1 /* $OpenBSD: if_rsu.c,v 1.17 2013/04/15 09:23:01 mglocker Exp $ */ 2 3 /*- 4 * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 #include <sys/cdefs.h> 19 __FBSDID("$FreeBSD$"); 20 21 /* 22 * Driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU. 23 * 24 * TODO: 25 * o h/w crypto 26 * o hostap / ibss / mesh 27 * o sensible RSSI levels 28 * o power-save operation 29 */ 30 31 #include "opt_wlan.h" 32 33 #include <sys/param.h> 34 #include <sys/endian.h> 35 #include <sys/sockio.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/kernel.h> 39 #include <sys/socket.h> 40 #include <sys/systm.h> 41 #include <sys/conf.h> 42 #include <sys/bus.h> 43 #include <sys/rman.h> 44 #include <sys/firmware.h> 45 #include <sys/module.h> 46 47 #include <machine/bus.h> 48 #include <machine/resource.h> 49 50 #include <net/bpf.h> 51 #include <net/if.h> 52 #include <net/if_var.h> 53 #include <net/if_arp.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 68 #include <dev/usb/usb.h> 69 #include <dev/usb/usbdi.h> 70 #include "usbdevs.h" 71 72 #define USB_DEBUG_VAR rsu_debug 73 #include <dev/usb/usb_debug.h> 74 75 #include <dev/usb/wlan/if_rsureg.h> 76 77 #ifdef USB_DEBUG 78 static int rsu_debug = 0; 79 SYSCTL_NODE(_hw_usb, OID_AUTO, rsu, CTLFLAG_RW, 0, "USB rsu"); 80 SYSCTL_INT(_hw_usb_rsu, OID_AUTO, debug, CTLFLAG_RWTUN, &rsu_debug, 0, 81 "Debug level"); 82 #define RSU_DPRINTF(_sc, _flg, ...) \ 83 do \ 84 if (((_flg) == (RSU_DEBUG_ANY)) || (rsu_debug & (_flg))) \ 85 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 86 while (0) 87 #else 88 #define RSU_DPRINTF(_sc, _flg, ...) 89 #endif 90 91 static int rsu_enable_11n = 1; 92 TUNABLE_INT("hw.usb.rsu.enable_11n", &rsu_enable_11n); 93 94 #define RSU_DEBUG_ANY 0xffffffff 95 #define RSU_DEBUG_TX 0x00000001 96 #define RSU_DEBUG_RX 0x00000002 97 #define RSU_DEBUG_RESET 0x00000004 98 #define RSU_DEBUG_CALIB 0x00000008 99 #define RSU_DEBUG_STATE 0x00000010 100 #define RSU_DEBUG_SCAN 0x00000020 101 #define RSU_DEBUG_FWCMD 0x00000040 102 #define RSU_DEBUG_TXDONE 0x00000080 103 #define RSU_DEBUG_FW 0x00000100 104 #define RSU_DEBUG_FWDBG 0x00000200 105 #define RSU_DEBUG_AMPDU 0x00000400 106 107 static const STRUCT_USB_HOST_ID rsu_devs[] = { 108 #define RSU_HT_NOT_SUPPORTED 0 109 #define RSU_HT_SUPPORTED 1 110 #define RSU_DEV_HT(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \ 111 RSU_HT_SUPPORTED) } 112 #define RSU_DEV(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \ 113 RSU_HT_NOT_SUPPORTED) } 114 RSU_DEV(ASUS, RTL8192SU), 115 RSU_DEV(AZUREWAVE, RTL8192SU_4), 116 RSU_DEV_HT(ACCTON, RTL8192SU), 117 RSU_DEV_HT(ASUS, USBN10), 118 RSU_DEV_HT(AZUREWAVE, RTL8192SU_1), 119 RSU_DEV_HT(AZUREWAVE, RTL8192SU_2), 120 RSU_DEV_HT(AZUREWAVE, RTL8192SU_3), 121 RSU_DEV_HT(AZUREWAVE, RTL8192SU_5), 122 RSU_DEV_HT(BELKIN, RTL8192SU_1), 123 RSU_DEV_HT(BELKIN, RTL8192SU_2), 124 RSU_DEV_HT(BELKIN, RTL8192SU_3), 125 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_1), 126 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_2), 127 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_3), 128 RSU_DEV_HT(COREGA, RTL8192SU), 129 RSU_DEV_HT(DLINK2, DWA131A1), 130 RSU_DEV_HT(DLINK2, RTL8192SU_1), 131 RSU_DEV_HT(DLINK2, RTL8192SU_2), 132 RSU_DEV_HT(EDIMAX, RTL8192SU_1), 133 RSU_DEV_HT(EDIMAX, RTL8192SU_2), 134 RSU_DEV_HT(EDIMAX, EW7622UMN), 135 RSU_DEV_HT(GUILLEMOT, HWGUN54), 136 RSU_DEV_HT(GUILLEMOT, HWNUM300), 137 RSU_DEV_HT(HAWKING, RTL8192SU_1), 138 RSU_DEV_HT(HAWKING, RTL8192SU_2), 139 RSU_DEV_HT(PLANEX2, GWUSNANO), 140 RSU_DEV_HT(REALTEK, RTL8171), 141 RSU_DEV_HT(REALTEK, RTL8172), 142 RSU_DEV_HT(REALTEK, RTL8173), 143 RSU_DEV_HT(REALTEK, RTL8174), 144 RSU_DEV_HT(REALTEK, RTL8192SU), 145 RSU_DEV_HT(REALTEK, RTL8712), 146 RSU_DEV_HT(REALTEK, RTL8713), 147 RSU_DEV_HT(SENAO, RTL8192SU_1), 148 RSU_DEV_HT(SENAO, RTL8192SU_2), 149 RSU_DEV_HT(SITECOMEU, WL349V1), 150 RSU_DEV_HT(SITECOMEU, WL353), 151 RSU_DEV_HT(SWEEX2, LW154), 152 RSU_DEV_HT(TRENDNET, TEW646UBH), 153 #undef RSU_DEV_HT 154 #undef RSU_DEV 155 }; 156 157 static device_probe_t rsu_match; 158 static device_attach_t rsu_attach; 159 static device_detach_t rsu_detach; 160 static usb_callback_t rsu_bulk_tx_callback_be_bk; 161 static usb_callback_t rsu_bulk_tx_callback_vi_vo; 162 static usb_callback_t rsu_bulk_tx_callback_h2c; 163 static usb_callback_t rsu_bulk_rx_callback; 164 static usb_error_t rsu_do_request(struct rsu_softc *, 165 struct usb_device_request *, void *); 166 static struct ieee80211vap * 167 rsu_vap_create(struct ieee80211com *, const char name[], 168 int, enum ieee80211_opmode, int, const uint8_t bssid[], 169 const uint8_t mac[]); 170 static void rsu_vap_delete(struct ieee80211vap *); 171 static void rsu_scan_start(struct ieee80211com *); 172 static void rsu_scan_end(struct ieee80211com *); 173 static void rsu_getradiocaps(struct ieee80211com *, int, int *, 174 struct ieee80211_channel[]); 175 static void rsu_set_channel(struct ieee80211com *); 176 static void rsu_scan_curchan(struct ieee80211_scan_state *, unsigned long); 177 static void rsu_scan_mindwell(struct ieee80211_scan_state *); 178 static uint8_t rsu_get_multi_pos(const uint8_t[]); 179 static void rsu_set_multi(struct rsu_softc *); 180 static void rsu_update_mcast(struct ieee80211com *); 181 static int rsu_alloc_rx_list(struct rsu_softc *); 182 static void rsu_free_rx_list(struct rsu_softc *); 183 static int rsu_alloc_tx_list(struct rsu_softc *); 184 static void rsu_free_tx_list(struct rsu_softc *); 185 static void rsu_free_list(struct rsu_softc *, struct rsu_data [], int); 186 static struct rsu_data *_rsu_getbuf(struct rsu_softc *); 187 static struct rsu_data *rsu_getbuf(struct rsu_softc *); 188 static void rsu_freebuf(struct rsu_softc *, struct rsu_data *); 189 static int rsu_write_region_1(struct rsu_softc *, uint16_t, uint8_t *, 190 int); 191 static void rsu_write_1(struct rsu_softc *, uint16_t, uint8_t); 192 static void rsu_write_2(struct rsu_softc *, uint16_t, uint16_t); 193 static void rsu_write_4(struct rsu_softc *, uint16_t, uint32_t); 194 static int rsu_read_region_1(struct rsu_softc *, uint16_t, uint8_t *, 195 int); 196 static uint8_t rsu_read_1(struct rsu_softc *, uint16_t); 197 static uint16_t rsu_read_2(struct rsu_softc *, uint16_t); 198 static uint32_t rsu_read_4(struct rsu_softc *, uint16_t); 199 static int rsu_fw_iocmd(struct rsu_softc *, uint32_t); 200 static uint8_t rsu_efuse_read_1(struct rsu_softc *, uint16_t); 201 static int rsu_read_rom(struct rsu_softc *); 202 static int rsu_fw_cmd(struct rsu_softc *, uint8_t, void *, int); 203 static void rsu_calib_task(void *, int); 204 static void rsu_tx_task(void *, int); 205 static int rsu_newstate(struct ieee80211vap *, enum ieee80211_state, int); 206 #ifdef notyet 207 static void rsu_set_key(struct rsu_softc *, const struct ieee80211_key *); 208 static void rsu_delete_key(struct rsu_softc *, const struct ieee80211_key *); 209 #endif 210 static int rsu_site_survey(struct rsu_softc *, 211 struct ieee80211_scan_ssid *); 212 static int rsu_join_bss(struct rsu_softc *, struct ieee80211_node *); 213 static int rsu_disconnect(struct rsu_softc *); 214 static int rsu_hwrssi_to_rssi(struct rsu_softc *, int hw_rssi); 215 static void rsu_event_survey(struct rsu_softc *, uint8_t *, int); 216 static void rsu_event_join_bss(struct rsu_softc *, uint8_t *, int); 217 static void rsu_rx_event(struct rsu_softc *, uint8_t, uint8_t *, int); 218 static void rsu_rx_multi_event(struct rsu_softc *, uint8_t *, int); 219 #if 0 220 static int8_t rsu_get_rssi(struct rsu_softc *, int, void *); 221 #endif 222 static struct mbuf * rsu_rx_copy_to_mbuf(struct rsu_softc *, 223 struct r92s_rx_stat *, int); 224 static struct ieee80211_node * rsu_rx_frame(struct rsu_softc *, struct mbuf *, 225 int8_t *); 226 static struct mbuf * rsu_rx_multi_frame(struct rsu_softc *, uint8_t *, int); 227 static struct mbuf * 228 rsu_rxeof(struct usb_xfer *, struct rsu_data *); 229 static void rsu_txeof(struct usb_xfer *, struct rsu_data *); 230 static int rsu_raw_xmit(struct ieee80211_node *, struct mbuf *, 231 const struct ieee80211_bpf_params *); 232 static void rsu_init(struct rsu_softc *); 233 static int rsu_tx_start(struct rsu_softc *, struct ieee80211_node *, 234 struct mbuf *, struct rsu_data *); 235 static int rsu_transmit(struct ieee80211com *, struct mbuf *); 236 static void rsu_start(struct rsu_softc *); 237 static void _rsu_start(struct rsu_softc *); 238 static void rsu_parent(struct ieee80211com *); 239 static void rsu_stop(struct rsu_softc *); 240 static void rsu_ms_delay(struct rsu_softc *, int); 241 242 static device_method_t rsu_methods[] = { 243 DEVMETHOD(device_probe, rsu_match), 244 DEVMETHOD(device_attach, rsu_attach), 245 DEVMETHOD(device_detach, rsu_detach), 246 247 DEVMETHOD_END 248 }; 249 250 static driver_t rsu_driver = { 251 .name = "rsu", 252 .methods = rsu_methods, 253 .size = sizeof(struct rsu_softc) 254 }; 255 256 static devclass_t rsu_devclass; 257 258 DRIVER_MODULE(rsu, uhub, rsu_driver, rsu_devclass, NULL, 0); 259 MODULE_DEPEND(rsu, wlan, 1, 1, 1); 260 MODULE_DEPEND(rsu, usb, 1, 1, 1); 261 MODULE_DEPEND(rsu, firmware, 1, 1, 1); 262 MODULE_VERSION(rsu, 1); 263 USB_PNP_HOST_INFO(rsu_devs); 264 265 static const uint8_t rsu_chan_2ghz[] = 266 { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 }; 267 268 static uint8_t rsu_wme_ac_xfer_map[4] = { 269 [WME_AC_BE] = RSU_BULK_TX_BE_BK, 270 [WME_AC_BK] = RSU_BULK_TX_BE_BK, 271 [WME_AC_VI] = RSU_BULK_TX_VI_VO, 272 [WME_AC_VO] = RSU_BULK_TX_VI_VO, 273 }; 274 275 /* XXX hard-coded */ 276 #define RSU_H2C_ENDPOINT 3 277 278 static const struct usb_config rsu_config[RSU_N_TRANSFER] = { 279 [RSU_BULK_RX] = { 280 .type = UE_BULK, 281 .endpoint = UE_ADDR_ANY, 282 .direction = UE_DIR_IN, 283 .bufsize = RSU_RXBUFSZ, 284 .flags = { 285 .pipe_bof = 1, 286 .short_xfer_ok = 1 287 }, 288 .callback = rsu_bulk_rx_callback 289 }, 290 [RSU_BULK_TX_BE_BK] = { 291 .type = UE_BULK, 292 .endpoint = 0x06, 293 .direction = UE_DIR_OUT, 294 .bufsize = RSU_TXBUFSZ, 295 .flags = { 296 .ext_buffer = 1, 297 .pipe_bof = 1, 298 .force_short_xfer = 1 299 }, 300 .callback = rsu_bulk_tx_callback_be_bk, 301 .timeout = RSU_TX_TIMEOUT 302 }, 303 [RSU_BULK_TX_VI_VO] = { 304 .type = UE_BULK, 305 .endpoint = 0x04, 306 .direction = UE_DIR_OUT, 307 .bufsize = RSU_TXBUFSZ, 308 .flags = { 309 .ext_buffer = 1, 310 .pipe_bof = 1, 311 .force_short_xfer = 1 312 }, 313 .callback = rsu_bulk_tx_callback_vi_vo, 314 .timeout = RSU_TX_TIMEOUT 315 }, 316 [RSU_BULK_TX_H2C] = { 317 .type = UE_BULK, 318 .endpoint = 0x0d, 319 .direction = UE_DIR_OUT, 320 .bufsize = RSU_TXBUFSZ, 321 .flags = { 322 .ext_buffer = 1, 323 .pipe_bof = 1, 324 .short_xfer_ok = 1 325 }, 326 .callback = rsu_bulk_tx_callback_h2c, 327 .timeout = RSU_TX_TIMEOUT 328 }, 329 }; 330 331 static int 332 rsu_match(device_t self) 333 { 334 struct usb_attach_arg *uaa = device_get_ivars(self); 335 336 if (uaa->usb_mode != USB_MODE_HOST || 337 uaa->info.bIfaceIndex != 0 || 338 uaa->info.bConfigIndex != 0) 339 return (ENXIO); 340 341 return (usbd_lookup_id_by_uaa(rsu_devs, sizeof(rsu_devs), uaa)); 342 } 343 344 static int 345 rsu_send_mgmt(struct ieee80211_node *ni, int type, int arg) 346 { 347 348 return (ENOTSUP); 349 } 350 351 static void 352 rsu_update_chw(struct ieee80211com *ic) 353 { 354 355 } 356 357 /* 358 * notification from net80211 that it'd like to do A-MPDU on the given TID. 359 * 360 * Note: this actually hangs traffic at the present moment, so don't use it. 361 * The firmware debug does indiciate it's sending and establishing a TX AMPDU 362 * session, but then no traffic flows. 363 */ 364 static int 365 rsu_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 366 { 367 #if 0 368 struct rsu_softc *sc = ni->ni_ic->ic_softc; 369 struct r92s_add_ba_req req; 370 371 /* Don't enable if it's requested or running */ 372 if (IEEE80211_AMPDU_REQUESTED(tap)) 373 return (0); 374 if (IEEE80211_AMPDU_RUNNING(tap)) 375 return (0); 376 377 /* We've decided to send addba; so send it */ 378 req.tid = htole32(tap->txa_tid); 379 380 /* Attempt net80211 state */ 381 if (ieee80211_ampdu_tx_request_ext(ni, tap->txa_tid) != 1) 382 return (0); 383 384 /* Send the firmware command */ 385 RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: establishing AMPDU TX for TID %d\n", 386 __func__, 387 tap->txa_tid); 388 389 RSU_LOCK(sc); 390 if (rsu_fw_cmd(sc, R92S_CMD_ADDBA_REQ, &req, sizeof(req)) != 1) { 391 RSU_UNLOCK(sc); 392 /* Mark failure */ 393 (void) ieee80211_ampdu_tx_request_active_ext(ni, tap->txa_tid, 0); 394 return (0); 395 } 396 RSU_UNLOCK(sc); 397 398 /* Mark success; we don't get any further notifications */ 399 (void) ieee80211_ampdu_tx_request_active_ext(ni, tap->txa_tid, 1); 400 #endif 401 /* Return 0, we're driving this ourselves */ 402 return (0); 403 } 404 405 static int 406 rsu_wme_update(struct ieee80211com *ic) 407 { 408 409 /* Firmware handles this; not our problem */ 410 return (0); 411 } 412 413 static int 414 rsu_attach(device_t self) 415 { 416 struct usb_attach_arg *uaa = device_get_ivars(self); 417 struct rsu_softc *sc = device_get_softc(self); 418 struct ieee80211com *ic = &sc->sc_ic; 419 int error; 420 uint8_t iface_index; 421 struct usb_interface *iface; 422 const char *rft; 423 424 device_set_usb_desc(self); 425 sc->sc_udev = uaa->device; 426 sc->sc_dev = self; 427 if (rsu_enable_11n) 428 sc->sc_ht = !! (USB_GET_DRIVER_INFO(uaa) & RSU_HT_SUPPORTED); 429 430 /* Get number of endpoints */ 431 iface = usbd_get_iface(sc->sc_udev, 0); 432 sc->sc_nendpoints = iface->idesc->bNumEndpoints; 433 434 /* Endpoints are hard-coded for now, so enforce 4-endpoint only */ 435 if (sc->sc_nendpoints != 4) { 436 device_printf(sc->sc_dev, 437 "the driver currently only supports 4-endpoint devices\n"); 438 return (ENXIO); 439 } 440 441 mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK, 442 MTX_DEF); 443 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_task, 0, 444 rsu_calib_task, sc); 445 TASK_INIT(&sc->tx_task, 0, rsu_tx_task, sc); 446 mbufq_init(&sc->sc_snd, ifqmaxlen); 447 448 /* Allocate Tx/Rx buffers. */ 449 error = rsu_alloc_rx_list(sc); 450 if (error != 0) { 451 device_printf(sc->sc_dev, "could not allocate Rx buffers\n"); 452 goto fail_usb; 453 } 454 455 error = rsu_alloc_tx_list(sc); 456 if (error != 0) { 457 device_printf(sc->sc_dev, "could not allocate Tx buffers\n"); 458 rsu_free_rx_list(sc); 459 goto fail_usb; 460 } 461 462 iface_index = 0; 463 error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer, 464 rsu_config, RSU_N_TRANSFER, sc, &sc->sc_mtx); 465 if (error) { 466 device_printf(sc->sc_dev, 467 "could not allocate USB transfers, err=%s\n", 468 usbd_errstr(error)); 469 goto fail_usb; 470 } 471 RSU_LOCK(sc); 472 /* Read chip revision. */ 473 sc->cut = MS(rsu_read_4(sc, R92S_PMC_FSM), R92S_PMC_FSM_CUT); 474 if (sc->cut != 3) 475 sc->cut = (sc->cut >> 1) + 1; 476 error = rsu_read_rom(sc); 477 RSU_UNLOCK(sc); 478 if (error != 0) { 479 device_printf(self, "could not read ROM\n"); 480 goto fail_rom; 481 } 482 483 /* Figure out TX/RX streams */ 484 switch (sc->rom[84]) { 485 case 0x0: 486 sc->sc_rftype = RTL8712_RFCONFIG_1T1R; 487 sc->sc_nrxstream = 1; 488 sc->sc_ntxstream = 1; 489 rft = "1T1R"; 490 break; 491 case 0x1: 492 sc->sc_rftype = RTL8712_RFCONFIG_1T2R; 493 sc->sc_nrxstream = 2; 494 sc->sc_ntxstream = 1; 495 rft = "1T2R"; 496 break; 497 case 0x2: 498 sc->sc_rftype = RTL8712_RFCONFIG_2T2R; 499 sc->sc_nrxstream = 2; 500 sc->sc_ntxstream = 2; 501 rft = "2T2R"; 502 break; 503 default: 504 device_printf(sc->sc_dev, 505 "%s: unknown board type (rfconfig=0x%02x)\n", 506 __func__, 507 sc->rom[84]); 508 goto fail_rom; 509 } 510 511 IEEE80211_ADDR_COPY(ic->ic_macaddr, &sc->rom[0x12]); 512 device_printf(self, "MAC/BB RTL8712 cut %d %s\n", sc->cut, rft); 513 514 ic->ic_softc = sc; 515 ic->ic_name = device_get_nameunit(self); 516 ic->ic_phytype = IEEE80211_T_OFDM; /* Not only, but not used. */ 517 ic->ic_opmode = IEEE80211_M_STA; /* Default to BSS mode. */ 518 519 /* Set device capabilities. */ 520 ic->ic_caps = 521 IEEE80211_C_STA | /* station mode */ 522 #if 0 523 IEEE80211_C_BGSCAN | /* Background scan. */ 524 #endif 525 IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */ 526 IEEE80211_C_WME | /* WME/QoS */ 527 IEEE80211_C_SHSLOT | /* Short slot time supported. */ 528 IEEE80211_C_WPA; /* WPA/RSN. */ 529 530 /* Check if HT support is present. */ 531 if (sc->sc_ht) { 532 device_printf(sc->sc_dev, "%s: enabling 11n\n", __func__); 533 534 /* Enable basic HT */ 535 ic->ic_htcaps = IEEE80211_HTC_HT | 536 #if 0 537 IEEE80211_HTC_AMPDU | 538 #endif 539 IEEE80211_HTC_AMSDU | 540 IEEE80211_HTCAP_MAXAMSDU_3839 | 541 IEEE80211_HTCAP_SMPS_OFF; 542 ic->ic_htcaps |= IEEE80211_HTCAP_CHWIDTH40; 543 544 /* set number of spatial streams */ 545 ic->ic_txstream = sc->sc_ntxstream; 546 ic->ic_rxstream = sc->sc_nrxstream; 547 } 548 ic->ic_flags_ext |= IEEE80211_FEXT_SCAN_OFFLOAD; 549 550 rsu_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 551 ic->ic_channels); 552 553 ieee80211_ifattach(ic); 554 ic->ic_raw_xmit = rsu_raw_xmit; 555 ic->ic_scan_start = rsu_scan_start; 556 ic->ic_scan_end = rsu_scan_end; 557 ic->ic_getradiocaps = rsu_getradiocaps; 558 ic->ic_set_channel = rsu_set_channel; 559 ic->ic_scan_curchan = rsu_scan_curchan; 560 ic->ic_scan_mindwell = rsu_scan_mindwell; 561 ic->ic_vap_create = rsu_vap_create; 562 ic->ic_vap_delete = rsu_vap_delete; 563 ic->ic_update_mcast = rsu_update_mcast; 564 ic->ic_parent = rsu_parent; 565 ic->ic_transmit = rsu_transmit; 566 ic->ic_send_mgmt = rsu_send_mgmt; 567 ic->ic_update_chw = rsu_update_chw; 568 ic->ic_ampdu_enable = rsu_ampdu_enable; 569 ic->ic_wme.wme_update = rsu_wme_update; 570 571 ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr, 572 sizeof(sc->sc_txtap), RSU_TX_RADIOTAP_PRESENT, 573 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 574 RSU_RX_RADIOTAP_PRESENT); 575 576 if (bootverbose) 577 ieee80211_announce(ic); 578 579 return (0); 580 581 fail_rom: 582 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER); 583 fail_usb: 584 mtx_destroy(&sc->sc_mtx); 585 return (ENXIO); 586 } 587 588 static int 589 rsu_detach(device_t self) 590 { 591 struct rsu_softc *sc = device_get_softc(self); 592 struct ieee80211com *ic = &sc->sc_ic; 593 594 RSU_LOCK(sc); 595 rsu_stop(sc); 596 RSU_UNLOCK(sc); 597 598 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER); 599 600 /* 601 * Free buffers /before/ we detach from net80211, else node 602 * references to destroyed vaps will lead to a panic. 603 */ 604 /* Free Tx/Rx buffers. */ 605 RSU_LOCK(sc); 606 rsu_free_tx_list(sc); 607 rsu_free_rx_list(sc); 608 RSU_UNLOCK(sc); 609 610 /* Frames are freed; detach from net80211 */ 611 ieee80211_ifdetach(ic); 612 613 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task); 614 taskqueue_drain(taskqueue_thread, &sc->tx_task); 615 616 mtx_destroy(&sc->sc_mtx); 617 618 return (0); 619 } 620 621 static usb_error_t 622 rsu_do_request(struct rsu_softc *sc, struct usb_device_request *req, 623 void *data) 624 { 625 usb_error_t err; 626 int ntries = 10; 627 628 RSU_ASSERT_LOCKED(sc); 629 630 while (ntries--) { 631 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 632 req, data, 0, NULL, 250 /* ms */); 633 if (err == 0 || err == USB_ERR_NOT_CONFIGURED) 634 break; 635 DPRINTFN(1, "Control request failed, %s (retrying)\n", 636 usbd_errstr(err)); 637 rsu_ms_delay(sc, 10); 638 } 639 640 return (err); 641 } 642 643 static struct ieee80211vap * 644 rsu_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 645 enum ieee80211_opmode opmode, int flags, 646 const uint8_t bssid[IEEE80211_ADDR_LEN], 647 const uint8_t mac[IEEE80211_ADDR_LEN]) 648 { 649 struct rsu_vap *uvp; 650 struct ieee80211vap *vap; 651 652 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 653 return (NULL); 654 655 uvp = malloc(sizeof(struct rsu_vap), M_80211_VAP, M_WAITOK | M_ZERO); 656 vap = &uvp->vap; 657 658 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, 659 flags, bssid) != 0) { 660 /* out of memory */ 661 free(uvp, M_80211_VAP); 662 return (NULL); 663 } 664 665 /* override state transition machine */ 666 uvp->newstate = vap->iv_newstate; 667 vap->iv_newstate = rsu_newstate; 668 669 /* Limits from the r92su driver */ 670 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_16; 671 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K; 672 673 /* complete setup */ 674 ieee80211_vap_attach(vap, ieee80211_media_change, 675 ieee80211_media_status, mac); 676 ic->ic_opmode = opmode; 677 678 return (vap); 679 } 680 681 static void 682 rsu_vap_delete(struct ieee80211vap *vap) 683 { 684 struct rsu_vap *uvp = RSU_VAP(vap); 685 686 ieee80211_vap_detach(vap); 687 free(uvp, M_80211_VAP); 688 } 689 690 static void 691 rsu_scan_start(struct ieee80211com *ic) 692 { 693 struct rsu_softc *sc = ic->ic_softc; 694 struct ieee80211_scan_state *ss = ic->ic_scan; 695 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 696 int error; 697 698 /* Scanning is done by the firmware. */ 699 RSU_LOCK(sc); 700 sc->sc_active_scan = !!(ss->ss_flags & IEEE80211_SCAN_ACTIVE); 701 /* XXX TODO: force awake if in network-sleep? */ 702 error = rsu_site_survey(sc, ss->ss_nssid > 0 ? &ss->ss_ssid[0] : NULL); 703 RSU_UNLOCK(sc); 704 if (error != 0) { 705 device_printf(sc->sc_dev, 706 "could not send site survey command\n"); 707 ieee80211_cancel_scan(vap); 708 } 709 } 710 711 static void 712 rsu_scan_end(struct ieee80211com *ic) 713 { 714 /* Nothing to do here. */ 715 } 716 717 static void 718 rsu_getradiocaps(struct ieee80211com *ic, 719 int maxchans, int *nchans, struct ieee80211_channel chans[]) 720 { 721 struct rsu_softc *sc = ic->ic_softc; 722 uint8_t bands[IEEE80211_MODE_BYTES]; 723 724 /* Set supported .11b and .11g rates. */ 725 memset(bands, 0, sizeof(bands)); 726 setbit(bands, IEEE80211_MODE_11B); 727 setbit(bands, IEEE80211_MODE_11G); 728 if (sc->sc_ht) 729 setbit(bands, IEEE80211_MODE_11NG); 730 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 731 rsu_chan_2ghz, nitems(rsu_chan_2ghz), bands, 0); 732 } 733 734 static void 735 rsu_set_channel(struct ieee80211com *ic __unused) 736 { 737 /* We are unable to switch channels, yet. */ 738 } 739 740 static void 741 rsu_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 742 { 743 /* Scan is done in rsu_scan_start(). */ 744 } 745 746 /** 747 * Called by the net80211 framework to indicate 748 * the minimum dwell time has been met, terminate the scan. 749 * We don't actually terminate the scan as the firmware will notify 750 * us when it's finished and we have no way to interrupt it. 751 */ 752 static void 753 rsu_scan_mindwell(struct ieee80211_scan_state *ss) 754 { 755 /* NB: don't try to abort scan; wait for firmware to finish */ 756 } 757 758 /* 759 * The same as rtwn_get_multi_pos() / rtwn_set_multi(). 760 */ 761 static uint8_t 762 rsu_get_multi_pos(const uint8_t maddr[]) 763 { 764 uint64_t mask = 0x00004d101df481b4; 765 uint8_t pos = 0x27; /* initial value */ 766 int i, j; 767 768 for (i = 0; i < IEEE80211_ADDR_LEN; i++) 769 for (j = (i == 0) ? 1 : 0; j < 8; j++) 770 if ((maddr[i] >> j) & 1) 771 pos ^= (mask >> (i * 8 + j - 1)); 772 773 pos &= 0x3f; 774 775 return (pos); 776 } 777 778 static void 779 rsu_set_multi(struct rsu_softc *sc) 780 { 781 struct ieee80211com *ic = &sc->sc_ic; 782 uint32_t mfilt[2]; 783 784 RSU_ASSERT_LOCKED(sc); 785 786 /* general structure was copied from ath(4). */ 787 if (ic->ic_allmulti == 0) { 788 struct ieee80211vap *vap; 789 struct ifnet *ifp; 790 struct ifmultiaddr *ifma; 791 792 /* 793 * Merge multicast addresses to form the hardware filter. 794 */ 795 mfilt[0] = mfilt[1] = 0; 796 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 797 ifp = vap->iv_ifp; 798 if_maddr_rlock(ifp); 799 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 800 caddr_t dl; 801 uint8_t pos; 802 803 dl = LLADDR((struct sockaddr_dl *) 804 ifma->ifma_addr); 805 pos = rsu_get_multi_pos(dl); 806 807 mfilt[pos / 32] |= (1 << (pos % 32)); 808 } 809 if_maddr_runlock(ifp); 810 } 811 } else 812 mfilt[0] = mfilt[1] = ~0; 813 814 rsu_write_4(sc, R92S_MAR + 0, mfilt[0]); 815 rsu_write_4(sc, R92S_MAR + 4, mfilt[1]); 816 817 RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: MC filter %08x:%08x\n", 818 __func__, mfilt[0], mfilt[1]); 819 } 820 821 static void 822 rsu_update_mcast(struct ieee80211com *ic) 823 { 824 struct rsu_softc *sc = ic->ic_softc; 825 826 RSU_LOCK(sc); 827 if (sc->sc_running) 828 rsu_set_multi(sc); 829 RSU_UNLOCK(sc); 830 } 831 832 static int 833 rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[], 834 int ndata, int maxsz) 835 { 836 int i, error; 837 838 for (i = 0; i < ndata; i++) { 839 struct rsu_data *dp = &data[i]; 840 dp->sc = sc; 841 dp->m = NULL; 842 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT); 843 if (dp->buf == NULL) { 844 device_printf(sc->sc_dev, 845 "could not allocate buffer\n"); 846 error = ENOMEM; 847 goto fail; 848 } 849 dp->ni = NULL; 850 } 851 852 return (0); 853 fail: 854 rsu_free_list(sc, data, ndata); 855 return (error); 856 } 857 858 static int 859 rsu_alloc_rx_list(struct rsu_softc *sc) 860 { 861 int error, i; 862 863 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT, 864 RSU_RXBUFSZ); 865 if (error != 0) 866 return (error); 867 868 STAILQ_INIT(&sc->sc_rx_active); 869 STAILQ_INIT(&sc->sc_rx_inactive); 870 871 for (i = 0; i < RSU_RX_LIST_COUNT; i++) 872 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next); 873 874 return (0); 875 } 876 877 static int 878 rsu_alloc_tx_list(struct rsu_softc *sc) 879 { 880 int error, i; 881 882 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT, 883 RSU_TXBUFSZ); 884 if (error != 0) 885 return (error); 886 887 STAILQ_INIT(&sc->sc_tx_inactive); 888 889 for (i = 0; i != RSU_N_TRANSFER; i++) { 890 STAILQ_INIT(&sc->sc_tx_active[i]); 891 STAILQ_INIT(&sc->sc_tx_pending[i]); 892 } 893 894 for (i = 0; i < RSU_TX_LIST_COUNT; i++) { 895 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next); 896 } 897 898 return (0); 899 } 900 901 static void 902 rsu_free_tx_list(struct rsu_softc *sc) 903 { 904 int i; 905 906 /* prevent further allocations from TX list(s) */ 907 STAILQ_INIT(&sc->sc_tx_inactive); 908 909 for (i = 0; i != RSU_N_TRANSFER; i++) { 910 STAILQ_INIT(&sc->sc_tx_active[i]); 911 STAILQ_INIT(&sc->sc_tx_pending[i]); 912 } 913 914 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT); 915 } 916 917 static void 918 rsu_free_rx_list(struct rsu_softc *sc) 919 { 920 /* prevent further allocations from RX list(s) */ 921 STAILQ_INIT(&sc->sc_rx_inactive); 922 STAILQ_INIT(&sc->sc_rx_active); 923 924 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT); 925 } 926 927 static void 928 rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata) 929 { 930 int i; 931 932 for (i = 0; i < ndata; i++) { 933 struct rsu_data *dp = &data[i]; 934 935 if (dp->buf != NULL) { 936 free(dp->buf, M_USBDEV); 937 dp->buf = NULL; 938 } 939 if (dp->ni != NULL) { 940 ieee80211_free_node(dp->ni); 941 dp->ni = NULL; 942 } 943 } 944 } 945 946 static struct rsu_data * 947 _rsu_getbuf(struct rsu_softc *sc) 948 { 949 struct rsu_data *bf; 950 951 bf = STAILQ_FIRST(&sc->sc_tx_inactive); 952 if (bf != NULL) 953 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next); 954 else 955 bf = NULL; 956 return (bf); 957 } 958 959 static struct rsu_data * 960 rsu_getbuf(struct rsu_softc *sc) 961 { 962 struct rsu_data *bf; 963 964 RSU_ASSERT_LOCKED(sc); 965 966 bf = _rsu_getbuf(sc); 967 if (bf == NULL) { 968 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: no buffers\n", __func__); 969 } 970 return (bf); 971 } 972 973 static void 974 rsu_freebuf(struct rsu_softc *sc, struct rsu_data *bf) 975 { 976 977 RSU_ASSERT_LOCKED(sc); 978 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, bf, next); 979 } 980 981 static int 982 rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf, 983 int len) 984 { 985 usb_device_request_t req; 986 987 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 988 req.bRequest = R92S_REQ_REGS; 989 USETW(req.wValue, addr); 990 USETW(req.wIndex, 0); 991 USETW(req.wLength, len); 992 993 return (rsu_do_request(sc, &req, buf)); 994 } 995 996 static void 997 rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val) 998 { 999 rsu_write_region_1(sc, addr, &val, 1); 1000 } 1001 1002 static void 1003 rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val) 1004 { 1005 val = htole16(val); 1006 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2); 1007 } 1008 1009 static void 1010 rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val) 1011 { 1012 val = htole32(val); 1013 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4); 1014 } 1015 1016 static int 1017 rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf, 1018 int len) 1019 { 1020 usb_device_request_t req; 1021 1022 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1023 req.bRequest = R92S_REQ_REGS; 1024 USETW(req.wValue, addr); 1025 USETW(req.wIndex, 0); 1026 USETW(req.wLength, len); 1027 1028 return (rsu_do_request(sc, &req, buf)); 1029 } 1030 1031 static uint8_t 1032 rsu_read_1(struct rsu_softc *sc, uint16_t addr) 1033 { 1034 uint8_t val; 1035 1036 if (rsu_read_region_1(sc, addr, &val, 1) != 0) 1037 return (0xff); 1038 return (val); 1039 } 1040 1041 static uint16_t 1042 rsu_read_2(struct rsu_softc *sc, uint16_t addr) 1043 { 1044 uint16_t val; 1045 1046 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0) 1047 return (0xffff); 1048 return (le16toh(val)); 1049 } 1050 1051 static uint32_t 1052 rsu_read_4(struct rsu_softc *sc, uint16_t addr) 1053 { 1054 uint32_t val; 1055 1056 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0) 1057 return (0xffffffff); 1058 return (le32toh(val)); 1059 } 1060 1061 static int 1062 rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd) 1063 { 1064 int ntries; 1065 1066 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd); 1067 rsu_ms_delay(sc, 1); 1068 for (ntries = 0; ntries < 50; ntries++) { 1069 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0) 1070 return (0); 1071 rsu_ms_delay(sc, 1); 1072 } 1073 return (ETIMEDOUT); 1074 } 1075 1076 static uint8_t 1077 rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr) 1078 { 1079 uint32_t reg; 1080 int ntries; 1081 1082 reg = rsu_read_4(sc, R92S_EFUSE_CTRL); 1083 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr); 1084 reg &= ~R92S_EFUSE_CTRL_VALID; 1085 rsu_write_4(sc, R92S_EFUSE_CTRL, reg); 1086 /* Wait for read operation to complete. */ 1087 for (ntries = 0; ntries < 100; ntries++) { 1088 reg = rsu_read_4(sc, R92S_EFUSE_CTRL); 1089 if (reg & R92S_EFUSE_CTRL_VALID) 1090 return (MS(reg, R92S_EFUSE_CTRL_DATA)); 1091 rsu_ms_delay(sc, 1); 1092 } 1093 device_printf(sc->sc_dev, 1094 "could not read efuse byte at address 0x%x\n", addr); 1095 return (0xff); 1096 } 1097 1098 static int 1099 rsu_read_rom(struct rsu_softc *sc) 1100 { 1101 uint8_t *rom = sc->rom; 1102 uint16_t addr = 0; 1103 uint32_t reg; 1104 uint8_t off, msk; 1105 int i; 1106 1107 /* Make sure that ROM type is eFuse and that autoload succeeded. */ 1108 reg = rsu_read_1(sc, R92S_EE_9346CR); 1109 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN) 1110 return (EIO); 1111 1112 /* Turn on 2.5V to prevent eFuse leakage. */ 1113 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3); 1114 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80); 1115 rsu_ms_delay(sc, 1); 1116 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80); 1117 1118 /* Read full ROM image. */ 1119 memset(&sc->rom, 0xff, sizeof(sc->rom)); 1120 while (addr < 512) { 1121 reg = rsu_efuse_read_1(sc, addr); 1122 if (reg == 0xff) 1123 break; 1124 addr++; 1125 off = reg >> 4; 1126 msk = reg & 0xf; 1127 for (i = 0; i < 4; i++) { 1128 if (msk & (1 << i)) 1129 continue; 1130 rom[off * 8 + i * 2 + 0] = 1131 rsu_efuse_read_1(sc, addr); 1132 addr++; 1133 rom[off * 8 + i * 2 + 1] = 1134 rsu_efuse_read_1(sc, addr); 1135 addr++; 1136 } 1137 } 1138 #ifdef USB_DEBUG 1139 if (rsu_debug >= 5) { 1140 /* Dump ROM content. */ 1141 printf("\n"); 1142 for (i = 0; i < sizeof(sc->rom); i++) 1143 printf("%02x:", rom[i]); 1144 printf("\n"); 1145 } 1146 #endif 1147 return (0); 1148 } 1149 1150 static int 1151 rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len) 1152 { 1153 const uint8_t which = RSU_H2C_ENDPOINT; 1154 struct rsu_data *data; 1155 struct r92s_tx_desc *txd; 1156 struct r92s_fw_cmd_hdr *cmd; 1157 int cmdsz; 1158 int xferlen; 1159 1160 RSU_ASSERT_LOCKED(sc); 1161 1162 data = rsu_getbuf(sc); 1163 if (data == NULL) 1164 return (ENOMEM); 1165 1166 /* Blank the entire payload, just to be safe */ 1167 memset(data->buf, '\0', RSU_TXBUFSZ); 1168 1169 /* Round-up command length to a multiple of 8 bytes. */ 1170 /* XXX TODO: is this required? */ 1171 cmdsz = (len + 7) & ~7; 1172 1173 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz; 1174 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__)); 1175 memset(data->buf, 0, xferlen); 1176 1177 /* Setup Tx descriptor. */ 1178 txd = (struct r92s_tx_desc *)data->buf; 1179 txd->txdw0 = htole32( 1180 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) | 1181 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) | 1182 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG); 1183 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C)); 1184 1185 /* Setup command header. */ 1186 cmd = (struct r92s_fw_cmd_hdr *)&txd[1]; 1187 cmd->len = htole16(cmdsz); 1188 cmd->code = code; 1189 cmd->seq = sc->cmd_seq; 1190 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f; 1191 1192 /* Copy command payload. */ 1193 memcpy(&cmd[1], buf, len); 1194 1195 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FWCMD, 1196 "%s: Tx cmd code=0x%x len=0x%x\n", 1197 __func__, code, cmdsz); 1198 data->buflen = xferlen; 1199 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 1200 usbd_transfer_start(sc->sc_xfer[which]); 1201 1202 return (0); 1203 } 1204 1205 /* ARGSUSED */ 1206 static void 1207 rsu_calib_task(void *arg, int pending __unused) 1208 { 1209 struct rsu_softc *sc = arg; 1210 #ifdef notyet 1211 uint32_t reg; 1212 #endif 1213 1214 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: running calibration task\n", 1215 __func__); 1216 1217 RSU_LOCK(sc); 1218 #ifdef notyet 1219 /* Read WPS PBC status. */ 1220 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL, 1221 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG)); 1222 rsu_write_1(sc, R92S_GPIO_IO_SEL, 1223 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS); 1224 reg = rsu_read_1(sc, R92S_GPIO_CTRL); 1225 if (reg != 0xff && (reg & R92S_GPIO_WPS)) 1226 DPRINTF(("WPS PBC is pushed\n")); 1227 #endif 1228 /* Read current signal level. */ 1229 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) { 1230 sc->sc_currssi = rsu_read_4(sc, R92S_IOCMD_DATA); 1231 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: RSSI=%d (%d)\n", 1232 __func__, sc->sc_currssi, 1233 rsu_hwrssi_to_rssi(sc, sc->sc_currssi)); 1234 } 1235 if (sc->sc_calibrating) 1236 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz); 1237 RSU_UNLOCK(sc); 1238 } 1239 1240 static void 1241 rsu_tx_task(void *arg, int pending __unused) 1242 { 1243 struct rsu_softc *sc = arg; 1244 1245 RSU_LOCK(sc); 1246 _rsu_start(sc); 1247 RSU_UNLOCK(sc); 1248 } 1249 1250 #define RSU_PWR_UNKNOWN 0x0 1251 #define RSU_PWR_ACTIVE 0x1 1252 #define RSU_PWR_OFF 0x2 1253 #define RSU_PWR_SLEEP 0x3 1254 1255 /* 1256 * Set the current power state. 1257 * 1258 * The rtlwifi code doesn't do this so aggressively; it 1259 * waits for an idle period after association with 1260 * no traffic before doing this. 1261 * 1262 * For now - it's on in all states except RUN, and 1263 * in RUN it'll transition to allow sleep. 1264 */ 1265 1266 struct r92s_pwr_cmd { 1267 uint8_t mode; 1268 uint8_t smart_ps; 1269 uint8_t bcn_pass_time; 1270 }; 1271 1272 static int 1273 rsu_set_fw_power_state(struct rsu_softc *sc, int state) 1274 { 1275 struct r92s_set_pwr_mode cmd; 1276 //struct r92s_pwr_cmd cmd; 1277 int error; 1278 1279 RSU_ASSERT_LOCKED(sc); 1280 1281 /* only change state if required */ 1282 if (sc->sc_curpwrstate == state) 1283 return (0); 1284 1285 memset(&cmd, 0, sizeof(cmd)); 1286 1287 switch (state) { 1288 case RSU_PWR_ACTIVE: 1289 /* Force the hardware awake */ 1290 rsu_write_1(sc, R92S_USB_HRPWM, 1291 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON); 1292 cmd.mode = R92S_PS_MODE_ACTIVE; 1293 break; 1294 case RSU_PWR_SLEEP: 1295 cmd.mode = R92S_PS_MODE_DTIM; /* XXX configurable? */ 1296 cmd.smart_ps = 1; /* XXX 2 if doing p2p */ 1297 cmd.bcn_pass_time = 5; /* in 100mS usb.c, linux/rtlwifi */ 1298 break; 1299 case RSU_PWR_OFF: 1300 cmd.mode = R92S_PS_MODE_RADIOOFF; 1301 break; 1302 default: 1303 device_printf(sc->sc_dev, "%s: unknown ps mode (%d)\n", 1304 __func__, 1305 state); 1306 return (ENXIO); 1307 } 1308 1309 RSU_DPRINTF(sc, RSU_DEBUG_RESET, 1310 "%s: setting ps mode to %d (mode %d)\n", 1311 __func__, state, cmd.mode); 1312 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd)); 1313 if (error == 0) 1314 sc->sc_curpwrstate = state; 1315 1316 return (error); 1317 } 1318 1319 static int 1320 rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1321 { 1322 struct rsu_vap *uvp = RSU_VAP(vap); 1323 struct ieee80211com *ic = vap->iv_ic; 1324 struct rsu_softc *sc = ic->ic_softc; 1325 struct ieee80211_node *ni; 1326 struct ieee80211_rateset *rs; 1327 enum ieee80211_state ostate; 1328 int error, startcal = 0; 1329 1330 ostate = vap->iv_state; 1331 RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: %s -> %s\n", 1332 __func__, 1333 ieee80211_state_name[ostate], 1334 ieee80211_state_name[nstate]); 1335 1336 IEEE80211_UNLOCK(ic); 1337 if (ostate == IEEE80211_S_RUN) { 1338 RSU_LOCK(sc); 1339 /* Stop calibration. */ 1340 sc->sc_calibrating = 0; 1341 RSU_UNLOCK(sc); 1342 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task); 1343 taskqueue_drain(taskqueue_thread, &sc->tx_task); 1344 /* Disassociate from our current BSS. */ 1345 RSU_LOCK(sc); 1346 rsu_disconnect(sc); 1347 } else 1348 RSU_LOCK(sc); 1349 switch (nstate) { 1350 case IEEE80211_S_INIT: 1351 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); 1352 break; 1353 case IEEE80211_S_AUTH: 1354 ni = ieee80211_ref_node(vap->iv_bss); 1355 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); 1356 error = rsu_join_bss(sc, ni); 1357 ieee80211_free_node(ni); 1358 if (error != 0) { 1359 device_printf(sc->sc_dev, 1360 "could not send join command\n"); 1361 } 1362 break; 1363 case IEEE80211_S_RUN: 1364 ni = ieee80211_ref_node(vap->iv_bss); 1365 rs = &ni->ni_rates; 1366 /* Indicate highest supported rate. */ 1367 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1]; 1368 (void) rsu_set_fw_power_state(sc, RSU_PWR_SLEEP); 1369 ieee80211_free_node(ni); 1370 startcal = 1; 1371 break; 1372 default: 1373 break; 1374 } 1375 if (startcal != 0) { 1376 sc->sc_calibrating = 1; 1377 /* Start periodic calibration. */ 1378 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, 1379 hz); 1380 } 1381 RSU_UNLOCK(sc); 1382 IEEE80211_LOCK(ic); 1383 return (uvp->newstate(vap, nstate, arg)); 1384 } 1385 1386 #ifdef notyet 1387 static void 1388 rsu_set_key(struct rsu_softc *sc, const struct ieee80211_key *k) 1389 { 1390 struct r92s_fw_cmd_set_key key; 1391 1392 memset(&key, 0, sizeof(key)); 1393 /* Map net80211 cipher to HW crypto algorithm. */ 1394 switch (k->wk_cipher->ic_cipher) { 1395 case IEEE80211_CIPHER_WEP: 1396 if (k->wk_keylen < 8) 1397 key.algo = R92S_KEY_ALGO_WEP40; 1398 else 1399 key.algo = R92S_KEY_ALGO_WEP104; 1400 break; 1401 case IEEE80211_CIPHER_TKIP: 1402 key.algo = R92S_KEY_ALGO_TKIP; 1403 break; 1404 case IEEE80211_CIPHER_AES_CCM: 1405 key.algo = R92S_KEY_ALGO_AES; 1406 break; 1407 default: 1408 return; 1409 } 1410 key.id = k->wk_keyix; 1411 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0; 1412 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key))); 1413 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); 1414 } 1415 1416 static void 1417 rsu_delete_key(struct rsu_softc *sc, const struct ieee80211_key *k) 1418 { 1419 struct r92s_fw_cmd_set_key key; 1420 1421 memset(&key, 0, sizeof(key)); 1422 key.id = k->wk_keyix; 1423 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); 1424 } 1425 #endif 1426 1427 static int 1428 rsu_site_survey(struct rsu_softc *sc, struct ieee80211_scan_ssid *ssid) 1429 { 1430 struct r92s_fw_cmd_sitesurvey cmd; 1431 1432 RSU_ASSERT_LOCKED(sc); 1433 1434 memset(&cmd, 0, sizeof(cmd)); 1435 /* TODO: passive channels? */ 1436 if (sc->sc_active_scan) 1437 cmd.active = htole32(1); 1438 cmd.limit = htole32(48); 1439 1440 if (ssid != NULL) { 1441 sc->sc_extra_scan = 1; 1442 cmd.ssidlen = htole32(ssid->len); 1443 memcpy(cmd.ssid, ssid->ssid, ssid->len); 1444 } 1445 #ifdef USB_DEBUG 1446 if (rsu_debug & (RSU_DEBUG_SCAN | RSU_DEBUG_FWCMD)) { 1447 device_printf(sc->sc_dev, 1448 "sending site survey command, active %d", 1449 le32toh(cmd.active)); 1450 if (ssid != NULL) { 1451 printf(", ssid: "); 1452 ieee80211_print_essid(cmd.ssid, le32toh(cmd.ssidlen)); 1453 } 1454 printf("\n"); 1455 } 1456 #endif 1457 return (rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd))); 1458 } 1459 1460 static int 1461 rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni) 1462 { 1463 struct ieee80211com *ic = &sc->sc_ic; 1464 struct ieee80211vap *vap = ni->ni_vap; 1465 struct ndis_wlan_bssid_ex *bss; 1466 struct ndis_802_11_fixed_ies *fixed; 1467 struct r92s_fw_cmd_auth auth; 1468 uint8_t buf[sizeof(*bss) + 128] __aligned(4); 1469 uint8_t *frm; 1470 uint8_t opmode; 1471 int error; 1472 1473 RSU_ASSERT_LOCKED(sc); 1474 1475 /* Let the FW decide the opmode based on the capinfo field. */ 1476 opmode = NDIS802_11AUTOUNKNOWN; 1477 RSU_DPRINTF(sc, RSU_DEBUG_RESET, 1478 "%s: setting operating mode to %d\n", 1479 __func__, opmode); 1480 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode)); 1481 if (error != 0) 1482 return (error); 1483 1484 memset(&auth, 0, sizeof(auth)); 1485 if (vap->iv_flags & IEEE80211_F_WPA) { 1486 auth.mode = R92S_AUTHMODE_WPA; 1487 auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X); 1488 } else 1489 auth.mode = R92S_AUTHMODE_OPEN; 1490 RSU_DPRINTF(sc, RSU_DEBUG_RESET, 1491 "%s: setting auth mode to %d\n", 1492 __func__, auth.mode); 1493 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth)); 1494 if (error != 0) 1495 return (error); 1496 1497 memset(buf, 0, sizeof(buf)); 1498 bss = (struct ndis_wlan_bssid_ex *)buf; 1499 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid); 1500 bss->ssid.ssidlen = htole32(ni->ni_esslen); 1501 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen); 1502 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA)) 1503 bss->privacy = htole32(1); 1504 bss->rssi = htole32(ni->ni_avgrssi); 1505 if (ic->ic_curmode == IEEE80211_MODE_11B) 1506 bss->networktype = htole32(NDIS802_11DS); 1507 else 1508 bss->networktype = htole32(NDIS802_11OFDM24); 1509 bss->config.len = htole32(sizeof(bss->config)); 1510 bss->config.bintval = htole32(ni->ni_intval); 1511 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan)); 1512 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE); 1513 /* XXX verify how this is supposed to look! */ 1514 memcpy(bss->supprates, ni->ni_rates.rs_rates, 1515 ni->ni_rates.rs_nrates); 1516 /* Write the fixed fields of the beacon frame. */ 1517 fixed = (struct ndis_802_11_fixed_ies *)&bss[1]; 1518 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8); 1519 fixed->bintval = htole16(ni->ni_intval); 1520 fixed->capabilities = htole16(ni->ni_capinfo); 1521 /* Write IEs to be included in the association request. */ 1522 frm = (uint8_t *)&fixed[1]; 1523 frm = ieee80211_add_rsn(frm, vap); 1524 frm = ieee80211_add_wpa(frm, vap); 1525 frm = ieee80211_add_qos(frm, ni); 1526 if ((ic->ic_flags & IEEE80211_F_WME) && 1527 (ni->ni_ies.wme_ie != NULL)) 1528 frm = ieee80211_add_wme_info(frm, &ic->ic_wme); 1529 if (ni->ni_flags & IEEE80211_NODE_HT) { 1530 frm = ieee80211_add_htcap(frm, ni); 1531 frm = ieee80211_add_htinfo(frm, ni); 1532 } 1533 bss->ieslen = htole32(frm - (uint8_t *)fixed); 1534 bss->len = htole32(((frm - buf) + 3) & ~3); 1535 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_FWCMD, 1536 "%s: sending join bss command to %s chan %d\n", 1537 __func__, 1538 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig)); 1539 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf))); 1540 } 1541 1542 static int 1543 rsu_disconnect(struct rsu_softc *sc) 1544 { 1545 uint32_t zero = 0; /* :-) */ 1546 1547 /* Disassociate from our current BSS. */ 1548 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, 1549 "%s: sending disconnect command\n", __func__); 1550 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero))); 1551 } 1552 1553 /* 1554 * Map the hardware provided RSSI value to a signal level. 1555 * For the most part it's just something we divide by and cap 1556 * so it doesn't overflow the representation by net80211. 1557 */ 1558 static int 1559 rsu_hwrssi_to_rssi(struct rsu_softc *sc, int hw_rssi) 1560 { 1561 int v; 1562 1563 if (hw_rssi == 0) 1564 return (0); 1565 v = hw_rssi >> 4; 1566 if (v > 80) 1567 v = 80; 1568 return (v); 1569 } 1570 1571 static void 1572 rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len) 1573 { 1574 struct ieee80211com *ic = &sc->sc_ic; 1575 struct ieee80211_frame *wh; 1576 struct ndis_wlan_bssid_ex *bss; 1577 struct ieee80211_rx_stats rxs; 1578 struct mbuf *m; 1579 int pktlen; 1580 1581 if (__predict_false(len < sizeof(*bss))) 1582 return; 1583 bss = (struct ndis_wlan_bssid_ex *)buf; 1584 if (__predict_false(len < sizeof(*bss) + le32toh(bss->ieslen))) 1585 return; 1586 1587 RSU_DPRINTF(sc, RSU_DEBUG_SCAN, 1588 "%s: found BSS %s: len=%d chan=%d inframode=%d " 1589 "networktype=%d privacy=%d, RSSI=%d\n", 1590 __func__, 1591 ether_sprintf(bss->macaddr), le32toh(bss->len), 1592 le32toh(bss->config.dsconfig), le32toh(bss->inframode), 1593 le32toh(bss->networktype), le32toh(bss->privacy), 1594 le32toh(bss->rssi)); 1595 1596 /* Build a fake beacon frame to let net80211 do all the parsing. */ 1597 /* XXX TODO: just call the new scan API methods! */ 1598 pktlen = sizeof(*wh) + le32toh(bss->ieslen); 1599 if (__predict_false(pktlen > MCLBYTES)) 1600 return; 1601 m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR); 1602 if (__predict_false(m == NULL)) 1603 return; 1604 wh = mtod(m, struct ieee80211_frame *); 1605 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1606 IEEE80211_FC0_SUBTYPE_BEACON; 1607 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1608 USETW(wh->i_dur, 0); 1609 IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr); 1610 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr); 1611 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr); 1612 *(uint16_t *)wh->i_seq = 0; 1613 memcpy(&wh[1], (uint8_t *)&bss[1], le32toh(bss->ieslen)); 1614 1615 /* Finalize mbuf. */ 1616 m->m_pkthdr.len = m->m_len = pktlen; 1617 1618 /* Set channel flags for input path */ 1619 bzero(&rxs, sizeof(rxs)); 1620 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 1621 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 1622 rxs.c_ieee = le32toh(bss->config.dsconfig); 1623 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 1624 /* This is a number from 0..100; so let's just divide it down a bit */ 1625 rxs.c_rssi = le32toh(bss->rssi) / 2; 1626 rxs.c_nf = -96; 1627 if (ieee80211_add_rx_params(m, &rxs) == 0) 1628 return; 1629 1630 /* XXX avoid a LOR */ 1631 RSU_UNLOCK(sc); 1632 ieee80211_input_mimo_all(ic, m); 1633 RSU_LOCK(sc); 1634 } 1635 1636 static void 1637 rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len) 1638 { 1639 struct ieee80211com *ic = &sc->sc_ic; 1640 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1641 struct ieee80211_node *ni = vap->iv_bss; 1642 struct r92s_event_join_bss *rsp; 1643 uint32_t tmp; 1644 int res; 1645 1646 if (__predict_false(len < sizeof(*rsp))) 1647 return; 1648 rsp = (struct r92s_event_join_bss *)buf; 1649 res = (int)le32toh(rsp->join_res); 1650 1651 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, 1652 "%s: Rx join BSS event len=%d res=%d\n", 1653 __func__, len, res); 1654 1655 /* 1656 * XXX Don't do this; there's likely a better way to tell 1657 * the caller we failed. 1658 */ 1659 if (res <= 0) { 1660 RSU_UNLOCK(sc); 1661 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); 1662 RSU_LOCK(sc); 1663 return; 1664 } 1665 1666 tmp = le32toh(rsp->associd); 1667 if (tmp >= vap->iv_max_aid) { 1668 DPRINTF("Assoc ID overflow\n"); 1669 tmp = 1; 1670 } 1671 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, 1672 "%s: associated with %s associd=%d\n", 1673 __func__, ether_sprintf(rsp->bss.macaddr), tmp); 1674 /* XXX is this required? What's the top two bits for again? */ 1675 ni->ni_associd = tmp | 0xc000; 1676 RSU_UNLOCK(sc); 1677 ieee80211_new_state(vap, IEEE80211_S_RUN, 1678 IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 1679 RSU_LOCK(sc); 1680 } 1681 1682 static void 1683 rsu_event_addba_req_report(struct rsu_softc *sc, uint8_t *buf, int len) 1684 { 1685 struct ieee80211com *ic = &sc->sc_ic; 1686 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1687 struct r92s_add_ba_event *ba = (void *) buf; 1688 struct ieee80211_node *ni; 1689 1690 if (len < sizeof(*ba)) { 1691 device_printf(sc->sc_dev, "%s: short read (%d)\n", __func__, len); 1692 return; 1693 } 1694 1695 if (vap == NULL) 1696 return; 1697 1698 RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: mac=%s, tid=%d, ssn=%d\n", 1699 __func__, 1700 ether_sprintf(ba->mac_addr), 1701 (int) ba->tid, 1702 (int) le16toh(ba->ssn)); 1703 1704 /* XXX do node lookup; this is STA specific */ 1705 1706 ni = ieee80211_ref_node(vap->iv_bss); 1707 ieee80211_ampdu_rx_start_ext(ni, ba->tid, le16toh(ba->ssn) >> 4, 32); 1708 ieee80211_free_node(ni); 1709 } 1710 1711 static void 1712 rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len) 1713 { 1714 struct ieee80211com *ic = &sc->sc_ic; 1715 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1716 1717 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD, 1718 "%s: Rx event code=%d len=%d\n", __func__, code, len); 1719 switch (code) { 1720 case R92S_EVT_SURVEY: 1721 rsu_event_survey(sc, buf, len); 1722 break; 1723 case R92S_EVT_SURVEY_DONE: 1724 RSU_DPRINTF(sc, RSU_DEBUG_SCAN, 1725 "%s: %s scan done, found %d BSS\n", 1726 __func__, sc->sc_extra_scan ? "direct" : "broadcast", 1727 le32toh(*(uint32_t *)buf)); 1728 if (sc->sc_extra_scan == 1) { 1729 /* Send broadcast probe request. */ 1730 sc->sc_extra_scan = 0; 1731 if (vap != NULL && rsu_site_survey(sc, NULL) != 0) { 1732 RSU_UNLOCK(sc); 1733 ieee80211_cancel_scan(vap); 1734 RSU_LOCK(sc); 1735 } 1736 break; 1737 } 1738 if (vap != NULL) { 1739 RSU_UNLOCK(sc); 1740 ieee80211_scan_done(vap); 1741 RSU_LOCK(sc); 1742 } 1743 break; 1744 case R92S_EVT_JOIN_BSS: 1745 if (vap->iv_state == IEEE80211_S_AUTH) 1746 rsu_event_join_bss(sc, buf, len); 1747 break; 1748 case R92S_EVT_DEL_STA: 1749 RSU_DPRINTF(sc, RSU_DEBUG_FWCMD | RSU_DEBUG_STATE, 1750 "%s: disassociated from %s\n", __func__, 1751 ether_sprintf(buf)); 1752 if (vap->iv_state == IEEE80211_S_RUN && 1753 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) { 1754 RSU_UNLOCK(sc); 1755 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); 1756 RSU_LOCK(sc); 1757 } 1758 break; 1759 case R92S_EVT_WPS_PBC: 1760 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD, 1761 "%s: WPS PBC pushed.\n", __func__); 1762 break; 1763 case R92S_EVT_FWDBG: 1764 buf[60] = '\0'; 1765 RSU_DPRINTF(sc, RSU_DEBUG_FWDBG, "FWDBG: %s\n", (char *)buf); 1766 break; 1767 case R92S_EVT_ADDBA_REQ_REPORT: 1768 rsu_event_addba_req_report(sc, buf, len); 1769 break; 1770 default: 1771 device_printf(sc->sc_dev, "%s: unhandled code (%d)\n", __func__, code); 1772 break; 1773 } 1774 } 1775 1776 static void 1777 rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len) 1778 { 1779 struct r92s_fw_cmd_hdr *cmd; 1780 int cmdsz; 1781 1782 RSU_DPRINTF(sc, RSU_DEBUG_RX, "%s: Rx events len=%d\n", __func__, len); 1783 1784 /* Skip Rx status. */ 1785 buf += sizeof(struct r92s_rx_stat); 1786 len -= sizeof(struct r92s_rx_stat); 1787 1788 /* Process all events. */ 1789 for (;;) { 1790 /* Check that command header fits. */ 1791 if (__predict_false(len < sizeof(*cmd))) 1792 break; 1793 cmd = (struct r92s_fw_cmd_hdr *)buf; 1794 /* Check that command payload fits. */ 1795 cmdsz = le16toh(cmd->len); 1796 if (__predict_false(len < sizeof(*cmd) + cmdsz)) 1797 break; 1798 1799 /* Process firmware event. */ 1800 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz); 1801 1802 if (!(cmd->seq & R92S_FW_CMD_MORE)) 1803 break; 1804 buf += sizeof(*cmd) + cmdsz; 1805 len -= sizeof(*cmd) + cmdsz; 1806 } 1807 } 1808 1809 #if 0 1810 static int8_t 1811 rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt) 1812 { 1813 static const int8_t cckoff[] = { 14, -2, -20, -40 }; 1814 struct r92s_rx_phystat *phy; 1815 struct r92s_rx_cck *cck; 1816 uint8_t rpt; 1817 int8_t rssi; 1818 1819 if (rate <= 3) { 1820 cck = (struct r92s_rx_cck *)physt; 1821 rpt = (cck->agc_rpt >> 6) & 0x3; 1822 rssi = cck->agc_rpt & 0x3e; 1823 rssi = cckoff[rpt] - rssi; 1824 } else { /* OFDM/HT. */ 1825 phy = (struct r92s_rx_phystat *)physt; 1826 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106; 1827 } 1828 return (rssi); 1829 } 1830 #endif 1831 1832 static struct mbuf * 1833 rsu_rx_copy_to_mbuf(struct rsu_softc *sc, struct r92s_rx_stat *stat, 1834 int totlen) 1835 { 1836 struct ieee80211com *ic = &sc->sc_ic; 1837 struct mbuf *m; 1838 uint32_t rxdw0; 1839 int pktlen; 1840 1841 rxdw0 = le32toh(stat->rxdw0); 1842 if (__predict_false(rxdw0 & R92S_RXDW0_CRCERR)) { 1843 RSU_DPRINTF(sc, RSU_DEBUG_RX, 1844 "%s: RX flags error (CRC)\n", __func__); 1845 goto fail; 1846 } 1847 1848 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN); 1849 if (__predict_false(pktlen < sizeof (struct ieee80211_frame_ack))) { 1850 RSU_DPRINTF(sc, RSU_DEBUG_RX, 1851 "%s: frame is too short: %d\n", __func__, pktlen); 1852 goto fail; 1853 } 1854 1855 m = m_get2(totlen, M_NOWAIT, MT_DATA, M_PKTHDR); 1856 if (__predict_false(m == NULL)) { 1857 device_printf(sc->sc_dev, "%s: could not allocate RX mbuf\n", 1858 __func__); 1859 goto fail; 1860 } 1861 1862 /* Finalize mbuf. */ 1863 memcpy(mtod(m, uint8_t *), (uint8_t *)stat, totlen); 1864 m->m_pkthdr.len = m->m_len = totlen; 1865 1866 return (m); 1867 fail: 1868 counter_u64_add(ic->ic_ierrors, 1); 1869 return (NULL); 1870 } 1871 1872 static struct ieee80211_node * 1873 rsu_rx_frame(struct rsu_softc *sc, struct mbuf *m, int8_t *rssi_p) 1874 { 1875 struct ieee80211com *ic = &sc->sc_ic; 1876 struct ieee80211_frame_min *wh; 1877 struct r92s_rx_stat *stat; 1878 uint32_t rxdw0, rxdw3; 1879 uint8_t rate; 1880 int infosz; 1881 1882 stat = mtod(m, struct r92s_rx_stat *); 1883 rxdw0 = le32toh(stat->rxdw0); 1884 rxdw3 = le32toh(stat->rxdw3); 1885 1886 rate = MS(rxdw3, R92S_RXDW3_RATE); 1887 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8; 1888 1889 #if 0 1890 /* Get RSSI from PHY status descriptor if present. */ 1891 if (infosz != 0) 1892 *rssi_p = rsu_get_rssi(sc, rate, &stat[1]); 1893 else 1894 #endif 1895 *rssi_p = 0; 1896 1897 if (ieee80211_radiotap_active(ic)) { 1898 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap; 1899 1900 /* Map HW rate index to 802.11 rate. */ 1901 tap->wr_flags = 0; /* TODO */ 1902 if (rate < 12) { 1903 switch (rate) { 1904 /* CCK. */ 1905 case 0: tap->wr_rate = 2; break; 1906 case 1: tap->wr_rate = 4; break; 1907 case 2: tap->wr_rate = 11; break; 1908 case 3: tap->wr_rate = 22; break; 1909 /* OFDM. */ 1910 case 4: tap->wr_rate = 12; break; 1911 case 5: tap->wr_rate = 18; break; 1912 case 6: tap->wr_rate = 24; break; 1913 case 7: tap->wr_rate = 36; break; 1914 case 8: tap->wr_rate = 48; break; 1915 case 9: tap->wr_rate = 72; break; 1916 case 10: tap->wr_rate = 96; break; 1917 case 11: tap->wr_rate = 108; break; 1918 } 1919 } else { /* MCS0~15. */ 1920 /* Bit 7 set means HT MCS instead of rate. */ 1921 tap->wr_rate = 0x80 | (rate - 12); 1922 } 1923 #if 0 1924 tap->wr_dbm_antsignal = *rssi; 1925 #endif 1926 /* XXX not nice */ 1927 tap->wr_dbm_antsignal = rsu_hwrssi_to_rssi(sc, sc->sc_currssi); 1928 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 1929 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 1930 }; 1931 1932 /* Hardware does Rx TCP checksum offload. */ 1933 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) { 1934 if (__predict_true(rxdw3 & R92S_RXDW3_TCPCHKRPT)) 1935 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID; 1936 } 1937 1938 /* Drop descriptor. */ 1939 m_adj(m, sizeof(*stat) + infosz); 1940 wh = mtod(m, struct ieee80211_frame_min *); 1941 1942 RSU_DPRINTF(sc, RSU_DEBUG_RX, 1943 "%s: Rx frame len %d, rate %d, infosz %d\n", 1944 __func__, m->m_len, rate, infosz); 1945 1946 if (m->m_len >= sizeof(*wh)) 1947 return (ieee80211_find_rxnode(ic, wh)); 1948 1949 return (NULL); 1950 } 1951 1952 static struct mbuf * 1953 rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len) 1954 { 1955 struct r92s_rx_stat *stat; 1956 uint32_t rxdw0; 1957 int totlen, pktlen, infosz, npkts; 1958 struct mbuf *m, *m0 = NULL, *prevm = NULL; 1959 1960 /* 1961 * don't pass packets to the ieee80211 framework if the driver isn't 1962 * RUNNING. 1963 */ 1964 if (!sc->sc_running) 1965 return (NULL); 1966 1967 /* Get the number of encapsulated frames. */ 1968 stat = (struct r92s_rx_stat *)buf; 1969 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT); 1970 RSU_DPRINTF(sc, RSU_DEBUG_RX, 1971 "%s: Rx %d frames in one chunk\n", __func__, npkts); 1972 1973 /* Process all of them. */ 1974 while (npkts-- > 0) { 1975 if (__predict_false(len < sizeof(*stat))) 1976 break; 1977 stat = (struct r92s_rx_stat *)buf; 1978 rxdw0 = le32toh(stat->rxdw0); 1979 1980 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN); 1981 if (__predict_false(pktlen == 0)) 1982 break; 1983 1984 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8; 1985 1986 /* Make sure everything fits in xfer. */ 1987 totlen = sizeof(*stat) + infosz + pktlen; 1988 if (__predict_false(totlen > len)) 1989 break; 1990 1991 /* Process 802.11 frame. */ 1992 m = rsu_rx_copy_to_mbuf(sc, stat, totlen); 1993 if (m0 == NULL) 1994 m0 = m; 1995 if (prevm == NULL) 1996 prevm = m; 1997 else { 1998 prevm->m_next = m; 1999 prevm = m; 2000 } 2001 /* Next chunk is 128-byte aligned. */ 2002 totlen = (totlen + 127) & ~127; 2003 buf += totlen; 2004 len -= totlen; 2005 } 2006 2007 return (m0); 2008 } 2009 2010 static struct mbuf * 2011 rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data) 2012 { 2013 struct rsu_softc *sc = data->sc; 2014 struct ieee80211com *ic = &sc->sc_ic; 2015 struct r92s_rx_stat *stat; 2016 int len; 2017 2018 usbd_xfer_status(xfer, &len, NULL, NULL, NULL); 2019 2020 if (__predict_false(len < sizeof(*stat))) { 2021 DPRINTF("xfer too short %d\n", len); 2022 counter_u64_add(ic->ic_ierrors, 1); 2023 return (NULL); 2024 } 2025 /* Determine if it is a firmware C2H event or an 802.11 frame. */ 2026 stat = (struct r92s_rx_stat *)data->buf; 2027 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) { 2028 rsu_rx_multi_event(sc, data->buf, len); 2029 /* No packets to process. */ 2030 return (NULL); 2031 } else 2032 return (rsu_rx_multi_frame(sc, data->buf, len)); 2033 } 2034 2035 static void 2036 rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2037 { 2038 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2039 struct ieee80211com *ic = &sc->sc_ic; 2040 struct ieee80211_node *ni; 2041 struct mbuf *m = NULL, *next; 2042 struct rsu_data *data; 2043 int8_t rssi; 2044 2045 RSU_ASSERT_LOCKED(sc); 2046 2047 switch (USB_GET_STATE(xfer)) { 2048 case USB_ST_TRANSFERRED: 2049 data = STAILQ_FIRST(&sc->sc_rx_active); 2050 if (data == NULL) 2051 goto tr_setup; 2052 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); 2053 m = rsu_rxeof(xfer, data); 2054 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); 2055 /* FALLTHROUGH */ 2056 case USB_ST_SETUP: 2057 tr_setup: 2058 data = STAILQ_FIRST(&sc->sc_rx_inactive); 2059 if (data == NULL) { 2060 KASSERT(m == NULL, ("mbuf isn't NULL")); 2061 return; 2062 } 2063 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next); 2064 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next); 2065 usbd_xfer_set_frame_data(xfer, 0, data->buf, 2066 usbd_xfer_max_len(xfer)); 2067 usbd_transfer_submit(xfer); 2068 /* 2069 * To avoid LOR we should unlock our private mutex here to call 2070 * ieee80211_input() because here is at the end of a USB 2071 * callback and safe to unlock. 2072 */ 2073 while (m != NULL) { 2074 next = m->m_next; 2075 m->m_next = NULL; 2076 2077 ni = rsu_rx_frame(sc, m, &rssi); 2078 2079 /* Cheat and get the last calibrated RSSI */ 2080 rssi = rsu_hwrssi_to_rssi(sc, sc->sc_currssi); 2081 RSU_UNLOCK(sc); 2082 2083 if (ni != NULL) { 2084 if (ni->ni_flags & IEEE80211_NODE_HT) 2085 m->m_flags |= M_AMPDU; 2086 (void)ieee80211_input(ni, m, rssi, -96); 2087 ieee80211_free_node(ni); 2088 } else 2089 (void)ieee80211_input_all(ic, m, rssi, -96); 2090 2091 RSU_LOCK(sc); 2092 m = next; 2093 } 2094 break; 2095 default: 2096 /* needs it to the inactive queue due to a error. */ 2097 data = STAILQ_FIRST(&sc->sc_rx_active); 2098 if (data != NULL) { 2099 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); 2100 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); 2101 } 2102 if (error != USB_ERR_CANCELLED) { 2103 usbd_xfer_set_stall(xfer); 2104 counter_u64_add(ic->ic_ierrors, 1); 2105 goto tr_setup; 2106 } 2107 break; 2108 } 2109 2110 } 2111 2112 static void 2113 rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data) 2114 { 2115 #ifdef USB_DEBUG 2116 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2117 #endif 2118 2119 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: called; data=%p\n", 2120 __func__, 2121 data); 2122 2123 if (data->m) { 2124 /* XXX status? */ 2125 ieee80211_tx_complete(data->ni, data->m, 0); 2126 data->m = NULL; 2127 data->ni = NULL; 2128 } 2129 } 2130 2131 static void 2132 rsu_bulk_tx_callback_sub(struct usb_xfer *xfer, usb_error_t error, 2133 uint8_t which) 2134 { 2135 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2136 struct ieee80211com *ic = &sc->sc_ic; 2137 struct rsu_data *data; 2138 2139 RSU_ASSERT_LOCKED(sc); 2140 2141 switch (USB_GET_STATE(xfer)) { 2142 case USB_ST_TRANSFERRED: 2143 data = STAILQ_FIRST(&sc->sc_tx_active[which]); 2144 if (data == NULL) 2145 goto tr_setup; 2146 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: transfer done %p\n", 2147 __func__, data); 2148 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next); 2149 rsu_txeof(xfer, data); 2150 rsu_freebuf(sc, data); 2151 /* FALLTHROUGH */ 2152 case USB_ST_SETUP: 2153 tr_setup: 2154 data = STAILQ_FIRST(&sc->sc_tx_pending[which]); 2155 if (data == NULL) { 2156 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, 2157 "%s: empty pending queue sc %p\n", __func__, sc); 2158 return; 2159 } 2160 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next); 2161 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next); 2162 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen); 2163 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, 2164 "%s: submitting transfer %p\n", 2165 __func__, 2166 data); 2167 usbd_transfer_submit(xfer); 2168 break; 2169 default: 2170 data = STAILQ_FIRST(&sc->sc_tx_active[which]); 2171 if (data != NULL) { 2172 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next); 2173 rsu_txeof(xfer, data); 2174 rsu_freebuf(sc, data); 2175 } 2176 counter_u64_add(ic->ic_oerrors, 1); 2177 2178 if (error != USB_ERR_CANCELLED) { 2179 usbd_xfer_set_stall(xfer); 2180 goto tr_setup; 2181 } 2182 break; 2183 } 2184 2185 /* 2186 * XXX TODO: if the queue is low, flush out FF TX frames. 2187 * Remember to unlock the driver for now; net80211 doesn't 2188 * defer it for us. 2189 */ 2190 } 2191 2192 static void 2193 rsu_bulk_tx_callback_be_bk(struct usb_xfer *xfer, usb_error_t error) 2194 { 2195 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2196 2197 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_BE_BK); 2198 2199 /* This kicks the TX taskqueue */ 2200 rsu_start(sc); 2201 } 2202 2203 static void 2204 rsu_bulk_tx_callback_vi_vo(struct usb_xfer *xfer, usb_error_t error) 2205 { 2206 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2207 2208 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_VI_VO); 2209 2210 /* This kicks the TX taskqueue */ 2211 rsu_start(sc); 2212 } 2213 2214 static void 2215 rsu_bulk_tx_callback_h2c(struct usb_xfer *xfer, usb_error_t error) 2216 { 2217 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2218 2219 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_H2C); 2220 2221 /* This kicks the TX taskqueue */ 2222 rsu_start(sc); 2223 } 2224 2225 /* 2226 * Transmit the given frame. 2227 * 2228 * This doesn't free the node or mbuf upon failure. 2229 */ 2230 static int 2231 rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni, 2232 struct mbuf *m0, struct rsu_data *data) 2233 { 2234 struct ieee80211com *ic = &sc->sc_ic; 2235 struct ieee80211vap *vap = ni->ni_vap; 2236 struct ieee80211_frame *wh; 2237 struct ieee80211_key *k = NULL; 2238 struct r92s_tx_desc *txd; 2239 uint8_t type; 2240 int prio = 0; 2241 uint8_t which; 2242 int hasqos; 2243 int xferlen; 2244 int qid; 2245 2246 RSU_ASSERT_LOCKED(sc); 2247 2248 wh = mtod(m0, struct ieee80211_frame *); 2249 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2250 2251 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: data=%p, m=%p\n", 2252 __func__, data, m0); 2253 2254 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2255 k = ieee80211_crypto_encap(ni, m0); 2256 if (k == NULL) { 2257 device_printf(sc->sc_dev, 2258 "ieee80211_crypto_encap returns NULL.\n"); 2259 /* XXX we don't expect the fragmented frames */ 2260 return (ENOBUFS); 2261 } 2262 wh = mtod(m0, struct ieee80211_frame *); 2263 } 2264 /* If we have QoS then use it */ 2265 /* XXX TODO: mbuf WME/PRI versus TID? */ 2266 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2267 /* Has QoS */ 2268 prio = M_WME_GETAC(m0); 2269 which = rsu_wme_ac_xfer_map[prio]; 2270 hasqos = 1; 2271 } else { 2272 /* Non-QoS TID */ 2273 /* XXX TODO: tid=0 for non-qos TID? */ 2274 which = rsu_wme_ac_xfer_map[WME_AC_BE]; 2275 hasqos = 0; 2276 prio = 0; 2277 } 2278 2279 qid = rsu_ac2qid[prio]; 2280 #if 0 2281 switch (type) { 2282 case IEEE80211_FC0_TYPE_CTL: 2283 case IEEE80211_FC0_TYPE_MGT: 2284 which = rsu_wme_ac_xfer_map[WME_AC_VO]; 2285 break; 2286 default: 2287 which = rsu_wme_ac_xfer_map[M_WME_GETAC(m0)]; 2288 break; 2289 } 2290 hasqos = 0; 2291 #endif 2292 2293 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: pri=%d, which=%d, hasqos=%d\n", 2294 __func__, 2295 prio, 2296 which, 2297 hasqos); 2298 2299 /* Fill Tx descriptor. */ 2300 txd = (struct r92s_tx_desc *)data->buf; 2301 memset(txd, 0, sizeof(*txd)); 2302 2303 txd->txdw0 |= htole32( 2304 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) | 2305 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) | 2306 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG); 2307 2308 txd->txdw1 |= htole32( 2309 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) | SM(R92S_TXDW1_QSEL, qid)); 2310 if (!hasqos) 2311 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS); 2312 #ifdef notyet 2313 if (k != NULL) { 2314 switch (k->wk_cipher->ic_cipher) { 2315 case IEEE80211_CIPHER_WEP: 2316 cipher = R92S_TXDW1_CIPHER_WEP; 2317 break; 2318 case IEEE80211_CIPHER_TKIP: 2319 cipher = R92S_TXDW1_CIPHER_TKIP; 2320 break; 2321 case IEEE80211_CIPHER_AES_CCM: 2322 cipher = R92S_TXDW1_CIPHER_AES; 2323 break; 2324 default: 2325 cipher = R92S_TXDW1_CIPHER_NONE; 2326 } 2327 txd->txdw1 |= htole32( 2328 SM(R92S_TXDW1_CIPHER, cipher) | 2329 SM(R92S_TXDW1_KEYIDX, k->k_id)); 2330 } 2331 #endif 2332 /* XXX todo: set AGGEN bit if appropriate? */ 2333 txd->txdw2 |= htole32(R92S_TXDW2_BK); 2334 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 2335 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST); 2336 /* 2337 * Firmware will use and increment the sequence number for the 2338 * specified priority. 2339 */ 2340 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, prio)); 2341 2342 if (ieee80211_radiotap_active_vap(vap)) { 2343 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap; 2344 2345 tap->wt_flags = 0; 2346 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2347 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2348 ieee80211_radiotap_tx(vap, m0); 2349 } 2350 2351 xferlen = sizeof(*txd) + m0->m_pkthdr.len; 2352 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]); 2353 2354 data->buflen = xferlen; 2355 data->ni = ni; 2356 data->m = m0; 2357 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 2358 2359 /* start transfer, if any */ 2360 usbd_transfer_start(sc->sc_xfer[which]); 2361 return (0); 2362 } 2363 2364 static int 2365 rsu_transmit(struct ieee80211com *ic, struct mbuf *m) 2366 { 2367 struct rsu_softc *sc = ic->ic_softc; 2368 int error; 2369 2370 RSU_LOCK(sc); 2371 if (!sc->sc_running) { 2372 RSU_UNLOCK(sc); 2373 return (ENXIO); 2374 } 2375 2376 /* 2377 * XXX TODO: ensure that we treat 'm' as a list of frames 2378 * to transmit! 2379 */ 2380 error = mbufq_enqueue(&sc->sc_snd, m); 2381 if (error) { 2382 RSU_DPRINTF(sc, RSU_DEBUG_TX, 2383 "%s: mbufq_enable: failed (%d)\n", 2384 __func__, 2385 error); 2386 RSU_UNLOCK(sc); 2387 return (error); 2388 } 2389 RSU_UNLOCK(sc); 2390 2391 /* This kicks the TX taskqueue */ 2392 rsu_start(sc); 2393 2394 return (0); 2395 } 2396 2397 static void 2398 rsu_drain_mbufq(struct rsu_softc *sc) 2399 { 2400 struct mbuf *m; 2401 struct ieee80211_node *ni; 2402 2403 RSU_ASSERT_LOCKED(sc); 2404 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 2405 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2406 m->m_pkthdr.rcvif = NULL; 2407 ieee80211_free_node(ni); 2408 m_freem(m); 2409 } 2410 } 2411 2412 static void 2413 _rsu_start(struct rsu_softc *sc) 2414 { 2415 struct ieee80211_node *ni; 2416 struct rsu_data *bf; 2417 struct mbuf *m; 2418 2419 RSU_ASSERT_LOCKED(sc); 2420 2421 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 2422 bf = rsu_getbuf(sc); 2423 if (bf == NULL) { 2424 RSU_DPRINTF(sc, RSU_DEBUG_TX, 2425 "%s: failed to get buffer\n", __func__); 2426 mbufq_prepend(&sc->sc_snd, m); 2427 break; 2428 } 2429 2430 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2431 m->m_pkthdr.rcvif = NULL; 2432 2433 if (rsu_tx_start(sc, ni, m, bf) != 0) { 2434 RSU_DPRINTF(sc, RSU_DEBUG_TX, 2435 "%s: failed to transmit\n", __func__); 2436 if_inc_counter(ni->ni_vap->iv_ifp, 2437 IFCOUNTER_OERRORS, 1); 2438 rsu_freebuf(sc, bf); 2439 ieee80211_free_node(ni); 2440 m_freem(m); 2441 break; 2442 } 2443 } 2444 } 2445 2446 static void 2447 rsu_start(struct rsu_softc *sc) 2448 { 2449 2450 taskqueue_enqueue(taskqueue_thread, &sc->tx_task); 2451 } 2452 2453 static void 2454 rsu_parent(struct ieee80211com *ic) 2455 { 2456 struct rsu_softc *sc = ic->ic_softc; 2457 int startall = 0; 2458 2459 RSU_LOCK(sc); 2460 if (ic->ic_nrunning > 0) { 2461 if (!sc->sc_running) { 2462 rsu_init(sc); 2463 startall = 1; 2464 } 2465 } else if (sc->sc_running) 2466 rsu_stop(sc); 2467 RSU_UNLOCK(sc); 2468 2469 if (startall) 2470 ieee80211_start_all(ic); 2471 } 2472 2473 /* 2474 * Power on sequence for A-cut adapters. 2475 */ 2476 static void 2477 rsu_power_on_acut(struct rsu_softc *sc) 2478 { 2479 uint32_t reg; 2480 2481 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53); 2482 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57); 2483 2484 /* Enable AFE macro block's bandgap and Mbias. */ 2485 rsu_write_1(sc, R92S_AFE_MISC, 2486 rsu_read_1(sc, R92S_AFE_MISC) | 2487 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN); 2488 /* Enable LDOA15 block. */ 2489 rsu_write_1(sc, R92S_LDOA15_CTRL, 2490 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN); 2491 2492 rsu_write_1(sc, R92S_SPS1_CTRL, 2493 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN); 2494 rsu_ms_delay(sc, 2000); 2495 /* Enable switch regulator block. */ 2496 rsu_write_1(sc, R92S_SPS1_CTRL, 2497 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN); 2498 2499 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267); 2500 2501 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 2502 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08); 2503 2504 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2505 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20); 2506 2507 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 2508 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90); 2509 2510 /* Enable AFE clock. */ 2511 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1, 2512 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04); 2513 /* Enable AFE PLL macro block. */ 2514 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 2515 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11); 2516 /* Attach AFE PLL to MACTOP/BB. */ 2517 rsu_write_1(sc, R92S_SYS_ISO_CTRL, 2518 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11); 2519 2520 /* Switch to 40MHz clock instead of 80MHz. */ 2521 rsu_write_2(sc, R92S_SYS_CLKR, 2522 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL); 2523 2524 /* Enable MAC clock. */ 2525 rsu_write_2(sc, R92S_SYS_CLKR, 2526 rsu_read_2(sc, R92S_SYS_CLKR) | 2527 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN); 2528 2529 rsu_write_1(sc, R92S_PMC_FSM, 0x02); 2530 2531 /* Enable digital core and IOREG R/W. */ 2532 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2533 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08); 2534 2535 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2536 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80); 2537 2538 /* Switch the control path to firmware. */ 2539 reg = rsu_read_2(sc, R92S_SYS_CLKR); 2540 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL; 2541 rsu_write_2(sc, R92S_SYS_CLKR, reg); 2542 2543 rsu_write_2(sc, R92S_CR, 0x37fc); 2544 2545 /* Fix USB RX FIFO issue. */ 2546 rsu_write_1(sc, 0xfe5c, 2547 rsu_read_1(sc, 0xfe5c) | 0x80); 2548 rsu_write_1(sc, 0x00ab, 2549 rsu_read_1(sc, 0x00ab) | 0xc0); 2550 2551 rsu_write_1(sc, R92S_SYS_CLKR, 2552 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL); 2553 } 2554 2555 /* 2556 * Power on sequence for B-cut and C-cut adapters. 2557 */ 2558 static void 2559 rsu_power_on_bcut(struct rsu_softc *sc) 2560 { 2561 uint32_t reg; 2562 int ntries; 2563 2564 /* Prevent eFuse leakage. */ 2565 rsu_write_1(sc, 0x37, 0xb0); 2566 rsu_ms_delay(sc, 10); 2567 rsu_write_1(sc, 0x37, 0x30); 2568 2569 /* Switch the control path to hardware. */ 2570 reg = rsu_read_2(sc, R92S_SYS_CLKR); 2571 if (reg & R92S_FWHW_SEL) { 2572 rsu_write_2(sc, R92S_SYS_CLKR, 2573 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL)); 2574 } 2575 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2576 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c); 2577 rsu_ms_delay(sc, 1); 2578 2579 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53); 2580 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57); 2581 2582 reg = rsu_read_1(sc, R92S_AFE_MISC); 2583 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN); 2584 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN | 2585 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN); 2586 2587 /* Enable PLL. */ 2588 rsu_write_1(sc, R92S_LDOA15_CTRL, 2589 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN); 2590 2591 rsu_write_1(sc, R92S_LDOV12D_CTRL, 2592 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN); 2593 2594 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 2595 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08); 2596 2597 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2598 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20); 2599 2600 /* Support 64KB IMEM. */ 2601 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 2602 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97); 2603 2604 /* Enable AFE clock. */ 2605 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1, 2606 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04); 2607 /* Enable AFE PLL macro block. */ 2608 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL); 2609 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11); 2610 rsu_ms_delay(sc, 1); 2611 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51); 2612 rsu_ms_delay(sc, 1); 2613 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11); 2614 rsu_ms_delay(sc, 1); 2615 2616 /* Attach AFE PLL to MACTOP/BB. */ 2617 rsu_write_1(sc, R92S_SYS_ISO_CTRL, 2618 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11); 2619 2620 /* Switch to 40MHz clock. */ 2621 rsu_write_1(sc, R92S_SYS_CLKR, 0x00); 2622 /* Disable CPU clock and 80MHz SSC. */ 2623 rsu_write_1(sc, R92S_SYS_CLKR, 2624 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0); 2625 /* Enable MAC clock. */ 2626 rsu_write_2(sc, R92S_SYS_CLKR, 2627 rsu_read_2(sc, R92S_SYS_CLKR) | 2628 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN); 2629 2630 rsu_write_1(sc, R92S_PMC_FSM, 0x02); 2631 2632 /* Enable digital core and IOREG R/W. */ 2633 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2634 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08); 2635 2636 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2637 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80); 2638 2639 /* Switch the control path to firmware. */ 2640 reg = rsu_read_2(sc, R92S_SYS_CLKR); 2641 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL; 2642 rsu_write_2(sc, R92S_SYS_CLKR, reg); 2643 2644 rsu_write_2(sc, R92S_CR, 0x37fc); 2645 2646 /* Fix USB RX FIFO issue. */ 2647 rsu_write_1(sc, 0xfe5c, 2648 rsu_read_1(sc, 0xfe5c) | 0x80); 2649 2650 rsu_write_1(sc, R92S_SYS_CLKR, 2651 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL); 2652 2653 rsu_write_1(sc, 0xfe1c, 0x80); 2654 2655 /* Make sure TxDMA is ready to download firmware. */ 2656 for (ntries = 0; ntries < 20; ntries++) { 2657 reg = rsu_read_1(sc, R92S_TCR); 2658 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) == 2659 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) 2660 break; 2661 rsu_ms_delay(sc, 1); 2662 } 2663 if (ntries == 20) { 2664 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_TX, 2665 "%s: TxDMA is not ready\n", 2666 __func__); 2667 /* Reset TxDMA. */ 2668 reg = rsu_read_1(sc, R92S_CR); 2669 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN); 2670 rsu_ms_delay(sc, 1); 2671 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN); 2672 } 2673 } 2674 2675 static void 2676 rsu_power_off(struct rsu_softc *sc) 2677 { 2678 /* Turn RF off. */ 2679 rsu_write_1(sc, R92S_RF_CTRL, 0x00); 2680 rsu_ms_delay(sc, 5); 2681 2682 /* Turn MAC off. */ 2683 /* Switch control path. */ 2684 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38); 2685 /* Reset MACTOP. */ 2686 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70); 2687 rsu_write_1(sc, R92S_PMC_FSM, 0x06); 2688 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9); 2689 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8); 2690 2691 /* Disable AFE PLL. */ 2692 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00); 2693 /* Disable A15V. */ 2694 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54); 2695 /* Disable eFuse 1.2V. */ 2696 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50); 2697 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24); 2698 /* Enable AFE macro block's bandgap and Mbias. */ 2699 rsu_write_1(sc, R92S_AFE_MISC, 0x30); 2700 /* Disable 1.6V LDO. */ 2701 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56); 2702 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43); 2703 2704 /* Firmware - tell it to switch things off */ 2705 (void) rsu_set_fw_power_state(sc, RSU_PWR_OFF); 2706 } 2707 2708 static int 2709 rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len) 2710 { 2711 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO]; 2712 struct rsu_data *data; 2713 struct r92s_tx_desc *txd; 2714 int mlen; 2715 2716 while (len > 0) { 2717 data = rsu_getbuf(sc); 2718 if (data == NULL) 2719 return (ENOMEM); 2720 txd = (struct r92s_tx_desc *)data->buf; 2721 memset(txd, 0, sizeof(*txd)); 2722 if (len <= RSU_TXBUFSZ - sizeof(*txd)) { 2723 /* Last chunk. */ 2724 txd->txdw0 |= htole32(R92S_TXDW0_LINIP); 2725 mlen = len; 2726 } else 2727 mlen = RSU_TXBUFSZ - sizeof(*txd); 2728 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen)); 2729 memcpy(&txd[1], buf, mlen); 2730 data->buflen = sizeof(*txd) + mlen; 2731 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FW | RSU_DEBUG_RESET, 2732 "%s: starting transfer %p\n", 2733 __func__, data); 2734 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 2735 buf += mlen; 2736 len -= mlen; 2737 } 2738 usbd_transfer_start(sc->sc_xfer[which]); 2739 return (0); 2740 } 2741 2742 static int 2743 rsu_load_firmware(struct rsu_softc *sc) 2744 { 2745 const struct r92s_fw_hdr *hdr; 2746 struct r92s_fw_priv *dmem; 2747 struct ieee80211com *ic = &sc->sc_ic; 2748 const uint8_t *imem, *emem; 2749 int imemsz, ememsz; 2750 const struct firmware *fw; 2751 size_t size; 2752 uint32_t reg; 2753 int ntries, error; 2754 2755 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY) { 2756 RSU_DPRINTF(sc, RSU_DEBUG_ANY, 2757 "%s: Firmware already loaded\n", 2758 __func__); 2759 return (0); 2760 } 2761 2762 RSU_UNLOCK(sc); 2763 /* Read firmware image from the filesystem. */ 2764 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) { 2765 device_printf(sc->sc_dev, 2766 "%s: failed load firmware of file rsu-rtl8712fw\n", 2767 __func__); 2768 RSU_LOCK(sc); 2769 return (ENXIO); 2770 } 2771 RSU_LOCK(sc); 2772 size = fw->datasize; 2773 if (size < sizeof(*hdr)) { 2774 device_printf(sc->sc_dev, "firmware too short\n"); 2775 error = EINVAL; 2776 goto fail; 2777 } 2778 hdr = (const struct r92s_fw_hdr *)fw->data; 2779 if (hdr->signature != htole16(0x8712) && 2780 hdr->signature != htole16(0x8192)) { 2781 device_printf(sc->sc_dev, 2782 "invalid firmware signature 0x%x\n", 2783 le16toh(hdr->signature)); 2784 error = EINVAL; 2785 goto fail; 2786 } 2787 DPRINTF("FW V%d %02x-%02x %02x:%02x\n", le16toh(hdr->version), 2788 hdr->month, hdr->day, hdr->hour, hdr->minute); 2789 2790 /* Make sure that driver and firmware are in sync. */ 2791 if (hdr->privsz != htole32(sizeof(*dmem))) { 2792 device_printf(sc->sc_dev, "unsupported firmware image\n"); 2793 error = EINVAL; 2794 goto fail; 2795 } 2796 /* Get FW sections sizes. */ 2797 imemsz = le32toh(hdr->imemsz); 2798 ememsz = le32toh(hdr->sramsz); 2799 /* Check that all FW sections fit in image. */ 2800 if (size < sizeof(*hdr) + imemsz + ememsz) { 2801 device_printf(sc->sc_dev, "firmware too short\n"); 2802 error = EINVAL; 2803 goto fail; 2804 } 2805 imem = (const uint8_t *)&hdr[1]; 2806 emem = imem + imemsz; 2807 2808 /* Load IMEM section. */ 2809 error = rsu_fw_loadsection(sc, imem, imemsz); 2810 if (error != 0) { 2811 device_printf(sc->sc_dev, 2812 "could not load firmware section %s\n", "IMEM"); 2813 goto fail; 2814 } 2815 /* Wait for load to complete. */ 2816 for (ntries = 0; ntries != 50; ntries++) { 2817 rsu_ms_delay(sc, 10); 2818 reg = rsu_read_1(sc, R92S_TCR); 2819 if (reg & R92S_TCR_IMEM_CODE_DONE) 2820 break; 2821 } 2822 if (ntries == 50) { 2823 device_printf(sc->sc_dev, "timeout waiting for IMEM transfer\n"); 2824 error = ETIMEDOUT; 2825 goto fail; 2826 } 2827 /* Load EMEM section. */ 2828 error = rsu_fw_loadsection(sc, emem, ememsz); 2829 if (error != 0) { 2830 device_printf(sc->sc_dev, 2831 "could not load firmware section %s\n", "EMEM"); 2832 goto fail; 2833 } 2834 /* Wait for load to complete. */ 2835 for (ntries = 0; ntries != 50; ntries++) { 2836 rsu_ms_delay(sc, 10); 2837 reg = rsu_read_2(sc, R92S_TCR); 2838 if (reg & R92S_TCR_EMEM_CODE_DONE) 2839 break; 2840 } 2841 if (ntries == 50) { 2842 device_printf(sc->sc_dev, "timeout waiting for EMEM transfer\n"); 2843 error = ETIMEDOUT; 2844 goto fail; 2845 } 2846 /* Enable CPU. */ 2847 rsu_write_1(sc, R92S_SYS_CLKR, 2848 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL); 2849 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) { 2850 device_printf(sc->sc_dev, "could not enable system clock\n"); 2851 error = EIO; 2852 goto fail; 2853 } 2854 rsu_write_2(sc, R92S_SYS_FUNC_EN, 2855 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN); 2856 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) { 2857 device_printf(sc->sc_dev, 2858 "could not enable microcontroller\n"); 2859 error = EIO; 2860 goto fail; 2861 } 2862 /* Wait for CPU to initialize. */ 2863 for (ntries = 0; ntries < 100; ntries++) { 2864 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_IMEM_RDY) 2865 break; 2866 rsu_ms_delay(sc, 1); 2867 } 2868 if (ntries == 100) { 2869 device_printf(sc->sc_dev, 2870 "timeout waiting for microcontroller\n"); 2871 error = ETIMEDOUT; 2872 goto fail; 2873 } 2874 2875 /* Update DMEM section before loading. */ 2876 dmem = __DECONST(struct r92s_fw_priv *, &hdr->priv); 2877 memset(dmem, 0, sizeof(*dmem)); 2878 dmem->hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172; 2879 dmem->nendpoints = sc->sc_nendpoints; 2880 dmem->chip_version = sc->cut; 2881 dmem->rf_config = sc->sc_rftype; 2882 dmem->vcs_type = R92S_VCS_TYPE_AUTO; 2883 dmem->vcs_mode = R92S_VCS_MODE_RTS_CTS; 2884 dmem->turbo_mode = 0; 2885 dmem->bw40_en = !! (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40); 2886 dmem->amsdu2ampdu_en = !! (sc->sc_ht); 2887 dmem->ampdu_en = !! (sc->sc_ht); 2888 dmem->agg_offload = !! (sc->sc_ht); 2889 dmem->qos_en = 1; 2890 dmem->ps_offload = 1; 2891 dmem->lowpower_mode = 1; /* XXX TODO: configurable? */ 2892 /* Load DMEM section. */ 2893 error = rsu_fw_loadsection(sc, (uint8_t *)dmem, sizeof(*dmem)); 2894 if (error != 0) { 2895 device_printf(sc->sc_dev, 2896 "could not load firmware section %s\n", "DMEM"); 2897 goto fail; 2898 } 2899 /* Wait for load to complete. */ 2900 for (ntries = 0; ntries < 100; ntries++) { 2901 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE) 2902 break; 2903 rsu_ms_delay(sc, 1); 2904 } 2905 if (ntries == 100) { 2906 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n", 2907 "DMEM"); 2908 error = ETIMEDOUT; 2909 goto fail; 2910 } 2911 /* Wait for firmware readiness. */ 2912 for (ntries = 0; ntries < 60; ntries++) { 2913 if (!(rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY)) 2914 break; 2915 rsu_ms_delay(sc, 1); 2916 } 2917 if (ntries == 60) { 2918 device_printf(sc->sc_dev, 2919 "timeout waiting for firmware readiness\n"); 2920 error = ETIMEDOUT; 2921 goto fail; 2922 } 2923 fail: 2924 firmware_put(fw, FIRMWARE_UNLOAD); 2925 return (error); 2926 } 2927 2928 2929 static int 2930 rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2931 const struct ieee80211_bpf_params *params) 2932 { 2933 struct ieee80211com *ic = ni->ni_ic; 2934 struct rsu_softc *sc = ic->ic_softc; 2935 struct rsu_data *bf; 2936 2937 /* prevent management frames from being sent if we're not ready */ 2938 if (!sc->sc_running) { 2939 m_freem(m); 2940 return (ENETDOWN); 2941 } 2942 RSU_LOCK(sc); 2943 bf = rsu_getbuf(sc); 2944 if (bf == NULL) { 2945 m_freem(m); 2946 RSU_UNLOCK(sc); 2947 return (ENOBUFS); 2948 } 2949 if (rsu_tx_start(sc, ni, m, bf) != 0) { 2950 m_freem(m); 2951 rsu_freebuf(sc, bf); 2952 RSU_UNLOCK(sc); 2953 return (EIO); 2954 } 2955 RSU_UNLOCK(sc); 2956 2957 return (0); 2958 } 2959 2960 static void 2961 rsu_init(struct rsu_softc *sc) 2962 { 2963 struct ieee80211com *ic = &sc->sc_ic; 2964 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2965 uint8_t macaddr[IEEE80211_ADDR_LEN]; 2966 int error; 2967 int i; 2968 2969 RSU_ASSERT_LOCKED(sc); 2970 2971 /* Ensure the mbuf queue is drained */ 2972 rsu_drain_mbufq(sc); 2973 2974 /* Reset power management state. */ 2975 rsu_write_1(sc, R92S_USB_HRPWM, 0); 2976 2977 /* Power on adapter. */ 2978 if (sc->cut == 1) 2979 rsu_power_on_acut(sc); 2980 else 2981 rsu_power_on_bcut(sc); 2982 2983 /* Load firmware. */ 2984 error = rsu_load_firmware(sc); 2985 if (error != 0) 2986 goto fail; 2987 2988 /* Enable Rx TCP checksum offload. */ 2989 rsu_write_4(sc, R92S_RCR, 2990 rsu_read_4(sc, R92S_RCR) | 0x04000000); 2991 /* Append PHY status. */ 2992 rsu_write_4(sc, R92S_RCR, 2993 rsu_read_4(sc, R92S_RCR) | 0x02000000); 2994 2995 rsu_write_4(sc, R92S_CR, 2996 rsu_read_4(sc, R92S_CR) & ~0xff000000); 2997 2998 /* Use 128 bytes pages. */ 2999 rsu_write_1(sc, 0x00b5, 3000 rsu_read_1(sc, 0x00b5) | 0x01); 3001 /* Enable USB Rx aggregation. */ 3002 rsu_write_1(sc, 0x00bd, 3003 rsu_read_1(sc, 0x00bd) | 0x80); 3004 /* Set USB Rx aggregation threshold. */ 3005 rsu_write_1(sc, 0x00d9, 0x01); 3006 /* Set USB Rx aggregation timeout (1.7ms/4). */ 3007 rsu_write_1(sc, 0xfe5b, 0x04); 3008 /* Fix USB Rx FIFO issue. */ 3009 rsu_write_1(sc, 0xfe5c, 3010 rsu_read_1(sc, 0xfe5c) | 0x80); 3011 3012 /* Set MAC address. */ 3013 IEEE80211_ADDR_COPY(macaddr, vap ? vap->iv_myaddr : ic->ic_macaddr); 3014 rsu_write_region_1(sc, R92S_MACID, macaddr, IEEE80211_ADDR_LEN); 3015 3016 /* It really takes 1.5 seconds for the firmware to boot: */ 3017 rsu_ms_delay(sc, 2000); 3018 3019 RSU_DPRINTF(sc, RSU_DEBUG_RESET, "%s: setting MAC address to %s\n", 3020 __func__, 3021 ether_sprintf(macaddr)); 3022 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, macaddr, 3023 IEEE80211_ADDR_LEN); 3024 if (error != 0) { 3025 device_printf(sc->sc_dev, "could not set MAC address\n"); 3026 goto fail; 3027 } 3028 3029 /* Setup multicast filter (must be done after firmware loading). */ 3030 rsu_set_multi(sc); 3031 3032 /* Set PS mode fully active */ 3033 error = rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); 3034 3035 if (error != 0) { 3036 device_printf(sc->sc_dev, "could not set PS mode\n"); 3037 goto fail; 3038 } 3039 3040 sc->sc_extra_scan = 0; 3041 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]); 3042 3043 /* We're ready to go. */ 3044 sc->sc_running = 1; 3045 return; 3046 fail: 3047 /* Need to stop all failed transfers, if any */ 3048 for (i = 0; i != RSU_N_TRANSFER; i++) 3049 usbd_transfer_stop(sc->sc_xfer[i]); 3050 } 3051 3052 static void 3053 rsu_stop(struct rsu_softc *sc) 3054 { 3055 int i; 3056 3057 RSU_ASSERT_LOCKED(sc); 3058 3059 sc->sc_running = 0; 3060 sc->sc_calibrating = 0; 3061 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL); 3062 taskqueue_cancel(taskqueue_thread, &sc->tx_task, NULL); 3063 3064 /* Power off adapter. */ 3065 rsu_power_off(sc); 3066 3067 for (i = 0; i < RSU_N_TRANSFER; i++) 3068 usbd_transfer_stop(sc->sc_xfer[i]); 3069 3070 /* Ensure the mbuf queue is drained */ 3071 rsu_drain_mbufq(sc); 3072 } 3073 3074 /* 3075 * Note: usb_pause_mtx() actually releases the mutex before calling pause(), 3076 * which breaks any kind of driver serialisation. 3077 */ 3078 static void 3079 rsu_ms_delay(struct rsu_softc *sc, int ms) 3080 { 3081 3082 //usb_pause_mtx(&sc->sc_mtx, hz / 1000); 3083 DELAY(ms * 1000); 3084 } 3085