfo.cipher = keyconf->cipher;
3084 il->stations[sta_id].keyinfo.keylen = 16;
3086 if ((il->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_ENCRYPT_MSK)
3087 == STA_KEY_FLG_NO_ENC)
3088 il->stations[sta_id].sta.key.key_offset =
3089 il_get_free_ucode_key_idx(il);
3090 /* else, we are overriding an existing key => no need to allocated room
3093 WARN(il->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET,
3094 "no space for a new key");
3096 il->stations[sta_id].sta.key.key_flags = key_flags;
3099 /* This copy is acutally not needed: we get the key with each TX */
3100 memcpy(il->stations[sta_id].keyinfo.key, keyconf->key, 16);
3102 memcpy(il->stations[sta_id].sta.key.key, keyconf->key, 16);
3104 spin_unlock_irqrestore(&il->sta_lock, flags);
3109 void il4965_update_tkip_key(struct il_priv *il,
3110 struct il_rxon_context *ctx,
3111 struct ieee80211_key_conf *keyconf,
3112 struct ieee80211_sta *sta, u32 iv32, u16 *phase1key)
3115 unsigned long flags;
3118 if (il_scan_cancel(il)) {
3119 /* cancel scan failed, just live w/ bad key and rely
3120 briefly on SW decryption */
3124 sta_id = il_sta_id_or_broadcast(il, ctx, sta);
3125 if (sta_id == IL_INVALID_STATION)
3128 spin_lock_irqsave(&il->sta_lock, flags);
3130 il->stations[sta_id].sta.key.tkip_rx_tsc_byte2 = (u8) iv32;
3132 for (i = 0; i < 5; i++)
3133 il->stations[sta_id].sta.key.tkip_rx_ttak[i] =
3134 cpu_to_le16(phase1key[i]);
3136 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
3137 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3139 il_send_add_sta(il, &il->stations[sta_id].sta, CMD_ASYNC);
3141 spin_unlock_irqrestore(&il->sta_lock, flags);
3145 int il4965_remove_dynamic_key(struct il_priv *il,
3146 struct il_rxon_context *ctx,
3147 struct ieee80211_key_conf *keyconf,
3150 unsigned long flags;
3153 struct il_addsta_cmd sta_cmd;
3155 lockdep_assert_held(&il->mutex);
3157 ctx->key_mapping_keys--;
3159 spin_lock_irqsave(&il->sta_lock, flags);
3160 key_flags = le16_to_cpu(il->stations[sta_id].sta.key.key_flags);
3161 keyidx = (key_flags >> STA_KEY_FLG_KEYID_POS) & 0x3;
3163 D_WEP("Remove dynamic key: idx=%d sta=%d\n",
3164 keyconf->keyidx, sta_id);
3166 if (keyconf->keyidx != keyidx) {
3167 /* We need to remove a key with idx different that the one
3168 * in the uCode. This means that the key we need to remove has
3169 * been replaced by another one with different idx.
3170 * Don't do anything and return ok
3172 spin_unlock_irqrestore(&il->sta_lock, flags);
3176 if (il->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET) {
3177 IL_WARN("Removing wrong key %d 0x%x\n",
3178 keyconf->keyidx, key_flags);
3179 spin_unlock_irqrestore(&il->sta_lock, flags);
3183 if (!test_and_clear_bit(il->stations[sta_id].sta.key.key_offset,
3184 &il->ucode_key_table))
3185 IL_ERR("idx %d not used in uCode key table.\n",
3186 il->stations[sta_id].sta.key.key_offset);
3187 memset(&il->stations[sta_id].keyinfo, 0,
3188 sizeof(struct il_hw_key));
3189 memset(&il->stations[sta_id].sta.key, 0,
3190 sizeof(struct il4965_keyinfo));
3191 il->stations[sta_id].sta.key.key_flags =
3192 STA_KEY_FLG_NO_ENC | STA_KEY_FLG_INVALID;
3193 il->stations[sta_id].sta.key.key_offset = WEP_INVALID_OFFSET;
3194 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
3195 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3197 if (il_is_rfkill(il)) {
3199 "Not sending C_ADD_STA command because RFKILL enabled.\n");
3200 spin_unlock_irqrestore(&il->sta_lock, flags);
3203 memcpy(&sta_cmd, &il->stations[sta_id].sta,
3204 sizeof(struct il_addsta_cmd));
3205 spin_unlock_irqrestore(&il->sta_lock, flags);
3207 return il_send_add_sta(il, &sta_cmd, CMD_SYNC);
3210 int il4965_set_dynamic_key(struct il_priv *il, struct il_rxon_context *ctx,
3211 struct ieee80211_key_conf *keyconf, u8 sta_id)
3215 lockdep_assert_held(&il->mutex);
3217 ctx->key_mapping_keys++;
3218 keyconf->hw_key_idx = HW_KEY_DYNAMIC;
3220 switch (keyconf->cipher) {
3221 case WLAN_CIPHER_SUITE_CCMP:
3222 ret = il4965_set_ccmp_dynamic_key_info(il, ctx,
3225 case WLAN_CIPHER_SUITE_TKIP:
3226 ret = il4965_set_tkip_dynamic_key_info(il, ctx,
3229 case WLAN_CIPHER_SUITE_WEP40:
3230 case WLAN_CIPHER_SUITE_WEP104:
3231 ret = il4965_set_wep_dynamic_key_info(il, ctx,
3236 "Unknown alg: %s cipher = %x\n", __func__,
3242 "Set dynamic key: cipher=%x len=%d idx=%d sta=%d ret=%d\n",
3243 keyconf->cipher, keyconf->keylen, keyconf->keyidx,
3250 * il4965_alloc_bcast_station - add broadcast station into driver's station table.
3252 * This adds the broadcast station into the driver's station table
3253 * and marks it driver active, so that it will be restored to the
3254 * device at the next best time.
3256 int il4965_alloc_bcast_station(struct il_priv *il,
3257 struct il_rxon_context *ctx)
3259 struct il_link_quality_cmd *link_cmd;
3260 unsigned long flags;
3263 spin_lock_irqsave(&il->sta_lock, flags);
3264 sta_id = il_prep_station(il, ctx, il_bcast_addr,
3266 if (sta_id == IL_INVALID_STATION) {
3267 IL_ERR("Unable to prepare broadcast station\n");
3268 spin_unlock_irqrestore(&il->sta_lock, flags);
3273 il->stations[sta_id].used |= IL_STA_DRIVER_ACTIVE;
3274 il->stations[sta_id].used |= IL_STA_BCAST;
3275 spin_unlock_irqrestore(&il->sta_lock, flags);
3277 link_cmd = il4965_sta_alloc_lq(il, sta_id);
3280 "Unable to initialize rate scaling for bcast station.\n");
3284 spin_lock_irqsave(&il->sta_lock, flags);
3285 il->stations[sta_id].lq = link_cmd;
3286 spin_unlock_irqrestore(&il->sta_lock, flags);
3292 * il4965_update_bcast_station - update broadcast station's LQ command
3294 * Only used by iwl4965. Placed here to have all bcast station management
3297 static int il4965_update_bcast_station(struct il_priv *il,
3298 struct il_rxon_context *ctx)
3300 unsigned long flags;
3301 struct il_link_quality_cmd *link_cmd;
3302 u8 sta_id = ctx->bcast_sta_id;
3304 link_cmd = il4965_sta_alloc_lq(il, sta_id);
3307 "Unable to initialize rate scaling for bcast station.\n");
3311 spin_lock_irqsave(&il->sta_lock, flags);
3312 if (il->stations[sta_id].lq)
3313 kfree(il->stations[sta_id].lq);
3316 "Bcast station rate scaling has not been initialized yet.\n");
3317 il->stations[sta_id].lq = link_cmd;
3318 spin_unlock_irqrestore(&il->sta_lock, flags);
3323 int il4965_update_bcast_stations(struct il_priv *il)
3325 return il4965_update_bcast_station(il, &il->ctx);
3329 * il4965_sta_tx_modify_enable_tid - Enable Tx for this TID in station table
3331 int il4965_sta_tx_modify_enable_tid(struct il_priv *il, int sta_id, int tid)
3333 unsigned long flags;
3334 struct il_addsta_cmd sta_cmd;
3336 lockdep_assert_held(&il->mutex);
3338 /* Remove "disable" flag, to enable Tx for this TID */
3339 spin_lock_irqsave(&il->sta_lock, flags);
3340 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_TID_DISABLE_TX;
3341 il->stations[sta_id].sta.tid_disable_tx &= cpu_to_le16(~(1 << tid));
3342 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3343 memcpy(&sta_cmd, &il->stations[sta_id].sta,
3344 sizeof(struct il_addsta_cmd));
3345 spin_unlock_irqrestore(&il->sta_lock, flags);
3347 return il_send_add_sta(il, &sta_cmd, CMD_SYNC);
3350 int il4965_sta_rx_agg_start(struct il_priv *il, struct ieee80211_sta *sta,
3353 unsigned long flags;
3355 struct il_addsta_cmd sta_cmd;
3357 lockdep_assert_held(&il->mutex);
3359 sta_id = il_sta_id(sta);
3360 if (sta_id == IL_INVALID_STATION)
3363 spin_lock_irqsave(&il->sta_lock, flags);
3364 il->stations[sta_id].sta.station_flags_msk = 0;
3365 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_ADDBA_TID_MSK;
3366 il->stations[sta_id].sta.add_immediate_ba_tid = (u8)tid;
3367 il->stations[sta_id].sta.add_immediate_ba_ssn = cpu_to_le16(ssn);
3368 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3369 memcpy(&sta_cmd, &il->stations[sta_id].sta,
3370 sizeof(struct il_addsta_cmd));
3371 spin_unlock_irqrestore(&il->sta_lock, flags);
3373 return il_send_add_sta(il, &sta_cmd, CMD_SYNC);
3376 int il4965_sta_rx_agg_stop(struct il_priv *il, struct ieee80211_sta *sta,
3379 unsigned long flags;
3381 struct il_addsta_cmd sta_cmd;
3383 lockdep_assert_held(&il->mutex);
3385 sta_id = il_sta_id(sta);
3386 if (sta_id == IL_INVALID_STATION) {
3387 IL_ERR("Invalid station for AGG tid %d\n", tid);
3391 spin_lock_irqsave(&il->sta_lock, flags);
3392 il->stations[sta_id].sta.station_flags_msk = 0;
3393 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_DELBA_TID_MSK;
3394 il->stations[sta_id].sta.remove_immediate_ba_tid = (u8)tid;
3395 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3396 memcpy(&sta_cmd, &il->stations[sta_id].sta,
3397 sizeof(struct il_addsta_cmd));
3398 spin_unlock_irqrestore(&il->sta_lock, flags);
3400 return il_send_add_sta(il, &sta_cmd, CMD_SYNC);
3404 il4965_sta_modify_sleep_tx_count(struct il_priv *il, int sta_id, int cnt)
3406 unsigned long flags;
3408 spin_lock_irqsave(&il->sta_lock, flags);
3409 il->stations[sta_id].sta.station_flags |= STA_FLG_PWR_SAVE_MSK;
3410 il->stations[sta_id].sta.station_flags_msk = STA_FLG_PWR_SAVE_MSK;
3411 il->stations[sta_id].sta.sta.modify_mask =
3412 STA_MODIFY_SLEEP_TX_COUNT_MSK;
3413 il->stations[sta_id].sta.sleep_tx_count = cpu_to_le16(cnt);
3414 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3416 &il->stations[sta_id].sta, CMD_ASYNC);
3417 spin_unlock_irqrestore(&il->sta_lock, flags);
3421 void il4965_update_chain_flags(struct il_priv *il)
3423 if (il->cfg->ops->hcmd->set_rxon_chain) {
3424 il->cfg->ops->hcmd->set_rxon_chain(il, &il->ctx);
3425 if (il->ctx.active.rx_chain != il->ctx.staging.rx_chain)
3426 il_commit_rxon(il, &il->ctx);
3430 static void il4965_clear_free_frames(struct il_priv *il)
3432 struct list_head *element;
3434 D_INFO("%d frames on pre-allocated heap on clear.\n",
3437 while (!list_empty(&il->free_frames)) {
3438 element = il->free_frames.next;
3440 kfree(list_entry(element, struct il_frame, list));
3444 if (il->frames_count) {
3445 IL_WARN("%d frames still in use. Did we lose one?\n",
3447 il->frames_count = 0;
3451 static struct il_frame *il4965_get_free_frame(struct il_priv *il)
3453 struct il_frame *frame;
3454 struct list_head *element;
3455 if (list_empty(&il->free_frames)) {
3456 frame = kzalloc(sizeof(*frame), GFP_KERNEL);
3458 IL_ERR("Could not allocate frame!\n");
3466 element = il->free_frames.next;
3468 return list_entry(element, struct il_frame, list);
3471 static void il4965_free_frame(struct il_priv *il, struct il_frame *frame)
3473 memset(frame, 0, sizeof(*frame));
3474 list_add(&frame->list, &il->free_frames);
3477 static u32 il4965_fill_beacon_frame(struct il_priv *il,
3478 struct ieee80211_hdr *hdr,
3481 lockdep_assert_held(&il->mutex);
3483 if (!il->beacon_skb)
3486 if (il->beacon_skb->len > left)
3489 memcpy(hdr, il->beacon_skb->data, il->beacon_skb->len);
3491 return il->beacon_skb->len;
3494 /* Parse the beacon frame to find the TIM element and set tim_idx & tim_size */
3495 static void il4965_set_beacon_tim(struct il_priv *il,
3496 struct il_tx_beacon_cmd *tx_beacon_cmd,
3497 u8 *beacon, u32 frame_size)
3500 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)beacon;
3503 * The idx is relative to frame start but we start looking at the
3504 * variable-length part of the beacon.
3506 tim_idx = mgmt->u.beacon.variable - beacon;
3508 /* Parse variable-length elements of beacon to find WLAN_EID_TIM */
3509 while ((tim_idx < (frame_size - 2)) &&
3510 (beacon[tim_idx] != WLAN_EID_TIM))
3511 tim_idx += beacon[tim_idx+1] + 2;
3513 /* If TIM field was found, set variables */
3514 if ((tim_idx < (frame_size - 1)) && (beacon[tim_idx] == WLAN_EID_TIM)) {
3515 tx_beacon_cmd->tim_idx = cpu_to_le16(tim_idx);
3516 tx_beacon_cmd->tim_size = beacon[tim_idx+1];
3518 IL_WARN("Unable to find TIM Element in beacon\n");
3521 static unsigned int il4965_hw_get_beacon_cmd(struct il_priv *il,
3522 struct il_frame *frame)
3524 struct il_tx_beacon_cmd *tx_beacon_cmd;
3529 * We have to set up the TX command, the TX Beacon command, and the
3533 lockdep_assert_held(&il->mutex);
3535 if (!il->beacon_ctx) {
3536 IL_ERR("trying to build beacon w/o beacon context!\n");
3540 /* Initialize memory */
3541 tx_beacon_cmd = &frame->u.beacon;
3542 memset(tx_beacon_cmd, 0, sizeof(*tx_beacon_cmd));
3544 /* Set up TX beacon contents */
3545 frame_size = il4965_fill_beacon_frame(il, tx_beacon_cmd->frame,
3546 sizeof(frame->u) - sizeof(*tx_beacon_cmd));
3547 if (WARN_ON_ONCE(frame_size > MAX_MPDU_SIZE))
3552 /* Set up TX command fields */
3553 tx_beacon_cmd->tx.len = cpu_to_le16((u16)frame_size);
3554 tx_beacon_cmd->tx.sta_id = il->beacon_ctx->bcast_sta_id;
3555 tx_beacon_cmd->tx.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
3556 tx_beacon_cmd->tx.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK |
3557 TX_CMD_FLG_TSF_MSK | TX_CMD_FLG_STA_RATE_MSK;
3559 /* Set up TX beacon command fields */
3560 il4965_set_beacon_tim(il, tx_beacon_cmd, (u8 *)tx_beacon_cmd->frame,
3563 /* Set up packet rate and flags */
3564 rate = il_get_lowest_plcp(il, il->beacon_ctx);
3565 il->mgmt_tx_ant = il4965_toggle_tx_ant(il, il->mgmt_tx_ant,
3566 il->hw_params.valid_tx_ant);
3567 rate_flags = il4965_ant_idx_to_flags(il->mgmt_tx_ant);
3568 if ((rate >= IL_FIRST_CCK_RATE) && (rate <= IL_LAST_CCK_RATE))
3569 rate_flags |= RATE_MCS_CCK_MSK;
3570 tx_beacon_cmd->tx.rate_n_flags = il4965_hw_set_rate_n_flags(rate,
3573 return sizeof(*tx_beacon_cmd) + frame_size;
3576 int il4965_send_beacon_cmd(struct il_priv *il)
3578 struct il_frame *frame;
3579 unsigned int frame_size;
3582 frame = il4965_get_free_frame(il);
3584 IL_ERR("Could not obtain free frame buffer for beacon "
3589 frame_size = il4965_hw_get_beacon_cmd(il, frame);
3591 IL_ERR("Error configuring the beacon command\n");
3592 il4965_free_frame(il, frame);
3596 rc = il_send_cmd_pdu(il, C_TX_BEACON, frame_size,
3599 il4965_free_frame(il, frame);
3604 static inline dma_addr_t il4965_tfd_tb_get_addr(struct il_tfd *tfd, u8 idx)
3606 struct il_tfd_tb *tb = &tfd->tbs[idx];
3608 dma_addr_t addr = get_unaligned_le32(&tb->lo);
3609 if (sizeof(dma_addr_t) > sizeof(u32))
3611 ((dma_addr_t)(le16_to_cpu(tb->hi_n_len) & 0xF) << 16) << 16;
3616 static inline u16 il4965_tfd_tb_get_len(struct il_tfd *tfd, u8 idx)
3618 struct il_tfd_tb *tb = &tfd->tbs[idx];
3620 return le16_to_cpu(tb->hi_n_len) >> 4;
3623 static inline void il4965_tfd_set_tb(struct il_tfd *tfd, u8 idx,
3624 dma_addr_t addr, u16 len)
3626 struct il_tfd_tb *tb = &tfd->tbs[idx];
3627 u16 hi_n_len = len << 4;
3629 put_unaligned_le32(addr, &tb->lo);
3630 if (sizeof(dma_addr_t) > sizeof(u32))
3631 hi_n_len |= ((addr >> 16) >> 16) & 0xF;
3633 tb->hi_n_len = cpu_to_le16(hi_n_len);
3635 tfd->num_tbs = idx + 1;
3638 static inline u8 il4965_tfd_get_num_tbs(struct il_tfd *tfd)
3640 return tfd->num_tbs & 0x1f;
3644 * il4965_hw_txq_free_tfd - Free all chunks referenced by TFD [txq->q.read_ptr]
3645 * @il - driver ilate data
3648 * Does NOT advance any TFD circular buffer read/write idxes
3649 * Does NOT free the TFD itself (which is within circular buffer)
3651 void il4965_hw_txq_free_tfd(struct il_priv *il, struct il_tx_queue *txq)
3653 struct il_tfd *tfd_tmp = (struct il_tfd *)txq->tfds;
3655 struct pci_dev *dev = il->pci_dev;
3656 int idx = txq->q.read_ptr;
3660 tfd = &tfd_tmp[idx];
3662 /* Sanity check on number of chunks */
3663 num_tbs = il4965_tfd_get_num_tbs(tfd);
3665 if (num_tbs >= IL_NUM_OF_TBS) {
3666 IL_ERR("Too many chunks: %i\n", num_tbs);
3667 /* @todo issue fatal error, it is quite serious situation */
3673 pci_unmap_single(dev,
3674 dma_unmap_addr(&txq->meta[idx], mapping),
3675 dma_unmap_len(&txq->meta[idx], len),
3676 PCI_DMA_BIDIRECTIONAL);
3678 /* Unmap chunks, if any. */
3679 for (i = 1; i < num_tbs; i++)
3680 pci_unmap_single(dev, il4965_tfd_tb_get_addr(tfd, i),
3681 il4965_tfd_tb_get_len(tfd, i),
3686 struct sk_buff *skb;
3688 skb = txq->txb[txq->q.read_ptr].skb;
3690 /* can be called from irqs-disabled context */
3692 dev_kfree_skb_any(skb);
3693 txq->txb[txq->q.read_ptr].skb = NULL;
3698 int il4965_hw_txq_attach_buf_to_tfd(struct il_priv *il,
3699 struct il_tx_queue *txq,
3700 dma_addr_t addr, u16 len,
3704 struct il_tfd *tfd, *tfd_tmp;
3708 tfd_tmp = (struct il_tfd *)txq->tfds;
3709 tfd = &tfd_tmp[q->write_ptr];
3712 memset(tfd, 0, sizeof(*tfd));
3714 num_tbs = il4965_tfd_get_num_tbs(tfd);
3716 /* Each TFD can point to a maximum 20 Tx buffers */
3717 if (num_tbs >= IL_NUM_OF_TBS) {
3718 IL_ERR("Error can not send more than %d chunks\n",
3723 BUG_ON(addr & ~DMA_BIT_MASK(36));
3724 if (unlikely(addr & ~IL_TX_DMA_MASK))
3725 IL_ERR("Unaligned address = %llx\n",
3726 (unsigned long long)addr);
3728 il4965_tfd_set_tb(tfd, num_tbs, addr, len);
3734 * Tell nic where to find circular buffer of Tx Frame Descriptors for
3735 * given Tx queue, and enable the DMA channel used for that queue.
3737 * 4965 supports up to 16 Tx queues in DRAM, mapped to up to 8 Tx DMA
3738 * channels supported in hardware.
3740 int il4965_hw_tx_queue_init(struct il_priv *il,
3741 struct il_tx_queue *txq)
3743 int txq_id = txq->q.id;
3745 /* Circular buffer (TFD queue in DRAM) physical base address */
3746 il_wr(il, FH49_MEM_CBBC_QUEUE(txq_id),
3747 txq->q.dma_addr >> 8);
3752 /******************************************************************************
3754 * Generic RX handler implementations
3756 ******************************************************************************/
3757 static void il4965_hdl_alive(struct il_priv *il,
3758 struct il_rx_buf *rxb)
3760 struct il_rx_pkt *pkt = rxb_addr(rxb);
3761 struct il_alive_resp *palive;
3762 struct delayed_work *pwork;
3764 palive = &pkt->u.alive_frame;
3766 D_INFO("Alive ucode status 0x%08X revision "
3768 palive->is_valid, palive->ver_type,
3769 palive->ver_subtype);
3771 if (palive->ver_subtype == INITIALIZE_SUBTYPE) {
3772 D_INFO("Initialization Alive received.\n");
3773 memcpy(&il->card_alive_init,
3774 &pkt->u.alive_frame,
3775 sizeof(struct il_init_alive_resp));
3776 pwork = &il->init_alive_start;
3778 D_INFO("Runtime Alive received.\n");
3779 memcpy(&il->card_alive, &pkt->u.alive_frame,
3780 sizeof(struct il_alive_resp));
3781 pwork = &il->alive_start;
3784 /* We delay the ALIVE response by 5ms to
3785 * give the HW RF Kill time to activate... */
3786 if (palive->is_valid == UCODE_VALID_OK)
3787 queue_delayed_work(il->workqueue, pwork,
3788 msecs_to_jiffies(5));
3790 IL_WARN("uCode did not respond OK.\n");
3794 * il4965_bg_stats_periodic - Timer callback to queue stats
3796 * This callback is provided in order to send a stats request.
3798 * This timer function is continually reset to execute within
3799 * REG_RECALIB_PERIOD seconds since the last N_STATS
3800 * was received. We need to ensure we receive the stats in order
3801 * to update the temperature used for calibrating the TXPOWER.
3803 static void il4965_bg_stats_periodic(unsigned long data)
3805 struct il_priv *il = (struct il_priv *)data;
3807 if (test_bit(S_EXIT_PENDING, &il->status))
3810 /* dont send host command if rf-kill is on */
3811 if (!il_is_ready_rf(il))
3814 il_send_stats_request(il, CMD_ASYNC, false);
3817 static void il4965_hdl_beacon(struct il_priv *il,
3818 struct il_rx_buf *rxb)
3820 struct il_rx_pkt *pkt = rxb_addr(rxb);
3821 struct il4965_beacon_notif *beacon =
3822 (struct il4965_beacon_notif *)pkt->u.raw;
3823 #ifdef CONFIG_IWLEGACY_DEBUG
3824 u8 rate = il4965_hw_get_rate(beacon->beacon_notify_hdr.rate_n_flags);
3826 D_RX("beacon status %x retries %d iss %d "
3827 "tsf %d %d rate %d\n",
3828 le32_to_cpu(beacon->beacon_notify_hdr.u.status) & TX_STATUS_MSK,
3829 beacon->beacon_notify_hdr.failure_frame,
3830 le32_to_cpu(beacon->ibss_mgr_status),
3831 le32_to_cpu(beacon->high_tsf),
3832 le32_to_cpu(beacon->low_tsf), rate);
3835 il->ibss_manager = le32_to_cpu(beacon->ibss_mgr_status);
3838 static void il4965_perform_ct_kill_task(struct il_priv *il)
3840 unsigned long flags;
3842 D_POWER("Stop all queues\n");
3844 if (il->mac80211_registered)
3845 ieee80211_stop_queues(il->hw);
3847 _il_wr(il, CSR_UCODE_DRV_GP1_SET,
3848 CSR_UCODE_DRV_GP1_REG_BIT_CT_KILL_EXIT);
3849 _il_rd(il, CSR_UCODE_DRV_GP1);
3851 spin_lock_irqsave(&il->reg_lock, flags);
3852 if (!_il_grab_nic_access(il))
3853 _il_release_nic_access(il);
3854 spin_unlock_irqrestore(&il->reg_lock, flags);
3857 /* Handle notification from uCode that card's power state is changing
3858 * due to software, hardware, or critical temperature RFKILL */
3859 static void il4965_hdl_card_state(struct il_priv *il,
3860 struct il_rx_buf *rxb)
3862 struct il_rx_pkt *pkt = rxb_addr(rxb);
3863 u32 flags = le32_to_cpu(pkt->u.card_state_notif.flags);
3864 unsigned long status = il->status;
3866 D_RF_KILL("Card state received: HW:%s SW:%s CT:%s\n",
3867 (flags & HW_CARD_DISABLED) ? "Kill" : "On",
3868 (flags & SW_CARD_DISABLED) ? "Kill" : "On",
3869 (flags & CT_CARD_DISABLED) ?
3870 "Reached" : "Not reached");
3872 if (flags & (SW_CARD_DISABLED | HW_CARD_DISABLED |
3873 CT_CARD_DISABLED)) {
3875 _il_wr(il, CSR_UCODE_DRV_GP1_SET,
3876 CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
3878 il_wr(il, HBUS_TARG_MBX_C,
3879 HBUS_TARG_MBX_C_REG_BIT_CMD_BLOCKED);
3881 if (!(flags & RXON_CARD_DISABLED)) {
3882 _il_wr(il, CSR_UCODE_DRV_GP1_CLR,
3883 CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
3884 il_wr(il, HBUS_TARG_MBX_C,
3885 HBUS_TARG_MBX_C_REG_BIT_CMD_BLOCKED);
3889 if (flags & CT_CARD_DISABLED)
3890 il4965_perform_ct_kill_task(il);
3892 if (flags & HW_CARD_DISABLED)
3893 set_bit(S_RF_KILL_HW, &il->status);
3895 clear_bit(S_RF_KILL_HW, &il->status);
3897 if (!(flags & RXON_CARD_DISABLED))
3900 if ((test_bit(S_RF_KILL_HW, &status) !=
3901 test_bit(S_RF_KILL_HW, &il->status)))
3902 wiphy_rfkill_set_hw_state(il->hw->wiphy,
3903 test_bit(S_RF_KILL_HW, &il->status));
3905 wake_up(&il->wait_command_queue);
3909 * il4965_setup_handlers - Initialize Rx handler callbacks
3911 * Setup the RX handlers for each of the reply types sent from the uCode
3914 * This function chains into the hardware specific files for them to setup
3915 * any hardware specific handlers as well.
3917 static void il4965_setup_handlers(struct il_priv *il)
3919 il->handlers[N_ALIVE] = il4965_hdl_alive;
3920 il->handlers[N_ERROR] = il_hdl_error;
3921 il->handlers[N_CHANNEL_SWITCH] = il_hdl_csa;
3922 il->handlers[N_SPECTRUM_MEASUREMENT] =
3923 il_hdl_spectrum_measurement;
3924 il->handlers[N_PM_SLEEP] = il_hdl_pm_sleep;
3925 il->handlers[N_PM_DEBUG_STATS] =
3926 il_hdl_pm_debug_stats;
3927 il->handlers[N_BEACON] = il4965_hdl_beacon;
3930 * The same handler is used for both the REPLY to a discrete
3931 * stats request from the host as well as for the periodic
3932 * stats notifications (after received beacons) from the uCode.
3934 il->handlers[C_STATS] = il4965_hdl_c_stats;
3935 il->handlers[N_STATS] = il4965_hdl_stats;
3937 il_setup_rx_scan_handlers(il);
3939 /* status change handler */
3940 il->handlers[N_CARD_STATE] =
3941 il4965_hdl_card_state;
3943 il->handlers[N_MISSED_BEACONS] =
3944 il4965_hdl_missed_beacon;
3946 il->handlers[N_RX_PHY] = il4965_hdl_rx_phy;
3947 il->handlers[N_RX_MPDU] = il4965_hdl_rx;
3949 il->handlers[N_COMPRESSED_BA] = il4965_hdl_compressed_ba;
3950 /* Set up hardware specific Rx handlers */
3951 il->cfg->ops->lib->handler_setup(il);
3955 * il4965_rx_handle - Main entry function for receiving responses from uCode
3957 * Uses the il->handlers callback function array to invoke
3958 * the appropriate handlers, including command responses,
3959 * frame-received notifications, and other notifications.
3961 void il4965_rx_handle(struct il_priv *il)
3963 struct il_rx_buf *rxb;
3964 struct il_rx_pkt *pkt;
3965 struct il_rx_queue *rxq = &il->rxq;
3968 unsigned long flags;
3973 /* uCode's read idx (stored in shared DRAM) indicates the last Rx
3974 * buffer that the driver may process (last buffer filled by ucode). */
3975 r = le16_to_cpu(rxq->rb_stts->closed_rb_num) & 0x0FFF;
3978 /* Rx interrupt, but nothing sent from uCode */
3980 D_RX("r = %d, i = %d\n", r, i);
3982 /* calculate total frames need to be restock after handling RX */
3983 total_empty = r - rxq->write_actual;
3984 if (total_empty < 0)
3985 total_empty += RX_QUEUE_SIZE;
3987 if (total_empty > (RX_QUEUE_SIZE / 2))
3993 rxb = rxq->queue[i];
3995 /* If an RXB doesn't have a Rx queue slot associated with it,
3996 * then a bug has been introduced in the queue refilling
3997 * routines -- catch it here */
3998 BUG_ON(rxb == NULL);
4000 rxq->queue[i] = NULL;
4002 pci_unmap_page(il->pci_dev, rxb->page_dma,
4003 PAGE_SIZE << il->hw_params.rx_page_order,
4004 PCI_DMA_FROMDEVICE);
4005 pkt = rxb_addr(rxb);
4007 len = le32_to_cpu(pkt->len_n_flags) & IL_RX_FRAME_SIZE_MSK;
4008 len += sizeof(u32); /* account for status word */
4010 /* Reclaim a command buffer only if this packet is a response
4011 * to a (driver-originated) command.
4012 * If the packet (e.g. Rx frame) originated from uCode,
4013 * there is no command buffer to reclaim.
4014 * Ucode should set SEQ_RX_FRAME bit if ucode-originated,
4015 * but apparently a few don't get set; catch them here. */
4016 reclaim = !(pkt->hdr.sequence & SEQ_RX_FRAME) &&
4017 (pkt->hdr.cmd != N_RX_PHY) &&
4018 (pkt->hdr.cmd != N_RX) &&
4019 (pkt->hdr.cmd != N_RX_MPDU) &&
4020 (pkt->hdr.cmd != N_COMPRESSED_BA) &&
4021 (pkt->hdr.cmd != N_STATS) &&
4022 (pkt->hdr.cmd != C_TX);
4024 /* Based on type of command response or notification,
4025 * handle those that need handling via function in
4026 * handlers table. See il4965_setup_handlers() */
4027 if (il->handlers[pkt->hdr.cmd]) {
4028 D_RX("r = %d, i = %d, %s, 0x%02x\n", r,
4029 i, il_get_cmd_string(pkt->hdr.cmd),
4031 il->isr_stats.handlers[pkt->hdr.cmd]++;
4032 il->handlers[pkt->hdr.cmd] (il, rxb);
4034 /* No handling needed */
4036 "r %d i %d No handler needed for %s, 0x%02x\n",
4037 r, i, il_get_cmd_string(pkt->hdr.cmd),
4042 * XXX: After here, we should always check rxb->page
4043 * against NULL before touching it or its virtual
4044 * memory (pkt). Because some handler might have
4045 * already taken or freed the pages.
4049 /* Invoke any callbacks, transfer the buffer to caller,
4050 * and fire off the (possibly) blocking il_send_cmd()
4051 * as we reclaim the driver command queue */
4053 il_tx_cmd_complete(il, rxb);
4055 IL_WARN("Claim null rxb?\n");
4058 /* Reuse the page if possible. For notification packets and
4059 * SKBs that fail to Rx correctly, add them back into the
4060 * rx_free list for reuse later. */
4061 spin_lock_irqsave(&rxq->lock, flags);
4062 if (rxb->page != NULL) {
4063 rxb->page_dma = pci_map_page(il->pci_dev, rxb->page,
4064 0, PAGE_SIZE << il->hw_params.rx_page_order,
4065 PCI_DMA_FROMDEVICE);
4066 list_add_tail(&rxb->list, &rxq->rx_free);
4069 list_add_tail(&rxb->list, &rxq->rx_used);
4071 spin_unlock_irqrestore(&rxq->lock, flags);
4073 i = (i + 1) & RX_QUEUE_MASK;
4074 /* If there are a lot of unused frames,
4075 * restock the Rx queue so ucode wont assert. */
4080 il4965_rx_replenish_now(il);
4086 /* Backtrack one entry */
4089 il4965_rx_replenish_now(il);
4091 il4965_rx_queue_restock(il);
4094 /* call this function to flush any scheduled tasklet */
4095 static inline void il4965_synchronize_irq(struct il_priv *il)
4097 /* wait to make sure we flush pending tasklet*/
4098 synchronize_irq(il->pci_dev->irq);
4099 tasklet_kill(&il->irq_tasklet);
4102 static void il4965_irq_tasklet(struct il_priv *il)
4104 u32 inta, handled = 0;
4106 unsigned long flags;
4108 #ifdef CONFIG_IWLEGACY_DEBUG
4112 spin_lock_irqsave(&il->lock, flags);
4114 /* Ack/clear/reset pending uCode interrupts.
4115 * Note: Some bits in CSR_INT are "OR" of bits in CSR_FH_INT_STATUS,
4116 * and will clear only when CSR_FH_INT_STATUS gets cleared. */
4117 inta = _il_rd(il, CSR_INT);
4118 _il_wr(il, CSR_INT, inta);
4120 /* Ack/clear/reset pending flow-handler (DMA) interrupts.
4121 * Any new interrupts that happen after this, either while we're
4122 * in this tasklet, or later, will show up in next ISR/tasklet. */
4123 inta_fh = _il_rd(il, CSR_FH_INT_STATUS);
4124 _il_wr(il, CSR_FH_INT_STATUS, inta_fh);
4126 #ifdef CONFIG_IWLEGACY_DEBUG
4127 if (il_get_debug_level(il) & IL_DL_ISR) {
4128 /* just for debug */
4129 inta_mask = _il_rd(il, CSR_INT_MASK);
4130 D_ISR("inta 0x%08x, enabled 0x%08x, fh 0x%08x\n",
4131 inta, inta_mask, inta_fh);
4135 spin_unlock_irqrestore(&il->lock, flags);
4137 /* Since CSR_INT and CSR_FH_INT_STATUS reads and clears are not
4138 * atomic, make sure that inta covers all the interrupts that
4139 * we've discovered, even if FH interrupt came in just after
4140 * reading CSR_INT. */
4141 if (inta_fh & CSR49_FH_INT_RX_MASK)
4142 inta |= CSR_INT_BIT_FH_RX;
4143 if (inta_fh & CSR49_FH_INT_TX_MASK)
4144 inta |= CSR_INT_BIT_FH_TX;
4146 /* Now service all interrupt bits discovered above. */
4147 if (inta & CSR_INT_BIT_HW_ERR) {
4148 IL_ERR("Hardware error detected. Restarting.\n");
4150 /* Tell the device to stop sending interrupts */
4151 il_disable_interrupts(il);
4154 il_irq_handle_error(il);
4156 handled |= CSR_INT_BIT_HW_ERR;
4161 #ifdef CONFIG_IWLEGACY_DEBUG
4162 if (il_get_debug_level(il) & (IL_DL_ISR)) {
4163 /* NIC fires this, but we don't use it, redundant with WAKEUP */
4164 if (inta & CSR_INT_BIT_SCD) {
4165 D_ISR("Scheduler finished to transmit "
4166 "the frame/frames.\n");
4167 il->isr_stats.sch++;
4170 /* Alive notification via Rx interrupt will do the real work */
4171 if (inta & CSR_INT_BIT_ALIVE) {
4172 D_ISR("Alive interrupt\n");
4173 il->isr_stats.alive++;
4177 /* Safely ignore these bits for debug checks below */
4178 inta &= ~(CSR_INT_BIT_SCD | CSR_INT_BIT_ALIVE);
4180 /* HW RF KILL switch toggled */
4181 if (inta & CSR_INT_BIT_RF_KILL) {
4183 if (!(_il_rd(il, CSR_GP_CNTRL) &
4184 CSR_GP_CNTRL_REG_FLAG_HW_RF_KILL_SW))
4187 IL_WARN("RF_KILL bit toggled to %s.\n",
4188 hw_rf_kill ? "disable radio" : "enable radio");
4190 il->isr_stats.rfkill++;
4192 /* driver only loads ucode once setting the interface up.
4193 * the driver allows loading the ucode even if the radio
4194 * is killed. Hence update the killswitch state here. The
4195 * rfkill handler will care about restarting if needed.
4197 if (!test_bit(S_ALIVE, &il->status)) {
4199 set_bit(S_RF_KILL_HW, &il->status);
4201 clear_bit(S_RF_KILL_HW, &il->status);
4202 wiphy_rfkill_set_hw_state(il->hw->wiphy, hw_rf_kill);
4205 handled |= CSR_INT_BIT_RF_KILL;
4208 /* Chip got too hot and stopped itself */
4209 if (inta & CSR_INT_BIT_CT_KILL) {
4210 IL_ERR("Microcode CT kill error detected.\n");
4211 il->isr_stats.ctkill++;
4212 handled |= CSR_INT_BIT_CT_KILL;
4215 /* Error detected by uCode */
4216 if (inta & CSR_INT_BIT_SW_ERR) {
4217 IL_ERR("Microcode SW error detected. "
4218 " Restarting 0x%X.\n", inta);
4220 il_irq_handle_error(il);
4221 handled |= CSR_INT_BIT_SW_ERR;
4225 * uCode wakes up after power-down sleep.
4226 * Tell device about any new tx or host commands enqueued,
4227 * and about any Rx buffers made available while asleep.
4229 if (inta & CSR_INT_BIT_WAKEUP) {
4230 D_ISR("Wakeup interrupt\n");
4231 il_rx_queue_update_write_ptr(il, &il->rxq);
4232 for (i = 0; i < il->hw_params.max_txq_num; i++)
4233 il_txq_update_write_ptr(il, &il->txq[i]);
4234 il->isr_stats.wakeup++;
4235 handled |= CSR_INT_BIT_WAKEUP;
4238 /* All uCode command responses, including Tx command responses,
4239 * Rx "responses" (frame-received notification), and other
4240 * notifications from uCode come through here*/
4241 if (inta & (CSR_INT_BIT_FH_RX | CSR_INT_BIT_SW_RX)) {
4242 il4965_rx_handle(il);
4244 handled |= (CSR_INT_BIT_FH_RX | CSR_INT_BIT_SW_RX);
4247 /* This "Tx" DMA channel is used only for loading uCode */
4248 if (inta & CSR_INT_BIT_FH_TX) {
4249 D_ISR("uCode load interrupt\n");
4251 handled |= CSR_INT_BIT_FH_TX;
4252 /* Wake up uCode load routine, now that load is complete */
4253 il->ucode_write_complete = 1;
4254 wake_up(&il->wait_command_queue);
4257 if (inta & ~handled) {
4258 IL_ERR("Unhandled INTA bits 0x%08x\n", inta & ~handled);
4259 il->isr_stats.unhandled++;
4262 if (inta & ~(il->inta_mask)) {
4263 IL_WARN("Disabled INTA bits 0x%08x were pending\n",
4264 inta & ~il->inta_mask);
4265 IL_WARN(" with FH49_INT = 0x%08x\n", inta_fh);
4268 /* Re-enable all interrupts */
4269 /* only Re-enable if disabled by irq */
4270 if (test_bit(S_INT_ENABLED, &il->status))
4271 il_enable_interrupts(il);
4272 /* Re-enable RF_KILL if it occurred */
4273 else if (handled & CSR_INT_BIT_RF_KILL)
4274 il_enable_rfkill_int(il);
4276 #ifdef CONFIG_IWLEGACY_DEBUG
4277 if (il_get_debug_level(il) & (IL_DL_ISR)) {
4278 inta = _il_rd(il, CSR_INT);
4279 inta_mask = _il_rd(il, CSR_INT_MASK);
4280 inta_fh = _il_rd(il, CSR_FH_INT_STATUS);
4282 "End inta 0x%08x, enabled 0x%08x, fh 0x%08x, "
4283 "flags 0x%08lx\n", inta, inta_mask, inta_fh, flags);
4288 /*****************************************************************************
4292 *****************************************************************************/
4294 #ifdef CONFIG_IWLEGACY_DEBUG
4297 * The following adds a new attribute to the sysfs representation
4298 * of this device driver (i.e. a new file in /sys/class/net/wlan0/device/)
4299 * used for controlling the debug level.
4301 * See the level definitions in iwl for details.
4303 * The debug_level being managed using sysfs below is a per device debug
4304 * level that is used instead of the global debug level if it (the per
4305 * device debug level) is set.
4307 static ssize_t il4965_show_debug_level(struct device *d,
4308 struct device_attribute *attr, char *buf)
4310 struct il_priv *il = dev_get_drvdata(d);
4311 return sprintf(buf, "0x%08X\n", il_get_debug_level(il));
4313 static ssize_t il4965_store_debug_level(struct device *d,
4314 struct device_attribute *attr,
4315 const char *buf, size_t count)
4317 struct il_priv *il = dev_get_drvdata(d);
4321 ret = strict_strtoul(buf, 0, &val);
4323 IL_ERR("%s is not in hex or decimal form.\n", buf);
4325 il->debug_level = val;
4326 if (il_alloc_traffic_mem(il))
4328 "Not enough memory to generate traffic log\n");
4330 return strnlen(buf, count);
4333 static DEVICE_ATTR(debug_level, S_IWUSR | S_IRUGO,
4334 il4965_show_debug_level, il4965_store_debug_level);
4337 #endif /* CONFIG_IWLEGACY_DEBUG */
4340 static ssize_t il4965_show_temperature(struct device *d,
4341 struct device_attribute *attr, char *buf)
4343 struct il_priv *il = dev_get_drvdata(d);
4345 if (!il_is_alive(il))
4348 return sprintf(buf, "%d\n", il->temperature);
4351 static DEVICE_ATTR(temperature, S_IRUGO, il4965_show_temperature, NULL);
4353 static ssize_t il4965_show_tx_power(struct device *d,
4354 struct device_attribute *attr, char *buf)
4356 struct il_priv *il = dev_get_drvdata(d);
4358 if (!il_is_ready_rf(il))
4359 return sprintf(buf, "off\n");
4361 return sprintf(buf, "%d\n", il->tx_power_user_lmt);
4364 static ssize_t il4965_store_tx_power(struct device *d,
4365 struct device_attribute *attr,
4366 const char *buf, size_t count)
4368 struct il_priv *il = dev_get_drvdata(d);
4372 ret = strict_strtoul(buf, 10, &val);
4374 IL_INFO("%s is not in decimal form.\n", buf);
4376 ret = il_set_tx_power(il, val, false);
4378 IL_ERR("failed setting tx power (0x%d).\n",
4386 static DEVICE_ATTR(tx_power, S_IWUSR | S_IRUGO,
4387 il4965_show_tx_power, il4965_store_tx_power);
4389 static struct attribute *il_sysfs_entries[] = {
4390 &dev_attr_temperature.attr,
4391 &dev_attr_tx_power.attr,
4392 #ifdef CONFIG_IWLEGACY_DEBUG
4393 &dev_attr_debug_level.attr,
4398 static struct attribute_group il_attribute_group = {
4399 .name = NULL, /* put in device directory */
4400 .attrs = il_sysfs_entries,
4403 /******************************************************************************
4405 * uCode download functions
4407 ******************************************************************************/
4409 static void il4965_dealloc_ucode_pci(struct il_priv *il)
4411 il_free_fw_desc(il->pci_dev, &il->ucode_code);
4412 il_free_fw_desc(il->pci_dev, &il->ucode_data);
4413 il_free_fw_desc(il->pci_dev, &il->ucode_data_backup);
4414 il_free_fw_desc(il->pci_dev, &il->ucode_init);
4415 il_free_fw_desc(il->pci_dev, &il->ucode_init_data);
4416 il_free_fw_desc(il->pci_dev, &il->ucode_boot);
4419 static void il4965_nic_start(struct il_priv *il)
4421 /* Remove all resets to allow NIC to operate */
4422 _il_wr(il, CSR_RESET, 0);
4425 static void il4965_ucode_callback(const struct firmware *ucode_raw,
4427 static int il4965_mac_setup_register(struct il_priv *il,
4428 u32 max_probe_length);
4430 static int __must_check il4965_request_firmware(struct il_priv *il, bool first)
4432 const char *name_pre = il->cfg->fw_name_pre;
4436 il->fw_idx = il->cfg->ucode_api_max;
4437 sprintf(tag, "%d", il->fw_idx);
4440 sprintf(tag, "%d", il->fw_idx);
4443 if (il->fw_idx < il->cfg->ucode_api_min) {
4444 IL_ERR("no suitable firmware found!\n");
4448 sprintf(il->firmware_name, "%s%s%s", name_pre, tag, ".ucode");
4450 D_INFO("attempting to load firmware '%s'\n",
4453 return request_firmware_nowait(THIS_MODULE, 1, il->firmware_name,
4454 &il->pci_dev->dev, GFP_KERNEL, il,
4455 il4965_ucode_callback);
4458 struct il4965_firmware_pieces {
4459 const void *inst, *data, *init, *init_data, *boot;
4460 size_t inst_size, data_size, init_size, init_data_size, boot_size;
4463 static int il4965_load_firmware(struct il_priv *il,
4464 const struct firmware *ucode_raw,
4465 struct il4965_firmware_pieces *pieces)
4467 struct il_ucode_header *ucode = (void *)ucode_raw->data;
4468 u32 api_ver, hdr_size;
4471 il->ucode_ver = le32_to_cpu(ucode->ver);
4472 api_ver = IL_UCODE_API(il->ucode_ver);
4480 if (ucode_raw->size < hdr_size) {
4481 IL_ERR("File size too small!\n");
4484 pieces->inst_size = le32_to_cpu(ucode->v1.inst_size);
4485 pieces->data_size = le32_to_cpu(ucode->v1.data_size);
4486 pieces->init_size = le32_to_cpu(ucode->v1.init_size);
4487 pieces->init_data_size =
4488 le32_to_cpu(ucode->v1.init_data_size);
4489 pieces->boot_size = le32_to_cpu(ucode->v1.boot_size);
4490 src = ucode->v1.data;
4494 /* Verify size of file vs. image size info in file's header */
4495 if (ucode_raw->size != hdr_size + pieces->inst_size +
4496 pieces->data_size + pieces->init_size +
4497 pieces->init_data_size + pieces->boot_size) {
4500 "uCode file size %d does not match expected size\n",
4501 (int)ucode_raw->size);
4506 src += pieces->inst_size;
4508 src += pieces->data_size;
4510 src += pieces->init_size;
4511 pieces->init_data = src;
4512 src += pieces->init_data_size;
4514 src += pieces->boot_size;
4520 * il4965_ucode_callback - callback when firmware was loaded
4522 * If loaded successfully, copies the firmware into buffers
4523 * for the card to fetch (via DMA).
4526 il4965_ucode_callback(const struct firmware *ucode_raw, void *context)
4528 struct il_priv *il = context;
4529 struct il_ucode_header *ucode;
4531 struct il4965_firmware_pieces pieces;
4532 const unsigned int api_max = il->cfg->ucode_api_max;
4533 const unsigned int api_min = il->cfg->ucode_api_min;
4536 u32 max_probe_length = 200;
4537 u32 standard_phy_calibration_size =
4538 IL_DEFAULT_STANDARD_PHY_CALIBRATE_TBL_SIZE;
4540 memset(&pieces, 0, sizeof(pieces));
4543 if (il->fw_idx <= il->cfg->ucode_api_max)
4545 "request for firmware file '%s' failed.\n",
4550 D_INFO("Loaded firmware file '%s' (%zd bytes).\n",
4551 il->firmware_name, ucode_raw->size);
4553 /* Make sure that we got at least the API version number */
4554 if (ucode_raw->size < 4) {
4555 IL_ERR("File size way too small!\n");
4559 /* Data from ucode file: header followed by uCode images */
4560 ucode = (struct il_ucode_header *)ucode_raw->data;
4562 err = il4965_load_firmware(il, ucode_raw, &pieces);
4567 api_ver = IL_UCODE_API(il->ucode_ver);
4570 * api_ver should match the api version forming part of the
4571 * firmware filename ... but we don't check for that and only rely
4572 * on the API version read from firmware header from here on forward
4574 if (api_ver < api_min || api_ver > api_max) {
4576 "Driver unable to support your firmware API. "
4577 "Driver supports v%u, firmware is v%u.\n",
4582 if (api_ver != api_max)
4584 "Firmware has old API version. Expected v%u, "
4585 "got v%u. New firmware can be obtained "
4586 "from http://www.intellinuxwireless.org.\n",
4589 IL_INFO("loaded firmware version %u.%u.%u.%u\n",
4590 IL_UCODE_MAJOR(il->ucode_ver),
4591 IL_UCODE_MINOR(il->ucode_ver),
4592 IL_UCODE_API(il->ucode_ver),
4593 IL_UCODE_SERIAL(il->ucode_ver));
4595 snprintf(il->hw->wiphy->fw_version,
4596 sizeof(il->hw->wiphy->fw_version),
4598 IL_UCODE_MAJOR(il->ucode_ver),
4599 IL_UCODE_MINOR(il->ucode_ver),
4600 IL_UCODE_API(il->ucode_ver),
4601 IL_UCODE_SERIAL(il->ucode_ver));
4604 * For any of the failures below (before allocating pci memory)
4605 * we will try to load a version with a smaller API -- maybe the
4606 * user just got a corrupted version of the latest API.
4609 D_INFO("f/w package hdr ucode version raw = 0x%x\n",
4611 D_INFO("f/w package hdr runtime inst size = %Zd\n",
4613 D_INFO("f/w package hdr runtime data size = %Zd\n",
4615 D_INFO("f/w package hdr init inst size = %Zd\n",
4617 D_INFO("f/w package hdr init data size = %Zd\n",
4618 pieces.init_data_size);
4619 D_INFO("f/w package hdr boot inst size = %Zd\n",
4622 /* Verify that uCode images will fit in card's SRAM */
4623 if (pieces.inst_size > il->hw_params.max_inst_size) {
4624 IL_ERR("uCode instr len %Zd too large to fit in\n",
4629 if (pieces.data_size > il->hw_params.max_data_size) {
4630 IL_ERR("uCode data len %Zd too large to fit in\n",
4635 if (pieces.init_size > il->hw_params.max_inst_size) {
4636 IL_ERR("uCode init instr len %Zd too large to fit in\n",
4641 if (pieces.init_data_size > il->hw_params.max_data_size) {
4642 IL_ERR("uCode init data len %Zd too large to fit in\n",
4643 pieces.init_data_size);
4647 if (pieces.boot_size > il->hw_params.max_bsm_size) {
4648 IL_ERR("uCode boot instr len %Zd too large to fit in\n",
4653 /* Allocate ucode buffers for card's bus-master loading ... */
4655 /* Runtime instructions and 2 copies of data:
4656 * 1) unmodified from disk
4657 * 2) backup cache for save/restore during power-downs */
4658 il->ucode_code.len = pieces.inst_size;
4659 il_alloc_fw_desc(il->pci_dev, &il->ucode_code);
4661 il->ucode_data.len = pieces.data_size;
4662 il_alloc_fw_desc(il->pci_dev, &il->ucode_data);
4664 il->ucode_data_backup.len = pieces.data_size;
4665 il_alloc_fw_desc(il->pci_dev, &il->ucode_data_backup);
4667 if (!il->ucode_code.v_addr || !il->ucode_data.v_addr ||
4668 !il->ucode_data_backup.v_addr)
4671 /* Initialization instructions and data */
4672 if (pieces.init_size && pieces.init_data_size) {
4673 il->ucode_init.len = pieces.init_size;
4674 il_alloc_fw_desc(il->pci_dev, &il->ucode_init);
4676 il->ucode_init_data.len = pieces.init_data_size;
4677 il_alloc_fw_desc(il->pci_dev, &il->ucode_init_data);
4679 if (!il->ucode_init.v_addr || !il->ucode_init_data.v_addr)
4683 /* Bootstrap (instructions only, no data) */
4684 if (pieces.boot_size) {
4685 il->ucode_boot.len = pieces.boot_size;
4686 il_alloc_fw_desc(il->pci_dev, &il->ucode_boot);
4688 if (!il->ucode_boot.v_addr)
4692 /* Now that we can no longer fail, copy information */
4694 il->sta_key_max_num = STA_KEY_MAX_NUM;
4696 /* Copy images into buffers for card's bus-master reads ... */
4698 /* Runtime instructions (first block of data in file) */
4699 D_INFO("Copying (but not loading) uCode instr len %Zd\n",
4701 memcpy(il->ucode_code.v_addr, pieces.inst, pieces.inst_size);
4703 D_INFO("uCode instr buf vaddr = 0x%p, paddr = 0x%08x\n",
4704 il->ucode_code.v_addr, (u32)il->ucode_code.p_addr);
4708 * NOTE: Copy into backup buffer will be done in il_up()
4710 D_INFO("Copying (but not loading) uCode data len %Zd\n",
4712 memcpy(il->ucode_data.v_addr, pieces.data, pieces.data_size);
4713 memcpy(il->ucode_data_backup.v_addr, pieces.data, pieces.data_size);
4715 /* Initialization instructions */
4716 if (pieces.init_size) {
4718 "Copying (but not loading) init instr len %Zd\n",
4720 memcpy(il->ucode_init.v_addr, pieces.init, pieces.init_size);
4723 /* Initialization data */
4724 if (pieces.init_data_size) {
4726 "Copying (but not loading) init data len %Zd\n",
4727 pieces.init_data_size);
4728 memcpy(il->ucode_init_data.v_addr, pieces.init_data,
4729 pieces.init_data_size);
4732 /* Bootstrap instructions */
4733 D_INFO("Copying (but not loading) boot instr len %Zd\n",
4735 memcpy(il->ucode_boot.v_addr, pieces.boot, pieces.boot_size);
4738 * figure out the offset of chain noise reset and gain commands
4739 * base on the size of standard phy calibration commands table size
4741 il->_4965.phy_calib_chain_noise_reset_cmd =
4742 standard_phy_calibration_size;
4743 il->_4965.phy_calib_chain_noise_gain_cmd =
4744 standard_phy_calibration_size + 1;
4746 /**************************************************
4747 * This is still part of probe() in a sense...
4749 * 9. Setup and register with mac80211 and debugfs
4750 **************************************************/
4751 err = il4965_mac_setup_register(il, max_probe_length);
4755 err = il_dbgfs_register(il, DRV_NAME);
4758 "failed to create debugfs files. Ignoring error: %d\n", err);
4760 err = sysfs_create_group(&il->pci_dev->dev.kobj,
4761 &il_attribute_group);
4763 IL_ERR("failed to create sysfs device attributes\n");
4767 /* We have our copies now, allow OS release its copies */
4768 release_firmware(ucode_raw);
4769 complete(&il->_4965.firmware_loading_complete);
4773 /* try next, if any */
4774 if (il4965_request_firmware(il, false))
4776 release_firmware(ucode_raw);
4780 IL_ERR("failed to allocate pci memory\n");
4781 il4965_dealloc_ucode_pci(il);
4783 complete(&il->_4965.firmware_loading_complete);
4784 device_release_driver(&il->pci_dev->dev);
4785 release_firmware(ucode_raw);
4788 static const char * const desc_lookup_text[] = {
4793 "NMI_INTERRUPT_WDG",
4797 "HW_ERROR_TUNE_LOCK",
4798 "HW_ERROR_TEMPERATURE",
4799 "ILLEGAL_CHAN_FREQ",
4802 "NMI_INTERRUPT_HOST",
4803 "NMI_INTERRUPT_ACTION_PT",
4804 "NMI_INTERRUPT_UNKNOWN",
4805 "UCODE_VERSION_MISMATCH",
4806 "HW_ERROR_ABS_LOCK",
4807 "HW_ERROR_CAL_LOCK_FAIL",
4808 "NMI_INTERRUPT_INST_ACTION_PT",
4809 "NMI_INTERRUPT_DATA_ACTION_PT",
4811 "NMI_INTERRUPT_TRM",
4812 "NMI_INTERRUPT_BREAK_POINT",
4819 static struct { char *name; u8 num; } advanced_lookup[] = {
4820 { "NMI_INTERRUPT_WDG", 0x34 },
4821 { "SYSASSERT", 0x35 },
4822 { "UCODE_VERSION_MISMATCH", 0x37 },
4823 { "BAD_COMMAND", 0x38 },
4824 { "NMI_INTERRUPT_DATA_ACTION_PT", 0x3C },
4825 { "FATAL_ERROR", 0x3D },
4826 { "NMI_TRM_HW_ERR", 0x46 },
4827 { "NMI_INTERRUPT_TRM", 0x4C },
4828 { "NMI_INTERRUPT_BREAK_POINT", 0x54 },
4829 { "NMI_INTERRUPT_WDG_RXF_FULL", 0x5C },
4830 { "NMI_INTERRUPT_WDG_NO_RBD_RXF_FULL", 0x64 },
4831 { "NMI_INTERRUPT_HOST", 0x66 },
4832 { "NMI_INTERRUPT_ACTION_PT", 0x7C },
4833 { "NMI_INTERRUPT_UNKNOWN", 0x84 },
4834 { "NMI_INTERRUPT_INST_ACTION_PT", 0x86 },
4835 { "ADVANCED_SYSASSERT", 0 },
4838 static const char *il4965_desc_lookup(u32 num)
4841 int max = ARRAY_SIZE(desc_lookup_text);
4844 return desc_lookup_text[num];
4846 max = ARRAY_SIZE(advanced_lookup) - 1;
4847 for (i = 0; i < max; i++) {
4848 if (advanced_lookup[i].num == num)
4851 return advanced_lookup[i].name;
4854 #define ERROR_START_OFFSET (1 * sizeof(u32))
4855 #define ERROR_ELEM_SIZE (7 * sizeof(u32))
4857 void il4965_dump_nic_error_log(struct il_priv *il)
4860 u32 desc, time, count, base, data1;
4861 u32 blink1, blink2, ilink1, ilink2;
4864 if (il->ucode_type == UCODE_INIT) {
4865 base = le32_to_cpu(il->card_alive_init.error_event_table_ptr);
4867 base = le32_to_cpu(il->card_alive.error_event_table_ptr);
4870 if (!il->cfg->ops->lib->is_valid_rtc_data_addr(base)) {
4872 "Not valid error log pointer 0x%08X for %s uCode\n",
4873 base, (il->ucode_type == UCODE_INIT) ? "Init" : "RT");
4877 count = il_read_targ_mem(il, base);
4879 if (ERROR_START_OFFSET <= count * ERROR_ELEM_SIZE) {
4880 IL_ERR("Start IWL Error Log Dump:\n");
4881 IL_ERR("Status: 0x%08lX, count: %d\n",
4885 desc = il_read_targ_mem(il, base + 1 * sizeof(u32));
4886 il->isr_stats.err_code = desc;
4887 pc = il_read_targ_mem(il, base + 2 * sizeof(u32));
4888 blink1 = il_read_targ_mem(il, base + 3 * sizeof(u32));
4889 blink2 = il_read_targ_mem(il, base + 4 * sizeof(u32));
4890 ilink1 = il_read_targ_mem(il, base + 5 * sizeof(u32));
4891 ilink2 = il_read_targ_mem(il, base + 6 * sizeof(u32));
4892 data1 = il_read_targ_mem(il, base + 7 * sizeof(u32));
4893 data2 = il_read_targ_mem(il, base + 8 * sizeof(u32));
4894 line = il_read_targ_mem(il, base + 9 * sizeof(u32));
4895 time = il_read_targ_mem(il, base + 11 * sizeof(u32));
4896 hcmd = il_read_targ_mem(il, base + 22 * sizeof(u32));
4899 "data1 data2 line\n");
4900 IL_ERR("%-28s (0x%04X) %010u 0x%08X 0x%08X %u\n",
4901 il4965_desc_lookup(desc), desc, time, data1, data2, line);
4902 IL_ERR("pc blink1 blink2 ilink1 ilink2 hcmd\n");
4903 IL_ERR("0x%05X 0x%05X 0x%05X 0x%05X 0x%05X 0x%05X\n",
4904 pc, blink1, blink2, ilink1, ilink2, hcmd);
4907 static void il4965_rf_kill_ct_config(struct il_priv *il)
4909 struct il_ct_kill_config cmd;
4910 unsigned long flags;
4913 spin_lock_irqsave(&il->lock, flags);
4914 _il_wr(il, CSR_UCODE_DRV_GP1_CLR,
4915 CSR_UCODE_DRV_GP1_REG_BIT_CT_KILL_EXIT);
4916 spin_unlock_irqrestore(&il->lock, flags);
4918 cmd.critical_temperature_R =
4919 cpu_to_le32(il->hw_params.ct_kill_threshold);
4921 ret = il_send_cmd_pdu(il, C_CT_KILL_CONFIG,
4924 IL_ERR("C_CT_KILL_CONFIG failed\n");
4926 D_INFO("C_CT_KILL_CONFIG "
4928 "critical temperature is %d\n",
4929 il->hw_params.ct_kill_threshold);
4932 static const s8 default_queue_to_tx_fifo[] = {
4942 #define IL_MASK(lo, hi) ((1 << (hi)) | ((1 << (hi)) - (1 << (lo))))
4944 static int il4965_alive_notify(struct il_priv *il)
4947 unsigned long flags;
4951 spin_lock_irqsave(&il->lock, flags);
4953 /* Clear 4965's internal Tx Scheduler data base */
4954 il->scd_base_addr = il_rd_prph(il,
4955 IL49_SCD_SRAM_BASE_ADDR);
4956 a = il->scd_base_addr + IL49_SCD_CONTEXT_DATA_OFFSET;
4957 for (; a < il->scd_base_addr + IL49_SCD_TX_STTS_BITMAP_OFFSET; a += 4)
4958 il_write_targ_mem(il, a, 0);
4959 for (; a < il->scd_base_addr + IL49_SCD_TRANSLATE_TBL_OFFSET; a += 4)
4960 il_write_targ_mem(il, a, 0);
4961 for (; a < il->scd_base_addr +
4962 IL49_SCD_TRANSLATE_TBL_OFFSET_QUEUE(il->hw_params.max_txq_num); a += 4)
4963 il_write_targ_mem(il, a, 0);
4965 /* Tel 4965 where to find Tx byte count tables */
4966 il_wr_prph(il, IL49_SCD_DRAM_BASE_ADDR,
4967 il->scd_bc_tbls.dma >> 10);
4969 /* Enable DMA channel */
4970 for (chan = 0; chan < FH49_TCSR_CHNL_NUM ; chan++)
4972 FH49_TCSR_CHNL_TX_CONFIG_REG(chan),
4973 FH49_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
4974 FH49_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE);
4976 /* Update FH chicken bits */
4977 reg_val = il_rd(il, FH49_TX_CHICKEN_BITS_REG);
4978 il_wr(il, FH49_TX_CHICKEN_BITS_REG,
4979 reg_val | FH49_TX_CHICKEN_BITS_SCD_AUTO_RETRY_EN);
4981 /* Disable chain mode for all queues */
4982 il_wr_prph(il, IL49_SCD_QUEUECHAIN_SEL, 0);
4984 /* Initialize each Tx queue (including the command queue) */
4985 for (i = 0; i < il->hw_params.max_txq_num; i++) {
4987 /* TFD circular buffer read/write idxes */
4988 il_wr_prph(il, IL49_SCD_QUEUE_RDPTR(i), 0);
4989 il_wr(il, HBUS_TARG_WRPTR, 0 | (i << 8));
4991 /* Max Tx Window size for Scheduler-ACK mode */
4992 il_write_targ_mem(il, il->scd_base_addr +
4993 IL49_SCD_CONTEXT_QUEUE_OFFSET(i),
4995 IL49_SCD_QUEUE_CTX_REG1_WIN_SIZE_POS) &
4996 IL49_SCD_QUEUE_CTX_REG1_WIN_SIZE_MSK);
4999 il_write_targ_mem(il, il->scd_base_addr +
5000 IL49_SCD_CONTEXT_QUEUE_OFFSET(i) +
5003 IL49_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_POS) &
5004 IL49_SCD_QUEUE_CTX_REG2_FRAME_LIMIT_MSK);
5007 il_wr_prph(il, IL49_SCD_INTERRUPT_MASK,
5008 (1 << il->hw_params.max_txq_num) - 1);
5010 /* Activate all Tx DMA/FIFO channels */
5011 il4965_txq_set_sched(il, IL_MASK(0, 6));
5013 il4965_set_wr_ptrs(il, IL_DEFAULT_CMD_QUEUE_NUM, 0);
5015 /* make sure all queue are not stopped */
5016 memset(&il->queue_stopped[0], 0, sizeof(il->queue_stopped));
5017 for (i = 0; i < 4; i++)
5018 atomic_set(&il->queue_stop_count[i], 0);
5020 /* reset to 0 to enable all the queue first */
5021 il->txq_ctx_active_msk = 0;
5022 /* Map each Tx/cmd queue to its corresponding fifo */
5023 BUILD_BUG_ON(ARRAY_SIZE(default_queue_to_tx_fifo) != 7);
5025 for (i = 0; i < ARRAY_SIZE(default_queue_to_tx_fifo); i++) {
5026 int ac = default_queue_to_tx_fifo[i];
5028 il_txq_ctx_activate(il, i);
5030 if (ac == IL_TX_FIFO_UNUSED)
5033 il4965_tx_queue_set_status(il, &il->txq[i], ac, 0);
5036 spin_unlock_irqrestore(&il->lock, flags);
5042 * il4965_alive_start - called after N_ALIVE notification received
5043 * from protocol/runtime uCode (initialization uCode's
5044 * Alive gets handled by il_init_alive_start()).
5046 static void il4965_alive_start(struct il_priv *il)
5049 struct il_rxon_context *ctx = &il->ctx;
5051 D_INFO("Runtime Alive received.\n");
5053 if (il->card_alive.is_valid != UCODE_VALID_OK) {
5054 /* We had an error bringing up the hardware, so take it
5055 * all the way back down so we can try again */
5056 D_INFO("Alive failed.\n");
5060 /* Initialize uCode has loaded Runtime uCode ... verify inst image.
5061 * This is a paranoid check, because we would not have gotten the
5062 * "runtime" alive if code weren't properly loaded. */
5063 if (il4965_verify_ucode(il)) {
5064 /* Runtime instruction load was bad;
5065 * take it all the way back down so we can try again */
5066 D_INFO("Bad runtime uCode load.\n");
5070 ret = il4965_alive_notify(il);
5073 "Could not complete ALIVE transition [ntf]: %d\n", ret);
5078 /* After the ALIVE response, we can send host commands to the uCode */
5079 set_bit(S_ALIVE, &il->status);
5081 /* Enable watchdog to monitor the driver tx queues */
5082 il_setup_watchdog(il);
5084 if (il_is_rfkill(il))
5087 ieee80211_wake_queues(il->hw);
5089 il->active_rate = RATES_MASK;
5091 if (il_is_associated_ctx(ctx)) {
5092 struct il_rxon_cmd *active_rxon =
5093 (struct il_rxon_cmd *)&ctx->active;
5094 /* apply any changes in staging */
5095 ctx->staging.filter_flags |= RXON_FILTER_ASSOC_MSK;
5096 active_rxon->filter_flags &= ~RXON_FILTER_ASSOC_MSK;
5098 /* Initialize our rx_config data */
5099 il_connection_init_rx_config(il, &il->ctx);
5101 if (il->cfg->ops->hcmd->set_rxon_chain)
5102 il->cfg->ops->hcmd->set_rxon_chain(il, ctx);
5105 /* Configure bluetooth coexistence if enabled */
5106 il_send_bt_config(il);
5108 il4965_reset_run_time_calib(il);
5110 set_bit(S_READY, &il->status);
5112 /* Configure the adapter for unassociated operation */
5113 il_commit_rxon(il, ctx);
5115 /* At this point, the NIC is initialized and operational */
5116 il4965_rf_kill_ct_config(il);
5118 D_INFO("ALIVE processing complete.\n");
5119 wake_up(&il->wait_command_queue);
5121 il_power_update_mode(il, true);
5122 D_INFO("Updated power mode\n");
5127 queue_work(il->workqueue, &il->restart);
5130 static void il4965_cancel_deferred_work(struct il_priv *il);
5132 static void __il4965_down(struct il_priv *il)
5134 unsigned long flags;
5137 D_INFO(DRV_NAME " is going down\n");
5139 il_scan_cancel_timeout(il, 200);
5141 exit_pending = test_and_set_bit(S_EXIT_PENDING, &il->status);
5143 /* Stop TX queues watchdog. We need to have S_EXIT_PENDING bit set
5144 * to prevent rearm timer */
5145 del_timer_sync(&il->watchdog);
5147 il_clear_ucode_stations(il, NULL);
5148 il_dealloc_bcast_stations(il);
5149 il_clear_driver_stations(il);
5151 /* Unblock any waiting calls */
5152 wake_up_all(&il->wait_command_queue);
5154 /* Wipe out the EXIT_PENDING status bit if we are not actually
5155 * exiting the module */
5157 clear_bit(S_EXIT_PENDING, &il->status);
5159 /* stop and reset the on-board processor */
5160 _il_wr(il, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET);
5162 /* tell the device to stop sending interrupts */
5163 spin_lock_irqsave(&il->lock, flags);
5164 il_disable_interrupts(il);
5165 spin_unlock_irqrestore(&il->lock, flags);
5166 il4965_synchronize_irq(il);
5168 if (il->mac80211_registered)
5169 ieee80211_stop_queues(il->hw);
5171 /* If we have not previously called il_init() then
5172 * clear all bits but the RF Kill bit and return */
5173 if (!il_is_init(il)) {
5174 il->status = test_bit(S_RF_KILL_HW, &il->status) <<
5176 test_bit(S_GEO_CONFIGURED, &il->status) <<
5178 test_bit(S_EXIT_PENDING, &il->status) <<
5183 /* ...otherwise clear out all the status bits but the RF Kill
5184 * bit and continue taking the NIC down. */
5185 il->status &= test_bit(S_RF_KILL_HW, &il->status) <<
5187 test_bit(S_GEO_CONFIGURED, &il->status) <<
5189 test_bit(S_FW_ERROR, &il->status) <<
5191 test_bit(S_EXIT_PENDING, &il->status) <<
5194 il4965_txq_ctx_stop(il);
5195 il4965_rxq_stop(il);
5197 /* Power-down device's busmaster DMA clocks */
5198 il_wr_prph(il, APMG_CLK_DIS_REG, APMG_CLK_VAL_DMA_CLK_RQT);
5201 /* Make sure (redundant) we've released our request to stay awake */
5202 il_clear_bit(il, CSR_GP_CNTRL,
5203 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
5205 /* Stop the device, and put it in low power state */
5209 memset(&il->card_alive, 0, sizeof(struct il_alive_resp));
5211 dev_kfree_skb(il->beacon_skb);
5212 il->beacon_skb = NULL;
5214 /* clear out any free frames */
5215 il4965_clear_free_frames(il);
5218 static void il4965_down(struct il_priv *il)
5220 mutex_lock(&il->mutex);
5222 mutex_unlock(&il->mutex);
5224 il4965_cancel_deferred_work(il);
5227 #define HW_READY_TIMEOUT (50)
5229 static int il4965_set_hw_ready(struct il_priv *il)
5233 il_set_bit(il, CSR_HW_IF_CONFIG_REG,
5234 CSR_HW_IF_CONFIG_REG_BIT_NIC_READY);
5236 /* See if we got it */
5237 ret = _il_poll_bit(il, CSR_HW_IF_CONFIG_REG,
5238 CSR_HW_IF_CONFIG_REG_BIT_NIC_READY,
5239 CSR_HW_IF_CONFIG_REG_BIT_NIC_READY,
5241 if (ret != -ETIMEDOUT)
5242 il->hw_ready = true;
5244 il->hw_ready = false;
5246 D_INFO("hardware %s\n",
5247 (il->hw_ready == 1) ? "ready" : "not ready");
5251 static int il4965_prepare_card_hw(struct il_priv *il)
5255 D_INFO("il4965_prepare_card_hw enter\n");
5257 ret = il4965_set_hw_ready(il);
5261 /* If HW is not ready, prepare the conditions to check again */
5262 il_set_bit(il, CSR_HW_IF_CONFIG_REG,
5263 CSR_HW_IF_CONFIG_REG_PREPARE);
5265 ret = _il_poll_bit(il, CSR_HW_IF_CONFIG_REG,
5266 ~CSR_HW_IF_CONFIG_REG_BIT_NIC_PREPARE_DONE,
5267 CSR_HW_IF_CONFIG_REG_BIT_NIC_PREPARE_DONE, 150000);
5269 /* HW should be ready by now, check again. */
5270 if (ret != -ETIMEDOUT)
5271 il4965_set_hw_ready(il);
5276 #define MAX_HW_RESTARTS 5
5278 static int __il4965_up(struct il_priv *il)
5283 if (test_bit(S_EXIT_PENDING, &il->status)) {
5284 IL_WARN("Exit pending; will not bring the NIC up\n");
5288 if (!il->ucode_data_backup.v_addr || !il->ucode_data.v_addr) {
5289 IL_ERR("ucode not available for device bringup\n");
5293 ret = il4965_alloc_bcast_station(il, &il->ctx);
5295 il_dealloc_bcast_stations(il);
5299 il4965_prepare_card_hw(il);
5301 if (!il->hw_ready) {
5302 IL_WARN("Exit HW not ready\n");
5306 /* If platform's RF_KILL switch is NOT set to KILL */
5308 CSR_GP_CNTRL) & CSR_GP_CNTRL_REG_FLAG_HW_RF_KILL_SW)
5309 clear_bit(S_RF_KILL_HW, &il->status);
5311 set_bit(S_RF_KILL_HW, &il->status);
5313 if (il_is_rfkill(il)) {
5314 wiphy_rfkill_set_hw_state(il->hw->wiphy, true);
5316 il_enable_interrupts(il);
5317 IL_WARN("Radio disabled by HW RF Kill switch\n");
5321 _il_wr(il, CSR_INT, 0xFFFFFFFF);
5323 /* must be initialised before il_hw_nic_init */
5324 il->cmd_queue = IL_DEFAULT_CMD_QUEUE_NUM;
5326 ret = il4965_hw_nic_init(il);
5328 IL_ERR("Unable to init nic\n");
5332 /* make sure rfkill handshake bits are cleared */
5333 _il_wr(il, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
5334 _il_wr(il, CSR_UCODE_DRV_GP1_CLR,
5335 CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
5337 /* clear (again), then enable host interrupts */
5338 _il_wr(il, CSR_INT, 0xFFFFFFFF);
5339 il_enable_interrupts(il);
5341 /* really make sure rfkill handshake bits are cleared */
5342 _il_wr(il, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
5343 _il_wr(il, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
5345 /* Copy original ucode data image from disk into backup cache.
5346 * This will be used to initialize the on-board processor's
5347 * data SRAM for a clean start when the runtime program first loads. */
5348 memcpy(il->ucode_data_backup.v_addr, il->ucode_data.v_addr,
5349 il->ucode_data.len);
5351 for (i = 0; i < MAX_HW_RESTARTS; i++) {
5353 /* load bootstrap state machine,
5354 * load bootstrap program into processor's memory,
5355 * prepare to load the "initialize" uCode */
5356 ret = il->cfg->ops->lib->load_ucode(il);
5359 IL_ERR("Unable to set up bootstrap uCode: %d\n",
5364 /* start card; "initialize" will load runtime ucode */
5365 il4965_nic_start(il);
5367 D_INFO(DRV_NAME " is coming up\n");
5372 set_bit(S_EXIT_PENDING, &il->status);
5374 clear_bit(S_EXIT_PENDING, &il->status);
5376 /* tried to restart and config the device for as long as our
5377 * patience could withstand */
5378 IL_ERR("Unable to initialize device after %d attempts.\n", i);
5383 /*****************************************************************************
5385 * Workqueue callbacks
5387 *****************************************************************************/
5389 static void il4965_bg_init_alive_start(struct work_struct *data)
5391 struct il_priv *il =
5392 container_of(data, struct il_priv, init_alive_start.work);
5394 mutex_lock(&il->mutex);
5395 if (test_bit(S_EXIT_PENDING, &il->status))
5398 il->cfg->ops->lib->init_alive_start(il);
5400 mutex_unlock(&il->mutex);
5403 static void il4965_bg_alive_start(struct work_struct *data)
5405 struct il_priv *il =
5406 container_of(data, struct il_priv, alive_start.work);
5408 mutex_lock(&il->mutex);
5409 if (test_bit(S_EXIT_PENDING, &il->status))
5412 il4965_alive_start(il);
5414 mutex_unlock(&il->mutex);
5417 static void il4965_bg_run_time_calib_work(struct work_struct *work)
5419 struct il_priv *il = container_of(work, struct il_priv,
5420 run_time_calib_work);
5422 mutex_lock(&il->mutex);
5424 if (test_bit(S_EXIT_PENDING, &il->status) ||
5425 test_bit(S_SCANNING, &il->status)) {
5426 mutex_unlock(&il->mutex);
5430 if (il->start_calib) {
5431 il4965_chain_noise_calibration(il,
5432 (void *)&il->_4965.stats);
5433 il4965_sensitivity_calibration(il,
5434 (void *)&il->_4965.stats);
5437 mutex_unlock(&il->mutex);
5440 static void il4965_bg_restart(struct work_struct *data)
5442 struct il_priv *il = container_of(data, struct il_priv, restart);
5444 if (test_bit(S_EXIT_PENDING, &il->status))
5447 if (test_and_clear_bit(S_FW_ERROR, &il->status)) {
5448 mutex_lock(&il->mutex);
5454 mutex_unlock(&il->mutex);
5455 il4965_cancel_deferred_work(il);
5456 ieee80211_restart_hw(il->hw);
5460 mutex_lock(&il->mutex);
5461 if (test_bit(S_EXIT_PENDING, &il->status)) {
5462 mutex_unlock(&il->mutex);
5467 mutex_unlock(&il->mutex);
5471 static void il4965_bg_rx_replenish(struct work_struct *data)
5473 struct il_priv *il =
5474 container_of(data, struct il_priv, rx_replenish);
5476 if (test_bit(S_EXIT_PENDING, &il->status))
5479 mutex_lock(&il->mutex);
5480 il4965_rx_replenish(il);
5481 mutex_unlock(&il->mutex);
5484 /*****************************************************************************
5486 * mac80211 entry point functions
5488 *****************************************************************************/
5490 #define UCODE_READY_TIMEOUT (4 * HZ)
5493 * Not a mac80211 entry point function, but it fits in with all the
5494 * other mac80211 functions grouped here.
5496 static int il4965_mac_setup_register(struct il_priv *il,
5497 u32 max_probe_length)
5500 struct ieee80211_hw *hw = il->hw;
5502 hw->rate_control_algorithm = "iwl-4965-rs";
5504 /* Tell mac80211 our characteristics */
5505 hw->flags = IEEE80211_HW_SIGNAL_DBM |
5506 IEEE80211_HW_AMPDU_AGGREGATION |
5507 IEEE80211_HW_NEED_DTIM_PERIOD |
5508 IEEE80211_HW_SPECTRUM_MGMT |
5509 IEEE80211_HW_REPORTS_TX_ACK_STATUS;
5511 if (il->cfg->sku & IL_SKU_N)
5512 hw->flags |= IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS |
5513 IEEE80211_HW_SUPPORTS_STATIC_SMPS;
5515 hw->sta_data_size = sizeof(struct il_station_priv);
5516 hw->vif_data_size = sizeof(struct il_vif_priv);
5518 hw->wiphy->interface_modes |= il->ctx.interface_modes;
5519 hw->wiphy->interface_modes |= il->ctx.exclusive_interface_modes;
5521 hw->wiphy->flags |= WIPHY_FLAG_CUSTOM_REGULATORY |
5522 WIPHY_FLAG_DISABLE_BEACON_HINTS;
5525 * For now, disable PS by default because it affects
5526 * RX performance significantly.
5528 hw->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;
5530 hw->wiphy->max_scan_ssids = PROBE_OPTION_MAX;
5531 /* we create the 802.11 header and a zero-length SSID element */
5532 hw->wiphy->max_scan_ie_len = max_probe_length - 24 - 2;
5534 /* Default value; 4 EDCA QOS priorities */
5537 hw->max_listen_interval = IL_CONN_MAX_LISTEN_INTERVAL;
5539 if (il->bands[IEEE80211_BAND_2GHZ].n_channels)
5540 il->hw->wiphy->bands[IEEE80211_BAND_2GHZ] =
5541 &il->bands[IEEE80211_BAND_2GHZ];
5542 if (il->bands[IEEE80211_BAND_5GHZ].n_channels)
5543 il->hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
5544 &il->bands[IEEE80211_BAND_5GHZ];
5548 ret = ieee80211_register_hw(il->hw);
5550 IL_ERR("Failed to register hw (error %d)\n", ret);
5553 il->mac80211_registered = 1;
5559 int il4965_mac_start(struct ieee80211_hw *hw)
5561 struct il_priv *il = hw->priv;
5564 D_MAC80211("enter\n");
5566 /* we should be verifying the device is ready to be opened */
5567 mutex_lock(&il->mutex);
5568 ret = __il4965_up(il);
5569 mutex_unlock(&il->mutex);
5574 if (il_is_rfkill(il))
5577 D_INFO("Start UP work done.\n");
5579 /* Wait for START_ALIVE from Run Time ucode. Otherwise callbacks from
5580 * mac80211 will not be run successfully. */
5581 ret = wait_event_timeout(il->wait_command_queue,
5582 test_bit(S_READY, &il->status),
5583 UCODE_READY_TIMEOUT);
5585 if (!test_bit(S_READY, &il->status)) {
5586 IL_ERR("START_ALIVE timeout after %dms.\n",
5587 jiffies_to_msecs(UCODE_READY_TIMEOUT));
5592 il4965_led_enable(il);
5596 D_MAC80211("leave\n");
5600 void il4965_mac_stop(struct ieee80211_hw *hw)
5602 struct il_priv *il = hw->priv;
5604 D_MAC80211("enter\n");
5613 flush_workqueue(il->workqueue);
5615 /* User space software may expect getting rfkill changes
5616 * even if interface is down */
5617 _il_wr(il, CSR_INT, 0xFFFFFFFF);
5618 il_enable_rfkill_int(il);
5620 D_MAC80211("leave\n");
5623 void il4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
5625 struct il_priv *il = hw->priv;
5627 D_MACDUMP("enter\n");
5629 D_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
5630 ieee80211_get_tx_rate(hw, IEEE80211_SKB_CB(skb))->bitrate);
5632 if (il4965_tx_skb(il, skb))
5633 dev_kfree_skb_any(skb);
5635 D_MACDUMP("leave\n");
5638 void il4965_mac_update_tkip_key(struct ieee80211_hw *hw,
5639 struct ieee80211_vif *vif,
5640 struct ieee80211_key_conf *keyconf,
5641 struct ieee80211_sta *sta,
5642 u32 iv32, u16 *phase1key)
5644 struct il_priv *il = hw->priv;
5645 struct il_vif_priv *vif_priv = (void *)vif->drv_priv;
5647 D_MAC80211("enter\n");
5649 il4965_update_tkip_key(il, vif_priv->ctx, keyconf, sta,
5652 D_MAC80211("leave\n");
5655 int il4965_mac_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
5656 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
5657 struct ieee80211_key_conf *key)
5659 struct il_priv *il = hw->priv;
5660 struct il_vif_priv *vif_priv = (void *)vif->drv_priv;
5661 struct il_rxon_context *ctx = vif_priv->ctx;
5664 bool is_default_wep_key = false;
5666 D_MAC80211("enter\n");
5668 if (il->cfg->mod_params->sw_crypto) {
5669 D_MAC80211("leave - hwcrypto disabled\n");
5673 sta_id = il_sta_id_or_broadcast(il, vif_priv->ctx, sta);
5674 if (sta_id == IL_INVALID_STATION)
5677 mutex_lock(&il->mutex);
5678 il_scan_cancel_timeout(il, 100);
5681 * If we are getting WEP group key and we didn't receive any key mapping
5682 * so far, we are in legacy wep mode (group key only), otherwise we are
5684 * In legacy wep mode, we use another host command to the uCode.
5686 if ((key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
5687 key->cipher == WLAN_CIPHER_SUITE_WEP104) &&
5690 is_default_wep_key = !ctx->key_mapping_keys;
5692 is_default_wep_key =
5693 (key->hw_key_idx == HW_KEY_DEFAULT);
5698 if (is_default_wep_key)
5699 ret = il4965_set_default_wep_key(il,
5700 vif_priv->ctx, key);
5702 ret = il4965_set_dynamic_key(il, vif_priv->ctx,
5705 D_MAC80211("enable hwcrypto key\n");
5708 if (is_default_wep_key)
5709 ret = il4965_remove_default_wep_key(il, ctx, key);
5711 ret = il4965_remove_dynamic_key(il, ctx,
5714 D_MAC80211("disable hwcrypto key\n");
5720 mutex_unlock(&il->mutex);
5721 D_MAC80211("leave\n");
5726 int il4965_mac_ampdu_action(struct ieee80211_hw *hw,
5727 struct ieee80211_vif *vif,
5728 enum ieee80211_ampdu_mlme_action action,
5729 struct ieee80211_sta *sta, u16 tid, u16 *ssn,
5732 struct il_priv *il = hw->priv;
5735 D_HT("A-MPDU action on addr %pM tid %d\n",
5738 if (!(il->cfg->sku & IL_SKU_N))
5741 mutex_lock(&il->mutex);
5744 case IEEE80211_AMPDU_RX_START:
5746 ret = il4965_sta_rx_agg_start(il, sta, tid, *ssn);
5748 case IEEE80211_AMPDU_RX_STOP:
5750 ret = il4965_sta_rx_agg_stop(il, sta, tid);
5751 if (test_bit(S_EXIT_PENDING, &il->status))
5754 case IEEE80211_AMPDU_TX_START:
5756 ret = il4965_tx_agg_start(il, vif, sta, tid, ssn);
5758 case IEEE80211_AMPDU_TX_STOP:
5760 ret = il4965_tx_agg_stop(il, vif, sta, tid);
5761 if (test_bit(S_EXIT_PENDING, &il->status))
5764 case IEEE80211_AMPDU_TX_OPERATIONAL:
5768 mutex_unlock(&il->mutex);
5773 int il4965_mac_sta_add(struct ieee80211_hw *hw,
5774 struct ieee80211_vif *vif,
5775 struct ieee80211_sta *sta)
5777 struct il_priv *il = hw->priv;
5778 struct il_station_priv *sta_priv = (void *)sta->drv_priv;
5779 struct il_vif_priv *vif_priv = (void *)vif->drv_priv;
5780 bool is_ap = vif->type == NL80211_IFTYPE_STATION;
5784 D_INFO("received request to add station %pM\n",
5786 mutex_lock(&il->mutex);
5787 D_INFO("proceeding to add station %pM\n",
5789 sta_priv->common.sta_id = IL_INVALID_STATION;
5791 atomic_set(&sta_priv->pending_frames, 0);
5793 ret = il_add_station_common(il, vif_priv->ctx, sta->addr,
5794 is_ap, sta, &sta_id);
5796 IL_ERR("Unable to add station %pM (%d)\n",
5798 /* Should we return success if return code is EEXIST ? */
5799 mutex_unlock(&il->mutex);
5803 sta_priv->common.sta_id = sta_id;
5805 /* Initialize rate scaling */
5806 D_INFO("Initializing rate scaling for station %pM\n",
5808 il4965_rs_rate_init(il, sta, sta_id);
5809 mutex_unlock(&il->mutex);
5814 void il4965_mac_channel_switch(struct ieee80211_hw *hw,
5815 struct ieee80211_channel_switch *ch_switch)
5817 struct il_priv *il = hw->priv;
5818 const struct il_channel_info *ch_info;
5819 struct ieee80211_conf *conf = &hw->conf;
5820 struct ieee80211_channel *channel = ch_switch->channel;
5821 struct il_ht_config *ht_conf = &il->current_ht_config;
5823 struct il_rxon_context *ctx = &il->ctx;
5826 D_MAC80211("enter\n");
5828 mutex_lock(&il->mutex);
5830 if (il_is_rfkill(il))
5833 if (test_bit(S_EXIT_PENDING, &il->status) ||
5834 test_bit(S_SCANNING, &il->status) ||
5835 test_bit(S_CHANNEL_SWITCH_PENDING, &il->status))
5838 if (!il_is_associated_ctx(ctx))
5841 if (!il->cfg->ops->lib->set_channel_switch)
5844 ch = channel->hw_value;
5845 if (le16_to_cpu(ctx->active.channel) == ch)
5848 ch_info = il_get_channel_info(il, channel->band, ch);
5849 if (!il_is_channel_valid(ch_info)) {
5850 D_MAC80211("invalid channel\n");
5854 spin_lock_irq(&il->lock);
5856 il->current_ht_config.smps = conf->smps_mode;
5858 /* Configure HT40 channels */
5859 ctx->ht.enabled = conf_is_ht(conf);
5860 if (ctx->ht.enabled) {
5861 if (conf_is_ht40_minus(conf)) {
5862 ctx->ht.extension_chan_offset =
5863 IEEE80211_HT_PARAM_CHA_SEC_BELOW;
5864 ctx->ht.is_40mhz = true;
5865 } else if (conf_is_ht40_plus(conf)) {
5866 ctx->ht.extension_chan_offset =
5867 IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
5868 ctx->ht.is_40mhz = true;
5870 ctx->ht.extension_chan_offset =
5871 IEEE80211_HT_PARAM_CHA_SEC_NONE;
5872 ctx->ht.is_40mhz = false;
5875 ctx->ht.is_40mhz = false;
5877 if ((le16_to_cpu(ctx->staging.channel) != ch))
5878 ctx->staging.flags = 0;
5880 il_set_rxon_channel(il, channel, ctx);
5881 il_set_rxon_ht(il, ht_conf);
5882 il_set_flags_for_band(il, ctx, channel->band, ctx->vif);
5884 spin_unlock_irq(&il->lock);
5888 * at this point, staging_rxon has the
5889 * configuration for channel switch
5891 set_bit(S_CHANNEL_SWITCH_PENDING, &il->status);
5892 il->switch_channel = cpu_to_le16(ch);
5893 if (il->cfg->ops->lib->set_channel_switch(il, ch_switch)) {
5894 clear_bit(S_CHANNEL_SWITCH_PENDING, &il->status);
5895 il->switch_channel = 0;
5896 ieee80211_chswitch_done(ctx->vif, false);
5900 mutex_unlock(&il->mutex);
5901 D_MAC80211("leave\n");
5904 void il4965_configure_filter(struct ieee80211_hw *hw,
5905 unsigned int changed_flags,
5906 unsigned int *total_flags,
5909 struct il_priv *il = hw->priv;
5910 __le32 filter_or = 0, filter_nand = 0;
5912 #define CHK(test, flag) do { \
5913 if (*total_flags & (test)) \
5914 filter_or |= (flag); \
5916 filter_nand |= (flag); \
5919 D_MAC80211("Enter: changed: 0x%x, total: 0x%x\n",
5920 changed_flags, *total_flags);
5922 CHK(FIF_OTHER_BSS | FIF_PROMISC_IN_BSS, RXON_FILTER_PROMISC_MSK);
5923 /* Setting _just_ RXON_FILTER_CTL2HOST_MSK causes FH errors */
5924 CHK(FIF_CONTROL, RXON_FILTER_CTL2HOST_MSK | RXON_FILTER_PROMISC_MSK);
5925 CHK(FIF_BCN_PRBRESP_PROMISC, RXON_FILTER_BCON_AWARE_MSK);
5929 mutex_lock(&il->mutex);
5931 il->ctx.staging.filter_flags &= ~filter_nand;
5932 il->ctx.staging.filter_flags |= filter_or;
5935 * Not committing directly because hardware can perform a scan,
5936 * but we'll eventually commit the filter flags change anyway.
5939 mutex_unlock(&il->mutex);
5942 * Receiving all multicast frames is always enabled by the
5943 * default flags setup in il_connection_init_rx_config()
5944 * since we currently do not support programming multicast
5945 * filters into the device.
5947 *total_flags &= FIF_OTHER_BSS | FIF_ALLMULTI | FIF_PROMISC_IN_BSS |
5948 FIF_BCN_PRBRESP_PROMISC | FIF_CONTROL;
5951 /*****************************************************************************
5953 * driver setup and teardown
5955 *****************************************************************************/
5957 static void il4965_bg_txpower_work(struct work_struct *work)
5959 struct il_priv *il = container_of(work, struct il_priv,
5962 mutex_lock(&il->mutex);
5964 /* If a scan happened to start before we got here
5965 * then just return; the stats notification will
5966 * kick off another scheduled work to compensate for
5967 * any temperature delta we missed here. */
5968 if (test_bit(S_EXIT_PENDING, &il->status) ||
5969 test_bit(S_SCANNING, &il->status))
5972 /* Regardless of if we are associated, we must reconfigure the
5973 * TX power since frames can be sent on non-radar channels while
5975 il->cfg->ops->lib->send_tx_power(il);
5977 /* Update last_temperature to keep is_calib_needed from running
5978 * when it isn't needed... */
5979 il->last_temperature = il->temperature;
5981 mutex_unlock(&il->mutex);
5984 static void il4965_setup_deferred_work(struct il_priv *il)
5986 il->workqueue = create_singlethread_workqueue(DRV_NAME);
5988 init_waitqueue_head(&il->wait_command_queue);
5990 INIT_WORK(&il->restart, il4965_bg_restart);
5991 INIT_WORK(&il->rx_replenish, il4965_bg_rx_replenish);
5992 INIT_WORK(&il->run_time_calib_work, il4965_bg_run_time_calib_work);
5993 INIT_DELAYED_WORK(&il->init_alive_start, il4965_bg_init_alive_start);
5994 INIT_DELAYED_WORK(&il->alive_start, il4965_bg_alive_start);
5996 il_setup_scan_deferred_work(il);
5998 INIT_WORK(&il->txpower_work, il4965_bg_txpower_work);
6000 init_timer(&il->stats_periodic);
6001 il->stats_periodic.data = (unsigned long)il;
6002 il->stats_periodic.function = il4965_bg_stats_periodic;
6004 init_timer(&il->watchdog);
6005 il->watchdog.data = (unsigned long)il;
6006 il->watchdog.function = il_bg_watchdog;
6008 tasklet_init(&il->irq_tasklet, (void (*)(unsigned long))
6009 il4965_irq_tasklet, (unsigned long)il);
6012 static void il4965_cancel_deferred_work(struct il_priv *il)
6014 cancel_work_sync(&il->txpower_work);
6015 cancel_delayed_work_sync(&il->init_alive_start);
6016 cancel_delayed_work(&il->alive_start);
6017 cancel_work_sync(&il->run_time_calib_work);
6019 il_cancel_scan_deferred_work(il);
6021 del_timer_sync(&il->stats_periodic);
6024 static void il4965_init_hw_rates(struct il_priv *il,
6025 struct ieee80211_rate *rates)
6029 for (i = 0; i < RATE_COUNT_LEGACY; i++) {
6030 rates[i].bitrate = il_rates[i].ieee * 5;
6031 rates[i].hw_value = i; /* Rate scaling will work on idxes */
6032 rates[i].hw_value_short = i;
6034 if ((i >= IL_FIRST_CCK_RATE) && (i <= IL_LAST_CCK_RATE)) {
6036 * If CCK != 1M then set short preamble rate flag.
6039 (il_rates[i].plcp == RATE_1M_PLCP) ?
6040 0 : IEEE80211_RATE_SHORT_PREAMBLE;
6045 * Acquire il->lock before calling this function !
6047 void il4965_set_wr_ptrs(struct il_priv *il, int txq_id, u32 idx)
6049 il_wr(il, HBUS_TARG_WRPTR,
6050 (idx & 0xff) | (txq_id << 8));
6051 il_wr_prph(il, IL49_SCD_QUEUE_RDPTR(txq_id), idx);
6054 void il4965_tx_queue_set_status(struct il_priv *il,
6055 struct il_tx_queue *txq,
6056 int tx_fifo_id, int scd_retry)
6058 int txq_id = txq->q.id;
6060 /* Find out whether to activate Tx queue */
6061 int active = test_bit(txq_id, &il->txq_ctx_active_msk) ? 1 : 0;
6063 /* Set up and activate */
6064 il_wr_prph(il, IL49_SCD_QUEUE_STATUS_BITS(txq_id),
6065 (active << IL49_SCD_QUEUE_STTS_REG_POS_ACTIVE) |
6066 (tx_fifo_id << IL49_SCD_QUEUE_STTS_REG_POS_TXF) |
6067 (scd_retry << IL49_SCD_QUEUE_STTS_REG_POS_WSL) |
6068 (scd_retry << IL49_SCD_QUEUE_STTS_REG_POS_SCD_ACK) |
6069 IL49_SCD_QUEUE_STTS_REG_MSK);
6071 txq->sched_retry = scd_retry;
6073 D_INFO("%s %s Queue %d on AC %d\n",
6074 active ? "Activate" : "Deactivate",
6075 scd_retry ? "BA" : "AC", txq_id, tx_fifo_id);
6079 static int il4965_init_drv(struct il_priv *il)
6083 spin_lock_init(&il->sta_lock);
6084 spin_lock_init(&il->hcmd_lock);
6086 INIT_LIST_HEAD(&il->free_frames);
6088 mutex_init(&il->mutex);
6090 il->ieee_channels = NULL;
6091 il->ieee_rates = NULL;
6092 il->band = IEEE80211_BAND_2GHZ;
6094 il->iw_mode = NL80211_IFTYPE_STATION;
6095 il->current_ht_config.smps = IEEE80211_SMPS_STATIC;
6096 il->missed_beacon_threshold = IL_MISSED_BEACON_THRESHOLD_DEF;
6098 /* initialize force reset */
6099 il->force_reset.reset_duration = IL_DELAY_NEXT_FORCE_FW_RELOAD;
6101 /* Choose which receivers/antennas to use */
6102 if (il->cfg->ops->hcmd->set_rxon_chain)
6103 il->cfg->ops->hcmd->set_rxon_chain(il,
6106 il_init_scan_params(il);
6108 ret = il_init_channel_map(il);
6110 IL_ERR("initializing regulatory failed: %d\n", ret);
6114 ret = il_init_geos(il);
6116 IL_ERR("initializing geos failed: %d\n", ret);
6117 goto err_free_channel_map;
6119 il4965_init_hw_rates(il, il->ieee_rates);
6123 err_free_channel_map:
6124 il_free_channel_map(il);
6129 static void il4965_uninit_drv(struct il_priv *il)
6131 il4965_calib_free_results(il);
6133 il_free_channel_map(il);
6134 kfree(il->scan_cmd);
6137 static void il4965_hw_detect(struct il_priv *il)
6139 il->hw_rev = _il_rd(il, CSR_HW_REV);
6140 il->hw_wa_rev = _il_rd(il, CSR_HW_REV_WA_REG);
6141 il->rev_id = il->pci_dev->revision;
6142 D_INFO("HW Revision ID = 0x%X\n", il->rev_id);
6145 static int il4965_set_hw_params(struct il_priv *il)
6147 il->hw_params.max_rxq_size = RX_QUEUE_SIZE;
6148 il->hw_params.max_rxq_log = RX_QUEUE_SIZE_LOG;
6149 if (il->cfg->mod_params->amsdu_size_8K)
6150 il->hw_params.rx_page_order = get_order(IL_RX_BUF_SIZE_8K);
6152 il->hw_params.rx_page_order = get_order(IL_RX_BUF_SIZE_4K);
6154 il->hw_params.max_beacon_itrvl = IL_MAX_UCODE_BEACON_INTERVAL;
6156 if (il->cfg->mod_params->disable_11n)
6157 il->cfg->sku &= ~IL_SKU_N;
6159 /* Device-specific setup */
6160 return il->cfg->ops->lib->set_hw_params(il);
6163 static const u8 il4965_bss_ac_to_fifo[] = {
6170 static const u8 il4965_bss_ac_to_queue[] = {
6175 il4965_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
6179 struct ieee80211_hw *hw;
6180 struct il_cfg *cfg = (struct il_cfg *)(ent->driver_data);
6181 unsigned long flags;
6184 /************************
6185 * 1. Allocating HW data
6186 ************************/
6188 hw = il_alloc_all(cfg);
6194 /* At this point both hw and il are allocated. */
6198 il->ctx.always_active = true;
6199 il->ctx.is_active = true;
6200 il->ctx.rxon_cmd = C_RXON;
6201 il->ctx.rxon_timing_cmd = C_RXON_TIMING;
6202 il->ctx.rxon_assoc_cmd = C_RXON_ASSOC;
6203 il->ctx.qos_cmd = C_QOS_PARAM;
6204 il->ctx.ap_sta_id = IL_AP_ID;
6205 il->ctx.wep_key_cmd = C_WEPKEY;
6206 il->ctx.ac_to_fifo = il4965_bss_ac_to_fifo;
6207 il->ctx.ac_to_queue = il4965_bss_ac_to_queue;
6208 il->ctx.exclusive_interface_modes =
6209 BIT(NL80211_IFTYPE_ADHOC);
6210 il->ctx.interface_modes =
6211 BIT(NL80211_IFTYPE_STATION);
6212 il->ctx.ap_devtype = RXON_DEV_TYPE_AP;
6213 il->ctx.ibss_devtype = RXON_DEV_TYPE_IBSS;
6214 il->ctx.station_devtype = RXON_DEV_TYPE_ESS;
6215 il->ctx.unused_devtype = RXON_DEV_TYPE_ESS;
6217 SET_IEEE80211_DEV(hw, &pdev->dev);
6219 D_INFO("*** LOAD DRIVER ***\n");
6222 il->inta_mask = CSR_INI_SET_MASK;
6224 if (il_alloc_traffic_mem(il))
6225 IL_ERR("Not enough memory to generate traffic log\n");
6227 /**************************
6228 * 2. Initializing PCI bus
6229 **************************/
6230 pci_disable_link_state(pdev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1 |
6231 PCIE_LINK_STATE_CLKPM);
6233 if (pci_enable_device(pdev)) {
6235 goto out_ieee80211_free_hw;
6238 pci_set_master(pdev);
6240 err = pci_set_dma_mask(pdev, DMA_BIT_MASK(36));
6242 err = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(36));
6244 err = pci_set_dma_mask(pdev, DMA_BIT_MASK(32));
6246 err = pci_set_consistent_dma_mask(pdev,
6248 /* both attempts failed: */
6250 IL_WARN("No suitable DMA available.\n");
6251 goto out_pci_disable_device;
6255 err = pci_request_regions(pdev, DRV_NAME);
6257 goto out_pci_disable_device;
6259 pci_set_drvdata(pdev, il);
6262 /***********************
6263 * 3. Read REV register
6264 ***********************/
6265 il->hw_base = pci_iomap(pdev, 0, 0);
6268 goto out_pci_release_regions;
6271 D_INFO("pci_resource_len = 0x%08llx\n",
6272 (unsigned long long) pci_resource_len(pdev, 0));
6273 D_INFO("pci_resource_base = %p\n", il->hw_base);
6275 /* these spin locks will be used in apm_ops.init and EEPROM access
6276 * we should init now
6278 spin_lock_init(&il->reg_lock);
6279 spin_lock_init(&il->lock);
6282 * stop and reset the on-board processor just in case it is in a
6283 * strange state ... like being left stranded by a primary kernel
6284 * and this is now the kdump kernel trying to start up
6286 _il_wr(il, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET);
6288 il4965_hw_detect(il);
6289 IL_INFO("Detected %s, REV=0x%X\n",
6290 il->cfg->name, il->hw_rev);
6292 /* We disable the RETRY_TIMEOUT register (0x41) to keep
6293 * PCI Tx retries from interfering with C3 CPU state */
6294 pci_write_config_byte(pdev, PCI_CFG_RETRY_TIMEOUT, 0x00);
6296 il4965_prepare_card_hw(il);
6297 if (!il->hw_ready) {
6298 IL_WARN("Failed, HW not ready\n");
6305 /* Read the EEPROM */
6306 err = il_eeprom_init(il);
6308 IL_ERR("Unable to init EEPROM\n");
6311 err = il4965_eeprom_check_version(il);
6313 goto out_free_eeprom;
6316 goto out_free_eeprom;
6318 /* extract MAC Address */
6319 il4965_eeprom_get_mac(il, il->addresses[0].addr);
6320 D_INFO("MAC address: %pM\n", il->addresses[0].addr);
6321 il->hw->wiphy->addresses = il->addresses;
6322 il->hw->wiphy->n_addresses = 1;
6324 /************************
6325 * 5. Setup HW constants
6326 ************************/
6327 if (il4965_set_hw_params(il)) {
6328 IL_ERR("failed to set hw parameters\n");
6329 goto out_free_eeprom;
6332 /*******************
6334 *******************/
6336 err = il4965_init_drv(il);
6338 goto out_free_eeprom;
6339 /* At this point both hw and il are initialized. */
6341 /********************
6343 ********************/
6344 spin_lock_irqsave(&il->lock, flags);
6345 il_disable_interrupts(il);
6346 spin_unlock_irqrestore(&il->lock, flags);
6348 pci_enable_msi(il->pci_dev);
6350 err = request_irq(il->pci_dev->irq, il_isr,
6351 IRQF_SHARED, DRV_NAME, il);
6353 IL_ERR("Error allocating IRQ %d\n", il->pci_dev->irq);
6354 goto out_disable_msi;
6357 il4965_setup_deferred_work(il);
6358 il4965_setup_handlers(il);
6360 /*********************************************
6361 * 8. Enable interrupts and read RFKILL state
6362 *********************************************/
6364 /* enable rfkill interrupt: hw bug w/a */
6365 pci_read_config_word(il->pci_dev, PCI_COMMAND, &pci_cmd);
6366 if (pci_cmd & PCI_COMMAND_INTX_DISABLE) {
6367 pci_cmd &= ~PCI_COMMAND_INTX_DISABLE;
6368 pci_write_config_word(il->pci_dev, PCI_COMMAND, pci_cmd);
6371 il_enable_rfkill_int(il);
6373 /* If platform's RF_KILL switch is NOT set to KILL */
6374 if (_il_rd(il, CSR_GP_CNTRL) &
6375 CSR_GP_CNTRL_REG_FLAG_HW_RF_KILL_SW)
6376 clear_bit(S_RF_KILL_HW, &il->status);
6378 set_bit(S_RF_KILL_HW, &il->status);
6380 wiphy_rfkill_set_hw_state(il->hw->wiphy,
6381 test_bit(S_RF_KILL_HW, &il->status));
6383 il_power_initialize(il);
6385 init_completion(&il->_4965.firmware_loading_complete);
6387 err = il4965_request_firmware(il, true);
6389 goto out_destroy_workqueue;
6393 out_destroy_workqueue:
6394 destroy_workqueue(il->workqueue);
6395 il->workqueue = NULL;
6396 free_irq(il->pci_dev->irq, il);
6398 pci_disable_msi(il->pci_dev);
6399 il4965_uninit_drv(il);
6403 pci_iounmap(pdev, il->hw_base);
6404 out_pci_release_regions:
6405 pci_set_drvdata(pdev, NULL);
6406 pci_release_regions(pdev);
6407 out_pci_disable_device:
6408 pci_disable_device(pdev);
6409 out_ieee80211_free_hw:
6410 il_free_traffic_mem(il);
6411 ieee80211_free_hw(il->hw);
6416 static void __devexit il4965_pci_remove(struct pci_dev *pdev)
6418 struct il_priv *il = pci_get_drvdata(pdev);
6419 unsigned long flags;
6424 wait_for_completion(&il->_4965.firmware_loading_complete);
6426 D_INFO("*** UNLOAD DRIVER ***\n");
6428 il_dbgfs_unregister(il);
6429 sysfs_remove_group(&pdev->dev.kobj, &il_attribute_group);
6431 /* ieee80211_unregister_hw call wil cause il_mac_stop to
6432 * to be called and il4965_down since we are removing the device
6433 * we need to set S_EXIT_PENDING bit.
6435 set_bit(S_EXIT_PENDING, &il->status);
6439 if (il->mac80211_registered) {
6440 ieee80211_unregister_hw(il->hw);
6441 il->mac80211_registered = 0;
6447 * Make sure device is reset to low power before unloading driver.
6448 * This may be redundant with il4965_down(), but there are paths to
6449 * run il4965_down() without calling apm_ops.stop(), and there are
6450 * paths to avoid running il4965_down() at all before leaving driver.
6451 * This (inexpensive) call *makes sure* device is reset.
6455 /* make sure we flush any pending irq or
6456 * tasklet for the driver
6458 spin_lock_irqsave(&il->lock, flags);
6459 il_disable_interrupts(il);
6460 spin_unlock_irqrestore(&il->lock, flags);
6462 il4965_synchronize_irq(il);
6464 il4965_dealloc_ucode_pci(il);
6467 il4965_rx_queue_free(il, &il->rxq);
6468 il4965_hw_txq_ctx_free(il);
6473 /*netif_stop_queue(dev); */
6474 flush_workqueue(il->workqueue);
6476 /* ieee80211_unregister_hw calls il_mac_stop, which flushes
6477 * il->workqueue... so we can't take down the workqueue
6479 destroy_workqueue(il->workqueue);
6480 il->workqueue = NULL;
6481 il_free_traffic_mem(il);
6483 free_irq(il->pci_dev->irq, il);
6484 pci_disable_msi(il->pci_dev);
6485 pci_iounmap(pdev, il->hw_base);
6486 pci_release_regions(pdev);
6487 pci_disable_device(pdev);
6488 pci_set_drvdata(pdev, NULL);
6490 il4965_uninit_drv(il);
6492 dev_kfree_skb(il->beacon_skb);
6494 ieee80211_free_hw(il->hw);
6498 * Activate/Deactivate Tx DMA/FIFO channels according tx fifos mask
6499 * must be called under il->lock and mac access
6501 void il4965_txq_set_sched(struct il_priv *il, u32 mask)
6503 il_wr_prph(il, IL49_SCD_TXFACT, mask);
6506 /*****************************************************************************
6508 * driver and module entry point
6510 *****************************************************************************/
6512 /* Hardware specific file defines the PCI IDs table for that hardware module */
6513 static DEFINE_PCI_DEVICE_TABLE(il4965_hw_card_ids) = {
6514 {IL_PCI_DEVICE(0x4229, PCI_ANY_ID, il4965_cfg)},
6515 {IL_PCI_DEVICE(0x4230, PCI_ANY_ID, il4965_cfg)},
6518 MODULE_DEVICE_TABLE(pci, il4965_hw_card_ids);
6520 static struct pci_driver il4965_driver = {
6522 .id_table = il4965_hw_card_ids,
6523 .probe = il4965_pci_probe,
6524 .remove = __devexit_p(il4965_pci_remove),
6525 .driver.pm = IL_LEGACY_PM_OPS,
6528 static int __init il4965_init(void)
6532 pr_info(DRV_DESCRIPTION ", " DRV_VERSION "\n");
6533 pr_info(DRV_COPYRIGHT "\n");
6535 ret = il4965_rate_control_register();
6537 pr_err("Unable to register rate control algorithm: %d\n", ret);
6541 ret = pci_register_driver(&il4965_driver);
6543 pr_err("Unable to initialize PCI module\n");
6544 goto error_register;
6550 il4965_rate_control_unregister();
6554 static void __exit il4965_exit(void)
6556 pci_unregister_driver(&il4965_driver);
6557 il4965_rate_control_unregister();
6560 module_exit(il4965_exit);
6561 module_init(il4965_init);
6563 #ifdef CONFIG_IWLEGACY_DEBUG
6564 module_param_named(debug, il_debug_level, uint, S_IRUGO | S_IWUSR);
6565 MODULE_PARM_DESC(debug, "debug output mask");
6568 module_param_named(swcrypto, il4965_mod_params.sw_crypto, int, S_IRUGO);
6569 MODULE_PARM_DESC(swcrypto, "using crypto in software (default 0 [hardware])");
6570 module_param_named(queues_num, il4965_mod_params.num_of_queues, int, S_IRUGO);
6571 MODULE_PARM_DESC(queues_num, "number of hw queues.");
6572 module_param_named(11n_disable, il4965_mod_params.disable_11n, int, S_IRUGO);
6573 MODULE_PARM_DESC(11n_disable, "disable 11n functionality");
6574 module_param_named(amsdu_size_8K, il4965_mod_params.amsdu_size_8K,
6576 MODULE_PARM_DESC(amsdu_size_8K, "enable 8K amsdu size");
6577 module_param_named(fw_restart, il4965_mod_params.restart_fw, int, S_IRUGO);
6578 MODULE_PARM_DESC(fw_restart, "restart firmware in case of error");
projects / mv-sheeva.git / blob