1 /* $OpenBSD: if_rsu.c,v 1.17 2013/04/15 09:23:01 mglocker Exp $ */
4 * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/cdefs.h>
19 __FBSDID("$FreeBSD$");
22 * Driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU.
27 * o hostap / ibss / mesh
29 #include <sys/param.h>
30 #include <sys/endian.h>
31 #include <sys/sockio.h>
33 #include <sys/kernel.h>
34 #include <sys/socket.h>
35 #include <sys/systm.h>
39 #include <sys/firmware.h>
40 #include <sys/module.h>
42 #include <machine/bus.h>
43 #include <machine/resource.h>
47 #include <net/if_arp.h>
48 #include <net/if_dl.h>
49 #include <net/if_media.h>
50 #include <net/if_types.h>
52 #include <netinet/in.h>
53 #include <netinet/in_systm.h>
54 #include <netinet/in_var.h>
55 #include <netinet/if_ether.h>
56 #include <netinet/ip.h>
58 #include <net80211/ieee80211_var.h>
59 #include <net80211/ieee80211_regdomain.h>
60 #include <net80211/ieee80211_radiotap.h>
62 #include <dev/usb/usb.h>
63 #include <dev/usb/usbdi.h>
66 #define USB_DEBUG_VAR rsu_debug
67 #include <dev/usb/usb_debug.h>
69 #include <dev/usb/wlan/if_rsureg.h>
72 static int rsu_debug = 0;
73 SYSCTL_NODE(_hw_usb, OID_AUTO, rsu, CTLFLAG_RW, 0, "USB rsu");
74 SYSCTL_INT(_hw_usb_rsu, OID_AUTO, debug, CTLFLAG_RW, &rsu_debug, 0,
78 static const STRUCT_USB_HOST_ID rsu_devs[] = {
79 #define RSU_HT_NOT_SUPPORTED 0
80 #define RSU_HT_SUPPORTED 1
81 #define RSU_DEV_HT(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \
83 #define RSU_DEV(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \
84 RSU_HT_NOT_SUPPORTED) }
85 RSU_DEV(ASUS, RTL8192SU),
86 RSU_DEV(AZUREWAVE, RTL8192SU_4),
87 RSU_DEV_HT(ACCTON, RTL8192SU),
88 RSU_DEV_HT(ASUS, USBN10),
89 RSU_DEV_HT(AZUREWAVE, RTL8192SU_1),
90 RSU_DEV_HT(AZUREWAVE, RTL8192SU_2),
91 RSU_DEV_HT(AZUREWAVE, RTL8192SU_3),
92 RSU_DEV_HT(AZUREWAVE, RTL8192SU_5),
93 RSU_DEV_HT(BELKIN, RTL8192SU_1),
94 RSU_DEV_HT(BELKIN, RTL8192SU_2),
95 RSU_DEV_HT(BELKIN, RTL8192SU_3),
96 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_1),
97 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_2),
98 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_3),
99 RSU_DEV_HT(COREGA, RTL8192SU),
100 RSU_DEV_HT(DLINK2, DWA131A1),
101 RSU_DEV_HT(DLINK2, RTL8192SU_1),
102 RSU_DEV_HT(DLINK2, RTL8192SU_2),
103 RSU_DEV_HT(EDIMAX, RTL8192SU_1),
104 RSU_DEV_HT(EDIMAX, RTL8192SU_2),
105 RSU_DEV_HT(EDIMAX, EW7622UMN),
106 RSU_DEV_HT(GUILLEMOT, HWGUN54),
107 RSU_DEV_HT(GUILLEMOT, HWNUM300),
108 RSU_DEV_HT(HAWKING, RTL8192SU_1),
109 RSU_DEV_HT(HAWKING, RTL8192SU_2),
110 RSU_DEV_HT(PLANEX2, GWUSNANO),
111 RSU_DEV_HT(REALTEK, RTL8171),
112 RSU_DEV_HT(REALTEK, RTL8172),
113 RSU_DEV_HT(REALTEK, RTL8173),
114 RSU_DEV_HT(REALTEK, RTL8174),
115 RSU_DEV_HT(REALTEK, RTL8192SU),
116 RSU_DEV_HT(REALTEK, RTL8712),
117 RSU_DEV_HT(REALTEK, RTL8713),
118 RSU_DEV_HT(SENAO, RTL8192SU_1),
119 RSU_DEV_HT(SENAO, RTL8192SU_2),
120 RSU_DEV_HT(SITECOMEU, WL349V1),
121 RSU_DEV_HT(SITECOMEU, WL353),
122 RSU_DEV_HT(SWEEX2, LW154),
127 static device_probe_t rsu_match;
128 static device_attach_t rsu_attach;
129 static device_detach_t rsu_detach;
130 static usb_callback_t rsu_bulk_tx_callback_be_bk;
131 static usb_callback_t rsu_bulk_tx_callback_vi_vo;
132 static usb_callback_t rsu_bulk_rx_callback;
133 static usb_error_t rsu_do_request(struct rsu_softc *,
134 struct usb_device_request *, void *);
135 static struct ieee80211vap *
136 rsu_vap_create(struct ieee80211com *, const char name[],
137 int, enum ieee80211_opmode, int, const uint8_t bssid[],
138 const uint8_t mac[]);
139 static void rsu_vap_delete(struct ieee80211vap *);
140 static void rsu_scan_start(struct ieee80211com *);
141 static void rsu_scan_end(struct ieee80211com *);
142 static void rsu_set_channel(struct ieee80211com *);
143 static void rsu_update_mcast(struct ifnet *);
144 static int rsu_alloc_rx_list(struct rsu_softc *);
145 static void rsu_free_rx_list(struct rsu_softc *);
146 static int rsu_alloc_tx_list(struct rsu_softc *);
147 static void rsu_free_tx_list(struct rsu_softc *);
148 static void rsu_free_list(struct rsu_softc *, struct rsu_data [], int);
149 static struct rsu_data *_rsu_getbuf(struct rsu_softc *);
150 static struct rsu_data *rsu_getbuf(struct rsu_softc *);
151 static int rsu_write_region_1(struct rsu_softc *, uint16_t, uint8_t *,
153 static void rsu_write_1(struct rsu_softc *, uint16_t, uint8_t);
154 static void rsu_write_2(struct rsu_softc *, uint16_t, uint16_t);
155 static void rsu_write_4(struct rsu_softc *, uint16_t, uint32_t);
156 static int rsu_read_region_1(struct rsu_softc *, uint16_t, uint8_t *,
158 static uint8_t rsu_read_1(struct rsu_softc *, uint16_t);
159 static uint16_t rsu_read_2(struct rsu_softc *, uint16_t);
160 static uint32_t rsu_read_4(struct rsu_softc *, uint16_t);
161 static int rsu_fw_iocmd(struct rsu_softc *, uint32_t);
162 static uint8_t rsu_efuse_read_1(struct rsu_softc *, uint16_t);
163 static int rsu_read_rom(struct rsu_softc *);
164 static int rsu_fw_cmd(struct rsu_softc *, uint8_t, void *, int);
165 static void rsu_calib_task(void *, int);
166 static int rsu_newstate(struct ieee80211vap *, enum ieee80211_state, int);
168 static void rsu_set_key(struct rsu_softc *, const struct ieee80211_key *);
169 static void rsu_delete_key(struct rsu_softc *, const struct ieee80211_key *);
171 static int rsu_site_survey(struct rsu_softc *, struct ieee80211vap *);
172 static int rsu_join_bss(struct rsu_softc *, struct ieee80211_node *);
173 static int rsu_disconnect(struct rsu_softc *);
174 static void rsu_event_survey(struct rsu_softc *, uint8_t *, int);
175 static void rsu_event_join_bss(struct rsu_softc *, uint8_t *, int);
176 static void rsu_rx_event(struct rsu_softc *, uint8_t, uint8_t *, int);
177 static void rsu_rx_multi_event(struct rsu_softc *, uint8_t *, int);
178 static int8_t rsu_get_rssi(struct rsu_softc *, int, void *);
180 rsu_rx_frame(struct rsu_softc *, uint8_t *, int, int *);
182 rsu_rx_multi_frame(struct rsu_softc *, uint8_t *, int, int *);
184 rsu_rxeof(struct usb_xfer *, struct rsu_data *, int *);
185 static void rsu_txeof(struct usb_xfer *, struct rsu_data *);
186 static int rsu_raw_xmit(struct ieee80211_node *, struct mbuf *,
187 const struct ieee80211_bpf_params *);
188 static void rsu_init(void *);
189 static void rsu_init_locked(struct rsu_softc *);
190 static int rsu_tx_start(struct rsu_softc *, struct ieee80211_node *,
191 struct mbuf *, struct rsu_data *);
192 static void rsu_start(struct ifnet *);
193 static void rsu_start_locked(struct ifnet *);
194 static int rsu_ioctl(struct ifnet *, u_long, caddr_t);
195 static void rsu_stop(struct ifnet *, int);
196 static void rsu_stop_locked(struct ifnet *, int);
197 static void rsu_ms_delay(struct rsu_softc *);
199 static device_method_t rsu_methods[] = {
200 DEVMETHOD(device_probe, rsu_match),
201 DEVMETHOD(device_attach, rsu_attach),
202 DEVMETHOD(device_detach, rsu_detach),
207 static driver_t rsu_driver = {
209 .methods = rsu_methods,
210 .size = sizeof(struct rsu_softc)
213 static devclass_t rsu_devclass;
215 DRIVER_MODULE(rsu, uhub, rsu_driver, rsu_devclass, NULL, 0);
216 MODULE_DEPEND(rsu, wlan, 1, 1, 1);
217 MODULE_DEPEND(rsu, usb, 1, 1, 1);
218 MODULE_DEPEND(rsu, firmware, 1, 1, 1);
219 MODULE_VERSION(rsu, 1);
221 static uint8_t rsu_wme_ac_xfer_map[4] = {
222 [WME_AC_BE] = RSU_BULK_TX_BE_BK,
223 [WME_AC_BK] = RSU_BULK_TX_BE_BK,
224 [WME_AC_VI] = RSU_BULK_TX_VI_VO,
225 [WME_AC_VO] = RSU_BULK_TX_VI_VO,
228 static const struct usb_config rsu_config[RSU_N_TRANSFER] = {
231 .endpoint = UE_ADDR_ANY,
232 .direction = UE_DIR_IN,
233 .bufsize = RSU_RXBUFSZ,
238 .callback = rsu_bulk_rx_callback
240 [RSU_BULK_TX_BE_BK] = {
243 .direction = UE_DIR_OUT,
244 .bufsize = RSU_TXBUFSZ,
248 .force_short_xfer = 1
250 .callback = rsu_bulk_tx_callback_be_bk,
251 .timeout = RSU_TX_TIMEOUT
253 [RSU_BULK_TX_VI_VO] = {
256 .direction = UE_DIR_OUT,
257 .bufsize = RSU_TXBUFSZ,
261 .force_short_xfer = 1
263 .callback = rsu_bulk_tx_callback_vi_vo,
264 .timeout = RSU_TX_TIMEOUT
269 rsu_match(device_t self)
271 struct usb_attach_arg *uaa = device_get_ivars(self);
273 if (uaa->usb_mode != USB_MODE_HOST ||
274 uaa->info.bIfaceIndex != 0 ||
275 uaa->info.bConfigIndex != 0)
278 return (usbd_lookup_id_by_uaa(rsu_devs, sizeof(rsu_devs), uaa));
282 rsu_attach(device_t self)
284 struct usb_attach_arg *uaa = device_get_ivars(self);
285 struct rsu_softc *sc = device_get_softc(self);
287 struct ieee80211com *ic;
289 uint8_t iface_index, bands;
291 device_set_usb_desc(self);
292 sc->sc_udev = uaa->device;
295 mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK,
297 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_task, 0,
300 /* Allocate Tx/Rx buffers. */
301 error = rsu_alloc_rx_list(sc);
303 device_printf(sc->sc_dev, "could not allocate Rx buffers\n");
307 error = rsu_alloc_tx_list(sc);
309 device_printf(sc->sc_dev, "could not allocate Tx buffers\n");
310 rsu_free_rx_list(sc);
315 error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer,
316 rsu_config, RSU_N_TRANSFER, sc, &sc->sc_mtx);
318 device_printf(sc->sc_dev,
319 "could not allocate USB transfers, err=%s\n",
324 /* Read chip revision. */
325 sc->cut = MS(rsu_read_4(sc, R92S_PMC_FSM), R92S_PMC_FSM_CUT);
327 sc->cut = (sc->cut >> 1) + 1;
328 error = rsu_read_rom(sc);
331 device_printf(self, "could not read ROM\n");
334 IEEE80211_ADDR_COPY(sc->sc_bssid, &sc->rom[0x12]);
335 device_printf(self, "MAC/BB RTL8712 cut %d\n", sc->cut);
336 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
338 device_printf(self, "cannot allocate interface\n");
343 if_initname(ifp, "rsu", device_get_unit(self));
344 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
345 ifp->if_init = rsu_init;
346 ifp->if_ioctl = rsu_ioctl;
347 ifp->if_start = rsu_start;
348 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
349 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
350 IFQ_SET_READY(&ifp->if_snd);
351 ifp->if_capabilities |= IFCAP_RXCSUM;
352 ifp->if_capenable |= IFCAP_RXCSUM;
353 ifp->if_hwassist = CSUM_TCP;
356 ic->ic_phytype = IEEE80211_T_OFDM; /* Not only, but not used. */
357 ic->ic_opmode = IEEE80211_M_STA; /* Default to BSS mode. */
359 /* Set device capabilities. */
361 IEEE80211_C_STA | /* station mode */
362 IEEE80211_C_BGSCAN | /* Background scan. */
363 IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */
364 IEEE80211_C_SHSLOT | /* Short slot time supported. */
365 IEEE80211_C_WPA; /* WPA/RSN. */
368 /* Check if HT support is present. */
369 if (usb_lookup(rsu_devs_noht, uaa->vendor, uaa->product) == NULL) {
370 /* Set HT capabilities. */
372 IEEE80211_HTCAP_CBW20_40 |
373 IEEE80211_HTCAP_DSSSCCK40;
374 /* Set supported HT rates. */
375 for (i = 0; i < 2; i++)
376 ic->ic_sup_mcs[i] = 0xff;
380 /* Set supported .11b and .11g rates. */
382 setbit(&bands, IEEE80211_MODE_11B);
383 setbit(&bands, IEEE80211_MODE_11G);
384 ieee80211_init_channels(ic, NULL, &bands);
386 ieee80211_ifattach(ic, sc->sc_bssid);
387 ic->ic_raw_xmit = rsu_raw_xmit;
388 ic->ic_scan_start = rsu_scan_start;
389 ic->ic_scan_end = rsu_scan_end;
390 ic->ic_set_channel = rsu_set_channel;
391 ic->ic_vap_create = rsu_vap_create;
392 ic->ic_vap_delete = rsu_vap_delete;
393 ic->ic_update_mcast = rsu_update_mcast;
395 ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr,
396 sizeof(sc->sc_txtap), RSU_TX_RADIOTAP_PRESENT,
397 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
398 RSU_RX_RADIOTAP_PRESENT);
401 ieee80211_announce(ic);
407 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER);
409 mtx_destroy(&sc->sc_mtx);
414 rsu_detach(device_t self)
416 struct rsu_softc *sc = device_get_softc(self);
417 struct ifnet *ifp = sc->sc_ifp;
418 struct ieee80211com *ic = ifp->if_l2com;
421 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER);
422 ieee80211_ifdetach(ic);
424 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
426 /* Free Tx/Rx buffers. */
427 rsu_free_tx_list(sc);
428 rsu_free_rx_list(sc);
431 mtx_destroy(&sc->sc_mtx);
437 rsu_do_request(struct rsu_softc *sc, struct usb_device_request *req,
443 RSU_ASSERT_LOCKED(sc);
446 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
447 req, data, 0, NULL, 250 /* ms */);
448 if (err == 0 || err == USB_ERR_NOT_CONFIGURED)
450 DPRINTFN(1, "Control request failed, %s (retrying)\n",
452 usb_pause_mtx(&sc->sc_mtx, hz / 100);
458 static struct ieee80211vap *
459 rsu_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
460 enum ieee80211_opmode opmode, int flags,
461 const uint8_t bssid[IEEE80211_ADDR_LEN],
462 const uint8_t mac[IEEE80211_ADDR_LEN])
465 struct ieee80211vap *vap;
467 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
470 uvp = (struct rsu_vap *) malloc(sizeof(struct rsu_vap),
471 M_80211_VAP, M_NOWAIT | M_ZERO);
476 if (ieee80211_vap_setup(ic, vap, name, unit, opmode,
477 flags, bssid, mac) != 0) {
479 free(uvp, M_80211_VAP);
483 /* override state transition machine */
484 uvp->newstate = vap->iv_newstate;
485 vap->iv_newstate = rsu_newstate;
488 ieee80211_vap_attach(vap, ieee80211_media_change,
489 ieee80211_media_status);
490 ic->ic_opmode = opmode;
496 rsu_vap_delete(struct ieee80211vap *vap)
498 struct rsu_vap *uvp = RSU_VAP(vap);
500 ieee80211_vap_detach(vap);
501 free(uvp, M_80211_VAP);
505 rsu_scan_start(struct ieee80211com *ic)
508 struct ifnet *ifp = ic->ic_ifp;
509 struct rsu_softc *sc = ifp->if_softc;
511 /* Scanning is done by the firmware. */
513 error = rsu_site_survey(sc, TAILQ_FIRST(&ic->ic_vaps));
516 device_printf(sc->sc_dev,
517 "could not send site survey command\n");
521 rsu_scan_end(struct ieee80211com *ic)
523 /* Nothing to do here. */
527 rsu_set_channel(struct ieee80211com *ic __unused)
529 /* We are unable to switch channels, yet. */
533 rsu_update_mcast(struct ifnet *ifp)
535 /* XXX do nothing? */
539 rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[],
540 int ndata, int maxsz)
544 for (i = 0; i < ndata; i++) {
545 struct rsu_data *dp = &data[i];
548 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT);
549 if (dp->buf == NULL) {
550 device_printf(sc->sc_dev,
551 "could not allocate buffer\n");
560 rsu_free_list(sc, data, ndata);
565 rsu_alloc_rx_list(struct rsu_softc *sc)
569 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT,
574 STAILQ_INIT(&sc->sc_rx_active);
575 STAILQ_INIT(&sc->sc_rx_inactive);
577 for (i = 0; i < RSU_RX_LIST_COUNT; i++)
578 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next);
584 rsu_alloc_tx_list(struct rsu_softc *sc)
588 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT,
593 STAILQ_INIT(&sc->sc_tx_inactive);
595 for (i = 0; i != RSU_N_TRANSFER; i++) {
596 STAILQ_INIT(&sc->sc_tx_active[i]);
597 STAILQ_INIT(&sc->sc_tx_pending[i]);
600 for (i = 0; i < RSU_TX_LIST_COUNT; i++) {
601 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next);
608 rsu_free_tx_list(struct rsu_softc *sc)
612 /* prevent further allocations from TX list(s) */
613 STAILQ_INIT(&sc->sc_tx_inactive);
615 for (i = 0; i != RSU_N_TRANSFER; i++) {
616 STAILQ_INIT(&sc->sc_tx_active[i]);
617 STAILQ_INIT(&sc->sc_tx_pending[i]);
620 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT);
624 rsu_free_rx_list(struct rsu_softc *sc)
626 /* prevent further allocations from RX list(s) */
627 STAILQ_INIT(&sc->sc_rx_inactive);
628 STAILQ_INIT(&sc->sc_rx_active);
630 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT);
634 rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata)
638 for (i = 0; i < ndata; i++) {
639 struct rsu_data *dp = &data[i];
641 if (dp->buf != NULL) {
642 free(dp->buf, M_USBDEV);
645 if (dp->ni != NULL) {
646 ieee80211_free_node(dp->ni);
652 static struct rsu_data *
653 _rsu_getbuf(struct rsu_softc *sc)
657 bf = STAILQ_FIRST(&sc->sc_tx_inactive);
659 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next);
663 DPRINTF("out of xmit buffers\n");
667 static struct rsu_data *
668 rsu_getbuf(struct rsu_softc *sc)
672 RSU_ASSERT_LOCKED(sc);
674 bf = _rsu_getbuf(sc);
676 struct ifnet *ifp = sc->sc_ifp;
677 DPRINTF("stop queue\n");
678 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
684 rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
687 usb_device_request_t req;
689 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
690 req.bRequest = R92S_REQ_REGS;
691 USETW(req.wValue, addr);
692 USETW(req.wIndex, 0);
693 USETW(req.wLength, len);
695 return (rsu_do_request(sc, &req, buf));
699 rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val)
701 rsu_write_region_1(sc, addr, &val, 1);
705 rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val)
708 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2);
712 rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val)
715 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4);
719 rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
722 usb_device_request_t req;
724 req.bmRequestType = UT_READ_VENDOR_DEVICE;
725 req.bRequest = R92S_REQ_REGS;
726 USETW(req.wValue, addr);
727 USETW(req.wIndex, 0);
728 USETW(req.wLength, len);
730 return (rsu_do_request(sc, &req, buf));
734 rsu_read_1(struct rsu_softc *sc, uint16_t addr)
738 if (rsu_read_region_1(sc, addr, &val, 1) != 0)
744 rsu_read_2(struct rsu_softc *sc, uint16_t addr)
748 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0)
750 return (le16toh(val));
754 rsu_read_4(struct rsu_softc *sc, uint16_t addr)
758 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0)
760 return (le32toh(val));
764 rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd)
768 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd);
770 for (ntries = 0; ntries < 50; ntries++) {
771 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0)
779 rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr)
784 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
785 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr);
786 reg &= ~R92S_EFUSE_CTRL_VALID;
787 rsu_write_4(sc, R92S_EFUSE_CTRL, reg);
788 /* Wait for read operation to complete. */
789 for (ntries = 0; ntries < 100; ntries++) {
790 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
791 if (reg & R92S_EFUSE_CTRL_VALID)
792 return (MS(reg, R92S_EFUSE_CTRL_DATA));
795 device_printf(sc->sc_dev,
796 "could not read efuse byte at address 0x%x\n", addr);
801 rsu_read_rom(struct rsu_softc *sc)
803 uint8_t *rom = sc->rom;
809 /* Make sure that ROM type is eFuse and that autoload succeeded. */
810 reg = rsu_read_1(sc, R92S_EE_9346CR);
811 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN)
814 /* Turn on 2.5V to prevent eFuse leakage. */
815 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3);
816 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80);
818 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80);
820 /* Read full ROM image. */
821 memset(&sc->rom, 0xff, sizeof(sc->rom));
823 reg = rsu_efuse_read_1(sc, addr);
829 for (i = 0; i < 4; i++) {
832 rom[off * 8 + i * 2 + 0] =
833 rsu_efuse_read_1(sc, addr);
835 rom[off * 8 + i * 2 + 1] =
836 rsu_efuse_read_1(sc, addr);
841 if (rsu_debug >= 5) {
842 /* Dump ROM content. */
844 for (i = 0; i < sizeof(sc->rom); i++)
845 printf("%02x:", rom[i]);
853 rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len)
855 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO];
856 struct rsu_data *data;
857 struct r92s_tx_desc *txd;
858 struct r92s_fw_cmd_hdr *cmd;
862 data = rsu_getbuf(sc);
866 /* Round-up command length to a multiple of 8 bytes. */
867 cmdsz = (len + 7) & ~7;
869 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz;
870 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__));
871 memset(data->buf, 0, xferlen);
873 /* Setup Tx descriptor. */
874 txd = (struct r92s_tx_desc *)data->buf;
875 txd->txdw0 = htole32(
876 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
877 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) |
878 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
879 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C));
881 /* Setup command header. */
882 cmd = (struct r92s_fw_cmd_hdr *)&txd[1];
883 cmd->len = htole16(cmdsz);
885 cmd->seq = sc->cmd_seq;
886 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f;
888 /* Copy command payload. */
889 memcpy(&cmd[1], buf, len);
891 DPRINTFN(2, "Tx cmd code=0x%x len=0x%x\n", code, cmdsz);
892 data->buflen = xferlen;
893 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
894 usbd_transfer_start(sc->sc_xfer[which]);
901 rsu_calib_task(void *arg, int pending __unused)
903 struct rsu_softc *sc = arg;
906 DPRINTFN(6, "running calibration task\n");
910 /* Read WPS PBC status. */
911 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL,
912 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG));
913 rsu_write_1(sc, R92S_GPIO_IO_SEL,
914 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS);
915 reg = rsu_read_1(sc, R92S_GPIO_CTRL);
916 if (reg != 0xff && (reg & R92S_GPIO_WPS))
917 DPRINTF(("WPS PBC is pushed\n"));
919 /* Read current signal level. */
920 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) {
921 reg = rsu_read_4(sc, R92S_IOCMD_DATA);
922 DPRINTFN(8, "RSSI=%d%%\n", reg >> 4);
924 if (sc->sc_calibrating)
925 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz);
930 rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
932 struct rsu_vap *uvp = RSU_VAP(vap);
933 struct ieee80211com *ic = vap->iv_ic;
934 struct rsu_softc *sc = ic->ic_ifp->if_softc;
935 struct ieee80211_node *ni;
936 struct ieee80211_rateset *rs;
937 enum ieee80211_state ostate;
938 int error, startcal = 0;
940 ostate = vap->iv_state;
941 DPRINTF("%s -> %s\n", ieee80211_state_name[ostate],
942 ieee80211_state_name[nstate]);
944 IEEE80211_UNLOCK(ic);
945 if (ostate == IEEE80211_S_RUN) {
947 /* Stop calibration. */
948 sc->sc_calibrating = 0;
950 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
951 /* Disassociate from our current BSS. */
957 case IEEE80211_S_INIT:
959 case IEEE80211_S_AUTH:
960 ni = ieee80211_ref_node(vap->iv_bss);
961 error = rsu_join_bss(sc, ni);
962 ieee80211_free_node(ni);
964 device_printf(sc->sc_dev,
965 "could not send join command\n");
968 case IEEE80211_S_RUN:
969 ni = ieee80211_ref_node(vap->iv_bss);
971 /* Indicate highest supported rate. */
972 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1];
973 ieee80211_free_node(ni);
979 sc->sc_calibrating = 1;
980 /* Start periodic calibration. */
981 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz);
984 return (uvp->newstate(vap, nstate, arg));
989 rsu_set_key(struct rsu_softc *sc, const struct ieee80211_key *k)
991 struct r92s_fw_cmd_set_key key;
993 memset(&key, 0, sizeof(key));
994 /* Map net80211 cipher to HW crypto algorithm. */
995 switch (k->wk_cipher->ic_cipher) {
996 case IEEE80211_CIPHER_WEP:
997 if (k->wk_keylen < 8)
998 key.algo = R92S_KEY_ALGO_WEP40;
1000 key.algo = R92S_KEY_ALGO_WEP104;
1002 case IEEE80211_CIPHER_TKIP:
1003 key.algo = R92S_KEY_ALGO_TKIP;
1005 case IEEE80211_CIPHER_AES_CCM:
1006 key.algo = R92S_KEY_ALGO_AES;
1011 key.id = k->wk_keyix;
1012 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0;
1013 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key)));
1014 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1018 rsu_delete_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1020 struct r92s_fw_cmd_set_key key;
1022 memset(&key, 0, sizeof(key));
1023 key.id = k->wk_keyix;
1024 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1029 rsu_site_survey(struct rsu_softc *sc, struct ieee80211vap *vap)
1031 struct r92s_fw_cmd_sitesurvey cmd;
1032 struct ifnet *ifp = sc->sc_ifp;
1033 struct ieee80211com *ic = ifp->if_l2com;
1035 memset(&cmd, 0, sizeof(cmd));
1036 if ((ic->ic_flags & IEEE80211_F_ASCAN) || sc->scan_pass == 1)
1037 cmd.active = htole32(1);
1038 cmd.limit = htole32(48);
1039 if (sc->scan_pass == 1 && vap->iv_des_nssid > 0) {
1040 /* Do a directed scan for second pass. */
1041 cmd.ssidlen = htole32(vap->iv_des_ssid[0].len);
1042 memcpy(cmd.ssid, vap->iv_des_ssid[0].ssid,
1043 vap->iv_des_ssid[0].len);
1046 DPRINTF("sending site survey command, pass=%d\n", sc->scan_pass);
1047 return (rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd)));
1051 rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni)
1053 struct ifnet *ifp = sc->sc_ifp;
1054 struct ieee80211com *ic = ifp->if_l2com;
1055 struct ieee80211vap *vap = ni->ni_vap;
1056 struct ndis_wlan_bssid_ex *bss;
1057 struct ndis_802_11_fixed_ies *fixed;
1058 struct r92s_fw_cmd_auth auth;
1059 uint8_t buf[sizeof(*bss) + 128] __aligned(4);
1064 /* Let the FW decide the opmode based on the capinfo field. */
1065 opmode = NDIS802_11AUTOUNKNOWN;
1066 DPRINTF("setting operating mode to %d\n", opmode);
1067 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode));
1071 memset(&auth, 0, sizeof(auth));
1072 if (vap->iv_flags & IEEE80211_F_WPA) {
1073 auth.mode = R92S_AUTHMODE_WPA;
1074 auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X);
1076 auth.mode = R92S_AUTHMODE_OPEN;
1077 DPRINTF("setting auth mode to %d\n", auth.mode);
1078 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth));
1082 memset(buf, 0, sizeof(buf));
1083 bss = (struct ndis_wlan_bssid_ex *)buf;
1084 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid);
1085 bss->ssid.ssidlen = htole32(ni->ni_esslen);
1086 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen);
1087 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA))
1088 bss->privacy = htole32(1);
1089 bss->rssi = htole32(ni->ni_avgrssi);
1090 if (ic->ic_curmode == IEEE80211_MODE_11B)
1091 bss->networktype = htole32(NDIS802_11DS);
1093 bss->networktype = htole32(NDIS802_11OFDM24);
1094 bss->config.len = htole32(sizeof(bss->config));
1095 bss->config.bintval = htole32(ni->ni_intval);
1096 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan));
1097 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE);
1098 memcpy(bss->supprates, ni->ni_rates.rs_rates,
1099 ni->ni_rates.rs_nrates);
1100 /* Write the fixed fields of the beacon frame. */
1101 fixed = (struct ndis_802_11_fixed_ies *)&bss[1];
1102 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8);
1103 fixed->bintval = htole16(ni->ni_intval);
1104 fixed->capabilities = htole16(ni->ni_capinfo);
1105 /* Write IEs to be included in the association request. */
1106 frm = (uint8_t *)&fixed[1];
1107 frm = ieee80211_add_rsn(frm, vap);
1108 frm = ieee80211_add_wpa(frm, vap);
1109 frm = ieee80211_add_qos(frm, ni);
1110 if (ni->ni_flags & IEEE80211_NODE_HT)
1111 frm = ieee80211_add_htcap(frm, ni);
1112 bss->ieslen = htole32(frm - (uint8_t *)fixed);
1113 bss->len = htole32(((frm - buf) + 3) & ~3);
1114 DPRINTF("sending join bss command to %s chan %d\n",
1115 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig));
1116 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf)));
1120 rsu_disconnect(struct rsu_softc *sc)
1122 uint32_t zero = 0; /* :-) */
1124 /* Disassociate from our current BSS. */
1125 DPRINTF("sending disconnect command\n");
1126 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero)));
1130 rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len)
1132 struct ifnet *ifp = sc->sc_ifp;
1133 struct ieee80211com *ic = ifp->if_l2com;
1134 struct ieee80211_frame *wh;
1135 struct ieee80211_channel *c;
1136 struct ndis_wlan_bssid_ex *bss;
1140 if (__predict_false(len < sizeof(*bss)))
1142 bss = (struct ndis_wlan_bssid_ex *)buf;
1143 if (__predict_false(len < sizeof(*bss) + le32toh(bss->ieslen)))
1146 DPRINTFN(2, "found BSS %s: len=%d chan=%d inframode=%d "
1147 "networktype=%d privacy=%d\n",
1148 ether_sprintf(bss->macaddr), le32toh(bss->len),
1149 le32toh(bss->config.dsconfig), le32toh(bss->inframode),
1150 le32toh(bss->networktype), le32toh(bss->privacy));
1152 /* Build a fake beacon frame to let net80211 do all the parsing. */
1153 pktlen = sizeof(*wh) + le32toh(bss->ieslen);
1154 if (__predict_false(pktlen > MCLBYTES))
1156 MGETHDR(m, M_NOWAIT, MT_DATA);
1157 if (__predict_false(m == NULL))
1159 if (pktlen > MHLEN) {
1160 MCLGET(m, M_NOWAIT);
1161 if (!(m->m_flags & M_EXT)) {
1166 wh = mtod(m, struct ieee80211_frame *);
1167 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
1168 IEEE80211_FC0_SUBTYPE_BEACON;
1169 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1170 USETW(wh->i_dur, 0);
1171 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
1172 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr);
1173 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr);
1174 *(uint16_t *)wh->i_seq = 0;
1175 memcpy(&wh[1], (uint8_t *)&bss[1], le32toh(bss->ieslen));
1177 /* Finalize mbuf. */
1178 m->m_pkthdr.len = m->m_len = pktlen;
1179 m->m_pkthdr.rcvif = ifp;
1180 /* Fix the channel. */
1181 c = ieee80211_find_channel_byieee(ic,
1182 le32toh(bss->config.dsconfig),
1186 ieee80211_radiotap_chan_change(ic);
1188 /* XXX avoid a LOR */
1190 ieee80211_input_all(ic, m, le32toh(bss->rssi), 0);
1195 rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len)
1197 struct ifnet *ifp = sc->sc_ifp;
1198 struct ieee80211com *ic = ifp->if_l2com;
1199 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1200 struct ieee80211_node *ni = vap->iv_bss;
1201 struct r92s_event_join_bss *rsp;
1205 if (__predict_false(len < sizeof(*rsp)))
1207 rsp = (struct r92s_event_join_bss *)buf;
1208 res = (int)le32toh(rsp->join_res);
1210 DPRINTF("Rx join BSS event len=%d res=%d\n", len, res);
1213 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1217 tmp = le32toh(rsp->associd);
1218 if (tmp >= vap->iv_max_aid) {
1219 DPRINTF("Assoc ID overflow\n");
1222 DPRINTF("associated with %s associd=%d\n",
1223 ether_sprintf(rsp->bss.macaddr), tmp);
1224 ni->ni_associd = tmp | 0xc000;
1226 ieee80211_new_state(vap, IEEE80211_S_RUN,
1227 IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1232 rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len)
1234 struct ifnet *ifp = sc->sc_ifp;
1235 struct ieee80211com *ic = ifp->if_l2com;
1236 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1238 DPRINTFN(4, "Rx event code=%d len=%d\n", code, len);
1240 case R92S_EVT_SURVEY:
1241 if (vap->iv_state == IEEE80211_S_SCAN)
1242 rsu_event_survey(sc, buf, len);
1244 case R92S_EVT_SURVEY_DONE:
1245 DPRINTF("site survey pass %d done, found %d BSS\n",
1246 sc->scan_pass, le32toh(*(uint32_t *)buf));
1247 if (vap->iv_state != IEEE80211_S_SCAN)
1248 break; /* Ignore if not scanning. */
1249 if (sc->scan_pass == 0 && vap->iv_des_nssid != 0) {
1250 /* Schedule a directed scan for hidden APs. */
1253 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1259 case R92S_EVT_JOIN_BSS:
1260 if (vap->iv_state == IEEE80211_S_AUTH)
1261 rsu_event_join_bss(sc, buf, len);
1264 XXX This event is occurring regularly, possibly due to some power saving event
1265 XXX and disrupts the WLAN traffic. Disable for now.
1266 case R92S_EVT_DEL_STA:
1267 DPRINTF("disassociated from %s\n", ether_sprintf(buf));
1268 if (vap->iv_state == IEEE80211_S_RUN &&
1269 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) {
1271 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1276 case R92S_EVT_WPS_PBC:
1277 DPRINTF("WPS PBC pushed.\n");
1279 case R92S_EVT_FWDBG:
1280 if (ifp->if_flags & IFF_DEBUG) {
1282 printf("FWDBG: %s\n", (char *)buf);
1291 rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len)
1293 struct r92s_fw_cmd_hdr *cmd;
1296 DPRINTFN(6, "Rx events len=%d\n", len);
1298 /* Skip Rx status. */
1299 buf += sizeof(struct r92s_rx_stat);
1300 len -= sizeof(struct r92s_rx_stat);
1302 /* Process all events. */
1304 /* Check that command header fits. */
1305 if (__predict_false(len < sizeof(*cmd)))
1307 cmd = (struct r92s_fw_cmd_hdr *)buf;
1308 /* Check that command payload fits. */
1309 cmdsz = le16toh(cmd->len);
1310 if (__predict_false(len < sizeof(*cmd) + cmdsz))
1313 /* Process firmware event. */
1314 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz);
1316 if (!(cmd->seq & R92S_FW_CMD_MORE))
1318 buf += sizeof(*cmd) + cmdsz;
1319 len -= sizeof(*cmd) + cmdsz;
1324 rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt)
1326 static const int8_t cckoff[] = { 14, -2, -20, -40 };
1327 struct r92s_rx_phystat *phy;
1328 struct r92s_rx_cck *cck;
1333 cck = (struct r92s_rx_cck *)physt;
1334 rpt = (cck->agc_rpt >> 6) & 0x3;
1335 rssi = cck->agc_rpt & 0x3e;
1336 rssi = cckoff[rpt] - rssi;
1337 } else { /* OFDM/HT. */
1338 phy = (struct r92s_rx_phystat *)physt;
1339 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106;
1344 static struct mbuf *
1345 rsu_rx_frame(struct rsu_softc *sc, uint8_t *buf, int pktlen, int *rssi)
1347 struct ifnet *ifp = sc->sc_ifp;
1348 struct ieee80211com *ic = ifp->if_l2com;
1349 struct ieee80211_frame *wh;
1350 struct r92s_rx_stat *stat;
1351 uint32_t rxdw0, rxdw3;
1356 stat = (struct r92s_rx_stat *)buf;
1357 rxdw0 = le32toh(stat->rxdw0);
1358 rxdw3 = le32toh(stat->rxdw3);
1360 if (__predict_false(rxdw0 & R92S_RXDW0_CRCERR)) {
1364 if (__predict_false(pktlen < sizeof(*wh) || pktlen > MCLBYTES)) {
1369 rate = MS(rxdw3, R92S_RXDW3_RATE);
1370 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1372 /* Get RSSI from PHY status descriptor if present. */
1374 *rssi = rsu_get_rssi(sc, rate, &stat[1]);
1378 DPRINTFN(5, "Rx frame len=%d rate=%d infosz=%d rssi=%d\n",
1379 pktlen, rate, infosz, *rssi);
1381 MGETHDR(m, M_NOWAIT, MT_DATA);
1382 if (__predict_false(m == NULL)) {
1386 if (pktlen > MHLEN) {
1387 MCLGET(m, M_NOWAIT);
1388 if (__predict_false(!(m->m_flags & M_EXT))) {
1394 /* Finalize mbuf. */
1395 m->m_pkthdr.rcvif = ifp;
1396 /* Hardware does Rx TCP checksum offload. */
1397 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) {
1398 if (__predict_true(rxdw3 & R92S_RXDW3_TCPCHKRPT))
1399 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID;
1401 wh = (struct ieee80211_frame *)((uint8_t *)&stat[1] + infosz);
1402 memcpy(mtod(m, uint8_t *), wh, pktlen);
1403 m->m_pkthdr.len = m->m_len = pktlen;
1405 if (ieee80211_radiotap_active(ic)) {
1406 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap;
1408 /* Map HW rate index to 802.11 rate. */
1410 if (!(rxdw3 & R92S_RXDW3_HTC)) {
1413 case 0: tap->wr_rate = 2; break;
1414 case 1: tap->wr_rate = 4; break;
1415 case 2: tap->wr_rate = 11; break;
1416 case 3: tap->wr_rate = 22; break;
1418 case 4: tap->wr_rate = 12; break;
1419 case 5: tap->wr_rate = 18; break;
1420 case 6: tap->wr_rate = 24; break;
1421 case 7: tap->wr_rate = 36; break;
1422 case 8: tap->wr_rate = 48; break;
1423 case 9: tap->wr_rate = 72; break;
1424 case 10: tap->wr_rate = 96; break;
1425 case 11: tap->wr_rate = 108; break;
1427 } else if (rate >= 12) { /* MCS0~15. */
1428 /* Bit 7 set means HT MCS instead of rate. */
1429 tap->wr_rate = 0x80 | (rate - 12);
1431 tap->wr_dbm_antsignal = *rssi;
1432 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
1433 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
1439 static struct mbuf *
1440 rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len, int *rssi)
1442 struct r92s_rx_stat *stat;
1444 int totlen, pktlen, infosz, npkts;
1445 struct mbuf *m, *m0 = NULL, *prevm = NULL;
1447 /* Get the number of encapsulated frames. */
1448 stat = (struct r92s_rx_stat *)buf;
1449 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT);
1450 DPRINTFN(6, "Rx %d frames in one chunk\n", npkts);
1452 /* Process all of them. */
1453 while (npkts-- > 0) {
1454 if (__predict_false(len < sizeof(*stat)))
1456 stat = (struct r92s_rx_stat *)buf;
1457 rxdw0 = le32toh(stat->rxdw0);
1459 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN);
1460 if (__predict_false(pktlen == 0))
1463 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1465 /* Make sure everything fits in xfer. */
1466 totlen = sizeof(*stat) + infosz + pktlen;
1467 if (__predict_false(totlen > len))
1470 /* Process 802.11 frame. */
1471 m = rsu_rx_frame(sc, buf, pktlen, rssi);
1480 /* Next chunk is 128-byte aligned. */
1481 totlen = (totlen + 127) & ~127;
1489 static struct mbuf *
1490 rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data, int *rssi)
1492 struct rsu_softc *sc = data->sc;
1493 struct r92s_rx_stat *stat;
1496 usbd_xfer_status(xfer, &len, NULL, NULL, NULL);
1498 if (__predict_false(len < sizeof(*stat))) {
1499 DPRINTF("xfer too short %d\n", len);
1500 sc->sc_ifp->if_ierrors++;
1503 /* Determine if it is a firmware C2H event or an 802.11 frame. */
1504 stat = (struct r92s_rx_stat *)data->buf;
1505 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) {
1506 rsu_rx_multi_event(sc, data->buf, len);
1507 /* No packets to process. */
1510 return (rsu_rx_multi_frame(sc, data->buf, len, rssi));
1514 rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
1516 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1517 struct ifnet *ifp = sc->sc_ifp;
1518 struct ieee80211com *ic = ifp->if_l2com;
1519 struct ieee80211_frame *wh;
1520 struct ieee80211_node *ni;
1521 struct mbuf *m = NULL, *next;
1522 struct rsu_data *data;
1525 RSU_ASSERT_LOCKED(sc);
1527 switch (USB_GET_STATE(xfer)) {
1528 case USB_ST_TRANSFERRED:
1529 data = STAILQ_FIRST(&sc->sc_rx_active);
1532 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1533 m = rsu_rxeof(xfer, data, &rssi);
1534 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1538 data = STAILQ_FIRST(&sc->sc_rx_inactive);
1540 KASSERT(m == NULL, ("mbuf isn't NULL"));
1543 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next);
1544 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next);
1545 usbd_xfer_set_frame_data(xfer, 0, data->buf,
1546 usbd_xfer_max_len(xfer));
1547 usbd_transfer_submit(xfer);
1549 * To avoid LOR we should unlock our private mutex here to call
1550 * ieee80211_input() because here is at the end of a USB
1551 * callback and safe to unlock.
1557 wh = mtod(m, struct ieee80211_frame *);
1558 ni = ieee80211_find_rxnode(ic,
1559 (struct ieee80211_frame_min *)wh);
1561 (void)ieee80211_input(ni, m, rssi, 0);
1562 ieee80211_free_node(ni);
1564 (void)ieee80211_input_all(ic, m, rssi, 0);
1570 /* needs it to the inactive queue due to a error. */
1571 data = STAILQ_FIRST(&sc->sc_rx_active);
1573 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1574 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1576 if (error != USB_ERR_CANCELLED) {
1577 usbd_xfer_set_stall(xfer);
1588 rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data)
1590 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1591 struct ifnet *ifp = sc->sc_ifp;
1594 RSU_ASSERT_LOCKED(sc);
1597 * Do any tx complete callback. Note this must be done before releasing
1598 * the node reference.
1602 if (m->m_flags & M_TXCB) {
1604 ieee80211_process_callback(data->ni, m, 0);
1610 ieee80211_free_node(data->ni);
1614 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
1618 rsu_bulk_tx_callback_sub(struct usb_xfer *xfer, usb_error_t error,
1621 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1622 struct ifnet *ifp = sc->sc_ifp;
1623 struct rsu_data *data;
1625 RSU_ASSERT_LOCKED(sc);
1627 switch (USB_GET_STATE(xfer)) {
1628 case USB_ST_TRANSFERRED:
1629 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
1632 DPRINTF("transfer done %p\n", data);
1633 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
1634 rsu_txeof(xfer, data);
1635 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, data, next);
1639 data = STAILQ_FIRST(&sc->sc_tx_pending[which]);
1641 DPRINTF("empty pending queue sc %p\n", sc);
1644 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next);
1645 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next);
1646 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen);
1647 DPRINTF("submitting transfer %p\n", data);
1648 usbd_transfer_submit(xfer);
1651 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
1653 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
1654 rsu_txeof(xfer, data);
1655 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, data, next);
1659 if (error != USB_ERR_CANCELLED) {
1660 usbd_xfer_set_stall(xfer);
1668 rsu_bulk_tx_callback_be_bk(struct usb_xfer *xfer, usb_error_t error)
1670 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_BE_BK);
1674 rsu_bulk_tx_callback_vi_vo(struct usb_xfer *xfer, usb_error_t error)
1676 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_VI_VO);
1680 rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni,
1681 struct mbuf *m0, struct rsu_data *data)
1683 struct ifnet *ifp = sc->sc_ifp;
1684 struct ieee80211com *ic = ifp->if_l2com;
1685 struct ieee80211vap *vap = ni->ni_vap;
1686 struct ieee80211_frame *wh;
1687 struct ieee80211_key *k = NULL;
1688 struct r92s_tx_desc *txd;
1695 RSU_ASSERT_LOCKED(sc);
1697 wh = mtod(m0, struct ieee80211_frame *);
1698 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1700 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
1701 k = ieee80211_crypto_encap(ni, m0);
1703 device_printf(sc->sc_dev,
1704 "ieee80211_crypto_encap returns NULL.\n");
1705 /* XXX we don't expect the fragmented frames */
1709 wh = mtod(m0, struct ieee80211_frame *);
1712 case IEEE80211_FC0_TYPE_CTL:
1713 case IEEE80211_FC0_TYPE_MGT:
1714 which = rsu_wme_ac_xfer_map[WME_AC_VO];
1717 which = rsu_wme_ac_xfer_map[M_WME_GETAC(m0)];
1722 /* Fill Tx descriptor. */
1723 txd = (struct r92s_tx_desc *)data->buf;
1724 memset(txd, 0, sizeof(*txd));
1726 txd->txdw0 |= htole32(
1727 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) |
1728 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
1729 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
1731 txd->txdw1 |= htole32(
1732 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) |
1733 SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_BE));
1735 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS);
1738 switch (k->wk_cipher->ic_cipher) {
1739 case IEEE80211_CIPHER_WEP:
1740 cipher = R92S_TXDW1_CIPHER_WEP;
1742 case IEEE80211_CIPHER_TKIP:
1743 cipher = R92S_TXDW1_CIPHER_TKIP;
1745 case IEEE80211_CIPHER_AES_CCM:
1746 cipher = R92S_TXDW1_CIPHER_AES;
1749 cipher = R92S_TXDW1_CIPHER_NONE;
1751 txd->txdw1 |= htole32(
1752 SM(R92S_TXDW1_CIPHER, cipher) |
1753 SM(R92S_TXDW1_KEYIDX, k->k_id));
1756 txd->txdw2 |= htole32(R92S_TXDW2_BK);
1757 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
1758 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST);
1760 * Firmware will use and increment the sequence number for the
1763 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, tid));
1765 if (ieee80211_radiotap_active_vap(vap)) {
1766 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap;
1769 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
1770 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
1771 ieee80211_radiotap_tx(vap, m0);
1773 xferlen = sizeof(*txd) + m0->m_pkthdr.len;
1774 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]);
1776 data->buflen = xferlen;
1779 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
1781 /* start transfer, if any */
1782 usbd_transfer_start(sc->sc_xfer[which]);
1787 rsu_start(struct ifnet *ifp)
1789 struct rsu_softc *sc = ifp->if_softc;
1791 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1795 rsu_start_locked(ifp);
1800 rsu_start_locked(struct ifnet *ifp)
1802 struct rsu_softc *sc = ifp->if_softc;
1803 struct ieee80211_node *ni;
1804 struct rsu_data *bf;
1807 RSU_ASSERT_LOCKED(sc);
1810 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
1813 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
1814 m->m_pkthdr.rcvif = NULL;
1816 bf = rsu_getbuf(sc);
1820 ieee80211_free_node(ni);
1821 } else if (rsu_tx_start(sc, ni, m, bf) != 0) {
1823 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next);
1824 ieee80211_free_node(ni);
1830 rsu_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1832 struct ieee80211com *ic = ifp->if_l2com;
1833 struct ifreq *ifr = (struct ifreq *) data;
1834 int error = 0, startall = 0;
1838 if (ifp->if_flags & IFF_UP) {
1839 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1840 rsu_init(ifp->if_softc);
1844 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1848 ieee80211_start_all(ic);
1851 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
1854 error = ether_ioctl(ifp, cmd, data);
1865 * Power on sequence for A-cut adapters.
1868 rsu_power_on_acut(struct rsu_softc *sc)
1872 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
1873 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
1875 /* Enable AFE macro block's bandgap and Mbias. */
1876 rsu_write_1(sc, R92S_AFE_MISC,
1877 rsu_read_1(sc, R92S_AFE_MISC) |
1878 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN);
1879 /* Enable LDOA15 block. */
1880 rsu_write_1(sc, R92S_LDOA15_CTRL,
1881 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
1883 rsu_write_1(sc, R92S_SPS1_CTRL,
1884 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN);
1885 usb_pause_mtx(&sc->sc_mtx, 2 * hz);
1886 /* Enable switch regulator block. */
1887 rsu_write_1(sc, R92S_SPS1_CTRL,
1888 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN);
1890 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267);
1892 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1893 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
1895 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1896 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
1898 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1899 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90);
1901 /* Enable AFE clock. */
1902 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
1903 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
1904 /* Enable AFE PLL macro block. */
1905 rsu_write_1(sc, R92S_AFE_PLL_CTRL,
1906 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11);
1907 /* Attach AFE PLL to MACTOP/BB. */
1908 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
1909 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
1911 /* Switch to 40MHz clock instead of 80MHz. */
1912 rsu_write_2(sc, R92S_SYS_CLKR,
1913 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL);
1915 /* Enable MAC clock. */
1916 rsu_write_2(sc, R92S_SYS_CLKR,
1917 rsu_read_2(sc, R92S_SYS_CLKR) |
1918 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
1920 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
1922 /* Enable digital core and IOREG R/W. */
1923 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1924 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
1926 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1927 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
1929 /* Switch the control path to firmware. */
1930 reg = rsu_read_2(sc, R92S_SYS_CLKR);
1931 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
1932 rsu_write_2(sc, R92S_SYS_CLKR, reg);
1934 rsu_write_2(sc, R92S_CR, 0x37fc);
1936 /* Fix USB RX FIFO issue. */
1937 rsu_write_1(sc, 0xfe5c,
1938 rsu_read_1(sc, 0xfe5c) | 0x80);
1939 rsu_write_1(sc, 0x00ab,
1940 rsu_read_1(sc, 0x00ab) | 0xc0);
1942 rsu_write_1(sc, R92S_SYS_CLKR,
1943 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
1947 * Power on sequence for B-cut and C-cut adapters.
1950 rsu_power_on_bcut(struct rsu_softc *sc)
1955 /* Prevent eFuse leakage. */
1956 rsu_write_1(sc, 0x37, 0xb0);
1957 usb_pause_mtx(&sc->sc_mtx, hz / 100);
1958 rsu_write_1(sc, 0x37, 0x30);
1960 /* Switch the control path to hardware. */
1961 reg = rsu_read_2(sc, R92S_SYS_CLKR);
1962 if (reg & R92S_FWHW_SEL) {
1963 rsu_write_2(sc, R92S_SYS_CLKR,
1964 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL));
1966 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1967 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c);
1970 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
1971 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
1973 reg = rsu_read_1(sc, R92S_AFE_MISC);
1974 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN);
1975 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN |
1976 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN);
1979 rsu_write_1(sc, R92S_LDOA15_CTRL,
1980 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
1982 rsu_write_1(sc, R92S_LDOV12D_CTRL,
1983 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN);
1985 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1986 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
1988 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
1989 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
1991 /* Support 64KB IMEM. */
1992 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
1993 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97);
1995 /* Enable AFE clock. */
1996 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
1997 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
1998 /* Enable AFE PLL macro block. */
1999 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL);
2000 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2002 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51);
2004 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2007 /* Attach AFE PLL to MACTOP/BB. */
2008 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
2009 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
2011 /* Switch to 40MHz clock. */
2012 rsu_write_1(sc, R92S_SYS_CLKR, 0x00);
2013 /* Disable CPU clock and 80MHz SSC. */
2014 rsu_write_1(sc, R92S_SYS_CLKR,
2015 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0);
2016 /* Enable MAC clock. */
2017 rsu_write_2(sc, R92S_SYS_CLKR,
2018 rsu_read_2(sc, R92S_SYS_CLKR) |
2019 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2021 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2023 /* Enable digital core and IOREG R/W. */
2024 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2025 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2027 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2028 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2030 /* Switch the control path to firmware. */
2031 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2032 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2033 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2035 rsu_write_2(sc, R92S_CR, 0x37fc);
2037 /* Fix USB RX FIFO issue. */
2038 rsu_write_1(sc, 0xfe5c,
2039 rsu_read_1(sc, 0xfe5c) | 0x80);
2041 rsu_write_1(sc, R92S_SYS_CLKR,
2042 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2044 rsu_write_1(sc, 0xfe1c, 0x80);
2046 /* Make sure TxDMA is ready to download firmware. */
2047 for (ntries = 0; ntries < 20; ntries++) {
2048 reg = rsu_read_1(sc, R92S_TCR);
2049 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) ==
2050 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT))
2055 DPRINTF("TxDMA is not ready\n");
2057 reg = rsu_read_1(sc, R92S_CR);
2058 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN);
2060 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN);
2065 rsu_power_off(struct rsu_softc *sc)
2068 rsu_write_1(sc, R92S_RF_CTRL, 0x00);
2069 usb_pause_mtx(&sc->sc_mtx, hz / 200);
2072 /* Switch control path. */
2073 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38);
2075 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70);
2076 rsu_write_1(sc, R92S_PMC_FSM, 0x06);
2077 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9);
2078 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8);
2080 /* Disable AFE PLL. */
2081 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00);
2083 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54);
2084 /* Disable eFuse 1.2V. */
2085 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50);
2086 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24);
2087 /* Enable AFE macro block's bandgap and Mbias. */
2088 rsu_write_1(sc, R92S_AFE_MISC, 0x30);
2089 /* Disable 1.6V LDO. */
2090 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56);
2091 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43);
2095 rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len)
2097 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO];
2098 struct rsu_data *data;
2099 struct r92s_tx_desc *txd;
2103 data = rsu_getbuf(sc);
2106 txd = (struct r92s_tx_desc *)data->buf;
2107 memset(txd, 0, sizeof(*txd));
2108 if (len <= RSU_TXBUFSZ - sizeof(*txd)) {
2110 txd->txdw0 |= htole32(R92S_TXDW0_LINIP);
2113 mlen = RSU_TXBUFSZ - sizeof(*txd);
2114 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen));
2115 memcpy(&txd[1], buf, mlen);
2116 data->buflen = sizeof(*txd) + mlen;
2117 DPRINTF("starting transfer %p\n", data);
2118 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
2122 usbd_transfer_start(sc->sc_xfer[which]);
2127 rsu_load_firmware(struct rsu_softc *sc)
2129 const struct r92s_fw_hdr *hdr;
2130 struct r92s_fw_priv *dmem;
2131 const uint8_t *imem, *emem;
2133 const struct firmware *fw;
2138 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY) {
2139 DPRINTF("Firmware already loaded\n");
2144 /* Read firmware image from the filesystem. */
2145 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) {
2146 device_printf(sc->sc_dev,
2147 "%s: failed load firmware of file rsu-rtl8712fw\n",
2153 size = fw->datasize;
2154 if (size < sizeof(*hdr)) {
2155 device_printf(sc->sc_dev, "firmware too short\n");
2159 hdr = (const struct r92s_fw_hdr *)fw->data;
2160 if (hdr->signature != htole16(0x8712) &&
2161 hdr->signature != htole16(0x8192)) {
2162 device_printf(sc->sc_dev,
2163 "invalid firmware signature 0x%x\n",
2164 le16toh(hdr->signature));
2168 DPRINTF("FW V%d %02x-%02x %02x:%02x\n", le16toh(hdr->version),
2169 hdr->month, hdr->day, hdr->hour, hdr->minute);
2171 /* Make sure that driver and firmware are in sync. */
2172 if (hdr->privsz != htole32(sizeof(*dmem))) {
2173 device_printf(sc->sc_dev, "unsupported firmware image\n");
2177 /* Get FW sections sizes. */
2178 imemsz = le32toh(hdr->imemsz);
2179 ememsz = le32toh(hdr->sramsz);
2180 /* Check that all FW sections fit in image. */
2181 if (size < sizeof(*hdr) + imemsz + ememsz) {
2182 device_printf(sc->sc_dev, "firmware too short\n");
2186 imem = (const uint8_t *)&hdr[1];
2187 emem = imem + imemsz;
2189 /* Load IMEM section. */
2190 error = rsu_fw_loadsection(sc, imem, imemsz);
2192 device_printf(sc->sc_dev,
2193 "could not load firmware section %s\n", "IMEM");
2196 /* Wait for load to complete. */
2197 for (ntries = 0; ntries != 50; ntries++) {
2198 usb_pause_mtx(&sc->sc_mtx, hz / 100);
2199 reg = rsu_read_1(sc, R92S_TCR);
2200 if (reg & R92S_TCR_IMEM_CODE_DONE)
2204 device_printf(sc->sc_dev, "timeout waiting for IMEM transfer\n");
2208 /* Load EMEM section. */
2209 error = rsu_fw_loadsection(sc, emem, ememsz);
2211 device_printf(sc->sc_dev,
2212 "could not load firmware section %s\n", "EMEM");
2215 /* Wait for load to complete. */
2216 for (ntries = 0; ntries != 50; ntries++) {
2217 usb_pause_mtx(&sc->sc_mtx, hz / 100);
2218 reg = rsu_read_2(sc, R92S_TCR);
2219 if (reg & R92S_TCR_EMEM_CODE_DONE)
2223 device_printf(sc->sc_dev, "timeout waiting for EMEM transfer\n");
2228 rsu_write_1(sc, R92S_SYS_CLKR,
2229 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL);
2230 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) {
2231 device_printf(sc->sc_dev, "could not enable system clock\n");
2235 rsu_write_2(sc, R92S_SYS_FUNC_EN,
2236 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN);
2237 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) {
2238 device_printf(sc->sc_dev,
2239 "could not enable microcontroller\n");
2243 /* Wait for CPU to initialize. */
2244 for (ntries = 0; ntries < 100; ntries++) {
2245 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_IMEM_RDY)
2249 if (ntries == 100) {
2250 device_printf(sc->sc_dev,
2251 "timeout waiting for microcontroller\n");
2256 /* Update DMEM section before loading. */
2257 dmem = __DECONST(struct r92s_fw_priv *, &hdr->priv);
2258 memset(dmem, 0, sizeof(*dmem));
2259 dmem->hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172;
2260 dmem->nendpoints = 0;
2261 dmem->rf_config = 0x12; /* 1T2R */
2262 dmem->vcs_type = R92S_VCS_TYPE_AUTO;
2263 dmem->vcs_mode = R92S_VCS_MODE_RTS_CTS;
2265 dmem->bw40_en = (ic->ic_htcaps & IEEE80211_HTCAP_CBW20_40) != 0;
2267 dmem->turbo_mode = 1;
2268 /* Load DMEM section. */
2269 error = rsu_fw_loadsection(sc, (uint8_t *)dmem, sizeof(*dmem));
2271 device_printf(sc->sc_dev,
2272 "could not load firmware section %s\n", "DMEM");
2275 /* Wait for load to complete. */
2276 for (ntries = 0; ntries < 100; ntries++) {
2277 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE)
2281 if (ntries == 100) {
2282 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2287 /* Wait for firmware readiness. */
2288 for (ntries = 0; ntries < 60; ntries++) {
2289 if (!(rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY))
2294 device_printf(sc->sc_dev,
2295 "timeout waiting for firmware readiness\n");
2300 firmware_put(fw, FIRMWARE_UNLOAD);
2306 rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2307 const struct ieee80211_bpf_params *params)
2309 struct ieee80211com *ic = ni->ni_ic;
2310 struct ifnet *ifp = ic->ic_ifp;
2311 struct rsu_softc *sc = ifp->if_softc;
2312 struct rsu_data *bf;
2314 /* prevent management frames from being sent if we're not ready */
2315 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
2317 ieee80211_free_node(ni);
2321 bf = rsu_getbuf(sc);
2323 ieee80211_free_node(ni);
2329 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2330 ieee80211_free_node(ni);
2332 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next);
2344 struct rsu_softc *sc = arg;
2347 rsu_init_locked(arg);
2352 rsu_init_locked(struct rsu_softc *sc)
2354 struct ifnet *ifp = sc->sc_ifp;
2355 struct r92s_set_pwr_mode cmd;
2359 /* Init host async commands ring. */
2360 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0;
2362 /* Power on adapter. */
2364 rsu_power_on_acut(sc);
2366 rsu_power_on_bcut(sc);
2368 /* Load firmware. */
2369 error = rsu_load_firmware(sc);
2373 /* Enable Rx TCP checksum offload. */
2374 rsu_write_4(sc, R92S_RCR,
2375 rsu_read_4(sc, R92S_RCR) | 0x04000000);
2376 /* Append PHY status. */
2377 rsu_write_4(sc, R92S_RCR,
2378 rsu_read_4(sc, R92S_RCR) | 0x02000000);
2380 rsu_write_4(sc, R92S_CR,
2381 rsu_read_4(sc, R92S_CR) & ~0xff000000);
2383 /* Use 128 bytes pages. */
2384 rsu_write_1(sc, 0x00b5,
2385 rsu_read_1(sc, 0x00b5) | 0x01);
2386 /* Enable USB Rx aggregation. */
2387 rsu_write_1(sc, 0x00bd,
2388 rsu_read_1(sc, 0x00bd) | 0x80);
2389 /* Set USB Rx aggregation threshold. */
2390 rsu_write_1(sc, 0x00d9, 0x01);
2391 /* Set USB Rx aggregation timeout (1.7ms/4). */
2392 rsu_write_1(sc, 0xfe5b, 0x04);
2393 /* Fix USB Rx FIFO issue. */
2394 rsu_write_1(sc, 0xfe5c,
2395 rsu_read_1(sc, 0xfe5c) | 0x80);
2397 /* Set MAC address. */
2398 rsu_write_region_1(sc, R92S_MACID, IF_LLADDR(ifp),
2399 IEEE80211_ADDR_LEN);
2401 /* It really takes 1.5 seconds for the firmware to boot: */
2402 usb_pause_mtx(&sc->sc_mtx, (3 * hz) / 2);
2404 DPRINTF("setting MAC address to %s\n", ether_sprintf(IF_LLADDR(ifp)));
2405 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, IF_LLADDR(ifp),
2406 IEEE80211_ADDR_LEN);
2408 device_printf(sc->sc_dev, "could not set MAC address\n");
2412 rsu_write_1(sc, R92S_USB_HRPWM,
2413 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON);
2415 memset(&cmd, 0, sizeof(cmd));
2416 cmd.mode = R92S_PS_MODE_ACTIVE;
2417 DPRINTF("setting ps mode to %d\n", cmd.mode);
2418 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd));
2420 device_printf(sc->sc_dev, "could not set PS mode\n");
2425 if (ic->ic_htcaps & IEEE80211_HTCAP_CBW20_40) {
2426 /* Enable 40MHz mode. */
2427 error = rsu_fw_iocmd(sc,
2428 SM(R92S_IOCMD_CLASS, 0xf4) |
2429 SM(R92S_IOCMD_INDEX, 0x00) |
2430 SM(R92S_IOCMD_VALUE, 0x0007));
2432 device_printf(sc->sc_dev,
2433 "could not enable 40MHz mode\n");
2438 /* Set default channel. */
2439 ic->ic_bss->ni_chan = ic->ic_ibss_chan;
2442 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]);
2444 /* We're ready to go. */
2445 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2446 ifp->if_drv_flags |= IFF_DRV_RUNNING;
2449 /* Need to stop all failed transfers, if any */
2450 for (i = 0; i != RSU_N_TRANSFER; i++)
2451 usbd_transfer_stop(sc->sc_xfer[i]);
2455 rsu_stop(struct ifnet *ifp, int disable)
2457 struct rsu_softc *sc = ifp->if_softc;
2460 rsu_stop_locked(ifp, disable);
2465 rsu_stop_locked(struct ifnet *ifp, int disable __unused)
2467 struct rsu_softc *sc = ifp->if_softc;
2470 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
2471 sc->sc_calibrating = 0;
2472 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL);
2474 /* Power off adapter. */
2477 for (i = 0; i < RSU_N_TRANSFER; i++)
2478 usbd_transfer_stop(sc->sc_xfer[i]);
2482 rsu_ms_delay(struct rsu_softc *sc)
2484 usb_pause_mtx(&sc->sc_mtx, hz / 1000);
projects / FreeBSD / releng / 10.2.git / blob