1 /* $OpenBSD: if_rsu.c,v 1.17 2013/04/15 09:23:01 mglocker Exp $ */
4 * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/cdefs.h>
19 __FBSDID("$FreeBSD$");
22 * Driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU.
27 * o hostap / ibss / mesh
29 #include <sys/param.h>
30 #include <sys/endian.h>
31 #include <sys/sockio.h>
33 #include <sys/kernel.h>
34 #include <sys/socket.h>
35 #include <sys/systm.h>
39 #include <sys/firmware.h>
40 #include <sys/module.h>
42 #include <machine/bus.h>
43 #include <machine/resource.h>
47 #include <net/if_arp.h>
48 #include <net/if_dl.h>
49 #include <net/if_media.h>
50 #include <net/if_types.h>
52 #include <netinet/in.h>
53 #include <netinet/in_systm.h>
54 #include <netinet/in_var.h>
55 #include <netinet/if_ether.h>
56 #include <netinet/ip.h>
58 #include <net80211/ieee80211_var.h>
59 #include <net80211/ieee80211_regdomain.h>
60 #include <net80211/ieee80211_radiotap.h>
62 #include <dev/usb/usb.h>
63 #include <dev/usb/usbdi.h>
66 #define USB_DEBUG_VAR rsu_debug
67 #include <dev/usb/usb_debug.h>
69 #include <dev/usb/wlan/if_rsureg.h>
72 static int rsu_debug = 0;
73 SYSCTL_NODE(_hw_usb, OID_AUTO, rsu, CTLFLAG_RW, 0, "USB rsu");
74 SYSCTL_INT(_hw_usb_rsu, OID_AUTO, debug, CTLFLAG_RW, &rsu_debug, 0,
78 static const STRUCT_USB_HOST_ID rsu_devs[] = {
79 #define RSU_HT_NOT_SUPPORTED 0
80 #define RSU_HT_SUPPORTED 1
81 #define RSU_DEV_HT(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \
83 #define RSU_DEV(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \
84 RSU_HT_NOT_SUPPORTED) }
85 RSU_DEV(ASUS, RTL8192SU),
86 RSU_DEV(AZUREWAVE, RTL8192SU_4),
87 RSU_DEV_HT(ACCTON, RTL8192SU),
88 RSU_DEV_HT(ASUS, USBN10),
89 RSU_DEV_HT(AZUREWAVE, RTL8192SU_1),
90 RSU_DEV_HT(AZUREWAVE, RTL8192SU_2),
91 RSU_DEV_HT(AZUREWAVE, RTL8192SU_3),
92 RSU_DEV_HT(AZUREWAVE, RTL8192SU_5),
93 RSU_DEV_HT(BELKIN, RTL8192SU_1),
94 RSU_DEV_HT(BELKIN, RTL8192SU_2),
95 RSU_DEV_HT(BELKIN, RTL8192SU_3),
96 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_1),
97 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_2),
98 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_3),
99 RSU_DEV_HT(COREGA, RTL8192SU),
100 RSU_DEV_HT(DLINK2, DWA131A1),
101 RSU_DEV_HT(DLINK2, RTL8192SU_1),
102 RSU_DEV_HT(DLINK2, RTL8192SU_2),
103 RSU_DEV_HT(EDIMAX, RTL8192SU_1),
104 RSU_DEV_HT(EDIMAX, RTL8192SU_2),
105 RSU_DEV_HT(EDIMAX, RTL8192SU_3),
106 RSU_DEV_HT(GUILLEMOT, HWGUN54),
107 RSU_DEV_HT(GUILLEMOT, HWNUM300),
108 RSU_DEV_HT(HAWKING, RTL8192SU_1),
109 RSU_DEV_HT(HAWKING, RTL8192SU_2),
110 RSU_DEV_HT(PLANEX2, GWUSNANO),
111 RSU_DEV_HT(REALTEK, RTL8171),
112 RSU_DEV_HT(REALTEK, RTL8172),
113 RSU_DEV_HT(REALTEK, RTL8173),
114 RSU_DEV_HT(REALTEK, RTL8174),
115 RSU_DEV_HT(REALTEK, RTL8192SU),
116 RSU_DEV_HT(REALTEK, RTL8712),
117 RSU_DEV_HT(REALTEK, RTL8713),
118 RSU_DEV_HT(SENAO, RTL8192SU_1),
119 RSU_DEV_HT(SENAO, RTL8192SU_2),
120 RSU_DEV_HT(SITECOMEU, WL349V1),
121 RSU_DEV_HT(SITECOMEU, WL353),
122 RSU_DEV_HT(SWEEX2, LW154),
127 static device_probe_t rsu_match;
128 static device_attach_t rsu_attach;
129 static device_detach_t rsu_detach;
130 static usb_callback_t rsu_bulk_tx_callback;
131 static usb_callback_t rsu_bulk_rx_callback;
132 static usb_error_t rsu_do_request(struct rsu_softc *,
133 struct usb_device_request *, void *);
134 static struct ieee80211vap *
135 rsu_vap_create(struct ieee80211com *, const char name[],
136 int, enum ieee80211_opmode, int, const uint8_t bssid[],
137 const uint8_t mac[]);
138 static void rsu_vap_delete(struct ieee80211vap *);
139 static void rsu_scan_start(struct ieee80211com *);
140 static void rsu_scan_end(struct ieee80211com *);
141 static void rsu_set_channel(struct ieee80211com *);
142 static void rsu_update_mcast(struct ifnet *);
143 static int rsu_alloc_rx_list(struct rsu_softc *);
144 static void rsu_free_rx_list(struct rsu_softc *);
145 static int rsu_alloc_tx_list(struct rsu_softc *);
146 static void rsu_free_tx_list(struct rsu_softc *);
147 static void rsu_free_list(struct rsu_softc *, struct rsu_data [], int);
148 static struct rsu_data *_rsu_getbuf(struct rsu_softc *);
149 static struct rsu_data *rsu_getbuf(struct rsu_softc *);
150 static int rsu_write_region_1(struct rsu_softc *, uint16_t, uint8_t *,
152 static void rsu_write_1(struct rsu_softc *, uint16_t, uint8_t);
153 static void rsu_write_2(struct rsu_softc *, uint16_t, uint16_t);
154 static void rsu_write_4(struct rsu_softc *, uint16_t, uint32_t);
155 static int rsu_read_region_1(struct rsu_softc *, uint16_t, uint8_t *,
157 static uint8_t rsu_read_1(struct rsu_softc *, uint16_t);
158 static uint16_t rsu_read_2(struct rsu_softc *, uint16_t);
159 static uint32_t rsu_read_4(struct rsu_softc *, uint16_t);
160 static int rsu_fw_iocmd(struct rsu_softc *, uint32_t);
161 static uint8_t rsu_efuse_read_1(struct rsu_softc *, uint16_t);
162 static int rsu_read_rom(struct rsu_softc *);
163 static int rsu_fw_cmd(struct rsu_softc *, uint8_t, void *, int);
164 static void rsu_calib_task(void *, int);
165 static int rsu_newstate(struct ieee80211vap *, enum ieee80211_state, int);
167 static void rsu_set_key(struct rsu_softc *, const struct ieee80211_key *);
168 static void rsu_delete_key(struct rsu_softc *, const struct ieee80211_key *);
170 static int rsu_site_survey(struct rsu_softc *, struct ieee80211vap *);
171 static int rsu_join_bss(struct rsu_softc *, struct ieee80211_node *);
172 static int rsu_disconnect(struct rsu_softc *);
173 static void rsu_event_survey(struct rsu_softc *, uint8_t *, int);
174 static void rsu_event_join_bss(struct rsu_softc *, uint8_t *, int);
175 static void rsu_rx_event(struct rsu_softc *, uint8_t, uint8_t *, int);
176 static void rsu_rx_multi_event(struct rsu_softc *, uint8_t *, int);
177 static int8_t rsu_get_rssi(struct rsu_softc *, int, void *);
179 rsu_rx_frame(struct rsu_softc *, uint8_t *, int, int *);
181 rsu_rx_multi_frame(struct rsu_softc *, uint8_t *, int, int *);
183 rsu_rxeof(struct usb_xfer *, struct rsu_data *, int *);
184 static void rsu_txeof(struct usb_xfer *, struct rsu_data *);
185 static int rsu_raw_xmit(struct ieee80211_node *, struct mbuf *,
186 const struct ieee80211_bpf_params *);
187 static void rsu_init(void *);
188 static void rsu_init_locked(struct rsu_softc *);
189 static void rsu_watchdog(void *);
190 static int rsu_tx_start(struct rsu_softc *, struct ieee80211_node *,
191 struct mbuf *, struct rsu_data *);
192 static void rsu_start(struct ifnet *);
193 static void rsu_start_locked(struct ifnet *);
194 static int rsu_ioctl(struct ifnet *, u_long, caddr_t);
195 static void rsu_stop(struct ifnet *, int);
196 static void rsu_stop_locked(struct ifnet *, int);
198 static device_method_t rsu_methods[] = {
199 DEVMETHOD(device_probe, rsu_match),
200 DEVMETHOD(device_attach, rsu_attach),
201 DEVMETHOD(device_detach, rsu_detach),
206 static driver_t rsu_driver = {
208 .methods = rsu_methods,
209 .size = sizeof(struct rsu_softc)
212 static devclass_t rsu_devclass;
214 DRIVER_MODULE(rsu, uhub, rsu_driver, rsu_devclass, NULL, 0);
215 MODULE_DEPEND(rsu, wlan, 1, 1, 1);
216 MODULE_DEPEND(rsu, usb, 1, 1, 1);
217 MODULE_DEPEND(rsu, firmware, 1, 1, 1);
218 MODULE_VERSION(rsu, 1);
220 static const struct usb_config rsu_config[RSU_N_TRANSFER] = {
223 .endpoint = UE_ADDR_ANY,
224 .direction = UE_DIR_IN,
225 .bufsize = RSU_RXBUFSZ,
230 .callback = rsu_bulk_rx_callback
235 .direction = UE_DIR_OUT,
236 .bufsize = RSU_TXBUFSZ,
240 .force_short_xfer = 1
242 .callback = rsu_bulk_tx_callback,
243 .timeout = RSU_TX_TIMEOUT
248 .direction = UE_DIR_OUT,
249 .bufsize = RSU_TXBUFSZ,
253 .force_short_xfer = 1
255 .callback = rsu_bulk_tx_callback,
256 .timeout = RSU_TX_TIMEOUT
261 .direction = UE_DIR_OUT,
262 .bufsize = RSU_TXBUFSZ,
266 .force_short_xfer = 1
268 .callback = rsu_bulk_tx_callback,
269 .timeout = RSU_TX_TIMEOUT
274 .direction = UE_DIR_OUT,
275 .bufsize = RSU_TXBUFSZ,
279 .force_short_xfer = 1
281 .callback = rsu_bulk_tx_callback,
282 .timeout = RSU_TX_TIMEOUT
287 rsu_match(device_t self)
289 struct usb_attach_arg *uaa = device_get_ivars(self);
291 if (uaa->usb_mode != USB_MODE_HOST ||
292 uaa->info.bIfaceIndex != 0 ||
293 uaa->info.bConfigIndex != 0)
296 return (usbd_lookup_id_by_uaa(rsu_devs, sizeof(rsu_devs), uaa));
300 rsu_attach(device_t self)
302 struct usb_attach_arg *uaa = device_get_ivars(self);
303 struct rsu_softc *sc = device_get_softc(self);
305 struct ieee80211com *ic;
307 uint8_t iface_index, bands;
309 device_set_usb_desc(self);
310 sc->sc_udev = uaa->device;
313 mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK,
315 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_task, 0,
317 callout_init(&sc->sc_watchdog_ch, 0);
320 error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer,
321 rsu_config, RSU_N_TRANSFER, sc, &sc->sc_mtx);
323 device_printf(sc->sc_dev,
324 "could not allocate USB transfers, err=%s\n",
329 /* Read chip revision. */
330 sc->cut = MS(rsu_read_4(sc, R92S_PMC_FSM), R92S_PMC_FSM_CUT);
332 sc->cut = (sc->cut >> 1) + 1;
333 error = rsu_read_rom(sc);
335 device_printf(self, "could not read ROM\n");
339 IEEE80211_ADDR_COPY(sc->sc_bssid, &sc->rom[0x12]);
340 device_printf(self, "MAC/BB RTL8712 cut %d\n", sc->cut);
341 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
343 device_printf(self, "cannot allocate interface\n");
348 if_initname(ifp, "rsu", device_get_unit(self));
349 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
350 ifp->if_init = rsu_init;
351 ifp->if_ioctl = rsu_ioctl;
352 ifp->if_start = rsu_start;
353 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
354 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
355 IFQ_SET_READY(&ifp->if_snd);
356 ifp->if_capabilities |= IFCAP_RXCSUM;
357 ifp->if_capenable |= IFCAP_RXCSUM;
358 ifp->if_hwassist = CSUM_TCP;
361 ic->ic_phytype = IEEE80211_T_OFDM; /* Not only, but not used. */
362 ic->ic_opmode = IEEE80211_M_STA; /* Default to BSS mode. */
364 /* Set device capabilities. */
366 IEEE80211_C_STA | /* station mode */
367 IEEE80211_C_BGSCAN | /* Background scan. */
368 IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */
369 IEEE80211_C_SHSLOT | /* Short slot time supported. */
370 IEEE80211_C_WPA; /* WPA/RSN. */
373 /* Check if HT support is present. */
374 if (usb_lookup(rsu_devs_noht, uaa->vendor, uaa->product) == NULL) {
375 /* Set HT capabilities. */
377 IEEE80211_HTCAP_CBW20_40 |
378 IEEE80211_HTCAP_DSSSCCK40;
379 /* Set supported HT rates. */
380 for (i = 0; i < 2; i++)
381 ic->ic_sup_mcs[i] = 0xff;
385 /* Set supported .11b and .11g rates. */
387 setbit(&bands, IEEE80211_MODE_11B);
388 setbit(&bands, IEEE80211_MODE_11G);
389 ieee80211_init_channels(ic, NULL, &bands);
391 ieee80211_ifattach(ic, sc->sc_bssid);
392 ic->ic_raw_xmit = rsu_raw_xmit;
393 ic->ic_scan_start = rsu_scan_start;
394 ic->ic_scan_end = rsu_scan_end;
395 ic->ic_set_channel = rsu_set_channel;
396 ic->ic_vap_create = rsu_vap_create;
397 ic->ic_vap_delete = rsu_vap_delete;
398 ic->ic_update_mcast = rsu_update_mcast;
400 ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr,
401 sizeof(sc->sc_txtap), RSU_TX_RADIOTAP_PRESENT,
402 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
403 RSU_RX_RADIOTAP_PRESENT);
406 ieee80211_announce(ic);
412 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER);
414 mtx_destroy(&sc->sc_mtx);
419 rsu_detach(device_t self)
421 struct rsu_softc *sc = device_get_softc(self);
422 struct ifnet *ifp = sc->sc_ifp;
423 struct ieee80211com *ic = ifp->if_l2com;
425 if (!device_is_attached(self))
428 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER);
429 ieee80211_ifdetach(ic);
431 callout_drain(&sc->sc_watchdog_ch);
432 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
434 /* Free Tx/Rx buffers. */
435 rsu_free_tx_list(sc);
436 rsu_free_rx_list(sc);
439 mtx_destroy(&sc->sc_mtx);
445 rsu_do_request(struct rsu_softc *sc, struct usb_device_request *req,
451 RSU_ASSERT_LOCKED(sc);
454 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
455 req, data, 0, NULL, 250 /* ms */);
456 if (err == 0 || !device_is_attached(sc->sc_dev))
458 DPRINTFN(1, "Control request failed, %s (retrying)\n",
460 usb_pause_mtx(&sc->sc_mtx, hz / 100);
466 static struct ieee80211vap *
467 rsu_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
468 enum ieee80211_opmode opmode, int flags,
469 const uint8_t bssid[IEEE80211_ADDR_LEN],
470 const uint8_t mac[IEEE80211_ADDR_LEN])
473 struct ieee80211vap *vap;
475 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
478 uvp = (struct rsu_vap *) malloc(sizeof(struct rsu_vap),
479 M_80211_VAP, M_NOWAIT | M_ZERO);
484 if (ieee80211_vap_setup(ic, vap, name, unit, opmode,
485 flags, bssid, mac) != 0) {
487 free(uvp, M_80211_VAP);
491 /* override state transition machine */
492 uvp->newstate = vap->iv_newstate;
493 vap->iv_newstate = rsu_newstate;
496 ieee80211_vap_attach(vap, ieee80211_media_change,
497 ieee80211_media_status);
498 ic->ic_opmode = opmode;
504 rsu_vap_delete(struct ieee80211vap *vap)
506 struct rsu_vap *uvp = RSU_VAP(vap);
508 ieee80211_vap_detach(vap);
509 free(uvp, M_80211_VAP);
513 rsu_scan_start(struct ieee80211com *ic)
516 struct ifnet *ifp = ic->ic_ifp;
517 struct rsu_softc *sc = ifp->if_softc;
519 /* Scanning is done by the firmware. */
521 error = rsu_site_survey(sc, TAILQ_FIRST(&ic->ic_vaps));
524 device_printf(sc->sc_dev,
525 "could not send site survey command\n");
529 rsu_scan_end(struct ieee80211com *ic)
531 /* Nothing to do here. */
535 rsu_set_channel(struct ieee80211com *ic __unused)
537 /* We are unable to switch channels, yet. */
541 rsu_update_mcast(struct ifnet *ifp)
543 /* XXX do nothing? */
547 rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[],
548 int ndata, int maxsz)
552 for (i = 0; i < ndata; i++) {
553 struct rsu_data *dp = &data[i];
556 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT);
557 if (dp->buf == NULL) {
558 device_printf(sc->sc_dev,
559 "could not allocate buffer\n");
568 rsu_free_list(sc, data, ndata);
573 rsu_alloc_rx_list(struct rsu_softc *sc)
577 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT,
582 STAILQ_INIT(&sc->sc_rx_active);
583 STAILQ_INIT(&sc->sc_rx_inactive);
585 for (i = 0; i < RSU_RX_LIST_COUNT; i++)
586 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next);
592 rsu_alloc_tx_list(struct rsu_softc *sc)
596 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT,
601 STAILQ_INIT(&sc->sc_tx_active);
602 STAILQ_INIT(&sc->sc_tx_inactive);
603 STAILQ_INIT(&sc->sc_tx_pending);
605 for (i = 0; i < RSU_TX_LIST_COUNT; i++) {
606 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next);
613 rsu_free_tx_list(struct rsu_softc *sc)
615 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT);
619 rsu_free_rx_list(struct rsu_softc *sc)
621 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT);
625 rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata)
629 for (i = 0; i < ndata; i++) {
630 struct rsu_data *dp = &data[i];
632 if (dp->buf != NULL) {
633 free(dp->buf, M_USBDEV);
636 if (dp->ni != NULL) {
637 ieee80211_free_node(dp->ni);
643 static struct rsu_data *
644 _rsu_getbuf(struct rsu_softc *sc)
648 bf = STAILQ_FIRST(&sc->sc_tx_inactive);
650 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next);
654 DPRINTF("out of xmit buffers\n");
658 static struct rsu_data *
659 rsu_getbuf(struct rsu_softc *sc)
663 RSU_ASSERT_LOCKED(sc);
665 bf = _rsu_getbuf(sc);
667 struct ifnet *ifp = sc->sc_ifp;
668 DPRINTF("stop queue\n");
669 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
675 rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
678 usb_device_request_t req;
680 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
681 req.bRequest = R92S_REQ_REGS;
682 USETW(req.wValue, addr);
683 USETW(req.wIndex, 0);
684 USETW(req.wLength, len);
686 return (rsu_do_request(sc, &req, buf));
690 rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val)
692 rsu_write_region_1(sc, addr, &val, 1);
696 rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val)
699 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2);
703 rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val)
706 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4);
710 rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
713 usb_device_request_t req;
715 req.bmRequestType = UT_READ_VENDOR_DEVICE;
716 req.bRequest = R92S_REQ_REGS;
717 USETW(req.wValue, addr);
718 USETW(req.wIndex, 0);
719 USETW(req.wLength, len);
721 return (rsu_do_request(sc, &req, buf));
725 rsu_read_1(struct rsu_softc *sc, uint16_t addr)
729 if (rsu_read_region_1(sc, addr, &val, 1) != 0)
735 rsu_read_2(struct rsu_softc *sc, uint16_t addr)
739 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0)
741 return (le16toh(val));
745 rsu_read_4(struct rsu_softc *sc, uint16_t addr)
749 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0)
751 return (le32toh(val));
755 rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd)
759 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd);
761 for (ntries = 0; ntries < 50; ntries++) {
762 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0)
770 rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr)
775 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
776 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr);
777 reg &= ~R92S_EFUSE_CTRL_VALID;
778 rsu_write_4(sc, R92S_EFUSE_CTRL, reg);
779 /* Wait for read operation to complete. */
780 for (ntries = 0; ntries < 100; ntries++) {
781 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
782 if (reg & R92S_EFUSE_CTRL_VALID)
783 return (MS(reg, R92S_EFUSE_CTRL_DATA));
786 device_printf(sc->sc_dev,
787 "could not read efuse byte at address 0x%x\n", addr);
792 rsu_read_rom(struct rsu_softc *sc)
794 uint8_t *rom = sc->rom;
800 /* Make sure that ROM type is eFuse and that autoload succeeded. */
801 reg = rsu_read_1(sc, R92S_EE_9346CR);
802 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN)
805 /* Turn on 2.5V to prevent eFuse leakage. */
806 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3);
807 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80);
809 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80);
811 /* Read full ROM image. */
812 memset(&sc->rom, 0xff, sizeof(sc->rom));
814 reg = rsu_efuse_read_1(sc, addr);
820 for (i = 0; i < 4; i++) {
823 rom[off * 8 + i * 2 + 0] =
824 rsu_efuse_read_1(sc, addr);
826 rom[off * 8 + i * 2 + 1] =
827 rsu_efuse_read_1(sc, addr);
832 if (rsu_debug >= 5) {
833 /* Dump ROM content. */
835 for (i = 0; i < sizeof(sc->rom); i++)
836 printf("%02x:", rom[i]);
844 rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len)
846 struct rsu_data *data;
847 struct r92s_tx_desc *txd;
848 struct r92s_fw_cmd_hdr *cmd;
851 data = rsu_getbuf(sc);
855 /* Round-up command length to a multiple of 8 bytes. */
856 cmdsz = (len + 7) & ~7;
858 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz;
859 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__));
860 memset(data->buf, 0, xferlen);
862 /* Setup Tx descriptor. */
863 txd = (struct r92s_tx_desc *)data->buf;
864 txd->txdw0 = htole32(
865 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
866 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) |
867 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
868 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C));
870 /* Setup command header. */
871 cmd = (struct r92s_fw_cmd_hdr *)&txd[1];
872 cmd->len = htole16(cmdsz);
874 cmd->seq = sc->cmd_seq;
875 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f;
877 /* Copy command payload. */
878 memcpy(&cmd[1], buf, len);
880 DPRINTFN(2, "Tx cmd code=0x%x len=0x%x\n", code, cmdsz);
881 data->buflen = xferlen;
882 STAILQ_INSERT_TAIL(&sc->sc_tx_pending, data, next);
883 usbd_transfer_start(sc->sc_xfer[RSU_BULK_TX_VO]);
890 rsu_calib_task(void *arg, int pending __unused)
892 struct rsu_softc *sc = arg;
895 DPRINTFN(6, "running calibration task\n");
898 /* Read WPS PBC status. */
899 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL,
900 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG));
901 rsu_write_1(sc, R92S_GPIO_IO_SEL,
902 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS);
903 reg = rsu_read_1(sc, R92S_GPIO_CTRL);
904 if (reg != 0xff && (reg & R92S_GPIO_WPS))
905 DPRINTF(("WPS PBC is pushed\n"));
907 /* Read current signal level. */
908 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) {
909 reg = rsu_read_4(sc, R92S_IOCMD_DATA);
910 DPRINTFN(8, "RSSI=%d%%\n", reg >> 4);
912 if (sc->sc_calibrating) {
914 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task,
921 rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
923 struct rsu_vap *uvp = RSU_VAP(vap);
924 struct ieee80211com *ic = vap->iv_ic;
925 struct rsu_softc *sc = ic->ic_ifp->if_softc;
926 struct ieee80211_node *ni;
927 struct ieee80211_rateset *rs;
928 enum ieee80211_state ostate;
929 int error, startcal = 0;
931 ostate = vap->iv_state;
932 DPRINTF("%s -> %s\n", ieee80211_state_name[ostate],
933 ieee80211_state_name[nstate]);
935 IEEE80211_UNLOCK(ic);
936 if (ostate == IEEE80211_S_RUN) {
938 /* Stop calibration. */
939 sc->sc_calibrating = 0;
941 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
942 /* Disassociate from our current BSS. */
948 case IEEE80211_S_INIT:
950 case IEEE80211_S_AUTH:
951 ni = ieee80211_ref_node(vap->iv_bss);
952 error = rsu_join_bss(sc, ni);
953 ieee80211_free_node(ni);
955 device_printf(sc->sc_dev,
956 "could not send join command\n");
959 case IEEE80211_S_RUN:
960 ni = ieee80211_ref_node(vap->iv_bss);
962 /* Indicate highest supported rate. */
963 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1];
964 ieee80211_free_node(ni);
970 sc->sc_calibrating = 1;
973 /* Start periodic calibration. */
974 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz * 2);
976 return (uvp->newstate(vap, nstate, arg));
981 rsu_set_key(struct rsu_softc *sc, const struct ieee80211_key *k)
983 struct r92s_fw_cmd_set_key key;
985 memset(&key, 0, sizeof(key));
986 /* Map net80211 cipher to HW crypto algorithm. */
987 switch (k->wk_cipher->ic_cipher) {
988 case IEEE80211_CIPHER_WEP:
989 if (k->wk_keylen < 8)
990 key.algo = R92S_KEY_ALGO_WEP40;
992 key.algo = R92S_KEY_ALGO_WEP104;
994 case IEEE80211_CIPHER_TKIP:
995 key.algo = R92S_KEY_ALGO_TKIP;
997 case IEEE80211_CIPHER_AES_CCM:
998 key.algo = R92S_KEY_ALGO_AES;
1003 key.id = k->wk_keyix;
1004 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0;
1005 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key)));
1006 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1010 rsu_delete_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1012 struct r92s_fw_cmd_set_key key;
1014 memset(&key, 0, sizeof(key));
1015 key.id = k->wk_keyix;
1016 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1021 rsu_site_survey(struct rsu_softc *sc, struct ieee80211vap *vap)
1023 struct r92s_fw_cmd_sitesurvey cmd;
1024 struct ifnet *ifp = sc->sc_ifp;
1025 struct ieee80211com *ic = ifp->if_l2com;
1027 memset(&cmd, 0, sizeof(cmd));
1028 if ((ic->ic_flags & IEEE80211_F_ASCAN) || sc->scan_pass == 1)
1029 cmd.active = htole32(1);
1030 cmd.limit = htole32(48);
1031 if (sc->scan_pass == 1 && vap->iv_des_nssid > 0) {
1032 /* Do a directed scan for second pass. */
1033 cmd.ssidlen = htole32(vap->iv_des_ssid[0].len);
1034 memcpy(cmd.ssid, vap->iv_des_ssid[0].ssid,
1035 vap->iv_des_ssid[0].len);
1038 DPRINTF("sending site survey command, pass=%d\n", sc->scan_pass);
1039 return (rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd)));
1043 rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni)
1045 struct ifnet *ifp = sc->sc_ifp;
1046 struct ieee80211com *ic = ifp->if_l2com;
1047 struct ieee80211vap *vap = ni->ni_vap;
1048 struct ndis_wlan_bssid_ex *bss;
1049 struct ndis_802_11_fixed_ies *fixed;
1050 struct r92s_fw_cmd_auth auth;
1051 uint8_t buf[sizeof(*bss) + 128], *frm;
1055 /* Let the FW decide the opmode based on the capinfo field. */
1056 opmode = NDIS802_11AUTOUNKNOWN;
1057 DPRINTF("setting operating mode to %d\n", opmode);
1058 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode));
1062 memset(&auth, 0, sizeof(auth));
1063 if (vap->iv_flags & IEEE80211_F_WPA) {
1064 auth.mode = R92S_AUTHMODE_WPA;
1065 auth.dot1x = ni->ni_authmode == IEEE80211_AUTH_8021X;
1067 auth.mode = R92S_AUTHMODE_OPEN;
1068 DPRINTF("setting auth mode to %d\n", auth.mode);
1069 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth));
1073 memset(buf, 0, sizeof(buf));
1074 bss = (struct ndis_wlan_bssid_ex *)buf;
1075 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid);
1076 bss->ssid.ssidlen = htole32(ni->ni_esslen);
1077 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen);
1078 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA))
1079 bss->privacy = htole32(1);
1080 bss->rssi = htole32(ni->ni_avgrssi);
1081 if (ic->ic_curmode == IEEE80211_MODE_11B)
1082 bss->networktype = htole32(NDIS802_11DS);
1084 bss->networktype = htole32(NDIS802_11OFDM24);
1085 bss->config.len = htole32(sizeof(bss->config));
1086 bss->config.bintval = htole32(ni->ni_intval);
1087 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan));
1088 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE);
1089 memcpy(bss->supprates, ni->ni_rates.rs_rates,
1090 ni->ni_rates.rs_nrates);
1091 /* Write the fixed fields of the beacon frame. */
1092 fixed = (struct ndis_802_11_fixed_ies *)&bss[1];
1093 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8);
1094 fixed->bintval = htole16(ni->ni_intval);
1095 fixed->capabilities = htole16(ni->ni_capinfo);
1096 /* Write IEs to be included in the association request. */
1097 frm = (uint8_t *)&fixed[1];
1098 frm = ieee80211_add_rsn(frm, vap);
1099 frm = ieee80211_add_wpa(frm, vap);
1100 frm = ieee80211_add_qos(frm, ni);
1101 if (ni->ni_flags & IEEE80211_NODE_HT)
1102 frm = ieee80211_add_htcap(frm, ni);
1103 bss->ieslen = htole32(frm - (uint8_t *)fixed);
1104 bss->len = htole32(((frm - buf) + 3) & ~3);
1105 DPRINTF("sending join bss command to %s chan %d\n",
1106 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig));
1107 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf)));
1111 rsu_disconnect(struct rsu_softc *sc)
1113 uint32_t zero = 0; /* :-) */
1115 /* Disassociate from our current BSS. */
1116 DPRINTF("sending disconnect command\n");
1117 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero)));
1121 rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len)
1123 struct ifnet *ifp = sc->sc_ifp;
1124 struct ieee80211com *ic = ifp->if_l2com;
1125 struct ieee80211_frame *wh;
1126 struct ieee80211_channel *c;
1127 struct ndis_wlan_bssid_ex *bss;
1131 if (__predict_false(len < sizeof(*bss)))
1133 bss = (struct ndis_wlan_bssid_ex *)buf;
1134 if (__predict_false(len < sizeof(*bss) + le32toh(bss->ieslen)))
1137 DPRINTFN(2, "found BSS %s: len=%d chan=%d inframode=%d "
1138 "networktype=%d privacy=%d\n",
1139 ether_sprintf(bss->macaddr), le32toh(bss->len),
1140 le32toh(bss->config.dsconfig), le32toh(bss->inframode),
1141 le32toh(bss->networktype), le32toh(bss->privacy));
1143 /* Build a fake beacon frame to let net80211 do all the parsing. */
1144 pktlen = sizeof(*wh) + le32toh(bss->ieslen);
1145 if (__predict_false(pktlen > MCLBYTES))
1147 MGETHDR(m, M_DONTWAIT, MT_DATA);
1148 if (__predict_false(m == NULL))
1150 if (pktlen > MHLEN) {
1151 MCLGET(m, M_DONTWAIT);
1152 if (!(m->m_flags & M_EXT)) {
1157 wh = mtod(m, struct ieee80211_frame *);
1158 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
1159 IEEE80211_FC0_SUBTYPE_BEACON;
1160 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1161 USETW(wh->i_dur, 0);
1162 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
1163 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr);
1164 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr);
1165 *(uint16_t *)wh->i_seq = 0;
1166 memcpy(&wh[1], (uint8_t *)&bss[1], le32toh(bss->ieslen));
1168 /* Finalize mbuf. */
1169 m->m_pkthdr.len = m->m_len = pktlen;
1170 m->m_pkthdr.rcvif = ifp;
1171 /* Fix the channel. */
1172 c = ieee80211_find_channel_byieee(ic,
1173 le32toh(bss->config.dsconfig),
1177 ieee80211_radiotap_chan_change(ic);
1179 /* XXX avoid a LOR */
1181 ieee80211_input_all(ic, m, le32toh(bss->rssi), 0);
1186 rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len)
1188 struct ifnet *ifp = sc->sc_ifp;
1189 struct ieee80211com *ic = ifp->if_l2com;
1190 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1191 struct ieee80211_node *ni = vap->iv_bss;
1192 struct r92s_event_join_bss *rsp;
1195 if (__predict_false(len < sizeof(*rsp)))
1197 rsp = (struct r92s_event_join_bss *)buf;
1198 res = (int)le32toh(rsp->join_res);
1200 DPRINTF("Rx join BSS event len=%d res=%d\n", len, res);
1203 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1207 DPRINTF("associated with %s associd=%d\n",
1208 ether_sprintf(rsp->bss.macaddr), le32toh(rsp->associd));
1209 ni->ni_associd = le32toh(rsp->associd) | 0xc000;
1211 ieee80211_new_state(vap, IEEE80211_S_RUN,
1212 IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1217 rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len)
1219 struct ifnet *ifp = sc->sc_ifp;
1220 struct ieee80211com *ic = ifp->if_l2com;
1221 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1223 DPRINTFN(4, "Rx event code=%d len=%d\n", code, len);
1225 case R92S_EVT_SURVEY:
1226 if (vap->iv_state == IEEE80211_S_SCAN)
1227 rsu_event_survey(sc, buf, len);
1229 case R92S_EVT_SURVEY_DONE:
1230 DPRINTF("site survey pass %d done, found %d BSS\n",
1231 sc->scan_pass, le32toh(*(uint32_t *)buf));
1232 if (vap->iv_state != IEEE80211_S_SCAN)
1233 break; /* Ignore if not scanning. */
1234 if (sc->scan_pass == 0 && vap->iv_des_nssid != 0) {
1235 /* Schedule a directed scan for hidden APs. */
1238 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1244 case R92S_EVT_JOIN_BSS:
1245 if (vap->iv_state == IEEE80211_S_AUTH)
1246 rsu_event_join_bss(sc, buf, len);
1248 case R92S_EVT_DEL_STA:
1249 DPRINTF("disassociated from %s\n", ether_sprintf(buf));
1250 if (vap->iv_state == IEEE80211_S_RUN &&
1251 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) {
1253 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1257 case R92S_EVT_WPS_PBC:
1258 DPRINTF("WPS PBC pushed.\n");
1260 case R92S_EVT_FWDBG:
1261 if (ifp->if_flags & IFF_DEBUG) {
1263 printf("FWDBG: %s\n", (char *)buf);
1270 rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len)
1272 struct r92s_fw_cmd_hdr *cmd;
1275 DPRINTFN(6, "Rx events len=%d\n", len);
1277 /* Skip Rx status. */
1278 buf += sizeof(struct r92s_rx_stat);
1279 len -= sizeof(struct r92s_rx_stat);
1281 /* Process all events. */
1283 /* Check that command header fits. */
1284 if (__predict_false(len < sizeof(*cmd)))
1286 cmd = (struct r92s_fw_cmd_hdr *)buf;
1287 /* Check that command payload fits. */
1288 cmdsz = le16toh(cmd->len);
1289 if (__predict_false(len < sizeof(*cmd) + cmdsz))
1292 /* Process firmware event. */
1293 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz);
1295 if (!(cmd->seq & R92S_FW_CMD_MORE))
1297 buf += sizeof(*cmd) + cmdsz;
1298 len -= sizeof(*cmd) + cmdsz;
1303 rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt)
1305 static const int8_t cckoff[] = { 14, -2, -20, -40 };
1306 struct r92s_rx_phystat *phy;
1307 struct r92s_rx_cck *cck;
1312 cck = (struct r92s_rx_cck *)physt;
1313 rpt = (cck->agc_rpt >> 6) & 0x3;
1314 rssi = cck->agc_rpt & 0x3e;
1315 rssi = cckoff[rpt] - rssi;
1316 } else { /* OFDM/HT. */
1317 phy = (struct r92s_rx_phystat *)physt;
1318 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106;
1323 static struct mbuf *
1324 rsu_rx_frame(struct rsu_softc *sc, uint8_t *buf, int pktlen, int *rssi)
1326 struct ifnet *ifp = sc->sc_ifp;
1327 struct ieee80211com *ic = ifp->if_l2com;
1328 struct ieee80211_frame *wh;
1329 struct r92s_rx_stat *stat;
1330 uint32_t rxdw0, rxdw3;
1335 stat = (struct r92s_rx_stat *)buf;
1336 rxdw0 = le32toh(stat->rxdw0);
1337 rxdw3 = le32toh(stat->rxdw3);
1339 if (__predict_false(rxdw0 & R92S_RXDW0_CRCERR)) {
1343 if (__predict_false(pktlen < sizeof(*wh) || pktlen > MCLBYTES)) {
1348 rate = MS(rxdw3, R92S_RXDW3_RATE);
1349 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1351 /* Get RSSI from PHY status descriptor if present. */
1353 *rssi = rsu_get_rssi(sc, rate, &stat[1]);
1357 DPRINTFN(5, "Rx frame len=%d rate=%d infosz=%d rssi=%d\n",
1358 pktlen, rate, infosz, *rssi);
1360 MGETHDR(m, M_DONTWAIT, MT_DATA);
1361 if (__predict_false(m == NULL)) {
1365 if (pktlen > MHLEN) {
1366 MCLGET(m, M_DONTWAIT);
1367 if (__predict_false(!(m->m_flags & M_EXT))) {
1373 /* Finalize mbuf. */
1374 m->m_pkthdr.rcvif = ifp;
1375 /* Hardware does Rx TCP checksum offload. */
1376 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) {
1377 if (__predict_true(rxdw3 & R92S_RXDW3_TCPCHKRPT))
1378 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID;
1380 wh = (struct ieee80211_frame *)((uint8_t *)&stat[1] + infosz);
1381 memcpy(mtod(m, uint8_t *), wh, pktlen);
1382 m->m_pkthdr.len = m->m_len = pktlen;
1384 if (ieee80211_radiotap_active(ic)) {
1385 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap;
1387 /* Map HW rate index to 802.11 rate. */
1389 if (!(rxdw3 & R92S_RXDW3_HTC)) {
1392 case 0: tap->wr_rate = 2; break;
1393 case 1: tap->wr_rate = 4; break;
1394 case 2: tap->wr_rate = 11; break;
1395 case 3: tap->wr_rate = 22; break;
1397 case 4: tap->wr_rate = 12; break;
1398 case 5: tap->wr_rate = 18; break;
1399 case 6: tap->wr_rate = 24; break;
1400 case 7: tap->wr_rate = 36; break;
1401 case 8: tap->wr_rate = 48; break;
1402 case 9: tap->wr_rate = 72; break;
1403 case 10: tap->wr_rate = 96; break;
1404 case 11: tap->wr_rate = 108; break;
1406 } else if (rate >= 12) { /* MCS0~15. */
1407 /* Bit 7 set means HT MCS instead of rate. */
1408 tap->wr_rate = 0x80 | (rate - 12);
1410 tap->wr_dbm_antsignal = *rssi;
1411 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
1412 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
1418 static struct mbuf *
1419 rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len, int *rssi)
1421 struct r92s_rx_stat *stat;
1423 int totlen, pktlen, infosz, npkts;
1424 struct mbuf *m, *m0 = NULL, *prevm = NULL;
1426 /* Get the number of encapsulated frames. */
1427 stat = (struct r92s_rx_stat *)buf;
1428 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT);
1429 DPRINTFN(6, "Rx %d frames in one chunk\n", npkts);
1431 /* Process all of them. */
1432 while (npkts-- > 0) {
1433 if (__predict_false(len < sizeof(*stat)))
1435 stat = (struct r92s_rx_stat *)buf;
1436 rxdw0 = le32toh(stat->rxdw0);
1438 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN);
1439 if (__predict_false(pktlen == 0))
1442 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1444 /* Make sure everything fits in xfer. */
1445 totlen = sizeof(*stat) + infosz + pktlen;
1446 if (__predict_false(totlen > len))
1449 /* Process 802.11 frame. */
1450 m = rsu_rx_frame(sc, buf, pktlen, rssi);
1459 /* Next chunk is 128-byte aligned. */
1460 totlen = (totlen + 127) & ~127;
1468 static struct mbuf *
1469 rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data, int *rssi)
1471 struct rsu_softc *sc = data->sc;
1472 struct r92s_rx_stat *stat;
1475 usbd_xfer_status(xfer, &len, NULL, NULL, NULL);
1477 if (__predict_false(len < sizeof(*stat))) {
1478 DPRINTF("xfer too short %d\n", len);
1479 sc->sc_ifp->if_ierrors++;
1482 /* Determine if it is a firmware C2H event or an 802.11 frame. */
1483 stat = (struct r92s_rx_stat *)data->buf;
1484 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) {
1485 rsu_rx_multi_event(sc, data->buf, len);
1486 /* No packets to process. */
1489 return (rsu_rx_multi_frame(sc, data->buf, len, rssi));
1493 rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
1495 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1496 struct ifnet *ifp = sc->sc_ifp;
1497 struct ieee80211com *ic = ifp->if_l2com;
1498 struct ieee80211_frame *wh;
1499 struct ieee80211_node *ni;
1500 struct mbuf *m = NULL, *next;
1501 struct rsu_data *data;
1504 RSU_ASSERT_LOCKED(sc);
1506 switch (USB_GET_STATE(xfer)) {
1507 case USB_ST_TRANSFERRED:
1508 data = STAILQ_FIRST(&sc->sc_rx_active);
1511 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1512 m = rsu_rxeof(xfer, data, &rssi);
1513 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1517 data = STAILQ_FIRST(&sc->sc_rx_inactive);
1519 KASSERT(m == NULL, ("mbuf isn't NULL"));
1522 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next);
1523 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next);
1524 usbd_xfer_set_frame_data(xfer, 0, data->buf,
1525 usbd_xfer_max_len(xfer));
1526 usbd_transfer_submit(xfer);
1528 * To avoid LOR we should unlock our private mutex here to call
1529 * ieee80211_input() because here is at the end of a USB
1530 * callback and safe to unlock.
1536 wh = mtod(m, struct ieee80211_frame *);
1537 ni = ieee80211_find_rxnode(ic,
1538 (struct ieee80211_frame_min *)wh);
1540 (void)ieee80211_input(ni, m, rssi, 0);
1541 ieee80211_free_node(ni);
1543 (void)ieee80211_input_all(ic, m, rssi, 0);
1549 /* needs it to the inactive queue due to a error. */
1550 data = STAILQ_FIRST(&sc->sc_rx_active);
1552 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1553 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1555 if (error != USB_ERR_CANCELLED) {
1556 usbd_xfer_set_stall(xfer);
1567 rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data)
1569 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1570 struct ifnet *ifp = sc->sc_ifp;
1573 RSU_ASSERT_LOCKED(sc);
1576 * Do any tx complete callback. Note this must be done before releasing
1577 * the node reference.
1581 if (m->m_flags & M_TXCB) {
1583 ieee80211_process_callback(data->ni, m, 0);
1589 ieee80211_free_node(data->ni);
1592 sc->sc_tx_timer = 0;
1594 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
1598 rsu_bulk_tx_callback(struct usb_xfer *xfer, usb_error_t error)
1600 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1601 struct ifnet *ifp = sc->sc_ifp;
1602 struct rsu_data *data;
1604 RSU_ASSERT_LOCKED(sc);
1606 switch (USB_GET_STATE(xfer)) {
1607 case USB_ST_TRANSFERRED:
1608 data = STAILQ_FIRST(&sc->sc_tx_active);
1611 DPRINTF("transfer done %p\n", data);
1612 STAILQ_REMOVE_HEAD(&sc->sc_tx_active, next);
1613 rsu_txeof(xfer, data);
1614 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, data, next);
1618 data = STAILQ_FIRST(&sc->sc_tx_pending);
1620 DPRINTF("empty pending queue sc %p\n", sc);
1623 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending, next);
1624 STAILQ_INSERT_TAIL(&sc->sc_tx_active, data, next);
1625 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen);
1626 DPRINTF("submitting transfer %p\n", data);
1627 usbd_transfer_submit(xfer);
1628 rsu_start_locked(ifp);
1631 data = STAILQ_FIRST(&sc->sc_tx_active);
1634 if (data->ni != NULL) {
1635 ieee80211_free_node(data->ni);
1639 if (error != USB_ERR_CANCELLED) {
1640 usbd_xfer_set_stall(xfer);
1648 rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni,
1649 struct mbuf *m0, struct rsu_data *data)
1651 struct ifnet *ifp = sc->sc_ifp;
1652 struct ieee80211com *ic = ifp->if_l2com;
1653 struct ieee80211vap *vap = ni->ni_vap;
1654 struct ieee80211_frame *wh;
1655 struct ieee80211_key *k = NULL;
1656 struct r92s_tx_desc *txd;
1657 struct usb_xfer *xfer;
1658 uint8_t type, tid = 0;
1659 int hasqos, xferlen;
1660 struct usb_xfer *rsu_pipes[4] = {
1661 sc->sc_xfer[RSU_BULK_TX_BE],
1662 sc->sc_xfer[RSU_BULK_TX_BK],
1663 sc->sc_xfer[RSU_BULK_TX_VI],
1664 sc->sc_xfer[RSU_BULK_TX_VO]
1667 RSU_ASSERT_LOCKED(sc);
1669 wh = mtod(m0, struct ieee80211_frame *);
1670 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1672 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
1673 k = ieee80211_crypto_encap(ni, m0);
1675 device_printf(sc->sc_dev,
1676 "ieee80211_crypto_encap returns NULL.\n");
1677 /* XXX we don't expect the fragmented frames */
1681 wh = mtod(m0, struct ieee80211_frame *);
1684 case IEEE80211_FC0_TYPE_CTL:
1685 case IEEE80211_FC0_TYPE_MGT:
1686 xfer = sc->sc_xfer[RSU_BULK_TX_VO];
1689 KASSERT(M_WME_GETAC(m0) < 4,
1690 ("unsupported WME pipe %d", M_WME_GETAC(m0)));
1691 xfer = rsu_pipes[M_WME_GETAC(m0)];
1696 /* Fill Tx descriptor. */
1697 txd = (struct r92s_tx_desc *)data->buf;
1698 memset(txd, 0, sizeof(*txd));
1700 txd->txdw0 |= htole32(
1701 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) |
1702 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
1703 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
1705 txd->txdw1 |= htole32(
1706 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) |
1707 SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_BE));
1709 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS);
1712 switch (k->wk_cipher->ic_cipher) {
1713 case IEEE80211_CIPHER_WEP:
1714 cipher = R92S_TXDW1_CIPHER_WEP;
1716 case IEEE80211_CIPHER_TKIP:
1717 cipher = R92S_TXDW1_CIPHER_TKIP;
1719 case IEEE80211_CIPHER_AES_CCM:
1720 cipher = R92S_TXDW1_CIPHER_AES;
1723 cipher = R92S_TXDW1_CIPHER_NONE;
1725 txd->txdw1 |= htole32(
1726 SM(R92S_TXDW1_CIPHER, cipher) |
1727 SM(R92S_TXDW1_KEYIDX, k->k_id));
1730 txd->txdw2 |= htole32(R92S_TXDW2_BK);
1731 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
1732 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST);
1734 * Firmware will use and increment the sequence number for the
1737 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, tid));
1739 if (ieee80211_radiotap_active_vap(vap)) {
1740 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap;
1743 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
1744 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
1745 ieee80211_radiotap_tx(vap, m0);
1747 xferlen = sizeof(*txd) + m0->m_pkthdr.len;
1748 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]);
1750 data->buflen = xferlen;
1753 STAILQ_INSERT_TAIL(&sc->sc_tx_pending, data, next);
1754 usbd_transfer_start(xfer);
1760 rsu_start(struct ifnet *ifp)
1762 struct rsu_softc *sc = ifp->if_softc;
1764 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1768 rsu_start_locked(ifp);
1773 rsu_start_locked(struct ifnet *ifp)
1775 struct rsu_softc *sc = ifp->if_softc;
1776 struct ieee80211_node *ni;
1778 struct rsu_data *bf;
1780 RSU_ASSERT_LOCKED(sc);
1783 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
1786 bf = rsu_getbuf(sc);
1788 IFQ_DRV_PREPEND(&ifp->if_snd, m);
1791 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
1792 m->m_pkthdr.rcvif = NULL;
1794 if (rsu_tx_start(sc, ni, m, bf) != 0) {
1796 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next);
1797 ieee80211_free_node(ni);
1800 sc->sc_tx_timer = 5;
1801 callout_reset(&sc->sc_watchdog_ch, hz, rsu_watchdog, sc);
1806 rsu_watchdog(void *arg)
1808 struct rsu_softc *sc = arg;
1809 struct ifnet *ifp = sc->sc_ifp;
1811 if (sc->sc_tx_timer > 0) {
1812 if (--sc->sc_tx_timer == 0) {
1813 device_printf(sc->sc_dev, "device timeout\n");
1814 /* rsu_init(ifp); XXX needs a process context! */
1818 callout_reset(&sc->sc_watchdog_ch, hz, rsu_watchdog, sc);
1823 rsu_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1825 struct ieee80211com *ic = ifp->if_l2com;
1826 struct ifreq *ifr = (struct ifreq *) data;
1827 int error = 0, startall = 0;
1831 if (ifp->if_flags & IFF_UP) {
1832 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1833 rsu_init(ifp->if_softc);
1837 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1841 ieee80211_start_all(ic);
1844 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
1847 error = ether_ioctl(ifp, cmd, data);
1858 * Power on sequence for A-cut adapters.
1861 rsu_power_on_acut(struct rsu_softc *sc)
1865 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
1866 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
1868 /* Enable AFE macro block's bandgap and Mbias. */
1869 rsu_write_1(sc, R92S_AFE_MISC,
1870 rsu_read_1(sc, R92S_AFE_MISC) |
1871 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN);
1872 /* Enable LDOA15 block. */
1873 rsu_write_1(sc, R92S_LDOA15_CTRL,
1874 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
1876 rsu_write_1(sc, R92S_SPS1_CTRL,
1877 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN);
1878 usb_pause_mtx(&sc->sc_mtx, 2 * hz);
1879 /* Enable switch regulator block. */
1880 rsu_write_1(sc, R92S_SPS1_CTRL,
1881 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN);
1883 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267);
1885 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1886 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
1888 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1889 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
1891 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1892 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90);
1894 /* Enable AFE clock. */
1895 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
1896 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
1897 /* Enable AFE PLL macro block. */
1898 rsu_write_1(sc, R92S_AFE_PLL_CTRL,
1899 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11);
1900 /* Attach AFE PLL to MACTOP/BB. */
1901 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
1902 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
1904 /* Switch to 40MHz clock instead of 80MHz. */
1905 rsu_write_2(sc, R92S_SYS_CLKR,
1906 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL);
1908 /* Enable MAC clock. */
1909 rsu_write_2(sc, R92S_SYS_CLKR,
1910 rsu_read_2(sc, R92S_SYS_CLKR) |
1911 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
1913 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
1915 /* Enable digital core and IOREG R/W. */
1916 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1917 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
1919 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1920 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
1922 /* Switch the control path to firmware. */
1923 reg = rsu_read_2(sc, R92S_SYS_CLKR);
1924 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
1925 rsu_write_2(sc, R92S_SYS_CLKR, reg);
1927 rsu_write_2(sc, R92S_CR, 0x37fc);
1929 /* Fix USB RX FIFO issue. */
1930 rsu_write_1(sc, 0xfe5c,
1931 rsu_read_1(sc, 0xfe5c) | 0x80);
1932 rsu_write_1(sc, 0x00ab,
1933 rsu_read_1(sc, 0x00ab) | 0xc0);
1935 rsu_write_1(sc, R92S_SYS_CLKR,
1936 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
1940 * Power on sequence for B-cut and C-cut adapters.
1943 rsu_power_on_bcut(struct rsu_softc *sc)
1948 /* Prevent eFuse leakage. */
1949 rsu_write_1(sc, 0x37, 0xb0);
1950 usb_pause_mtx(&sc->sc_mtx, 10);
1951 rsu_write_1(sc, 0x37, 0x30);
1953 /* Switch the control path to hardware. */
1954 reg = rsu_read_2(sc, R92S_SYS_CLKR);
1955 if (reg & R92S_FWHW_SEL) {
1956 rsu_write_2(sc, R92S_SYS_CLKR,
1957 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL));
1959 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1960 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c);
1963 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
1964 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
1966 reg = rsu_read_1(sc, R92S_AFE_MISC);
1967 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN);
1968 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN |
1969 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN);
1972 rsu_write_1(sc, R92S_LDOA15_CTRL,
1973 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
1975 rsu_write_1(sc, R92S_LDOV12D_CTRL,
1976 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN);
1978 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1979 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
1981 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1982 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
1984 /* Support 64KB IMEM. */
1985 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1986 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97);
1988 /* Enable AFE clock. */
1989 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
1990 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
1991 /* Enable AFE PLL macro block. */
1992 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL);
1993 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
1995 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51);
1997 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2000 /* Attach AFE PLL to MACTOP/BB. */
2001 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
2002 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
2004 /* Switch to 40MHz clock. */
2005 rsu_write_1(sc, R92S_SYS_CLKR, 0x00);
2006 /* Disable CPU clock and 80MHz SSC. */
2007 rsu_write_1(sc, R92S_SYS_CLKR,
2008 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0);
2009 /* Enable MAC clock. */
2010 rsu_write_2(sc, R92S_SYS_CLKR,
2011 rsu_read_2(sc, R92S_SYS_CLKR) |
2012 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2014 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2016 /* Enable digital core and IOREG R/W. */
2017 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2018 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2020 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2021 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2023 /* Switch the control path to firmware. */
2024 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2025 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2026 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2028 rsu_write_2(sc, R92S_CR, 0x37fc);
2030 /* Fix USB RX FIFO issue. */
2031 rsu_write_1(sc, 0xfe5c,
2032 rsu_read_1(sc, 0xfe5c) | 0x80);
2034 rsu_write_1(sc, R92S_SYS_CLKR,
2035 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2037 rsu_write_1(sc, 0xfe1c, 0x80);
2039 /* Make sure TxDMA is ready to download firmware. */
2040 for (ntries = 0; ntries < 20; ntries++) {
2041 reg = rsu_read_1(sc, R92S_TCR);
2042 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) ==
2043 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT))
2048 DPRINTF("TxDMA is not ready\n");
2050 reg = rsu_read_1(sc, R92S_CR);
2051 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN);
2053 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN);
2058 rsu_power_off(struct rsu_softc *sc)
2061 rsu_write_1(sc, R92S_RF_CTRL, 0x00);
2062 usb_pause_mtx(&sc->sc_mtx, 5);
2065 /* Switch control path. */
2066 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38);
2068 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70);
2069 rsu_write_1(sc, R92S_PMC_FSM, 0x06);
2070 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9);
2071 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8);
2073 /* Disable AFE PLL. */
2074 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00);
2076 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54);
2077 /* Disable eFuse 1.2V. */
2078 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50);
2079 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24);
2080 /* Enable AFE macro block's bandgap and Mbias. */
2081 rsu_write_1(sc, R92S_AFE_MISC, 0x30);
2082 /* Disable 1.6V LDO. */
2083 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56);
2084 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43);
2088 rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len)
2090 struct rsu_data *data;
2091 struct r92s_tx_desc *txd;
2095 data = rsu_getbuf(sc);
2098 txd = (struct r92s_tx_desc *)data->buf;
2099 memset(txd, 0, sizeof(*txd));
2100 if (len <= RSU_TXBUFSZ - sizeof(*txd)) {
2102 txd->txdw0 |= htole32(R92S_TXDW0_LINIP);
2105 mlen = RSU_TXBUFSZ - sizeof(*txd);
2106 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen));
2107 memcpy(&txd[1], buf, mlen);
2108 data->buflen = sizeof(*txd) + mlen;
2109 DPRINTF("starting transfer %p\n", data);
2110 STAILQ_INSERT_TAIL(&sc->sc_tx_pending, data, next);
2114 usbd_transfer_start(sc->sc_xfer[RSU_BULK_TX_VO]);
2120 rsu_load_firmware(struct rsu_softc *sc)
2122 const struct r92s_fw_hdr *hdr;
2123 struct r92s_fw_priv *dmem;
2124 const uint8_t *imem, *emem;
2126 const struct firmware *fw;
2132 /* Read firmware image from the filesystem. */
2133 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) {
2134 device_printf(sc->sc_dev,
2135 "%s: failed load firmware of file rsu-rtl8712fw\n",
2141 size = fw->datasize;
2142 if (size < sizeof(*hdr)) {
2143 device_printf(sc->sc_dev, "firmware too short\n");
2147 hdr = (const struct r92s_fw_hdr *)fw->data;
2148 if (hdr->signature != htole16(0x8712) &&
2149 hdr->signature != htole16(0x8192)) {
2150 device_printf(sc->sc_dev,
2151 "invalid firmware signature 0x%x\n",
2152 le16toh(hdr->signature));
2156 DPRINTF("FW V%d %02x-%02x %02x:%02x\n", le16toh(hdr->version),
2157 hdr->month, hdr->day, hdr->hour, hdr->minute);
2159 /* Make sure that driver and firmware are in sync. */
2160 if (hdr->privsz != htole32(sizeof(*dmem))) {
2161 device_printf(sc->sc_dev, "unsupported firmware image\n");
2165 /* Get FW sections sizes. */
2166 imemsz = le32toh(hdr->imemsz);
2167 ememsz = le32toh(hdr->sramsz);
2168 /* Check that all FW sections fit in image. */
2169 if (size < sizeof(*hdr) + imemsz + ememsz) {
2170 device_printf(sc->sc_dev, "firmware too short\n");
2174 imem = (const uint8_t *)&hdr[1];
2175 emem = imem + imemsz;
2177 /* Load IMEM section. */
2178 error = rsu_fw_loadsection(sc, imem, imemsz);
2180 device_printf(sc->sc_dev,
2181 "could not load firmware section %s\n", "IMEM");
2184 /* Wait for load to complete. */
2185 for (ntries = 0; ntries < 10; ntries++) {
2186 usb_pause_mtx(&sc->sc_mtx, 10);
2187 reg = rsu_read_2(sc, R92S_TCR);
2188 if (reg & R92S_TCR_IMEM_CODE_DONE)
2191 if (ntries == 10 || !(reg & R92S_TCR_IMEM_CHK_RPT)) {
2192 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2198 /* Load EMEM section. */
2199 error = rsu_fw_loadsection(sc, emem, ememsz);
2201 device_printf(sc->sc_dev,
2202 "could not load firmware section %s\n", "EMEM");
2205 /* Wait for load to complete. */
2206 for (ntries = 0; ntries < 10; ntries++) {
2207 usb_pause_mtx(&sc->sc_mtx, 10);
2208 reg = rsu_read_2(sc, R92S_TCR);
2209 if (reg & R92S_TCR_EMEM_CODE_DONE)
2212 if (ntries == 10 || !(reg & R92S_TCR_EMEM_CHK_RPT)) {
2213 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2220 rsu_write_1(sc, R92S_SYS_CLKR,
2221 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL);
2222 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) {
2223 device_printf(sc->sc_dev, "could not enable system clock\n");
2227 rsu_write_2(sc, R92S_SYS_FUNC_EN,
2228 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN);
2229 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) {
2230 device_printf(sc->sc_dev,
2231 "could not enable microcontroller\n");
2235 /* Wait for CPU to initialize. */
2236 for (ntries = 0; ntries < 100; ntries++) {
2237 if (rsu_read_2(sc, R92S_TCR) & R92S_TCR_IMEM_RDY)
2241 if (ntries == 100) {
2242 device_printf(sc->sc_dev,
2243 "timeout waiting for microcontroller\n");
2248 /* Update DMEM section before loading. */
2249 dmem = __DECONST(struct r92s_fw_priv *, &hdr->priv);
2250 memset(dmem, 0, sizeof(*dmem));
2251 dmem->hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172;
2252 dmem->nendpoints = sc->npipes;
2253 dmem->rf_config = 0x12; /* 1T2R */
2254 dmem->vcs_type = R92S_VCS_TYPE_AUTO;
2255 dmem->vcs_mode = R92S_VCS_MODE_RTS_CTS;
2257 dmem->bw40_en = (ic->ic_htcaps & IEEE80211_HTCAP_CBW20_40) != 0;
2259 dmem->turbo_mode = 1;
2260 /* Load DMEM section. */
2261 error = rsu_fw_loadsection(sc, (uint8_t *)dmem, sizeof(*dmem));
2263 device_printf(sc->sc_dev,
2264 "could not load firmware section %s\n", "DMEM");
2267 /* Wait for load to complete. */
2268 for (ntries = 0; ntries < 100; ntries++) {
2269 if (rsu_read_2(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE)
2273 if (ntries == 100) {
2274 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2279 /* Wait for firmware readiness. */
2280 for (ntries = 0; ntries < 60; ntries++) {
2281 if (!(rsu_read_2(sc, R92S_TCR) & R92S_TCR_FWRDY))
2286 device_printf(sc->sc_dev,
2287 "timeout waiting for firmware readiness\n");
2292 firmware_put(fw, FIRMWARE_UNLOAD);
2298 rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2299 const struct ieee80211_bpf_params *params)
2301 struct ieee80211com *ic = ni->ni_ic;
2302 struct ifnet *ifp = ic->ic_ifp;
2303 struct rsu_softc *sc = ifp->if_softc;
2304 struct rsu_data *bf;
2306 /* prevent management frames from being sent if we're not ready */
2307 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
2309 ieee80211_free_node(ni);
2313 bf = rsu_getbuf(sc);
2315 ieee80211_free_node(ni);
2321 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2322 ieee80211_free_node(ni);
2324 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next);
2329 sc->sc_tx_timer = 5;
2337 struct rsu_softc *sc = arg;
2340 rsu_init_locked(arg);
2345 rsu_init_locked(struct rsu_softc *sc)
2347 struct ifnet *ifp = sc->sc_ifp;
2348 struct r92s_set_pwr_mode cmd;
2351 /* Init host async commands ring. */
2352 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0;
2354 /* Allocate Tx/Rx buffers. */
2355 error = rsu_alloc_rx_list(sc);
2357 device_printf(sc->sc_dev, "could not allocate Rx buffers\n");
2360 error = rsu_alloc_tx_list(sc);
2362 device_printf(sc->sc_dev, "could not allocate Tx buffers\n");
2363 rsu_free_rx_list(sc);
2366 /* Power on adapter. */
2368 rsu_power_on_acut(sc);
2370 rsu_power_on_bcut(sc);
2371 /* Load firmware. */
2372 error = rsu_load_firmware(sc);
2376 /* Enable Rx TCP checksum offload. */
2377 rsu_write_4(sc, R92S_RCR,
2378 rsu_read_4(sc, R92S_RCR) | 0x04000000);
2379 /* Append PHY status. */
2380 rsu_write_4(sc, R92S_RCR,
2381 rsu_read_4(sc, R92S_RCR) | 0x02000000);
2383 rsu_write_4(sc, R92S_CR,
2384 rsu_read_4(sc, R92S_CR) & ~0xff000000);
2386 /* Use 128 bytes pages. */
2387 rsu_write_1(sc, 0x00b5,
2388 rsu_read_1(sc, 0x00b5) | 0x01);
2389 /* Enable USB Rx aggregation. */
2390 rsu_write_1(sc, 0x00bd,
2391 rsu_read_1(sc, 0x00bd) | 0x80);
2392 /* Set USB Rx aggregation threshold. */
2393 rsu_write_1(sc, 0x00d9, 0x01);
2394 /* Set USB Rx aggregation timeout (1.7ms/4). */
2395 rsu_write_1(sc, 0xfe5b, 0x04);
2396 /* Fix USB Rx FIFO issue. */
2397 rsu_write_1(sc, 0xfe5c,
2398 rsu_read_1(sc, 0xfe5c) | 0x80);
2400 /* Set MAC address. */
2401 rsu_write_region_1(sc, R92S_MACID, IF_LLADDR(ifp),
2402 IEEE80211_ADDR_LEN);
2404 /* NB: it really takes that long for firmware to boot. */
2405 usb_pause_mtx(&sc->sc_mtx, 1500);
2407 DPRINTF("setting MAC address to %s\n", ether_sprintf(IF_LLADDR(ifp)));
2408 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, IF_LLADDR(ifp),
2409 IEEE80211_ADDR_LEN);
2411 device_printf(sc->sc_dev, "could not set MAC address\n");
2415 rsu_write_1(sc, R92S_USB_HRPWM,
2416 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON);
2418 memset(&cmd, 0, sizeof(cmd));
2419 cmd.mode = R92S_PS_MODE_ACTIVE;
2420 DPRINTF("setting ps mode to %d\n", cmd.mode);
2421 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd));
2423 device_printf(sc->sc_dev, "could not set PS mode\n");
2428 if (ic->ic_htcaps & IEEE80211_HTCAP_CBW20_40) {
2429 /* Enable 40MHz mode. */
2430 error = rsu_fw_iocmd(sc,
2431 SM(R92S_IOCMD_CLASS, 0xf4) |
2432 SM(R92S_IOCMD_INDEX, 0x00) |
2433 SM(R92S_IOCMD_VALUE, 0x0007));
2435 device_printf(sc->sc_dev,
2436 "could not enable 40MHz mode\n");
2441 /* Set default channel. */
2442 ic->ic_bss->ni_chan = ic->ic_ibss_chan;
2445 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]);
2447 /* We're ready to go. */
2448 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2449 ifp->if_drv_flags |= IFF_DRV_RUNNING;
2451 callout_reset(&sc->sc_watchdog_ch, hz, rsu_watchdog, sc);
2455 rsu_free_rx_list(sc);
2456 rsu_free_tx_list(sc);
2461 rsu_stop(struct ifnet *ifp, int disable)
2463 struct rsu_softc *sc = ifp->if_softc;
2466 rsu_stop_locked(ifp, disable);
2471 rsu_stop_locked(struct ifnet *ifp, int disable __unused)
2473 struct rsu_softc *sc = ifp->if_softc;
2476 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
2477 callout_stop(&sc->sc_watchdog_ch);
2478 sc->sc_calibrating = 0;
2479 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL);
2481 /* Power off adapter. */
2484 for (i = 0; i < RSU_N_TRANSFER; i++)
2485 usbd_transfer_stop(sc->sc_xfer[i]);
projects / FreeBSD / stable / 10.git / blob