1 /* $OpenBSD: if_rsu.c,v 1.17 2013/04/15 09:23:01 mglocker Exp $ */
4 * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/cdefs.h>
19 __FBSDID("$FreeBSD$");
22 * Driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU.
27 * o hostap / ibss / mesh
29 #include <sys/param.h>
30 #include <sys/endian.h>
31 #include <sys/sockio.h>
33 #include <sys/kernel.h>
34 #include <sys/socket.h>
35 #include <sys/systm.h>
39 #include <sys/firmware.h>
40 #include <sys/module.h>
42 #include <machine/bus.h>
43 #include <machine/resource.h>
47 #include <net/if_arp.h>
48 #include <net/if_dl.h>
49 #include <net/if_media.h>
50 #include <net/if_types.h>
52 #include <netinet/in.h>
53 #include <netinet/in_systm.h>
54 #include <netinet/in_var.h>
55 #include <netinet/if_ether.h>
56 #include <netinet/ip.h>
58 #include <net80211/ieee80211_var.h>
59 #include <net80211/ieee80211_regdomain.h>
60 #include <net80211/ieee80211_radiotap.h>
62 #include <dev/usb/usb.h>
63 #include <dev/usb/usbdi.h>
66 #define USB_DEBUG_VAR rsu_debug
67 #include <dev/usb/usb_debug.h>
69 #include <dev/usb/wlan/if_rsureg.h>
72 static int rsu_debug = 0;
73 SYSCTL_NODE(_hw_usb, OID_AUTO, rsu, CTLFLAG_RW, 0, "USB rsu");
74 SYSCTL_INT(_hw_usb_rsu, OID_AUTO, debug, CTLFLAG_RW, &rsu_debug, 0,
78 static const STRUCT_USB_HOST_ID rsu_devs[] = {
79 #define RSU_HT_NOT_SUPPORTED 0
80 #define RSU_HT_SUPPORTED 1
81 #define RSU_DEV_HT(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \
83 #define RSU_DEV(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \
84 RSU_HT_NOT_SUPPORTED) }
85 RSU_DEV(ASUS, RTL8192SU),
86 RSU_DEV(AZUREWAVE, RTL8192SU_4),
87 RSU_DEV_HT(ACCTON, RTL8192SU),
88 RSU_DEV_HT(ASUS, USBN10),
89 RSU_DEV_HT(AZUREWAVE, RTL8192SU_1),
90 RSU_DEV_HT(AZUREWAVE, RTL8192SU_2),
91 RSU_DEV_HT(AZUREWAVE, RTL8192SU_3),
92 RSU_DEV_HT(AZUREWAVE, RTL8192SU_5),
93 RSU_DEV_HT(BELKIN, RTL8192SU_1),
94 RSU_DEV_HT(BELKIN, RTL8192SU_2),
95 RSU_DEV_HT(BELKIN, RTL8192SU_3),
96 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_1),
97 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_2),
98 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_3),
99 RSU_DEV_HT(COREGA, RTL8192SU),
100 RSU_DEV_HT(DLINK2, DWA131A1),
101 RSU_DEV_HT(DLINK2, RTL8192SU_1),
102 RSU_DEV_HT(DLINK2, RTL8192SU_2),
103 RSU_DEV_HT(EDIMAX, RTL8192SU_1),
104 RSU_DEV_HT(EDIMAX, RTL8192SU_2),
105 RSU_DEV_HT(EDIMAX, RTL8192SU_3),
106 RSU_DEV_HT(GUILLEMOT, HWGUN54),
107 RSU_DEV_HT(GUILLEMOT, HWNUM300),
108 RSU_DEV_HT(HAWKING, RTL8192SU_1),
109 RSU_DEV_HT(HAWKING, RTL8192SU_2),
110 RSU_DEV_HT(PLANEX2, GWUSNANO),
111 RSU_DEV_HT(REALTEK, RTL8171),
112 RSU_DEV_HT(REALTEK, RTL8172),
113 RSU_DEV_HT(REALTEK, RTL8173),
114 RSU_DEV_HT(REALTEK, RTL8174),
115 RSU_DEV_HT(REALTEK, RTL8192SU),
116 RSU_DEV_HT(REALTEK, RTL8712),
117 RSU_DEV_HT(REALTEK, RTL8713),
118 RSU_DEV_HT(SENAO, RTL8192SU_1),
119 RSU_DEV_HT(SENAO, RTL8192SU_2),
120 RSU_DEV_HT(SITECOMEU, WL349V1),
121 RSU_DEV_HT(SITECOMEU, WL353),
122 RSU_DEV_HT(SWEEX2, LW154),
127 static device_probe_t rsu_match;
128 static device_attach_t rsu_attach;
129 static device_detach_t rsu_detach;
130 static usb_callback_t rsu_bulk_tx_callback;
131 static usb_callback_t rsu_bulk_rx_callback;
132 static usb_error_t rsu_do_request(struct rsu_softc *,
133 struct usb_device_request *, void *);
134 static struct ieee80211vap *
135 rsu_vap_create(struct ieee80211com *, const char name[],
136 int, enum ieee80211_opmode, int, const uint8_t bssid[],
137 const uint8_t mac[]);
138 static void rsu_vap_delete(struct ieee80211vap *);
139 static void rsu_scan_start(struct ieee80211com *);
140 static void rsu_scan_end(struct ieee80211com *);
141 static void rsu_set_channel(struct ieee80211com *);
142 static void rsu_update_mcast(struct ifnet *);
143 static int rsu_alloc_rx_list(struct rsu_softc *);
144 static void rsu_free_rx_list(struct rsu_softc *);
145 static int rsu_alloc_tx_list(struct rsu_softc *);
146 static void rsu_free_tx_list(struct rsu_softc *);
147 static void rsu_free_list(struct rsu_softc *, struct rsu_data [], int);
148 static struct rsu_data *_rsu_getbuf(struct rsu_softc *);
149 static struct rsu_data *rsu_getbuf(struct rsu_softc *);
150 static int rsu_write_region_1(struct rsu_softc *, uint16_t, uint8_t *,
152 static void rsu_write_1(struct rsu_softc *, uint16_t, uint8_t);
153 static void rsu_write_2(struct rsu_softc *, uint16_t, uint16_t);
154 static void rsu_write_4(struct rsu_softc *, uint16_t, uint32_t);
155 static int rsu_read_region_1(struct rsu_softc *, uint16_t, uint8_t *,
157 static uint8_t rsu_read_1(struct rsu_softc *, uint16_t);
158 static uint16_t rsu_read_2(struct rsu_softc *, uint16_t);
159 static uint32_t rsu_read_4(struct rsu_softc *, uint16_t);
160 static int rsu_fw_iocmd(struct rsu_softc *, uint32_t);
161 static uint8_t rsu_efuse_read_1(struct rsu_softc *, uint16_t);
162 static int rsu_read_rom(struct rsu_softc *);
163 static int rsu_fw_cmd(struct rsu_softc *, uint8_t, void *, int);
164 static void rsu_calib_task(void *, int);
165 static int rsu_newstate(struct ieee80211vap *, enum ieee80211_state, int);
167 static void rsu_set_key(struct rsu_softc *, const struct ieee80211_key *);
168 static void rsu_delete_key(struct rsu_softc *, const struct ieee80211_key *);
170 static int rsu_site_survey(struct rsu_softc *, struct ieee80211vap *);
171 static int rsu_join_bss(struct rsu_softc *, struct ieee80211_node *);
172 static int rsu_disconnect(struct rsu_softc *);
173 static void rsu_event_survey(struct rsu_softc *, uint8_t *, int);
174 static void rsu_event_join_bss(struct rsu_softc *, uint8_t *, int);
175 static void rsu_rx_event(struct rsu_softc *, uint8_t, uint8_t *, int);
176 static void rsu_rx_multi_event(struct rsu_softc *, uint8_t *, int);
177 static int8_t rsu_get_rssi(struct rsu_softc *, int, void *);
179 rsu_rx_frame(struct rsu_softc *, uint8_t *, int, int *);
181 rsu_rx_multi_frame(struct rsu_softc *, uint8_t *, int, int *);
183 rsu_rxeof(struct usb_xfer *, struct rsu_data *, int *);
184 static void rsu_txeof(struct usb_xfer *, struct rsu_data *);
185 static int rsu_raw_xmit(struct ieee80211_node *, struct mbuf *,
186 const struct ieee80211_bpf_params *);
187 static void rsu_init(void *);
188 static void rsu_init_locked(struct rsu_softc *);
189 static void rsu_watchdog(void *);
190 static int rsu_tx_start(struct rsu_softc *, struct ieee80211_node *,
191 struct mbuf *, struct rsu_data *);
192 static void rsu_start(struct ifnet *);
193 static void rsu_start_locked(struct ifnet *);
194 static int rsu_ioctl(struct ifnet *, u_long, caddr_t);
195 static void rsu_stop(struct ifnet *, int);
196 static void rsu_stop_locked(struct ifnet *, int);
198 static device_method_t rsu_methods[] = {
199 DEVMETHOD(device_probe, rsu_match),
200 DEVMETHOD(device_attach, rsu_attach),
201 DEVMETHOD(device_detach, rsu_detach),
206 static driver_t rsu_driver = {
208 .methods = rsu_methods,
209 .size = sizeof(struct rsu_softc)
212 static devclass_t rsu_devclass;
214 DRIVER_MODULE(rsu, uhub, rsu_driver, rsu_devclass, NULL, 0);
215 MODULE_DEPEND(rsu, wlan, 1, 1, 1);
216 MODULE_DEPEND(rsu, usb, 1, 1, 1);
217 MODULE_DEPEND(rsu, firmware, 1, 1, 1);
218 MODULE_VERSION(rsu, 1);
220 static const struct usb_config rsu_config[RSU_N_TRANSFER] = {
223 .endpoint = UE_ADDR_ANY,
224 .direction = UE_DIR_IN,
225 .bufsize = RSU_RXBUFSZ,
230 .callback = rsu_bulk_rx_callback
235 .direction = UE_DIR_OUT,
236 .bufsize = RSU_TXBUFSZ,
240 .force_short_xfer = 1
242 .callback = rsu_bulk_tx_callback,
243 .timeout = RSU_TX_TIMEOUT
248 .direction = UE_DIR_OUT,
249 .bufsize = RSU_TXBUFSZ,
253 .force_short_xfer = 1
255 .callback = rsu_bulk_tx_callback,
256 .timeout = RSU_TX_TIMEOUT
261 .direction = UE_DIR_OUT,
262 .bufsize = RSU_TXBUFSZ,
266 .force_short_xfer = 1
268 .callback = rsu_bulk_tx_callback,
269 .timeout = RSU_TX_TIMEOUT
274 .direction = UE_DIR_OUT,
275 .bufsize = RSU_TXBUFSZ,
279 .force_short_xfer = 1
281 .callback = rsu_bulk_tx_callback,
282 .timeout = RSU_TX_TIMEOUT
287 rsu_match(device_t self)
289 struct usb_attach_arg *uaa = device_get_ivars(self);
291 if (uaa->usb_mode != USB_MODE_HOST ||
292 uaa->info.bIfaceIndex != 0 ||
293 uaa->info.bConfigIndex != 0)
296 return (usbd_lookup_id_by_uaa(rsu_devs, sizeof(rsu_devs), uaa));
300 rsu_attach(device_t self)
302 struct usb_attach_arg *uaa = device_get_ivars(self);
303 struct rsu_softc *sc = device_get_softc(self);
305 struct ieee80211com *ic;
307 uint8_t iface_index, bands;
309 device_set_usb_desc(self);
310 sc->sc_udev = uaa->device;
313 mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK,
315 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_task, 0,
317 callout_init(&sc->sc_watchdog_ch, 0);
320 error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer,
321 rsu_config, RSU_N_TRANSFER, sc, &sc->sc_mtx);
323 device_printf(sc->sc_dev,
324 "could not allocate USB transfers, err=%s\n",
329 /* Read chip revision. */
330 sc->cut = MS(rsu_read_4(sc, R92S_PMC_FSM), R92S_PMC_FSM_CUT);
332 sc->cut = (sc->cut >> 1) + 1;
333 error = rsu_read_rom(sc);
335 device_printf(self, "could not read ROM\n");
339 IEEE80211_ADDR_COPY(sc->sc_bssid, &sc->rom[0x12]);
340 device_printf(self, "MAC/BB RTL8712 cut %d\n", sc->cut);
341 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
343 device_printf(self, "cannot allocate interface\n");
348 if_initname(ifp, "rsu", device_get_unit(self));
349 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
350 ifp->if_init = rsu_init;
351 ifp->if_ioctl = rsu_ioctl;
352 ifp->if_start = rsu_start;
353 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
354 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
355 IFQ_SET_READY(&ifp->if_snd);
356 ifp->if_capabilities |= IFCAP_RXCSUM;
357 ifp->if_capenable |= IFCAP_RXCSUM;
358 ifp->if_hwassist = CSUM_TCP;
361 ic->ic_phytype = IEEE80211_T_OFDM; /* Not only, but not used. */
362 ic->ic_opmode = IEEE80211_M_STA; /* Default to BSS mode. */
364 /* Set device capabilities. */
366 IEEE80211_C_STA | /* station mode */
367 IEEE80211_C_BGSCAN | /* Background scan. */
368 IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */
369 IEEE80211_C_SHSLOT | /* Short slot time supported. */
370 IEEE80211_C_WPA; /* WPA/RSN. */
373 /* Check if HT support is present. */
374 if (usb_lookup(rsu_devs_noht, uaa->vendor, uaa->product) == NULL) {
375 /* Set HT capabilities. */
377 IEEE80211_HTCAP_CBW20_40 |
378 IEEE80211_HTCAP_DSSSCCK40;
379 /* Set supported HT rates. */
380 for (i = 0; i < 2; i++)
381 ic->ic_sup_mcs[i] = 0xff;
385 /* Set supported .11b and .11g rates. */
387 setbit(&bands, IEEE80211_MODE_11B);
388 setbit(&bands, IEEE80211_MODE_11G);
389 ieee80211_init_channels(ic, NULL, &bands);
391 ieee80211_ifattach(ic, sc->sc_bssid);
392 ic->ic_raw_xmit = rsu_raw_xmit;
393 ic->ic_scan_start = rsu_scan_start;
394 ic->ic_scan_end = rsu_scan_end;
395 ic->ic_set_channel = rsu_set_channel;
396 ic->ic_vap_create = rsu_vap_create;
397 ic->ic_vap_delete = rsu_vap_delete;
398 ic->ic_update_mcast = rsu_update_mcast;
400 ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr,
401 sizeof(sc->sc_txtap), RSU_TX_RADIOTAP_PRESENT,
402 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
403 RSU_RX_RADIOTAP_PRESENT);
406 ieee80211_announce(ic);
412 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER);
414 mtx_destroy(&sc->sc_mtx);
419 rsu_detach(device_t self)
421 struct rsu_softc *sc = device_get_softc(self);
422 struct ifnet *ifp = sc->sc_ifp;
423 struct ieee80211com *ic = ifp->if_l2com;
425 if (!device_is_attached(self))
428 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER);
429 ieee80211_ifdetach(ic);
431 callout_drain(&sc->sc_watchdog_ch);
432 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
434 /* Free Tx/Rx buffers. */
435 rsu_free_tx_list(sc);
436 rsu_free_rx_list(sc);
439 mtx_destroy(&sc->sc_mtx);
445 rsu_do_request(struct rsu_softc *sc, struct usb_device_request *req,
451 RSU_ASSERT_LOCKED(sc);
454 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
455 req, data, 0, NULL, 250 /* ms */);
456 if (err == 0 || !device_is_attached(sc->sc_dev))
458 DPRINTFN(1, "Control request failed, %s (retrying)\n",
460 usb_pause_mtx(&sc->sc_mtx, hz / 100);
466 static struct ieee80211vap *
467 rsu_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
468 enum ieee80211_opmode opmode, int flags,
469 const uint8_t bssid[IEEE80211_ADDR_LEN],
470 const uint8_t mac[IEEE80211_ADDR_LEN])
473 struct ieee80211vap *vap;
475 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
478 uvp = (struct rsu_vap *) malloc(sizeof(struct rsu_vap),
479 M_80211_VAP, M_NOWAIT | M_ZERO);
483 ieee80211_vap_setup(ic, vap, name, unit, opmode,
486 /* override state transition machine */
487 uvp->newstate = vap->iv_newstate;
488 vap->iv_newstate = rsu_newstate;
491 ieee80211_vap_attach(vap, ieee80211_media_change,
492 ieee80211_media_status);
493 ic->ic_opmode = opmode;
499 rsu_vap_delete(struct ieee80211vap *vap)
501 struct rsu_vap *uvp = RSU_VAP(vap);
503 ieee80211_vap_detach(vap);
504 free(uvp, M_80211_VAP);
508 rsu_scan_start(struct ieee80211com *ic)
511 struct ifnet *ifp = ic->ic_ifp;
512 struct rsu_softc *sc = ifp->if_softc;
514 /* Scanning is done by the firmware. */
516 error = rsu_site_survey(sc, TAILQ_FIRST(&ic->ic_vaps));
519 device_printf(sc->sc_dev,
520 "could not send site survey command\n");
524 rsu_scan_end(struct ieee80211com *ic)
526 /* Nothing to do here. */
530 rsu_set_channel(struct ieee80211com *ic __unused)
532 /* We are unable to switch channels, yet. */
536 rsu_update_mcast(struct ifnet *ifp)
538 /* XXX do nothing? */
542 rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[],
543 int ndata, int maxsz)
547 for (i = 0; i < ndata; i++) {
548 struct rsu_data *dp = &data[i];
551 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT);
552 if (dp->buf == NULL) {
553 device_printf(sc->sc_dev,
554 "could not allocate buffer\n");
563 rsu_free_list(sc, data, ndata);
568 rsu_alloc_rx_list(struct rsu_softc *sc)
572 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT,
577 STAILQ_INIT(&sc->sc_rx_active);
578 STAILQ_INIT(&sc->sc_rx_inactive);
580 for (i = 0; i < RSU_RX_LIST_COUNT; i++)
581 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next);
587 rsu_alloc_tx_list(struct rsu_softc *sc)
591 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT,
596 STAILQ_INIT(&sc->sc_tx_active);
597 STAILQ_INIT(&sc->sc_tx_inactive);
598 STAILQ_INIT(&sc->sc_tx_pending);
600 for (i = 0; i < RSU_TX_LIST_COUNT; i++) {
601 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next);
608 rsu_free_tx_list(struct rsu_softc *sc)
610 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT);
614 rsu_free_rx_list(struct rsu_softc *sc)
616 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT);
620 rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata)
624 for (i = 0; i < ndata; i++) {
625 struct rsu_data *dp = &data[i];
627 if (dp->buf != NULL) {
628 free(dp->buf, M_USBDEV);
631 if (dp->ni != NULL) {
632 ieee80211_free_node(dp->ni);
638 static struct rsu_data *
639 _rsu_getbuf(struct rsu_softc *sc)
643 bf = STAILQ_FIRST(&sc->sc_tx_inactive);
645 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next);
649 DPRINTF("out of xmit buffers\n");
653 static struct rsu_data *
654 rsu_getbuf(struct rsu_softc *sc)
658 RSU_ASSERT_LOCKED(sc);
660 bf = _rsu_getbuf(sc);
662 struct ifnet *ifp = sc->sc_ifp;
663 DPRINTF("stop queue\n");
664 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
670 rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
673 usb_device_request_t req;
675 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
676 req.bRequest = R92S_REQ_REGS;
677 USETW(req.wValue, addr);
678 USETW(req.wIndex, 0);
679 USETW(req.wLength, len);
681 return (rsu_do_request(sc, &req, buf));
685 rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val)
687 rsu_write_region_1(sc, addr, &val, 1);
691 rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val)
694 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2);
698 rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val)
701 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4);
705 rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
708 usb_device_request_t req;
710 req.bmRequestType = UT_READ_VENDOR_DEVICE;
711 req.bRequest = R92S_REQ_REGS;
712 USETW(req.wValue, addr);
713 USETW(req.wIndex, 0);
714 USETW(req.wLength, len);
716 return (rsu_do_request(sc, &req, buf));
720 rsu_read_1(struct rsu_softc *sc, uint16_t addr)
724 if (rsu_read_region_1(sc, addr, &val, 1) != 0)
730 rsu_read_2(struct rsu_softc *sc, uint16_t addr)
734 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0)
736 return (le16toh(val));
740 rsu_read_4(struct rsu_softc *sc, uint16_t addr)
744 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0)
746 return (le32toh(val));
750 rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd)
754 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd);
756 for (ntries = 0; ntries < 50; ntries++) {
757 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0)
765 rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr)
770 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
771 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr);
772 reg &= ~R92S_EFUSE_CTRL_VALID;
773 rsu_write_4(sc, R92S_EFUSE_CTRL, reg);
774 /* Wait for read operation to complete. */
775 for (ntries = 0; ntries < 100; ntries++) {
776 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
777 if (reg & R92S_EFUSE_CTRL_VALID)
778 return (MS(reg, R92S_EFUSE_CTRL_DATA));
781 device_printf(sc->sc_dev,
782 "could not read efuse byte at address 0x%x\n", addr);
787 rsu_read_rom(struct rsu_softc *sc)
789 uint8_t *rom = sc->rom;
795 /* Make sure that ROM type is eFuse and that autoload succeeded. */
796 reg = rsu_read_1(sc, R92S_EE_9346CR);
797 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN)
800 /* Turn on 2.5V to prevent eFuse leakage. */
801 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3);
802 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80);
804 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80);
806 /* Read full ROM image. */
807 memset(&sc->rom, 0xff, sizeof(sc->rom));
809 reg = rsu_efuse_read_1(sc, addr);
815 for (i = 0; i < 4; i++) {
818 rom[off * 8 + i * 2 + 0] =
819 rsu_efuse_read_1(sc, addr);
821 rom[off * 8 + i * 2 + 1] =
822 rsu_efuse_read_1(sc, addr);
827 if (rsu_debug >= 5) {
828 /* Dump ROM content. */
830 for (i = 0; i < sizeof(sc->rom); i++)
831 printf("%02x:", rom[i]);
839 rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len)
841 struct rsu_data *data;
842 struct r92s_tx_desc *txd;
843 struct r92s_fw_cmd_hdr *cmd;
846 data = rsu_getbuf(sc);
850 /* Round-up command length to a multiple of 8 bytes. */
851 cmdsz = (len + 7) & ~7;
853 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz;
854 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__));
855 memset(data->buf, 0, xferlen);
857 /* Setup Tx descriptor. */
858 txd = (struct r92s_tx_desc *)data->buf;
859 txd->txdw0 = htole32(
860 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
861 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) |
862 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
863 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C));
865 /* Setup command header. */
866 cmd = (struct r92s_fw_cmd_hdr *)&txd[1];
867 cmd->len = htole16(cmdsz);
869 cmd->seq = sc->cmd_seq;
870 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f;
872 /* Copy command payload. */
873 memcpy(&cmd[1], buf, len);
875 DPRINTFN(2, "Tx cmd code=0x%x len=0x%x\n", code, cmdsz);
876 data->buflen = xferlen;
877 STAILQ_INSERT_TAIL(&sc->sc_tx_pending, data, next);
878 usbd_transfer_start(sc->sc_xfer[RSU_BULK_TX_VO]);
885 rsu_calib_task(void *arg, int pending __unused)
887 struct rsu_softc *sc = arg;
890 DPRINTFN(6, "running calibration task\n");
893 /* Read WPS PBC status. */
894 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL,
895 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG));
896 rsu_write_1(sc, R92S_GPIO_IO_SEL,
897 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS);
898 reg = rsu_read_1(sc, R92S_GPIO_CTRL);
899 if (reg != 0xff && (reg & R92S_GPIO_WPS))
900 DPRINTF(("WPS PBC is pushed\n"));
902 /* Read current signal level. */
903 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) {
904 reg = rsu_read_4(sc, R92S_IOCMD_DATA);
905 DPRINTFN(8, "RSSI=%d%%\n", reg >> 4);
907 if (sc->sc_calibrating) {
909 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task,
916 rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
918 struct rsu_vap *uvp = RSU_VAP(vap);
919 struct ieee80211com *ic = vap->iv_ic;
920 struct rsu_softc *sc = ic->ic_ifp->if_softc;
921 struct ieee80211_node *ni;
922 struct ieee80211_rateset *rs;
923 enum ieee80211_state ostate;
924 int error, startcal = 0;
926 ostate = vap->iv_state;
927 DPRINTF("%s -> %s\n", ieee80211_state_name[ostate],
928 ieee80211_state_name[nstate]);
930 IEEE80211_UNLOCK(ic);
931 if (ostate == IEEE80211_S_RUN) {
933 /* Stop calibration. */
934 sc->sc_calibrating = 0;
936 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
937 /* Disassociate from our current BSS. */
943 case IEEE80211_S_INIT:
945 case IEEE80211_S_AUTH:
946 ni = ieee80211_ref_node(vap->iv_bss);
947 error = rsu_join_bss(sc, ni);
948 ieee80211_free_node(ni);
950 device_printf(sc->sc_dev,
951 "could not send join command\n");
954 case IEEE80211_S_RUN:
955 ni = ieee80211_ref_node(vap->iv_bss);
957 /* Indicate highest supported rate. */
958 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1];
959 ieee80211_free_node(ni);
965 sc->sc_calibrating = 1;
968 /* Start periodic calibration. */
969 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz * 2);
971 return (uvp->newstate(vap, nstate, arg));
976 rsu_set_key(struct rsu_softc *sc, const struct ieee80211_key *k)
978 struct r92s_fw_cmd_set_key key;
980 memset(&key, 0, sizeof(key));
981 /* Map net80211 cipher to HW crypto algorithm. */
982 switch (k->wk_cipher->ic_cipher) {
983 case IEEE80211_CIPHER_WEP:
984 if (k->wk_keylen < 8)
985 key.algo = R92S_KEY_ALGO_WEP40;
987 key.algo = R92S_KEY_ALGO_WEP104;
989 case IEEE80211_CIPHER_TKIP:
990 key.algo = R92S_KEY_ALGO_TKIP;
992 case IEEE80211_CIPHER_AES_CCM:
993 key.algo = R92S_KEY_ALGO_AES;
998 key.id = k->wk_keyix;
999 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0;
1000 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key)));
1001 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1005 rsu_delete_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1007 struct r92s_fw_cmd_set_key key;
1009 memset(&key, 0, sizeof(key));
1010 key.id = k->wk_keyix;
1011 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1016 rsu_site_survey(struct rsu_softc *sc, struct ieee80211vap *vap)
1018 struct r92s_fw_cmd_sitesurvey cmd;
1019 struct ifnet *ifp = sc->sc_ifp;
1020 struct ieee80211com *ic = ifp->if_l2com;
1022 memset(&cmd, 0, sizeof(cmd));
1023 if ((ic->ic_flags & IEEE80211_F_ASCAN) || sc->scan_pass == 1)
1024 cmd.active = htole32(1);
1025 cmd.limit = htole32(48);
1026 if (sc->scan_pass == 1 && vap->iv_des_nssid > 0) {
1027 /* Do a directed scan for second pass. */
1028 cmd.ssidlen = htole32(vap->iv_des_ssid[0].len);
1029 memcpy(cmd.ssid, vap->iv_des_ssid[0].ssid,
1030 vap->iv_des_ssid[0].len);
1033 DPRINTF("sending site survey command, pass=%d\n", sc->scan_pass);
1034 return (rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd)));
1038 rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni)
1040 struct ifnet *ifp = sc->sc_ifp;
1041 struct ieee80211com *ic = ifp->if_l2com;
1042 struct ieee80211vap *vap = ni->ni_vap;
1043 struct ndis_wlan_bssid_ex *bss;
1044 struct ndis_802_11_fixed_ies *fixed;
1045 struct r92s_fw_cmd_auth auth;
1046 uint8_t buf[sizeof(*bss) + 128], *frm;
1050 /* Let the FW decide the opmode based on the capinfo field. */
1051 opmode = NDIS802_11AUTOUNKNOWN;
1052 DPRINTF("setting operating mode to %d\n", opmode);
1053 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode));
1057 memset(&auth, 0, sizeof(auth));
1058 if (vap->iv_flags & IEEE80211_F_WPA) {
1059 auth.mode = R92S_AUTHMODE_WPA;
1060 auth.dot1x = ni->ni_authmode == IEEE80211_AUTH_8021X;
1062 auth.mode = R92S_AUTHMODE_OPEN;
1063 DPRINTF("setting auth mode to %d\n", auth.mode);
1064 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth));
1068 memset(buf, 0, sizeof(buf));
1069 bss = (struct ndis_wlan_bssid_ex *)buf;
1070 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid);
1071 bss->ssid.ssidlen = htole32(ni->ni_esslen);
1072 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen);
1073 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA))
1074 bss->privacy = htole32(1);
1075 bss->rssi = htole32(ni->ni_avgrssi);
1076 if (ic->ic_curmode == IEEE80211_MODE_11B)
1077 bss->networktype = htole32(NDIS802_11DS);
1079 bss->networktype = htole32(NDIS802_11OFDM24);
1080 bss->config.len = htole32(sizeof(bss->config));
1081 bss->config.bintval = htole32(ni->ni_intval);
1082 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan));
1083 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE);
1084 memcpy(bss->supprates, ni->ni_rates.rs_rates,
1085 ni->ni_rates.rs_nrates);
1086 /* Write the fixed fields of the beacon frame. */
1087 fixed = (struct ndis_802_11_fixed_ies *)&bss[1];
1088 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8);
1089 fixed->bintval = htole16(ni->ni_intval);
1090 fixed->capabilities = htole16(ni->ni_capinfo);
1091 /* Write IEs to be included in the association request. */
1092 frm = (uint8_t *)&fixed[1];
1093 frm = ieee80211_add_rsn(frm, vap);
1094 frm = ieee80211_add_wpa(frm, vap);
1095 frm = ieee80211_add_qos(frm, ni);
1096 if (ni->ni_flags & IEEE80211_NODE_HT)
1097 frm = ieee80211_add_htcap(frm, ni);
1098 bss->ieslen = htole32(frm - (uint8_t *)fixed);
1099 bss->len = htole32(((frm - buf) + 3) & ~3);
1100 DPRINTF("sending join bss command to %s chan %d\n",
1101 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig));
1102 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf)));
1106 rsu_disconnect(struct rsu_softc *sc)
1108 uint32_t zero = 0; /* :-) */
1110 /* Disassociate from our current BSS. */
1111 DPRINTF("sending disconnect command\n");
1112 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero)));
1116 rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len)
1118 struct ifnet *ifp = sc->sc_ifp;
1119 struct ieee80211com *ic = ifp->if_l2com;
1120 struct ieee80211_frame *wh;
1121 struct ieee80211_channel *c;
1122 struct ndis_wlan_bssid_ex *bss;
1126 if (__predict_false(len < sizeof(*bss)))
1128 bss = (struct ndis_wlan_bssid_ex *)buf;
1129 if (__predict_false(len < sizeof(*bss) + le32toh(bss->ieslen)))
1132 DPRINTFN(2, "found BSS %s: len=%d chan=%d inframode=%d "
1133 "networktype=%d privacy=%d\n",
1134 ether_sprintf(bss->macaddr), le32toh(bss->len),
1135 le32toh(bss->config.dsconfig), le32toh(bss->inframode),
1136 le32toh(bss->networktype), le32toh(bss->privacy));
1138 /* Build a fake beacon frame to let net80211 do all the parsing. */
1139 pktlen = sizeof(*wh) + le32toh(bss->ieslen);
1140 if (__predict_false(pktlen > MCLBYTES))
1142 MGETHDR(m, M_DONTWAIT, MT_DATA);
1143 if (__predict_false(m == NULL))
1145 if (pktlen > MHLEN) {
1146 MCLGET(m, M_DONTWAIT);
1147 if (!(m->m_flags & M_EXT)) {
1152 wh = mtod(m, struct ieee80211_frame *);
1153 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
1154 IEEE80211_FC0_SUBTYPE_BEACON;
1155 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1156 *(uint16_t *)wh->i_dur = 0;
1157 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
1158 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr);
1159 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr);
1160 *(uint16_t *)wh->i_seq = 0;
1161 memcpy(&wh[1], (uint8_t *)&bss[1], le32toh(bss->ieslen));
1163 /* Finalize mbuf. */
1164 m->m_pkthdr.len = m->m_len = pktlen;
1165 m->m_pkthdr.rcvif = ifp;
1166 /* Fix the channel. */
1167 c = ieee80211_find_channel_byieee(ic,
1168 le32toh(bss->config.dsconfig),
1172 ieee80211_radiotap_chan_change(ic);
1174 /* XXX avoid a LOR */
1176 ieee80211_input_all(ic, m, le32toh(bss->rssi), 0);
1181 rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len)
1183 struct ifnet *ifp = sc->sc_ifp;
1184 struct ieee80211com *ic = ifp->if_l2com;
1185 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1186 struct ieee80211_node *ni = vap->iv_bss;
1187 struct r92s_event_join_bss *rsp;
1190 if (__predict_false(len < sizeof(*rsp)))
1192 rsp = (struct r92s_event_join_bss *)buf;
1193 res = (int)le32toh(rsp->join_res);
1195 DPRINTF("Rx join BSS event len=%d res=%d\n", len, res);
1198 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1202 DPRINTF("associated with %s associd=%d\n",
1203 ether_sprintf(rsp->bss.macaddr), le32toh(rsp->associd));
1204 ni->ni_associd = le32toh(rsp->associd) | 0xc000;
1206 ieee80211_new_state(vap, IEEE80211_S_RUN,
1207 IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1212 rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len)
1214 struct ifnet *ifp = sc->sc_ifp;
1215 struct ieee80211com *ic = ifp->if_l2com;
1216 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1218 DPRINTFN(4, "Rx event code=%d len=%d\n", code, len);
1220 case R92S_EVT_SURVEY:
1221 if (vap->iv_state == IEEE80211_S_SCAN)
1222 rsu_event_survey(sc, buf, len);
1224 case R92S_EVT_SURVEY_DONE:
1225 DPRINTF("site survey pass %d done, found %d BSS\n",
1226 sc->scan_pass, le32toh(*(uint32_t *)buf));
1227 if (vap->iv_state != IEEE80211_S_SCAN)
1228 break; /* Ignore if not scanning. */
1229 if (sc->scan_pass == 0 && vap->iv_des_nssid != 0) {
1230 /* Schedule a directed scan for hidden APs. */
1233 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1239 case R92S_EVT_JOIN_BSS:
1240 if (vap->iv_state == IEEE80211_S_AUTH)
1241 rsu_event_join_bss(sc, buf, len);
1243 case R92S_EVT_DEL_STA:
1244 DPRINTF("disassociated from %s\n", ether_sprintf(buf));
1245 if (vap->iv_state == IEEE80211_S_RUN &&
1246 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) {
1248 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1252 case R92S_EVT_WPS_PBC:
1253 DPRINTF("WPS PBC pushed.\n");
1255 case R92S_EVT_FWDBG:
1256 if (ifp->if_flags & IFF_DEBUG) {
1258 printf("FWDBG: %s\n", (char *)buf);
1265 rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len)
1267 struct r92s_fw_cmd_hdr *cmd;
1270 DPRINTFN(6, "Rx events len=%d\n", len);
1272 /* Skip Rx status. */
1273 buf += sizeof(struct r92s_rx_stat);
1274 len -= sizeof(struct r92s_rx_stat);
1276 /* Process all events. */
1278 /* Check that command header fits. */
1279 if (__predict_false(len < sizeof(*cmd)))
1281 cmd = (struct r92s_fw_cmd_hdr *)buf;
1282 /* Check that command payload fits. */
1283 cmdsz = le16toh(cmd->len);
1284 if (__predict_false(len < sizeof(*cmd) + cmdsz))
1287 /* Process firmware event. */
1288 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz);
1290 if (!(cmd->seq & R92S_FW_CMD_MORE))
1292 buf += sizeof(*cmd) + cmdsz;
1293 len -= sizeof(*cmd) + cmdsz;
1298 rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt)
1300 static const int8_t cckoff[] = { 14, -2, -20, -40 };
1301 struct r92s_rx_phystat *phy;
1302 struct r92s_rx_cck *cck;
1307 cck = (struct r92s_rx_cck *)physt;
1308 rpt = (cck->agc_rpt >> 6) & 0x3;
1309 rssi = cck->agc_rpt & 0x3e;
1310 rssi = cckoff[rpt] - rssi;
1311 } else { /* OFDM/HT. */
1312 phy = (struct r92s_rx_phystat *)physt;
1313 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106;
1318 static struct mbuf *
1319 rsu_rx_frame(struct rsu_softc *sc, uint8_t *buf, int pktlen, int *rssi)
1321 struct ifnet *ifp = sc->sc_ifp;
1322 struct ieee80211com *ic = ifp->if_l2com;
1323 struct ieee80211_frame *wh;
1324 struct r92s_rx_stat *stat;
1325 uint32_t rxdw0, rxdw3;
1330 stat = (struct r92s_rx_stat *)buf;
1331 rxdw0 = le32toh(stat->rxdw0);
1332 rxdw3 = le32toh(stat->rxdw3);
1334 if (__predict_false(rxdw0 & R92S_RXDW0_CRCERR)) {
1338 if (__predict_false(pktlen < sizeof(*wh) || pktlen > MCLBYTES)) {
1343 rate = MS(rxdw3, R92S_RXDW3_RATE);
1344 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1346 /* Get RSSI from PHY status descriptor if present. */
1348 *rssi = rsu_get_rssi(sc, rate, &stat[1]);
1352 DPRINTFN(5, "Rx frame len=%d rate=%d infosz=%d rssi=%d\n",
1353 pktlen, rate, infosz, *rssi);
1355 MGETHDR(m, M_DONTWAIT, MT_DATA);
1356 if (__predict_false(m == NULL)) {
1360 if (pktlen > MHLEN) {
1361 MCLGET(m, M_DONTWAIT);
1362 if (__predict_false(!(m->m_flags & M_EXT))) {
1368 /* Finalize mbuf. */
1369 m->m_pkthdr.rcvif = ifp;
1370 /* Hardware does Rx TCP checksum offload. */
1371 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) {
1372 if (__predict_true(rxdw3 & R92S_RXDW3_TCPCHKRPT))
1373 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID;
1375 wh = (struct ieee80211_frame *)((uint8_t *)&stat[1] + infosz);
1376 memcpy(mtod(m, uint8_t *), wh, pktlen);
1377 m->m_pkthdr.len = m->m_len = pktlen;
1379 if (ieee80211_radiotap_active(ic)) {
1380 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap;
1382 /* Map HW rate index to 802.11 rate. */
1384 if (!(rxdw3 & R92S_RXDW3_HTC)) {
1387 case 0: tap->wr_rate = 2; break;
1388 case 1: tap->wr_rate = 4; break;
1389 case 2: tap->wr_rate = 11; break;
1390 case 3: tap->wr_rate = 22; break;
1392 case 4: tap->wr_rate = 12; break;
1393 case 5: tap->wr_rate = 18; break;
1394 case 6: tap->wr_rate = 24; break;
1395 case 7: tap->wr_rate = 36; break;
1396 case 8: tap->wr_rate = 48; break;
1397 case 9: tap->wr_rate = 72; break;
1398 case 10: tap->wr_rate = 96; break;
1399 case 11: tap->wr_rate = 108; break;
1401 } else if (rate >= 12) { /* MCS0~15. */
1402 /* Bit 7 set means HT MCS instead of rate. */
1403 tap->wr_rate = 0x80 | (rate - 12);
1405 tap->wr_dbm_antsignal = *rssi;
1406 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
1407 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
1413 static struct mbuf *
1414 rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len, int *rssi)
1416 struct r92s_rx_stat *stat;
1418 int totlen, pktlen, infosz, npkts;
1419 struct mbuf *m, *m0 = NULL, *prevm = NULL;
1421 /* Get the number of encapsulated frames. */
1422 stat = (struct r92s_rx_stat *)buf;
1423 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT);
1424 DPRINTFN(6, "Rx %d frames in one chunk\n", npkts);
1426 /* Process all of them. */
1427 while (npkts-- > 0) {
1428 if (__predict_false(len < sizeof(*stat)))
1430 stat = (struct r92s_rx_stat *)buf;
1431 rxdw0 = le32toh(stat->rxdw0);
1433 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN);
1434 if (__predict_false(pktlen == 0))
1437 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1439 /* Make sure everything fits in xfer. */
1440 totlen = sizeof(*stat) + infosz + pktlen;
1441 if (__predict_false(totlen > len))
1444 /* Process 802.11 frame. */
1445 m = rsu_rx_frame(sc, buf, pktlen, rssi);
1454 /* Next chunk is 128-byte aligned. */
1455 totlen = (totlen + 127) & ~127;
1463 static struct mbuf *
1464 rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data, int *rssi)
1466 struct rsu_softc *sc = data->sc;
1467 struct r92s_rx_stat *stat;
1470 usbd_xfer_status(xfer, &len, NULL, NULL, NULL);
1472 if (__predict_false(len < sizeof(*stat))) {
1473 DPRINTF("xfer too short %d\n", len);
1474 sc->sc_ifp->if_ierrors++;
1477 /* Determine if it is a firmware C2H event or an 802.11 frame. */
1478 stat = (struct r92s_rx_stat *)data->buf;
1479 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) {
1480 rsu_rx_multi_event(sc, data->buf, len);
1481 /* No packets to process. */
1484 return (rsu_rx_multi_frame(sc, data->buf, len, rssi));
1488 rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
1490 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1491 struct ifnet *ifp = sc->sc_ifp;
1492 struct ieee80211com *ic = ifp->if_l2com;
1493 struct ieee80211_frame *wh;
1494 struct ieee80211_node *ni;
1495 struct mbuf *m = NULL, *next;
1496 struct rsu_data *data;
1499 RSU_ASSERT_LOCKED(sc);
1501 switch (USB_GET_STATE(xfer)) {
1502 case USB_ST_TRANSFERRED:
1503 data = STAILQ_FIRST(&sc->sc_rx_active);
1506 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1507 m = rsu_rxeof(xfer, data, &rssi);
1508 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1512 data = STAILQ_FIRST(&sc->sc_rx_inactive);
1514 KASSERT(m == NULL, ("mbuf isn't NULL"));
1517 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next);
1518 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next);
1519 usbd_xfer_set_frame_data(xfer, 0, data->buf,
1520 usbd_xfer_max_len(xfer));
1521 usbd_transfer_submit(xfer);
1523 * To avoid LOR we should unlock our private mutex here to call
1524 * ieee80211_input() because here is at the end of a USB
1525 * callback and safe to unlock.
1531 wh = mtod(m, struct ieee80211_frame *);
1532 ni = ieee80211_find_rxnode(ic,
1533 (struct ieee80211_frame_min *)wh);
1535 (void)ieee80211_input(ni, m, rssi, 0);
1536 ieee80211_free_node(ni);
1538 (void)ieee80211_input_all(ic, m, rssi, 0);
1544 /* needs it to the inactive queue due to a error. */
1545 data = STAILQ_FIRST(&sc->sc_rx_active);
1547 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1548 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1550 if (error != USB_ERR_CANCELLED) {
1551 usbd_xfer_set_stall(xfer);
1562 rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data)
1564 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1565 struct ifnet *ifp = sc->sc_ifp;
1568 RSU_ASSERT_LOCKED(sc);
1571 * Do any tx complete callback. Note this must be done before releasing
1572 * the node reference.
1576 if (m->m_flags & M_TXCB) {
1578 ieee80211_process_callback(data->ni, m, 0);
1584 ieee80211_free_node(data->ni);
1587 sc->sc_tx_timer = 0;
1589 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
1593 rsu_bulk_tx_callback(struct usb_xfer *xfer, usb_error_t error)
1595 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1596 struct ifnet *ifp = sc->sc_ifp;
1597 struct rsu_data *data;
1599 RSU_ASSERT_LOCKED(sc);
1601 switch (USB_GET_STATE(xfer)) {
1602 case USB_ST_TRANSFERRED:
1603 data = STAILQ_FIRST(&sc->sc_tx_active);
1606 DPRINTF("transfer done %p\n", data);
1607 STAILQ_REMOVE_HEAD(&sc->sc_tx_active, next);
1608 rsu_txeof(xfer, data);
1609 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, data, next);
1613 data = STAILQ_FIRST(&sc->sc_tx_pending);
1615 DPRINTF("empty pending queue sc %p\n", sc);
1618 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending, next);
1619 STAILQ_INSERT_TAIL(&sc->sc_tx_active, data, next);
1620 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen);
1621 DPRINTF("submitting transfer %p\n", data);
1622 usbd_transfer_submit(xfer);
1623 rsu_start_locked(ifp);
1626 data = STAILQ_FIRST(&sc->sc_tx_active);
1629 if (data->ni != NULL) {
1630 ieee80211_free_node(data->ni);
1634 if (error != USB_ERR_CANCELLED) {
1635 usbd_xfer_set_stall(xfer);
1643 rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni,
1644 struct mbuf *m0, struct rsu_data *data)
1646 struct ifnet *ifp = sc->sc_ifp;
1647 struct ieee80211com *ic = ifp->if_l2com;
1648 struct ieee80211vap *vap = ni->ni_vap;
1649 struct ieee80211_frame *wh;
1650 struct ieee80211_key *k = NULL;
1651 struct r92s_tx_desc *txd;
1652 struct usb_xfer *xfer;
1653 uint8_t type, tid = 0;
1654 int hasqos, xferlen;
1655 struct usb_xfer *rsu_pipes[4] = {
1656 sc->sc_xfer[RSU_BULK_TX_BE],
1657 sc->sc_xfer[RSU_BULK_TX_BK],
1658 sc->sc_xfer[RSU_BULK_TX_VI],
1659 sc->sc_xfer[RSU_BULK_TX_VO]
1662 RSU_ASSERT_LOCKED(sc);
1664 wh = mtod(m0, struct ieee80211_frame *);
1665 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1667 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1668 k = ieee80211_crypto_encap(ni, m0);
1670 device_printf(sc->sc_dev,
1671 "ieee80211_crypto_encap returns NULL.\n");
1672 /* XXX we don't expect the fragmented frames */
1676 wh = mtod(m0, struct ieee80211_frame *);
1679 case IEEE80211_FC0_TYPE_CTL:
1680 case IEEE80211_FC0_TYPE_MGT:
1681 xfer = sc->sc_xfer[RSU_BULK_TX_VO];
1684 KASSERT(M_WME_GETAC(m0) < 4,
1685 ("unsupported WME pipe %d", M_WME_GETAC(m0)));
1686 xfer = rsu_pipes[M_WME_GETAC(m0)];
1691 /* Fill Tx descriptor. */
1692 txd = (struct r92s_tx_desc *)data->buf;
1693 memset(txd, 0, sizeof(*txd));
1695 txd->txdw0 |= htole32(
1696 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) |
1697 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
1698 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
1700 txd->txdw1 |= htole32(
1701 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) |
1702 SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_BE));
1704 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS);
1707 switch (k->wk_cipher->ic_cipher) {
1708 case IEEE80211_CIPHER_WEP:
1709 cipher = R92S_TXDW1_CIPHER_WEP;
1711 case IEEE80211_CIPHER_TKIP:
1712 cipher = R92S_TXDW1_CIPHER_TKIP;
1714 case IEEE80211_CIPHER_AES_CCM:
1715 cipher = R92S_TXDW1_CIPHER_AES;
1718 cipher = R92S_TXDW1_CIPHER_NONE;
1720 txd->txdw1 |= htole32(
1721 SM(R92S_TXDW1_CIPHER, cipher) |
1722 SM(R92S_TXDW1_KEYIDX, k->k_id));
1725 txd->txdw2 |= htole32(R92S_TXDW2_BK);
1726 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
1727 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST);
1729 * Firmware will use and increment the sequence number for the
1732 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, tid));
1734 if (ieee80211_radiotap_active_vap(vap)) {
1735 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap;
1738 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
1739 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
1740 ieee80211_radiotap_tx(vap, m0);
1742 xferlen = sizeof(*txd) + m0->m_pkthdr.len;
1743 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]);
1745 data->buflen = xferlen;
1748 STAILQ_INSERT_TAIL(&sc->sc_tx_pending, data, next);
1749 usbd_transfer_start(xfer);
1755 rsu_start(struct ifnet *ifp)
1757 struct rsu_softc *sc = ifp->if_softc;
1759 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1763 rsu_start_locked(ifp);
1768 rsu_start_locked(struct ifnet *ifp)
1770 struct rsu_softc *sc = ifp->if_softc;
1771 struct ieee80211_node *ni;
1773 struct rsu_data *bf;
1775 RSU_ASSERT_LOCKED(sc);
1778 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
1781 bf = rsu_getbuf(sc);
1783 IFQ_DRV_PREPEND(&ifp->if_snd, m);
1786 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
1787 m->m_pkthdr.rcvif = NULL;
1789 if (rsu_tx_start(sc, ni, m, bf) != 0) {
1791 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next);
1792 ieee80211_free_node(ni);
1795 sc->sc_tx_timer = 5;
1796 callout_reset(&sc->sc_watchdog_ch, hz, rsu_watchdog, sc);
1801 rsu_watchdog(void *arg)
1803 struct rsu_softc *sc = arg;
1804 struct ifnet *ifp = sc->sc_ifp;
1806 if (sc->sc_tx_timer > 0) {
1807 if (--sc->sc_tx_timer == 0) {
1808 device_printf(sc->sc_dev, "device timeout\n");
1809 /* rsu_init(ifp); XXX needs a process context! */
1813 callout_reset(&sc->sc_watchdog_ch, hz, rsu_watchdog, sc);
1818 rsu_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1820 struct ieee80211com *ic = ifp->if_l2com;
1821 struct ifreq *ifr = (struct ifreq *) data;
1822 int error = 0, startall = 0;
1826 if (ifp->if_flags & IFF_UP) {
1827 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1828 rsu_init(ifp->if_softc);
1832 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1836 ieee80211_start_all(ic);
1839 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
1842 error = ether_ioctl(ifp, cmd, data);
1853 * Power on sequence for A-cut adapters.
1856 rsu_power_on_acut(struct rsu_softc *sc)
1860 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
1861 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
1863 /* Enable AFE macro block's bandgap and Mbias. */
1864 rsu_write_1(sc, R92S_AFE_MISC,
1865 rsu_read_1(sc, R92S_AFE_MISC) |
1866 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN);
1867 /* Enable LDOA15 block. */
1868 rsu_write_1(sc, R92S_LDOA15_CTRL,
1869 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
1871 rsu_write_1(sc, R92S_SPS1_CTRL,
1872 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN);
1873 usb_pause_mtx(&sc->sc_mtx, 2 * hz);
1874 /* Enable switch regulator block. */
1875 rsu_write_1(sc, R92S_SPS1_CTRL,
1876 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN);
1878 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267);
1880 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1881 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
1883 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1884 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
1886 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1887 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90);
1889 /* Enable AFE clock. */
1890 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
1891 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
1892 /* Enable AFE PLL macro block. */
1893 rsu_write_1(sc, R92S_AFE_PLL_CTRL,
1894 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11);
1895 /* Attach AFE PLL to MACTOP/BB. */
1896 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
1897 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
1899 /* Switch to 40MHz clock instead of 80MHz. */
1900 rsu_write_2(sc, R92S_SYS_CLKR,
1901 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL);
1903 /* Enable MAC clock. */
1904 rsu_write_2(sc, R92S_SYS_CLKR,
1905 rsu_read_2(sc, R92S_SYS_CLKR) |
1906 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
1908 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
1910 /* Enable digital core and IOREG R/W. */
1911 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1912 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
1914 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1915 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
1917 /* Switch the control path to firmware. */
1918 reg = rsu_read_2(sc, R92S_SYS_CLKR);
1919 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
1920 rsu_write_2(sc, R92S_SYS_CLKR, reg);
1922 rsu_write_2(sc, R92S_CR, 0x37fc);
1924 /* Fix USB RX FIFO issue. */
1925 rsu_write_1(sc, 0xfe5c,
1926 rsu_read_1(sc, 0xfe5c) | 0x80);
1927 rsu_write_1(sc, 0x00ab,
1928 rsu_read_1(sc, 0x00ab) | 0xc0);
1930 rsu_write_1(sc, R92S_SYS_CLKR,
1931 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
1935 * Power on sequence for B-cut and C-cut adapters.
1938 rsu_power_on_bcut(struct rsu_softc *sc)
1943 /* Prevent eFuse leakage. */
1944 rsu_write_1(sc, 0x37, 0xb0);
1945 usb_pause_mtx(&sc->sc_mtx, 10);
1946 rsu_write_1(sc, 0x37, 0x30);
1948 /* Switch the control path to hardware. */
1949 reg = rsu_read_2(sc, R92S_SYS_CLKR);
1950 if (reg & R92S_FWHW_SEL) {
1951 rsu_write_2(sc, R92S_SYS_CLKR,
1952 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL));
1954 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1955 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c);
1958 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
1959 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
1961 reg = rsu_read_1(sc, R92S_AFE_MISC);
1962 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN);
1963 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN |
1964 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN);
1967 rsu_write_1(sc, R92S_LDOA15_CTRL,
1968 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
1970 rsu_write_1(sc, R92S_LDOV12D_CTRL,
1971 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN);
1973 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1974 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
1976 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1977 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
1979 /* Support 64KB IMEM. */
1980 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1981 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97);
1983 /* Enable AFE clock. */
1984 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
1985 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
1986 /* Enable AFE PLL macro block. */
1987 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL);
1988 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
1990 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51);
1992 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
1995 /* Attach AFE PLL to MACTOP/BB. */
1996 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
1997 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
1999 /* Switch to 40MHz clock. */
2000 rsu_write_1(sc, R92S_SYS_CLKR, 0x00);
2001 /* Disable CPU clock and 80MHz SSC. */
2002 rsu_write_1(sc, R92S_SYS_CLKR,
2003 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0);
2004 /* Enable MAC clock. */
2005 rsu_write_2(sc, R92S_SYS_CLKR,
2006 rsu_read_2(sc, R92S_SYS_CLKR) |
2007 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2009 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2011 /* Enable digital core and IOREG R/W. */
2012 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2013 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2015 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2016 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2018 /* Switch the control path to firmware. */
2019 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2020 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2021 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2023 rsu_write_2(sc, R92S_CR, 0x37fc);
2025 /* Fix USB RX FIFO issue. */
2026 rsu_write_1(sc, 0xfe5c,
2027 rsu_read_1(sc, 0xfe5c) | 0x80);
2029 rsu_write_1(sc, R92S_SYS_CLKR,
2030 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2032 rsu_write_1(sc, 0xfe1c, 0x80);
2034 /* Make sure TxDMA is ready to download firmware. */
2035 for (ntries = 0; ntries < 20; ntries++) {
2036 reg = rsu_read_1(sc, R92S_TCR);
2037 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) ==
2038 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT))
2043 DPRINTF("TxDMA is not ready\n");
2045 reg = rsu_read_1(sc, R92S_CR);
2046 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN);
2048 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN);
2053 rsu_power_off(struct rsu_softc *sc)
2056 rsu_write_1(sc, R92S_RF_CTRL, 0x00);
2057 usb_pause_mtx(&sc->sc_mtx, 5);
2060 /* Switch control path. */
2061 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38);
2063 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70);
2064 rsu_write_1(sc, R92S_PMC_FSM, 0x06);
2065 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9);
2066 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8);
2068 /* Disable AFE PLL. */
2069 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00);
2071 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54);
2072 /* Disable eFuse 1.2V. */
2073 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50);
2074 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24);
2075 /* Enable AFE macro block's bandgap and Mbias. */
2076 rsu_write_1(sc, R92S_AFE_MISC, 0x30);
2077 /* Disable 1.6V LDO. */
2078 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56);
2079 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43);
2083 rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len)
2085 struct rsu_data *data;
2086 struct r92s_tx_desc *txd;
2090 data = rsu_getbuf(sc);
2093 txd = (struct r92s_tx_desc *)data->buf;
2094 memset(txd, 0, sizeof(*txd));
2095 if (len <= RSU_TXBUFSZ - sizeof(*txd)) {
2097 txd->txdw0 |= htole32(R92S_TXDW0_LINIP);
2100 mlen = RSU_TXBUFSZ - sizeof(*txd);
2101 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen));
2102 memcpy(&txd[1], buf, mlen);
2103 data->buflen = sizeof(*txd) + mlen;
2104 DPRINTF("starting transfer %p\n", data);
2105 STAILQ_INSERT_TAIL(&sc->sc_tx_pending, data, next);
2109 usbd_transfer_start(sc->sc_xfer[RSU_BULK_TX_VO]);
2115 rsu_load_firmware(struct rsu_softc *sc)
2117 const struct r92s_fw_hdr *hdr;
2118 struct r92s_fw_priv *dmem;
2119 const uint8_t *imem, *emem;
2121 const struct firmware *fw;
2127 /* Read firmware image from the filesystem. */
2128 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) {
2129 device_printf(sc->sc_dev,
2130 "%s: failed load firmware of file rsu-rtl8712fw\n",
2136 size = fw->datasize;
2137 if (size < sizeof(*hdr)) {
2138 device_printf(sc->sc_dev, "firmware too short\n");
2142 hdr = (const struct r92s_fw_hdr *)fw->data;
2143 if (hdr->signature != htole16(0x8712) &&
2144 hdr->signature != htole16(0x8192)) {
2145 device_printf(sc->sc_dev,
2146 "invalid firmware signature 0x%x\n",
2147 le16toh(hdr->signature));
2151 DPRINTF("FW V%d %02x-%02x %02x:%02x\n", le16toh(hdr->version),
2152 hdr->month, hdr->day, hdr->hour, hdr->minute);
2154 /* Make sure that driver and firmware are in sync. */
2155 if (hdr->privsz != htole32(sizeof(*dmem))) {
2156 device_printf(sc->sc_dev, "unsupported firmware image\n");
2160 /* Get FW sections sizes. */
2161 imemsz = le32toh(hdr->imemsz);
2162 ememsz = le32toh(hdr->sramsz);
2163 /* Check that all FW sections fit in image. */
2164 if (size < sizeof(*hdr) + imemsz + ememsz) {
2165 device_printf(sc->sc_dev, "firmware too short\n");
2169 imem = (const uint8_t *)&hdr[1];
2170 emem = imem + imemsz;
2172 /* Load IMEM section. */
2173 error = rsu_fw_loadsection(sc, imem, imemsz);
2175 device_printf(sc->sc_dev,
2176 "could not load firmware section %s\n", "IMEM");
2179 /* Wait for load to complete. */
2180 for (ntries = 0; ntries < 10; ntries++) {
2181 usb_pause_mtx(&sc->sc_mtx, 10);
2182 reg = rsu_read_2(sc, R92S_TCR);
2183 if (reg & R92S_TCR_IMEM_CODE_DONE)
2186 if (ntries == 10 || !(reg & R92S_TCR_IMEM_CHK_RPT)) {
2187 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2193 /* Load EMEM section. */
2194 error = rsu_fw_loadsection(sc, emem, ememsz);
2196 device_printf(sc->sc_dev,
2197 "could not load firmware section %s\n", "EMEM");
2200 /* Wait for load to complete. */
2201 for (ntries = 0; ntries < 10; ntries++) {
2202 usb_pause_mtx(&sc->sc_mtx, 10);
2203 reg = rsu_read_2(sc, R92S_TCR);
2204 if (reg & R92S_TCR_EMEM_CODE_DONE)
2207 if (ntries == 10 || !(reg & R92S_TCR_EMEM_CHK_RPT)) {
2208 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2215 rsu_write_1(sc, R92S_SYS_CLKR,
2216 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL);
2217 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) {
2218 device_printf(sc->sc_dev, "could not enable system clock\n");
2222 rsu_write_2(sc, R92S_SYS_FUNC_EN,
2223 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN);
2224 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) {
2225 device_printf(sc->sc_dev,
2226 "could not enable microcontroller\n");
2230 /* Wait for CPU to initialize. */
2231 for (ntries = 0; ntries < 100; ntries++) {
2232 if (rsu_read_2(sc, R92S_TCR) & R92S_TCR_IMEM_RDY)
2236 if (ntries == 100) {
2237 device_printf(sc->sc_dev,
2238 "timeout waiting for microcontroller\n");
2243 /* Update DMEM section before loading. */
2244 dmem = __DECONST(struct r92s_fw_priv *, &hdr->priv);
2245 memset(dmem, 0, sizeof(*dmem));
2246 dmem->hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172;
2247 dmem->nendpoints = sc->npipes;
2248 dmem->rf_config = 0x12; /* 1T2R */
2249 dmem->vcs_type = R92S_VCS_TYPE_AUTO;
2250 dmem->vcs_mode = R92S_VCS_MODE_RTS_CTS;
2252 dmem->bw40_en = (ic->ic_htcaps & IEEE80211_HTCAP_CBW20_40) != 0;
2254 dmem->turbo_mode = 1;
2255 /* Load DMEM section. */
2256 error = rsu_fw_loadsection(sc, (uint8_t *)dmem, sizeof(*dmem));
2258 device_printf(sc->sc_dev,
2259 "could not load firmware section %s\n", "DMEM");
2262 /* Wait for load to complete. */
2263 for (ntries = 0; ntries < 100; ntries++) {
2264 if (rsu_read_2(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE)
2268 if (ntries == 100) {
2269 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2274 /* Wait for firmware readiness. */
2275 for (ntries = 0; ntries < 60; ntries++) {
2276 if (!(rsu_read_2(sc, R92S_TCR) & R92S_TCR_FWRDY))
2281 device_printf(sc->sc_dev,
2282 "timeout waiting for firmware readiness\n");
2287 firmware_put(fw, FIRMWARE_UNLOAD);
2293 rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2294 const struct ieee80211_bpf_params *params)
2296 struct ieee80211com *ic = ni->ni_ic;
2297 struct ifnet *ifp = ic->ic_ifp;
2298 struct rsu_softc *sc = ifp->if_softc;
2299 struct rsu_data *bf;
2301 /* prevent management frames from being sent if we're not ready */
2302 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
2304 ieee80211_free_node(ni);
2308 bf = rsu_getbuf(sc);
2310 ieee80211_free_node(ni);
2316 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2317 ieee80211_free_node(ni);
2319 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next);
2324 sc->sc_tx_timer = 5;
2332 struct rsu_softc *sc = arg;
2335 rsu_init_locked(arg);
2340 rsu_init_locked(struct rsu_softc *sc)
2342 struct ifnet *ifp = sc->sc_ifp;
2343 struct r92s_set_pwr_mode cmd;
2346 /* Init host async commands ring. */
2347 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0;
2349 /* Allocate Tx/Rx buffers. */
2350 error = rsu_alloc_rx_list(sc);
2352 device_printf(sc->sc_dev, "could not allocate Rx buffers\n");
2355 error = rsu_alloc_tx_list(sc);
2357 device_printf(sc->sc_dev, "could not allocate Tx buffers\n");
2358 rsu_free_rx_list(sc);
2361 /* Power on adapter. */
2363 rsu_power_on_acut(sc);
2365 rsu_power_on_bcut(sc);
2366 /* Load firmware. */
2367 error = rsu_load_firmware(sc);
2371 /* Enable Rx TCP checksum offload. */
2372 rsu_write_4(sc, R92S_RCR,
2373 rsu_read_4(sc, R92S_RCR) | 0x04000000);
2374 /* Append PHY status. */
2375 rsu_write_4(sc, R92S_RCR,
2376 rsu_read_4(sc, R92S_RCR) | 0x02000000);
2378 rsu_write_4(sc, R92S_CR,
2379 rsu_read_4(sc, R92S_CR) & ~0xff000000);
2381 /* Use 128 bytes pages. */
2382 rsu_write_1(sc, 0x00b5,
2383 rsu_read_1(sc, 0x00b5) | 0x01);
2384 /* Enable USB Rx aggregation. */
2385 rsu_write_1(sc, 0x00bd,
2386 rsu_read_1(sc, 0x00bd) | 0x80);
2387 /* Set USB Rx aggregation threshold. */
2388 rsu_write_1(sc, 0x00d9, 0x01);
2389 /* Set USB Rx aggregation timeout (1.7ms/4). */
2390 rsu_write_1(sc, 0xfe5b, 0x04);
2391 /* Fix USB Rx FIFO issue. */
2392 rsu_write_1(sc, 0xfe5c,
2393 rsu_read_1(sc, 0xfe5c) | 0x80);
2395 /* Set MAC address. */
2396 rsu_write_region_1(sc, R92S_MACID, IF_LLADDR(ifp),
2397 IEEE80211_ADDR_LEN);
2399 /* NB: it really takes that long for firmware to boot. */
2400 usb_pause_mtx(&sc->sc_mtx, 1500);
2402 DPRINTF("setting MAC address to %s\n", ether_sprintf(IF_LLADDR(ifp)));
2403 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, IF_LLADDR(ifp),
2404 IEEE80211_ADDR_LEN);
2406 device_printf(sc->sc_dev, "could not set MAC address\n");
2410 rsu_write_1(sc, R92S_USB_HRPWM,
2411 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON);
2413 memset(&cmd, 0, sizeof(cmd));
2414 cmd.mode = R92S_PS_MODE_ACTIVE;
2415 DPRINTF("setting ps mode to %d\n", cmd.mode);
2416 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd));
2418 device_printf(sc->sc_dev, "could not set PS mode\n");
2423 if (ic->ic_htcaps & IEEE80211_HTCAP_CBW20_40) {
2424 /* Enable 40MHz mode. */
2425 error = rsu_fw_iocmd(sc,
2426 SM(R92S_IOCMD_CLASS, 0xf4) |
2427 SM(R92S_IOCMD_INDEX, 0x00) |
2428 SM(R92S_IOCMD_VALUE, 0x0007));
2430 device_printf(sc->sc_dev,
2431 "could not enable 40MHz mode\n");
2436 /* Set default channel. */
2437 ic->ic_bss->ni_chan = ic->ic_ibss_chan;
2440 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]);
2442 /* We're ready to go. */
2443 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2444 ifp->if_drv_flags |= IFF_DRV_RUNNING;
2446 callout_reset(&sc->sc_watchdog_ch, hz, rsu_watchdog, sc);
2450 rsu_free_rx_list(sc);
2451 rsu_free_tx_list(sc);
2456 rsu_stop(struct ifnet *ifp, int disable)
2458 struct rsu_softc *sc = ifp->if_softc;
2461 rsu_stop_locked(ifp, disable);
2466 rsu_stop_locked(struct ifnet *ifp, int disable __unused)
2468 struct rsu_softc *sc = ifp->if_softc;
2471 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
2472 callout_stop(&sc->sc_watchdog_ch);
2473 sc->sc_calibrating = 0;
2474 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL);
2476 /* Power off adapter. */
2479 for (i = 0; i < RSU_N_TRANSFER; i++)
2480 usbd_transfer_stop(sc->sc_xfer[i]);
projects / FreeBSD / releng / 10.0.git / blob