1 /*
   2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5 
   6 /*
   7  * Copyright (c) 2007, Intel Corporation
   8  * All rights reserved.
   9  */
  10 
  11 /*
  12  * Copyright (c) 2006
  13  * Copyright (c) 2007
  14  *      Damien Bergamini <damien.bergamini@free.fr>
  15  *
  16  * Permission to use, copy, modify, and distribute this software for any
  17  * purpose with or without fee is hereby granted, provided that the above
  18  * copyright notice and this permission notice appear in all copies.
  19  *
  20  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  21  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  22  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  23  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  24  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  25  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  26  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  27  */
  28 
  29 /*
  30  * Driver for Intel PRO/Wireless 4965AGN(kedron) 802.11 network adapters.
  31  */
  32 
  33 #include <sys/types.h>
  34 #include <sys/byteorder.h>
  35 #include <sys/conf.h>
  36 #include <sys/cmn_err.h>
  37 #include <sys/stat.h>
  38 #include <sys/ddi.h>
  39 #include <sys/sunddi.h>
  40 #include <sys/strsubr.h>
  41 #include <sys/ethernet.h>
  42 #include <inet/common.h>
  43 #include <inet/nd.h>
  44 #include <inet/mi.h>
  45 #include <sys/note.h>
  46 #include <sys/stream.h>
  47 #include <sys/strsun.h>
  48 #include <sys/modctl.h>
  49 #include <sys/devops.h>
  50 #include <sys/dlpi.h>
  51 #include <sys/mac_provider.h>
  52 #include <sys/mac_wifi.h>
  53 #include <sys/net80211.h>
  54 #include <sys/net80211_proto.h>
  55 #include <sys/varargs.h>
  56 #include <sys/policy.h>
  57 #include <sys/pci.h>
  58 
  59 #include "iwk_calibration.h"
  60 #include "iwk_hw.h"
  61 #include "iwk_eeprom.h"
  62 #include "iwk2_var.h"
  63 #include <inet/wifi_ioctl.h>
  64 
  65 #ifdef DEBUG
  66 #define IWK_DEBUG_80211         (1 << 0)
  67 #define IWK_DEBUG_CMD           (1 << 1)
  68 #define IWK_DEBUG_DMA           (1 << 2)
  69 #define IWK_DEBUG_EEPROM        (1 << 3)
  70 #define IWK_DEBUG_FW            (1 << 4)
  71 #define IWK_DEBUG_HW            (1 << 5)
  72 #define IWK_DEBUG_INTR          (1 << 6)
  73 #define IWK_DEBUG_MRR           (1 << 7)
  74 #define IWK_DEBUG_PIO           (1 << 8)
  75 #define IWK_DEBUG_RX            (1 << 9)
  76 #define IWK_DEBUG_SCAN          (1 << 10)
  77 #define IWK_DEBUG_TX            (1 << 11)
  78 #define IWK_DEBUG_RATECTL       (1 << 12)
  79 #define IWK_DEBUG_RADIO         (1 << 13)
  80 #define IWK_DEBUG_RESUME        (1 << 14)
  81 #define IWK_DEBUG_CALIBRATION   (1 << 15)
  82 uint32_t iwk_dbg_flags = 0;
  83 #define IWK_DBG(x) \
  84         iwk_dbg x
  85 #else
  86 #define IWK_DBG(x)
  87 #endif
  88 
  89 static void     *iwk_soft_state_p = NULL;
  90 static uint8_t iwk_fw_bin [] = {
  91 #include "fw-iw/iw4965.ucode.hex"
  92 };
  93 
  94 /* DMA attributes for a shared page */
  95 static ddi_dma_attr_t sh_dma_attr = {
  96         DMA_ATTR_V0,    /* version of this structure */
  97         0,              /* lowest usable address */
  98         0xffffffffU,    /* highest usable address */
  99         0xffffffffU,    /* maximum DMAable byte count */
 100         0x1000,         /* alignment in bytes */
 101         0x1000,         /* burst sizes (any?) */
 102         1,              /* minimum transfer */
 103         0xffffffffU,    /* maximum transfer */
 104         0xffffffffU,    /* maximum segment length */
 105         1,              /* maximum number of segments */
 106         1,              /* granularity */
 107         0,              /* flags (reserved) */
 108 };
 109 
 110 /* DMA attributes for a keep warm DRAM descriptor */
 111 static ddi_dma_attr_t kw_dma_attr = {
 112         DMA_ATTR_V0,    /* version of this structure */
 113         0,              /* lowest usable address */
 114         0xffffffffU,    /* highest usable address */
 115         0xffffffffU,    /* maximum DMAable byte count */
 116         0x1000,         /* alignment in bytes */
 117         0x1000,         /* burst sizes (any?) */
 118         1,              /* minimum transfer */
 119         0xffffffffU,    /* maximum transfer */
 120         0xffffffffU,    /* maximum segment length */
 121         1,              /* maximum number of segments */
 122         1,              /* granularity */
 123         0,              /* flags (reserved) */
 124 };
 125 
 126 /* DMA attributes for a ring descriptor */
 127 static ddi_dma_attr_t ring_desc_dma_attr = {
 128         DMA_ATTR_V0,    /* version of this structure */
 129         0,              /* lowest usable address */
 130         0xffffffffU,    /* highest usable address */
 131         0xffffffffU,    /* maximum DMAable byte count */
 132         0x100,          /* alignment in bytes */
 133         0x100,          /* burst sizes (any?) */
 134         1,              /* minimum transfer */
 135         0xffffffffU,    /* maximum transfer */
 136         0xffffffffU,    /* maximum segment length */
 137         1,              /* maximum number of segments */
 138         1,              /* granularity */
 139         0,              /* flags (reserved) */
 140 };
 141 
 142 /* DMA attributes for a cmd */
 143 static ddi_dma_attr_t cmd_dma_attr = {
 144         DMA_ATTR_V0,    /* version of this structure */
 145         0,              /* lowest usable address */
 146         0xffffffffU,    /* highest usable address */
 147         0xffffffffU,    /* maximum DMAable byte count */
 148         4,              /* alignment in bytes */
 149         0x100,          /* burst sizes (any?) */
 150         1,              /* minimum transfer */
 151         0xffffffffU,    /* maximum transfer */
 152         0xffffffffU,    /* maximum segment length */
 153         1,              /* maximum number of segments */
 154         1,              /* granularity */
 155         0,              /* flags (reserved) */
 156 };
 157 
 158 /* DMA attributes for a rx buffer */
 159 static ddi_dma_attr_t rx_buffer_dma_attr = {
 160         DMA_ATTR_V0,    /* version of this structure */
 161         0,              /* lowest usable address */
 162         0xffffffffU,    /* highest usable address */
 163         0xffffffffU,    /* maximum DMAable byte count */
 164         0x100,          /* alignment in bytes */
 165         0x100,          /* burst sizes (any?) */
 166         1,              /* minimum transfer */
 167         0xffffffffU,    /* maximum transfer */
 168         0xffffffffU,    /* maximum segment length */
 169         1,              /* maximum number of segments */
 170         1,              /* granularity */
 171         0,              /* flags (reserved) */
 172 };
 173 
 174 /*
 175  * DMA attributes for a tx buffer.
 176  * the maximum number of segments is 4 for the hardware.
 177  * now all the wifi drivers put the whole frame in a single
 178  * descriptor, so we define the maximum  number of segments 1,
 179  * just the same as the rx_buffer. we consider leverage the HW
 180  * ability in the future, that is why we don't define rx and tx
 181  * buffer_dma_attr as the same.
 182  */
 183 static ddi_dma_attr_t tx_buffer_dma_attr = {
 184         DMA_ATTR_V0,    /* version of this structure */
 185         0,              /* lowest usable address */
 186         0xffffffffU,    /* highest usable address */
 187         0xffffffffU,    /* maximum DMAable byte count */
 188         4,              /* alignment in bytes */
 189         0x100,          /* burst sizes (any?) */
 190         1,              /* minimum transfer */
 191         0xffffffffU,    /* maximum transfer */
 192         0xffffffffU,    /* maximum segment length */
 193         1,              /* maximum number of segments */
 194         1,              /* granularity */
 195         0,              /* flags (reserved) */
 196 };
 197 
 198 /* DMA attributes for text and data part in the firmware */
 199 static ddi_dma_attr_t fw_dma_attr = {
 200         DMA_ATTR_V0,    /* version of this structure */
 201         0,              /* lowest usable address */
 202         0xffffffffU,    /* highest usable address */
 203         0x7fffffff,     /* maximum DMAable byte count */
 204         0x10,           /* alignment in bytes */
 205         0x100,          /* burst sizes (any?) */
 206         1,              /* minimum transfer */
 207         0xffffffffU,    /* maximum transfer */
 208         0xffffffffU,    /* maximum segment length */
 209         1,              /* maximum number of segments */
 210         1,              /* granularity */
 211         0,              /* flags (reserved) */
 212 };
 213 
 214 
 215 /* regs access attributes */
 216 static ddi_device_acc_attr_t iwk_reg_accattr = {
 217         DDI_DEVICE_ATTR_V0,
 218         DDI_STRUCTURE_LE_ACC,
 219         DDI_STRICTORDER_ACC,
 220         DDI_DEFAULT_ACC
 221 };
 222 
 223 /* DMA access attributes for Descriptor */
 224 static ddi_device_acc_attr_t iwk_dma_descattr = {
 225         DDI_DEVICE_ATTR_V0,
 226         DDI_STRUCTURE_LE_ACC,
 227         DDI_STRICTORDER_ACC,
 228         DDI_DEFAULT_ACC
 229 };
 230 
 231 /* DMA access attributes */
 232 static ddi_device_acc_attr_t iwk_dma_accattr = {
 233         DDI_DEVICE_ATTR_V0,
 234         DDI_NEVERSWAP_ACC,
 235         DDI_STRICTORDER_ACC,
 236         DDI_DEFAULT_ACC
 237 };
 238 
 239 static int      iwk_ring_init(iwk_sc_t *);
 240 static void     iwk_ring_free(iwk_sc_t *);
 241 static int      iwk_alloc_shared(iwk_sc_t *);
 242 static void     iwk_free_shared(iwk_sc_t *);
 243 static int      iwk_alloc_kw(iwk_sc_t *);
 244 static void     iwk_free_kw(iwk_sc_t *);
 245 static int      iwk_alloc_fw_dma(iwk_sc_t *);
 246 static void     iwk_free_fw_dma(iwk_sc_t *);
 247 static int      iwk_alloc_rx_ring(iwk_sc_t *);
 248 static void     iwk_reset_rx_ring(iwk_sc_t *);
 249 static void     iwk_free_rx_ring(iwk_sc_t *);
 250 static int      iwk_alloc_tx_ring(iwk_sc_t *, iwk_tx_ring_t *,
 251     int, int);
 252 static void     iwk_reset_tx_ring(iwk_sc_t *, iwk_tx_ring_t *);
 253 static void     iwk_free_tx_ring(iwk_sc_t *, iwk_tx_ring_t *);
 254 
 255 static ieee80211_node_t *iwk_node_alloc(ieee80211com_t *);
 256 static void     iwk_node_free(ieee80211_node_t *);
 257 static int      iwk_newstate(ieee80211com_t *, enum ieee80211_state, int);
 258 static int      iwk_key_set(ieee80211com_t *, const struct ieee80211_key *,
 259     const uint8_t mac[IEEE80211_ADDR_LEN]);
 260 static void     iwk_mac_access_enter(iwk_sc_t *);
 261 static void     iwk_mac_access_exit(iwk_sc_t *);
 262 static uint32_t iwk_reg_read(iwk_sc_t *, uint32_t);
 263 static void     iwk_reg_write(iwk_sc_t *, uint32_t, uint32_t);
 264 static void     iwk_reg_write_region_4(iwk_sc_t *, uint32_t,
 265                     uint32_t *, int);
 266 static int      iwk_load_firmware(iwk_sc_t *);
 267 static void     iwk_rx_intr(iwk_sc_t *, iwk_rx_desc_t *,
 268                     iwk_rx_data_t *);
 269 static void     iwk_tx_intr(iwk_sc_t *, iwk_rx_desc_t *,
 270                     iwk_rx_data_t *);
 271 static void     iwk_cmd_intr(iwk_sc_t *, iwk_rx_desc_t *);
 272 static uint_t   iwk_intr(caddr_t, caddr_t);
 273 static int      iwk_eep_load(iwk_sc_t *sc);
 274 static void     iwk_get_mac_from_eep(iwk_sc_t *sc);
 275 static int      iwk_eep_sem_down(iwk_sc_t *sc);
 276 static void     iwk_eep_sem_up(iwk_sc_t *sc);
 277 static uint_t   iwk_rx_softintr(caddr_t, caddr_t);
 278 static uint8_t  iwk_rate_to_plcp(int);
 279 static int      iwk_cmd(iwk_sc_t *, int, const void *, int, int);
 280 static void     iwk_set_led(iwk_sc_t *, uint8_t, uint8_t, uint8_t);
 281 static int      iwk_hw_set_before_auth(iwk_sc_t *);
 282 static int      iwk_scan(iwk_sc_t *);
 283 static int      iwk_config(iwk_sc_t *);
 284 static void     iwk_stop_master(iwk_sc_t *);
 285 static int      iwk_power_up(iwk_sc_t *);
 286 static int      iwk_preinit(iwk_sc_t *);
 287 static int      iwk_init(iwk_sc_t *);
 288 static void     iwk_stop(iwk_sc_t *);
 289 static void     iwk_amrr_init(iwk_amrr_t *);
 290 static void     iwk_amrr_timeout(iwk_sc_t *);
 291 static void     iwk_amrr_ratectl(void *, ieee80211_node_t *);
 292 static int32_t  iwk_curr_tempera(iwk_sc_t *sc);
 293 static int      iwk_tx_power_calibration(iwk_sc_t *sc);
 294 static inline int       iwk_is_24G_band(iwk_sc_t *sc);
 295 static inline int       iwk_is_fat_channel(iwk_sc_t *sc);
 296 static int      iwk_txpower_grp(uint16_t channel);
 297 static struct   iwk_eep_channel *iwk_get_eep_channel(iwk_sc_t *sc,
 298     uint16_t channel,
 299     int is_24G, int is_fat, int is_hi_chan);
 300 static int32_t  iwk_band_number(iwk_sc_t *sc, uint16_t channel);
 301 static int      iwk_division(int32_t num, int32_t denom, int32_t *res);
 302 static int32_t  iwk_interpolate_value(int32_t x, int32_t x1, int32_t y1,
 303     int32_t x2, int32_t y2);
 304 static int      iwk_channel_interpolate(iwk_sc_t *sc, uint16_t channel,
 305     struct iwk_eep_calib_channel_info *chan_info);
 306 static int32_t  iwk_voltage_compensation(int32_t eep_voltage,
 307     int32_t curr_voltage);
 308 static int32_t  iwk_min_power_index(int32_t rate_pow_idx, int32_t is_24G);
 309 static int      iwk_txpower_table_cmd_init(iwk_sc_t *sc,
 310     struct iwk_tx_power_db *tp_db);
 311 static void     iwk_statistics_notify(iwk_sc_t *sc, iwk_rx_desc_t *desc);
 312 static int      iwk_is_associated(iwk_sc_t *sc);
 313 static int      iwk_rxgain_diff_init(iwk_sc_t *sc);
 314 static int      iwk_rxgain_diff(iwk_sc_t *sc);
 315 static int      iwk_rx_sens_init(iwk_sc_t *sc);
 316 static int      iwk_rx_sens(iwk_sc_t *sc);
 317 static int      iwk_cck_sens(iwk_sc_t *sc, uint32_t actual_rx_time);
 318 static int      iwk_ofdm_sens(iwk_sc_t *sc, uint32_t actual_rx_time);
 319 static void     iwk_recv_mgmt(struct ieee80211com *ic, mblk_t *mp,
 320     struct ieee80211_node *in, int subtype, int rssi, uint32_t rstamp);
 321 
 322 static void     iwk_write_event_log(iwk_sc_t *);
 323 static void     iwk_write_error_log(iwk_sc_t *);
 324 
 325 static int      iwk_attach(dev_info_t *dip, ddi_attach_cmd_t cmd);
 326 static int      iwk_detach(dev_info_t *dip, ddi_detach_cmd_t cmd);
 327 static int      iwk_quiesce(dev_info_t *dip);
 328 
 329 /*
 330  * GLD specific operations
 331  */
 332 static int      iwk_m_stat(void *arg, uint_t stat, uint64_t *val);
 333 static int      iwk_m_start(void *arg);
 334 static void     iwk_m_stop(void *arg);
 335 static int      iwk_m_unicst(void *arg, const uint8_t *macaddr);
 336 static int      iwk_m_multicst(void *arg, boolean_t add, const uint8_t *m);
 337 static int      iwk_m_promisc(void *arg, boolean_t on);
 338 static mblk_t   *iwk_m_tx(void *arg, mblk_t *mp);
 339 static void     iwk_m_ioctl(void *arg, queue_t *wq, mblk_t *mp);
 340 static int      iwk_m_setprop(void *arg, const char *pr_name,
 341         mac_prop_id_t wldp_pr_name, uint_t wldp_length, const void *wldp_buf);
 342 static int      iwk_m_getprop(void *arg, const char *pr_name,
 343         mac_prop_id_t wldp_pr_name, uint_t wldp_length, void *wldp_buf);
 344 static void     iwk_m_propinfo(void *arg, const char *pr_name,
 345     mac_prop_id_t wldp_pr_num, mac_prop_info_handle_t mph);
 346 static void     iwk_destroy_locks(iwk_sc_t *sc);
 347 static int      iwk_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type);
 348 static void     iwk_thread(iwk_sc_t *sc);
 349 static void     iwk_watchdog(void *arg);
 350 static int      iwk_run_state_config_ibss(ieee80211com_t *ic);
 351 static int      iwk_run_state_config_sta(ieee80211com_t *ic);
 352 static int      iwk_fast_recover(iwk_sc_t *sc);
 353 static int      iwk_start_tx_beacon(ieee80211com_t *ic);
 354 static int      iwk_clean_add_node_ibss(struct ieee80211com *ic,
 355     uint8_t addr[IEEE80211_ADDR_LEN], uint8_t *index2);
 356 
 357 /*
 358  * Supported rates for 802.11b/g modes (in 500Kbps unit).
 359  * 11a and 11n support will be added later.
 360  */
 361 static const struct ieee80211_rateset iwk_rateset_11b =
 362         { 4, { 2, 4, 11, 22 } };
 363 
 364 static const struct ieee80211_rateset iwk_rateset_11g =
 365         { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
 366 
 367 /*
 368  * For mfthread only
 369  */
 370 extern pri_t minclsyspri;
 371 
 372 #define DRV_NAME_4965   "iwk"
 373 
 374 /*
 375  * Module Loading Data & Entry Points
 376  */
 377 DDI_DEFINE_STREAM_OPS(iwk_devops, nulldev, nulldev, iwk_attach,
 378     iwk_detach, nodev, NULL, D_MP, NULL, iwk_quiesce);
 379 
 380 static struct modldrv iwk_modldrv = {
 381         &mod_driverops,
 382         "Intel(R) 4965AGN driver(N)",
 383         &iwk_devops
 384 };
 385 
 386 static struct modlinkage iwk_modlinkage = {
 387         MODREV_1,
 388         &iwk_modldrv,
 389         NULL
 390 };
 391 
 392 int
 393 _init(void)
 394 {
 395         int     status;
 396 
 397         status = ddi_soft_state_init(&iwk_soft_state_p,
 398             sizeof (iwk_sc_t), 1);
 399         if (status != DDI_SUCCESS)
 400                 return (status);
 401 
 402         mac_init_ops(&iwk_devops, DRV_NAME_4965);
 403         status = mod_install(&iwk_modlinkage);
 404         if (status != DDI_SUCCESS) {
 405                 mac_fini_ops(&iwk_devops);
 406                 ddi_soft_state_fini(&iwk_soft_state_p);
 407         }
 408 
 409         return (status);
 410 }
 411 
 412 int
 413 _fini(void)
 414 {
 415         int status;
 416 
 417         status = mod_remove(&iwk_modlinkage);
 418         if (status == DDI_SUCCESS) {
 419                 mac_fini_ops(&iwk_devops);
 420                 ddi_soft_state_fini(&iwk_soft_state_p);
 421         }
 422 
 423         return (status);
 424 }
 425 
 426 int
 427 _info(struct modinfo *mip)
 428 {
 429         return (mod_info(&iwk_modlinkage, mip));
 430 }
 431 
 432 /*
 433  * Mac Call Back entries
 434  */
 435 mac_callbacks_t iwk_m_callbacks = {
 436         MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO,
 437         iwk_m_stat,
 438         iwk_m_start,
 439         iwk_m_stop,
 440         iwk_m_promisc,
 441         iwk_m_multicst,
 442         iwk_m_unicst,
 443         iwk_m_tx,
 444         NULL,
 445         iwk_m_ioctl,
 446         NULL,
 447         NULL,
 448         NULL,
 449         iwk_m_setprop,
 450         iwk_m_getprop,
 451         iwk_m_propinfo
 452 };
 453 
 454 #ifdef DEBUG
 455 void
 456 iwk_dbg(uint32_t flags, const char *fmt, ...)
 457 {
 458         va_list ap;
 459 
 460         if (flags & iwk_dbg_flags) {
 461                 va_start(ap, fmt);
 462                 vcmn_err(CE_NOTE, fmt, ap);
 463                 va_end(ap);
 464         }
 465 }
 466 #endif
 467 
 468 /*
 469  * device operations
 470  */
 471 int
 472 iwk_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
 473 {
 474         iwk_sc_t                *sc;
 475         ieee80211com_t  *ic;
 476         int                     instance, err, i;
 477         char                    strbuf[32];
 478         wifi_data_t             wd = { 0 };
 479         mac_register_t          *macp;
 480 
 481         int                     intr_type;
 482         int                     intr_count;
 483         int                     intr_actual;
 484 
 485         switch (cmd) {
 486         case DDI_ATTACH:
 487                 break;
 488         case DDI_RESUME:
 489                 sc = ddi_get_soft_state(iwk_soft_state_p,
 490                     ddi_get_instance(dip));
 491                 ASSERT(sc != NULL);
 492 
 493                 mutex_enter(&sc->sc_glock);
 494                 sc->sc_flags &= ~IWK_F_SUSPEND;
 495                 mutex_exit(&sc->sc_glock);
 496 
 497                 if (sc->sc_flags & IWK_F_RUNNING)
 498                         (void) iwk_init(sc);
 499 
 500                 mutex_enter(&sc->sc_glock);
 501                 sc->sc_flags |= IWK_F_LAZY_RESUME;
 502                 mutex_exit(&sc->sc_glock);
 503 
 504                 IWK_DBG((IWK_DEBUG_RESUME, "iwk: resume\n"));
 505                 return (DDI_SUCCESS);
 506         default:
 507                 err = DDI_FAILURE;
 508                 goto attach_fail1;
 509         }
 510 
 511         instance = ddi_get_instance(dip);
 512         err = ddi_soft_state_zalloc(iwk_soft_state_p, instance);
 513         if (err != DDI_SUCCESS) {
 514                 cmn_err(CE_WARN,
 515                     "iwk_attach(): failed to allocate soft state\n");
 516                 goto attach_fail1;
 517         }
 518         sc = ddi_get_soft_state(iwk_soft_state_p, instance);
 519         sc->sc_dip = dip;
 520 
 521         err = ddi_regs_map_setup(dip, 0, &sc->sc_cfg_base, 0, 0,
 522             &iwk_reg_accattr, &sc->sc_cfg_handle);
 523         if (err != DDI_SUCCESS) {
 524                 cmn_err(CE_WARN,
 525                     "iwk_attach(): failed to map config spaces regs\n");
 526                 goto attach_fail2;
 527         }
 528         sc->sc_rev = ddi_get8(sc->sc_cfg_handle,
 529             (uint8_t *)(sc->sc_cfg_base + PCI_CONF_REVID));
 530         ddi_put8(sc->sc_cfg_handle, (uint8_t *)(sc->sc_cfg_base + 0x41), 0);
 531         sc->sc_clsz = ddi_get16(sc->sc_cfg_handle,
 532             (uint16_t *)(sc->sc_cfg_base + PCI_CONF_CACHE_LINESZ));
 533         if (!sc->sc_clsz)
 534                 sc->sc_clsz = 16;
 535         sc->sc_clsz = (sc->sc_clsz << 2);
 536         sc->sc_dmabuf_sz = roundup(0x1000 + sizeof (struct ieee80211_frame) +
 537             IEEE80211_MTU + IEEE80211_CRC_LEN +
 538             (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN +
 539             IEEE80211_WEP_CRCLEN), sc->sc_clsz);
 540         /*
 541          * Map operating registers
 542          */
 543         err = ddi_regs_map_setup(dip, 1, &sc->sc_base,
 544             0, 0, &iwk_reg_accattr, &sc->sc_handle);
 545         if (err != DDI_SUCCESS) {
 546                 cmn_err(CE_WARN,
 547                     "iwk_attach(): failed to map device regs\n");
 548                 goto attach_fail2a;
 549         }
 550 
 551         err = ddi_intr_get_supported_types(dip, &intr_type);
 552         if ((err != DDI_SUCCESS) || (!(intr_type & DDI_INTR_TYPE_FIXED))) {
 553                 cmn_err(CE_WARN, "iwk_attach(): "
 554                     "Fixed type interrupt is not supported\n");
 555                 goto attach_fail_intr_a;
 556         }
 557 
 558         err = ddi_intr_get_nintrs(dip, DDI_INTR_TYPE_FIXED, &intr_count);
 559         if ((err != DDI_SUCCESS) || (intr_count != 1)) {
 560                 cmn_err(CE_WARN, "iwk_attach(): "
 561                     "No fixed interrupts\n");
 562                 goto attach_fail_intr_a;
 563         }
 564 
 565         sc->sc_intr_htable = kmem_zalloc(sizeof (ddi_intr_handle_t), KM_SLEEP);
 566 
 567         err = ddi_intr_alloc(dip, sc->sc_intr_htable, DDI_INTR_TYPE_FIXED, 0,
 568             intr_count, &intr_actual, 0);
 569         if ((err != DDI_SUCCESS) || (intr_actual != 1)) {
 570                 cmn_err(CE_WARN, "iwk_attach(): "
 571                     "ddi_intr_alloc() failed 0x%x\n", err);
 572                 goto attach_fail_intr_b;
 573         }
 574 
 575         err = ddi_intr_get_pri(sc->sc_intr_htable[0], &sc->sc_intr_pri);
 576         if (err != DDI_SUCCESS) {
 577                 cmn_err(CE_WARN, "iwk_attach(): "
 578                     "ddi_intr_get_pri() failed 0x%x\n", err);
 579                 goto attach_fail_intr_c;
 580         }
 581 
 582         mutex_init(&sc->sc_glock, NULL, MUTEX_DRIVER,
 583             DDI_INTR_PRI(sc->sc_intr_pri));
 584         mutex_init(&sc->sc_tx_lock, NULL, MUTEX_DRIVER,
 585             DDI_INTR_PRI(sc->sc_intr_pri));
 586         mutex_init(&sc->sc_mt_lock, NULL, MUTEX_DRIVER,
 587             DDI_INTR_PRI(sc->sc_intr_pri));
 588         mutex_init(&sc->sc_ibss.node_tb_lock, NULL, MUTEX_DRIVER,
 589             DDI_INTR_PRI(sc->sc_intr_pri));
 590 
 591         cv_init(&sc->sc_fw_cv, NULL, CV_DRIVER, NULL);
 592         cv_init(&sc->sc_cmd_cv, NULL, CV_DRIVER, NULL);
 593         cv_init(&sc->sc_tx_cv, "tx-ring", CV_DRIVER, NULL);
 594         /*
 595          * initialize the mfthread
 596          */
 597         cv_init(&sc->sc_mt_cv, NULL, CV_DRIVER, NULL);
 598         sc->sc_mf_thread = NULL;
 599         sc->sc_mf_thread_switch = 0;
 600 
 601         /*
 602          * Allocate shared page.
 603          */
 604         err = iwk_alloc_shared(sc);
 605         if (err != DDI_SUCCESS) {
 606                 cmn_err(CE_WARN, "iwk_attach(): "
 607                     "failed to allocate shared page\n");
 608                 goto attach_fail3;
 609         }
 610 
 611         /*
 612          * Allocate keep warm page.
 613          */
 614         err = iwk_alloc_kw(sc);
 615         if (err != DDI_SUCCESS) {
 616                 cmn_err(CE_WARN, "iwk_attach(): "
 617                     "failed to allocate keep warm page\n");
 618                 goto attach_fail3a;
 619         }
 620 
 621         /*
 622          * Do some necessary hardware initializations.
 623          */
 624         err = iwk_preinit(sc);
 625         if (err != DDI_SUCCESS) {
 626                 cmn_err(CE_WARN, "iwk_attach(): "
 627                     "failed to init hardware\n");
 628                 goto attach_fail4;
 629         }
 630 
 631         /* initialize EEPROM */
 632         err = iwk_eep_load(sc);  /* get hardware configurations from eeprom */
 633         if (err != 0) {
 634                 cmn_err(CE_WARN, "iwk_attach(): failed to load eeprom\n");
 635                 goto attach_fail4;
 636         }
 637 
 638         if (LE_16(sc->sc_eep_map.calib_version) < EEP_TX_POWER_VERSION_NEW) {
 639                 cmn_err(CE_WARN, "older EEPROM detected\n");
 640                 goto attach_fail4;
 641         }
 642 
 643         iwk_get_mac_from_eep(sc);
 644 
 645         err = iwk_ring_init(sc);
 646         if (err != DDI_SUCCESS) {
 647                 cmn_err(CE_WARN, "iwk_attach(): "
 648                     "failed to allocate and initialize ring\n");
 649                 goto attach_fail4;
 650         }
 651 
 652         sc->sc_hdr = (iwk_firmware_hdr_t *)iwk_fw_bin;
 653 
 654         err = iwk_alloc_fw_dma(sc);
 655         if (err != DDI_SUCCESS) {
 656                 cmn_err(CE_WARN, "iwk_attach(): "
 657                     "failed to allocate firmware dma\n");
 658                 goto attach_fail5;
 659         }
 660 
 661         /*
 662          * Initialize the wifi part, which will be used by
 663          * generic layer
 664          */
 665         ic = &sc->sc_ic;
 666         ic->ic_phytype  = IEEE80211_T_OFDM;
 667         ic->ic_opmode   = IEEE80211_M_STA; /* default to BSS mode */
 668         ic->ic_state    = IEEE80211_S_INIT;
 669         ic->ic_maxrssi  = 100; /* experimental number */
 670         ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_TXPMGT |
 671             IEEE80211_C_PMGT | IEEE80211_C_SHSLOT;
 672         /*
 673          * use software WEP and TKIP, hardware CCMP;
 674          */
 675         ic->ic_caps |= IEEE80211_C_AES_CCM;
 676         /*
 677          * Support WPA/WPA2
 678          */
 679         ic->ic_caps |= IEEE80211_C_WPA;
 680         /*
 681          * support Adhoc mode
 682          */
 683         ic->ic_caps |= IEEE80211_C_IBSS;
 684 
 685         /* set supported .11b and .11g rates */
 686         ic->ic_sup_rates[IEEE80211_MODE_11B] = iwk_rateset_11b;
 687         ic->ic_sup_rates[IEEE80211_MODE_11G] = iwk_rateset_11g;
 688 
 689         /* set supported .11b and .11g channels (1 through 11) */
 690         for (i = 1; i <= 11; i++) {
 691                 ic->ic_sup_channels[i].ich_freq =
 692                     ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
 693                 ic->ic_sup_channels[i].ich_flags =
 694                     IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
 695                     IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ |
 696                     IEEE80211_CHAN_PASSIVE;
 697         }
 698         ic->ic_ibss_chan = &ic->ic_sup_channels[0];
 699 
 700         ic->ic_xmit = iwk_send;
 701         /*
 702          * init Wifi layer
 703          */
 704         ieee80211_attach(ic);
 705 
 706         /*
 707          * different instance has different WPA door
 708          */
 709         (void) snprintf(ic->ic_wpadoor, MAX_IEEE80211STR, "%s_%s%d", WPA_DOOR,
 710             ddi_driver_name(dip),
 711             ddi_get_instance(dip));
 712 
 713         /*
 714          * Override 80211 default routines
 715          */
 716         sc->sc_newstate = ic->ic_newstate;
 717         ic->ic_newstate = iwk_newstate;
 718         ic->ic_watchdog = iwk_watchdog;
 719         sc->sc_recv_mgmt = ic->ic_recv_mgmt;
 720         ic->ic_recv_mgmt = iwk_recv_mgmt;
 721         ic->ic_node_alloc = iwk_node_alloc;
 722         ic->ic_node_free = iwk_node_free;
 723         ic->ic_crypto.cs_key_set = iwk_key_set;
 724         ieee80211_media_init(ic);
 725         /*
 726          * initialize default tx key
 727          */
 728         ic->ic_def_txkey = 0;
 729         err = ddi_intr_add_softint(dip, &sc->sc_soft_hdl, DDI_INTR_SOFTPRI_MAX,
 730             iwk_rx_softintr, (caddr_t)sc);
 731         if (err != DDI_SUCCESS) {
 732                 cmn_err(CE_WARN, "iwk_attach(): "
 733                     "add soft interrupt failed\n");
 734                 goto attach_fail7;
 735         }
 736 
 737         /*
 738          * Add the interrupt handler
 739          */
 740         err = ddi_intr_add_handler(sc->sc_intr_htable[0], iwk_intr,
 741             (caddr_t)sc, NULL);
 742         if (err != DDI_SUCCESS) {
 743                 cmn_err(CE_WARN, "iwk_attach(): "
 744                     "ddi_intr_add_handle() failed\n");
 745                 goto attach_fail8;
 746         }
 747 
 748         err = ddi_intr_enable(sc->sc_intr_htable[0]);
 749         if (err != DDI_SUCCESS) {
 750                 cmn_err(CE_WARN, "iwk_attach(): "
 751                     "ddi_intr_enable() failed\n");
 752                 goto attach_fail_intr_d;
 753         }
 754 
 755         /*
 756          * Initialize pointer to device specific functions
 757          */
 758         wd.wd_secalloc = WIFI_SEC_NONE;
 759         wd.wd_opmode = ic->ic_opmode;
 760         IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_macaddr);
 761 
 762         macp = mac_alloc(MAC_VERSION);
 763         if (macp == NULL) {
 764                 cmn_err(CE_WARN,
 765                     "iwk_attach(): failed to do mac_alloc()\n");
 766                 goto attach_fail9;
 767         }
 768 
 769         macp->m_type_ident   = MAC_PLUGIN_IDENT_WIFI;
 770         macp->m_driver               = sc;
 771         macp->m_dip          = dip;
 772         macp->m_src_addr     = ic->ic_macaddr;
 773         macp->m_callbacks    = &iwk_m_callbacks;
 774         macp->m_min_sdu              = 0;
 775         macp->m_max_sdu              = IEEE80211_MTU;
 776         macp->m_pdata                = &wd;
 777         macp->m_pdata_size   = sizeof (wd);
 778 
 779         /*
 780          * Register the macp to mac
 781          */
 782         err = mac_register(macp, &ic->ic_mach);
 783         mac_free(macp);
 784         if (err != DDI_SUCCESS) {
 785                 cmn_err(CE_WARN,
 786                     "iwk_attach(): failed to do mac_register()\n");
 787                 goto attach_fail9;
 788         }
 789 
 790         /*
 791          * Create minor node of type DDI_NT_NET_WIFI
 792          */
 793         (void) snprintf(strbuf, sizeof (strbuf), DRV_NAME_4965"%d", instance);
 794         err = ddi_create_minor_node(dip, strbuf, S_IFCHR,
 795             instance + 1, DDI_NT_NET_WIFI, 0);
 796         if (err != DDI_SUCCESS)
 797                 cmn_err(CE_WARN,
 798                     "iwk_attach(): failed to do ddi_create_minor_node()\n");
 799 
 800         /*
 801          * Notify link is down now
 802          */
 803         mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
 804 
 805         /*
 806          * create the mf thread to handle the link status,
 807          * recovery fatal error, etc.
 808          */
 809         sc->sc_mf_thread_switch = 1;
 810         if (sc->sc_mf_thread == NULL)
 811                 sc->sc_mf_thread = thread_create((caddr_t)NULL, 0,
 812                     iwk_thread, sc, 0, &p0, TS_RUN, minclsyspri);
 813 
 814         sc->sc_flags |= IWK_F_ATTACHED;
 815 
 816         return (DDI_SUCCESS);
 817 attach_fail9:
 818         (void) ddi_intr_disable(sc->sc_intr_htable[0]);
 819 attach_fail_intr_d:
 820         (void) ddi_intr_remove_handler(sc->sc_intr_htable[0]);
 821 
 822 attach_fail8:
 823         (void) ddi_intr_remove_softint(sc->sc_soft_hdl);
 824         sc->sc_soft_hdl = NULL;
 825 attach_fail7:
 826         ieee80211_detach(ic);
 827 attach_fail6:
 828         iwk_free_fw_dma(sc);
 829 attach_fail5:
 830         iwk_ring_free(sc);
 831 attach_fail4:
 832         iwk_free_kw(sc);
 833 attach_fail3a:
 834         iwk_free_shared(sc);
 835 attach_fail3:
 836         iwk_destroy_locks(sc);
 837 attach_fail_intr_c:
 838         (void) ddi_intr_free(sc->sc_intr_htable[0]);
 839 attach_fail_intr_b:
 840         kmem_free(sc->sc_intr_htable, sizeof (ddi_intr_handle_t));
 841 attach_fail_intr_a:
 842         ddi_regs_map_free(&sc->sc_handle);
 843 attach_fail2a:
 844         ddi_regs_map_free(&sc->sc_cfg_handle);
 845 attach_fail2:
 846         ddi_soft_state_free(iwk_soft_state_p, instance);
 847 attach_fail1:
 848         return (err);
 849 }
 850 
 851 int
 852 iwk_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
 853 {
 854         iwk_sc_t        *sc;
 855         int err;
 856 
 857         sc = ddi_get_soft_state(iwk_soft_state_p, ddi_get_instance(dip));
 858         ASSERT(sc != NULL);
 859 
 860         switch (cmd) {
 861         case DDI_DETACH:
 862                 break;
 863         case DDI_SUSPEND:
 864                 mutex_enter(&sc->sc_glock);
 865                 sc->sc_flags |= IWK_F_SUSPEND;
 866                 mutex_exit(&sc->sc_glock);
 867                 if (sc->sc_flags & IWK_F_RUNNING) {
 868                         iwk_stop(sc);
 869                 }
 870 
 871                 IWK_DBG((IWK_DEBUG_RESUME, "iwk: suspend\n"));
 872                 return (DDI_SUCCESS);
 873         default:
 874                 return (DDI_FAILURE);
 875         }
 876 
 877         if (!(sc->sc_flags & IWK_F_ATTACHED))
 878                 return (DDI_FAILURE);
 879 
 880         err = mac_disable(sc->sc_ic.ic_mach);
 881         if (err != DDI_SUCCESS)
 882                 return (err);
 883 
 884         /*
 885          * Destroy the mf_thread
 886          */
 887         mutex_enter(&sc->sc_mt_lock);
 888         sc->sc_mf_thread_switch = 0;
 889         while (sc->sc_mf_thread != NULL) {
 890                 if (cv_wait_sig(&sc->sc_mt_cv, &sc->sc_mt_lock) == 0)
 891                         break;
 892         }
 893         mutex_exit(&sc->sc_mt_lock);
 894 
 895         iwk_stop(sc);
 896         DELAY(500000);
 897 
 898         /*
 899          * Unregiste from the MAC layer subsystem
 900          */
 901         (void) mac_unregister(sc->sc_ic.ic_mach);
 902 
 903         mutex_enter(&sc->sc_glock);
 904         iwk_free_fw_dma(sc);
 905         iwk_ring_free(sc);
 906         iwk_free_kw(sc);
 907         iwk_free_shared(sc);
 908         mutex_exit(&sc->sc_glock);
 909 
 910         (void) ddi_intr_disable(sc->sc_intr_htable[0]);
 911         (void) ddi_intr_remove_handler(sc->sc_intr_htable[0]);
 912         (void) ddi_intr_free(sc->sc_intr_htable[0]);
 913         kmem_free(sc->sc_intr_htable, sizeof (ddi_intr_handle_t));
 914 
 915         (void) ddi_intr_remove_softint(sc->sc_soft_hdl);
 916         sc->sc_soft_hdl = NULL;
 917 
 918         /*
 919          * detach ieee80211
 920          */
 921         ieee80211_detach(&sc->sc_ic);
 922 
 923         iwk_destroy_locks(sc);
 924 
 925         ddi_regs_map_free(&sc->sc_handle);
 926         ddi_regs_map_free(&sc->sc_cfg_handle);
 927         ddi_remove_minor_node(dip, NULL);
 928         ddi_soft_state_free(iwk_soft_state_p, ddi_get_instance(dip));
 929 
 930         return (DDI_SUCCESS);
 931 }
 932 
 933 /*
 934  * quiesce(9E) entry point.
 935  *
 936  * This function is called when the system is single-threaded at high
 937  * PIL with preemption disabled. Therefore, this function must not be
 938  * blocked.
 939  *
 940  * This function returns DDI_SUCCESS on success, or DDI_FAILURE on failure.
 941  * DDI_FAILURE indicates an error condition and should almost never happen.
 942  */
 943 int
 944 iwk_quiesce(dev_info_t *dip)
 945 {
 946         iwk_sc_t        *sc;
 947 
 948         sc = ddi_get_soft_state(iwk_soft_state_p, ddi_get_instance(dip));
 949         ASSERT(sc != NULL);
 950 
 951         /* no message prints and no lock accquisition */
 952 #ifdef DEBUG
 953         iwk_dbg_flags = 0;
 954 #endif
 955         sc->sc_flags |= IWK_F_QUIESCED;
 956 
 957         iwk_stop(sc);
 958 
 959         return (DDI_SUCCESS);
 960 }
 961 
 962 static void
 963 iwk_destroy_locks(iwk_sc_t *sc)
 964 {
 965         cv_destroy(&sc->sc_mt_cv);
 966         mutex_destroy(&sc->sc_mt_lock);
 967         cv_destroy(&sc->sc_tx_cv);
 968         cv_destroy(&sc->sc_cmd_cv);
 969         cv_destroy(&sc->sc_fw_cv);
 970         mutex_destroy(&sc->sc_tx_lock);
 971         mutex_destroy(&sc->sc_glock);
 972 }
 973 
 974 /*
 975  * Allocate an area of memory and a DMA handle for accessing it
 976  */
 977 static int
 978 iwk_alloc_dma_mem(iwk_sc_t *sc, size_t memsize,
 979     ddi_dma_attr_t *dma_attr_p, ddi_device_acc_attr_t *acc_attr_p,
 980     uint_t dma_flags, iwk_dma_t *dma_p)
 981 {
 982         caddr_t vaddr;
 983         int err;
 984 
 985         /*
 986          * Allocate handle
 987          */
 988         err = ddi_dma_alloc_handle(sc->sc_dip, dma_attr_p,
 989             DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl);
 990         if (err != DDI_SUCCESS) {
 991                 dma_p->dma_hdl = NULL;
 992                 return (DDI_FAILURE);
 993         }
 994 
 995         /*
 996          * Allocate memory
 997          */
 998         err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, acc_attr_p,
 999             dma_flags & (DDI_DMA_CONSISTENT | DDI_DMA_STREAMING),
1000             DDI_DMA_SLEEP, NULL, &vaddr, &dma_p->alength, &dma_p->acc_hdl);
1001         if (err != DDI_SUCCESS) {
1002                 ddi_dma_free_handle(&dma_p->dma_hdl);
1003                 dma_p->dma_hdl = NULL;
1004                 dma_p->acc_hdl = NULL;
1005                 return (DDI_FAILURE);
1006         }
1007 
1008         /*
1009          * Bind the two together
1010          */
1011         dma_p->mem_va = vaddr;
1012         err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL,
1013             vaddr, dma_p->alength, dma_flags, DDI_DMA_SLEEP, NULL,
1014             &dma_p->cookie, &dma_p->ncookies);
1015         if (err != DDI_DMA_MAPPED) {
1016                 ddi_dma_mem_free(&dma_p->acc_hdl);
1017                 ddi_dma_free_handle(&dma_p->dma_hdl);
1018                 dma_p->acc_hdl = NULL;
1019                 dma_p->dma_hdl = NULL;
1020                 return (DDI_FAILURE);
1021         }
1022 
1023         dma_p->nslots = ~0U;
1024         dma_p->size = ~0U;
1025         dma_p->token = ~0U;
1026         dma_p->offset = 0;
1027         return (DDI_SUCCESS);
1028 }
1029 
1030 /*
1031  * Free one allocated area of DMAable memory
1032  */
1033 static void
1034 iwk_free_dma_mem(iwk_dma_t *dma_p)
1035 {
1036         if (dma_p->dma_hdl != NULL) {
1037                 if (dma_p->ncookies) {
1038                         (void) ddi_dma_unbind_handle(dma_p->dma_hdl);
1039                         dma_p->ncookies = 0;
1040                 }
1041                 ddi_dma_free_handle(&dma_p->dma_hdl);
1042                 dma_p->dma_hdl = NULL;
1043         }
1044 
1045         if (dma_p->acc_hdl != NULL) {
1046                 ddi_dma_mem_free(&dma_p->acc_hdl);
1047                 dma_p->acc_hdl = NULL;
1048         }
1049 }
1050 
1051 /*
1052  *
1053  */
1054 static int
1055 iwk_alloc_fw_dma(iwk_sc_t *sc)
1056 {
1057         int err = DDI_SUCCESS;
1058         iwk_dma_t *dma_p;
1059         char *t;
1060 
1061         /*
1062          * firmware image layout:
1063          * |HDR|<-TEXT->|<-DATA->|<-INIT_TEXT->|<-INIT_DATA->|<-BOOT->|
1064          */
1065         t = (char *)(sc->sc_hdr + 1);
1066         err = iwk_alloc_dma_mem(sc, LE_32(sc->sc_hdr->textsz),
1067             &fw_dma_attr, &iwk_dma_accattr,
1068             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1069             &sc->sc_dma_fw_text);
1070         dma_p = &sc->sc_dma_fw_text;
1071         IWK_DBG((IWK_DEBUG_DMA, "text[ncookies:%d addr:%lx size:%lx]\n",
1072             dma_p->ncookies, dma_p->cookie.dmac_address,
1073             dma_p->cookie.dmac_size));
1074         if (err != DDI_SUCCESS) {
1075                 cmn_err(CE_WARN, "iwk_alloc_fw_dma(): failed to alloc"
1076                     " text dma memory");
1077                 goto fail;
1078         }
1079         (void) memcpy(dma_p->mem_va, t, LE_32(sc->sc_hdr->textsz));
1080 
1081         t += LE_32(sc->sc_hdr->textsz);
1082         err = iwk_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz),
1083             &fw_dma_attr, &iwk_dma_accattr,
1084             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1085             &sc->sc_dma_fw_data);
1086         dma_p = &sc->sc_dma_fw_data;
1087         IWK_DBG((IWK_DEBUG_DMA, "data[ncookies:%d addr:%lx size:%lx]\n",
1088             dma_p->ncookies, dma_p->cookie.dmac_address,
1089             dma_p->cookie.dmac_size));
1090         if (err != DDI_SUCCESS) {
1091                 cmn_err(CE_WARN, "iwk_alloc_fw_dma(): failed to alloc"
1092                     " data dma memory");
1093                 goto fail;
1094         }
1095         (void) memcpy(dma_p->mem_va, t, LE_32(sc->sc_hdr->datasz));
1096 
1097         err = iwk_alloc_dma_mem(sc, LE_32(sc->sc_hdr->datasz),
1098             &fw_dma_attr, &iwk_dma_accattr,
1099             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1100             &sc->sc_dma_fw_data_bak);
1101         dma_p = &sc->sc_dma_fw_data_bak;
1102         IWK_DBG((IWK_DEBUG_DMA, "data_bak[ncookies:%d addr:%lx "
1103             "size:%lx]\n",
1104             dma_p->ncookies, dma_p->cookie.dmac_address,
1105             dma_p->cookie.dmac_size));
1106         if (err != DDI_SUCCESS) {
1107                 cmn_err(CE_WARN, "iwk_alloc_fw_dma(): failed to alloc"
1108                     " data bakeup dma memory");
1109                 goto fail;
1110         }
1111         (void) memcpy(dma_p->mem_va, t, LE_32(sc->sc_hdr->datasz));
1112 
1113         t += LE_32(sc->sc_hdr->datasz);
1114         err = iwk_alloc_dma_mem(sc, LE_32(sc->sc_hdr->init_textsz),
1115             &fw_dma_attr, &iwk_dma_accattr,
1116             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1117             &sc->sc_dma_fw_init_text);
1118         dma_p = &sc->sc_dma_fw_init_text;
1119         IWK_DBG((IWK_DEBUG_DMA, "init_text[ncookies:%d addr:%lx "
1120             "size:%lx]\n",
1121             dma_p->ncookies, dma_p->cookie.dmac_address,
1122             dma_p->cookie.dmac_size));
1123         if (err != DDI_SUCCESS) {
1124                 cmn_err(CE_WARN, "iwk_alloc_fw_dma(): failed to alloc"
1125                     "init text dma memory");
1126                 goto fail;
1127         }
1128         (void) memcpy(dma_p->mem_va, t, LE_32(sc->sc_hdr->init_textsz));
1129 
1130         t += LE_32(sc->sc_hdr->init_textsz);
1131         err = iwk_alloc_dma_mem(sc, LE_32(sc->sc_hdr->init_datasz),
1132             &fw_dma_attr, &iwk_dma_accattr,
1133             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1134             &sc->sc_dma_fw_init_data);
1135         dma_p = &sc->sc_dma_fw_init_data;
1136         IWK_DBG((IWK_DEBUG_DMA, "init_data[ncookies:%d addr:%lx "
1137             "size:%lx]\n",
1138             dma_p->ncookies, dma_p->cookie.dmac_address,
1139             dma_p->cookie.dmac_size));
1140         if (err != DDI_SUCCESS) {
1141                 cmn_err(CE_WARN, "iwk_alloc_fw_dma(): failed to alloc"
1142                     "init data dma memory");
1143                 goto fail;
1144         }
1145         (void) memcpy(dma_p->mem_va, t, LE_32(sc->sc_hdr->init_datasz));
1146 
1147         sc->sc_boot = t + LE_32(sc->sc_hdr->init_datasz);
1148 fail:
1149         return (err);
1150 }
1151 
1152 static void
1153 iwk_free_fw_dma(iwk_sc_t *sc)
1154 {
1155         iwk_free_dma_mem(&sc->sc_dma_fw_text);
1156         iwk_free_dma_mem(&sc->sc_dma_fw_data);
1157         iwk_free_dma_mem(&sc->sc_dma_fw_data_bak);
1158         iwk_free_dma_mem(&sc->sc_dma_fw_init_text);
1159         iwk_free_dma_mem(&sc->sc_dma_fw_init_data);
1160 }
1161 
1162 /*
1163  * Allocate a shared page between host and NIC.
1164  */
1165 static int
1166 iwk_alloc_shared(iwk_sc_t *sc)
1167 {
1168         iwk_dma_t *dma_p;
1169         int err = DDI_SUCCESS;
1170 
1171         /* must be aligned on a 4K-page boundary */
1172         err = iwk_alloc_dma_mem(sc, sizeof (iwk_shared_t),
1173             &sh_dma_attr, &iwk_dma_descattr,
1174             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1175             &sc->sc_dma_sh);
1176         if (err != DDI_SUCCESS)
1177                 goto fail;
1178         sc->sc_shared = (iwk_shared_t *)sc->sc_dma_sh.mem_va;
1179 
1180         dma_p = &sc->sc_dma_sh;
1181         IWK_DBG((IWK_DEBUG_DMA, "sh[ncookies:%d addr:%lx size:%lx]\n",
1182             dma_p->ncookies, dma_p->cookie.dmac_address,
1183             dma_p->cookie.dmac_size));
1184 
1185         return (err);
1186 fail:
1187         iwk_free_shared(sc);
1188         return (err);
1189 }
1190 
1191 static void
1192 iwk_free_shared(iwk_sc_t *sc)
1193 {
1194         iwk_free_dma_mem(&sc->sc_dma_sh);
1195 }
1196 
1197 /*
1198  * Allocate a keep warm page.
1199  */
1200 static int
1201 iwk_alloc_kw(iwk_sc_t *sc)
1202 {
1203         iwk_dma_t *dma_p;
1204         int err = DDI_SUCCESS;
1205 
1206         /* must be aligned on a 4K-page boundary */
1207         err = iwk_alloc_dma_mem(sc, IWK_KW_SIZE,
1208             &kw_dma_attr, &iwk_dma_accattr,
1209             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1210             &sc->sc_dma_kw);
1211         if (err != DDI_SUCCESS)
1212                 goto fail;
1213 
1214         dma_p = &sc->sc_dma_kw;
1215         IWK_DBG((IWK_DEBUG_DMA, "kw[ncookies:%d addr:%lx size:%lx]\n",
1216             dma_p->ncookies, dma_p->cookie.dmac_address,
1217             dma_p->cookie.dmac_size));
1218 
1219         return (err);
1220 fail:
1221         iwk_free_kw(sc);
1222         return (err);
1223 }
1224 
1225 static void
1226 iwk_free_kw(iwk_sc_t *sc)
1227 {
1228         iwk_free_dma_mem(&sc->sc_dma_kw);
1229 }
1230 
1231 static int
1232 iwk_alloc_rx_ring(iwk_sc_t *sc)
1233 {
1234         iwk_rx_ring_t *ring;
1235         iwk_rx_data_t *data;
1236         iwk_dma_t *dma_p;
1237         int i, err = DDI_SUCCESS;
1238 
1239         ring = &sc->sc_rxq;
1240         ring->cur = 0;
1241 
1242         err = iwk_alloc_dma_mem(sc, RX_QUEUE_SIZE * sizeof (uint32_t),
1243             &ring_desc_dma_attr, &iwk_dma_descattr,
1244             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1245             &ring->dma_desc);
1246         if (err != DDI_SUCCESS) {
1247                 cmn_err(CE_WARN, "dma alloc rx ring desc failed\n");
1248                 goto fail;
1249         }
1250         ring->desc = (uint32_t *)ring->dma_desc.mem_va;
1251         dma_p = &ring->dma_desc;
1252         IWK_DBG((IWK_DEBUG_DMA, "rx bd[ncookies:%d addr:%lx size:%lx]\n",
1253             dma_p->ncookies, dma_p->cookie.dmac_address,
1254             dma_p->cookie.dmac_size));
1255 
1256         /*
1257          * Allocate Rx buffers.
1258          */
1259         for (i = 0; i < RX_QUEUE_SIZE; i++) {
1260                 data = &ring->data[i];
1261                 err = iwk_alloc_dma_mem(sc, sc->sc_dmabuf_sz,
1262                     &rx_buffer_dma_attr, &iwk_dma_accattr,
1263                     DDI_DMA_READ | DDI_DMA_STREAMING,
1264                     &data->dma_data);
1265                 if (err != DDI_SUCCESS) {
1266                         cmn_err(CE_WARN, "dma alloc rx ring buf[%d] "
1267                             "failed\n", i);
1268                         goto fail;
1269                 }
1270                 /*
1271                  * the physical address bit [8-36] are used,
1272                  * instead of bit [0-31] in 3945.
1273                  */
1274                 ring->desc[i] = (uint32_t)
1275                     (data->dma_data.cookie.dmac_address >> 8);
1276         }
1277         dma_p = &ring->data[0].dma_data;
1278         IWK_DBG((IWK_DEBUG_DMA, "rx buffer[0][ncookies:%d addr:%lx "
1279             "size:%lx]\n",
1280             dma_p->ncookies, dma_p->cookie.dmac_address,
1281             dma_p->cookie.dmac_size));
1282 
1283         IWK_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV);
1284 
1285         return (err);
1286 
1287 fail:
1288         iwk_free_rx_ring(sc);
1289         return (err);
1290 }
1291 
1292 static void
1293 iwk_reset_rx_ring(iwk_sc_t *sc)
1294 {
1295         int n;
1296 
1297         iwk_mac_access_enter(sc);
1298         IWK_WRITE(sc, FH_MEM_RCSR_CHNL0_CONFIG_REG, 0);
1299         for (n = 0; n < 2000; n++) {
1300                 if (IWK_READ(sc, FH_MEM_RSSR_RX_STATUS_REG) & (1 << 24))
1301                         break;
1302                 DELAY(1000);
1303         }
1304 
1305         if (n == 2000)
1306                 IWK_DBG((IWK_DEBUG_DMA, "timeout resetting Rx ring\n"));
1307 
1308         iwk_mac_access_exit(sc);
1309 
1310         sc->sc_rxq.cur = 0;
1311 }
1312 
1313 static void
1314 iwk_free_rx_ring(iwk_sc_t *sc)
1315 {
1316         int i;
1317 
1318         for (i = 0; i < RX_QUEUE_SIZE; i++) {
1319                 if (sc->sc_rxq.data[i].dma_data.dma_hdl)
1320                         IWK_DMA_SYNC(sc->sc_rxq.data[i].dma_data,
1321                             DDI_DMA_SYNC_FORCPU);
1322                 iwk_free_dma_mem(&sc->sc_rxq.data[i].dma_data);
1323         }
1324 
1325         if (sc->sc_rxq.dma_desc.dma_hdl)
1326                 IWK_DMA_SYNC(sc->sc_rxq.dma_desc, DDI_DMA_SYNC_FORDEV);
1327         iwk_free_dma_mem(&sc->sc_rxq.dma_desc);
1328 }
1329 
1330 static int
1331 iwk_alloc_tx_ring(iwk_sc_t *sc, iwk_tx_ring_t *ring,
1332     int slots, int qid)
1333 {
1334         iwk_tx_data_t *data;
1335         iwk_tx_desc_t *desc_h;
1336         uint32_t paddr_desc_h;
1337         iwk_cmd_t *cmd_h;
1338         uint32_t paddr_cmd_h;
1339         iwk_dma_t *dma_p;
1340         int i, err = DDI_SUCCESS;
1341 
1342         ring->qid = qid;
1343         ring->count = TFD_QUEUE_SIZE_MAX;
1344         ring->window = slots;
1345         ring->queued = 0;
1346         ring->cur = 0;
1347 
1348         err = iwk_alloc_dma_mem(sc,
1349             TFD_QUEUE_SIZE_MAX * sizeof (iwk_tx_desc_t),
1350             &ring_desc_dma_attr, &iwk_dma_descattr,
1351             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1352             &ring->dma_desc);
1353         if (err != DDI_SUCCESS) {
1354                 cmn_err(CE_WARN, "dma alloc tx ring desc[%d] "
1355                     "failed\n", qid);
1356                 goto fail;
1357         }
1358         dma_p = &ring->dma_desc;
1359         IWK_DBG((IWK_DEBUG_DMA, "tx bd[ncookies:%d addr:%lx size:%lx]\n",
1360             dma_p->ncookies, dma_p->cookie.dmac_address,
1361             dma_p->cookie.dmac_size));
1362 
1363         desc_h = (iwk_tx_desc_t *)ring->dma_desc.mem_va;
1364         paddr_desc_h = ring->dma_desc.cookie.dmac_address;
1365 
1366         err = iwk_alloc_dma_mem(sc,
1367             TFD_QUEUE_SIZE_MAX * sizeof (iwk_cmd_t),
1368             &cmd_dma_attr, &iwk_dma_accattr,
1369             DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
1370             &ring->dma_cmd);
1371         if (err != DDI_SUCCESS) {
1372                 cmn_err(CE_WARN, "dma alloc tx ring cmd[%d] "
1373                     "failed\n", qid);
1374                 goto fail;
1375         }
1376         dma_p = &ring->dma_cmd;
1377         IWK_DBG((IWK_DEBUG_DMA, "tx cmd[ncookies:%d addr:%lx size:%lx]\n",
1378             dma_p->ncookies, dma_p->cookie.dmac_address,
1379             dma_p->cookie.dmac_size));
1380 
1381         cmd_h = (iwk_cmd_t *)ring->dma_cmd.mem_va;
1382         paddr_cmd_h = ring->dma_cmd.cookie.dmac_address;
1383 
1384         /*
1385          * Allocate Tx buffers.
1386          */
1387         ring->data = kmem_zalloc(sizeof (iwk_tx_data_t) * TFD_QUEUE_SIZE_MAX,
1388             KM_NOSLEEP);
1389         if (ring->data == NULL) {
1390                 cmn_err(CE_WARN, "could not allocate tx data slots\n");
1391                 goto fail;
1392         }
1393 
1394         for (i = 0; i < TFD_QUEUE_SIZE_MAX; i++) {
1395                 data = &ring->data[i];
1396                 err = iwk_alloc_dma_mem(sc, sc->sc_dmabuf_sz,
1397                     &tx_buffer_dma_attr, &iwk_dma_accattr,
1398                     DDI_DMA_WRITE | DDI_DMA_STREAMING,
1399                     &data->dma_data);
1400                 if (err != DDI_SUCCESS) {
1401                         cmn_err(CE_WARN, "dma alloc tx ring "
1402                             "buf[%d] failed\n", i);
1403                         goto fail;
1404                 }
1405 
1406                 data->desc = desc_h + i;
1407                 data->paddr_desc = paddr_desc_h +
1408                     _PTRDIFF(data->desc, desc_h);
1409                 data->cmd = cmd_h +  i; /* (i % slots); */
1410                 /* ((i % slots) * sizeof (iwk_cmd_t)); */
1411                 data->paddr_cmd = paddr_cmd_h +
1412                     _PTRDIFF(data->cmd, cmd_h);
1413         }
1414         dma_p = &ring->data[0].dma_data;
1415         IWK_DBG((IWK_DEBUG_DMA, "tx buffer[0][ncookies:%d addr:%lx "
1416             "size:%lx]\n",
1417             dma_p->ncookies, dma_p->cookie.dmac_address,
1418             dma_p->cookie.dmac_size));
1419 
1420         return (err);
1421 
1422 fail:
1423         if (ring->data)
1424                 kmem_free(ring->data,
1425                     sizeof (iwk_tx_data_t) * TFD_QUEUE_SIZE_MAX);
1426         iwk_free_tx_ring(sc, ring);
1427         return (err);
1428 }
1429 
1430 static void
1431 iwk_reset_tx_ring(iwk_sc_t *sc, iwk_tx_ring_t *ring)
1432 {
1433         iwk_tx_data_t *data;
1434         int i, n;
1435 
1436         iwk_mac_access_enter(sc);
1437 
1438         IWK_WRITE(sc, IWK_FH_TCSR_CHNL_TX_CONFIG_REG(ring->qid), 0);
1439         for (n = 0; n < 200; n++) {
1440                 if (IWK_READ(sc, IWK_FH_TSSR_TX_STATUS_REG) &
1441                     IWK_FH_TSSR_TX_STATUS_REG_MSK_CHNL_IDLE(ring->qid))
1442                         break;
1443                 DELAY(10);
1444         }
1445         if (n == 200) {
1446                 IWK_DBG((IWK_DEBUG_DMA, "timeout reset tx ring %d\n",
1447                     ring->qid));
1448         }
1449         iwk_mac_access_exit(sc);
1450 
1451         for (i = 0; i < ring->count; i++) {
1452                 data = &ring->data[i];
1453                 IWK_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV);
1454         }
1455 
1456         ring->queued = 0;
1457         ring->cur = 0;
1458 }
1459 
1460 /*ARGSUSED*/
1461 static void
1462 iwk_free_tx_ring(iwk_sc_t *sc, iwk_tx_ring_t *ring)
1463 {
1464         int i;
1465 
1466         if (ring->dma_desc.dma_hdl != NULL)
1467                 IWK_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV);
1468         iwk_free_dma_mem(&ring->dma_desc);
1469 
1470         if (ring->dma_cmd.dma_hdl != NULL)
1471                 IWK_DMA_SYNC(ring->dma_cmd, DDI_DMA_SYNC_FORDEV);
1472         iwk_free_dma_mem(&ring->dma_cmd);
1473 
1474         if (ring->data != NULL) {
1475                 for (i = 0; i < ring->count; i++) {
1476                         if (ring->data[i].dma_data.dma_hdl)
1477                                 IWK_DMA_SYNC(ring->data[i].dma_data,
1478                                     DDI_DMA_SYNC_FORDEV);
1479                         iwk_free_dma_mem(&ring->data[i].dma_data);
1480                 }
1481                 kmem_free(ring->data, ring->count * sizeof (iwk_tx_data_t));
1482         }
1483 }
1484 
1485 static int
1486 iwk_ring_init(iwk_sc_t *sc)
1487 {
1488         int i, err = DDI_SUCCESS;
1489 
1490         for (i = 0; i < IWK_NUM_QUEUES; i++) {
1491                 if (i == IWK_CMD_QUEUE_NUM)
1492                         continue;
1493                 err = iwk_alloc_tx_ring(sc, &sc->sc_txq[i], TFD_TX_CMD_SLOTS,
1494                     i);
1495                 if (err != DDI_SUCCESS)
1496                         goto fail;
1497         }
1498         err = iwk_alloc_tx_ring(sc, &sc->sc_txq[IWK_CMD_QUEUE_NUM],
1499             TFD_CMD_SLOTS, IWK_CMD_QUEUE_NUM);
1500         if (err != DDI_SUCCESS)
1501                 goto fail;
1502         err = iwk_alloc_rx_ring(sc);
1503         if (err != DDI_SUCCESS)
1504                 goto fail;
1505         return (err);
1506 
1507 fail:
1508         return (err);
1509 }
1510 
1511 static void
1512 iwk_ring_free(iwk_sc_t *sc)
1513 {
1514         int i = IWK_NUM_QUEUES;
1515 
1516         iwk_free_rx_ring(sc);
1517         while (--i >= 0) {
1518                 iwk_free_tx_ring(sc, &sc->sc_txq[i]);
1519         }
1520 }
1521 
1522 /* ARGSUSED */
1523 static ieee80211_node_t *
1524 iwk_node_alloc(ieee80211com_t *ic)
1525 {
1526         iwk_amrr_t *amrr;
1527 
1528         amrr = kmem_zalloc(sizeof (iwk_amrr_t), KM_SLEEP);
1529         if (amrr != NULL)
1530                 iwk_amrr_init(amrr);
1531         return (&amrr->in);
1532 }
1533 
1534 static void
1535 iwk_node_free(ieee80211_node_t *in)
1536 {
1537         ieee80211com_t *ic = in->in_ic;
1538 
1539         ic->ic_node_cleanup(in);
1540         if (in->in_wpa_ie != NULL)
1541                 ieee80211_free(in->in_wpa_ie);
1542         kmem_free(in, sizeof (iwk_amrr_t));
1543 }
1544 
1545 /*ARGSUSED*/
1546 static int
1547 iwk_newstate(ieee80211com_t *ic, enum ieee80211_state nstate, int arg)
1548 {
1549         iwk_sc_t *sc = (iwk_sc_t *)ic;
1550         ieee80211_node_t *in = ic->ic_bss;
1551         enum ieee80211_state ostate = ic->ic_state;
1552         int i, err = IWK_SUCCESS;
1553 
1554         mutex_enter(&sc->sc_glock);
1555         switch (nstate) {
1556         case IEEE80211_S_SCAN:
1557                 switch (ostate) {
1558                 case IEEE80211_S_INIT:
1559                 {
1560                         iwk_add_sta_t node;
1561 
1562                         sc->sc_flags |= IWK_F_SCANNING;
1563                         sc->sc_scan_pending = 0;
1564                         iwk_set_led(sc, 2, 10, 2);
1565 
1566                         /*
1567                          * clear association to receive beacons from
1568                          * all BSS'es
1569                          */
1570                         sc->sc_config.assoc_id = 0;
1571                         sc->sc_config.filter_flags &=
1572                             ~LE_32(RXON_FILTER_ASSOC_MSK);
1573 
1574                         IWK_DBG((IWK_DEBUG_80211, "config chan %d "
1575                             "flags %x filter_flags %x\n", sc->sc_config.chan,
1576                             sc->sc_config.flags, sc->sc_config.filter_flags));
1577 
1578                         err = iwk_cmd(sc, REPLY_RXON, &sc->sc_config,
1579                             sizeof (iwk_rxon_cmd_t), 1);
1580                         if (err != IWK_SUCCESS) {
1581                                 cmn_err(CE_WARN,
1582                                     "could not clear association\n");
1583                                 sc->sc_flags &= ~IWK_F_SCANNING;
1584                                 mutex_exit(&sc->sc_glock);
1585                                 return (err);
1586                         }
1587 
1588                         /* add broadcast node to send probe request */
1589                         (void) memset(&node, 0, sizeof (node));
1590                         (void) memset(&node.bssid, 0xff, IEEE80211_ADDR_LEN);
1591                         node.id = IWK_BROADCAST_ID;
1592                         err = iwk_cmd(sc, REPLY_ADD_STA, &node,
1593                             sizeof (node), 1);
1594                         if (err != IWK_SUCCESS) {
1595                                 cmn_err(CE_WARN, "could not add "
1596                                     "broadcast node\n");
1597                                 sc->sc_flags &= ~IWK_F_SCANNING;
1598                                 mutex_exit(&sc->sc_glock);
1599                                 return (err);
1600                         }
1601                         break;
1602                 }
1603 
1604                 case IEEE80211_S_AUTH:
1605                 case IEEE80211_S_ASSOC:
1606                 case IEEE80211_S_RUN:
1607                         sc->sc_flags |= IWK_F_SCANNING;
1608                         sc->sc_scan_pending = 0;
1609 
1610                         iwk_set_led(sc, 2, 10, 2);
1611                         /* FALLTHRU */
1612                 case IEEE80211_S_SCAN:
1613                         mutex_exit(&sc->sc_glock);
1614                         /* step to next channel before actual FW scan */
1615                         err = sc->sc_newstate(ic, nstate, arg);
1616                         mutex_enter(&sc->sc_glock);
1617                         if ((err != 0) || ((err = iwk_scan(sc)) != 0)) {
1618                                 cmn_err(CE_WARN,
1619                                     "could not initiate scan\n");
1620                                 sc->sc_flags &= ~IWK_F_SCANNING;
1621                                 ieee80211_cancel_scan(ic);
1622                         }
1623                         mutex_exit(&sc->sc_glock);
1624                         return (err);
1625                 default:
1626                         break;
1627 
1628                 }
1629                 sc->sc_clk = 0;
1630                 break;
1631 
1632         case IEEE80211_S_AUTH:
1633                 if (ostate == IEEE80211_S_SCAN) {
1634                         sc->sc_flags &= ~IWK_F_SCANNING;
1635                 }
1636 
1637                 /* reset state to handle reassociations correctly */
1638                 sc->sc_config.assoc_id = 0;
1639                 sc->sc_config.filter_flags &= ~LE_32(RXON_FILTER_ASSOC_MSK);
1640 
1641                 /*
1642                  * before sending authentication and association request frame,
1643                  * we need do something in the hardware, such as setting the
1644                  * channel same to the target AP...
1645                  */
1646                 if ((err = iwk_hw_set_before_auth(sc)) != 0) {
1647                         cmn_err(CE_WARN, "could not setup firmware for "
1648                             "authentication\n");
1649                         mutex_exit(&sc->sc_glock);
1650                         return (err);
1651                 }
1652                 break;
1653 
1654         case IEEE80211_S_RUN:
1655                 if (ostate == IEEE80211_S_SCAN) {
1656                         sc->sc_flags &= ~IWK_F_SCANNING;
1657                 }
1658 
1659                 if (ic->ic_opmode == IEEE80211_M_MONITOR) {
1660                         /* let LED blink when monitoring */
1661                         iwk_set_led(sc, 2, 10, 10);
1662                         break;
1663                 }
1664                 IWK_DBG((IWK_DEBUG_80211, "iwk: associated."));
1665 
1666                 /* IBSS mode */
1667                 if (ic->ic_opmode == IEEE80211_M_IBSS) {
1668                         /*
1669                          * clean all nodes in ibss node table
1670                          * in order to be consistent with hardware
1671                          */
1672                         err = iwk_run_state_config_ibss(ic);
1673                         if (err != IWK_SUCCESS) {
1674                                 cmn_err(CE_WARN, "iwk_newstate(): "
1675                                     "failed to update configuration "
1676                                     "in IBSS mode\n");
1677                                 mutex_exit(&sc->sc_glock);
1678                                 return (err);
1679                         }
1680                 }
1681 
1682                 /* none IBSS mode */
1683                 if (ic->ic_opmode != IEEE80211_M_IBSS) {
1684                         /* update adapter's configuration */
1685                         err = iwk_run_state_config_sta(ic);
1686                         if (err != IWK_SUCCESS) {
1687                                 cmn_err(CE_WARN, "iwk_newstate(): "
1688                                     "failed to update configuration "
1689                                     "in none IBSS mode\n");
1690                                 mutex_exit(&sc->sc_glock);
1691                                 return (err);
1692                         }
1693                 }
1694 
1695                 /* obtain current temperature of chipset */
1696                 sc->sc_tempera = iwk_curr_tempera(sc);
1697 
1698                 /*
1699                  * make Tx power calibration to determine
1700                  * the gains of DSP and radio
1701                  */
1702                 err = iwk_tx_power_calibration(sc);
1703                 if (err) {
1704                         cmn_err(CE_WARN, "iwk_newstate(): "
1705                             "failed to set tx power table\n");
1706                         mutex_exit(&sc->sc_glock);
1707                         return (err);
1708                 }
1709 
1710                 if (ic->ic_opmode == IEEE80211_M_IBSS) {
1711 
1712                         /*
1713                          * allocate and transmit beacon frames
1714                          */
1715                         err = iwk_start_tx_beacon(ic);
1716                         if (err != IWK_SUCCESS) {
1717                                 cmn_err(CE_WARN, "iwk_newstate(): "
1718                                     "can't transmit beacon frames\n");
1719                                 mutex_exit(&sc->sc_glock);
1720                                 return (err);
1721                         }
1722                 }
1723 
1724                 /* start automatic rate control */
1725                 mutex_enter(&sc->sc_mt_lock);
1726                 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) {
1727                         sc->sc_flags |= IWK_F_RATE_AUTO_CTL;
1728                         /* set rate to some reasonable initial value */
1729                         i = in->in_rates.ir_nrates - 1;
1730                         while (i > 0 && IEEE80211_RATE(i) > 72)
1731                                 i--;
1732                         in->in_txrate = i;
1733                 } else {
1734                         sc->sc_flags &= ~IWK_F_RATE_AUTO_CTL;
1735                 }
1736                 mutex_exit(&sc->sc_mt_lock);
1737 
1738                 /* set LED on after associated */
1739                 iwk_set_led(sc, 2, 0, 1);
1740                 break;
1741 
1742         case IEEE80211_S_INIT:
1743                 if (ostate == IEEE80211_S_SCAN) {
1744                         sc->sc_flags &= ~IWK_F_SCANNING;
1745                 }
1746 
1747                 /* set LED off after init */
1748                 iwk_set_led(sc, 2, 1, 0);
1749                 break;
1750         case IEEE80211_S_ASSOC:
1751                 if (ostate == IEEE80211_S_SCAN) {
1752                         sc->sc_flags &= ~IWK_F_SCANNING;
1753                 }
1754 
1755                 break;
1756         }
1757 
1758         mutex_exit(&sc->sc_glock);
1759 
1760         err = sc->sc_newstate(ic, nstate, arg);
1761 
1762         if (nstate == IEEE80211_S_RUN) {
1763 
1764                 mutex_enter(&sc->sc_glock);
1765 
1766                 /*
1767                  * make initialization for Receiver
1768                  * sensitivity calibration
1769                  */
1770                 err = iwk_rx_sens_init(sc);
1771                 if (err) {
1772                         cmn_err(CE_WARN, "iwk_newstate(): "
1773                             "failed to init RX sensitivity\n");
1774                         mutex_exit(&sc->sc_glock);
1775                         return (err);
1776                 }
1777 
1778                 /* make initialization for Receiver gain balance */
1779                 err = iwk_rxgain_diff_init(sc);
1780                 if (err) {
1781                         cmn_err(CE_WARN, "iwk_newstate(): "
1782                             "failed to init phy calibration\n");
1783                         mutex_exit(&sc->sc_glock);
1784                         return (err);
1785                 }
1786 
1787                 mutex_exit(&sc->sc_glock);
1788 
1789         }
1790 
1791         return (err);
1792 }
1793 
1794 static void
1795 iwk_watchdog(void *arg)
1796 {
1797         iwk_sc_t *sc = arg;
1798         struct ieee80211com *ic = &sc->sc_ic;
1799 #ifdef DEBUG
1800         timeout_id_t timeout_id = ic->ic_watchdog_timer;
1801 #endif
1802 
1803         ieee80211_stop_watchdog(ic);
1804 
1805         if ((ic->ic_state != IEEE80211_S_AUTH) &&
1806             (ic->ic_state != IEEE80211_S_ASSOC))
1807                 return;
1808 
1809         if (ic->ic_bss->in_fails > 0) {
1810                 IWK_DBG((IWK_DEBUG_80211, "watchdog (0x%x) reset: "
1811                     "node (0x%x)\n", timeout_id, &ic->ic_bss));
1812                 ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1813         } else {
1814                 IWK_DBG((IWK_DEBUG_80211, "watchdog (0x%x) timeout: "
1815                     "node (0x%x), retry (%d)\n",
1816                     timeout_id, &ic->ic_bss, ic->ic_bss->in_fails + 1));
1817                 ieee80211_watchdog(ic);
1818         }
1819 }
1820 
1821 /*ARGSUSED*/
1822 static int iwk_key_set(ieee80211com_t *ic, const struct ieee80211_key *k,
1823     const uint8_t mac[IEEE80211_ADDR_LEN])
1824 {
1825         iwk_sc_t *sc = (iwk_sc_t *)ic;
1826         iwk_add_sta_t node;
1827         int err;
1828         uint8_t index1;
1829 
1830         switch (k->wk_cipher->ic_cipher) {
1831         case IEEE80211_CIPHER_WEP:
1832         case IEEE80211_CIPHER_TKIP:
1833                 return (1); /* sofeware do it. */
1834         case IEEE80211_CIPHER_AES_CCM:
1835                 break;
1836         default:
1837                 return (0);
1838         }
1839         sc->sc_config.filter_flags &= ~LE_32(RXON_FILTER_DIS_DECRYPT_MSK |
1840             RXON_FILTER_DIS_GRP_DECRYPT_MSK);
1841 
1842         mutex_enter(&sc->sc_glock);
1843 
1844         /* update ap/multicast node */
1845         (void) memset(&node, 0, sizeof (node));
1846         if (IEEE80211_IS_MULTICAST(mac)) {
1847                 (void) memset(node.bssid, 0xff, 6);
1848                 node.id = IWK_BROADCAST_ID;
1849         } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
1850                 mutex_exit(&sc->sc_glock);
1851                 mutex_enter(&sc->sc_ibss.node_tb_lock);
1852 
1853                 /*
1854                  * search for node in ibss node table
1855                  */
1856                 for (index1 = IWK_STA_ID; index1 < IWK_STATION_COUNT;
1857                     index1++) {
1858                         if (sc->sc_ibss.ibss_node_tb[index1].used &&
1859                             IEEE80211_ADDR_EQ(sc->sc_ibss.
1860                             ibss_node_tb[index1].node.bssid,
1861                             mac)) {
1862                                 break;
1863                         }
1864                 }
1865                 if (index1 >= IWK_BROADCAST_ID) {
1866                         cmn_err(CE_WARN, "iwk_key_set(): "
1867                             "have no this node in hardware node table\n");
1868                         mutex_exit(&sc->sc_ibss.node_tb_lock);
1869                         return (0);
1870                 } else {
1871                         /*
1872                          * configure key for given node in hardware
1873                          */
1874                         if (k->wk_flags & IEEE80211_KEY_XMIT) {
1875                                 sc->sc_ibss.ibss_node_tb[index1].
1876                                     node.key_flags = 0;
1877                                 sc->sc_ibss.ibss_node_tb[index1].
1878                                     node.keyp = k->wk_keyix;
1879                         } else {
1880                                 sc->sc_ibss.ibss_node_tb[index1].
1881                                     node.key_flags = (1 << 14);
1882                                 sc->sc_ibss.ibss_node_tb[index1].
1883                                     node.keyp = k->wk_keyix + 4;
1884                         }
1885 
1886                         (void) memcpy(sc->sc_ibss.ibss_node_tb[index1].node.key,
1887                             k->wk_key, k->wk_keylen);
1888                         sc->sc_ibss.ibss_node_tb[index1].node.key_flags |=
1889                             (STA_KEY_FLG_CCMP | (1 << 3) | (k->wk_keyix << 8));
1890                         sc->sc_ibss.ibss_node_tb[index1].node.key_flags =
1891                             LE_16(sc->sc_ibss.ibss_node_tb[index1].
1892                             node.key_flags);
1893                         sc->sc_ibss.ibss_node_tb[index1].node.sta_mask =
1894                             STA_MODIFY_KEY_MASK;
1895                         sc->sc_ibss.ibss_node_tb[index1].node.control = 1;
1896 
1897                         mutex_enter(&sc->sc_glock);
1898                         err = iwk_cmd(sc, REPLY_ADD_STA,
1899                             &sc->sc_ibss.ibss_node_tb[index1].node,
1900                             sizeof (iwk_add_sta_t), 1);
1901                         if (err != IWK_SUCCESS) {
1902                                 cmn_err(CE_WARN, "iwk_key_set(): "
1903                                     "failed to update IBSS node in hardware\n");
1904                                 mutex_exit(&sc->sc_glock);
1905                                 mutex_exit(&sc->sc_ibss.node_tb_lock);
1906                                 return (0);
1907                         }
1908                         mutex_exit(&sc->sc_glock);
1909                 }
1910                 mutex_exit(&sc->sc_ibss.node_tb_lock);
1911                 return (1);
1912         } else {
1913                 IEEE80211_ADDR_COPY(node.bssid, ic->ic_bss->in_bssid);
1914                 node.id = IWK_AP_ID;
1915         }
1916         if (k->wk_flags & IEEE80211_KEY_XMIT) {
1917                 node.key_flags = 0;
1918                 node.keyp = k->wk_keyix;
1919         } else {
1920                 node.key_flags = (1 << 14);
1921                 node.keyp = k->wk_keyix + 4;
1922         }
1923         (void) memcpy(node.key, k->wk_key, k->wk_keylen);
1924         node.key_flags |= (STA_KEY_FLG_CCMP | (1 << 3) | (k->wk_keyix << 8));
1925         node.key_flags = LE_16(node.key_flags);
1926         node.sta_mask = STA_MODIFY_KEY_MASK;
1927         node.control = 1;
1928         err = iwk_cmd(sc, REPLY_ADD_STA, &node, sizeof (node), 1);
1929         if (err != IWK_SUCCESS) {
1930                 cmn_err(CE_WARN, "iwk_key_set():"
1931                     "failed to update ap node\n");
1932                 mutex_exit(&sc->sc_glock);
1933                 return (0);
1934         }
1935         mutex_exit(&sc->sc_glock);
1936         return (1);
1937 }
1938 
1939 /*
1940  * exclusive access to mac begin.
1941  */
1942 static void
1943 iwk_mac_access_enter(iwk_sc_t *sc)
1944 {
1945         uint32_t tmp;
1946         int n;
1947 
1948         tmp = IWK_READ(sc, CSR_GP_CNTRL);
1949         IWK_WRITE(sc, CSR_GP_CNTRL,
1950             tmp | CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1951 
1952         /* wait until we succeed */
1953         for (n = 0; n < 1000; n++) {
1954                 if ((IWK_READ(sc, CSR_GP_CNTRL) &
1955                     (CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY |
1956                     CSR_GP_CNTRL_REG_FLAG_GOING_TO_SLEEP)) ==
1957                     CSR_GP_CNTRL_REG_VAL_MAC_ACCESS_EN)
1958                         break;
1959                 DELAY(10);
1960         }
1961         if (n == 1000)
1962                 IWK_DBG((IWK_DEBUG_PIO, "could not lock memory\n"));
1963 }
1964 
1965 /*
1966  * exclusive access to mac end.
1967  */
1968 static void
1969 iwk_mac_access_exit(iwk_sc_t *sc)
1970 {
1971         uint32_t tmp = IWK_READ(sc, CSR_GP_CNTRL);
1972         IWK_WRITE(sc, CSR_GP_CNTRL,
1973             tmp & ~CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
1974 }
1975 
1976 static uint32_t
1977 iwk_mem_read(iwk_sc_t *sc, uint32_t addr)
1978 {
1979         IWK_WRITE(sc, HBUS_TARG_MEM_RADDR, addr);
1980         return (IWK_READ(sc, HBUS_TARG_MEM_RDAT));
1981 }
1982 
1983 static void
1984 iwk_mem_write(iwk_sc_t *sc, uint32_t addr, uint32_t data)
1985 {
1986         IWK_WRITE(sc, HBUS_TARG_MEM_WADDR, addr);
1987         IWK_WRITE(sc, HBUS_TARG_MEM_WDAT, data);
1988 }
1989 
1990 static uint32_t
1991 iwk_reg_read(iwk_sc_t *sc, uint32_t addr)
1992 {
1993         IWK_WRITE(sc, HBUS_TARG_PRPH_RADDR, addr | (3 << 24));
1994         return (IWK_READ(sc, HBUS_TARG_PRPH_RDAT));
1995 }
1996 
1997 static void
1998 iwk_reg_write(iwk_sc_t *sc, uint32_t addr, uint32_t data)
1999 {
2000         IWK_WRITE(sc, HBUS_TARG_PRPH_WADDR, addr | (3 << 24));
2001         IWK_WRITE(sc, HBUS_TARG_PRPH_WDAT, data);
2002 }
2003 
2004 static void
2005 iwk_reg_write_region_4(iwk_sc_t *sc, uint32_t addr,
2006     uint32_t *data, int wlen)
2007 {
2008         for (; wlen > 0; wlen--, data++, addr += 4)
2009                 iwk_reg_write(sc, addr, LE_32(*data));
2010 }
2011 
2012 
2013 /*
2014  * ucode load/initialization steps:
2015  * 1)  load Bootstrap State Machine (BSM) with "bootstrap" uCode image.
2016  * BSM contains a small memory that *always* stays powered up, so it can
2017  * retain the bootstrap program even when the card is in a power-saving
2018  * power-down state.  The BSM loads the small program into ARC processor's
2019  * instruction memory when triggered by power-up.
2020  * 2)  load Initialize image via bootstrap program.
2021  * The Initialize image sets up regulatory and calibration data for the
2022  * Runtime/Protocol uCode. This sends a REPLY_ALIVE notification when completed.
2023  * The 4965 reply contains calibration data for temperature, voltage and tx gain
2024  * correction.
2025  */
2026 static int
2027 iwk_load_firmware(iwk_sc_t *sc)
2028 {
2029         uint32_t *boot_fw = (uint32_t *)sc->sc_boot;
2030         uint32_t size = LE_32(sc->sc_hdr->bootsz);
2031         int n, err = IWK_SUCCESS;
2032 
2033         /*
2034          * The physical address bit [4-35] of the initialize uCode.
2035          * In the initialize alive notify interrupt the physical address of
2036          * the runtime ucode will be set for loading.
2037          */
2038         iwk_mac_access_enter(sc);
2039 
2040         iwk_reg_write(sc, BSM_DRAM_INST_PTR_REG,
2041             sc->sc_dma_fw_init_text.cookie.dmac_address >> 4);
2042         iwk_reg_write(sc, BSM_DRAM_DATA_PTR_REG,
2043             sc->sc_dma_fw_init_data.cookie.dmac_address >> 4);
2044         iwk_reg_write(sc, BSM_DRAM_INST_BYTECOUNT_REG,
2045             sc->sc_dma_fw_init_text.cookie.dmac_size);
2046         iwk_reg_write(sc, BSM_DRAM_DATA_BYTECOUNT_REG,
2047             sc->sc_dma_fw_init_data.cookie.dmac_size);
2048 
2049         /* load bootstrap code into BSM memory */
2050         iwk_reg_write_region_4(sc, BSM_SRAM_LOWER_BOUND, boot_fw,
2051             size / sizeof (uint32_t));
2052 
2053         iwk_reg_write(sc, BSM_WR_MEM_SRC_REG, 0);
2054         iwk_reg_write(sc, BSM_WR_MEM_DST_REG, RTC_INST_LOWER_BOUND);
2055         iwk_reg_write(sc, BSM_WR_DWCOUNT_REG, size / sizeof (uint32_t));
2056 
2057         /*
2058          * prepare to load initialize uCode
2059          */
2060         iwk_reg_write(sc, BSM_WR_CTRL_REG, BSM_WR_CTRL_REG_BIT_START);
2061 
2062         /* wait while the adapter is busy loading the firmware */
2063         for (n = 0; n < 1000; n++) {
2064                 if (!(iwk_reg_read(sc, BSM_WR_CTRL_REG) &
2065                     BSM_WR_CTRL_REG_BIT_START))
2066                         break;
2067                 DELAY(10);
2068         }
2069         if (n == 1000) {
2070                 cmn_err(CE_WARN, "timeout transferring firmware\n");
2071                 err = ETIMEDOUT;
2072                 return (err);
2073         }
2074 
2075         /* for future power-save mode use */
2076         iwk_reg_write(sc, BSM_WR_CTRL_REG, BSM_WR_CTRL_REG_BIT_START_EN);
2077 
2078         iwk_mac_access_exit(sc);
2079 
2080         return (err);
2081 }
2082 
2083 /*ARGSUSED*/
2084 static void
2085 iwk_rx_intr(iwk_sc_t *sc, iwk_rx_desc_t *desc, iwk_rx_data_t *data)
2086 {
2087         ieee80211com_t *ic = &sc->sc_ic;
2088         iwk_rx_ring_t *ring = &sc->sc_rxq;
2089         iwk_rx_phy_res_t *stat;
2090         ieee80211_node_t *in;
2091         uint32_t *tail;
2092         struct ieee80211_frame *wh;
2093         mblk_t *mp;
2094         uint16_t len, rssi, mrssi, agc;
2095         int16_t t;
2096         uint32_t ants, i;
2097         struct iwk_rx_non_cfg_phy *phyinfo;
2098         uint32_t crc;
2099 
2100         /* assuming not 11n here. cope with 11n in phase-II */
2101         stat = (iwk_rx_phy_res_t *)(desc + 1);
2102         if (stat->cfg_phy_cnt > 20) {
2103                 return;
2104         }
2105 
2106         for (i = 0; i < RX_RES_PHY_CNT; i++)
2107                 stat->non_cfg_phy[i] = LE_16(stat->non_cfg_phy[i]);
2108 
2109         phyinfo = (struct iwk_rx_non_cfg_phy *)stat->non_cfg_phy;
2110         agc = (phyinfo->agc_info & IWK_AGC_DB_MASK) >> IWK_AGC_DB_POS;
2111         mrssi = 0;
2112         ants = (LE_16(stat->phy_flags) & RX_PHY_FLAGS_ANTENNAE_MASK) >>
2113             RX_PHY_FLAGS_ANTENNAE_OFFSET;
2114         for (i = 0; i < 3; i++) {
2115                 if (ants & (1 << i))
2116                         mrssi = MAX(mrssi, phyinfo->rssi_info[i << 1]);
2117         }
2118         t = mrssi - agc - 44; /* t is the dBM value */
2119         /*
2120          * convert dBm to percentage ???
2121          */
2122         rssi = (100 * 75 * 75 - (-20 - t) * (15 * 75 + 62 * (-20 - t))) /
2123             (75 * 75);
2124         if (rssi > 100)
2125                 rssi = 100;
2126         if (rssi < 1)
2127                 rssi = 1;
2128         len = LE_16(stat->byte_count);
2129         tail = (uint32_t *)((caddr_t)(stat + 1) + stat->cfg_phy_cnt + len);
2130         bcopy(tail, &crc, 4);
2131 
2132         IWK_DBG((IWK_DEBUG_RX, "rx intr: idx=%d phy_len=%x len=%d "
2133             "rate=%x chan=%d tstamp=%x non_cfg_phy_count=%x "
2134             "cfg_phy_count=%x tail=%x", ring->cur, sizeof (*stat),
2135             len, stat->rate.r.s.rate, LE_16(stat->channel),
2136             LE_32(stat->timestampl), stat->non_cfg_phy_cnt,
2137             stat->cfg_phy_cnt, LE_32(crc)));
2138 
2139         if ((len < 16) || (len > sc->sc_dmabuf_sz)) {
2140                 IWK_DBG((IWK_DEBUG_RX, "rx frame oversize\n"));
2141                 return;
2142         }
2143 
2144         /*
2145          * discard Rx frames with bad CRC
2146          */
2147         if ((LE_32(crc) &
2148             (RX_RES_STATUS_NO_CRC32_ERROR | RX_RES_STATUS_NO_RXE_OVERFLOW)) !=
2149             (RX_RES_STATUS_NO_CRC32_ERROR | RX_RES_STATUS_NO_RXE_OVERFLOW)) {
2150                 IWK_DBG((IWK_DEBUG_RX, "rx crc error tail: %x\n",
2151                     LE_32(crc)));
2152                 sc->sc_rx_err++;
2153                 return;
2154         }
2155 
2156         wh = (struct ieee80211_frame *)
2157             ((uint8_t *)(stat + 1)+ stat->cfg_phy_cnt);
2158         if (*(uint8_t *)wh == IEEE80211_FC0_SUBTYPE_ASSOC_RESP) {
2159                 sc->sc_assoc_id = *((uint16_t *)(wh + 1) + 2);
2160                 IWK_DBG((IWK_DEBUG_RX, "rx : association id = %x\n",
2161                     sc->sc_assoc_id));
2162         }
2163 #ifdef DEBUG
2164         if (iwk_dbg_flags & IWK_DEBUG_RX)
2165                 ieee80211_dump_pkt((uint8_t *)wh, len, 0, 0);
2166 #endif
2167         in = ieee80211_find_rxnode(ic, wh);
2168         mp = allocb(len, BPRI_MED);
2169         if (mp) {
2170                 (void) memcpy(mp->b_wptr, wh, len);
2171                 mp->b_wptr += len;
2172 
2173                 /* send the frame to the 802.11 layer */
2174                 (void) ieee80211_input(ic, mp, in, rssi, 0);
2175         } else {
2176                 sc->sc_rx_nobuf++;
2177                 IWK_DBG((IWK_DEBUG_RX,
2178                     "iwk_rx_intr(): alloc rx buf failed\n"));
2179         }
2180         /* release node reference */
2181         ieee80211_free_node(in);
2182 }
2183 
2184 /*ARGSUSED*/
2185 static void
2186 iwk_tx_intr(iwk_sc_t *sc, iwk_rx_desc_t *desc, iwk_rx_data_t *data)
2187 {
2188         ieee80211com_t *ic = &sc->sc_ic;
2189         iwk_tx_ring_t *ring = &sc->sc_txq[desc->hdr.qid & 0x3];
2190         iwk_tx_stat_t *stat = (iwk_tx_stat_t *)(desc + 1);
2191         iwk_amrr_t *amrr = (iwk_amrr_t *)ic->ic_bss;
2192 
2193         IWK_DBG((IWK_DEBUG_TX, "tx done: qid=%d idx=%d"
2194             " retries=%d frame_count=%x nkill=%d "
2195             "rate=%x duration=%d status=%x\n",
2196             desc->hdr.qid, desc->hdr.idx, stat->ntries, stat->frame_count,
2197             stat->bt_kill_count, stat->rate.r.s.rate,
2198             LE_16(stat->duration), LE_32(stat->status)));
2199 
2200         amrr->txcnt++;
2201         IWK_DBG((IWK_DEBUG_RATECTL, "tx: %d cnt\n", amrr->txcnt));
2202         if (stat->ntries > 0) {
2203                 amrr->retrycnt++;
2204                 sc->sc_tx_retries++;
2205                 IWK_DBG((IWK_DEBUG_TX, "tx: %d retries\n",
2206                     sc->sc_tx_retries));
2207         }
2208 
2209         sc->sc_tx_timer = 0;
2210 
2211         mutex_enter(&sc->sc_tx_lock);
2212         ring->queued--;
2213         if (ring->queued < 0)
2214                 ring->queued = 0;
2215         if ((sc->sc_need_reschedule) && (ring->queued <= (ring->count << 3))) {
2216                 sc->sc_need_reschedule = 0;
2217                 mutex_exit(&sc->sc_tx_lock);
2218                 mac_tx_update(ic->ic_mach);
2219                 mutex_enter(&sc->sc_tx_lock);
2220         }
2221         mutex_exit(&sc->sc_tx_lock);
2222 }
2223 
2224 static void
2225 iwk_cmd_intr(iwk_sc_t *sc, iwk_rx_desc_t *desc)
2226 {
2227         if ((desc->hdr.qid & 7) != 4) {
2228                 return;
2229         }
2230         mutex_enter(&sc->sc_glock);
2231         sc->sc_flags |= IWK_F_CMD_DONE;
2232         cv_signal(&sc->sc_cmd_cv);
2233         mutex_exit(&sc->sc_glock);
2234         IWK_DBG((IWK_DEBUG_CMD, "rx cmd: "
2235             "qid=%x idx=%d flags=%x type=0x%x\n",
2236             desc->hdr.qid, desc->hdr.idx, desc->hdr.flags,
2237             desc->hdr.type));
2238 }
2239 
2240 static void
2241 iwk_ucode_alive(iwk_sc_t *sc, iwk_rx_desc_t *desc)
2242 {
2243         uint32_t base, i;
2244         struct iwk_alive_resp *ar =
2245             (struct iwk_alive_resp *)(desc + 1);
2246 
2247         /* the microcontroller is ready */
2248         IWK_DBG((IWK_DEBUG_FW,
2249             "microcode alive notification minor: %x major: %x type:"
2250             " %x subtype: %x\n",
2251             ar->ucode_minor, ar->ucode_minor, ar->ver_type, ar->ver_subtype));
2252 
2253         if (LE_32(ar->is_valid) != UCODE_VALID_OK) {
2254                 IWK_DBG((IWK_DEBUG_FW,
2255                     "microcontroller initialization failed\n"));
2256         }
2257         if (ar->ver_subtype == INITIALIZE_SUBTYPE) {
2258                 IWK_DBG((IWK_DEBUG_FW,
2259                     "initialization alive received.\n"));
2260                 (void) memcpy(&sc->sc_card_alive_init, ar,
2261                     sizeof (struct iwk_init_alive_resp));
2262                 /* XXX get temperature */
2263                 iwk_mac_access_enter(sc);
2264                 iwk_reg_write(sc, BSM_DRAM_INST_PTR_REG,
2265                     sc->sc_dma_fw_text.cookie.dmac_address >> 4);
2266                 iwk_reg_write(sc, BSM_DRAM_DATA_PTR_REG,
2267                     sc->sc_dma_fw_data_bak.cookie.dmac_address >> 4);
2268                 iwk_reg_write(sc, BSM_DRAM_DATA_BYTECOUNT_REG,
2269                     sc->sc_dma_fw_data.cookie.dmac_size);
2270                 iwk_reg_write(sc, BSM_DRAM_INST_BYTECOUNT_REG,
2271                     sc->sc_dma_fw_text.cookie.dmac_size | 0x80000000);
2272                 iwk_mac_access_exit(sc);
2273         } else {
2274                 IWK_DBG((IWK_DEBUG_FW, "runtime alive received.\n"));
2275                 (void) memcpy(&sc->sc_card_alive_run, ar,
2276                     sizeof (struct iwk_alive_resp));
2277 
2278                 /*
2279                  * Init SCD related registers to make Tx work. XXX
2280                  */
2281                 iwk_mac_access_enter(sc);
2282 
2283                 /* read sram address of data base */
2284                 sc->sc_scd_base = iwk_reg_read(sc, SCD_SRAM_BASE_ADDR);
2285 
2286                 /* clear and init SCD_CONTEXT_DATA_OFFSET area. 128 bytes */
2287                 for (base = sc->sc_scd_base + SCD_CONTEXT_DATA_OFFSET, i = 0;
2288                     i < 128; i += 4)
2289                         iwk_mem_write(sc, base + i, 0);
2290 
2291                 /* clear and init SCD_TX_STTS_BITMAP_OFFSET area. 256 bytes */
2292                 for (base = sc->sc_scd_base + SCD_TX_STTS_BITMAP_OFFSET;
2293                     i < 256; i += 4)
2294                         iwk_mem_write(sc, base + i, 0);
2295 
2296                 /* clear and init SCD_TRANSLATE_TBL_OFFSET area. 32 bytes */
2297                 for (base = sc->sc_scd_base + SCD_TRANSLATE_TBL_OFFSET;
2298                     i < sizeof (uint16_t) * IWK_NUM_QUEUES; i += 4)
2299                         iwk_mem_write(sc, base + i, 0);
2300 
2301                 iwk_reg_write(sc, SCD_DRAM_BASE_ADDR,
2302                     sc->sc_dma_sh.cookie.dmac_address >> 10);
2303                 iwk_reg_write(sc, SCD_QUEUECHAIN_SEL, 0);
2304 
2305                 /* initiate the tx queues */
2306                 for (i = 0; i < IWK_NUM_QUEUES; i++) {
2307                         iwk_reg_write(sc, SCD_QUEUE_RDPTR(i), 0);
2308                         IWK_WRITE(sc, HBUS_TARG_WRPTR, (i << 8));
2309                         iwk_mem_write(sc, sc->sc_scd_base +
2310                             SCD_CONTEXT_QUEUE_OFFSET(i),
2311                             (SCD_WIN_SIZE & 0x7f));
2312                         iwk_mem_write(sc, sc->sc_scd_base +
2313                             SCD_CONTEXT_QUEUE_OFFSET(i) + sizeof (uint32_t),
2314                             (SCD_FRAME_LIMIT & 0x7f) << 16);
2315                 }
2316                 /* interrupt enable on each queue0-7 */
2317                 iwk_reg_write(sc, SCD_INTERRUPT_MASK,
2318                     (1 << IWK_NUM_QUEUES) - 1);
2319                 /* enable  each channel 0-7 */
2320                 iwk_reg_write(sc, SCD_TXFACT,
2321                     SCD_TXFACT_REG_TXFIFO_MASK(0, 7));
2322                 /*
2323                  * queue 0-7 maps to FIFO 0-7 and
2324                  * all queues work under FIFO mode (none-scheduler-ack)
2325                  */
2326                 for (i = 0; i < 7; i++) {
2327                         iwk_reg_write(sc,
2328                             SCD_QUEUE_STATUS_BITS(i),
2329                             (1 << SCD_QUEUE_STTS_REG_POS_ACTIVE)|
2330                             (i << SCD_QUEUE_STTS_REG_POS_TXF)|
2331                             SCD_QUEUE_STTS_REG_MSK);
2332                 }
2333                 iwk_mac_access_exit(sc);
2334 
2335                 sc->sc_flags |= IWK_F_FW_INIT;
2336                 cv_signal(&sc->sc_fw_cv);
2337         }
2338 
2339 }
2340 
2341 static uint_t
2342 /* LINTED: argument unused in function: unused */
2343 iwk_rx_softintr(caddr_t arg, caddr_t unused)
2344 {
2345         iwk_sc_t *sc = (iwk_sc_t *)arg;
2346         ieee80211com_t *ic = &sc->sc_ic;
2347         iwk_rx_desc_t *desc;
2348         iwk_rx_data_t *data;
2349         uint32_t index;
2350 
2351         mutex_enter(&sc->sc_glock);
2352         if (sc->sc_rx_softint_pending != 1) {
2353                 mutex_exit(&sc->sc_glock);
2354                 return (DDI_INTR_UNCLAIMED);
2355         }
2356         /* disable interrupts */
2357         IWK_WRITE(sc, CSR_INT_MASK, 0);
2358         mutex_exit(&sc->sc_glock);
2359 
2360         /*
2361          * firmware has moved the index of the rx queue, driver get it,
2362          * and deal with it.
2363          */
2364         index = sc->sc_shared->val0 & 0xfff;
2365 
2366         while (sc->sc_rxq.cur != index) {
2367                 data = &sc->sc_rxq.data[sc->sc_rxq.cur];
2368                 desc = (iwk_rx_desc_t *)data->dma_data.mem_va;
2369 
2370                 IWK_DBG((IWK_DEBUG_INTR, "rx notification index = %d"
2371                     " cur = %d qid=%x idx=%d flags=%x type=%x len=%d\n",
2372                     index, sc->sc_rxq.cur, desc->hdr.qid, desc->hdr.idx,
2373                     desc->hdr.flags, desc->hdr.type, LE_32(desc->len)));
2374 
2375                 /* a command other than a tx need to be replied */
2376                 if (!(desc->hdr.qid & 0x80) &&
2377                     (desc->hdr.type != REPLY_RX_PHY_CMD) &&
2378                     (desc->hdr.type != REPLY_TX) &&
2379                     (desc->hdr.type != REPLY_TX_PWR_TABLE_CMD) &&
2380                     (desc->hdr.type != REPLY_PHY_CALIBRATION_CMD) &&
2381                     (desc->hdr.type != SENSITIVITY_CMD))
2382                         iwk_cmd_intr(sc, desc);
2383 
2384                 switch (desc->hdr.type) {
2385                 case REPLY_4965_RX:
2386                         iwk_rx_intr(sc, desc, data);
2387                         break;
2388 
2389                 case REPLY_TX:
2390                         iwk_tx_intr(sc, desc, data);
2391                         break;
2392 
2393                 case REPLY_ALIVE:
2394                         iwk_ucode_alive(sc, desc);
2395                         break;
2396 
2397                 case CARD_STATE_NOTIFICATION:
2398                 {
2399                         uint32_t *status = (uint32_t *)(desc + 1);
2400 
2401                         IWK_DBG((IWK_DEBUG_RADIO, "state changed to %x\n",
2402                             LE_32(*status)));
2403 
2404                         if (LE_32(*status) & 1) {
2405                                 /*
2406                                  * the radio button has to be pushed(OFF). It
2407                                  * is considered as a hw error, the
2408                                  * iwk_thread() tries to recover it after the
2409                                  * button is pushed again(ON)
2410                                  */
2411                                 cmn_err(CE_NOTE,
2412                                     "iwk_rx_softintr(): "
2413                                     "Radio transmitter is off\n");
2414                                 sc->sc_ostate = sc->sc_ic.ic_state;
2415                                 ieee80211_new_state(&sc->sc_ic,
2416                                     IEEE80211_S_INIT, -1);
2417                                 sc->sc_flags |=
2418                                     (IWK_F_HW_ERR_RECOVER | IWK_F_RADIO_OFF);
2419                         }
2420                         break;
2421                 }
2422                 case SCAN_START_NOTIFICATION:
2423                 {
2424                         iwk_start_scan_t *scan =
2425                             (iwk_start_scan_t *)(desc + 1);
2426 
2427                         IWK_DBG((IWK_DEBUG_SCAN,
2428                             "scanning channel %d status %x\n",
2429                             scan->chan, LE_32(scan->status)));
2430 
2431                         ic->ic_curchan = &ic->ic_sup_channels[scan->chan];
2432                         break;
2433                 }
2434                 case SCAN_COMPLETE_NOTIFICATION:
2435                 {
2436                         iwk_stop_scan_t *scan =
2437                             (iwk_stop_scan_t *)(desc + 1);
2438 
2439                         IWK_DBG((IWK_DEBUG_SCAN,
2440                             "completed channel %d (burst of %d) status %02x\n",
2441                             scan->chan, scan->nchan, scan->status));
2442 
2443                         sc->sc_scan_pending++;
2444                         break;
2445                 }
2446                 case STATISTICS_NOTIFICATION:
2447                         /* handle statistics notification */
2448                         iwk_statistics_notify(sc, desc);
2449                         break;
2450                 }
2451 
2452                 sc->sc_rxq.cur = (sc->sc_rxq.cur + 1) % RX_QUEUE_SIZE;
2453         }
2454 
2455         /*
2456          * driver dealt with what reveived in rx queue and tell the information
2457          * to the firmware.
2458          */
2459         index = (index == 0) ? RX_QUEUE_SIZE - 1 : index - 1;
2460         IWK_WRITE(sc, FH_RSCSR_CHNL0_RBDCB_WPTR_REG, index & (~7));
2461 
2462         mutex_enter(&sc->sc_glock);
2463         /* re-enable interrupts */
2464         IWK_WRITE(sc, CSR_INT_MASK, CSR_INI_SET_MASK);
2465         sc->sc_rx_softint_pending = 0;
2466         mutex_exit(&sc->sc_glock);
2467 
2468         return (DDI_INTR_CLAIMED);
2469 }
2470 
2471 static uint_t
2472 /* LINTED: argument unused in function: unused */
2473 iwk_intr(caddr_t arg, caddr_t unused)
2474 {
2475         iwk_sc_t *sc = (iwk_sc_t *)arg;
2476         uint32_t r, rfh;
2477 
2478         mutex_enter(&sc->sc_glock);
2479 
2480         if (sc->sc_flags & IWK_F_SUSPEND) {
2481                 mutex_exit(&sc->sc_glock);
2482                 return (DDI_INTR_UNCLAIMED);
2483         }
2484 
2485         r = IWK_READ(sc, CSR_INT);
2486         if (r == 0 || r == 0xffffffff) {
2487                 mutex_exit(&sc->sc_glock);
2488                 return (DDI_INTR_UNCLAIMED);
2489         }
2490 
2491         IWK_DBG((IWK_DEBUG_INTR, "interrupt reg %x\n", r));
2492 
2493         rfh = IWK_READ(sc, CSR_FH_INT_STATUS);
2494         IWK_DBG((IWK_DEBUG_INTR, "FH interrupt reg %x\n", rfh));
2495         /* disable interrupts */
2496         IWK_WRITE(sc, CSR_INT_MASK, 0);
2497         /* ack interrupts */
2498         IWK_WRITE(sc, CSR_INT, r);
2499         IWK_WRITE(sc, CSR_FH_INT_STATUS, rfh);
2500 
2501         if (sc->sc_soft_hdl == NULL) {
2502                 mutex_exit(&sc->sc_glock);
2503                 return (DDI_INTR_CLAIMED);
2504         }
2505         if (r & (BIT_INT_SWERROR | BIT_INT_ERR)) {
2506                 cmn_err(CE_WARN, "fatal firmware error\n");
2507                 mutex_exit(&sc->sc_glock);
2508 #ifdef DEBUG
2509                 /* dump event and error logs to dmesg */
2510                 iwk_write_error_log(sc);
2511                 iwk_write_event_log(sc);
2512 #endif /* DEBUG */
2513                 iwk_stop(sc);
2514                 sc->sc_ostate = sc->sc_ic.ic_state;
2515 
2516                 /* not capable of fast recovery */
2517                 if (!IWK_CHK_FAST_RECOVER(sc))
2518                         ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1);
2519 
2520                 sc->sc_flags |= IWK_F_HW_ERR_RECOVER;
2521                 return (DDI_INTR_CLAIMED);
2522         }
2523 
2524         if (r & BIT_INT_RF_KILL) {
2525                 uint32_t tmp = IWK_READ(sc, CSR_GP_CNTRL);
2526                 if (tmp & (1 << 27))
2527                         cmn_err(CE_NOTE, "RF switch: radio on\n");
2528         }
2529 
2530         if ((r & (BIT_INT_FH_RX | BIT_INT_SW_RX)) ||
2531             (rfh & FH_INT_RX_MASK)) {
2532                 sc->sc_rx_softint_pending = 1;
2533                 (void) ddi_intr_trigger_softint(sc->sc_soft_hdl, NULL);
2534         }
2535 
2536         if (r & BIT_INT_ALIVE)      {
2537                 IWK_DBG((IWK_DEBUG_FW, "firmware initialized.\n"));
2538         }
2539 
2540         /* re-enable interrupts */
2541         IWK_WRITE(sc, CSR_INT_MASK, CSR_INI_SET_MASK);
2542         mutex_exit(&sc->sc_glock);
2543 
2544         return (DDI_INTR_CLAIMED);
2545 }
2546 
2547 static uint8_t
2548 iwk_rate_to_plcp(int rate)
2549 {
2550         uint8_t ret;
2551 
2552         switch (rate) {
2553         /* CCK rates */
2554         case 2:
2555                 ret = 0xa;
2556                 break;
2557         case 4:
2558                 ret = 0x14;
2559                 break;
2560         case 11:
2561                 ret = 0x37;
2562                 break;
2563         case 22:
2564                 ret = 0x6e;
2565                 break;
2566         /* OFDM rates */
2567         case 12:
2568                 ret = 0xd;
2569                 break;
2570         case 18:
2571                 ret = 0xf;
2572                 break;
2573         case 24:
2574                 ret = 0x5;
2575                 break;
2576         case 36:
2577                 ret = 0x7;
2578                 break;
2579         case 48:
2580                 ret = 0x9;
2581                 break;
2582         case 72:
2583                 ret = 0xb;
2584                 break;
2585         case 96:
2586                 ret = 0x1;
2587                 break;
2588         case 108:
2589                 ret = 0x3;
2590                 break;
2591         default:
2592                 ret = 0;
2593                 break;
2594         }
2595         return (ret);
2596 }
2597 
2598 static mblk_t *
2599 iwk_m_tx(void *arg, mblk_t *mp)
2600 {
2601         iwk_sc_t        *sc = (iwk_sc_t *)arg;
2602         ieee80211com_t  *ic = &sc->sc_ic;
2603         mblk_t                  *next;
2604 
2605         if (sc->sc_flags & IWK_F_SUSPEND) {
2606                 freemsgchain(mp);
2607                 return (NULL);
2608         }
2609 
2610         if (ic->ic_state != IEEE80211_S_RUN) {
2611                 freemsgchain(mp);
2612                 return (NULL);
2613         }
2614 
2615         if ((sc->sc_flags & IWK_F_HW_ERR_RECOVER) &&
2616             IWK_CHK_FAST_RECOVER(sc)) {
2617                 IWK_DBG((IWK_DEBUG_FW, "iwk_m_tx(): hold queue\n"));
2618                 return (mp);
2619         }
2620 
2621         while (mp != NULL) {
2622                 next = mp->b_next;
2623                 mp->b_next = NULL;
2624                 if (iwk_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != 0) {
2625                         mp->b_next = next;
2626                         break;
2627                 }
2628                 mp = next;
2629         }
2630         return (mp);
2631 }
2632 
2633 /* ARGSUSED */
2634 static int
2635 iwk_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
2636 {
2637         iwk_sc_t *sc = (iwk_sc_t *)ic;
2638         iwk_tx_ring_t *ring;
2639         iwk_tx_desc_t *desc;
2640         iwk_tx_data_t *data;
2641         iwk_cmd_t *cmd;
2642         iwk_tx_cmd_t *tx;
2643         ieee80211_node_t *in;
2644         struct ieee80211_frame *wh;
2645         struct ieee80211_key *k = NULL;
2646         mblk_t *m, *m0;
2647         int rate, hdrlen, len, len0, mblen, off, err = IWK_SUCCESS;
2648         uint16_t masks = 0;
2649         uint8_t index, index1, index2;
2650 
2651         ring = &sc->sc_txq[0];
2652         data = &ring->data[ring->cur];
2653         desc = data->desc;
2654         cmd = data->cmd;
2655         bzero(desc, sizeof (*desc));
2656         bzero(cmd, sizeof (*cmd));
2657 
2658         mutex_enter(&sc->sc_tx_lock);
2659         if (sc->sc_flags & IWK_F_SUSPEND) {
2660                 mutex_exit(&sc->sc_tx_lock);
2661                 if ((type & IEEE80211_FC0_TYPE_MASK) !=
2662                     IEEE80211_FC0_TYPE_DATA) {
2663                         freemsg(mp);
2664                 }
2665                 err = IWK_FAIL;
2666                 goto exit;
2667         }
2668 
2669         if (ring->queued > ring->count - 64) {
2670                 IWK_DBG((IWK_DEBUG_TX, "iwk_send(): no txbuf\n"));
2671                 sc->sc_need_reschedule = 1;
2672                 mutex_exit(&sc->sc_tx_lock);
2673                 if ((type & IEEE80211_FC0_TYPE_MASK) !=
2674                     IEEE80211_FC0_TYPE_DATA) {
2675                         freemsg(mp);
2676                 }
2677                 sc->sc_tx_nobuf++;
2678                 err = IWK_FAIL;
2679                 goto exit;
2680         }
2681         mutex_exit(&sc->sc_tx_lock);
2682 
2683         hdrlen = sizeof (struct ieee80211_frame);
2684 
2685         m = allocb(msgdsize(mp) + 32, BPRI_MED);
2686         if (m == NULL) { /* can not alloc buf, drop this package */
2687                 cmn_err(CE_WARN,
2688                     "iwk_send(): failed to allocate msgbuf\n");
2689                 freemsg(mp);
2690                 err = IWK_SUCCESS;
2691                 goto exit;
2692         }
2693         for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
2694                 mblen = MBLKL(m0);
2695                 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen);
2696                 off += mblen;
2697         }
2698         m->b_wptr += off;
2699         freemsg(mp);
2700 
2701         wh = (struct ieee80211_frame *)m->b_rptr;
2702 
2703         if (ic->ic_opmode == IEEE80211_M_IBSS &&
2704             (!(IEEE80211_IS_MULTICAST(wh->i_addr1)))) {
2705                 mutex_enter(&sc->sc_glock);
2706                 mutex_enter(&sc->sc_ibss.node_tb_lock);
2707 
2708                 /*
2709                  * search for node in ibss node table
2710                  */
2711                 for (index1 = IWK_STA_ID;
2712                     index1 < IWK_STATION_COUNT; index1++) {
2713                         if (sc->sc_ibss.ibss_node_tb[index1].used &&
2714                             IEEE80211_ADDR_EQ(sc->sc_ibss.
2715                             ibss_node_tb[index1].node.bssid,
2716                             wh->i_addr1)) {
2717                                 break;
2718                         }
2719                 }
2720 
2721                 /*
2722                  * if don't find in ibss node table
2723                  */
2724                 if (index1 >= IWK_BROADCAST_ID) {
2725                         err = iwk_clean_add_node_ibss(ic,
2726                             wh->i_addr1, &index2);
2727                         if (err != IWK_SUCCESS) {
2728                                 cmn_err(CE_WARN, "iwk_send(): "
2729                                     "failed to clean all nodes "
2730                                     "and add one node\n");
2731                                 mutex_exit(&sc->sc_ibss.node_tb_lock);
2732                                 mutex_exit(&sc->sc_glock);
2733                                 freemsg(m);
2734                                 sc->sc_tx_err++;
2735                                 err = IWK_SUCCESS;
2736                                 goto exit;
2737                         }
2738                         index = index2;
2739                 } else {
2740                         index = index1;
2741                 }
2742                 mutex_exit(&sc->sc_ibss.node_tb_lock);
2743                 mutex_exit(&sc->sc_glock);
2744         }
2745 
2746         in = ieee80211_find_txnode(ic, wh->i_addr1);
2747         if (in == NULL) {
2748                 cmn_err(CE_WARN, "iwk_send(): failed to find tx node\n");
2749                 freemsg(m);
2750                 sc->sc_tx_err++;
2751                 err = IWK_SUCCESS;
2752                 goto exit;
2753         }
2754         (void) ieee80211_encap(ic, m, in);
2755 
2756         cmd->hdr.type = REPLY_TX;
2757         cmd->hdr.flags = 0;
2758         cmd->hdr.qid = ring->qid;
2759         cmd->hdr.idx = ring->cur;
2760 
2761         tx = (iwk_tx_cmd_t *)cmd->data;
2762         tx->tx_flags = 0;
2763 
2764         if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
2765                 tx->tx_flags &= ~(LE_32(TX_CMD_FLG_ACK_MSK));
2766         } else {
2767                 tx->tx_flags |= LE_32(TX_CMD_FLG_ACK_MSK);
2768         }
2769 
2770         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
2771                 k = ieee80211_crypto_encap(ic, m);
2772                 if (k == NULL) {
2773                         freemsg(m);
2774                         sc->sc_tx_err++;
2775                         err = IWK_SUCCESS;
2776                         goto exit;
2777                 }
2778 
2779                 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) {
2780                         tx->sec_ctl = 2; /* for CCMP */
2781                         tx->tx_flags |= LE_32(TX_CMD_FLG_ACK_MSK);
2782                         (void) memcpy(&tx->key, k->wk_key, k->wk_keylen);
2783                 }
2784 
2785                 /* packet header may have moved, reset our local pointer */
2786                 wh = (struct ieee80211_frame *)m->b_rptr;
2787         }
2788 
2789         len = msgdsize(m);
2790 
2791 #ifdef DEBUG
2792         if (iwk_dbg_flags & IWK_DEBUG_TX)
2793                 ieee80211_dump_pkt((uint8_t *)wh, hdrlen, 0, 0);
2794 #endif
2795 
2796         /* pickup a rate */
2797         if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
2798             IEEE80211_FC0_TYPE_MGT) {
2799                 /* mgmt frames are sent at 1M */
2800                 rate = in->in_rates.ir_rates[0];
2801         } else {
2802                 /*
2803                  * do it here for the software way rate control.
2804                  * later for rate scaling in hardware.
2805                  * maybe like the following, for management frame:
2806                  * tx->initial_rate_index = LINK_QUAL_MAX_RETRY_NUM - 1;
2807                  * for data frame:
2808                  * tx->tx_flags |= (LE_32(TX_CMD_FLG_STA_RATE_MSK));
2809                  * rate = in->in_rates.ir_rates[in->in_txrate];
2810                  * tx->initial_rate_index = 1;
2811                  *
2812                  * now the txrate is determined in tx cmd flags, set to the
2813                  * max value 54M for 11g and 11M for 11b.
2814                  */
2815 
2816                 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) {
2817                         rate = ic->ic_fixed_rate;
2818                 } else {
2819                         rate = in->in_rates.ir_rates[in->in_txrate];
2820                 }
2821         }
2822         rate &= IEEE80211_RATE_VAL;
2823         IWK_DBG((IWK_DEBUG_TX, "tx rate[%d of %d] = %x",
2824             in->in_txrate, in->in_rates.ir_nrates, rate));
2825 
2826         tx->tx_flags |= (LE_32(TX_CMD_FLG_SEQ_CTL_MSK));
2827 
2828         len0 = roundup(4 + sizeof (iwk_tx_cmd_t) + hdrlen, 4);
2829         if (len0 != (4 + sizeof (iwk_tx_cmd_t) + hdrlen))
2830                 tx->tx_flags |= LE_32(TX_CMD_FLG_MH_PAD_MSK);
2831 
2832         /* retrieve destination node's id */
2833         if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
2834                 tx->sta_id = IWK_BROADCAST_ID;
2835         } else {
2836                 if (ic->ic_opmode == IEEE80211_M_IBSS)
2837                         tx->sta_id = index;
2838                 else
2839                         tx->sta_id = IWK_AP_ID;
2840         }
2841 
2842         if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
2843             IEEE80211_FC0_TYPE_MGT) {
2844                 /* tell h/w to set timestamp in probe responses */
2845                 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
2846                     IEEE80211_FC0_SUBTYPE_PROBE_RESP)
2847                         tx->tx_flags |= LE_32(TX_CMD_FLG_TSF_MSK);
2848 
2849                 if (((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
2850                     IEEE80211_FC0_SUBTYPE_ASSOC_REQ) ||
2851                     ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
2852                     IEEE80211_FC0_SUBTYPE_REASSOC_REQ))
2853                         tx->timeout.pm_frame_timeout = LE_16(3);
2854                 else
2855                         tx->timeout.pm_frame_timeout = LE_16(2);
2856         } else
2857                 tx->timeout.pm_frame_timeout = 0;
2858         if (rate == 2 || rate == 4 || rate == 11 || rate == 22)
2859                 masks |= RATE_MCS_CCK_MSK;
2860 
2861         masks |= RATE_MCS_ANT_B_MSK;
2862         tx->rate.r.rate_n_flags = LE_32(iwk_rate_to_plcp(rate) | masks);
2863 
2864         IWK_DBG((IWK_DEBUG_TX, "tx flag = %x",
2865             LE_32(tx->tx_flags)));
2866 
2867         tx->rts_retry_limit = 60;
2868         tx->data_retry_limit = 15;
2869 
2870         tx->stop_time.life_time  = LE_32(0xffffffff);
2871 
2872         tx->len = LE_16(len);
2873 
2874         tx->dram_lsb_ptr =
2875             LE_32(data->paddr_cmd + 4 + offsetof(iwk_tx_cmd_t, scratch));
2876         tx->dram_msb_ptr = 0;
2877         tx->driver_txop = 0;
2878         tx->next_frame_len = 0;
2879 
2880         (void) memcpy(tx + 1, m->b_rptr, hdrlen);
2881         m->b_rptr += hdrlen;
2882         (void) memcpy(data->dma_data.mem_va, m->b_rptr, len - hdrlen);
2883 
2884         IWK_DBG((IWK_DEBUG_TX, "sending data: qid=%d idx=%d len=%d",
2885             ring->qid, ring->cur, len));
2886 
2887         /*
2888          * first segment includes the tx cmd plus the 802.11 header,
2889          * the second includes the remaining of the 802.11 frame.
2890          */
2891         desc->val0 = 2 << 24;
2892         desc->pa[0].tb1_addr = data->paddr_cmd;
2893         desc->pa[0].val1 = ((len0 << 4) & 0xfff0) |
2894             ((data->dma_data.cookie.dmac_address & 0xffff) << 16);
2895         desc->pa[0].val2 =
2896             ((data->dma_data.cookie.dmac_address & 0xffff0000) >> 16) |
2897             ((len - hdrlen) << 20);
2898         IWK_DBG((IWK_DEBUG_TX, "phy addr1 = 0x%x phy addr2 = 0x%x "
2899             "len1 = 0x%x, len2 = 0x%x val1 = 0x%x val2 = 0x%x",
2900             data->paddr_cmd, data->dma_data.cookie.dmac_address,
2901             len0, len - hdrlen, LE_32(desc->pa[0].val1),
2902             LE_32(desc->pa[0].val2)));
2903 
2904         mutex_enter(&sc->sc_tx_lock);
2905         ring->queued++;
2906         mutex_exit(&sc->sc_tx_lock);
2907 
2908         /* kick ring */
2909         sc->sc_shared->queues_byte_cnt_tbls[ring->qid].
2910             tfd_offset[ring->cur].val = 8 + len;
2911         if (ring->cur < IWK_MAX_WIN_SIZE) {
2912                 sc->sc_shared->queues_byte_cnt_tbls[ring->qid].
2913                     tfd_offset[IWK_QUEUE_SIZE + ring->cur].val = 8 + len;
2914         }
2915 
2916         IWK_DMA_SYNC(data->dma_data, DDI_DMA_SYNC_FORDEV);
2917         IWK_DMA_SYNC(ring->dma_desc, DDI_DMA_SYNC_FORDEV);
2918 
2919         ring->cur = (ring->cur + 1) % ring->count;
2920         IWK_WRITE(sc, HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
2921         freemsg(m);
2922         /* release node reference */
2923         ieee80211_free_node(in);
2924 
2925         ic->ic_stats.is_tx_bytes += len;
2926         ic->ic_stats.is_tx_frags++;
2927 
2928         if (sc->sc_tx_timer == 0)
2929                 sc->sc_tx_timer = 4;
2930 
2931 exit:
2932         return (err);
2933 }
2934 
2935 static void
2936 iwk_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2937 {
2938         iwk_sc_t        *sc  = (iwk_sc_t *)arg;
2939         ieee80211com_t  *ic = &sc->sc_ic;
2940 
2941         enum ieee80211_opmode           oldmod;
2942         iwk_tx_power_table_cmd_t        txpower;
2943         iwk_add_sta_t                   node;
2944         iwk_link_quality_cmd_t          link_quality;
2945         uint16_t                        masks = 0;
2946         int                             i, err, err1;
2947 
2948         oldmod = ic->ic_opmode;
2949 
2950         err = ieee80211_ioctl(ic, wq, mp);
2951 
2952         /*
2953          * return to STA mode
2954          */
2955         if ((0 == err || ENETRESET == err) && (oldmod != ic->ic_opmode) &&
2956             (ic->ic_opmode == IEEE80211_M_STA)) {
2957                 /* configure rxon */
2958                 (void) memset(&sc->sc_config, 0, sizeof (iwk_rxon_cmd_t));
2959                 IEEE80211_ADDR_COPY(sc->sc_config.node_addr, ic->ic_macaddr);
2960                 IEEE80211_ADDR_COPY(sc->sc_config.wlap_bssid, ic->ic_macaddr);
2961                 sc->sc_config.chan =
2962                     LE_16(ieee80211_chan2ieee(ic, ic->ic_curchan));
2963                 sc->sc_config.flags = LE_32(RXON_FLG_TSF2HOST_MSK |
2964                     RXON_FLG_AUTO_DETECT_MSK |
2965                     RXON_FLG_BAND_24G_MSK);
2966                 sc->sc_config.flags &= LE_32(~RXON_FLG_CCK_MSK);
2967                 switch (ic->ic_opmode) {
2968                 case IEEE80211_M_STA:
2969                         sc->sc_config.dev_type = RXON_DEV_TYPE_ESS;
2970                         sc->sc_config.filter_flags |=
2971                             LE_32(RXON_FILTER_ACCEPT_GRP_MSK |
2972                             RXON_FILTER_DIS_DECRYPT_MSK |
2973                             RXON_FILTER_DIS_GRP_DECRYPT_MSK);
2974                         break;
2975                 case IEEE80211_M_IBSS:
2976                 case IEEE80211_M_AHDEMO:
2977                         sc->sc_config.dev_type = RXON_DEV_TYPE_IBSS;
2978                         sc->sc_config.flags |=
2979                             LE_32(RXON_FLG_SHORT_PREAMBLE_MSK);
2980                         sc->sc_config.filter_flags =
2981                             LE_32(RXON_FILTER_ACCEPT_GRP_MSK |
2982                             RXON_FILTER_DIS_DECRYPT_MSK |
2983                             RXON_FILTER_DIS_GRP_DECRYPT_MSK);
2984                         break;
2985                 case IEEE80211_M_HOSTAP:
2986                         sc->sc_config.dev_type = RXON_DEV_TYPE_AP;
2987                         break;
2988                 case IEEE80211_M_MONITOR:
2989                         sc->sc_config.dev_type = RXON_DEV_TYPE_SNIFFER;
2990                         sc->sc_config.filter_flags |=
2991                             LE_32(RXON_FILTER_ACCEPT_GRP_MSK |
2992                             RXON_FILTER_CTL2HOST_MSK |
2993                             RXON_FILTER_PROMISC_MSK);
2994                         break;
2995                 }
2996                 sc->sc_config.cck_basic_rates  = 0x0f;
2997                 sc->sc_config.ofdm_basic_rates = 0xff;
2998                 sc->sc_config.ofdm_ht_single_stream_basic_rates = 0xff;
2999                 sc->sc_config.ofdm_ht_dual_stream_basic_rates = 0xff;
3000                 /* set antenna */
3001                 mutex_enter(&sc->sc_glock);
3002                 sc->sc_config.rx_chain = LE_16(RXON_RX_CHAIN_DRIVER_FORCE_MSK |
3003                     (0x7 << RXON_RX_CHAIN_VALID_POS) |
3004                     (0x6 << RXON_RX_CHAIN_FORCE_SEL_POS) |
3005                     (0x7 << RXON_RX_CHAIN_FORCE_MIMO_SEL_POS));
3006                 err1 = iwk_cmd(sc, REPLY_RXON, &sc->sc_config,
3007                     sizeof (iwk_rxon_cmd_t), 1);
3008                 if (err1 != IWK_SUCCESS) {
3009                         cmn_err(CE_WARN, "iwk_m_ioctl(): "
3010                             "failed to set configure command"
3011                             " please run (ifconfig unplumb and"
3012                             " ifconfig plumb)\n");
3013                 }
3014                 /*
3015                  * set Tx power for 2.4GHz channels
3016                  * (need further investigation. fix tx power at present)
3017                  */
3018                 (void) memset(&txpower, 0, sizeof (txpower));
3019                 txpower.band = 1; /* for 2.4G */
3020                 txpower.channel = sc->sc_config.chan;
3021                 txpower.channel_normal_width = 0;
3022                 for (i = 0; i < POWER_TABLE_NUM_HT_OFDM_ENTRIES; i++) {
3023                         txpower.tx_power.ht_ofdm_power[i].
3024                             s.ramon_tx_gain = LE_16(0x3f3f);
3025                         txpower.tx_power.ht_ofdm_power[i].
3026                             s.dsp_predis_atten = LE_16(110 | (110 << 8));
3027                 }
3028                 txpower.tx_power.legacy_cck_power.s.
3029                     ramon_tx_gain = LE_16(0x3f3f);
3030                 txpower.tx_power.legacy_cck_power.s.
3031                     dsp_predis_atten = LE_16(110 | (110 << 8));
3032                 err1 = iwk_cmd(sc, REPLY_TX_PWR_TABLE_CMD, &txpower,
3033                     sizeof (txpower), 1);
3034                 if (err1 != IWK_SUCCESS) {
3035                         cmn_err(CE_WARN, "iwk_m_ioctl(): failed to set txpower"
3036                             " please run (ifconfig unplumb "
3037                             "and ifconfig plumb)\n");
3038                 }
3039                 /* add broadcast node so that we can send broadcast frame */
3040                 (void) memset(&node, 0, sizeof (node));
3041                 (void) memset(node.bssid, 0xff, 6);
3042                 node.id = IWK_BROADCAST_ID;
3043                 err1 = iwk_cmd(sc, REPLY_ADD_STA, &node, sizeof (node), 1);
3044                 if (err1 != IWK_SUCCESS) {
3045                         cmn_err(CE_WARN, "iwk_m_ioctl(): "
3046                             "failed to add broadcast node\n");
3047                 }
3048 
3049                 /* TX_LINK_QUALITY cmd */
3050                 (void) memset(&link_quality, 0, sizeof (link_quality));
3051                 for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++) {
3052                         masks |= RATE_MCS_CCK_MSK;
3053                         masks |= RATE_MCS_ANT_B_MSK;
3054                         masks &= ~RATE_MCS_ANT_A_MSK;
3055                         link_quality.rate_n_flags[i] =
3056                             LE_32(iwk_rate_to_plcp(2) | masks);
3057                 }
3058                 link_quality.general_params.single_stream_ant_msk = 2;
3059                 link_quality.general_params.dual_stream_ant_msk = 3;
3060                 link_quality.agg_params.agg_dis_start_th = 3;
3061                 link_quality.agg_params.agg_time_limit = LE_16(4000);
3062                 link_quality.sta_id = IWK_BROADCAST_ID;
3063                 err1 = iwk_cmd(sc, REPLY_TX_LINK_QUALITY_CMD, &link_quality,
3064                     sizeof (link_quality), 1);
3065                 if (err1 != IWK_SUCCESS) {
3066                         cmn_err(CE_WARN, "iwk_m_ioctl(): "
3067                             "failed to config link quality table\n");
3068                 }
3069                 mutex_exit(&sc->sc_glock);
3070                 ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
3071         }
3072 
3073         if (err == ENETRESET) {
3074                 /*
3075                  * This is special for the hidden AP connection.
3076                  * In any case, we should make sure only one 'scan'
3077                  * in the driver for a 'connect' CLI command. So
3078                  * when connecting to a hidden AP, the scan is just
3079                  * sent out to the air when we know the desired
3080                  * essid of the AP we want to connect.
3081                  */
3082                 if (ic->ic_des_esslen) {
3083                         if (sc->sc_flags & IWK_F_RUNNING) {
3084                                 iwk_m_stop(sc);
3085                                 (void) iwk_m_start(sc);
3086                                 (void) ieee80211_new_state(ic,
3087                                     IEEE80211_S_SCAN, -1);
3088                         }
3089                 }
3090         }
3091 }
3092 
3093 /*
3094  * callback functions for set/get properties
3095  */
3096 
3097 static int
3098 iwk_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
3099     uint_t wldp_length, void *wldp_buf)
3100 {
3101         int             err = 0;
3102         iwk_sc_t        *sc = (iwk_sc_t *)arg;
3103 
3104         err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_num,
3105             wldp_length, wldp_buf);
3106 
3107         return (err);
3108 }
3109 
3110 static int
3111 iwk_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
3112     uint_t wldp_length, const void *wldp_buf)
3113 {
3114         int             err;
3115         iwk_sc_t        *sc = (iwk_sc_t *)arg;
3116         ieee80211com_t  *ic = &sc->sc_ic;
3117 
3118         err = ieee80211_setprop(ic, pr_name, wldp_pr_num, wldp_length,
3119             wldp_buf);
3120 
3121         if (err == ENETRESET) {
3122                 if (ic->ic_des_esslen) {
3123                         if (sc->sc_flags & IWK_F_RUNNING) {
3124                                 iwk_m_stop(sc);
3125                                 (void) iwk_m_start(sc);
3126                                 (void) ieee80211_new_state(ic,
3127                                     IEEE80211_S_SCAN, -1);
3128                         }
3129                 }
3130                 err = 0;
3131         }
3132 
3133         return (err);
3134 }
3135 
3136 static void
3137 iwk_m_propinfo(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
3138     mac_prop_info_handle_t mph)
3139 {
3140         iwk_sc_t        *sc = (iwk_sc_t *)arg;
3141         ieee80211com_t  *ic = &sc->sc_ic;
3142 
3143         ieee80211_propinfo(ic, pr_name, wldp_pr_num, mph);
3144 }
3145 
3146 /*ARGSUSED*/
3147 static int
3148 iwk_m_stat(void *arg, uint_t stat, uint64_t *val)
3149 {
3150         iwk_sc_t        *sc  = (iwk_sc_t *)arg;
3151         ieee80211com_t  *ic = &sc->sc_ic;
3152         ieee80211_node_t *in;
3153 
3154         mutex_enter(&sc->sc_glock);
3155         switch (stat) {
3156         case MAC_STAT_IFSPEED:
3157                 in = ic->ic_bss;
3158                 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
3159                     IEEE80211_RATE(in->in_txrate) :
3160                     ic->ic_fixed_rate) / 2 * 1000000;
3161                 break;
3162         case MAC_STAT_NOXMTBUF:
3163                 *val = sc->sc_tx_nobuf;
3164                 break;
3165         case MAC_STAT_NORCVBUF:
3166                 *val = sc->sc_rx_nobuf;
3167                 break;
3168         case MAC_STAT_IERRORS:
3169                 *val = sc->sc_rx_err;
3170                 break;
3171         case MAC_STAT_RBYTES:
3172                 *val = ic->ic_stats.is_rx_bytes;
3173                 break;
3174         case MAC_STAT_IPACKETS:
3175                 *val = ic->ic_stats.is_rx_frags;
3176                 break;
3177         case MAC_STAT_OBYTES:
3178                 *val = ic->ic_stats.is_tx_bytes;
3179                 break;
3180         case MAC_STAT_OPACKETS:
3181                 *val = ic->ic_stats.is_tx_frags;
3182                 break;
3183         case MAC_STAT_OERRORS:
3184         case WIFI_STAT_TX_FAILED:
3185                 *val = sc->sc_tx_err;
3186                 break;
3187         case WIFI_STAT_TX_RETRANS:
3188                 *val = sc->sc_tx_retries;
3189                 break;
3190         case WIFI_STAT_FCS_ERRORS:
3191         case WIFI_STAT_WEP_ERRORS:
3192         case WIFI_STAT_TX_FRAGS:
3193         case WIFI_STAT_MCAST_TX:
3194         case WIFI_STAT_RTS_SUCCESS:
3195         case WIFI_STAT_RTS_FAILURE:
3196         case WIFI_STAT_ACK_FAILURE:
3197         case WIFI_STAT_RX_FRAGS:
3198         case WIFI_STAT_MCAST_RX:
3199         case WIFI_STAT_RX_DUPS:
3200                 mutex_exit(&sc->sc_glock);
3201                 return (ieee80211_stat(ic, stat, val));
3202         default:
3203                 mutex_exit(&sc->sc_glock);
3204                 return (ENOTSUP);
3205         }
3206         mutex_exit(&sc->sc_glock);
3207 
3208         return (IWK_SUCCESS);
3209 
3210 }
3211 
3212 static int
3213 iwk_m_start(void *arg)
3214 {
3215         iwk_sc_t *sc = (iwk_sc_t *)arg;
3216         ieee80211com_t  *ic = &sc->sc_ic;
3217         int err;
3218 
3219         err = iwk_init(sc);
3220 
3221         if (err != IWK_SUCCESS) {
3222                 /*
3223                  * The hw init err(eg. RF is OFF). Return Success to make
3224                  * the 'plumb' succeed. The iwk_thread() tries to re-init
3225                  * background.
3226                  */
3227                 mutex_enter(&sc->sc_glock);
3228                 sc->sc_flags |= IWK_F_HW_ERR_RECOVER;
3229                 mutex_exit(&sc->sc_glock);
3230                 return (IWK_SUCCESS);
3231         }
3232 
3233         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
3234 
3235         mutex_enter(&sc->sc_glock);
3236         sc->sc_flags |= IWK_F_RUNNING;
3237         mutex_exit(&sc->sc_glock);
3238 
3239         return (IWK_SUCCESS);
3240 }
3241 
3242 static void
3243 iwk_m_stop(void *arg)
3244 {
3245         iwk_sc_t *sc = (iwk_sc_t *)arg;
3246         ieee80211com_t  *ic = &sc->sc_ic;
3247 
3248         iwk_stop(sc);
3249         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
3250         ieee80211_stop_watchdog(ic);
3251         mutex_enter(&sc->sc_mt_lock);
3252         sc->sc_flags &= ~IWK_F_HW_ERR_RECOVER;
3253         sc->sc_flags &= ~IWK_F_RATE_AUTO_CTL;
3254         mutex_exit(&sc->sc_mt_lock);
3255         mutex_enter(&sc->sc_glock);
3256         sc->sc_flags &= ~IWK_F_RUNNING;
3257         mutex_exit(&sc->sc_glock);
3258 }
3259 
3260 /*ARGSUSED*/
3261 static int
3262 iwk_m_unicst(void *arg, const uint8_t *macaddr)
3263 {
3264         iwk_sc_t *sc = (iwk_sc_t *)arg;
3265         ieee80211com_t  *ic = &sc->sc_ic;
3266         int err;
3267 
3268         if (!IEEE80211_ADDR_EQ(ic->ic_macaddr, macaddr)) {
3269                 IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr);
3270                 mutex_enter(&sc->sc_glock);
3271                 err = iwk_config(sc);
3272                 mutex_exit(&sc->sc_glock);
3273                 if (err != IWK_SUCCESS) {
3274                         cmn_err(CE_WARN,
3275                             "iwk_m_unicst(): "
3276                             "failed to configure device\n");
3277                         goto fail;
3278                 }
3279         }
3280         return (IWK_SUCCESS);
3281 fail:
3282         return (err);
3283 }
3284 
3285 /*ARGSUSED*/
3286 static int
3287 iwk_m_multicst(void *arg, boolean_t add, const uint8_t *m)
3288 {
3289         return (IWK_SUCCESS);
3290 }
3291 
3292 /*ARGSUSED*/
3293 static int
3294 iwk_m_promisc(void *arg, boolean_t on)
3295 {
3296         return (IWK_SUCCESS);
3297 }
3298 
3299 static void
3300 iwk_thread(iwk_sc_t *sc)
3301 {
3302         ieee80211com_t  *ic = &sc->sc_ic;
3303         clock_t clk;
3304         int times = 0, err, n = 0, timeout = 0;
3305         uint32_t tmp;
3306 
3307         mutex_enter(&sc->sc_mt_lock);
3308         while (sc->sc_mf_thread_switch) {
3309                 tmp = IWK_READ(sc, CSR_GP_CNTRL);
3310                 if (tmp & CSR_GP_CNTRL_REG_FLAG_HW_RF_KILL_SW) {
3311                         sc->sc_flags &= ~IWK_F_RADIO_OFF;
3312                 } else {
3313                         sc->sc_flags |= IWK_F_RADIO_OFF;
3314                 }
3315                 /*
3316                  * If in SUSPEND or the RF is OFF, do nothing
3317                  */
3318                 if ((sc->sc_flags & IWK_F_SUSPEND) ||
3319                     (sc->sc_flags & IWK_F_RADIO_OFF)) {
3320                         mutex_exit(&sc->sc_mt_lock);
3321                         delay(drv_usectohz(100000));
3322                         mutex_enter(&sc->sc_mt_lock);
3323                         continue;
3324                 }
3325 
3326                 /*
3327                  * recovery fatal error
3328                  */
3329                 if (ic->ic_mach &&
3330                     (sc->sc_flags & IWK_F_HW_ERR_RECOVER)) {
3331 
3332                         IWK_DBG((IWK_DEBUG_FW,
3333                             "iwk_thread(): "
3334                             "try to recover fatal hw error: %d\n", times++));
3335 
3336                         iwk_stop(sc);
3337 
3338                         if (IWK_CHK_FAST_RECOVER(sc)) {
3339                                 /* save runtime configuration */
3340                                 bcopy(&sc->sc_config, &sc->sc_config_save,
3341                                     sizeof (sc->sc_config));
3342                         } else {
3343                                 mutex_exit(&sc->sc_mt_lock);
3344                                 ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
3345                                 delay(drv_usectohz(2000000 + n*500000));
3346                                 mutex_enter(&sc->sc_mt_lock);
3347                         }
3348 
3349                         err = iwk_init(sc);
3350                         if (err != IWK_SUCCESS) {
3351                                 n++;
3352                                 if (n < 20)
3353                                         continue;
3354                         }
3355                         n = 0;
3356                         if (!err)
3357                                 sc->sc_flags |= IWK_F_RUNNING;
3358 
3359                         if (!IWK_CHK_FAST_RECOVER(sc) ||
3360                             iwk_fast_recover(sc) != IWK_SUCCESS) {
3361                                 sc->sc_flags &= ~IWK_F_HW_ERR_RECOVER;
3362 
3363                                 mutex_exit(&sc->sc_mt_lock);
3364                                 delay(drv_usectohz(2000000));
3365                                 if (sc->sc_ostate != IEEE80211_S_INIT)
3366                                         ieee80211_new_state(ic,
3367                                             IEEE80211_S_SCAN, 0);
3368                                 mutex_enter(&sc->sc_mt_lock);
3369                         }
3370                 }
3371 
3372                 if (ic->ic_mach && (sc->sc_flags & IWK_F_LAZY_RESUME)) {
3373                         IWK_DBG((IWK_DEBUG_RESUME,
3374                             "iwk_thread(): lazy resume\n"));
3375 
3376                         sc->sc_flags &= ~IWK_F_LAZY_RESUME;
3377                         mutex_exit(&sc->sc_mt_lock);
3378                         /*
3379                          * NB: under WPA mode, this call hangs (door problem?)
3380                          * when called in iwk_attach() and iwk_detach() while
3381                          * system is in the procedure of CPR. To be safe, let
3382                          * the thread do this.
3383                          */
3384                         ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1);
3385                         mutex_enter(&sc->sc_mt_lock);
3386                 }
3387 
3388                 if (ic->ic_mach &&
3389                     (sc->sc_flags & IWK_F_SCANNING) && sc->sc_scan_pending) {
3390                         IWK_DBG((IWK_DEBUG_SCAN,
3391                             "iwk_thread(): "
3392                             "wait for probe response\n"));
3393                         sc->sc_scan_pending--;
3394                         mutex_exit(&sc->sc_mt_lock);
3395                         delay(drv_usectohz(200000));
3396                         if (sc->sc_flags & IWK_F_SCANNING)
3397                                 ieee80211_next_scan(ic);
3398                         mutex_enter(&sc->sc_mt_lock);
3399                 }
3400 
3401                 /*
3402                  * rate ctl
3403                  */
3404                 if (ic->ic_mach &&
3405                     (sc->sc_flags & IWK_F_RATE_AUTO_CTL)) {
3406                         clk = ddi_get_lbolt();
3407                         if (clk > sc->sc_clk + drv_usectohz(500000)) {
3408                                 iwk_amrr_timeout(sc);
3409                         }
3410                 }
3411 
3412                 if ((ic->ic_state == IEEE80211_S_RUN) &&
3413                     (ic->ic_beaconmiss++ > 50)) { /* 5 seconds */
3414                         cmn_err(CE_WARN, "iwk: beacon missed for 5 seconds\n");
3415                         (void) ieee80211_new_state(ic,
3416                             IEEE80211_S_INIT, -1);
3417                 }
3418 
3419                 mutex_exit(&sc->sc_mt_lock);
3420                 delay(drv_usectohz(100000));
3421                 mutex_enter(&sc->sc_mt_lock);
3422 
3423                 if (sc->sc_tx_timer) {
3424                         timeout++;
3425                         if (timeout == 10) {
3426                                 sc->sc_tx_timer--;
3427                                 if (sc->sc_tx_timer == 0) {
3428                                         sc->sc_flags |= IWK_F_HW_ERR_RECOVER;
3429                                         sc->sc_ostate = IEEE80211_S_RUN;
3430                                         IWK_DBG((IWK_DEBUG_FW,
3431                                             "iwk_thread(): try to recover from"
3432                                             " 'send fail\n"));
3433                                 }
3434                                 timeout = 0;
3435                         }
3436                 }
3437 
3438         }
3439         sc->sc_mf_thread = NULL;
3440         cv_signal(&sc->sc_mt_cv);
3441         mutex_exit(&sc->sc_mt_lock);
3442 }
3443 
3444 
3445 /*
3446  * Send a command to the firmware.
3447  */
3448 static int
3449 iwk_cmd(iwk_sc_t *sc, int code, const void *buf, int size, int async)
3450 {
3451         iwk_tx_ring_t *ring = &sc->sc_txq[IWK_CMD_QUEUE_NUM];
3452         iwk_tx_desc_t *desc;
3453         iwk_cmd_t *cmd;
3454         clock_t clk;
3455 
3456         ASSERT(size <= sizeof (cmd->data));
3457         ASSERT(mutex_owned(&sc->sc_glock));
3458 
3459         IWK_DBG((IWK_DEBUG_CMD, "iwk_cmd() code[%d]", code));
3460         desc = ring->data[ring->cur].desc;
3461         cmd = ring->data[ring->cur].cmd;
3462 
3463         cmd->hdr.type = (uint8_t)code;
3464         cmd->hdr.flags = 0;
3465         cmd->hdr.qid = ring->qid;
3466         cmd->hdr.idx = ring->cur;
3467         (void) memcpy(cmd->data, buf, size);
3468         (void) memset(desc, 0, sizeof (*desc));
3469 
3470         desc->val0 = 1 << 24;
3471         desc->pa[0].tb1_addr =
3472             (uint32_t)(ring->data[ring->cur].paddr_cmd & 0xffffffff);
3473         desc->pa[0].val1 = ((4 + size) << 4) & 0xfff0;
3474 
3475         /* kick cmd ring XXX */
3476         sc->sc_shared->queues_byte_cnt_tbls[ring->qid].
3477             tfd_offset[ring->cur].val = 8;
3478         if (ring->cur < IWK_MAX_WIN_SIZE) {
3479                 sc->sc_shared->queues_byte_cnt_tbls[ring->qid].
3480                     tfd_offset[IWK_QUEUE_SIZE + ring->cur].val = 8;
3481         }
3482         ring->cur = (ring->cur + 1) % ring->count;
3483         IWK_WRITE(sc, HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3484 
3485         if (async)
3486                 return (IWK_SUCCESS);
3487         else {
3488                 sc->sc_flags &= ~IWK_F_CMD_DONE;
3489                 clk = ddi_get_lbolt() + drv_usectohz(2000000);
3490                 while (!(sc->sc_flags & IWK_F_CMD_DONE)) {
3491                         if (cv_timedwait(&sc->sc_cmd_cv, &sc->sc_glock, clk) <
3492                             0)
3493                                 break;
3494                 }
3495                 if (sc->sc_flags & IWK_F_CMD_DONE)
3496                         return (IWK_SUCCESS);
3497                 else
3498                         return (IWK_FAIL);
3499         }
3500 }
3501 
3502 static void
3503 iwk_set_led(iwk_sc_t *sc, uint8_t id, uint8_t off, uint8_t on)
3504 {
3505         iwk_led_cmd_t led;
3506 
3507         led.interval = LE_32(100000);   /* unit: 100ms */
3508         led.id = id;
3509         led.off = off;
3510         led.on = on;
3511 
3512         (void) iwk_cmd(sc, REPLY_LEDS_CMD, &led, sizeof (led), 1);
3513 }
3514 
3515 static int
3516 iwk_hw_set_before_auth(iwk_sc_t *sc)
3517 {
3518         ieee80211com_t *ic = &sc->sc_ic;
3519         ieee80211_node_t *in = ic->ic_bss;
3520         iwk_add_sta_t node;
3521         iwk_link_quality_cmd_t link_quality;
3522         struct ieee80211_rateset rs;
3523         uint16_t masks = 0, rate;
3524         int i, err;
3525 
3526         if (in->in_chan == IEEE80211_CHAN_ANYC) {
3527                 cmn_err(CE_WARN, "iwk_hw_set_before_auth():"
3528                     "channel (%d) isn't in proper range\n",
3529                     LE_16(ieee80211_chan2ieee(ic, in->in_chan)));
3530                 return (IWK_FAIL);
3531         }
3532 
3533         /* update adapter's configuration according the info of target AP */
3534         IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid);
3535         sc->sc_config.chan = LE_16(ieee80211_chan2ieee(ic, in->in_chan));
3536         if (ic->ic_curmode == IEEE80211_MODE_11B) {
3537                 sc->sc_config.cck_basic_rates  = 0x03;
3538                 sc->sc_config.ofdm_basic_rates = 0;
3539         } else if ((in->in_chan != IEEE80211_CHAN_ANYC) &&
3540             (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) {
3541                 sc->sc_config.cck_basic_rates  = 0;
3542                 sc->sc_config.ofdm_basic_rates = 0x15;
3543         } else { /* assume 802.11b/g */
3544                 sc->sc_config.cck_basic_rates  = 0x0f;
3545                 sc->sc_config.ofdm_basic_rates = 0xff;
3546         }
3547 
3548         sc->sc_config.flags &= ~LE_32(RXON_FLG_SHORT_PREAMBLE_MSK |
3549             RXON_FLG_SHORT_SLOT_MSK);
3550 
3551         if (ic->ic_flags & IEEE80211_F_SHSLOT)
3552                 sc->sc_config.flags |= LE_32(RXON_FLG_SHORT_SLOT_MSK);
3553         else
3554                 sc->sc_config.flags &= LE_32(~RXON_FLG_SHORT_SLOT_MSK);
3555 
3556         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3557                 sc->sc_config.flags |= LE_32(RXON_FLG_SHORT_PREAMBLE_MSK);
3558         else
3559                 sc->sc_config.flags &= LE_32(~RXON_FLG_SHORT_PREAMBLE_MSK);
3560 
3561         IWK_DBG((IWK_DEBUG_80211, "config chan %d flags %x "
3562             "filter_flags %x  cck %x ofdm %x"
3563             " bssid:%02x:%02x:%02x:%02x:%02x:%2x\n",
3564             LE_16(sc->sc_config.chan), LE_32(sc->sc_config.flags),
3565             LE_32(sc->sc_config.filter_flags),
3566             sc->sc_config.cck_basic_rates, sc->sc_config.ofdm_basic_rates,
3567             sc->sc_config.bssid[0], sc->sc_config.bssid[1],
3568             sc->sc_config.bssid[2], sc->sc_config.bssid[3],
3569             sc->sc_config.bssid[4], sc->sc_config.bssid[5]));
3570         err = iwk_cmd(sc, REPLY_RXON, &sc->sc_config,
3571             sizeof (iwk_rxon_cmd_t), 1);
3572         if (err != IWK_SUCCESS) {
3573                 cmn_err(CE_WARN, "iwk_hw_set_before_auth():"
3574                     " failed to config chan%d\n",
3575                     sc->sc_config.chan);
3576                 return (err);
3577         }
3578 
3579         /* obtain current temperature of chipset */
3580         sc->sc_tempera = iwk_curr_tempera(sc);
3581 
3582         /* make Tx power calibration to determine the gains of DSP and radio */
3583         err = iwk_tx_power_calibration(sc);
3584         if (err) {
3585                 cmn_err(CE_WARN, "iwk_hw_set_before_auth():"
3586                     "failed to set tx power table\n");
3587                 return (err);
3588         }
3589 
3590         /* add default AP node */
3591         (void) memset(&node, 0, sizeof (node));
3592         IEEE80211_ADDR_COPY(node.bssid, in->in_bssid);
3593         node.id = IWK_AP_ID;
3594         err = iwk_cmd(sc, REPLY_ADD_STA, &node, sizeof (node), 1);
3595         if (err != IWK_SUCCESS) {
3596                 cmn_err(CE_WARN, "iwk_hw_set_before_auth(): "
3597                     "failed to add BSS node\n");
3598                 return (err);
3599         }
3600 
3601         /* TX_LINK_QUALITY cmd */
3602         (void) memset(&link_quality, 0, sizeof (link_quality));
3603         rs = ic->ic_sup_rates[ieee80211_chan2mode(ic, ic->ic_curchan)];
3604         for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++) {
3605                 if (i < rs.ir_nrates)
3606                         rate = rs.ir_rates[rs.ir_nrates - i];
3607                 else
3608                         rate = 2;
3609                 if (rate == 2 || rate == 4 || rate == 11 || rate == 22)
3610                         masks |= RATE_MCS_CCK_MSK;
3611                 masks |= RATE_MCS_ANT_B_MSK;
3612                 masks &= ~RATE_MCS_ANT_A_MSK;
3613                 link_quality.rate_n_flags[i] =
3614                     LE_32(iwk_rate_to_plcp(rate) | masks);
3615         }
3616 
3617         link_quality.general_params.single_stream_ant_msk = 2;
3618         link_quality.general_params.dual_stream_ant_msk = 3;
3619         link_quality.agg_params.agg_dis_start_th = 3;
3620         link_quality.agg_params.agg_time_limit = LE_16(4000);
3621         link_quality.sta_id = IWK_AP_ID;
3622         err = iwk_cmd(sc, REPLY_TX_LINK_QUALITY_CMD, &link_quality,
3623             sizeof (link_quality), 1);
3624         if (err != IWK_SUCCESS) {
3625                 cmn_err(CE_WARN, "iwk_hw_set_before_auth(): "
3626                     "failed to config link quality table\n");
3627                 return (err);
3628         }
3629 
3630         return (IWK_SUCCESS);
3631 }
3632 
3633 /*
3634  * Send a scan request(assembly scan cmd) to the firmware.
3635  */
3636 static int
3637 iwk_scan(iwk_sc_t *sc)
3638 {
3639         ieee80211com_t *ic = &sc->sc_ic;
3640         iwk_tx_ring_t *ring = &sc->sc_txq[IWK_CMD_QUEUE_NUM];
3641         iwk_tx_desc_t *desc;
3642         iwk_tx_data_t *data;
3643         iwk_cmd_t *cmd;
3644         iwk_scan_hdr_t *hdr;
3645         iwk_scan_chan_t *chan;
3646         struct ieee80211_frame *wh;
3647         ieee80211_node_t *in = ic->ic_bss;
3648         uint8_t essid[IEEE80211_NWID_LEN+1];
3649         struct ieee80211_rateset *rs;
3650         enum ieee80211_phymode mode;
3651         uint8_t *frm;
3652         int i, pktlen, nrates;
3653 
3654         data = &ring->data[ring->cur];
3655         desc = data->desc;
3656         cmd = (iwk_cmd_t *)data->dma_data.mem_va;
3657 
3658         cmd->hdr.type = REPLY_SCAN_CMD;
3659         cmd->hdr.flags = 0;
3660         cmd->hdr.qid = ring->qid;
3661         cmd->hdr.idx = ring->cur | 0x40;
3662 
3663         hdr = (iwk_scan_hdr_t *)cmd->data;
3664         (void) memset(hdr, 0, sizeof (iwk_scan_hdr_t));
3665         hdr->nchan = 1;
3666         hdr->quiet_time = LE_16(50);
3667         hdr->quiet_plcp_th = LE_16(1);
3668 
3669         hdr->flags = LE_32(RXON_FLG_BAND_24G_MSK | RXON_FLG_AUTO_DETECT_MSK);
3670         hdr->rx_chain = LE_16(RXON_RX_CHAIN_DRIVER_FORCE_MSK |
3671             (0x7 << RXON_RX_CHAIN_VALID_POS) |
3672             (0x6 << RXON_RX_CHAIN_FORCE_SEL_POS) |
3673             (0x7 << RXON_RX_CHAIN_FORCE_MIMO_SEL_POS));
3674 
3675         hdr->tx_cmd.tx_flags = LE_32(TX_CMD_FLG_SEQ_CTL_MSK);
3676         hdr->tx_cmd.sta_id = IWK_BROADCAST_ID;
3677         hdr->tx_cmd.stop_time.life_time = LE_32(0xffffffff);
3678         hdr->tx_cmd.tx_flags |= LE_32(0x200);
3679         hdr->tx_cmd.rate.r.rate_n_flags = LE_32(iwk_rate_to_plcp(2));
3680         hdr->tx_cmd.rate.r.rate_n_flags |=
3681             LE_32(RATE_MCS_ANT_B_MSK|RATE_MCS_CCK_MSK);
3682         hdr->direct_scan[0].len = ic->ic_des_esslen;
3683         hdr->direct_scan[0].id  = IEEE80211_ELEMID_SSID;
3684 
3685         if (ic->ic_des_esslen) {
3686                 bcopy(ic->ic_des_essid, essid, ic->ic_des_esslen);
3687                 essid[ic->ic_des_esslen] = '\0';
3688                 IWK_DBG((IWK_DEBUG_SCAN, "directed scan %s\n", essid));
3689 
3690                 bcopy(ic->ic_des_essid, hdr->direct_scan[0].ssid,
3691                     ic->ic_des_esslen);
3692         } else {
3693                 bzero(hdr->direct_scan[0].ssid,
3694                     sizeof (hdr->direct_scan[0].ssid));
3695         }
3696         /*
3697          * a probe request frame is required after the REPLY_SCAN_CMD
3698          */
3699         wh = (struct ieee80211_frame *)(hdr + 1);
3700         wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
3701             IEEE80211_FC0_SUBTYPE_PROBE_REQ;
3702         wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
3703         (void) memset(wh->i_addr1, 0xff, 6);
3704         IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_macaddr);
3705         (void) memset(wh->i_addr3, 0xff, 6);
3706         *(uint16_t *)&wh->i_dur[0] = 0;
3707         *(uint16_t *)&wh->i_seq[0] = 0;
3708 
3709         frm = (uint8_t *)(wh + 1);
3710 
3711         /* essid IE */
3712         if (in->in_esslen) {
3713                 bcopy(in->in_essid, essid, in->in_esslen);
3714                 essid[in->in_esslen] = '\0';
3715                 IWK_DBG((IWK_DEBUG_SCAN, "probe with ESSID %s\n",
3716                     essid));
3717         }
3718         *frm++ = IEEE80211_ELEMID_SSID;
3719         *frm++ = in->in_esslen;
3720         (void) memcpy(frm, in->in_essid, in->in_esslen);
3721         frm += in->in_esslen;
3722 
3723         mode = ieee80211_chan2mode(ic, ic->ic_curchan);
3724         rs = &ic->ic_sup_rates[mode];
3725 
3726         /* supported rates IE */
3727         *frm++ = IEEE80211_ELEMID_RATES;
3728         nrates = rs->ir_nrates;
3729         if (nrates > IEEE80211_RATE_SIZE)
3730                 nrates = IEEE80211_RATE_SIZE;
3731         *frm++ = (uint8_t)nrates;
3732         (void) memcpy(frm, rs->ir_rates, nrates);
3733         frm += nrates;
3734 
3735         /* supported xrates IE */
3736         if (rs->ir_nrates > IEEE80211_RATE_SIZE) {
3737                 nrates = rs->ir_nrates - IEEE80211_RATE_SIZE;
3738                 *frm++ = IEEE80211_ELEMID_XRATES;
3739                 *frm++ = (uint8_t)nrates;
3740                 (void) memcpy(frm, rs->ir_rates + IEEE80211_RATE_SIZE, nrates);
3741                 frm += nrates;
3742         }
3743 
3744         /* optionnal IE (usually for wpa) */
3745         if (ic->ic_opt_ie != NULL) {
3746                 (void) memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len);
3747                 frm += ic->ic_opt_ie_len;
3748         }
3749 
3750         /* setup length of probe request */
3751         hdr->tx_cmd.len = LE_16(_PTRDIFF(frm, wh));
3752         hdr->len = LE_16(hdr->nchan * sizeof (iwk_scan_chan_t) +
3753             LE_16(hdr->tx_cmd.len) + sizeof (iwk_scan_hdr_t));
3754 
3755         /*
3756          * the attribute of the scan channels are required after the probe
3757          * request frame.
3758          */
3759         chan = (iwk_scan_chan_t *)frm;
3760         for (i = 1; i <= hdr->nchan; i++, chan++) {
3761                 if (ic->ic_des_esslen) {
3762                         chan->type = 3;
3763                 } else {
3764                         chan->type = 1;
3765                 }
3766 
3767                 chan->chan = ieee80211_chan2ieee(ic, ic->ic_curchan);
3768                 chan->tpc.tx_gain = 0x3f;
3769                 chan->tpc.dsp_atten = 110;
3770                 chan->active_dwell = LE_16(50);
3771                 chan->passive_dwell = LE_16(120);
3772 
3773                 frm += sizeof (iwk_scan_chan_t);
3774         }
3775 
3776         pktlen = _PTRDIFF(frm, cmd);
3777 
3778         (void) memset(desc, 0, sizeof (*desc));
3779         desc->val0 = 1 << 24;
3780         desc->pa[0].tb1_addr =
3781             (uint32_t)(data->dma_data.cookie.dmac_address & 0xffffffff);
3782         desc->pa[0].val1 = (pktlen << 4) & 0xfff0;
3783 
3784         /*
3785          * maybe for cmd, filling the byte cnt table is not necessary.
3786          * anyway, we fill it here.
3787          */
3788         sc->sc_shared->queues_byte_cnt_tbls[ring->qid].
3789             tfd_offset[ring->cur].val = 8;
3790         if (ring->cur < IWK_MAX_WIN_SIZE) {
3791                 sc->sc_shared->queues_byte_cnt_tbls[ring->qid].
3792                     tfd_offset[IWK_QUEUE_SIZE + ring->cur].val = 8;
3793         }
3794 
3795         /* kick cmd ring */
3796         ring->cur = (ring->cur + 1) % ring->count;
3797         IWK_WRITE(sc, HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
3798 
3799         return (IWK_SUCCESS);
3800 }
3801 
3802 static int
3803 iwk_config(iwk_sc_t *sc)
3804 {
3805         ieee80211com_t *ic = &sc->sc_ic;
3806         iwk_powertable_cmd_t powertable;
3807         iwk_bt_cmd_t bt;
3808         iwk_add_sta_t node;
3809         iwk_link_quality_cmd_t link_quality;
3810         int i, err;
3811         uint16_t masks = 0;
3812 
3813         /*
3814          * set power mode. Disable power management at present, do it later
3815          */
3816         (void) memset(&powertable, 0, sizeof (powertable));
3817         powertable.flags = LE_16(0x8);
3818         err = iwk_cmd(sc, POWER_TABLE_CMD, &powertable,
3819             sizeof (powertable), 0);
3820         if (err != IWK_SUCCESS) {
3821                 cmn_err(CE_WARN, "iwk_config(): failed to set power mode\n");
3822                 return (err);
3823         }
3824 
3825         /* configure bt coexistence */
3826         (void) memset(&bt, 0, sizeof (bt));
3827         bt.flags = 3;
3828         bt.lead_time = 0xaa;
3829         bt.max_kill = 1;
3830         err = iwk_cmd(sc, REPLY_BT_CONFIG, &bt,
3831             sizeof (bt), 0);
3832         if (err != IWK_SUCCESS) {
3833                 cmn_err(CE_WARN,
3834                     "iwk_config(): "
3835                     "failed to configurate bt coexistence\n");
3836                 return (err);
3837         }
3838 
3839         /* configure rxon */
3840         (void) memset(&sc->sc_config, 0, sizeof (iwk_rxon_cmd_t));
3841         IEEE80211_ADDR_COPY(sc->sc_config.node_addr, ic->ic_macaddr);
3842         IEEE80211_ADDR_COPY(sc->sc_config.wlap_bssid, ic->ic_macaddr);
3843         sc->sc_config.chan = LE_16(ieee80211_chan2ieee(ic, ic->ic_curchan));
3844         sc->sc_config.flags = LE_32(RXON_FLG_TSF2HOST_MSK |
3845             RXON_FLG_AUTO_DETECT_MSK | RXON_FLG_BAND_24G_MSK);
3846         sc->sc_config.flags &= LE_32(~RXON_FLG_CCK_MSK);
3847         switch (ic->ic_opmode) {
3848         case IEEE80211_M_STA:
3849                 sc->sc_config.dev_type = RXON_DEV_TYPE_ESS;
3850                 sc->sc_config.filter_flags |= LE_32(RXON_FILTER_ACCEPT_GRP_MSK |
3851                     RXON_FILTER_DIS_DECRYPT_MSK |
3852                     RXON_FILTER_DIS_GRP_DECRYPT_MSK);
3853                 break;
3854         case IEEE80211_M_IBSS:
3855         case IEEE80211_M_AHDEMO:
3856                 sc->sc_config.dev_type = RXON_DEV_TYPE_IBSS;
3857                 sc->sc_config.flags |= LE_32(RXON_FLG_SHORT_PREAMBLE_MSK);
3858                 sc->sc_config.filter_flags = LE_32(RXON_FILTER_ACCEPT_GRP_MSK |
3859                     RXON_FILTER_DIS_DECRYPT_MSK |
3860                     RXON_FILTER_DIS_GRP_DECRYPT_MSK);
3861                 break;
3862         case IEEE80211_M_HOSTAP:
3863                 sc->sc_config.dev_type = RXON_DEV_TYPE_AP;
3864                 break;
3865         case IEEE80211_M_MONITOR:
3866                 sc->sc_config.dev_type = RXON_DEV_TYPE_SNIFFER;
3867                 sc->sc_config.filter_flags |= LE_32(RXON_FILTER_ACCEPT_GRP_MSK |
3868                     RXON_FILTER_CTL2HOST_MSK | RXON_FILTER_PROMISC_MSK);
3869                 break;
3870         }
3871         sc->sc_config.cck_basic_rates  = 0x0f;
3872         sc->sc_config.ofdm_basic_rates = 0xff;
3873 
3874         sc->sc_config.ofdm_ht_single_stream_basic_rates = 0xff;
3875         sc->sc_config.ofdm_ht_dual_stream_basic_rates = 0xff;
3876 
3877         /* set antenna */
3878 
3879         sc->sc_config.rx_chain = LE_16(RXON_RX_CHAIN_DRIVER_FORCE_MSK |
3880             (0x7 << RXON_RX_CHAIN_VALID_POS) |
3881             (0x6 << RXON_RX_CHAIN_FORCE_SEL_POS) |
3882             (0x7 << RXON_RX_CHAIN_FORCE_MIMO_SEL_POS));
3883 
3884         err = iwk_cmd(sc, REPLY_RXON, &sc->sc_config,
3885             sizeof (iwk_rxon_cmd_t), 0);
3886         if (err != IWK_SUCCESS) {
3887                 cmn_err(CE_WARN, "iwk_config(): "
3888                     "failed to set configure command\n");
3889                 return (err);
3890         }
3891         /* obtain current temperature of chipset */
3892         sc->sc_tempera = iwk_curr_tempera(sc);
3893 
3894         /* make Tx power calibration to determine the gains of DSP and radio */
3895         err = iwk_tx_power_calibration(sc);
3896         if (err) {
3897                 cmn_err(CE_WARN, "iwk_config(): "
3898                     "failed to set tx power table\n");
3899                 return (err);
3900         }
3901 
3902         /* add broadcast node so that we can send broadcast frame */
3903         (void) memset(&node, 0, sizeof (node));
3904         (void) memset(node.bssid, 0xff, 6);
3905         node.id = IWK_BROADCAST_ID;
3906         err = iwk_cmd(sc, REPLY_ADD_STA, &node, sizeof (node), 0);
3907         if (err != IWK_SUCCESS) {
3908                 cmn_err(CE_WARN, "iwk_config(): "
3909                     "failed to add broadcast node\n");
3910                 return (err);
3911         }
3912 
3913         /* TX_LINK_QUALITY cmd ? */
3914         (void) memset(&link_quality, 0, sizeof (link_quality));
3915         for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++) {
3916                 masks |= RATE_MCS_CCK_MSK;
3917                 masks |= RATE_MCS_ANT_B_MSK;
3918                 masks &= ~RATE_MCS_ANT_A_MSK;
3919                 link_quality.rate_n_flags[i] =
3920                     LE_32(iwk_rate_to_plcp(2) | masks);
3921         }
3922 
3923         link_quality.general_params.single_stream_ant_msk = 2;
3924         link_quality.general_params.dual_stream_ant_msk = 3;
3925         link_quality.agg_params.agg_dis_start_th = 3;
3926         link_quality.agg_params.agg_time_limit = LE_16(4000);
3927         link_quality.sta_id = IWK_BROADCAST_ID;
3928         err = iwk_cmd(sc, REPLY_TX_LINK_QUALITY_CMD, &link_quality,
3929             sizeof (link_quality), 0);
3930         if (err != IWK_SUCCESS) {
3931                 cmn_err(CE_WARN, "iwk_config(): "
3932                     "failed to config link quality table\n");
3933                 return (err);
3934         }
3935 
3936         return (IWK_SUCCESS);
3937 }
3938 
3939 static void
3940 iwk_stop_master(iwk_sc_t *sc)
3941 {
3942         uint32_t tmp;
3943         int n;
3944 
3945         tmp = IWK_READ(sc, CSR_RESET);
3946         IWK_WRITE(sc, CSR_RESET, tmp | CSR_RESET_REG_FLAG_STOP_MASTER);
3947 
3948         tmp = IWK_READ(sc, CSR_GP_CNTRL);
3949         if ((tmp & CSR_GP_CNTRL_REG_MSK_POWER_SAVE_TYPE) ==
3950             CSR_GP_CNTRL_REG_FLAG_MAC_POWER_SAVE)
3951                 return;
3952 
3953         for (n = 0; n < 2000; n++) {
3954                 if (IWK_READ(sc, CSR_RESET) &
3955                     CSR_RESET_REG_FLAG_MASTER_DISABLED)
3956                         break;
3957                 DELAY(1000);
3958         }
3959         if (n == 2000)
3960                 IWK_DBG((IWK_DEBUG_HW,
3961                     "timeout waiting for master stop\n"));
3962 }
3963 
3964 static int
3965 iwk_power_up(iwk_sc_t *sc)
3966 {
3967         uint32_t tmp;
3968 
3969         iwk_mac_access_enter(sc);
3970         tmp = iwk_reg_read(sc, ALM_APMG_PS_CTL);
3971         tmp &= ~APMG_PS_CTRL_REG_MSK_POWER_SRC;
3972         tmp |= APMG_PS_CTRL_REG_VAL_POWER_SRC_VMAIN;
3973         iwk_reg_write(sc, ALM_APMG_PS_CTL, tmp);
3974         iwk_mac_access_exit(sc);
3975 
3976         DELAY(5000);
3977         return (IWK_SUCCESS);
3978 }
3979 
3980 static int
3981 iwk_preinit(iwk_sc_t *sc)
3982 {
3983         uint32_t tmp;
3984         int n;
3985         uint8_t vlink;
3986 
3987         /* clear any pending interrupts */
3988         IWK_WRITE(sc, CSR_INT, 0xffffffff);
3989 
3990         tmp = IWK_READ(sc, CSR_GIO_CHICKEN_BITS);
3991         IWK_WRITE(sc, CSR_GIO_CHICKEN_BITS,
3992             tmp | CSR_GIO_CHICKEN_BITS_REG_BIT_DIS_L0S_EXIT_TIMER);
3993 
3994         tmp = IWK_READ(sc, CSR_GP_CNTRL);
3995         IWK_WRITE(sc, CSR_GP_CNTRL, tmp | CSR_GP_CNTRL_REG_FLAG_INIT_DONE);
3996 
3997         /* wait for clock ready */
3998         for (n = 0; n < 1000; n++) {
3999                 if (IWK_READ(sc, CSR_GP_CNTRL) &
4000                     CSR_GP_CNTRL_REG_FLAG_MAC_CLOCK_READY)
4001                         break;
4002                 DELAY(10);
4003         }
4004         if (n == 1000) {
4005                 cmn_err(CE_WARN,
4006                     "iwk_preinit(): timeout waiting for clock ready\n");
4007                 return (ETIMEDOUT);
4008         }
4009         iwk_mac_access_enter(sc);
4010         tmp = iwk_reg_read(sc, APMG_CLK_CTRL_REG);
4011         iwk_reg_write(sc, APMG_CLK_CTRL_REG, tmp |
4012             APMG_CLK_REG_VAL_DMA_CLK_RQT | APMG_CLK_REG_VAL_BSM_CLK_RQT);
4013 
4014         DELAY(20);
4015         tmp = iwk_reg_read(sc, ALM_APMG_PCIDEV_STT);
4016         iwk_reg_write(sc, ALM_APMG_PCIDEV_STT, tmp |
4017             APMG_DEV_STATE_REG_VAL_L1_ACTIVE_DISABLE);
4018         iwk_mac_access_exit(sc);
4019 
4020         IWK_WRITE(sc, CSR_INT_COALESCING, 512 / 32); /* ??? */
4021 
4022         (void) iwk_power_up(sc);
4023 
4024         if ((sc->sc_rev & 0x80) == 0x80 && (sc->sc_rev & 0x7f) < 8) {
4025                 tmp = ddi_get32(sc->sc_cfg_handle,
4026                     (uint32_t *)(sc->sc_cfg_base + 0xe8));
4027                 ddi_put32(sc->sc_cfg_handle,
4028                     (uint32_t *)(sc->sc_cfg_base + 0xe8),
4029                     tmp & ~(1 << 11));
4030         }
4031 
4032 
4033         vlink = ddi_get8(sc->sc_cfg_handle,
4034             (uint8_t *)(sc->sc_cfg_base + 0xf0));
4035         ddi_put8(sc->sc_cfg_handle, (uint8_t *)(sc->sc_cfg_base + 0xf0),
4036             vlink & ~2);
4037 
4038         tmp = IWK_READ(sc, CSR_SW_VER);
4039         tmp |= CSR_HW_IF_CONFIG_REG_BIT_RADIO_SI |
4040             CSR_HW_IF_CONFIG_REG_BIT_MAC_SI |
4041             CSR_HW_IF_CONFIG_REG_BIT_KEDRON_R;
4042         IWK_WRITE(sc, CSR_SW_VER, tmp);
4043 
4044         /* make sure power supply on each part of the hardware */
4045         iwk_mac_access_enter(sc);
4046         tmp = iwk_reg_read(sc, ALM_APMG_PS_CTL);
4047         tmp |= APMG_PS_CTRL_REG_VAL_ALM_R_RESET_REQ;
4048         iwk_reg_write(sc, ALM_APMG_PS_CTL, tmp);
4049         DELAY(5);
4050         tmp = iwk_reg_read(sc, ALM_APMG_PS_CTL);
4051         tmp &= ~APMG_PS_CTRL_REG_VAL_ALM_R_RESET_REQ;
4052         iwk_reg_write(sc, ALM_APMG_PS_CTL, tmp);
4053         iwk_mac_access_exit(sc);
4054         return (IWK_SUCCESS);
4055 }
4056 
4057 /*
4058  * set up semphore flag to own EEPROM
4059  */
4060 static int iwk_eep_sem_down(iwk_sc_t *sc)
4061 {
4062         int count1, count2;
4063         uint32_t tmp;
4064 
4065         for (count1 = 0; count1 < 1000; count1++) {
4066                 tmp = IWK_READ(sc, CSR_HW_IF_CONFIG_REG);
4067                 IWK_WRITE(sc, CSR_HW_IF_CONFIG_REG,
4068                     tmp | CSR_HW_IF_CONFIG_REG_EEP_SEM);
4069 
4070                 for (count2 = 0; count2 < 2; count2++) {
4071                         if (IWK_READ(sc, CSR_HW_IF_CONFIG_REG) &
4072                             CSR_HW_IF_CONFIG_REG_EEP_SEM)
4073                                 return (IWK_SUCCESS);
4074                         DELAY(10000);
4075                 }
4076         }
4077         return (IWK_FAIL);
4078 }
4079 
4080 /*
4081  * reset semphore flag to release EEPROM
4082  */
4083 static void iwk_eep_sem_up(iwk_sc_t *sc)
4084 {
4085         uint32_t tmp;
4086 
4087         tmp = IWK_READ(sc, CSR_HW_IF_CONFIG_REG);
4088         IWK_WRITE(sc, CSR_HW_IF_CONFIG_REG,
4089             tmp & (~CSR_HW_IF_CONFIG_REG_EEP_SEM));
4090 }
4091 
4092 /*
4093  * This function load all infomation in eeprom into iwk_eep
4094  * structure in iwk_sc_t structure
4095  */
4096 static int iwk_eep_load(iwk_sc_t *sc)
4097 {
4098         int i, rr;
4099         uint32_t rv, tmp, eep_gp;
4100         uint16_t addr, eep_sz = sizeof (sc->sc_eep_map);
4101         uint16_t *eep_p = (uint16_t *)&sc->sc_eep_map;
4102 
4103         /* read eeprom gp register in CSR */
4104         eep_gp = IWK_READ(sc, CSR_EEPROM_GP);
4105         if ((eep_gp & CSR_EEPROM_GP_VALID_MSK) ==
4106             CSR_EEPROM_GP_BAD_SIGNATURE) {
4107                 cmn_err(CE_WARN, "EEPROM not found\n");
4108                 return (IWK_FAIL);
4109         }
4110 
4111         rr = iwk_eep_sem_down(sc);
4112         if (rr != 0) {
4113                 cmn_err(CE_WARN, "failed to own EEPROM\n");
4114                 return (IWK_FAIL);
4115         }
4116 
4117         for (addr = 0; addr < eep_sz; addr += 2) {
4118                 IWK_WRITE(sc, CSR_EEPROM_REG, addr<<1);
4119                 tmp = IWK_READ(sc, CSR_EEPROM_REG);
4120                 IWK_WRITE(sc, CSR_EEPROM_REG, tmp & ~(0x2));
4121 
4122                 for (i = 0; i < 10; i++) {
4123                         rv = IWK_READ(sc, CSR_EEPROM_REG);
4124                         if (rv & 1)
4125                                 break;
4126                         DELAY(10);
4127                 }
4128 
4129                 if (!(rv & 1)) {
4130                         cmn_err(CE_WARN, "time out when read EEPROM\n");
4131                         iwk_eep_sem_up(sc);
4132                         return (IWK_FAIL);
4133                 }
4134 
4135                 eep_p[addr/2] = LE_16(rv >> 16);
4136         }
4137 
4138         iwk_eep_sem_up(sc);
4139         return (IWK_SUCCESS);
4140 }
4141 
4142 /*
4143  * init mac address in ieee80211com_t struct
4144  */
4145 static void iwk_get_mac_from_eep(iwk_sc_t *sc)
4146 {
4147         ieee80211com_t *ic = &sc->sc_ic;
4148         struct iwk_eep *ep = &sc->sc_eep_map;
4149 
4150         IEEE80211_ADDR_COPY(ic->ic_macaddr, ep->mac_address);
4151 
4152         IWK_DBG((IWK_DEBUG_EEPROM, "mac:%2x:%2x:%2x:%2x:%2x:%2x\n",
4153             ic->ic_macaddr[0], ic->ic_macaddr[1], ic->ic_macaddr[2],
4154             ic->ic_macaddr[3], ic->ic_macaddr[4], ic->ic_macaddr[5]));
4155 }
4156 
4157 static int
4158 iwk_init(iwk_sc_t *sc)
4159 {
4160         int qid, n, err;
4161         clock_t clk;
4162         uint32_t tmp;
4163 
4164         mutex_enter(&sc->sc_glock);
4165         sc->sc_flags &= ~IWK_F_FW_INIT;
4166 
4167         (void) iwk_preinit(sc);
4168 
4169         tmp = IWK_READ(sc, CSR_GP_CNTRL);
4170         if (!(tmp & CSR_GP_CNTRL_REG_FLAG_HW_RF_KILL_SW)) {
4171                 cmn_err(CE_NOTE, "iwk_init(): Radio transmitter is off\n");
4172                 goto fail1;
4173         }
4174 
4175         /* init Rx ring */
4176         iwk_mac_access_enter(sc);
4177         IWK_WRITE(sc, FH_MEM_RCSR_CHNL0_CONFIG_REG, 0);
4178 
4179         IWK_WRITE(sc, FH_RSCSR_CHNL0_RBDCB_WPTR_REG, 0);
4180         IWK_WRITE(sc, FH_RSCSR_CHNL0_RBDCB_BASE_REG,
4181             sc->sc_rxq.dma_desc.cookie.dmac_address >> 8);
4182 
4183         IWK_WRITE(sc, FH_RSCSR_CHNL0_STTS_WPTR_REG,
4184             ((uint32_t)(sc->sc_dma_sh.cookie.dmac_address +
4185             offsetof(struct iwk_shared, val0)) >> 4));
4186 
4187         IWK_WRITE(sc, FH_MEM_RCSR_CHNL0_CONFIG_REG,
4188             FH_RCSR_RX_CONFIG_CHNL_EN_ENABLE_VAL |
4189             FH_RCSR_CHNL0_RX_CONFIG_IRQ_DEST_INT_HOST_VAL |
4190             IWK_FH_RCSR_RX_CONFIG_REG_VAL_RB_SIZE_4K |
4191             (RX_QUEUE_SIZE_LOG <<
4192             FH_RCSR_RX_CONFIG_RBDCB_SIZE_BITSHIFT));
4193         iwk_mac_access_exit(sc);
4194         IWK_WRITE(sc, FH_RSCSR_CHNL0_RBDCB_WPTR_REG,
4195             (RX_QUEUE_SIZE - 1) & ~0x7);
4196 
4197         /* init Tx rings */
4198         iwk_mac_access_enter(sc);
4199         iwk_reg_write(sc, SCD_TXFACT, 0);
4200 
4201         /* keep warm page */
4202         iwk_reg_write(sc, IWK_FH_KW_MEM_ADDR_REG,
4203             sc->sc_dma_kw.cookie.dmac_address >> 4);
4204 
4205         for (qid = 0; qid < IWK_NUM_QUEUES; qid++) {
4206                 IWK_WRITE(sc, FH_MEM_CBBC_QUEUE(qid),
4207                     sc->sc_txq[qid].dma_desc.cookie.dmac_address >> 8);
4208                 IWK_WRITE(sc, IWK_FH_TCSR_CHNL_TX_CONFIG_REG(qid),
4209                     IWK_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CHNL_ENABLE |
4210                     IWK_FH_TCSR_TX_CONFIG_REG_VAL_DMA_CREDIT_ENABLE_VAL);
4211         }
4212         iwk_mac_access_exit(sc);
4213 
4214         /* clear "radio off" and "disable command" bits */
4215         IWK_WRITE(sc, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
4216         IWK_WRITE(sc, CSR_UCODE_DRV_GP1_CLR,
4217             CSR_UCODE_DRV_GP1_BIT_CMD_BLOCKED);
4218 
4219         /* clear any pending interrupts */
4220         IWK_WRITE(sc, CSR_INT, 0xffffffff);
4221 
4222         /* enable interrupts */
4223         IWK_WRITE(sc, CSR_INT_MASK, CSR_INI_SET_MASK);
4224 
4225         IWK_WRITE(sc, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
4226         IWK_WRITE(sc, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
4227 
4228         /*
4229          * backup ucode data part for future use.
4230          */
4231         (void) memcpy(sc->sc_dma_fw_data_bak.mem_va,
4232             sc->sc_dma_fw_data.mem_va,
4233             sc->sc_dma_fw_data.alength);
4234 
4235         for (n = 0; n < 2; n++) {
4236                 /* load firmware init segment into NIC */
4237                 err = iwk_load_firmware(sc);
4238                 if (err != IWK_SUCCESS) {
4239                         cmn_err(CE_WARN, "iwk_init(): "
4240                             "failed to setup boot firmware\n");
4241                         continue;
4242                 }
4243 
4244                 /* now press "execute" start running */
4245                 IWK_WRITE(sc, CSR_RESET, 0);
4246                 break;
4247         }
4248         if (n == 2) {
4249                 cmn_err(CE_WARN, "iwk_init(): failed to load firmware\n");
4250                 goto fail1;
4251         }
4252         /* ..and wait at most one second for adapter to initialize */
4253         clk = ddi_get_lbolt() + drv_usectohz(2000000);
4254         while (!(sc->sc_flags & IWK_F_FW_INIT)) {
4255                 if (cv_timedwait(&sc->sc_fw_cv, &sc->sc_glock, clk) < 0)
4256                         break;
4257         }
4258         if (!(sc->sc_flags & IWK_F_FW_INIT)) {
4259                 cmn_err(CE_WARN,
4260                     "iwk_init(): timeout waiting for firmware init\n");
4261                 goto fail1;
4262         }
4263 
4264         /*
4265          * at this point, the firmware is loaded OK, then config the hardware
4266          * with the ucode API, including rxon, txpower, etc.
4267          */
4268         err = iwk_config(sc);
4269         if (err) {
4270                 cmn_err(CE_WARN, "iwk_init(): failed to configure device\n");
4271                 goto fail1;
4272         }
4273 
4274         /* at this point, hardware may receive beacons :) */
4275         mutex_exit(&sc->sc_glock);
4276         return (IWK_SUCCESS);
4277 
4278 fail1:
4279         err = IWK_FAIL;
4280         mutex_exit(&sc->sc_glock);
4281         return (err);
4282 }
4283 
4284 static void
4285 iwk_stop(iwk_sc_t *sc)
4286 {
4287         uint32_t tmp;
4288         int i;
4289 
4290         if (!(sc->sc_flags & IWK_F_QUIESCED))
4291                 mutex_enter(&sc->sc_glock);
4292 
4293         IWK_WRITE(sc, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET);
4294         /* disable interrupts */
4295         IWK_WRITE(sc, CSR_INT_MASK, 0);
4296         IWK_WRITE(sc, CSR_INT, CSR_INI_SET_MASK);
4297         IWK_WRITE(sc, CSR_FH_INT_STATUS, 0xffffffff);
4298 
4299         /* reset all Tx rings */
4300         for (i = 0; i < IWK_NUM_QUEUES; i++)
4301                 iwk_reset_tx_ring(sc, &sc->sc_txq[i]);
4302 
4303         /* reset Rx ring */
4304         iwk_reset_rx_ring(sc);
4305 
4306         iwk_mac_access_enter(sc);
4307         iwk_reg_write(sc, ALM_APMG_CLK_DIS, APMG_CLK_REG_VAL_DMA_CLK_RQT);
4308         iwk_mac_access_exit(sc);
4309 
4310         DELAY(5);
4311 
4312         iwk_stop_master(sc);
4313 
4314         sc->sc_tx_timer = 0;
4315         sc->sc_flags &= ~IWK_F_SCANNING;
4316         sc->sc_scan_pending = 0;
4317 
4318         tmp = IWK_READ(sc, CSR_RESET);
4319         IWK_WRITE(sc, CSR_RESET, tmp | CSR_RESET_REG_FLAG_SW_RESET);
4320 
4321         if (!(sc->sc_flags & IWK_F_QUIESCED))
4322                 mutex_exit(&sc->sc_glock);
4323 }
4324 
4325 /*
4326  * Naive implementation of the Adaptive Multi Rate Retry algorithm:
4327  * "IEEE 802.11 Rate Adaptation: A Practical Approach"
4328  * Mathieu Lacage, Hossein Manshaei, Thierry Turletti
4329  * INRIA Sophia - Projet Planete
4330  * http://www-sop.inria.fr/rapports/sophia/RR-5208.html
4331  */
4332 #define is_success(amrr)        \
4333         ((amrr)->retrycnt < (amrr)->txcnt / 10)
4334 #define is_failure(amrr)        \
4335         ((amrr)->retrycnt > (amrr)->txcnt / 3)
4336 #define is_enough(amrr)         \
4337         ((amrr)->txcnt > 100)
4338 #define is_min_rate(in)         \
4339         ((in)->in_txrate == 0)
4340 #define is_max_rate(in)         \
4341         ((in)->in_txrate == (in)->in_rates.ir_nrates - 1)
4342 #define increase_rate(in)       \
4343         ((in)->in_txrate++)
4344 #define decrease_rate(in)       \
4345         ((in)->in_txrate--)
4346 #define reset_cnt(amrr)         \
4347         { (amrr)->txcnt = (amrr)->retrycnt = 0; }
4348 
4349 #define IWK_AMRR_MIN_SUCCESS_THRESHOLD   1
4350 #define IWK_AMRR_MAX_SUCCESS_THRESHOLD  15
4351 
4352 static void
4353 iwk_amrr_init(iwk_amrr_t *amrr)
4354 {
4355         amrr->success = 0;
4356         amrr->recovery = 0;
4357         amrr->txcnt = amrr->retrycnt = 0;
4358         amrr->success_threshold = IWK_AMRR_MIN_SUCCESS_THRESHOLD;
4359 }
4360 
4361 static void
4362 iwk_amrr_timeout(iwk_sc_t *sc)
4363 {
4364         ieee80211com_t *ic = &sc->sc_ic;
4365 
4366         IWK_DBG((IWK_DEBUG_RATECTL, "iwk_amrr_timeout() enter\n"));
4367         if (ic->ic_opmode == IEEE80211_M_STA)
4368                 iwk_amrr_ratectl(NULL, ic->ic_bss);
4369         else
4370                 ieee80211_iterate_nodes(&ic->ic_sta, iwk_amrr_ratectl, NULL);
4371         sc->sc_clk = ddi_get_lbolt();
4372 }
4373 
4374 /* ARGSUSED */
4375 static void
4376 iwk_amrr_ratectl(void *arg, ieee80211_node_t *in)
4377 {
4378         iwk_amrr_t *amrr = (iwk_amrr_t *)in;
4379         int need_change = 0;
4380 
4381         if (is_success(amrr) && is_enough(amrr)) {
4382                 amrr->success++;
4383                 if (amrr->success >= amrr->success_threshold &&
4384                     !is_max_rate(in)) {
4385                         amrr->recovery = 1;
4386                         amrr->success = 0;
4387                         increase_rate(in);
4388                         IWK_DBG((IWK_DEBUG_RATECTL,
4389                             "AMRR increasing rate %d (txcnt=%d retrycnt=%d)\n",
4390                             in->in_txrate, amrr->txcnt, amrr->retrycnt));
4391                         need_change = 1;
4392                 } else {
4393                         amrr->recovery = 0;
4394                 }
4395         } else if (is_failure(amrr)) {
4396                 amrr->success = 0;
4397                 if (!is_min_rate(in)) {
4398                         if (amrr->recovery) {
4399                                 amrr->success_threshold++;
4400                                 if (amrr->success_threshold >
4401                                     IWK_AMRR_MAX_SUCCESS_THRESHOLD)
4402                                         amrr->success_threshold =
4403                                             IWK_AMRR_MAX_SUCCESS_THRESHOLD;
4404                         } else {
4405                                 amrr->success_threshold =
4406                                     IWK_AMRR_MIN_SUCCESS_THRESHOLD;
4407                         }
4408                         decrease_rate(in);
4409                         IWK_DBG((IWK_DEBUG_RATECTL,
4410                             "AMRR decreasing rate %d (txcnt=%d retrycnt=%d)\n",
4411                             in->in_txrate, amrr->txcnt, amrr->retrycnt));
4412                         need_change = 1;
4413                 }
4414                 amrr->recovery = 0;  /* paper is incorrect */
4415         }
4416 
4417         if (is_enough(amrr) || need_change)
4418                 reset_cnt(amrr);
4419 }
4420 
4421 /*
4422  * calculate 4965 chipset's kelvin temperature according to
4423  * the data of init alive and satistics notification.
4424  * The details is described in iwk_calibration.h file
4425  */
4426 static int32_t iwk_curr_tempera(iwk_sc_t *sc)
4427 {
4428         int32_t  tempera;
4429         int32_t  r1, r2, r3;
4430         uint32_t  r4_u;
4431         int32_t   r4_s;
4432 
4433         if (iwk_is_fat_channel(sc)) {
4434                 r1 = (int32_t)LE_32(sc->sc_card_alive_init.therm_r1[1]);
4435                 r2 = (int32_t)LE_32(sc->sc_card_alive_init.therm_r2[1]);
4436                 r3 = (int32_t)LE_32(sc->sc_card_alive_init.therm_r3[1]);
4437                 r4_u = LE_32(sc->sc_card_alive_init.therm_r4[1]);
4438         } else {
4439                 r1 = (int32_t)LE_32(sc->sc_card_alive_init.therm_r1[0]);
4440                 r2 = (int32_t)LE_32(sc->sc_card_alive_init.therm_r2[0]);
4441                 r3 = (int32_t)LE_32(sc->sc_card_alive_init.therm_r3[0]);
4442                 r4_u = LE_32(sc->sc_card_alive_init.therm_r4[0]);
4443         }
4444 
4445         if (sc->sc_flags & IWK_F_STATISTICS) {
4446                 r4_s = (int32_t)(LE_32(sc->sc_statistics.general.temperature) <<
4447                     (31-23)) >> (31-23);
4448         } else {
4449                 r4_s = (int32_t)(r4_u << (31-23)) >> (31-23);
4450         }
4451 
4452         IWK_DBG((IWK_DEBUG_CALIBRATION, "temperature R[1-4]: %d %d %d %d\n",
4453             r1, r2, r3, r4_s));
4454 
4455         if (r3 == r1) {
4456                 cmn_err(CE_WARN, "iwk_curr_tempera(): "
4457                     "failed to calculate temperature"
4458                     "because r3 = r1\n");
4459                 return (DDI_FAILURE);
4460         }
4461 
4462         tempera = TEMPERATURE_CALIB_A_VAL * (r4_s - r2);
4463         tempera /= (r3 - r1);
4464         tempera = (tempera*97) / 100 + TEMPERATURE_CALIB_KELVIN_OFFSET;
4465 
4466         IWK_DBG((IWK_DEBUG_CALIBRATION, "calculated temperature: %dK, %dC\n",
4467             tempera, KELVIN_TO_CELSIUS(tempera)));
4468 
4469         return (tempera);
4470 }
4471 
4472 /* Determine whether 4965 is using 2.4 GHz band */
4473 static inline int iwk_is_24G_band(iwk_sc_t *sc)
4474 {
4475         return (LE_32(sc->sc_config.flags) & RXON_FLG_BAND_24G_MSK);
4476 }
4477 
4478 /* Determine whether 4965 is using fat channel */
4479 static inline int iwk_is_fat_channel(iwk_sc_t *sc)
4480 {
4481         return ((LE_32(sc->sc_config.flags) &
4482             RXON_FLG_CHANNEL_MODE_PURE_40_MSK) ||
4483             (LE_32(sc->sc_config.flags) & RXON_FLG_CHANNEL_MODE_MIXED_MSK));
4484 }
4485 
4486 /*
4487  * In MIMO mode, determine which group 4965's current channel belong to.
4488  * For more infomation about "channel group",
4489  * please refer to iwk_calibration.h file
4490  */
4491 static int iwk_txpower_grp(uint16_t channel)
4492 {
4493         if (channel >= CALIB_IWK_TX_ATTEN_GR5_FCH &&
4494             channel <= CALIB_IWK_TX_ATTEN_GR5_LCH) {
4495                 return (CALIB_CH_GROUP_5);
4496         }
4497 
4498         if (channel >= CALIB_IWK_TX_ATTEN_GR1_FCH &&
4499             channel <= CALIB_IWK_TX_ATTEN_GR1_LCH) {
4500                 return (CALIB_CH_GROUP_1);
4501         }
4502 
4503         if (channel >= CALIB_IWK_TX_ATTEN_GR2_FCH &&
4504             channel <= CALIB_IWK_TX_ATTEN_GR2_LCH) {
4505                 return (CALIB_CH_GROUP_2);
4506         }
4507 
4508         if (channel >= CALIB_IWK_TX_ATTEN_GR3_FCH &&
4509             channel <= CALIB_IWK_TX_ATTEN_GR3_LCH) {
4510                 return (CALIB_CH_GROUP_3);
4511         }
4512 
4513         if (channel >= CALIB_IWK_TX_ATTEN_GR4_FCH &&
4514             channel <= CALIB_IWK_TX_ATTEN_GR4_LCH) {
4515                 return (CALIB_CH_GROUP_4);
4516         }
4517 
4518         cmn_err(CE_WARN, "iwk_txpower_grp(): "
4519             "can't find txpower group for channel %d.\n", channel);
4520 
4521         return (DDI_FAILURE);
4522 }
4523 
4524 /* 2.4 GHz */
4525 static uint16_t iwk_eep_band_1[14] = {
4526         1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
4527 };
4528 
4529 /* 5.2 GHz bands */
4530 static uint16_t iwk_eep_band_2[13] = {
4531         183, 184, 185, 187, 188, 189, 192, 196, 7, 8, 11, 12, 16
4532 };
4533 
4534 static uint16_t iwk_eep_band_3[12] = {
4535         34, 36, 38, 40, 42, 44, 46, 48, 52, 56, 60, 64
4536 };
4537 
4538 static uint16_t iwk_eep_band_4[11] = {
4539         100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140
4540 };
4541 
4542 static uint16_t iwk_eep_band_5[6] = {
4543         145, 149, 153, 157, 161, 165
4544 };
4545 
4546 static uint16_t iwk_eep_band_6[7] = {
4547         1, 2, 3, 4, 5, 6, 7
4548 };
4549 
4550 static uint16_t iwk_eep_band_7[11] = {
4551         36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157
4552 };
4553 
4554 /* Get regulatory data from eeprom for a given channel */
4555 static struct iwk_eep_channel *iwk_get_eep_channel(iwk_sc_t *sc,
4556     uint16_t channel,
4557     int is_24G, int is_fat, int is_hi_chan)
4558 {
4559         int32_t i;
4560         uint16_t chan;
4561 
4562         if (is_fat) {  /* 11n mode */
4563 
4564                 if (is_hi_chan) {
4565                         chan = channel - 4;
4566                 } else {
4567                         chan = channel;
4568                 }
4569 
4570                 for (i = 0; i < 7; i++) {
4571                         if (iwk_eep_band_6[i] == chan) {
4572                                 return (&sc->sc_eep_map.band_24_channels[i]);
4573                         }
4574                 }
4575                 for (i = 0; i < 11; i++) {
4576                         if (iwk_eep_band_7[i] == chan) {
4577                                 return (&sc->sc_eep_map.band_52_channels[i]);
4578                         }
4579                 }
4580         } else if (is_24G) {  /* 2.4 GHz band */
4581                 for (i = 0; i < 14; i++) {
4582                         if (iwk_eep_band_1[i] == channel) {
4583                                 return (&sc->sc_eep_map.band_1_channels[i]);
4584                         }
4585                 }
4586         } else {  /* 5 GHz band */
4587                 for (i = 0; i < 13; i++) {
4588                         if (iwk_eep_band_2[i] == channel) {
4589                                 return (&sc->sc_eep_map.band_2_channels[i]);
4590                         }
4591                 }
4592                 for (i = 0; i < 12; i++) {
4593                         if (iwk_eep_band_3[i] == channel) {
4594                                 return (&sc->sc_eep_map.band_3_channels[i]);
4595                         }
4596                 }
4597                 for (i = 0; i < 11; i++) {
4598                         if (iwk_eep_band_4[i] == channel) {
4599                                 return (&sc->sc_eep_map.band_4_channels[i]);
4600                         }
4601                 }
4602                 for (i = 0; i < 6; i++) {
4603                         if (iwk_eep_band_5[i] == channel) {
4604                                 return (&sc->sc_eep_map.band_5_channels[i]);
4605                         }
4606                 }
4607         }
4608 
4609         return (NULL);
4610 }
4611 
4612 /*
4613  * Determine which subband a given channel belongs
4614  * to in 2.4 GHz or 5 GHz band
4615  */
4616 static int32_t iwk_band_number(iwk_sc_t *sc, uint16_t channel)
4617 {
4618         int32_t b_n = -1;
4619 
4620         for (b_n = 0; b_n < EEP_TX_POWER_BANDS; b_n++) {
4621                 if (0 == sc->sc_eep_map.calib_info.band_info_tbl[b_n].ch_from) {
4622                         continue;
4623                 }
4624 
4625                 if ((channel >=
4626                     (uint16_t)sc->sc_eep_map.calib_info.
4627                     band_info_tbl[b_n].ch_from) &&
4628                     (channel <=
4629                     (uint16_t)sc->sc_eep_map.calib_info.
4630                     band_info_tbl[b_n].ch_to)) {
4631                         break;
4632                 }
4633         }
4634 
4635         return (b_n);
4636 }
4637 
4638 /* Make a special division for interpolation operation */
4639 static int iwk_division(int32_t num, int32_t denom, int32_t *res)
4640 {
4641         int32_t sign = 1;
4642 
4643         if (num < 0) {
4644                 sign = -sign;
4645                 num = -num;
4646         }
4647 
4648         if (denom < 0) {
4649                 sign = -sign;
4650                 denom = -denom;
4651         }
4652 
4653         *res = ((num*2 + denom) / (denom*2)) * sign;
4654 
4655         return (IWK_SUCCESS);
4656 }
4657 
4658 /* Make interpolation operation */
4659 static int32_t iwk_interpolate_value(int32_t x, int32_t x1, int32_t y1,
4660     int32_t x2, int32_t y2)
4661 {
4662         int32_t val;
4663 
4664         if (x2 == x1) {
4665                 return (y1);
4666         } else {
4667                 (void) iwk_division((x2-x)*(y1-y2), (x2-x1), &val);
4668                 return (val + y2);
4669         }
4670 }
4671 
4672 /* Get interpolation measurement data of a given channel for all chains. */
4673 static int iwk_channel_interpolate(iwk_sc_t *sc, uint16_t channel,
4674     struct iwk_eep_calib_channel_info *chan_info)
4675 {
4676         int32_t ban_n;
4677         uint32_t ch1_n, ch2_n;
4678         int32_t c, m;
4679         struct iwk_eep_calib_measure *m1_p, *m2_p, *m_p;
4680 
4681         /* determine subband number */
4682         ban_n = iwk_band_number(sc, channel);
4683         if (ban_n >= EEP_TX_POWER_BANDS) {
4684                 return (DDI_FAILURE);
4685         }
4686 
4687         ch1_n =
4688             (uint32_t)sc->sc_eep_map.calib_info.band_info_tbl[ban_n].ch1.ch_num;
4689         ch2_n =
4690             (uint32_t)sc->sc_eep_map.calib_info.band_info_tbl[ban_n].ch2.ch_num;
4691 
4692         chan_info->ch_num = (uint8_t)channel;  /* given channel number */
4693 
4694         /*
4695          * go through all chains on chipset
4696          */
4697         for (c = 0; c < EEP_TX_POWER_TX_CHAINS; c++) {
4698                 /*
4699                  * go through all factory measurements
4700                  */
4701                 for (m = 0; m < EEP_TX_POWER_MEASUREMENTS; m++) {
4702                         m1_p =
4703                             &(sc->sc_eep_map.calib_info.
4704                             band_info_tbl[ban_n].ch1.measure[c][m]);
4705                         m2_p =
4706                             &(sc->sc_eep_map.calib_info.band_info_tbl[ban_n].
4707                             ch2.measure[c][m]);
4708                         m_p = &(chan_info->measure[c][m]);
4709 
4710                         /*
4711                          * make interpolation to get actual
4712                          * Tx power for given channel
4713                          */
4714                         m_p->actual_pow = iwk_interpolate_value(channel,
4715                             ch1_n, m1_p->actual_pow,
4716                             ch2_n, m2_p->actual_pow);
4717 
4718                         /* make interpolation to get index into gain table */
4719                         m_p->gain_idx = iwk_interpolate_value(channel,
4720                             ch1_n, m1_p->gain_idx,
4721                             ch2_n, m2_p->gain_idx);
4722 
4723                         /* make interpolation to get chipset temperature */
4724                         m_p->temperature = iwk_interpolate_value(channel,
4725                             ch1_n, m1_p->temperature,
4726                             ch2_n, m2_p->temperature);
4727 
4728                         /*
4729                          * make interpolation to get power
4730                          * amp detector level
4731                          */
4732                         m_p->pa_det = iwk_interpolate_value(channel, ch1_n,
4733                             m1_p->pa_det,
4734                             ch2_n, m2_p->pa_det);
4735                 }
4736         }
4737 
4738         return (IWK_SUCCESS);
4739 }
4740 
4741 /*
4742  * Calculate voltage compensation for Tx power. For more infomation,
4743  * please refer to iwk_calibration.h file
4744  */
4745 static int32_t iwk_voltage_compensation(int32_t eep_voltage,
4746     int32_t curr_voltage)
4747 {
4748         int32_t vol_comp = 0;
4749 
4750         if ((TX_POWER_IWK_ILLEGAL_VOLTAGE == eep_voltage) ||
4751             (TX_POWER_IWK_ILLEGAL_VOLTAGE == curr_voltage)) {
4752                 return (vol_comp);
4753         }
4754 
4755         (void) iwk_division(curr_voltage-eep_voltage,
4756             TX_POWER_IWK_VOLTAGE_CODES_PER_03V, &vol_comp);
4757 
4758         if (curr_voltage > eep_voltage) {
4759                 vol_comp *= 2;
4760         }
4761         if ((vol_comp < -2) || (vol_comp > 2)) {
4762                 vol_comp = 0;
4763         }
4764 
4765         return (vol_comp);
4766 }
4767 
4768 /*
4769  * Thermal compensation values for txpower for various frequency ranges ...
4770  * ratios from 3:1 to 4.5:1 of degrees (Celsius) per half-dB gain adjust
4771  */
4772 static struct iwk_txpower_tempera_comp {
4773         int32_t degrees_per_05db_a;
4774         int32_t degrees_per_05db_a_denom;
4775 } txpower_tempera_comp_table[CALIB_CH_GROUP_MAX] = {
4776         {9, 2},                 /* group 0 5.2, ch  34-43 */
4777         {4, 1},                 /* group 1 5.2, ch  44-70 */
4778         {4, 1},                 /* group 2 5.2, ch  71-124 */
4779         {4, 1},                 /* group 3 5.2, ch 125-200 */
4780         {3, 1}                  /* group 4 2.4, ch   all */
4781 };
4782 
4783 /*
4784  * bit-rate-dependent table to prevent Tx distortion, in half-dB units,
4785  * for OFDM 6, 12, 18, 24, 36, 48, 54, 60 MBit, and CCK all rates.
4786  */
4787 static int32_t back_off_table[] = {
4788         10, 10, 10, 10, 10, 15, 17, 20, /* OFDM SISO 20 MHz */
4789         10, 10, 10, 10, 10, 15, 17, 20, /* OFDM MIMO 20 MHz */
4790         10, 10, 10, 10, 10, 15, 17, 20, /* OFDM SISO 40 MHz */
4791         10, 10, 10, 10, 10, 15, 17, 20, /* OFDM MIMO 40 MHz */
4792         10                      /* CCK */
4793 };
4794 
4795 /* determine minimum Tx power index in gain table */
4796 static int32_t iwk_min_power_index(int32_t rate_pow_idx, int32_t is_24G)
4797 {
4798         if ((!is_24G) && ((rate_pow_idx & 7) <= 4)) {
4799                 return (MIN_TX_GAIN_INDEX_52GHZ_EXT);
4800         }
4801 
4802         return (MIN_TX_GAIN_INDEX);
4803 }
4804 
4805 /*
4806  * Determine DSP and radio gain according to temperature and other factors.
4807  * This function is the majority of Tx power calibration
4808  */
4809 static int iwk_txpower_table_cmd_init(iwk_sc_t *sc,
4810     struct iwk_tx_power_db *tp_db)
4811 {
4812         int is_24G, is_fat, is_high_chan, is_mimo;
4813         int c, r;
4814         int32_t target_power;
4815         int32_t tx_grp = CALIB_CH_GROUP_MAX;
4816         uint16_t channel;
4817         uint8_t saturation_power;
4818         int32_t regu_power;
4819         int32_t curr_regu_power;
4820         struct iwk_eep_channel *eep_chan_p;
4821         struct iwk_eep_calib_channel_info eep_chan_calib;
4822         int32_t eep_voltage, init_voltage;
4823         int32_t voltage_compensation;
4824         int32_t temperature;
4825         int32_t degrees_per_05db_num;
4826         int32_t degrees_per_05db_denom;
4827         struct iwk_eep_calib_measure *measure_p;
4828         int32_t interpo_temp;
4829         int32_t power_limit;
4830         int32_t atten_value;
4831         int32_t tempera_comp[2];
4832         int32_t interpo_gain_idx[2];
4833         int32_t interpo_actual_pow[2];
4834         union iwk_tx_power_dual_stream txpower_gains;
4835         int32_t txpower_gains_idx;
4836 
4837         channel = LE_16(sc->sc_config.chan);
4838 
4839         /* 2.4 GHz or 5 GHz band */
4840         is_24G = iwk_is_24G_band(sc);
4841 
4842         /* fat channel or not */
4843         is_fat = iwk_is_fat_channel(sc);
4844 
4845         /*
4846          * using low half channel number or high half channel number
4847          * identify fat channel
4848          */
4849         if (is_fat && (LE_32(sc->sc_config.flags) &
4850             RXON_FLG_CONTROL_CHANNEL_LOC_HIGH_MSK)) {
4851                 is_high_chan = 1;
4852         }
4853 
4854         if ((channel > 0) && (channel < 200)) {
4855                 /* get regulatory channel data from eeprom */
4856                 eep_chan_p = iwk_get_eep_channel(sc, channel, is_24G,
4857                     is_fat, is_high_chan);
4858                 if (NULL == eep_chan_p) {
4859                         cmn_err(CE_WARN,
4860                             "iwk_txpower_table_cmd_init(): "
4861                             "can't get channel infomation\n");
4862                         return (DDI_FAILURE);
4863                 }
4864         } else {
4865                 cmn_err(CE_WARN, "iwk_txpower_table_cmd_init(): "
4866                     "channel(%d) isn't in proper range\n",
4867                     channel);
4868                 return (DDI_FAILURE);
4869         }
4870 
4871         /* initial value of Tx power */
4872         sc->sc_user_txpower = (int32_t)eep_chan_p->max_power_avg;
4873         if (sc->sc_user_txpower < IWK_TX_POWER_TARGET_POWER_MIN) {
4874                 cmn_err(CE_WARN, "iwk_txpower_table_cmd_init(): "
4875                     "user TX power is too weak\n");
4876                 return (DDI_FAILURE);
4877         } else if (sc->sc_user_txpower > IWK_TX_POWER_TARGET_POWER_MAX) {
4878                 cmn_err(CE_WARN, "iwk_txpower_table_cmd_init(): "
4879                     "user TX power is too strong\n");
4880                 return (DDI_FAILURE);
4881         }
4882 
4883         target_power = 2 * sc->sc_user_txpower;
4884 
4885         /* determine which group current channel belongs to */
4886         tx_grp = iwk_txpower_grp(channel);
4887         if (tx_grp < 0) {
4888                 return (tx_grp);
4889         }
4890 
4891 
4892         if (is_fat) {
4893                 if (is_high_chan) {
4894                         channel -= 2;
4895                 } else {
4896                         channel += 2;
4897                 }
4898         }
4899 
4900         /* determine saturation power */
4901         if (is_24G) {
4902                 saturation_power =
4903                     sc->sc_eep_map.calib_info.saturation_power24;
4904         } else {
4905                 saturation_power =
4906                     sc->sc_eep_map.calib_info.saturation_power52;
4907         }
4908 
4909         if (saturation_power < IWK_TX_POWER_SATURATION_MIN ||
4910             saturation_power > IWK_TX_POWER_SATURATION_MAX) {
4911                 if (is_24G) {
4912                         saturation_power = IWK_TX_POWER_DEFAULT_SATURATION_24;
4913                 } else {
4914                         saturation_power = IWK_TX_POWER_DEFAULT_SATURATION_52;
4915                 }
4916         }
4917 
4918         /* determine regulatory power */
4919         regu_power = (int32_t)eep_chan_p->max_power_avg * 2;
4920         if ((regu_power < IWK_TX_POWER_REGULATORY_MIN) ||
4921             (regu_power > IWK_TX_POWER_REGULATORY_MAX)) {
4922                 if (is_24G) {
4923                         regu_power = IWK_TX_POWER_DEFAULT_REGULATORY_24;
4924                 } else {
4925                         regu_power = IWK_TX_POWER_DEFAULT_REGULATORY_52;
4926                 }
4927         }
4928 
4929         /*
4930          * get measurement data for current channel
4931          * suach as temperature,index to gain table,actual Tx power
4932          */
4933         (void) iwk_channel_interpolate(sc, channel, &eep_chan_calib);
4934 
4935         eep_voltage = (int32_t)LE_16(sc->sc_eep_map.calib_info.voltage);
4936         init_voltage = (int32_t)LE_32(sc->sc_card_alive_init.voltage);
4937 
4938         /* calculate voltage compensation to Tx power */
4939         voltage_compensation =
4940             iwk_voltage_compensation(eep_voltage, init_voltage);
4941 
4942         if (sc->sc_tempera >= IWK_TX_POWER_TEMPERATURE_MIN) {
4943                 temperature = sc->sc_tempera;
4944         } else {
4945                 temperature = IWK_TX_POWER_TEMPERATURE_MIN;
4946         }
4947         if (sc->sc_tempera <= IWK_TX_POWER_TEMPERATURE_MAX) {
4948                 temperature = sc->sc_tempera;
4949         } else {
4950                 temperature = IWK_TX_POWER_TEMPERATURE_MAX;
4951         }
4952         temperature = KELVIN_TO_CELSIUS(temperature);
4953 
4954         degrees_per_05db_num =
4955             txpower_tempera_comp_table[tx_grp].degrees_per_05db_a;
4956         degrees_per_05db_denom =
4957             txpower_tempera_comp_table[tx_grp].degrees_per_05db_a_denom;
4958 
4959         for (c = 0; c < 2; c++) {  /* go through all chains */
4960                 measure_p = &eep_chan_calib.measure[c][1];
4961                 interpo_temp = measure_p->temperature;
4962 
4963                 /* determine temperature compensation to Tx power */
4964                 (void) iwk_division(
4965                     (temperature-interpo_temp)*degrees_per_05db_denom,
4966                     degrees_per_05db_num, &tempera_comp[c]);
4967 
4968                 interpo_gain_idx[c] = measure_p->gain_idx;
4969                 interpo_actual_pow[c] = measure_p->actual_pow;
4970         }
4971 
4972         /*
4973          * go through all rate entries in Tx power table
4974          */
4975         for (r = 0; r < POWER_TABLE_NUM_ENTRIES; r++) {
4976                 if (r & 0x8) {
4977                         /* need to lower regulatory power for MIMO mode */
4978                         curr_regu_power = regu_power -
4979                             IWK_TX_POWER_MIMO_REGULATORY_COMPENSATION;
4980                         is_mimo = 1;
4981                 } else {
4982                         curr_regu_power = regu_power;
4983                         is_mimo = 0;
4984                 }
4985 
4986                 power_limit = saturation_power - back_off_table[r];
4987                 if (power_limit > curr_regu_power) {
4988                         /* final Tx power limit */
4989                         power_limit = curr_regu_power;
4990                 }
4991 
4992                 if (target_power > power_limit) {
4993                         target_power = power_limit; /* final target Tx power */
4994                 }
4995 
4996                 for (c = 0; c < 2; c++) {      /* go through all Tx chains */
4997                         if (is_mimo) {
4998                                 atten_value =
4999                                     LE_32(sc->sc_card_alive_init.
5000                                     tx_atten[tx_grp][c]);
5001                         } else {
5002                                 atten_value = 0;
5003                         }
5004 
5005                         /*
5006                          * calculate index in gain table
5007                          * this step is very important
5008                          */
5009                         txpower_gains_idx = interpo_gain_idx[c] -
5010                             (target_power - interpo_actual_pow[c]) -
5011                             tempera_comp[c] - voltage_compensation +
5012                             atten_value;
5013 
5014                         if (txpower_gains_idx <
5015                             iwk_min_power_index(r, is_24G)) {
5016                                 txpower_gains_idx =
5017                                     iwk_min_power_index(r, is_24G);
5018                         }
5019 
5020                         if (!is_24G) {
5021                                 /*
5022                                  * support negative index for 5 GHz
5023                                  * band
5024                                  */
5025                                 txpower_gains_idx += 9;
5026                         }
5027 
5028                         if (POWER_TABLE_CCK_ENTRY == r) {
5029                                 /* for CCK mode, make necessary attenuaton */
5030                                 txpower_gains_idx +=
5031                                     IWK_TX_POWER_CCK_COMPENSATION_C_STEP;
5032                         }
5033 
5034                         if (txpower_gains_idx > 107) {
5035                                 txpower_gains_idx = 107;
5036                         } else if (txpower_gains_idx < 0) {
5037                                 txpower_gains_idx = 0;
5038                         }
5039 
5040                         /* search DSP and radio gains in gain table */
5041                         txpower_gains.s.radio_tx_gain[c] =
5042                             gains_table[is_24G][txpower_gains_idx].radio;
5043                         txpower_gains.s.dsp_predis_atten[c] =
5044                             gains_table[is_24G][txpower_gains_idx].dsp;
5045 
5046                         IWK_DBG((IWK_DEBUG_CALIBRATION,
5047                             "rate_index: %d, "
5048                             "gain_index %d, c: %d,is_mimo: %d\n",
5049                             r, txpower_gains_idx, c, is_mimo));
5050                 }
5051 
5052                 /* initialize Tx power table */
5053                 if (r < POWER_TABLE_NUM_HT_OFDM_ENTRIES) {
5054                         tp_db->ht_ofdm_power[r].dw = LE_32(txpower_gains.dw);
5055                 } else {
5056                         tp_db->legacy_cck_power.dw = LE_32(txpower_gains.dw);
5057                 }
5058         }
5059 
5060         return (IWK_SUCCESS);
5061 }
5062 
5063 /*
5064  * make Tx power calibration to adjust Tx power.
5065  * This is completed by sending out Tx power table command.
5066  */
5067 static int iwk_tx_power_calibration(iwk_sc_t *sc)
5068 {
5069         iwk_tx_power_table_cmd_t cmd;
5070         int rv;
5071 
5072         if (sc->sc_flags & IWK_F_SCANNING) {
5073                 return (IWK_SUCCESS);
5074         }
5075 
5076         /* necessary initialization to Tx power table command */
5077         cmd.band = (uint8_t)iwk_is_24G_band(sc);
5078         cmd.channel = sc->sc_config.chan;
5079         cmd.channel_normal_width = 0;
5080 
5081         /* initialize Tx power table */
5082         rv = iwk_txpower_table_cmd_init(sc, &cmd.tx_power);
5083         if (rv) {
5084                 cmn_err(CE_NOTE, "rv= %d\n", rv);
5085                 return (rv);
5086         }
5087 
5088         /* send out Tx power table command */
5089         rv = iwk_cmd(sc, REPLY_TX_PWR_TABLE_CMD, &cmd, sizeof (cmd), 1);
5090         if (rv) {
5091                 return (rv);
5092         }
5093 
5094         /* record current temperature */
5095         sc->sc_last_tempera = sc->sc_tempera;
5096 
5097         return (IWK_SUCCESS);
5098 }
5099 
5100 /* This function is the handler of statistics notification from uCode */
5101 static void iwk_statistics_notify(iwk_sc_t *sc, iwk_rx_desc_t *desc)
5102 {
5103         int is_diff;
5104         struct iwk_notif_statistics *statistics_p =
5105             (struct iwk_notif_statistics *)(desc + 1);
5106 
5107         mutex_enter(&sc->sc_glock);
5108 
5109         is_diff = (sc->sc_statistics.general.temperature !=
5110             statistics_p->general.temperature) ||
5111             (LE_32(sc->sc_statistics.flag) &
5112             STATISTICS_REPLY_FLG_FAT_MODE_MSK) !=
5113             (LE_32(statistics_p->flag) & STATISTICS_REPLY_FLG_FAT_MODE_MSK);
5114 
5115         /* update statistics data */
5116         (void) memcpy(&sc->sc_statistics, statistics_p,
5117             sizeof (struct iwk_notif_statistics));
5118 
5119         sc->sc_flags |= IWK_F_STATISTICS;
5120 
5121         if (!(sc->sc_flags & IWK_F_SCANNING)) {
5122                 /* make Receiver gain balance calibration */
5123                 (void) iwk_rxgain_diff(sc);
5124 
5125                 /* make Receiver sensitivity calibration */
5126                 (void) iwk_rx_sens(sc);
5127         }
5128 
5129 
5130         if (!is_diff) {
5131                 mutex_exit(&sc->sc_glock);
5132                 return;
5133         }
5134 
5135         /* calibration current temperature of 4965 chipset */
5136         sc->sc_tempera = iwk_curr_tempera(sc);
5137 
5138         /* distinct temperature change will trigger Tx power calibration */
5139         if (((sc->sc_tempera - sc->sc_last_tempera) >= 3) ||
5140             ((sc->sc_last_tempera - sc->sc_tempera) >= 3)) {
5141                 /* make Tx power calibration */
5142                 (void) iwk_tx_power_calibration(sc);
5143         }
5144 
5145         mutex_exit(&sc->sc_glock);
5146 }
5147 
5148 /* Determine this station is in associated state or not */
5149 static int iwk_is_associated(iwk_sc_t *sc)
5150 {
5151         return (LE_32(sc->sc_config.filter_flags) & RXON_FILTER_ASSOC_MSK);
5152 }
5153 
5154 /* Make necessary preparation for Receiver gain balance calibration */
5155 static int iwk_rxgain_diff_init(iwk_sc_t *sc)
5156 {
5157         int i, rv;
5158         struct iwk_calibration_cmd cmd;
5159         struct iwk_rx_gain_diff *gain_diff_p;
5160 
5161         gain_diff_p = &sc->sc_rxgain_diff;
5162 
5163         (void) memset(gain_diff_p, 0, sizeof (struct iwk_rx_gain_diff));
5164         (void) memset(&cmd, 0, sizeof (struct iwk_calibration_cmd));
5165 
5166         for (i = 0; i < RX_CHAINS_NUM; i++) {
5167                 gain_diff_p->gain_diff_chain[i] = CHAIN_GAIN_DIFF_INIT_VAL;
5168         }
5169 
5170         if (iwk_is_associated(sc)) {
5171                 cmd.opCode = PHY_CALIBRATE_DIFF_GAIN_CMD;
5172                 cmd.diff_gain_a = 0;
5173                 cmd.diff_gain_b = 0;
5174                 cmd.diff_gain_c = 0;
5175 
5176                 /* assume the gains of every Rx chains is balanceable */
5177                 rv = iwk_cmd(sc, REPLY_PHY_CALIBRATION_CMD, &cmd,
5178                     sizeof (cmd), 1);
5179                 if (rv) {
5180                         return (rv);
5181                 }
5182 
5183                 gain_diff_p->state = IWK_GAIN_DIFF_ACCUMULATE;
5184         }
5185 
5186         return (IWK_SUCCESS);
5187 }
5188 
5189 /*
5190  * make Receiver gain balance to balance Rx gain between Rx chains
5191  * and determine which chain is disconnected
5192  */
5193 static int iwk_rxgain_diff(iwk_sc_t *sc)
5194 {
5195         int i, is_24G, rv;
5196         int max_beacon_chain_n;
5197         int min_noise_chain_n;
5198         uint16_t channel_n;
5199         int32_t beacon_diff;
5200         int32_t noise_diff;
5201         uint32_t noise_chain_a, noise_chain_b, noise_chain_c;
5202         uint32_t beacon_chain_a, beacon_chain_b, beacon_chain_c;
5203         struct iwk_calibration_cmd cmd;
5204         uint32_t beacon_aver[RX_CHAINS_NUM] = {0xFFFFFFFF};
5205         uint32_t noise_aver[RX_CHAINS_NUM] = {0xFFFFFFFF};
5206         struct statistics_rx_non_phy *rx_general_p =
5207             &sc->sc_statistics.rx.general;
5208         struct iwk_rx_gain_diff *gain_diff_p = &sc->sc_rxgain_diff;
5209 
5210         if (INTERFERENCE_DATA_AVAILABLE !=
5211             LE_32(rx_general_p->interference_data_flag)) {
5212                 return (IWK_SUCCESS);
5213         }
5214 
5215         if (IWK_GAIN_DIFF_ACCUMULATE != gain_diff_p->state) {
5216                 return (IWK_SUCCESS);
5217         }
5218 
5219         is_24G = iwk_is_24G_band(sc);
5220         channel_n = sc->sc_config.chan;       /* channel number */
5221 
5222         if ((channel_n != (LE_32(sc->sc_statistics.flag) >> 16)) ||
5223             ((STATISTICS_REPLY_FLG_BAND_24G_MSK ==
5224             (LE_32(sc->sc_statistics.flag) &
5225             STATISTICS_REPLY_FLG_BAND_24G_MSK)) &&
5226             !is_24G)) {
5227                 return (IWK_SUCCESS);
5228         }
5229 
5230         /* Rx chain's noise strength from statistics notification */
5231         noise_chain_a = LE_32(rx_general_p->beacon_silence_rssi_a) & 0xFF;
5232         noise_chain_b = LE_32(rx_general_p->beacon_silence_rssi_b) & 0xFF;
5233         noise_chain_c = LE_32(rx_general_p->beacon_silence_rssi_c) & 0xFF;
5234 
5235         /* Rx chain's beacon strength from statistics notification */
5236         beacon_chain_a = LE_32(rx_general_p->beacon_rssi_a) & 0xFF;
5237         beacon_chain_b = LE_32(rx_general_p->beacon_rssi_b) & 0xFF;
5238         beacon_chain_c = LE_32(rx_general_p->beacon_rssi_c) & 0xFF;
5239 
5240         gain_diff_p->beacon_count++;
5241 
5242         /* accumulate chain's noise strength */
5243         gain_diff_p->noise_stren_a += noise_chain_a;
5244         gain_diff_p->noise_stren_b += noise_chain_b;
5245         gain_diff_p->noise_stren_c += noise_chain_c;
5246 
5247         /* accumulate chain's beacon strength */
5248         gain_diff_p->beacon_stren_a += beacon_chain_a;
5249         gain_diff_p->beacon_stren_b += beacon_chain_b;
5250         gain_diff_p->beacon_stren_c += beacon_chain_c;
5251 
5252         if (BEACON_NUM_20 == gain_diff_p->beacon_count) {
5253                 /* calculate average beacon strength */
5254                 beacon_aver[0] = (gain_diff_p->beacon_stren_a) / BEACON_NUM_20;
5255                 beacon_aver[1] = (gain_diff_p->beacon_stren_b) / BEACON_NUM_20;
5256                 beacon_aver[2] = (gain_diff_p->beacon_stren_c) / BEACON_NUM_20;
5257 
5258                 /* calculate average noise strength */
5259                 noise_aver[0] = (gain_diff_p->noise_stren_a) / BEACON_NUM_20;
5260                 noise_aver[1] = (gain_diff_p->noise_stren_b) / BEACON_NUM_20;
5261                 noise_aver[2] = (gain_diff_p->noise_stren_b) / BEACON_NUM_20;
5262 
5263                 /* determine maximum beacon strength among 3 chains */
5264                 if ((beacon_aver[0] >= beacon_aver[1]) &&
5265                     (beacon_aver[0] >= beacon_aver[2])) {
5266                         max_beacon_chain_n = 0;
5267                         gain_diff_p->connected_chains = 1 << 0;
5268                 } else if (beacon_aver[1] >= beacon_aver[2]) {
5269                         max_beacon_chain_n = 1;
5270                         gain_diff_p->connected_chains = 1 << 1;
5271                 } else {
5272                         max_beacon_chain_n = 2;
5273                         gain_diff_p->connected_chains = 1 << 2;
5274                 }
5275 
5276                 /* determine which chain is disconnected */
5277                 for (i = 0; i < RX_CHAINS_NUM; i++) {
5278                         if (i != max_beacon_chain_n) {
5279                                 beacon_diff = beacon_aver[max_beacon_chain_n] -
5280                                     beacon_aver[i];
5281                                 if (beacon_diff > MAX_ALLOWED_DIFF) {
5282                                         gain_diff_p->disconnect_chain[i] = 1;
5283                                 } else {
5284                                         gain_diff_p->connected_chains |=
5285                                             (1 << i);
5286                                 }
5287                         }
5288                 }
5289 
5290                 /*
5291                  * if chain A and B are both disconnected,
5292                  * assume the stronger in beacon strength is connected
5293                  */
5294                 if (gain_diff_p->disconnect_chain[0] &&
5295                     gain_diff_p->disconnect_chain[1]) {
5296                         if (beacon_aver[0] >= beacon_aver[1]) {
5297                                 gain_diff_p->disconnect_chain[0] = 0;
5298                                 gain_diff_p->connected_chains |= (1 << 0);
5299                         } else {
5300                                 gain_diff_p->disconnect_chain[1] = 0;
5301                                 gain_diff_p->connected_chains |= (1 << 1);
5302                         }
5303                 }
5304 
5305                 /* determine minimum noise strength among 3 chains */
5306                 if (!gain_diff_p->disconnect_chain[0]) {
5307                         min_noise_chain_n = 0;
5308 
5309                         for (i = 0; i < RX_CHAINS_NUM; i++) {
5310                                 if (!gain_diff_p->disconnect_chain[i] &&
5311                                     (noise_aver[i] <=
5312                                     noise_aver[min_noise_chain_n])) {
5313                                         min_noise_chain_n = i;
5314                                 }
5315 
5316                         }
5317                 } else {
5318                         min_noise_chain_n = 1;
5319 
5320                         for (i = 0; i < RX_CHAINS_NUM; i++) {
5321                                 if (!gain_diff_p->disconnect_chain[i] &&
5322                                     (noise_aver[i] <=
5323                                     noise_aver[min_noise_chain_n])) {
5324                                         min_noise_chain_n = i;
5325                                 }
5326                         }
5327                 }
5328 
5329                 gain_diff_p->gain_diff_chain[min_noise_chain_n] = 0;
5330 
5331                 /* determine gain difference between chains */
5332                 for (i = 0; i < RX_CHAINS_NUM; i++) {
5333                         if (!gain_diff_p->disconnect_chain[i] &&
5334                             (CHAIN_GAIN_DIFF_INIT_VAL ==
5335                             gain_diff_p->gain_diff_chain[i])) {
5336 
5337                                 noise_diff = noise_aver[i] -
5338                                     noise_aver[min_noise_chain_n];
5339                                 gain_diff_p->gain_diff_chain[i] =
5340                                     (uint8_t)((noise_diff * 10) / 15);
5341 
5342                                 if (gain_diff_p->gain_diff_chain[i] > 3) {
5343                                         gain_diff_p->gain_diff_chain[i] = 3;
5344                                 }
5345 
5346                                 gain_diff_p->gain_diff_chain[i] |= (1 << 2);
5347                         } else {
5348                                 gain_diff_p->gain_diff_chain[i] = 0;
5349                         }
5350                 }
5351 
5352                 if (!gain_diff_p->gain_diff_send) {
5353                         gain_diff_p->gain_diff_send = 1;
5354 
5355                         (void) memset(&cmd, 0, sizeof (cmd));
5356 
5357                         cmd.opCode = PHY_CALIBRATE_DIFF_GAIN_CMD;
5358                         cmd.diff_gain_a = gain_diff_p->gain_diff_chain[0];
5359                         cmd.diff_gain_b = gain_diff_p->gain_diff_chain[1];
5360                         cmd.diff_gain_c = gain_diff_p->gain_diff_chain[2];
5361 
5362                         /*
5363                          * send out PHY calibration command to
5364                          * adjust every chain's Rx gain
5365                          */
5366                         rv = iwk_cmd(sc, REPLY_PHY_CALIBRATION_CMD,
5367                             &cmd, sizeof (cmd), 1);
5368                         if (rv) {
5369                                 return (rv);
5370                         }
5371 
5372                         gain_diff_p->state = IWK_GAIN_DIFF_CALIBRATED;
5373                 }
5374 
5375                 gain_diff_p->beacon_stren_a = 0;
5376                 gain_diff_p->beacon_stren_b = 0;
5377                 gain_diff_p->beacon_stren_c = 0;
5378 
5379                 gain_diff_p->noise_stren_a = 0;
5380                 gain_diff_p->noise_stren_b = 0;
5381                 gain_diff_p->noise_stren_c = 0;
5382         }
5383 
5384         return (IWK_SUCCESS);
5385 }
5386 
5387 /* Make necessary preparation for Receiver sensitivity calibration */
5388 static int iwk_rx_sens_init(iwk_sc_t *sc)
5389 {
5390         int i, rv;
5391         struct iwk_rx_sensitivity_cmd cmd;
5392         struct iwk_rx_sensitivity *rx_sens_p = &sc->sc_rx_sens;
5393 
5394         (void) memset(&cmd, 0, sizeof (struct iwk_rx_sensitivity_cmd));
5395         (void) memset(rx_sens_p, 0, sizeof (struct iwk_rx_sensitivity));
5396 
5397         rx_sens_p->auto_corr_ofdm_x4 = 90;
5398         rx_sens_p->auto_corr_mrc_ofdm_x4 = 170;
5399         rx_sens_p->auto_corr_ofdm_x1 = 105;
5400         rx_sens_p->auto_corr_mrc_ofdm_x1 = 220;
5401 
5402         rx_sens_p->auto_corr_cck_x4 = 125;
5403         rx_sens_p->auto_corr_mrc_cck_x4 = 200;
5404         rx_sens_p->min_energy_det_cck = 100;
5405 
5406         rx_sens_p->flags &= (~IWK_SENSITIVITY_CALIB_ALLOW_MSK);
5407         rx_sens_p->flags &= (~IWK_SENSITIVITY_OFDM_UPDATE_MSK);
5408         rx_sens_p->flags &= (~IWK_SENSITIVITY_CCK_UPDATE_MSK);
5409 
5410         rx_sens_p->last_bad_plcp_cnt_ofdm = 0;
5411         rx_sens_p->last_false_alarm_cnt_ofdm = 0;
5412         rx_sens_p->last_bad_plcp_cnt_cck = 0;
5413         rx_sens_p->last_false_alarm_cnt_cck = 0;
5414 
5415         rx_sens_p->cck_curr_state = IWK_TOO_MANY_FALSE_ALARM;
5416         rx_sens_p->cck_prev_state = IWK_TOO_MANY_FALSE_ALARM;
5417         rx_sens_p->cck_no_false_alarm_num = 0;
5418         rx_sens_p->cck_beacon_idx = 0;
5419 
5420         for (i = 0; i < 10; i++) {
5421                 rx_sens_p->cck_beacon_min[i] = 0;
5422         }
5423 
5424         rx_sens_p->cck_noise_idx = 0;
5425         rx_sens_p->cck_noise_ref = 0;
5426 
5427         for (i = 0; i < 20; i++) {
5428                 rx_sens_p->cck_noise_max[i] = 0;
5429         }
5430 
5431         rx_sens_p->cck_noise_diff = 0;
5432         rx_sens_p->cck_no_false_alarm_num = 0;
5433 
5434         cmd.control = LE_16(IWK_SENSITIVITY_CONTROL_WORK_TABLE);
5435 
5436         cmd.table[AUTO_CORR32_X4_TH_ADD_MIN_IDX] =
5437             LE_16(rx_sens_p->auto_corr_ofdm_x4);
5438         cmd.table[AUTO_CORR32_X4_TH_ADD_MIN_MRC_IDX] =
5439             LE_16(rx_sens_p->auto_corr_mrc_ofdm_x4);
5440         cmd.table[AUTO_CORR32_X1_TH_ADD_MIN_IDX] =
5441             LE_16(rx_sens_p->auto_corr_ofdm_x1);
5442         cmd.table[AUTO_CORR32_X1_TH_ADD_MIN_MRC_IDX] =
5443             LE_16(rx_sens_p->auto_corr_mrc_ofdm_x1);
5444 
5445         cmd.table[AUTO_CORR40_X4_TH_ADD_MIN_IDX] =
5446             LE_16(rx_sens_p->auto_corr_cck_x4);
5447         cmd.table[AUTO_CORR40_X4_TH_ADD_MIN_MRC_IDX] =
5448             LE_16(rx_sens_p->auto_corr_mrc_cck_x4);
5449         cmd.table[MIN_ENERGY_CCK_DET_IDX] =
5450             LE_16(rx_sens_p->min_energy_det_cck);
5451 
5452         cmd.table[MIN_ENERGY_OFDM_DET_IDX] = LE_16(100);
5453         cmd.table[BARKER_CORR_TH_ADD_MIN_IDX] = LE_16(190);
5454         cmd.table[BARKER_CORR_TH_ADD_MIN_MRC_IDX] = LE_16(390);
5455         cmd.table[PTAM_ENERGY_TH_IDX] = LE_16(62);
5456 
5457         /* at first, set up Rx to maximum sensitivity */
5458         rv = iwk_cmd(sc, SENSITIVITY_CMD, &cmd, sizeof (cmd), 1);
5459         if (rv) {
5460                 cmn_err(CE_WARN, "iwk_rx_sens_init(): "
5461                     "in the process of initialization, "
5462                     "failed to send rx sensitivity command\n");
5463                 return (rv);
5464         }
5465 
5466         rx_sens_p->flags |= IWK_SENSITIVITY_CALIB_ALLOW_MSK;
5467 
5468         return (IWK_SUCCESS);
5469 }
5470 
5471 /*
5472  * make Receiver sensitivity calibration to adjust every chain's Rx sensitivity.
5473  * for more infomation, please refer to iwk_calibration.h file
5474  */
5475 static int iwk_rx_sens(iwk_sc_t *sc)
5476 {
5477         int rv;
5478         uint32_t actual_rx_time;
5479         struct statistics_rx_non_phy *rx_general_p =
5480             &sc->sc_statistics.rx.general;
5481         struct iwk_rx_sensitivity *rx_sens_p = &sc->sc_rx_sens;
5482         struct iwk_rx_sensitivity_cmd cmd;
5483 
5484         if (!(rx_sens_p->flags & IWK_SENSITIVITY_CALIB_ALLOW_MSK)) {
5485                 cmn_err(CE_WARN, "iwk_rx_sens(): "
5486                     "sensitivity initialization has not finished.\n");
5487                 return (DDI_FAILURE);
5488         }
5489 
5490         if (INTERFERENCE_DATA_AVAILABLE !=
5491             LE_32(rx_general_p->interference_data_flag)) {
5492                 cmn_err(CE_WARN, "iwk_rx_sens(): "
5493                     "can't make rx sensitivity calibration,"
5494                     "because of invalid statistics\n");
5495                 return (DDI_FAILURE);
5496         }
5497 
5498         actual_rx_time = LE_32(rx_general_p->channel_load);
5499         if (!actual_rx_time) {
5500                 IWK_DBG((IWK_DEBUG_CALIBRATION, "iwk_rx_sens(): "
5501                     "can't make rx sensitivity calibration,"
5502                     "because has not enough rx time\n"));
5503                 return (DDI_FAILURE);
5504         }
5505 
5506         /* make Rx sensitivity calibration for OFDM mode */
5507         rv = iwk_ofdm_sens(sc, actual_rx_time);
5508         if (rv) {
5509                 return (rv);
5510         }
5511 
5512         /* make Rx sensitivity calibration for CCK mode */
5513         rv = iwk_cck_sens(sc, actual_rx_time);
5514         if (rv) {
5515                 return (rv);
5516         }
5517 
5518         /*
5519          * if the sum of false alarm had not changed, nothing will be done
5520          */
5521         if ((!(rx_sens_p->flags & IWK_SENSITIVITY_OFDM_UPDATE_MSK)) &&
5522             (!(rx_sens_p->flags & IWK_SENSITIVITY_CCK_UPDATE_MSK))) {
5523                 return (IWK_SUCCESS);
5524         }
5525 
5526         cmd.control = IWK_SENSITIVITY_CONTROL_WORK_TABLE;
5527 
5528         cmd.table[AUTO_CORR32_X4_TH_ADD_MIN_IDX] =
5529             rx_sens_p->auto_corr_ofdm_x4;
5530         cmd.table[AUTO_CORR32_X4_TH_ADD_MIN_MRC_IDX] =
5531             rx_sens_p->auto_corr_mrc_ofdm_x4;
5532         cmd.table[AUTO_CORR32_X1_TH_ADD_MIN_IDX] =
5533             rx_sens_p->auto_corr_ofdm_x1;
5534         cmd.table[AUTO_CORR32_X1_TH_ADD_MIN_MRC_IDX] =
5535             rx_sens_p->auto_corr_mrc_ofdm_x1;
5536 
5537         cmd.table[AUTO_CORR40_X4_TH_ADD_MIN_IDX] =
5538             rx_sens_p->auto_corr_cck_x4;
5539         cmd.table[AUTO_CORR40_X4_TH_ADD_MIN_MRC_IDX] =
5540             rx_sens_p->auto_corr_mrc_cck_x4;
5541         cmd.table[MIN_ENERGY_CCK_DET_IDX] =
5542             rx_sens_p->min_energy_det_cck;
5543 
5544         cmd.table[MIN_ENERGY_OFDM_DET_IDX] = 100;
5545         cmd.table[BARKER_CORR_TH_ADD_MIN_IDX] = 190;
5546         cmd.table[BARKER_CORR_TH_ADD_MIN_MRC_IDX] = 390;
5547         cmd.table[PTAM_ENERGY_TH_IDX] = 62;
5548 
5549         /*
5550          * send sensitivity command to complete actual sensitivity calibration
5551          */
5552         rv = iwk_cmd(sc, SENSITIVITY_CMD, &cmd, sizeof (cmd), 1);
5553         if (rv) {
5554                 cmn_err(CE_WARN, "iwk_rx_sens(): "
5555                     "fail to send rx sensitivity command\n");
5556                 return (rv);
5557         }
5558 
5559         return (IWK_SUCCESS);
5560 
5561 }
5562 
5563 /*
5564  * make Rx sensitivity calibration for CCK mode.
5565  * This is preparing parameters for Sensitivity command
5566  */
5567 static int iwk_cck_sens(iwk_sc_t *sc, uint32_t actual_rx_time)
5568 {
5569         int i;
5570         uint8_t noise_a, noise_b, noise_c;
5571         uint8_t max_noise_abc, max_noise_20;
5572         uint32_t beacon_a, beacon_b, beacon_c;
5573         uint32_t min_beacon_abc, max_beacon_10;
5574         uint32_t cck_fa, cck_bp;
5575         uint32_t cck_sum_fa_bp;
5576         uint32_t temp;
5577         struct statistics_rx_non_phy *rx_general_p =
5578             &sc->sc_statistics.rx.general;
5579         struct iwk_rx_sensitivity *rx_sens_p = &sc->sc_rx_sens;
5580 
5581         cck_fa = LE_32(sc->sc_statistics.rx.cck.false_alarm_cnt);
5582         cck_bp = LE_32(sc->sc_statistics.rx.cck.plcp_err);
5583 
5584         /* accumulate false alarm */
5585         if (rx_sens_p->last_false_alarm_cnt_cck > cck_fa) {
5586                 temp = rx_sens_p->last_false_alarm_cnt_cck;
5587                 rx_sens_p->last_false_alarm_cnt_cck = cck_fa;
5588                 cck_fa += (0xFFFFFFFF - temp);
5589         } else {
5590                 cck_fa -= rx_sens_p->last_false_alarm_cnt_cck;
5591                 rx_sens_p->last_false_alarm_cnt_cck += cck_fa;
5592         }
5593 
5594         /* accumulate bad plcp */
5595         if (rx_sens_p->last_bad_plcp_cnt_cck > cck_bp) {
5596                 temp = rx_sens_p->last_bad_plcp_cnt_cck;
5597                 rx_sens_p->last_bad_plcp_cnt_cck = cck_bp;
5598                 cck_bp += (0xFFFFFFFF - temp);
5599         } else {
5600                 cck_bp -= rx_sens_p->last_bad_plcp_cnt_cck;
5601                 rx_sens_p->last_bad_plcp_cnt_cck += cck_bp;
5602         }
5603 
5604         /*
5605          * calculate relative value
5606          */
5607         cck_sum_fa_bp = (cck_fa + cck_bp) * 200 * 1024;
5608         rx_sens_p->cck_noise_diff = 0;
5609 
5610         noise_a =
5611             (uint8_t)((LE_32(rx_general_p->beacon_silence_rssi_a) & 0xFF00) >>
5612             8);
5613         noise_b =
5614             (uint8_t)((LE_32(rx_general_p->beacon_silence_rssi_b) & 0xFF00) >>
5615             8);
5616         noise_c =
5617             (uint8_t)((LE_32(rx_general_p->beacon_silence_rssi_c) & 0xFF00) >>
5618             8);
5619 
5620         beacon_a = LE_32(rx_general_p->beacon_energy_a);
5621         beacon_b = LE_32(rx_general_p->beacon_energy_b);
5622         beacon_c = LE_32(rx_general_p->beacon_energy_c);
5623 
5624         /* determine maximum noise among 3 chains */
5625         if ((noise_a >= noise_b) && (noise_a >= noise_c)) {
5626                 max_noise_abc = noise_a;
5627         } else if (noise_b >= noise_c) {
5628                 max_noise_abc = noise_b;
5629         } else {
5630                 max_noise_abc = noise_c;
5631         }
5632 
5633         /* record maximum noise among 3 chains */
5634         rx_sens_p->cck_noise_max[rx_sens_p->cck_noise_idx] = max_noise_abc;
5635         rx_sens_p->cck_noise_idx++;
5636         if (rx_sens_p->cck_noise_idx >= 20) {
5637                 rx_sens_p->cck_noise_idx = 0;
5638         }
5639 
5640         /* determine maximum noise among 20 max noise */
5641         max_noise_20 = rx_sens_p->cck_noise_max[0];
5642         for (i = 0; i < 20; i++) {
5643                 if (rx_sens_p->cck_noise_max[i] >= max_noise_20) {
5644                         max_noise_20 = rx_sens_p->cck_noise_max[i];
5645                 }
5646         }
5647 
5648         /* determine minimum beacon among 3 chains */
5649         if ((beacon_a <= beacon_b) && (beacon_a <= beacon_c)) {
5650                 min_beacon_abc = beacon_a;
5651         } else if (beacon_b <= beacon_c) {
5652                 min_beacon_abc = beacon_b;
5653         } else {
5654                 min_beacon_abc = beacon_c;
5655         }
5656 
5657         /* record miminum beacon among 3 chains */
5658         rx_sens_p->cck_beacon_min[rx_sens_p->cck_beacon_idx] = min_beacon_abc;
5659         rx_sens_p->cck_beacon_idx++;
5660         if (rx_sens_p->cck_beacon_idx >= 10) {
5661                 rx_sens_p->cck_beacon_idx = 0;
5662         }
5663 
5664         /* determine maximum beacon among 10 miminum beacon among 3 chains */
5665         max_beacon_10 = rx_sens_p->cck_beacon_min[0];
5666         for (i = 0; i < 10; i++) {
5667                 if (rx_sens_p->cck_beacon_min[i] >= max_beacon_10) {
5668                         max_beacon_10 = rx_sens_p->cck_beacon_min[i];
5669                 }
5670         }
5671 
5672         /* add a little margin */
5673         max_beacon_10 += 6;
5674 
5675         /* record the count of having no false alarms */
5676         if (cck_sum_fa_bp < (5 * actual_rx_time)) {
5677                 rx_sens_p->cck_no_false_alarm_num++;
5678         } else {
5679                 rx_sens_p->cck_no_false_alarm_num = 0;
5680         }
5681 
5682         /*
5683          * adjust parameters in sensitivity command
5684          * according to different status.
5685          * for more infomation, please refer to iwk_calibration.h file
5686          */
5687         if (cck_sum_fa_bp > (50 * actual_rx_time)) {
5688                 rx_sens_p->cck_curr_state = IWK_TOO_MANY_FALSE_ALARM;
5689 
5690                 if (rx_sens_p->auto_corr_cck_x4 > 160) {
5691                         rx_sens_p->cck_noise_ref = max_noise_20;
5692 
5693                         if (rx_sens_p->min_energy_det_cck > 2) {
5694                                 rx_sens_p->min_energy_det_cck -= 2;
5695                         }
5696                 }
5697 
5698                 if (rx_sens_p->auto_corr_cck_x4 < 160) {
5699                         rx_sens_p->auto_corr_cck_x4 = 160 + 1;
5700                 } else {
5701                         if ((rx_sens_p->auto_corr_cck_x4 + 3) < 200) {
5702                                 rx_sens_p->auto_corr_cck_x4 += 3;
5703                         } else {
5704                                 rx_sens_p->auto_corr_cck_x4 = 200;
5705                         }
5706                 }
5707 
5708                 if ((rx_sens_p->auto_corr_mrc_cck_x4 + 3) < 400) {
5709                         rx_sens_p->auto_corr_mrc_cck_x4 += 3;
5710                 } else {
5711                         rx_sens_p->auto_corr_mrc_cck_x4 = 400;
5712                 }
5713 
5714                 rx_sens_p->flags |= IWK_SENSITIVITY_CCK_UPDATE_MSK;
5715 
5716         } else if (cck_sum_fa_bp < (5 * actual_rx_time)) {
5717                 rx_sens_p->cck_curr_state = IWK_TOO_FEW_FALSE_ALARM;
5718 
5719                 rx_sens_p->cck_noise_diff = (int32_t)rx_sens_p->cck_noise_ref -
5720                     (int32_t)max_noise_20;
5721 
5722                 if ((rx_sens_p->cck_prev_state != IWK_TOO_MANY_FALSE_ALARM) &&
5723                     ((rx_sens_p->cck_noise_diff > 2) ||
5724                     (rx_sens_p->cck_no_false_alarm_num > 100))) {
5725                         if ((rx_sens_p->min_energy_det_cck + 2) < 97) {
5726                                 rx_sens_p->min_energy_det_cck += 2;
5727                         } else {
5728                                 rx_sens_p->min_energy_det_cck = 97;
5729                         }
5730 
5731                         if ((rx_sens_p->auto_corr_cck_x4 - 3) > 125) {
5732                                 rx_sens_p->auto_corr_cck_x4 -= 3;
5733                         } else {
5734                                 rx_sens_p->auto_corr_cck_x4 = 125;
5735                         }
5736 
5737                         if ((rx_sens_p->auto_corr_mrc_cck_x4 -3) > 200) {
5738                                 rx_sens_p->auto_corr_mrc_cck_x4 -= 3;
5739                         } else {
5740                                 rx_sens_p->auto_corr_mrc_cck_x4 = 200;
5741                         }
5742 
5743                         rx_sens_p->flags |= IWK_SENSITIVITY_CCK_UPDATE_MSK;
5744                 } else {
5745                         rx_sens_p->flags &= (~IWK_SENSITIVITY_CCK_UPDATE_MSK);
5746                 }
5747         } else {
5748                 rx_sens_p->cck_curr_state = IWK_GOOD_RANGE_FALSE_ALARM;
5749 
5750                 rx_sens_p->cck_noise_ref = max_noise_20;
5751 
5752                 if (IWK_TOO_MANY_FALSE_ALARM == rx_sens_p->cck_prev_state) {
5753                         rx_sens_p->min_energy_det_cck -= 8;
5754                 }
5755 
5756                 rx_sens_p->flags &= (~IWK_SENSITIVITY_CCK_UPDATE_MSK);
5757         }
5758 
5759         if (rx_sens_p->min_energy_det_cck < max_beacon_10) {
5760                 rx_sens_p->min_energy_det_cck = (uint16_t)max_beacon_10;
5761         }
5762 
5763         rx_sens_p->cck_prev_state = rx_sens_p->cck_curr_state;
5764 
5765         return (IWK_SUCCESS);
5766 }
5767 
5768 /*
5769  * make Rx sensitivity calibration for OFDM mode.
5770  * This is preparing parameters for Sensitivity command
5771  */
5772 static int iwk_ofdm_sens(iwk_sc_t *sc, uint32_t actual_rx_time)
5773 {
5774         uint32_t temp;
5775         uint16_t temp1;
5776         uint32_t ofdm_fa, ofdm_bp;
5777         uint32_t ofdm_sum_fa_bp;
5778         struct iwk_rx_sensitivity *rx_sens_p = &sc->sc_rx_sens;
5779 
5780         ofdm_fa = LE_32(sc->sc_statistics.rx.ofdm.false_alarm_cnt);
5781         ofdm_bp = LE_32(sc->sc_statistics.rx.ofdm.plcp_err);
5782 
5783         /* accumulate false alarm */
5784         if (rx_sens_p->last_false_alarm_cnt_ofdm > ofdm_fa) {
5785                 temp = rx_sens_p->last_false_alarm_cnt_ofdm;
5786                 rx_sens_p->last_false_alarm_cnt_ofdm = ofdm_fa;
5787                 ofdm_fa += (0xFFFFFFFF - temp);
5788         } else {
5789                 ofdm_fa -= rx_sens_p->last_false_alarm_cnt_ofdm;
5790                 rx_sens_p->last_false_alarm_cnt_ofdm += ofdm_fa;
5791         }
5792 
5793         /* accumulate bad plcp */
5794         if (rx_sens_p->last_bad_plcp_cnt_ofdm > ofdm_bp) {
5795                 temp = rx_sens_p->last_bad_plcp_cnt_ofdm;
5796                 rx_sens_p->last_bad_plcp_cnt_ofdm = ofdm_bp;
5797                 ofdm_bp += (0xFFFFFFFF - temp);
5798         } else {
5799                 ofdm_bp -= rx_sens_p->last_bad_plcp_cnt_ofdm;
5800                 rx_sens_p->last_bad_plcp_cnt_ofdm += ofdm_bp;
5801         }
5802 
5803         ofdm_sum_fa_bp = (ofdm_fa + ofdm_bp) * 200 * 1024; /* relative value */
5804 
5805         /*
5806          * adjust parameter in sensitivity command according to different status
5807          */
5808         if (ofdm_sum_fa_bp > (50 * actual_rx_time)) {
5809                 temp1 = rx_sens_p->auto_corr_ofdm_x4 + 1;
5810                 rx_sens_p->auto_corr_ofdm_x4 = (temp1 <= 120) ? temp1 : 120;
5811 
5812                 temp1 = rx_sens_p->auto_corr_mrc_ofdm_x4 + 1;
5813                 rx_sens_p->auto_corr_mrc_ofdm_x4 =
5814                     (temp1 <= 210) ? temp1 : 210;
5815 
5816                 temp1 = rx_sens_p->auto_corr_ofdm_x1 + 1;
5817                 rx_sens_p->auto_corr_ofdm_x1 = (temp1 <= 140) ? temp1 : 140;
5818 
5819                 temp1 = rx_sens_p->auto_corr_mrc_ofdm_x1 + 1;
5820                 rx_sens_p->auto_corr_mrc_ofdm_x1 =
5821                     (temp1 <= 270) ? temp1 : 270;
5822 
5823                 rx_sens_p->flags |= IWK_SENSITIVITY_OFDM_UPDATE_MSK;
5824 
5825         } else if (ofdm_sum_fa_bp < (5 * actual_rx_time)) {
5826                 temp1 = rx_sens_p->auto_corr_ofdm_x4 - 1;
5827                 rx_sens_p->auto_corr_ofdm_x4 = (temp1 >= 85) ? temp1 : 85;
5828 
5829                 temp1 = rx_sens_p->auto_corr_mrc_ofdm_x4 - 1;
5830                 rx_sens_p->auto_corr_mrc_ofdm_x4 =
5831                     (temp1 >= 170) ? temp1 : 170;
5832 
5833                 temp1 = rx_sens_p->auto_corr_ofdm_x1 - 1;
5834                 rx_sens_p->auto_corr_ofdm_x1 = (temp1 >= 105) ? temp1 : 105;
5835 
5836                 temp1 = rx_sens_p->auto_corr_mrc_ofdm_x1 - 1;
5837                 rx_sens_p->auto_corr_mrc_ofdm_x1 =
5838                     (temp1 >= 220) ? temp1 : 220;
5839 
5840                 rx_sens_p->flags |= IWK_SENSITIVITY_OFDM_UPDATE_MSK;
5841 
5842         } else {
5843                 rx_sens_p->flags &= (~IWK_SENSITIVITY_OFDM_UPDATE_MSK);
5844         }
5845 
5846         return (IWK_SUCCESS);
5847 }
5848 
5849 /*
5850  * additional process to management frames
5851  */
5852 static void iwk_recv_mgmt(struct ieee80211com *ic, mblk_t *mp,
5853     struct ieee80211_node *in,
5854     int subtype, int rssi, uint32_t rstamp)
5855 {
5856         iwk_sc_t *sc = (iwk_sc_t *)ic;
5857         struct ieee80211_frame *wh;
5858         uint8_t index1, index2;
5859         int err;
5860 
5861         sc->sc_recv_mgmt(ic, mp, in, subtype, rssi, rstamp);
5862 
5863         mutex_enter(&sc->sc_glock);
5864         switch (subtype) {
5865         case IEEE80211_FC0_SUBTYPE_BEACON:
5866                 if (sc->sc_ibss.ibss_beacon.syncbeacon && in == ic->ic_bss &&
5867                     ic->ic_state == IEEE80211_S_RUN) {
5868                         if (ieee80211_beacon_update(ic, in,
5869                             &sc->sc_ibss.ibss_beacon.iwk_boff,
5870                             sc->sc_ibss.ibss_beacon.mp, 0)) {
5871                                 bcopy(sc->sc_ibss.ibss_beacon.mp->b_rptr,
5872                                     sc->sc_ibss.ibss_beacon.beacon_cmd.
5873                                     bcon_frame,
5874                                     MBLKL(sc->sc_ibss.ibss_beacon.mp));
5875                         }
5876                         err = iwk_cmd(sc, REPLY_TX_BEACON,
5877                             &sc->sc_ibss.ibss_beacon.beacon_cmd,
5878                             sc->sc_ibss.ibss_beacon.beacon_cmd_len, 1);
5879                         if (err != IWK_SUCCESS) {
5880                                 cmn_err(CE_WARN, "iwk_recv_mgmt(): "
5881                                     "failed to TX beacon.\n");
5882                         }
5883                         sc->sc_ibss.ibss_beacon.syncbeacon = 0;
5884                 }
5885                 if (ic->ic_opmode == IEEE80211_M_IBSS &&
5886                     ic->ic_state == IEEE80211_S_RUN) {
5887                         wh = (struct ieee80211_frame *)mp->b_rptr;
5888                         mutex_enter(&sc->sc_ibss.node_tb_lock);
5889                         /*
5890                          * search for node in ibss node table
5891                          */
5892                         for (index1 = IWK_STA_ID; index1 < IWK_STATION_COUNT;
5893                             index1++) {
5894                                 if (sc->sc_ibss.ibss_node_tb[index1].used &&
5895                                     IEEE80211_ADDR_EQ(sc->sc_ibss.
5896                                     ibss_node_tb[index1].node.bssid,
5897                                     wh->i_addr2)) {
5898                                         break;
5899                                 }
5900                         }
5901                         /*
5902                          * if don't find in ibss node table
5903                          */
5904                         if (index1 >= IWK_BROADCAST_ID) {
5905                                 err = iwk_clean_add_node_ibss(ic,
5906                                     wh->i_addr2, &index2);
5907                                 if (err != IWK_SUCCESS) {
5908                                         cmn_err(CE_WARN, "iwk_recv_mgmt(): "
5909                                             "failed to clean all nodes "
5910                                             "and add one node\n");
5911                                 }
5912                         }
5913                         mutex_exit(&sc->sc_ibss.node_tb_lock);
5914                 }
5915                 break;
5916         case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
5917                 break;
5918         }
5919         mutex_exit(&sc->sc_glock);
5920 }
5921 
5922 /*
5923  * 1)  log_event_table_ptr indicates base of the event log.  This traces
5924  *     a 256-entry history of uCode execution within a circular buffer.
5925  *     Its header format is:
5926  *
5927  *      uint32_t log_size;      log capacity (in number of entries)
5928  *      uint32_t type;  (1) timestamp with each entry, (0) no timestamp
5929  *      uint32_t wraps; # times uCode has wrapped to top of circular buffer
5930  *      uint32_t write_index;   next circular buffer entry that uCode would fill
5931  *
5932  *     The header is followed by the circular buffer of log entries.  Entries
5933  *     with timestamps have the following format:
5934  *
5935  *      uint32_t event_id;     range 0 - 1500
5936  *      uint32_t timestamp;    low 32 bits of TSF (of network, if associated)
5937  *      uint32_t data;         event_id-specific data value
5938  *
5939  *     Entries without timestamps contain only event_id and data.
5940  */
5941 
5942 /*
5943  * iwk_write_event_log - Write event log to dmesg
5944  */
5945 static void iwk_write_event_log(iwk_sc_t *sc)
5946 {
5947         uint32_t log_event_table_ptr;   /* Start address of event table */
5948         uint32_t startptr;      /* Start address of log data */
5949         uint32_t logptr;        /* address of log data entry */
5950         uint32_t i, n, num_events;
5951         uint32_t event_id, data1, data2; /* log data */
5952 
5953         uint32_t log_size;   /* log capacity (in number of entries) */
5954         uint32_t type;  /* (1)timestamp with each entry,(0) no timestamp */
5955         uint32_t wraps; /* # times uCode has wrapped to */
5956                         /* the top of circular buffer */
5957         uint32_t idx; /* index of entry to be filled in next */
5958 
5959         log_event_table_ptr = LE_32(sc->sc_card_alive_run.log_event_table_ptr);
5960         if (!(log_event_table_ptr)) {
5961                 IWK_DBG((IWK_DEBUG_EEPROM, "NULL event table pointer\n"));
5962                 return;
5963         }
5964 
5965         iwk_mac_access_enter(sc);
5966 
5967         /* Read log header */
5968         log_size = iwk_mem_read(sc, log_event_table_ptr);
5969         log_event_table_ptr += sizeof (uint32_t); /* addr of "type" */
5970         type = iwk_mem_read(sc, log_event_table_ptr);
5971         log_event_table_ptr += sizeof (uint32_t); /* addr of "wraps" */
5972         wraps = iwk_mem_read(sc, log_event_table_ptr);
5973         log_event_table_ptr += sizeof (uint32_t); /* addr of "idx" */
5974         idx = iwk_mem_read(sc, log_event_table_ptr);
5975         startptr = log_event_table_ptr +
5976             sizeof (uint32_t); /* addr of start of log data */
5977         if (!log_size & !wraps) {
5978                 IWK_DBG((IWK_DEBUG_EEPROM, "Empty log\n"));
5979                 iwk_mac_access_exit(sc);
5980                 return;
5981         }
5982 
5983         if (!wraps) {
5984                 num_events = idx;
5985                 logptr = startptr;
5986         } else {
5987                 num_events = log_size - idx;
5988                 n = type ? 2 : 3;
5989                 logptr = startptr + (idx * n * sizeof (uint32_t));
5990         }
5991 
5992         for (i = 0; i < num_events; i++) {
5993                 event_id = iwk_mem_read(sc, logptr);
5994                 logptr += sizeof (uint32_t);
5995                 data1 = iwk_mem_read(sc, logptr);
5996                 logptr += sizeof (uint32_t);
5997                 if (type == 0) { /* no timestamp */
5998                         IWK_DBG((IWK_DEBUG_EEPROM, "Event ID=%d, Data=%x0x",
5999                             event_id, data1));
6000                 } else { /* timestamp */
6001                         data2 = iwk_mem_read(sc, logptr);
6002                         IWK_DBG((IWK_DEBUG_EEPROM,
6003                             "Time=%d, Event ID=%d, Data=0x%x\n",
6004                             data1, event_id, data2));
6005                         logptr += sizeof (uint32_t);
6006                 }
6007         }
6008 
6009         /*
6010          * Print the wrapped around entries, if any
6011          */
6012         if (wraps) {
6013                 logptr = startptr;
6014                 for (i = 0; i < idx; i++) {
6015                         event_id = iwk_mem_read(sc, logptr);
6016                         logptr += sizeof (uint32_t);
6017                         data1 = iwk_mem_read(sc, logptr);
6018                         logptr += sizeof (uint32_t);
6019                         if (type == 0) { /* no timestamp */
6020                                 IWK_DBG((IWK_DEBUG_EEPROM,
6021                                     "Event ID=%d, Data=%x0x", event_id, data1));
6022                         } else { /* timestamp */
6023                                 data2 = iwk_mem_read(sc, logptr);
6024                                 IWK_DBG((IWK_DEBUG_EEPROM,
6025                                     "Time = %d, Event ID=%d, Data=0x%x\n",
6026                                     data1, event_id, data2));
6027                                 logptr += sizeof (uint32_t);
6028                         }
6029                 }
6030         }
6031 
6032         iwk_mac_access_exit(sc);
6033 }
6034 
6035 /*
6036  * error_event_table_ptr indicates base of the error log.  This contains
6037  * information about any uCode error that occurs.  For 4965, the format is:
6038  *
6039  * uint32_t valid;        (nonzero) valid, (0) log is empty
6040  * uint32_t error_id;     type of error
6041  * uint32_t pc;           program counter
6042  * uint32_t blink1;       branch link
6043  * uint32_t blink2;       branch link
6044  * uint32_t ilink1;       interrupt link
6045  * uint32_t ilink2;       interrupt link
6046  * uint32_t data1;        error-specific data
6047  * uint32_t data2;        error-specific data
6048  * uint32_t line;         source code line of error
6049  * uint32_t bcon_time;    beacon timer
6050  * uint32_t tsf_low;      network timestamp function timer
6051  * uint32_t tsf_hi;       network timestamp function timer
6052  */
6053 /*
6054  * iwk_write_error_log - Write error log to dmesg
6055  */
6056 static void iwk_write_error_log(iwk_sc_t *sc)
6057 {
6058         uint32_t err_ptr;       /* Start address of error log */
6059         uint32_t valid;         /* is error log valid */
6060 
6061         err_ptr = LE_32(sc->sc_card_alive_run.error_event_table_ptr);
6062         if (!(err_ptr)) {
6063                 IWK_DBG((IWK_DEBUG_EEPROM, "NULL error table pointer\n"));
6064                 return;
6065         }
6066 
6067         iwk_mac_access_enter(sc);
6068 
6069         valid = iwk_mem_read(sc, err_ptr);
6070         if (!(valid)) {
6071                 IWK_DBG((IWK_DEBUG_EEPROM, "Error data not valid\n"));
6072                 iwk_mac_access_exit(sc);
6073                 return;
6074         }
6075         err_ptr += sizeof (uint32_t);
6076         IWK_DBG((IWK_DEBUG_EEPROM, "err=%d ", iwk_mem_read(sc, err_ptr)));
6077         err_ptr += sizeof (uint32_t);
6078         IWK_DBG((IWK_DEBUG_EEPROM, "pc=0x%X ", iwk_mem_read(sc, err_ptr)));
6079         err_ptr += sizeof (uint32_t);
6080         IWK_DBG((IWK_DEBUG_EEPROM,
6081             "branch link1=0x%X ", iwk_mem_read(sc, err_ptr)));
6082         err_ptr += sizeof (uint32_t);
6083         IWK_DBG((IWK_DEBUG_EEPROM,
6084             "branch link2=0x%X ", iwk_mem_read(sc, err_ptr)));
6085         err_ptr += sizeof (uint32_t);
6086         IWK_DBG((IWK_DEBUG_EEPROM,
6087             "interrupt link1=0x%X ", iwk_mem_read(sc, err_ptr)));
6088         err_ptr += sizeof (uint32_t);
6089         IWK_DBG((IWK_DEBUG_EEPROM,
6090             "interrupt link2=0x%X ", iwk_mem_read(sc, err_ptr)));
6091         err_ptr += sizeof (uint32_t);
6092         IWK_DBG((IWK_DEBUG_EEPROM, "data1=0x%X ", iwk_mem_read(sc, err_ptr)));
6093         err_ptr += sizeof (uint32_t);
6094         IWK_DBG((IWK_DEBUG_EEPROM, "data2=0x%X ", iwk_mem_read(sc, err_ptr)));
6095         err_ptr += sizeof (uint32_t);
6096         IWK_DBG((IWK_DEBUG_EEPROM, "line=%d ", iwk_mem_read(sc, err_ptr)));
6097         err_ptr += sizeof (uint32_t);
6098         IWK_DBG((IWK_DEBUG_EEPROM, "bcon_time=%d ", iwk_mem_read(sc, err_ptr)));
6099         err_ptr += sizeof (uint32_t);
6100         IWK_DBG((IWK_DEBUG_EEPROM, "tsf_low=%d ", iwk_mem_read(sc, err_ptr)));
6101         err_ptr += sizeof (uint32_t);
6102         IWK_DBG((IWK_DEBUG_EEPROM, "tsf_hi=%d\n", iwk_mem_read(sc, err_ptr)));
6103 
6104         iwk_mac_access_exit(sc);
6105 }
6106 
6107 static int
6108 iwk_run_state_config_ibss(ieee80211com_t *ic)
6109 {
6110         iwk_sc_t *sc = (iwk_sc_t *)ic;
6111         ieee80211_node_t *in = ic->ic_bss;
6112         int i, err = IWK_SUCCESS;
6113 
6114         mutex_enter(&sc->sc_ibss.node_tb_lock);
6115 
6116         /*
6117          * clean all nodes in ibss node table assure be
6118          * consistent with hardware
6119          */
6120         for (i = IWK_STA_ID; i < IWK_STATION_COUNT; i++) {
6121                 sc->sc_ibss.ibss_node_tb[i].used = 0;
6122                 (void) memset(&sc->sc_ibss.ibss_node_tb[i].node,
6123                     0,
6124                     sizeof (iwk_add_sta_t));
6125         }
6126 
6127         sc->sc_ibss.node_number = 0;
6128 
6129         mutex_exit(&sc->sc_ibss.node_tb_lock);
6130 
6131         /*
6132          * configure RX and TX
6133          */
6134         sc->sc_config.dev_type = RXON_DEV_TYPE_IBSS;
6135 
6136         sc->sc_config.flags |= LE_32(RXON_FLG_SHORT_PREAMBLE_MSK);
6137         sc->sc_config.filter_flags =
6138             LE_32(RXON_FILTER_ACCEPT_GRP_MSK |
6139             RXON_FILTER_DIS_DECRYPT_MSK |
6140             RXON_FILTER_DIS_GRP_DECRYPT_MSK);
6141 
6142         sc->sc_config.assoc_id = 0;
6143 
6144         IEEE80211_ADDR_COPY(sc->sc_config.bssid, in->in_bssid);
6145         sc->sc_config.chan = LE_16(ieee80211_chan2ieee(ic,
6146             in->in_chan));
6147 
6148         if (ic->ic_curmode == IEEE80211_MODE_11B) {
6149                 sc->sc_config.cck_basic_rates = 0x03;
6150                 sc->sc_config.ofdm_basic_rates = 0;
6151         } else if ((in->in_chan != IEEE80211_CHAN_ANYC) &&
6152             (IEEE80211_IS_CHAN_5GHZ(in->in_chan))) {
6153                 sc->sc_config.cck_basic_rates = 0;
6154                 sc->sc_config.ofdm_basic_rates = 0x15;
6155 
6156         } else {
6157                 sc->sc_config.cck_basic_rates = 0x0f;
6158                 sc->sc_config.ofdm_basic_rates = 0xff;
6159         }
6160 
6161         sc->sc_config.flags &=
6162             ~LE_32(RXON_FLG_SHORT_PREAMBLE_MSK |
6163             RXON_FLG_SHORT_SLOT_MSK);
6164 
6165         if (ic->ic_flags & IEEE80211_F_SHSLOT) {
6166                 sc->sc_config.flags |=
6167                     LE_32(RXON_FLG_SHORT_SLOT_MSK);
6168         }
6169 
6170         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) {
6171                 sc->sc_config.flags |=
6172                     LE_32(RXON_FLG_SHORT_PREAMBLE_MSK);
6173         }
6174 
6175         sc->sc_config.filter_flags |=
6176             LE_32(RXON_FILTER_ASSOC_MSK);
6177 
6178         err = iwk_cmd(sc, REPLY_RXON, &sc->sc_config,
6179             sizeof (iwk_rxon_cmd_t), 1);
6180         if (err != IWK_SUCCESS) {
6181                 cmn_err(CE_WARN, "iwk_run_state_config_ibss(): "
6182                     "failed to update configuration.\n");
6183                 return (err);
6184         }
6185 
6186         return (err);
6187 
6188 }
6189 
6190 static int
6191 iwk_run_state_config_sta(ieee80211com_t *ic)
6192 {
6193         iwk_sc_t *sc = (iwk_sc_t *)ic;
6194         ieee80211_node_t *in = ic->ic_bss;
6195         int err = IWK_SUCCESS;
6196 
6197         /* update adapter's configuration */
6198         if (sc->sc_assoc_id != in->in_associd) {
6199                 cmn_err(CE_WARN, "iwk_run_state_config_sta(): "
6200                     "associate ID mismatch: expected %d, "
6201                     "got %d\n",
6202                     in->in_associd, sc->sc_assoc_id);
6203         }
6204         sc->sc_config.assoc_id = LE_16(in->in_associd & 0x3fff);
6205 
6206         /*
6207          * short preamble/slot time are
6208          * negotiated when associating
6209          */
6210         sc->sc_config.flags &=
6211             ~LE_32(RXON_FLG_SHORT_PREAMBLE_MSK |
6212             RXON_FLG_SHORT_SLOT_MSK);
6213 
6214         if (ic->ic_flags & IEEE80211_F_SHSLOT)
6215                 sc->sc_config.flags |=
6216                     LE_32(RXON_FLG_SHORT_SLOT_MSK);
6217 
6218         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
6219                 sc->sc_config.flags |=
6220                     LE_32(RXON_FLG_SHORT_PREAMBLE_MSK);
6221 
6222         sc->sc_config.filter_flags |=
6223             LE_32(RXON_FILTER_ASSOC_MSK);
6224 
6225         if (ic->ic_opmode != IEEE80211_M_STA)
6226                 sc->sc_config.filter_flags |=
6227                     LE_32(RXON_FILTER_BCON_AWARE_MSK);
6228 
6229         IWK_DBG((IWK_DEBUG_80211, "config chan %d flags %x"
6230             " filter_flags %x\n",
6231             sc->sc_config.chan, sc->sc_config.flags,
6232             sc->sc_config.filter_flags));
6233 
6234         err = iwk_cmd(sc, REPLY_RXON, &sc->sc_config,
6235             sizeof (iwk_rxon_cmd_t), 1);
6236         if (err != IWK_SUCCESS) {
6237                 cmn_err(CE_WARN, "iwk_run_state_config_sta(): "
6238                     "failed to update configuration\n");
6239                 return (err);
6240         }
6241 
6242         return (err);
6243 }
6244 
6245 static int
6246 iwk_fast_recover(iwk_sc_t *sc)
6247 {
6248         ieee80211com_t *ic = &sc->sc_ic;
6249         int err;
6250 
6251         mutex_enter(&sc->sc_glock);
6252 
6253         /* restore runtime configuration */
6254         bcopy(&sc->sc_config_save, &sc->sc_config,
6255             sizeof (sc->sc_config));
6256 
6257         /* reset state to handle reassociations correctly */
6258         sc->sc_config.assoc_id = 0;
6259         sc->sc_config.filter_flags &=
6260             ~LE_32(RXON_FILTER_ASSOC_MSK);
6261 
6262         if ((err = iwk_hw_set_before_auth(sc)) != 0) {
6263                 cmn_err(CE_WARN, "iwk_fast_recover(): "
6264                     "failed to setup authentication\n");
6265                 mutex_exit(&sc->sc_glock);
6266                 return (err);
6267         }
6268 
6269         bcopy(&sc->sc_config_save, &sc->sc_config,
6270             sizeof (sc->sc_config));
6271 
6272         /* update adapter's configuration */
6273         err = iwk_run_state_config_sta(ic);
6274         if (err != IWK_SUCCESS) {
6275                 cmn_err(CE_WARN, "iwk_fast_recover(): "
6276                     "failed to setup association\n");
6277                 mutex_exit(&sc->sc_glock);
6278                 return (err);
6279         }
6280 
6281         /* obtain current temperature of chipset */
6282         sc->sc_tempera = iwk_curr_tempera(sc);
6283 
6284         /*
6285          * make Tx power calibration to determine
6286          * the gains of DSP and radio
6287          */
6288         err = iwk_tx_power_calibration(sc);
6289         if (err) {
6290                 cmn_err(CE_WARN, "iwk_fast_recover(): "
6291                     "failed to set tx power table\n");
6292                 mutex_exit(&sc->sc_glock);
6293                 return (err);
6294         }
6295 
6296         /*
6297          * make initialization for Receiver
6298          * sensitivity calibration
6299          */
6300         err = iwk_rx_sens_init(sc);
6301         if (err) {
6302                 cmn_err(CE_WARN, "iwk_fast_recover(): "
6303                     "failed to init RX sensitivity\n");
6304                 mutex_exit(&sc->sc_glock);
6305                 return (err);
6306         }
6307 
6308         /* make initialization for Receiver gain balance */
6309         err = iwk_rxgain_diff_init(sc);
6310         if (err) {
6311                 cmn_err(CE_WARN, "iwk_fast_recover(): "
6312                     "failed to init phy calibration\n");
6313                 mutex_exit(&sc->sc_glock);
6314                 return (err);
6315 
6316         }
6317         /* set LED on */
6318         iwk_set_led(sc, 2, 0, 1);
6319 
6320         mutex_exit(&sc->sc_glock);
6321 
6322         /* update keys */
6323         if (ic->ic_flags & IEEE80211_F_PRIVACY) {
6324                 for (int i = 0; i < IEEE80211_KEY_MAX; i++) {
6325                         if (ic->ic_nw_keys[i].wk_keyix == IEEE80211_KEYIX_NONE)
6326                                 continue;
6327                         err = iwk_key_set(ic, &ic->ic_nw_keys[i],
6328                             ic->ic_bss->in_macaddr);
6329                         /* failure */
6330                         if (err == 0) {
6331                                 cmn_err(CE_WARN, "iwk_fast_recover(): "
6332                                     "failed to setup hardware keys\n");
6333                                 return (IWK_FAIL);
6334                         }
6335                 }
6336         }
6337 
6338         sc->sc_flags &= ~IWK_F_HW_ERR_RECOVER;
6339 
6340         /* start queue */
6341         IWK_DBG((IWK_DEBUG_FW, "iwk_fast_recover(): resume xmit\n"));
6342         mac_tx_update(ic->ic_mach);
6343 
6344 
6345         return (IWK_SUCCESS);
6346 }
6347 
6348 static int
6349 iwk_start_tx_beacon(ieee80211com_t *ic)
6350 {
6351         iwk_sc_t *sc = (iwk_sc_t *)ic;
6352         ieee80211_node_t *in = ic->ic_bss;
6353         int err = IWK_SUCCESS;
6354         iwk_tx_beacon_cmd_t  *tx_beacon_p;
6355         uint16_t  masks = 0;
6356         mblk_t *mp;
6357         int rate;
6358 
6359         /*
6360          * allocate and transmit beacon frames
6361          */
6362         tx_beacon_p = &sc->sc_ibss.ibss_beacon.beacon_cmd;
6363 
6364         (void) memset(tx_beacon_p, 0,
6365             sizeof (iwk_tx_beacon_cmd_t));
6366         rate = 0;
6367         masks = 0;
6368 
6369         tx_beacon_p->config.sta_id = IWK_BROADCAST_ID;
6370         tx_beacon_p->config.stop_time.life_time =
6371             LE_32(0xffffffff);
6372 
6373         if (sc->sc_ibss.ibss_beacon.mp != NULL) {
6374                 freemsg(sc->sc_ibss.ibss_beacon.mp);
6375                 sc->sc_ibss.ibss_beacon.mp = NULL;
6376         }
6377 
6378         sc->sc_ibss.ibss_beacon.mp =
6379             ieee80211_beacon_alloc(ic, in,
6380             &sc->sc_ibss.ibss_beacon.iwk_boff);
6381         if (sc->sc_ibss.ibss_beacon.mp == NULL) {
6382                 cmn_err(CE_WARN, "iwk_start_tx_beacon(): "
6383                     "failed to get beacon frame.\n");
6384                 return (IWK_FAIL);
6385         }
6386 
6387         mp = sc->sc_ibss.ibss_beacon.mp;
6388 
6389         ASSERT(mp->b_cont == NULL);
6390 
6391         bcopy(mp->b_rptr, tx_beacon_p->bcon_frame, MBLKL(mp));
6392 
6393         tx_beacon_p->config.len = LE_16((uint16_t)(MBLKL(mp)));
6394         sc->sc_ibss.ibss_beacon.beacon_cmd_len =
6395             sizeof (iwk_tx_cmd_t) +
6396             4 + LE_16(tx_beacon_p->config.len);
6397 
6398         /*
6399          * beacons are sent at 1M
6400          */
6401         rate = in->in_rates.ir_rates[0];
6402         rate &= IEEE80211_RATE_VAL;
6403 
6404         if (2 == rate || 4 == rate || 11 == rate ||
6405             22 == rate) {
6406                 masks |= RATE_MCS_CCK_MSK;
6407         }
6408 
6409         masks |= RATE_MCS_ANT_B_MSK;
6410 
6411         tx_beacon_p->config.rate.r.rate_n_flags =
6412             LE_32(iwk_rate_to_plcp(rate) | masks);
6413 
6414 
6415         tx_beacon_p->config.tx_flags =
6416             LE_32(TX_CMD_FLG_SEQ_CTL_MSK | TX_CMD_FLG_TSF_MSK);
6417 
6418         if (ic->ic_bss->in_tstamp.tsf != 0) {
6419                 sc->sc_ibss.ibss_beacon.syncbeacon = 1;
6420         } else {
6421                 if (ieee80211_beacon_update(ic, in,
6422                     &sc->sc_ibss.ibss_beacon.iwk_boff,
6423                     mp, 0)) {
6424                         bcopy(mp->b_rptr,
6425                             tx_beacon_p->bcon_frame,
6426                             MBLKL(mp));
6427                 }
6428 
6429                 err = iwk_cmd(sc, REPLY_TX_BEACON,
6430                     tx_beacon_p,
6431                     sc->sc_ibss.ibss_beacon.beacon_cmd_len,
6432                     1);
6433                 if (err != IWK_SUCCESS) {
6434                         cmn_err(CE_WARN, "iwk_start_tx_beacon(): "
6435                             "failed to TX beacon.\n");
6436                         return (err);
6437                 }
6438 
6439                 sc->sc_ibss.ibss_beacon.syncbeacon = 0;
6440         }
6441 
6442         return (err);
6443 }
6444 
6445 static int
6446 iwk_clean_add_node_ibss(struct ieee80211com *ic,
6447     uint8_t addr[IEEE80211_ADDR_LEN], uint8_t *index2)
6448 {
6449         iwk_sc_t *sc = (iwk_sc_t *)ic;
6450         uint8_t index;
6451         iwk_add_sta_t bc_node;
6452         iwk_link_quality_cmd_t bc_link_quality;
6453         iwk_link_quality_cmd_t link_quality;
6454         uint16_t  bc_masks = 0;
6455         uint16_t  masks = 0;
6456         int i, rate;
6457         struct ieee80211_rateset rs;
6458         iwk_ibss_node_t *ibss_node_p;
6459         int err = IWK_SUCCESS;
6460 
6461         /*
6462          * find a location that is not
6463          * used in ibss node table
6464          */
6465         for (index = IWK_STA_ID;
6466             index < IWK_STATION_COUNT; index++) {
6467                 if (!sc->sc_ibss.ibss_node_tb[index].used) {
6468                         break;
6469                 }
6470         }
6471 
6472         /*
6473          * if have too many nodes in hardware, clean up
6474          */
6475         if (index < IWK_BROADCAST_ID &&
6476             sc->sc_ibss.node_number >= 25) {
6477                 if (iwk_cmd(sc, REPLY_REMOVE_ALL_STA,
6478                     NULL, 0, 1) != IWK_SUCCESS) {
6479                         cmn_err(CE_WARN, "iwk_clean_add_node_ibss(): "
6480                             "failed to remove all nodes in hardware\n");
6481                         return (IWK_FAIL);
6482                 }
6483 
6484                 for (i = IWK_STA_ID; i < IWK_STATION_COUNT; i++) {
6485                         sc->sc_ibss.ibss_node_tb[i].used = 0;
6486                         (void) memset(&sc->sc_ibss.ibss_node_tb[i].node,
6487                             0, sizeof (iwk_add_sta_t));
6488                 }
6489 
6490                 sc->sc_ibss.node_number = 0;
6491 
6492                 /*
6493                  * add broadcast node so that we
6494                  * can send broadcast frame
6495                  */
6496                 (void) memset(&bc_node, 0, sizeof (bc_node));
6497                 (void) memset(bc_node.bssid, 0xff, 6);
6498                 bc_node.id = IWK_BROADCAST_ID;
6499 
6500                 err = iwk_cmd(sc, REPLY_ADD_STA, &bc_node, sizeof (bc_node), 1);
6501                 if (err != IWK_SUCCESS) {
6502                 cmn_err(CE_WARN, "iwk_clean_add_node_ibss(): "
6503                     "failed to add broadcast node\n");
6504                 return (err);
6505                 }
6506 
6507                 /* TX_LINK_QUALITY cmd */
6508                 (void) memset(&bc_link_quality, 0, sizeof (bc_link_quality));
6509                 for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++) {
6510                         bc_masks |= RATE_MCS_CCK_MSK;
6511                         bc_masks |= RATE_MCS_ANT_B_MSK;
6512                         bc_masks &= ~RATE_MCS_ANT_A_MSK;
6513                         bc_link_quality.rate_n_flags[i] =
6514                             LE_32(iwk_rate_to_plcp(2) | bc_masks);
6515                 }
6516 
6517                 bc_link_quality.general_params.single_stream_ant_msk = 2;
6518                 bc_link_quality.general_params.dual_stream_ant_msk = 3;
6519                 bc_link_quality.agg_params.agg_dis_start_th = 3;
6520                 bc_link_quality.agg_params.agg_time_limit = LE_16(4000);
6521                 bc_link_quality.sta_id = IWK_BROADCAST_ID;
6522 
6523                 err = iwk_cmd(sc, REPLY_TX_LINK_QUALITY_CMD,
6524                     &bc_link_quality, sizeof (bc_link_quality), 1);
6525                 if (err != IWK_SUCCESS) {
6526                         cmn_err(CE_WARN, "iwk_clean_add_node_ibss(): "
6527                             "failed to config link quality table\n");
6528                         return (err);
6529                 }
6530         }
6531 
6532         if (index >= IWK_BROADCAST_ID) {
6533                 cmn_err(CE_WARN, "iwk_clean_add_node_ibss(): "
6534                     "the count of node in hardware is too much\n");
6535                 return (IWK_FAIL);
6536         }
6537 
6538         /*
6539          * add a node into hardware
6540          */
6541         ibss_node_p = &sc->sc_ibss.ibss_node_tb[index];
6542 
6543         ibss_node_p->used = 1;
6544 
6545         (void) memset(&ibss_node_p->node, 0,
6546             sizeof (iwk_add_sta_t));
6547 
6548         IEEE80211_ADDR_COPY(ibss_node_p->node.bssid, addr);
6549         ibss_node_p->node.id = index;
6550         ibss_node_p->node.control = 0;
6551         ibss_node_p->node.flags = 0;
6552 
6553         err = iwk_cmd(sc, REPLY_ADD_STA, &ibss_node_p->node,
6554             sizeof (iwk_add_sta_t), 1);
6555         if (err != IWK_SUCCESS) {
6556                 cmn_err(CE_WARN, "iwk_clean_add_node_ibss(): "
6557                     "failed to add IBSS node\n");
6558                 ibss_node_p->used = 0;
6559                 (void) memset(&ibss_node_p->node, 0,
6560                     sizeof (iwk_add_sta_t));
6561                 return (err);
6562         }
6563 
6564         sc->sc_ibss.node_number++;
6565 
6566         (void) memset(&link_quality, 0, sizeof (link_quality));
6567 
6568         rs = ic->ic_sup_rates[ieee80211_chan2mode(ic,
6569             ic->ic_curchan)];
6570 
6571         for (i = 0; i < LINK_QUAL_MAX_RETRY_NUM; i++) {
6572                 if (i < rs.ir_nrates) {
6573                         rate = rs.
6574                             ir_rates[rs.ir_nrates - i];
6575                 } else {
6576                         rate = 2;
6577                 }
6578 
6579                 if (2 == rate || 4 == rate ||
6580                     11 == rate || 22 == rate) {
6581                         masks |= RATE_MCS_CCK_MSK;
6582                 }
6583 
6584                 masks |= RATE_MCS_ANT_B_MSK;
6585                 masks &= ~RATE_MCS_ANT_A_MSK;
6586 
6587                 link_quality.rate_n_flags[i] =
6588                     LE_32(iwk_rate_to_plcp(rate) | masks);
6589         }
6590 
6591         link_quality.general_params.single_stream_ant_msk = 2;
6592         link_quality.general_params.dual_stream_ant_msk = 3;
6593         link_quality.agg_params.agg_dis_start_th = 3;
6594         link_quality.agg_params.agg_time_limit = LE_16(4000);
6595         link_quality.sta_id = ibss_node_p->node.id;
6596 
6597         err = iwk_cmd(sc, REPLY_TX_LINK_QUALITY_CMD,
6598             &link_quality, sizeof (link_quality), 1);
6599         if (err != IWK_SUCCESS) {
6600                 cmn_err(CE_WARN, "iwk_clean_add_node_ibss(): "
6601                     "failed to set up TX link quality\n");
6602                 ibss_node_p->used = 0;
6603                 (void) memset(ibss_node_p->node.bssid, 0, 6);
6604                 return (err);
6605         }
6606 
6607         *index2 = index;
6608 
6609         return (err);
6610 }