1/* $OpenBSD: if_rsu.c,v 1.17 2013/04/15 09:23:01 mglocker Exp $ */
2
3/*-
4 * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18#include <sys/cdefs.h>
19__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_rsu.c 298818 2016-04-29 22:14:11Z avos $");
20
21/*
22 * Driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU.
23 *
24 * TODO:
25 * o h/w crypto
26 * o hostap / ibss / mesh
27 * o sensible RSSI levels
28 * o power-save operation
29 */
30
31#include "opt_wlan.h"
32
33#include <sys/param.h>
34#include <sys/endian.h>
35#include <sys/sockio.h>
36#include <sys/malloc.h>
37#include <sys/mbuf.h>
38#include <sys/kernel.h>
39#include <sys/socket.h>
40#include <sys/systm.h>
41#include <sys/conf.h>
42#include <sys/bus.h>
43#include <sys/rman.h>
44#include <sys/firmware.h>
45#include <sys/module.h>
46
47#include <machine/bus.h>
48#include <machine/resource.h>
49
50#include <net/bpf.h>
51#include <net/if.h>
52#include <net/if_var.h>
53#include <net/if_arp.h>
54#include <net/if_dl.h>
55#include <net/if_media.h>
56#include <net/if_types.h>
57
58#include <netinet/in.h>
59#include <netinet/in_systm.h>
60#include <netinet/in_var.h>
61#include <netinet/if_ether.h>
62#include <netinet/ip.h>
63
64#include <net80211/ieee80211_var.h>
65#include <net80211/ieee80211_regdomain.h>
66#include <net80211/ieee80211_radiotap.h>
67
68#include <dev/usb/usb.h>
69#include <dev/usb/usbdi.h>
70#include "usbdevs.h"
71
72#define USB_DEBUG_VAR rsu_debug
73#include <dev/usb/usb_debug.h>
74
75#include <dev/usb/wlan/if_rsureg.h>
76
77#ifdef USB_DEBUG
78static int rsu_debug = 0;
79SYSCTL_NODE(_hw_usb, OID_AUTO, rsu, CTLFLAG_RW, 0, "USB rsu");
80SYSCTL_INT(_hw_usb_rsu, OID_AUTO, debug, CTLFLAG_RWTUN, &rsu_debug, 0,
81 "Debug level");
82#define RSU_DPRINTF(_sc, _flg, ...) \
83 do \
84 if (((_flg) == (RSU_DEBUG_ANY)) || (rsu_debug & (_flg))) \
85 device_printf((_sc)->sc_dev, __VA_ARGS__); \
86 while (0)
87#else
88#define RSU_DPRINTF(_sc, _flg, ...)
89#endif
90
91static int rsu_enable_11n = 1;
92TUNABLE_INT("hw.usb.rsu.enable_11n", &rsu_enable_11n);
93
94#define RSU_DEBUG_ANY 0xffffffff
95#define RSU_DEBUG_TX 0x00000001
96#define RSU_DEBUG_RX 0x00000002
97#define RSU_DEBUG_RESET 0x00000004
98#define RSU_DEBUG_CALIB 0x00000008
99#define RSU_DEBUG_STATE 0x00000010
100#define RSU_DEBUG_SCAN 0x00000020
101#define RSU_DEBUG_FWCMD 0x00000040
102#define RSU_DEBUG_TXDONE 0x00000080
103#define RSU_DEBUG_FW 0x00000100
104#define RSU_DEBUG_FWDBG 0x00000200
105#define RSU_DEBUG_AMPDU 0x00000400
106
107static const STRUCT_USB_HOST_ID rsu_devs[] = {
108#define RSU_HT_NOT_SUPPORTED 0
109#define RSU_HT_SUPPORTED 1
110#define RSU_DEV_HT(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \
111 RSU_HT_SUPPORTED) }
112#define RSU_DEV(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \
113 RSU_HT_NOT_SUPPORTED) }
114 RSU_DEV(ASUS, RTL8192SU),
115 RSU_DEV(AZUREWAVE, RTL8192SU_4),
116 RSU_DEV_HT(ACCTON, RTL8192SU),
117 RSU_DEV_HT(ASUS, USBN10),
118 RSU_DEV_HT(AZUREWAVE, RTL8192SU_1),
119 RSU_DEV_HT(AZUREWAVE, RTL8192SU_2),
120 RSU_DEV_HT(AZUREWAVE, RTL8192SU_3),
121 RSU_DEV_HT(AZUREWAVE, RTL8192SU_5),
122 RSU_DEV_HT(BELKIN, RTL8192SU_1),
123 RSU_DEV_HT(BELKIN, RTL8192SU_2),
124 RSU_DEV_HT(BELKIN, RTL8192SU_3),
125 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_1),
126 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_2),
127 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_3),
128 RSU_DEV_HT(COREGA, RTL8192SU),
129 RSU_DEV_HT(DLINK2, DWA131A1),
130 RSU_DEV_HT(DLINK2, RTL8192SU_1),
131 RSU_DEV_HT(DLINK2, RTL8192SU_2),
132 RSU_DEV_HT(EDIMAX, RTL8192SU_1),
133 RSU_DEV_HT(EDIMAX, RTL8192SU_2),
134 RSU_DEV_HT(EDIMAX, EW7622UMN),
135 RSU_DEV_HT(GUILLEMOT, HWGUN54),
136 RSU_DEV_HT(GUILLEMOT, HWNUM300),
137 RSU_DEV_HT(HAWKING, RTL8192SU_1),
138 RSU_DEV_HT(HAWKING, RTL8192SU_2),
139 RSU_DEV_HT(PLANEX2, GWUSNANO),
140 RSU_DEV_HT(REALTEK, RTL8171),
141 RSU_DEV_HT(REALTEK, RTL8172),
142 RSU_DEV_HT(REALTEK, RTL8173),
143 RSU_DEV_HT(REALTEK, RTL8174),
144 RSU_DEV_HT(REALTEK, RTL8192SU),
145 RSU_DEV_HT(REALTEK, RTL8712),
146 RSU_DEV_HT(REALTEK, RTL8713),
147 RSU_DEV_HT(SENAO, RTL8192SU_1),
148 RSU_DEV_HT(SENAO, RTL8192SU_2),
149 RSU_DEV_HT(SITECOMEU, WL349V1),
150 RSU_DEV_HT(SITECOMEU, WL353),
151 RSU_DEV_HT(SWEEX2, LW154),
152 RSU_DEV_HT(TRENDNET, TEW646UBH),
153#undef RSU_DEV_HT
154#undef RSU_DEV
155};
156
157static device_probe_t rsu_match;
158static device_attach_t rsu_attach;
159static device_detach_t rsu_detach;
160static usb_callback_t rsu_bulk_tx_callback_be_bk;
161static usb_callback_t rsu_bulk_tx_callback_vi_vo;
162static usb_callback_t rsu_bulk_tx_callback_h2c;
163static usb_callback_t rsu_bulk_rx_callback;
164static usb_error_t rsu_do_request(struct rsu_softc *,
165 struct usb_device_request *, void *);
166static struct ieee80211vap *
167 rsu_vap_create(struct ieee80211com *, const char name[],
168 int, enum ieee80211_opmode, int, const uint8_t bssid[],
169 const uint8_t mac[]);
170static void rsu_vap_delete(struct ieee80211vap *);
171static void rsu_scan_start(struct ieee80211com *);
172static void rsu_scan_end(struct ieee80211com *);
173static void rsu_set_channel(struct ieee80211com *);
174static void rsu_update_mcast(struct ieee80211com *);
175static int rsu_alloc_rx_list(struct rsu_softc *);
176static void rsu_free_rx_list(struct rsu_softc *);
177static int rsu_alloc_tx_list(struct rsu_softc *);
178static void rsu_free_tx_list(struct rsu_softc *);
179static void rsu_free_list(struct rsu_softc *, struct rsu_data [], int);
180static struct rsu_data *_rsu_getbuf(struct rsu_softc *);
181static struct rsu_data *rsu_getbuf(struct rsu_softc *);
182static void rsu_freebuf(struct rsu_softc *, struct rsu_data *);
183static int rsu_write_region_1(struct rsu_softc *, uint16_t, uint8_t *,
184 int);
185static void rsu_write_1(struct rsu_softc *, uint16_t, uint8_t);
186static void rsu_write_2(struct rsu_softc *, uint16_t, uint16_t);
187static void rsu_write_4(struct rsu_softc *, uint16_t, uint32_t);
188static int rsu_read_region_1(struct rsu_softc *, uint16_t, uint8_t *,
189 int);
190static uint8_t rsu_read_1(struct rsu_softc *, uint16_t);
191static uint16_t rsu_read_2(struct rsu_softc *, uint16_t);
192static uint32_t rsu_read_4(struct rsu_softc *, uint16_t);
193static int rsu_fw_iocmd(struct rsu_softc *, uint32_t);
194static uint8_t rsu_efuse_read_1(struct rsu_softc *, uint16_t);
195static int rsu_read_rom(struct rsu_softc *);
196static int rsu_fw_cmd(struct rsu_softc *, uint8_t, void *, int);
197static void rsu_calib_task(void *, int);
198static void rsu_tx_task(void *, int);
199static int rsu_newstate(struct ieee80211vap *, enum ieee80211_state, int);
200#ifdef notyet
201static void rsu_set_key(struct rsu_softc *, const struct ieee80211_key *);
202static void rsu_delete_key(struct rsu_softc *, const struct ieee80211_key *);
203#endif
204static int rsu_site_survey(struct rsu_softc *, struct ieee80211vap *);
205static int rsu_join_bss(struct rsu_softc *, struct ieee80211_node *);
206static int rsu_disconnect(struct rsu_softc *);
207static int rsu_hwrssi_to_rssi(struct rsu_softc *, int hw_rssi);
208static void rsu_event_survey(struct rsu_softc *, uint8_t *, int);
209static void rsu_event_join_bss(struct rsu_softc *, uint8_t *, int);
210static void rsu_rx_event(struct rsu_softc *, uint8_t, uint8_t *, int);
211static void rsu_rx_multi_event(struct rsu_softc *, uint8_t *, int);
212#if 0
213static int8_t rsu_get_rssi(struct rsu_softc *, int, void *);
214#endif
215static struct mbuf * rsu_rx_frame(struct rsu_softc *, uint8_t *, int);
216static struct mbuf * rsu_rx_multi_frame(struct rsu_softc *, uint8_t *, int);
217static struct mbuf *
218 rsu_rxeof(struct usb_xfer *, struct rsu_data *);
219static void rsu_txeof(struct usb_xfer *, struct rsu_data *);
220static int rsu_raw_xmit(struct ieee80211_node *, struct mbuf *,
221 const struct ieee80211_bpf_params *);
222static void rsu_init(struct rsu_softc *);
223static int rsu_tx_start(struct rsu_softc *, struct ieee80211_node *,
224 struct mbuf *, struct rsu_data *);
225static int rsu_transmit(struct ieee80211com *, struct mbuf *);
226static void rsu_start(struct rsu_softc *);
227static void _rsu_start(struct rsu_softc *);
228static void rsu_parent(struct ieee80211com *);
229static void rsu_stop(struct rsu_softc *);
230static void rsu_ms_delay(struct rsu_softc *, int);
231
232static device_method_t rsu_methods[] = {
233 DEVMETHOD(device_probe, rsu_match),
234 DEVMETHOD(device_attach, rsu_attach),
235 DEVMETHOD(device_detach, rsu_detach),
236
237 DEVMETHOD_END
238};
239
240static driver_t rsu_driver = {
241 .name = "rsu",
242 .methods = rsu_methods,
243 .size = sizeof(struct rsu_softc)
244};
245
246static devclass_t rsu_devclass;
247
248DRIVER_MODULE(rsu, uhub, rsu_driver, rsu_devclass, NULL, 0);
249MODULE_DEPEND(rsu, wlan, 1, 1, 1);
250MODULE_DEPEND(rsu, usb, 1, 1, 1);
251MODULE_DEPEND(rsu, firmware, 1, 1, 1);
252MODULE_VERSION(rsu, 1);
253USB_PNP_HOST_INFO(rsu_devs);
254
255static uint8_t rsu_wme_ac_xfer_map[4] = {
256 [WME_AC_BE] = RSU_BULK_TX_BE_BK,
257 [WME_AC_BK] = RSU_BULK_TX_BE_BK,
258 [WME_AC_VI] = RSU_BULK_TX_VI_VO,
259 [WME_AC_VO] = RSU_BULK_TX_VI_VO,
260};
261
262/* XXX hard-coded */
263#define RSU_H2C_ENDPOINT 3
264
265static const struct usb_config rsu_config[RSU_N_TRANSFER] = {
266 [RSU_BULK_RX] = {
267 .type = UE_BULK,
268 .endpoint = UE_ADDR_ANY,
269 .direction = UE_DIR_IN,
270 .bufsize = RSU_RXBUFSZ,
271 .flags = {
272 .pipe_bof = 1,
273 .short_xfer_ok = 1
274 },
275 .callback = rsu_bulk_rx_callback
276 },
277 [RSU_BULK_TX_BE_BK] = {
278 .type = UE_BULK,
279 .endpoint = 0x06,
280 .direction = UE_DIR_OUT,
281 .bufsize = RSU_TXBUFSZ,
282 .flags = {
283 .ext_buffer = 1,
284 .pipe_bof = 1,
285 .force_short_xfer = 1
286 },
287 .callback = rsu_bulk_tx_callback_be_bk,
288 .timeout = RSU_TX_TIMEOUT
289 },
290 [RSU_BULK_TX_VI_VO] = {
291 .type = UE_BULK,
292 .endpoint = 0x04,
293 .direction = UE_DIR_OUT,
294 .bufsize = RSU_TXBUFSZ,
295 .flags = {
296 .ext_buffer = 1,
297 .pipe_bof = 1,
298 .force_short_xfer = 1
299 },
300 .callback = rsu_bulk_tx_callback_vi_vo,
301 .timeout = RSU_TX_TIMEOUT
302 },
303 [RSU_BULK_TX_H2C] = {
304 .type = UE_BULK,
305 .endpoint = 0x0d,
306 .direction = UE_DIR_OUT,
307 .bufsize = RSU_TXBUFSZ,
308 .flags = {
309 .ext_buffer = 1,
310 .pipe_bof = 1,
311 .short_xfer_ok = 1
312 },
313 .callback = rsu_bulk_tx_callback_h2c,
314 .timeout = RSU_TX_TIMEOUT
315 },
316};
317
318static int
319rsu_match(device_t self)
320{
321 struct usb_attach_arg *uaa = device_get_ivars(self);
322
323 if (uaa->usb_mode != USB_MODE_HOST ||
324 uaa->info.bIfaceIndex != 0 ||
325 uaa->info.bConfigIndex != 0)
326 return (ENXIO);
327
328 return (usbd_lookup_id_by_uaa(rsu_devs, sizeof(rsu_devs), uaa));
329}
330
331static int
332rsu_send_mgmt(struct ieee80211_node *ni, int type, int arg)
333{
334
335 return (ENOTSUP);
336}
337
338static void
339rsu_update_chw(struct ieee80211com *ic)
340{
341
342}
343
344/*
345 * notification from net80211 that it'd like to do A-MPDU on the given TID.
346 *
347 * Note: this actually hangs traffic at the present moment, so don't use it.
348 * The firmware debug does indiciate it's sending and establishing a TX AMPDU
349 * session, but then no traffic flows.
350 */
351static int
352rsu_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
353{
354#if 0
355 struct rsu_softc *sc = ni->ni_ic->ic_softc;
356 struct r92s_add_ba_req req;
357
358 /* Don't enable if it's requested or running */
359 if (IEEE80211_AMPDU_REQUESTED(tap))
360 return (0);
361 if (IEEE80211_AMPDU_RUNNING(tap))
362 return (0);
363
364 /* We've decided to send addba; so send it */
365 req.tid = htole32(tap->txa_tid);
366
367 /* Attempt net80211 state */
368 if (ieee80211_ampdu_tx_request_ext(ni, tap->txa_tid) != 1)
369 return (0);
370
371 /* Send the firmware command */
372 RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: establishing AMPDU TX for TID %d\n",
373 __func__,
374 tap->txa_tid);
375
376 RSU_LOCK(sc);
377 if (rsu_fw_cmd(sc, R92S_CMD_ADDBA_REQ, &req, sizeof(req)) != 1) {
378 RSU_UNLOCK(sc);
379 /* Mark failure */
380 (void) ieee80211_ampdu_tx_request_active_ext(ni, tap->txa_tid, 0);
381 return (0);
382 }
383 RSU_UNLOCK(sc);
384
385 /* Mark success; we don't get any further notifications */
386 (void) ieee80211_ampdu_tx_request_active_ext(ni, tap->txa_tid, 1);
387#endif
388 /* Return 0, we're driving this ourselves */
389 return (0);
390}
391
392static int
393rsu_wme_update(struct ieee80211com *ic)
394{
395
396 /* Firmware handles this; not our problem */
397 return (0);
398}
399
400static int
401rsu_attach(device_t self)
402{
403 struct usb_attach_arg *uaa = device_get_ivars(self);
404 struct rsu_softc *sc = device_get_softc(self);
405 struct ieee80211com *ic = &sc->sc_ic;
406 int error;
407 uint8_t bands[IEEE80211_MODE_BYTES];
408 uint8_t iface_index;
409 struct usb_interface *iface;
410 const char *rft;
411
412 device_set_usb_desc(self);
413 sc->sc_udev = uaa->device;
414 sc->sc_dev = self;
415 if (rsu_enable_11n)
416 sc->sc_ht = !! (USB_GET_DRIVER_INFO(uaa) & RSU_HT_SUPPORTED);
417
418 /* Get number of endpoints */
419 iface = usbd_get_iface(sc->sc_udev, 0);
420 sc->sc_nendpoints = iface->idesc->bNumEndpoints;
421
422 /* Endpoints are hard-coded for now, so enforce 4-endpoint only */
423 if (sc->sc_nendpoints != 4) {
424 device_printf(sc->sc_dev,
425 "the driver currently only supports 4-endpoint devices\n");
426 return (ENXIO);
427 }
428
429 mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK,
430 MTX_DEF);
431 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_task, 0,
432 rsu_calib_task, sc);
433 TASK_INIT(&sc->tx_task, 0, rsu_tx_task, sc);
434 mbufq_init(&sc->sc_snd, ifqmaxlen);
435
436 /* Allocate Tx/Rx buffers. */
437 error = rsu_alloc_rx_list(sc);
438 if (error != 0) {
439 device_printf(sc->sc_dev, "could not allocate Rx buffers\n");
440 goto fail_usb;
441 }
442
443 error = rsu_alloc_tx_list(sc);
444 if (error != 0) {
445 device_printf(sc->sc_dev, "could not allocate Tx buffers\n");
446 rsu_free_rx_list(sc);
447 goto fail_usb;
448 }
449
450 iface_index = 0;
451 error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer,
452 rsu_config, RSU_N_TRANSFER, sc, &sc->sc_mtx);
453 if (error) {
454 device_printf(sc->sc_dev,
455 "could not allocate USB transfers, err=%s\n",
456 usbd_errstr(error));
457 goto fail_usb;
458 }
459 RSU_LOCK(sc);
460 /* Read chip revision. */
461 sc->cut = MS(rsu_read_4(sc, R92S_PMC_FSM), R92S_PMC_FSM_CUT);
462 if (sc->cut != 3)
463 sc->cut = (sc->cut >> 1) + 1;
464 error = rsu_read_rom(sc);
465 RSU_UNLOCK(sc);
466 if (error != 0) {
467 device_printf(self, "could not read ROM\n");
468 goto fail_rom;
469 }
470
471 /* Figure out TX/RX streams */
472 switch (sc->rom[84]) {
473 case 0x0:
474 sc->sc_rftype = RTL8712_RFCONFIG_1T1R;
475 sc->sc_nrxstream = 1;
476 sc->sc_ntxstream = 1;
477 rft = "1T1R";
478 break;
479 case 0x1:
480 sc->sc_rftype = RTL8712_RFCONFIG_1T2R;
481 sc->sc_nrxstream = 2;
482 sc->sc_ntxstream = 1;
483 rft = "1T2R";
484 break;
485 case 0x2:
486 sc->sc_rftype = RTL8712_RFCONFIG_2T2R;
487 sc->sc_nrxstream = 2;
488 sc->sc_ntxstream = 2;
489 rft = "2T2R";
490 break;
491 default:
492 device_printf(sc->sc_dev,
493 "%s: unknown board type (rfconfig=0x%02x)\n",
494 __func__,
495 sc->rom[84]);
496 goto fail_rom;
497 }
498
499 IEEE80211_ADDR_COPY(ic->ic_macaddr, &sc->rom[0x12]);
500 device_printf(self, "MAC/BB RTL8712 cut %d %s\n", sc->cut, rft);
501
502 ic->ic_softc = sc;
503 ic->ic_name = device_get_nameunit(self);
504 ic->ic_phytype = IEEE80211_T_OFDM; /* Not only, but not used. */
505 ic->ic_opmode = IEEE80211_M_STA; /* Default to BSS mode. */
506
507 /* Set device capabilities. */
508 ic->ic_caps =
509 IEEE80211_C_STA | /* station mode */
510#if 0
511 IEEE80211_C_BGSCAN | /* Background scan. */
512#endif
513 IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */
514 IEEE80211_C_WME | /* WME/QoS */
515 IEEE80211_C_SHSLOT | /* Short slot time supported. */
516 IEEE80211_C_WPA; /* WPA/RSN. */
517
518 /* Check if HT support is present. */
519 if (sc->sc_ht) {
520 device_printf(sc->sc_dev, "%s: enabling 11n\n", __func__);
521
522 /* Enable basic HT */
523 ic->ic_htcaps = IEEE80211_HTC_HT |
524#if 0
525 IEEE80211_HTC_AMPDU |
526#endif
527 IEEE80211_HTC_AMSDU |
528 IEEE80211_HTCAP_MAXAMSDU_3839 |
529 IEEE80211_HTCAP_SMPS_OFF;
530 ic->ic_htcaps |= IEEE80211_HTCAP_CHWIDTH40;
531
532 /* set number of spatial streams */
533 ic->ic_txstream = sc->sc_ntxstream;
534 ic->ic_rxstream = sc->sc_nrxstream;
535 }
536
537 /* Set supported .11b and .11g rates. */
538 memset(bands, 0, sizeof(bands));
539 setbit(bands, IEEE80211_MODE_11B);
540 setbit(bands, IEEE80211_MODE_11G);
541 if (sc->sc_ht)
542 setbit(bands, IEEE80211_MODE_11NG);
543 ieee80211_init_channels(ic, NULL, bands);
544
545 ieee80211_ifattach(ic);
546 ic->ic_raw_xmit = rsu_raw_xmit;
547 ic->ic_scan_start = rsu_scan_start;
548 ic->ic_scan_end = rsu_scan_end;
549 ic->ic_set_channel = rsu_set_channel;
550 ic->ic_vap_create = rsu_vap_create;
551 ic->ic_vap_delete = rsu_vap_delete;
552 ic->ic_update_mcast = rsu_update_mcast;
553 ic->ic_parent = rsu_parent;
554 ic->ic_transmit = rsu_transmit;
555 ic->ic_send_mgmt = rsu_send_mgmt;
556 ic->ic_update_chw = rsu_update_chw;
557 ic->ic_ampdu_enable = rsu_ampdu_enable;
558 ic->ic_wme.wme_update = rsu_wme_update;
559
560 ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr,
561 sizeof(sc->sc_txtap), RSU_TX_RADIOTAP_PRESENT,
562 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
563 RSU_RX_RADIOTAP_PRESENT);
564
565 if (bootverbose)
566 ieee80211_announce(ic);
567
568 return (0);
569
570fail_rom:
571 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER);
572fail_usb:
573 mtx_destroy(&sc->sc_mtx);
574 return (ENXIO);
575}
576
577static int
578rsu_detach(device_t self)
579{
580 struct rsu_softc *sc = device_get_softc(self);
581 struct ieee80211com *ic = &sc->sc_ic;
582
583 RSU_LOCK(sc);
584 rsu_stop(sc);
585 RSU_UNLOCK(sc);
586
587 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER);
588
589 /*
590 * Free buffers /before/ we detach from net80211, else node
591 * references to destroyed vaps will lead to a panic.
592 */
593 /* Free Tx/Rx buffers. */
594 RSU_LOCK(sc);
595 rsu_free_tx_list(sc);
596 rsu_free_rx_list(sc);
597 RSU_UNLOCK(sc);
598
599 /* Frames are freed; detach from net80211 */
600 ieee80211_ifdetach(ic);
601
602 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
603 taskqueue_drain(taskqueue_thread, &sc->tx_task);
604
605 mtx_destroy(&sc->sc_mtx);
606
607 return (0);
608}
609
610static usb_error_t
611rsu_do_request(struct rsu_softc *sc, struct usb_device_request *req,
612 void *data)
613{
614 usb_error_t err;
615 int ntries = 10;
616
617 RSU_ASSERT_LOCKED(sc);
618
619 while (ntries--) {
620 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
621 req, data, 0, NULL, 250 /* ms */);
622 if (err == 0 || err == USB_ERR_NOT_CONFIGURED)
623 break;
624 DPRINTFN(1, "Control request failed, %s (retrying)\n",
625 usbd_errstr(err));
626 rsu_ms_delay(sc, 10);
627 }
628
629 return (err);
630}
631
632static struct ieee80211vap *
633rsu_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
634 enum ieee80211_opmode opmode, int flags,
635 const uint8_t bssid[IEEE80211_ADDR_LEN],
636 const uint8_t mac[IEEE80211_ADDR_LEN])
637{
638 struct rsu_vap *uvp;
639 struct ieee80211vap *vap;
640
641 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
642 return (NULL);
643
644 uvp = malloc(sizeof(struct rsu_vap), M_80211_VAP, M_WAITOK | M_ZERO);
645 vap = &uvp->vap;
646
647 if (ieee80211_vap_setup(ic, vap, name, unit, opmode,
648 flags, bssid) != 0) {
649 /* out of memory */
650 free(uvp, M_80211_VAP);
651 return (NULL);
652 }
653
654 /* override state transition machine */
655 uvp->newstate = vap->iv_newstate;
656 vap->iv_newstate = rsu_newstate;
657
658 /* Limits from the r92su driver */
659 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_16;
660 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K;
661
662 /* complete setup */
663 ieee80211_vap_attach(vap, ieee80211_media_change,
664 ieee80211_media_status, mac);
665 ic->ic_opmode = opmode;
666
667 return (vap);
668}
669
670static void
671rsu_vap_delete(struct ieee80211vap *vap)
672{
673 struct rsu_vap *uvp = RSU_VAP(vap);
674
675 ieee80211_vap_detach(vap);
676 free(uvp, M_80211_VAP);
677}
678
679static void
680rsu_scan_start(struct ieee80211com *ic)
681{
682 struct rsu_softc *sc = ic->ic_softc;
683 int error;
684
685 /* Scanning is done by the firmware. */
686 RSU_LOCK(sc);
687 /* XXX TODO: force awake if in in network-sleep? */
688 error = rsu_site_survey(sc, TAILQ_FIRST(&ic->ic_vaps));
689 RSU_UNLOCK(sc);
690 if (error != 0)
691 device_printf(sc->sc_dev,
692 "could not send site survey command\n");
693}
694
695static void
696rsu_scan_end(struct ieee80211com *ic)
697{
698 /* Nothing to do here. */
699}
700
701static void
702rsu_set_channel(struct ieee80211com *ic __unused)
703{
704 /* We are unable to switch channels, yet. */
705}
706
707static void
708rsu_update_mcast(struct ieee80211com *ic)
709{
710 /* XXX do nothing? */
711}
712
713static int
714rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[],
715 int ndata, int maxsz)
716{
717 int i, error;
718
719 for (i = 0; i < ndata; i++) {
720 struct rsu_data *dp = &data[i];
721 dp->sc = sc;
722 dp->m = NULL;
723 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT);
724 if (dp->buf == NULL) {
725 device_printf(sc->sc_dev,
726 "could not allocate buffer\n");
727 error = ENOMEM;
728 goto fail;
729 }
730 dp->ni = NULL;
731 }
732
733 return (0);
734fail:
735 rsu_free_list(sc, data, ndata);
736 return (error);
737}
738
739static int
740rsu_alloc_rx_list(struct rsu_softc *sc)
741{
742 int error, i;
743
744 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT,
745 RSU_RXBUFSZ);
746 if (error != 0)
747 return (error);
748
749 STAILQ_INIT(&sc->sc_rx_active);
750 STAILQ_INIT(&sc->sc_rx_inactive);
751
752 for (i = 0; i < RSU_RX_LIST_COUNT; i++)
753 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next);
754
755 return (0);
756}
757
758static int
759rsu_alloc_tx_list(struct rsu_softc *sc)
760{
761 int error, i;
762
763 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT,
764 RSU_TXBUFSZ);
765 if (error != 0)
766 return (error);
767
768 STAILQ_INIT(&sc->sc_tx_inactive);
769
770 for (i = 0; i != RSU_N_TRANSFER; i++) {
771 STAILQ_INIT(&sc->sc_tx_active[i]);
772 STAILQ_INIT(&sc->sc_tx_pending[i]);
773 }
774
775 for (i = 0; i < RSU_TX_LIST_COUNT; i++) {
776 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next);
777 }
778
779 return (0);
780}
781
782static void
783rsu_free_tx_list(struct rsu_softc *sc)
784{
785 int i;
786
787 /* prevent further allocations from TX list(s) */
788 STAILQ_INIT(&sc->sc_tx_inactive);
789
790 for (i = 0; i != RSU_N_TRANSFER; i++) {
791 STAILQ_INIT(&sc->sc_tx_active[i]);
792 STAILQ_INIT(&sc->sc_tx_pending[i]);
793 }
794
795 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT);
796}
797
798static void
799rsu_free_rx_list(struct rsu_softc *sc)
800{
801 /* prevent further allocations from RX list(s) */
802 STAILQ_INIT(&sc->sc_rx_inactive);
803 STAILQ_INIT(&sc->sc_rx_active);
804
805 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT);
806}
807
808static void
809rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata)
810{
811 int i;
812
813 for (i = 0; i < ndata; i++) {
814 struct rsu_data *dp = &data[i];
815
816 if (dp->buf != NULL) {
817 free(dp->buf, M_USBDEV);
818 dp->buf = NULL;
819 }
820 if (dp->ni != NULL) {
821 ieee80211_free_node(dp->ni);
822 dp->ni = NULL;
823 }
824 }
825}
826
827static struct rsu_data *
828_rsu_getbuf(struct rsu_softc *sc)
829{
830 struct rsu_data *bf;
831
832 bf = STAILQ_FIRST(&sc->sc_tx_inactive);
833 if (bf != NULL)
834 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next);
835 else
836 bf = NULL;
837 return (bf);
838}
839
840static struct rsu_data *
841rsu_getbuf(struct rsu_softc *sc)
842{
843 struct rsu_data *bf;
844
845 RSU_ASSERT_LOCKED(sc);
846
847 bf = _rsu_getbuf(sc);
848 if (bf == NULL) {
849 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: no buffers\n", __func__);
850 }
851 return (bf);
852}
853
854static void
855rsu_freebuf(struct rsu_softc *sc, struct rsu_data *bf)
856{
857
858 RSU_ASSERT_LOCKED(sc);
859 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, bf, next);
860}
861
862static int
863rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
864 int len)
865{
866 usb_device_request_t req;
867
868 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
869 req.bRequest = R92S_REQ_REGS;
870 USETW(req.wValue, addr);
871 USETW(req.wIndex, 0);
872 USETW(req.wLength, len);
873
874 return (rsu_do_request(sc, &req, buf));
875}
876
877static void
878rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val)
879{
880 rsu_write_region_1(sc, addr, &val, 1);
881}
882
883static void
884rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val)
885{
886 val = htole16(val);
887 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2);
888}
889
890static void
891rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val)
892{
893 val = htole32(val);
894 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4);
895}
896
897static int
898rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
899 int len)
900{
901 usb_device_request_t req;
902
903 req.bmRequestType = UT_READ_VENDOR_DEVICE;
904 req.bRequest = R92S_REQ_REGS;
905 USETW(req.wValue, addr);
906 USETW(req.wIndex, 0);
907 USETW(req.wLength, len);
908
909 return (rsu_do_request(sc, &req, buf));
910}
911
912static uint8_t
913rsu_read_1(struct rsu_softc *sc, uint16_t addr)
914{
915 uint8_t val;
916
917 if (rsu_read_region_1(sc, addr, &val, 1) != 0)
918 return (0xff);
919 return (val);
920}
921
922static uint16_t
923rsu_read_2(struct rsu_softc *sc, uint16_t addr)
924{
925 uint16_t val;
926
927 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0)
928 return (0xffff);
929 return (le16toh(val));
930}
931
932static uint32_t
933rsu_read_4(struct rsu_softc *sc, uint16_t addr)
934{
935 uint32_t val;
936
937 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0)
938 return (0xffffffff);
939 return (le32toh(val));
940}
941
942static int
943rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd)
944{
945 int ntries;
946
947 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd);
948 rsu_ms_delay(sc, 1);
949 for (ntries = 0; ntries < 50; ntries++) {
950 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0)
951 return (0);
952 rsu_ms_delay(sc, 1);
953 }
954 return (ETIMEDOUT);
955}
956
957static uint8_t
958rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr)
959{
960 uint32_t reg;
961 int ntries;
962
963 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
964 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr);
965 reg &= ~R92S_EFUSE_CTRL_VALID;
966 rsu_write_4(sc, R92S_EFUSE_CTRL, reg);
967 /* Wait for read operation to complete. */
968 for (ntries = 0; ntries < 100; ntries++) {
969 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
970 if (reg & R92S_EFUSE_CTRL_VALID)
971 return (MS(reg, R92S_EFUSE_CTRL_DATA));
972 rsu_ms_delay(sc, 1);
973 }
974 device_printf(sc->sc_dev,
975 "could not read efuse byte at address 0x%x\n", addr);
976 return (0xff);
977}
978
979static int
980rsu_read_rom(struct rsu_softc *sc)
981{
982 uint8_t *rom = sc->rom;
983 uint16_t addr = 0;
984 uint32_t reg;
985 uint8_t off, msk;
986 int i;
987
988 /* Make sure that ROM type is eFuse and that autoload succeeded. */
989 reg = rsu_read_1(sc, R92S_EE_9346CR);
990 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN)
991 return (EIO);
992
993 /* Turn on 2.5V to prevent eFuse leakage. */
994 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3);
995 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80);
996 rsu_ms_delay(sc, 1);
997 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80);
998
999 /* Read full ROM image. */
1000 memset(&sc->rom, 0xff, sizeof(sc->rom));
1001 while (addr < 512) {
1002 reg = rsu_efuse_read_1(sc, addr);
1003 if (reg == 0xff)
1004 break;
1005 addr++;
1006 off = reg >> 4;
1007 msk = reg & 0xf;
1008 for (i = 0; i < 4; i++) {
1009 if (msk & (1 << i))
1010 continue;
1011 rom[off * 8 + i * 2 + 0] =
1012 rsu_efuse_read_1(sc, addr);
1013 addr++;
1014 rom[off * 8 + i * 2 + 1] =
1015 rsu_efuse_read_1(sc, addr);
1016 addr++;
1017 }
1018 }
1019#ifdef USB_DEBUG
1020 if (rsu_debug >= 5) {
1021 /* Dump ROM content. */
1022 printf("\n");
1023 for (i = 0; i < sizeof(sc->rom); i++)
1024 printf("%02x:", rom[i]);
1025 printf("\n");
1026 }
1027#endif
1028 return (0);
1029}
1030
1031static int
1032rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len)
1033{
1034 const uint8_t which = RSU_H2C_ENDPOINT;
1035 struct rsu_data *data;
1036 struct r92s_tx_desc *txd;
1037 struct r92s_fw_cmd_hdr *cmd;
1038 int cmdsz;
1039 int xferlen;
1040
1041 RSU_ASSERT_LOCKED(sc);
1042
1043 data = rsu_getbuf(sc);
1044 if (data == NULL)
1045 return (ENOMEM);
1046
1047 /* Blank the entire payload, just to be safe */
1048 memset(data->buf, '\0', RSU_TXBUFSZ);
1049
1050 /* Round-up command length to a multiple of 8 bytes. */
1051 /* XXX TODO: is this required? */
1052 cmdsz = (len + 7) & ~7;
1053
1054 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz;
1055 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__));
1056 memset(data->buf, 0, xferlen);
1057
1058 /* Setup Tx descriptor. */
1059 txd = (struct r92s_tx_desc *)data->buf;
1060 txd->txdw0 = htole32(
1061 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
1062 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) |
1063 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
1064 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C));
1065
1066 /* Setup command header. */
1067 cmd = (struct r92s_fw_cmd_hdr *)&txd[1];
1068 cmd->len = htole16(cmdsz);
1069 cmd->code = code;
1070 cmd->seq = sc->cmd_seq;
1071 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f;
1072
1073 /* Copy command payload. */
1074 memcpy(&cmd[1], buf, len);
1075
1076 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FWCMD,
1077 "%s: Tx cmd code=0x%x len=0x%x\n",
1078 __func__, code, cmdsz);
1079 data->buflen = xferlen;
1080 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
1081 usbd_transfer_start(sc->sc_xfer[which]);
1082
1083 return (0);
1084}
1085
1086/* ARGSUSED */
1087static void
1088rsu_calib_task(void *arg, int pending __unused)
1089{
1090 struct rsu_softc *sc = arg;
1091#ifdef notyet
1092 uint32_t reg;
1093#endif
1094
1095 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: running calibration task\n",
1096 __func__);
1097
1098 RSU_LOCK(sc);
1099#ifdef notyet
1100 /* Read WPS PBC status. */
1101 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL,
1102 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG));
1103 rsu_write_1(sc, R92S_GPIO_IO_SEL,
1104 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS);
1105 reg = rsu_read_1(sc, R92S_GPIO_CTRL);
1106 if (reg != 0xff && (reg & R92S_GPIO_WPS))
1107 DPRINTF(("WPS PBC is pushed\n"));
1108#endif
1109 /* Read current signal level. */
1110 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) {
1111 sc->sc_currssi = rsu_read_4(sc, R92S_IOCMD_DATA);
1112 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: RSSI=%d (%d)\n",
1113 __func__, sc->sc_currssi,
1114 rsu_hwrssi_to_rssi(sc, sc->sc_currssi));
1115 }
1116 if (sc->sc_calibrating)
1117 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz);
1118 RSU_UNLOCK(sc);
1119}
1120
1121static void
1122rsu_tx_task(void *arg, int pending __unused)
1123{
1124 struct rsu_softc *sc = arg;
1125
1126 RSU_LOCK(sc);
1127 _rsu_start(sc);
1128 RSU_UNLOCK(sc);
1129}
1130
1131#define RSU_PWR_UNKNOWN 0x0
1132#define RSU_PWR_ACTIVE 0x1
1133#define RSU_PWR_OFF 0x2
1134#define RSU_PWR_SLEEP 0x3
1135
1136/*
1137 * Set the current power state.
1138 *
1139 * The rtlwifi code doesn't do this so aggressively; it
1140 * waits for an idle period after association with
1141 * no traffic before doing this.
1142 *
1143 * For now - it's on in all states except RUN, and
1144 * in RUN it'll transition to allow sleep.
1145 */
1146
1147struct r92s_pwr_cmd {
1148 uint8_t mode;
1149 uint8_t smart_ps;
1150 uint8_t bcn_pass_time;
1151};
1152
1153static int
1154rsu_set_fw_power_state(struct rsu_softc *sc, int state)
1155{
1156 struct r92s_set_pwr_mode cmd;
1157 //struct r92s_pwr_cmd cmd;
1158 int error;
1159
1160 RSU_ASSERT_LOCKED(sc);
1161
1162 /* only change state if required */
1163 if (sc->sc_curpwrstate == state)
1164 return (0);
1165
1166 memset(&cmd, 0, sizeof(cmd));
1167
1168 switch (state) {
1169 case RSU_PWR_ACTIVE:
1170 /* Force the hardware awake */
1171 rsu_write_1(sc, R92S_USB_HRPWM,
1172 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON);
1173 cmd.mode = R92S_PS_MODE_ACTIVE;
1174 break;
1175 case RSU_PWR_SLEEP:
1176 cmd.mode = R92S_PS_MODE_DTIM; /* XXX configurable? */
1177 cmd.smart_ps = 1; /* XXX 2 if doing p2p */
1178 cmd.bcn_pass_time = 5; /* in 100mS usb.c, linux/rtlwifi */
1179 break;
1180 case RSU_PWR_OFF:
1181 cmd.mode = R92S_PS_MODE_RADIOOFF;
1182 break;
1183 default:
1184 device_printf(sc->sc_dev, "%s: unknown ps mode (%d)\n",
1185 __func__,
1186 state);
1187 return (ENXIO);
1188 }
1189
1190 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1191 "%s: setting ps mode to %d (mode %d)\n",
1192 __func__, state, cmd.mode);
1193 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd));
1194 if (error == 0)
1195 sc->sc_curpwrstate = state;
1196
1197 return (error);
1198}
1199
1200static int
1201rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
1202{
1203 struct rsu_vap *uvp = RSU_VAP(vap);
1204 struct ieee80211com *ic = vap->iv_ic;
1205 struct rsu_softc *sc = ic->ic_softc;
1206 struct ieee80211_node *ni;
1207 struct ieee80211_rateset *rs;
1208 enum ieee80211_state ostate;
1209 int error, startcal = 0;
1210
1211 ostate = vap->iv_state;
1212 RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: %s -> %s\n",
1213 __func__,
1214 ieee80211_state_name[ostate],
1215 ieee80211_state_name[nstate]);
1216
1217 IEEE80211_UNLOCK(ic);
1218 if (ostate == IEEE80211_S_RUN) {
1219 RSU_LOCK(sc);
1220 /* Stop calibration. */
1221 sc->sc_calibrating = 0;
1222 RSU_UNLOCK(sc);
1223 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
1224 taskqueue_drain(taskqueue_thread, &sc->tx_task);
1225 /* Disassociate from our current BSS. */
1226 RSU_LOCK(sc);
1227 rsu_disconnect(sc);
1228 } else
1229 RSU_LOCK(sc);
1230 switch (nstate) {
1231 case IEEE80211_S_INIT:
1232 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
1233 break;
1234 case IEEE80211_S_AUTH:
1235 ni = ieee80211_ref_node(vap->iv_bss);
1236 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
1237 error = rsu_join_bss(sc, ni);
1238 ieee80211_free_node(ni);
1239 if (error != 0) {
1240 device_printf(sc->sc_dev,
1241 "could not send join command\n");
1242 }
1243 break;
1244 case IEEE80211_S_RUN:
1245 ni = ieee80211_ref_node(vap->iv_bss);
1246 rs = &ni->ni_rates;
1247 /* Indicate highest supported rate. */
1248 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1];
1249 (void) rsu_set_fw_power_state(sc, RSU_PWR_SLEEP);
1250 ieee80211_free_node(ni);
1251 startcal = 1;
1252 break;
1253 default:
1254 break;
1255 }
1256 sc->sc_calibrating = 1;
1257 /* Start periodic calibration. */
1258 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz);
1259 RSU_UNLOCK(sc);
1260 IEEE80211_LOCK(ic);
1261 return (uvp->newstate(vap, nstate, arg));
1262}
1263
1264#ifdef notyet
1265static void
1266rsu_set_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1267{
1268 struct r92s_fw_cmd_set_key key;
1269
1270 memset(&key, 0, sizeof(key));
1271 /* Map net80211 cipher to HW crypto algorithm. */
1272 switch (k->wk_cipher->ic_cipher) {
1273 case IEEE80211_CIPHER_WEP:
1274 if (k->wk_keylen < 8)
1275 key.algo = R92S_KEY_ALGO_WEP40;
1276 else
1277 key.algo = R92S_KEY_ALGO_WEP104;
1278 break;
1279 case IEEE80211_CIPHER_TKIP:
1280 key.algo = R92S_KEY_ALGO_TKIP;
1281 break;
1282 case IEEE80211_CIPHER_AES_CCM:
1283 key.algo = R92S_KEY_ALGO_AES;
1284 break;
1285 default:
1286 return;
1287 }
1288 key.id = k->wk_keyix;
1289 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0;
1290 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key)));
1291 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1292}
1293
1294static void
1295rsu_delete_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1296{
1297 struct r92s_fw_cmd_set_key key;
1298
1299 memset(&key, 0, sizeof(key));
1300 key.id = k->wk_keyix;
1301 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1302}
1303#endif
1304
1305static int
1306rsu_site_survey(struct rsu_softc *sc, struct ieee80211vap *vap)
1307{
1308 struct r92s_fw_cmd_sitesurvey cmd;
1309 struct ieee80211com *ic = &sc->sc_ic;
1310 int r;
1311
1312 RSU_ASSERT_LOCKED(sc);
1313
1314 memset(&cmd, 0, sizeof(cmd));
1315 if ((ic->ic_flags & IEEE80211_F_ASCAN) || sc->sc_scan_pass == 1)
1316 cmd.active = htole32(1);
1317 cmd.limit = htole32(48);
1318 if (sc->sc_scan_pass == 1 && vap->iv_des_nssid > 0) {
1319 /* Do a directed scan for second pass. */
1320 cmd.ssidlen = htole32(vap->iv_des_ssid[0].len);
1321 memcpy(cmd.ssid, vap->iv_des_ssid[0].ssid,
1322 vap->iv_des_ssid[0].len);
1323
1324 }
1325 DPRINTF("sending site survey command, pass=%d\n", sc->sc_scan_pass);
1326 r = rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd));
1327 if (r == 0) {
1328 sc->sc_scanning = 1;
1329 }
1330 return (r);
1331}
1332
1333static int
1334rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni)
1335{
1336 struct ieee80211com *ic = &sc->sc_ic;
1337 struct ieee80211vap *vap = ni->ni_vap;
1338 struct ndis_wlan_bssid_ex *bss;
1339 struct ndis_802_11_fixed_ies *fixed;
1340 struct r92s_fw_cmd_auth auth;
1341 uint8_t buf[sizeof(*bss) + 128] __aligned(4);
1342 uint8_t *frm;
1343 uint8_t opmode;
1344 int error;
1345 int cnt;
1346 char *msg = "rsujoin";
1347
1348 RSU_ASSERT_LOCKED(sc);
1349
1350 /*
1351 * Until net80211 scanning doesn't automatically finish
1352 * before we tell it to, let's just wait until any pending
1353 * scan is done.
1354 *
1355 * XXX TODO: yes, this releases and re-acquires the lock.
1356 * We should re-verify the state whenever we re-attempt this!
1357 */
1358 cnt = 0;
1359 while (sc->sc_scanning && cnt < 10) {
1360 device_printf(sc->sc_dev,
1361 "%s: still scanning! (attempt %d)\n",
1362 __func__, cnt);
1363 msleep(msg, &sc->sc_mtx, 0, msg, hz / 2);
1364 cnt++;
1365 }
1366
1367 /* Let the FW decide the opmode based on the capinfo field. */
1368 opmode = NDIS802_11AUTOUNKNOWN;
1369 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1370 "%s: setting operating mode to %d\n",
1371 __func__, opmode);
1372 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode));
1373 if (error != 0)
1374 return (error);
1375
1376 memset(&auth, 0, sizeof(auth));
1377 if (vap->iv_flags & IEEE80211_F_WPA) {
1378 auth.mode = R92S_AUTHMODE_WPA;
1379 auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X);
1380 } else
1381 auth.mode = R92S_AUTHMODE_OPEN;
1382 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1383 "%s: setting auth mode to %d\n",
1384 __func__, auth.mode);
1385 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth));
1386 if (error != 0)
1387 return (error);
1388
1389 memset(buf, 0, sizeof(buf));
1390 bss = (struct ndis_wlan_bssid_ex *)buf;
1391 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid);
1392 bss->ssid.ssidlen = htole32(ni->ni_esslen);
1393 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen);
1394 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA))
1395 bss->privacy = htole32(1);
1396 bss->rssi = htole32(ni->ni_avgrssi);
1397 if (ic->ic_curmode == IEEE80211_MODE_11B)
1398 bss->networktype = htole32(NDIS802_11DS);
1399 else
1400 bss->networktype = htole32(NDIS802_11OFDM24);
1401 bss->config.len = htole32(sizeof(bss->config));
1402 bss->config.bintval = htole32(ni->ni_intval);
1403 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan));
1404 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE);
1405 /* XXX verify how this is supposed to look! */
1406 memcpy(bss->supprates, ni->ni_rates.rs_rates,
1407 ni->ni_rates.rs_nrates);
1408 /* Write the fixed fields of the beacon frame. */
1409 fixed = (struct ndis_802_11_fixed_ies *)&bss[1];
1410 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8);
1411 fixed->bintval = htole16(ni->ni_intval);
1412 fixed->capabilities = htole16(ni->ni_capinfo);
1413 /* Write IEs to be included in the association request. */
1414 frm = (uint8_t *)&fixed[1];
1415 frm = ieee80211_add_rsn(frm, vap);
1416 frm = ieee80211_add_wpa(frm, vap);
1417 frm = ieee80211_add_qos(frm, ni);
1418 if ((ic->ic_flags & IEEE80211_F_WME) &&
1419 (ni->ni_ies.wme_ie != NULL))
1420 frm = ieee80211_add_wme_info(frm, &ic->ic_wme);
1421 if (ni->ni_flags & IEEE80211_NODE_HT) {
1422 frm = ieee80211_add_htcap(frm, ni);
1423 frm = ieee80211_add_htinfo(frm, ni);
1424 }
1425 bss->ieslen = htole32(frm - (uint8_t *)fixed);
1426 bss->len = htole32(((frm - buf) + 3) & ~3);
1427 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_FWCMD,
1428 "%s: sending join bss command to %s chan %d\n",
1429 __func__,
1430 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig));
1431 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf)));
1432}
1433
1434static int
1435rsu_disconnect(struct rsu_softc *sc)
1436{
1437 uint32_t zero = 0; /* :-) */
1438
1439 /* Disassociate from our current BSS. */
1440 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1441 "%s: sending disconnect command\n", __func__);
1442 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero)));
1443}
1444
1445/*
1446 * Map the hardware provided RSSI value to a signal level.
1447 * For the most part it's just something we divide by and cap
1448 * so it doesn't overflow the representation by net80211.
1449 */
1450static int
1451rsu_hwrssi_to_rssi(struct rsu_softc *sc, int hw_rssi)
1452{
1453 int v;
1454
1455 if (hw_rssi == 0)
1456 return (0);
1457 v = hw_rssi >> 4;
1458 if (v > 80)
1459 v = 80;
1460 return (v);
1461}
1462
1463static void
1464rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len)
1465{
1466 struct ieee80211com *ic = &sc->sc_ic;
1467 struct ieee80211_frame *wh;
1468 struct ndis_wlan_bssid_ex *bss;
1469 struct ieee80211_rx_stats rxs;
1470 struct mbuf *m;
1471 int pktlen;
1472
1473 if (__predict_false(len < sizeof(*bss)))
1474 return;
1475 bss = (struct ndis_wlan_bssid_ex *)buf;
1476 if (__predict_false(len < sizeof(*bss) + le32toh(bss->ieslen)))
1477 return;
1478
1479 RSU_DPRINTF(sc, RSU_DEBUG_SCAN,
1480 "%s: found BSS %s: len=%d chan=%d inframode=%d "
1481 "networktype=%d privacy=%d, RSSI=%d\n",
1482 __func__,
1483 ether_sprintf(bss->macaddr), le32toh(bss->len),
1484 le32toh(bss->config.dsconfig), le32toh(bss->inframode),
1485 le32toh(bss->networktype), le32toh(bss->privacy),
1486 le32toh(bss->rssi));
1487
1488 /* Build a fake beacon frame to let net80211 do all the parsing. */
1489 /* XXX TODO: just call the new scan API methods! */
1490 pktlen = sizeof(*wh) + le32toh(bss->ieslen);
1491 if (__predict_false(pktlen > MCLBYTES))
1492 return;
1493 m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR);
1494 if (__predict_false(m == NULL))
1495 return;
1496 wh = mtod(m, struct ieee80211_frame *);
1497 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
1498 IEEE80211_FC0_SUBTYPE_BEACON;
1499 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1500 USETW(wh->i_dur, 0);
1501 IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr);
1502 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr);
1503 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr);
1504 *(uint16_t *)wh->i_seq = 0;
1505 memcpy(&wh[1], (uint8_t *)&bss[1], le32toh(bss->ieslen));
1506
1507 /* Finalize mbuf. */
1508 m->m_pkthdr.len = m->m_len = pktlen;
1509
1510 /* Set channel flags for input path */
1511 bzero(&rxs, sizeof(rxs));
1512 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
1513 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
1514 rxs.c_ieee = le32toh(bss->config.dsconfig);
1515 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
1516 /* This is a number from 0..100; so let's just divide it down a bit */
1517 rxs.rssi = le32toh(bss->rssi) / 2;
1518 rxs.nf = -96;
1519
1520 /* XXX avoid a LOR */
1521 RSU_UNLOCK(sc);
1522 ieee80211_input_mimo_all(ic, m, &rxs);
1523 RSU_LOCK(sc);
1524}
1525
1526static void
1527rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len)
1528{
1529 struct ieee80211com *ic = &sc->sc_ic;
1530 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1531 struct ieee80211_node *ni = vap->iv_bss;
1532 struct r92s_event_join_bss *rsp;
1533 uint32_t tmp;
1534 int res;
1535
1536 if (__predict_false(len < sizeof(*rsp)))
1537 return;
1538 rsp = (struct r92s_event_join_bss *)buf;
1539 res = (int)le32toh(rsp->join_res);
1540
1541 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1542 "%s: Rx join BSS event len=%d res=%d\n",
1543 __func__, len, res);
1544
1545 /*
1546 * XXX Don't do this; there's likely a better way to tell
1547 * the caller we failed.
1548 */
1549 if (res <= 0) {
1550 RSU_UNLOCK(sc);
1551 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1552 RSU_LOCK(sc);
1553 return;
1554 }
1555
1556 tmp = le32toh(rsp->associd);
1557 if (tmp >= vap->iv_max_aid) {
1558 DPRINTF("Assoc ID overflow\n");
1559 tmp = 1;
1560 }
1561 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1562 "%s: associated with %s associd=%d\n",
1563 __func__, ether_sprintf(rsp->bss.macaddr), tmp);
1564 /* XXX is this required? What's the top two bits for again? */
1565 ni->ni_associd = tmp | 0xc000;
1566 RSU_UNLOCK(sc);
1567 ieee80211_new_state(vap, IEEE80211_S_RUN,
1568 IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1569 RSU_LOCK(sc);
1570}
1571
1572static void
1573rsu_event_addba_req_report(struct rsu_softc *sc, uint8_t *buf, int len)
1574{
1575 struct ieee80211com *ic = &sc->sc_ic;
1576 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1577 struct r92s_add_ba_event *ba = (void *) buf;
1578 struct ieee80211_node *ni;
1579
1580 if (len < sizeof(*ba)) {
1581 device_printf(sc->sc_dev, "%s: short read (%d)\n", __func__, len);
1582 return;
1583 }
1584
1585 if (vap == NULL)
1586 return;
1587
1588 RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: mac=%s, tid=%d, ssn=%d\n",
1589 __func__,
1590 ether_sprintf(ba->mac_addr),
1591 (int) ba->tid,
1592 (int) le16toh(ba->ssn));
1593
1594 /* XXX do node lookup; this is STA specific */
1595
1596 ni = ieee80211_ref_node(vap->iv_bss);
1597 ieee80211_ampdu_rx_start_ext(ni, ba->tid, le16toh(ba->ssn) >> 4, 32);
1598 ieee80211_free_node(ni);
1599}
1600
1601static void
1602rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len)
1603{
1604 struct ieee80211com *ic = &sc->sc_ic;
1605 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1606
1607 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD,
1608 "%s: Rx event code=%d len=%d\n", __func__, code, len);
1609 switch (code) {
1610 case R92S_EVT_SURVEY:
1611 rsu_event_survey(sc, buf, len);
1612 break;
1613 case R92S_EVT_SURVEY_DONE:
1614 RSU_DPRINTF(sc, RSU_DEBUG_SCAN,
1615 "%s: site survey pass %d done, found %d BSS\n",
1616 __func__, sc->sc_scan_pass, le32toh(*(uint32_t *)buf));
1617 sc->sc_scanning = 0;
1618 if (vap->iv_state != IEEE80211_S_SCAN)
1619 break; /* Ignore if not scanning. */
1620
1621 /*
1622 * XXX TODO: This needs to be done without a transition to
1623 * the SCAN state again. Grr.
1624 */
1625 if (sc->sc_scan_pass == 0 && vap->iv_des_nssid != 0) {
1626 /* Schedule a directed scan for hidden APs. */
1627 /* XXX bad! */
1628 sc->sc_scan_pass = 1;
1629 RSU_UNLOCK(sc);
1630 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1631 RSU_LOCK(sc);
1632 break;
1633 }
1634 sc->sc_scan_pass = 0;
1635 break;
1636 case R92S_EVT_JOIN_BSS:
1637 if (vap->iv_state == IEEE80211_S_AUTH)
1638 rsu_event_join_bss(sc, buf, len);
1639 break;
1640 case R92S_EVT_DEL_STA:
1641 RSU_DPRINTF(sc, RSU_DEBUG_FWCMD | RSU_DEBUG_STATE,
1642 "%s: disassociated from %s\n", __func__,
1643 ether_sprintf(buf));
1644 if (vap->iv_state == IEEE80211_S_RUN &&
1645 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) {
1646 RSU_UNLOCK(sc);
1647 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1648 RSU_LOCK(sc);
1649 }
1650 break;
1651 case R92S_EVT_WPS_PBC:
1652 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD,
1653 "%s: WPS PBC pushed.\n", __func__);
1654 break;
1655 case R92S_EVT_FWDBG:
1656 buf[60] = '\0';
1657 RSU_DPRINTF(sc, RSU_DEBUG_FWDBG, "FWDBG: %s\n", (char *)buf);
1658 break;
1659 case R92S_EVT_ADDBA_REQ_REPORT:
1660 rsu_event_addba_req_report(sc, buf, len);
1661 break;
1662 default:
1663 device_printf(sc->sc_dev, "%s: unhandled code (%d)\n", __func__, code);
1664 break;
1665 }
1666}
1667
1668static void
1669rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len)
1670{
1671 struct r92s_fw_cmd_hdr *cmd;
1672 int cmdsz;
1673
1674 RSU_DPRINTF(sc, RSU_DEBUG_RX, "%s: Rx events len=%d\n", __func__, len);
1675
1676 /* Skip Rx status. */
1677 buf += sizeof(struct r92s_rx_stat);
1678 len -= sizeof(struct r92s_rx_stat);
1679
1680 /* Process all events. */
1681 for (;;) {
1682 /* Check that command header fits. */
1683 if (__predict_false(len < sizeof(*cmd)))
1684 break;
1685 cmd = (struct r92s_fw_cmd_hdr *)buf;
1686 /* Check that command payload fits. */
1687 cmdsz = le16toh(cmd->len);
1688 if (__predict_false(len < sizeof(*cmd) + cmdsz))
1689 break;
1690
1691 /* Process firmware event. */
1692 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz);
1693
1694 if (!(cmd->seq & R92S_FW_CMD_MORE))
1695 break;
1696 buf += sizeof(*cmd) + cmdsz;
1697 len -= sizeof(*cmd) + cmdsz;
1698 }
1699}
1700
1701#if 0
1702static int8_t
1703rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt)
1704{
1705 static const int8_t cckoff[] = { 14, -2, -20, -40 };
1706 struct r92s_rx_phystat *phy;
1707 struct r92s_rx_cck *cck;
1708 uint8_t rpt;
1709 int8_t rssi;
1710
1711 if (rate <= 3) {
1712 cck = (struct r92s_rx_cck *)physt;
1713 rpt = (cck->agc_rpt >> 6) & 0x3;
1714 rssi = cck->agc_rpt & 0x3e;
1715 rssi = cckoff[rpt] - rssi;
1716 } else { /* OFDM/HT. */
1717 phy = (struct r92s_rx_phystat *)physt;
1718 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106;
1719 }
1720 return (rssi);
1721}
1722#endif
1723
1724static struct mbuf *
1725rsu_rx_frame(struct rsu_softc *sc, uint8_t *buf, int pktlen)
1726{
1727 struct ieee80211com *ic = &sc->sc_ic;
1728 struct ieee80211_frame *wh;
1729 struct r92s_rx_stat *stat;
1730 uint32_t rxdw0, rxdw3;
1731 struct mbuf *m;
1732 uint8_t rate;
1733 int infosz;
1734
1735 stat = (struct r92s_rx_stat *)buf;
1736 rxdw0 = le32toh(stat->rxdw0);
1737 rxdw3 = le32toh(stat->rxdw3);
1738
1739 if (__predict_false(rxdw0 & R92S_RXDW0_CRCERR)) {
1740 counter_u64_add(ic->ic_ierrors, 1);
1741 return NULL;
1742 }
1743 if (__predict_false(pktlen < sizeof(*wh) || pktlen > MCLBYTES)) {
1744 counter_u64_add(ic->ic_ierrors, 1);
1745 return NULL;
1746 }
1747
1748 rate = MS(rxdw3, R92S_RXDW3_RATE);
1749 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1750
1751#if 0
1752 /* Get RSSI from PHY status descriptor if present. */
1753 if (infosz != 0)
1754 *rssi = rsu_get_rssi(sc, rate, &stat[1]);
1755 else
1756 *rssi = 0;
1757#endif
1758
1759 RSU_DPRINTF(sc, RSU_DEBUG_RX,
1760 "%s: Rx frame len=%d rate=%d infosz=%d\n",
1761 __func__, pktlen, rate, infosz);
1762
1763 m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR);
1764 if (__predict_false(m == NULL)) {
1765 counter_u64_add(ic->ic_ierrors, 1);
1766 return NULL;
1767 }
1768 /* Hardware does Rx TCP checksum offload. */
1769 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) {
1770 if (__predict_true(rxdw3 & R92S_RXDW3_TCPCHKRPT))
1771 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID;
1772 }
1773 wh = (struct ieee80211_frame *)((uint8_t *)&stat[1] + infosz);
1774 memcpy(mtod(m, uint8_t *), wh, pktlen);
1775 m->m_pkthdr.len = m->m_len = pktlen;
1776
1777 if (ieee80211_radiotap_active(ic)) {
1778 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap;
1779
1780 /* Map HW rate index to 802.11 rate. */
1781 tap->wr_flags = 2;
1782 if (!(rxdw3 & R92S_RXDW3_HTC)) {
1783 switch (rate) {
1784 /* CCK. */
1785 case 0: tap->wr_rate = 2; break;
1786 case 1: tap->wr_rate = 4; break;
1787 case 2: tap->wr_rate = 11; break;
1788 case 3: tap->wr_rate = 22; break;
1789 /* OFDM. */
1790 case 4: tap->wr_rate = 12; break;
1791 case 5: tap->wr_rate = 18; break;
1792 case 6: tap->wr_rate = 24; break;
1793 case 7: tap->wr_rate = 36; break;
1794 case 8: tap->wr_rate = 48; break;
1795 case 9: tap->wr_rate = 72; break;
1796 case 10: tap->wr_rate = 96; break;
1797 case 11: tap->wr_rate = 108; break;
1798 }
1799 } else if (rate >= 12) { /* MCS0~15. */
1800 /* Bit 7 set means HT MCS instead of rate. */
1801 tap->wr_rate = 0x80 | (rate - 12);
1802 }
1803#if 0
1804 tap->wr_dbm_antsignal = *rssi;
1805#endif
1806 /* XXX not nice */
1807 tap->wr_dbm_antsignal = rsu_hwrssi_to_rssi(sc, sc->sc_currssi);
1808 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
1809 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
1810 }
1811
1812 return (m);
1813}
1814
1815static struct mbuf *
1816rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len)
1817{
1818 struct r92s_rx_stat *stat;
1819 uint32_t rxdw0;
1820 int totlen, pktlen, infosz, npkts;
1821 struct mbuf *m, *m0 = NULL, *prevm = NULL;
1822
1823 /* Get the number of encapsulated frames. */
1824 stat = (struct r92s_rx_stat *)buf;
1825 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT);
1826 RSU_DPRINTF(sc, RSU_DEBUG_RX,
1827 "%s: Rx %d frames in one chunk\n", __func__, npkts);
1828
1829 /* Process all of them. */
1830 while (npkts-- > 0) {
1831 if (__predict_false(len < sizeof(*stat)))
1832 break;
1833 stat = (struct r92s_rx_stat *)buf;
1834 rxdw0 = le32toh(stat->rxdw0);
1835
1836 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN);
1837 if (__predict_false(pktlen == 0))
1838 break;
1839
1840 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1841
1842 /* Make sure everything fits in xfer. */
1843 totlen = sizeof(*stat) + infosz + pktlen;
1844 if (__predict_false(totlen > len))
1845 break;
1846
1847 /* Process 802.11 frame. */
1848 m = rsu_rx_frame(sc, buf, pktlen);
1849 if (m0 == NULL)
1850 m0 = m;
1851 if (prevm == NULL)
1852 prevm = m;
1853 else {
1854 prevm->m_next = m;
1855 prevm = m;
1856 }
1857 /* Next chunk is 128-byte aligned. */
1858 totlen = (totlen + 127) & ~127;
1859 buf += totlen;
1860 len -= totlen;
1861 }
1862
1863 return (m0);
1864}
1865
1866static struct mbuf *
1867rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data)
1868{
1869 struct rsu_softc *sc = data->sc;
1870 struct ieee80211com *ic = &sc->sc_ic;
1871 struct r92s_rx_stat *stat;
1872 int len;
1873
1874 usbd_xfer_status(xfer, &len, NULL, NULL, NULL);
1875
1876 if (__predict_false(len < sizeof(*stat))) {
1877 DPRINTF("xfer too short %d\n", len);
1878 counter_u64_add(ic->ic_ierrors, 1);
1879 return (NULL);
1880 }
1881 /* Determine if it is a firmware C2H event or an 802.11 frame. */
1882 stat = (struct r92s_rx_stat *)data->buf;
1883 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) {
1884 rsu_rx_multi_event(sc, data->buf, len);
1885 /* No packets to process. */
1886 return (NULL);
1887 } else
1888 return (rsu_rx_multi_frame(sc, data->buf, len));
1889}
1890
1891static void
1892rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
1893{
1894 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1895 struct ieee80211com *ic = &sc->sc_ic;
1896 struct ieee80211_frame *wh;
1897 struct ieee80211_node *ni;
1898 struct mbuf *m = NULL, *next;
1899 struct rsu_data *data;
1900
1901 RSU_ASSERT_LOCKED(sc);
1902
1903 switch (USB_GET_STATE(xfer)) {
1904 case USB_ST_TRANSFERRED:
1905 data = STAILQ_FIRST(&sc->sc_rx_active);
1906 if (data == NULL)
1907 goto tr_setup;
1908 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1909 m = rsu_rxeof(xfer, data);
1910 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1911 /* FALLTHROUGH */
1912 case USB_ST_SETUP:
1913tr_setup:
1914 /*
1915 * XXX TODO: if we have an mbuf list, but then
1916 * we hit data == NULL, what now?
1917 */
1918 data = STAILQ_FIRST(&sc->sc_rx_inactive);
1919 if (data == NULL) {
1920 KASSERT(m == NULL, ("mbuf isn't NULL"));
1921 return;
1922 }
1923 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next);
1924 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next);
1925 usbd_xfer_set_frame_data(xfer, 0, data->buf,
1926 usbd_xfer_max_len(xfer));
1927 usbd_transfer_submit(xfer);
1928 /*
1929 * To avoid LOR we should unlock our private mutex here to call
1930 * ieee80211_input() because here is at the end of a USB
1931 * callback and safe to unlock.
1932 */
1933 RSU_UNLOCK(sc);
1934 while (m != NULL) {
1935 int rssi;
1936
1937 /* Cheat and get the last calibrated RSSI */
1938 rssi = rsu_hwrssi_to_rssi(sc, sc->sc_currssi);
1939
1940 next = m->m_next;
1941 m->m_next = NULL;
1942 wh = mtod(m, struct ieee80211_frame *);
1943 ni = ieee80211_find_rxnode(ic,
1944 (struct ieee80211_frame_min *)wh);
1945 if (ni != NULL) {
1946 if (ni->ni_flags & IEEE80211_NODE_HT)
1947 m->m_flags |= M_AMPDU;
1948 (void)ieee80211_input(ni, m, rssi, -96);
1949 ieee80211_free_node(ni);
1950 } else
1951 (void)ieee80211_input_all(ic, m, rssi, -96);
1952 m = next;
1953 }
1954 RSU_LOCK(sc);
1955 break;
1956 default:
1957 /* needs it to the inactive queue due to a error. */
1958 data = STAILQ_FIRST(&sc->sc_rx_active);
1959 if (data != NULL) {
1960 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1961 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1962 }
1963 if (error != USB_ERR_CANCELLED) {
1964 usbd_xfer_set_stall(xfer);
1965 counter_u64_add(ic->ic_ierrors, 1);
1966 goto tr_setup;
1967 }
1968 break;
1969 }
1970
1971}
1972
1973static void
1974rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data)
1975{
1976#ifdef USB_DEBUG
1977 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1978#endif
1979
1980 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: called; data=%p\n",
1981 __func__,
1982 data);
1983
1984 if (data->m) {
1985 /* XXX status? */
1986 ieee80211_tx_complete(data->ni, data->m, 0);
1987 data->m = NULL;
1988 data->ni = NULL;
1989 }
1990}
1991
1992static void
1993rsu_bulk_tx_callback_sub(struct usb_xfer *xfer, usb_error_t error,
1994 uint8_t which)
1995{
1996 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1997 struct ieee80211com *ic = &sc->sc_ic;
1998 struct rsu_data *data;
1999
2000 RSU_ASSERT_LOCKED(sc);
2001
2002 switch (USB_GET_STATE(xfer)) {
2003 case USB_ST_TRANSFERRED:
2004 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
2005 if (data == NULL)
2006 goto tr_setup;
2007 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: transfer done %p\n",
2008 __func__, data);
2009 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
2010 rsu_txeof(xfer, data);
2011 rsu_freebuf(sc, data);
2012 /* FALLTHROUGH */
2013 case USB_ST_SETUP:
2014tr_setup:
2015 data = STAILQ_FIRST(&sc->sc_tx_pending[which]);
2016 if (data == NULL) {
2017 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE,
2018 "%s: empty pending queue sc %p\n", __func__, sc);
2019 return;
2020 }
2021 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next);
2022 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next);
2023 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen);
2024 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE,
2025 "%s: submitting transfer %p\n",
2026 __func__,
2027 data);
2028 usbd_transfer_submit(xfer);
2029 break;
2030 default:
2031 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
2032 if (data != NULL) {
2033 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
2034 rsu_txeof(xfer, data);
2035 rsu_freebuf(sc, data);
2036 }
2037 counter_u64_add(ic->ic_oerrors, 1);
2038
2039 if (error != USB_ERR_CANCELLED) {
2040 usbd_xfer_set_stall(xfer);
2041 goto tr_setup;
2042 }
2043 break;
2044 }
2045
2046 /*
2047 * XXX TODO: if the queue is low, flush out FF TX frames.
2048 * Remember to unlock the driver for now; net80211 doesn't
2049 * defer it for us.
2050 */
2051}
2052
2053static void
2054rsu_bulk_tx_callback_be_bk(struct usb_xfer *xfer, usb_error_t error)
2055{
2056 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2057
2058 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_BE_BK);
2059
2060 /* This kicks the TX taskqueue */
2061 rsu_start(sc);
2062}
2063
2064static void
2065rsu_bulk_tx_callback_vi_vo(struct usb_xfer *xfer, usb_error_t error)
2066{
2067 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2068
2069 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_VI_VO);
2070
2071 /* This kicks the TX taskqueue */
2072 rsu_start(sc);
2073}
2074
2075static void
2076rsu_bulk_tx_callback_h2c(struct usb_xfer *xfer, usb_error_t error)
2077{
2078 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2079
2080 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_H2C);
2081
2082 /* This kicks the TX taskqueue */
2083 rsu_start(sc);
2084}
2085
2086/*
2087 * Transmit the given frame.
2088 *
2089 * This doesn't free the node or mbuf upon failure.
2090 */
2091static int
2092rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni,
2093 struct mbuf *m0, struct rsu_data *data)
2094{
2095 struct ieee80211com *ic = &sc->sc_ic;
2096 struct ieee80211vap *vap = ni->ni_vap;
2097 struct ieee80211_frame *wh;
2098 struct ieee80211_key *k = NULL;
2099 struct r92s_tx_desc *txd;
2100 uint8_t type;
2101 int prio = 0;
2102 uint8_t which;
2103 int hasqos;
2104 int xferlen;
2105 int qid;
2106
2107 RSU_ASSERT_LOCKED(sc);
2108
2109 wh = mtod(m0, struct ieee80211_frame *);
2110 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2111
2112 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: data=%p, m=%p\n",
2113 __func__, data, m0);
2114
2115 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2116 k = ieee80211_crypto_encap(ni, m0);
2117 if (k == NULL) {
2118 device_printf(sc->sc_dev,
2119 "ieee80211_crypto_encap returns NULL.\n");
2120 /* XXX we don't expect the fragmented frames */
2121 return (ENOBUFS);
2122 }
2123 wh = mtod(m0, struct ieee80211_frame *);
2124 }
2125 /* If we have QoS then use it */
2126 /* XXX TODO: mbuf WME/PRI versus TID? */
2127 if (IEEE80211_QOS_HAS_SEQ(wh)) {
2128 /* Has QoS */
2129 prio = M_WME_GETAC(m0);
2130 which = rsu_wme_ac_xfer_map[prio];
2131 hasqos = 1;
2132 } else {
2133 /* Non-QoS TID */
2134 /* XXX TODO: tid=0 for non-qos TID? */
2135 which = rsu_wme_ac_xfer_map[WME_AC_BE];
2136 hasqos = 0;
2137 prio = 0;
2138 }
2139
2140 qid = rsu_ac2qid[prio];
2141#if 0
2142 switch (type) {
2143 case IEEE80211_FC0_TYPE_CTL:
2144 case IEEE80211_FC0_TYPE_MGT:
2145 which = rsu_wme_ac_xfer_map[WME_AC_VO];
2146 break;
2147 default:
2148 which = rsu_wme_ac_xfer_map[M_WME_GETAC(m0)];
2149 break;
2150 }
2151 hasqos = 0;
2152#endif
2153
2154 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: pri=%d, which=%d, hasqos=%d\n",
2155 __func__,
2156 prio,
2157 which,
2158 hasqos);
2159
2160 /* Fill Tx descriptor. */
2161 txd = (struct r92s_tx_desc *)data->buf;
2162 memset(txd, 0, sizeof(*txd));
2163
2164 txd->txdw0 |= htole32(
2165 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) |
2166 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
2167 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
2168
2169 txd->txdw1 |= htole32(
2170 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) | SM(R92S_TXDW1_QSEL, qid));
2171 if (!hasqos)
2172 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS);
2173#ifdef notyet
2174 if (k != NULL) {
2175 switch (k->wk_cipher->ic_cipher) {
2176 case IEEE80211_CIPHER_WEP:
2177 cipher = R92S_TXDW1_CIPHER_WEP;
2178 break;
2179 case IEEE80211_CIPHER_TKIP:
2180 cipher = R92S_TXDW1_CIPHER_TKIP;
2181 break;
2182 case IEEE80211_CIPHER_AES_CCM:
2183 cipher = R92S_TXDW1_CIPHER_AES;
2184 break;
2185 default:
2186 cipher = R92S_TXDW1_CIPHER_NONE;
2187 }
2188 txd->txdw1 |= htole32(
2189 SM(R92S_TXDW1_CIPHER, cipher) |
2190 SM(R92S_TXDW1_KEYIDX, k->k_id));
2191 }
2192#endif
2193 /* XXX todo: set AGGEN bit if appropriate? */
2194 txd->txdw2 |= htole32(R92S_TXDW2_BK);
2195 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
2196 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST);
2197 /*
2198 * Firmware will use and increment the sequence number for the
2199 * specified priority.
2200 */
2201 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, prio));
2202
2203 if (ieee80211_radiotap_active_vap(vap)) {
2204 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap;
2205
2206 tap->wt_flags = 0;
2207 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
2208 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
2209 ieee80211_radiotap_tx(vap, m0);
2210 }
2211
2212 xferlen = sizeof(*txd) + m0->m_pkthdr.len;
2213 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]);
2214
2215 data->buflen = xferlen;
2216 data->ni = ni;
2217 data->m = m0;
2218 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
2219
2220 /* start transfer, if any */
2221 usbd_transfer_start(sc->sc_xfer[which]);
2222 return (0);
2223}
2224
2225static int
2226rsu_transmit(struct ieee80211com *ic, struct mbuf *m)
2227{
2228 struct rsu_softc *sc = ic->ic_softc;
2229 int error;
2230
2231 RSU_LOCK(sc);
2232 if (!sc->sc_running) {
2233 RSU_UNLOCK(sc);
2234 return (ENXIO);
2235 }
2236
2237 /*
2238 * XXX TODO: ensure that we treat 'm' as a list of frames
2239 * to transmit!
2240 */
2241 error = mbufq_enqueue(&sc->sc_snd, m);
2242 if (error) {
2243 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2244 "%s: mbufq_enable: failed (%d)\n",
2245 __func__,
2246 error);
2247 RSU_UNLOCK(sc);
2248 return (error);
2249 }
2250 RSU_UNLOCK(sc);
2251
2252 /* This kicks the TX taskqueue */
2253 rsu_start(sc);
2254
2255 return (0);
2256}
2257
2258static void
2259rsu_drain_mbufq(struct rsu_softc *sc)
2260{
2261 struct mbuf *m;
2262 struct ieee80211_node *ni;
2263
2264 RSU_ASSERT_LOCKED(sc);
2265 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
2266 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
2267 m->m_pkthdr.rcvif = NULL;
2268 ieee80211_free_node(ni);
2269 m_freem(m);
2270 }
2271}
2272
2273static void
2274_rsu_start(struct rsu_softc *sc)
2275{
2276 struct ieee80211_node *ni;
2277 struct rsu_data *bf;
2278 struct mbuf *m;
2279
2280 RSU_ASSERT_LOCKED(sc);
2281
2282 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
2283 bf = rsu_getbuf(sc);
2284 if (bf == NULL) {
2285 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2286 "%s: failed to get buffer\n", __func__);
2287 mbufq_prepend(&sc->sc_snd, m);
2288 break;
2289 }
2290
2291 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
2292 m->m_pkthdr.rcvif = NULL;
2293
2294 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2295 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2296 "%s: failed to transmit\n", __func__);
2297 if_inc_counter(ni->ni_vap->iv_ifp,
2298 IFCOUNTER_OERRORS, 1);
2299 rsu_freebuf(sc, bf);
2300 ieee80211_free_node(ni);
2301 m_freem(m);
2302 break;
2303 }
2304 }
2305}
2306
2307static void
2308rsu_start(struct rsu_softc *sc)
2309{
2310
2311 taskqueue_enqueue(taskqueue_thread, &sc->tx_task);
2312}
2313
2314static void
2315rsu_parent(struct ieee80211com *ic)
2316{
2317 struct rsu_softc *sc = ic->ic_softc;
2318 int startall = 0;
2319
2320 RSU_LOCK(sc);
2321 if (ic->ic_nrunning > 0) {
2322 if (!sc->sc_running) {
2323 rsu_init(sc);
2324 startall = 1;
2325 }
2326 } else if (sc->sc_running)
2327 rsu_stop(sc);
2328 RSU_UNLOCK(sc);
2329
2330 if (startall)
2331 ieee80211_start_all(ic);
2332}
2333
2334/*
2335 * Power on sequence for A-cut adapters.
2336 */
2337static void
2338rsu_power_on_acut(struct rsu_softc *sc)
2339{
2340 uint32_t reg;
2341
2342 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
2343 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
2344
2345 /* Enable AFE macro block's bandgap and Mbias. */
2346 rsu_write_1(sc, R92S_AFE_MISC,
2347 rsu_read_1(sc, R92S_AFE_MISC) |
2348 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN);
2349 /* Enable LDOA15 block. */
2350 rsu_write_1(sc, R92S_LDOA15_CTRL,
2351 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
2352
2353 rsu_write_1(sc, R92S_SPS1_CTRL,
2354 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN);
2355 rsu_ms_delay(sc, 2000);
2356 /* Enable switch regulator block. */
2357 rsu_write_1(sc, R92S_SPS1_CTRL,
2358 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN);
2359
2360 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267);
2361
2362 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2363 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
2364
2365 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2366 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
2367
2368 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2369 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90);
2370
2371 /* Enable AFE clock. */
2372 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
2373 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
2374 /* Enable AFE PLL macro block. */
2375 rsu_write_1(sc, R92S_AFE_PLL_CTRL,
2376 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11);
2377 /* Attach AFE PLL to MACTOP/BB. */
2378 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
2379 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
2380
2381 /* Switch to 40MHz clock instead of 80MHz. */
2382 rsu_write_2(sc, R92S_SYS_CLKR,
2383 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL);
2384
2385 /* Enable MAC clock. */
2386 rsu_write_2(sc, R92S_SYS_CLKR,
2387 rsu_read_2(sc, R92S_SYS_CLKR) |
2388 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2389
2390 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2391
2392 /* Enable digital core and IOREG R/W. */
2393 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2394 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2395
2396 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2397 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2398
2399 /* Switch the control path to firmware. */
2400 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2401 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2402 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2403
2404 rsu_write_2(sc, R92S_CR, 0x37fc);
2405
2406 /* Fix USB RX FIFO issue. */
2407 rsu_write_1(sc, 0xfe5c,
2408 rsu_read_1(sc, 0xfe5c) | 0x80);
2409 rsu_write_1(sc, 0x00ab,
2410 rsu_read_1(sc, 0x00ab) | 0xc0);
2411
2412 rsu_write_1(sc, R92S_SYS_CLKR,
2413 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2414}
2415
2416/*
2417 * Power on sequence for B-cut and C-cut adapters.
2418 */
2419static void
2420rsu_power_on_bcut(struct rsu_softc *sc)
2421{
2422 uint32_t reg;
2423 int ntries;
2424
2425 /* Prevent eFuse leakage. */
2426 rsu_write_1(sc, 0x37, 0xb0);
2427 rsu_ms_delay(sc, 10);
2428 rsu_write_1(sc, 0x37, 0x30);
2429
2430 /* Switch the control path to hardware. */
2431 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2432 if (reg & R92S_FWHW_SEL) {
2433 rsu_write_2(sc, R92S_SYS_CLKR,
2434 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL));
2435 }
2436 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2437 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c);
2438 rsu_ms_delay(sc, 1);
2439
2440 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
2441 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
2442
2443 reg = rsu_read_1(sc, R92S_AFE_MISC);
2444 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN);
2445 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN |
2446 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN);
2447
2448 /* Enable PLL. */
2449 rsu_write_1(sc, R92S_LDOA15_CTRL,
2450 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
2451
2452 rsu_write_1(sc, R92S_LDOV12D_CTRL,
2453 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN);
2454
2455 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2456 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
2457
2458 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2459 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
2460
2461 /* Support 64KB IMEM. */
2462 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2463 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97);
2464
2465 /* Enable AFE clock. */
2466 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
2467 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
2468 /* Enable AFE PLL macro block. */
2469 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL);
2470 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2471 rsu_ms_delay(sc, 1);
2472 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51);
2473 rsu_ms_delay(sc, 1);
2474 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2475 rsu_ms_delay(sc, 1);
2476
2477 /* Attach AFE PLL to MACTOP/BB. */
2478 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
2479 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
2480
2481 /* Switch to 40MHz clock. */
2482 rsu_write_1(sc, R92S_SYS_CLKR, 0x00);
2483 /* Disable CPU clock and 80MHz SSC. */
2484 rsu_write_1(sc, R92S_SYS_CLKR,
2485 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0);
2486 /* Enable MAC clock. */
2487 rsu_write_2(sc, R92S_SYS_CLKR,
2488 rsu_read_2(sc, R92S_SYS_CLKR) |
2489 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2490
2491 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2492
2493 /* Enable digital core and IOREG R/W. */
2494 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2495 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2496
2497 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2498 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2499
2500 /* Switch the control path to firmware. */
2501 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2502 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2503 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2504
2505 rsu_write_2(sc, R92S_CR, 0x37fc);
2506
2507 /* Fix USB RX FIFO issue. */
2508 rsu_write_1(sc, 0xfe5c,
2509 rsu_read_1(sc, 0xfe5c) | 0x80);
2510
2511 rsu_write_1(sc, R92S_SYS_CLKR,
2512 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2513
2514 rsu_write_1(sc, 0xfe1c, 0x80);
2515
2516 /* Make sure TxDMA is ready to download firmware. */
2517 for (ntries = 0; ntries < 20; ntries++) {
2518 reg = rsu_read_1(sc, R92S_TCR);
2519 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) ==
2520 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT))
2521 break;
2522 rsu_ms_delay(sc, 1);
2523 }
2524 if (ntries == 20) {
2525 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_TX,
2526 "%s: TxDMA is not ready\n",
2527 __func__);
2528 /* Reset TxDMA. */
2529 reg = rsu_read_1(sc, R92S_CR);
2530 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN);
2531 rsu_ms_delay(sc, 1);
2532 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN);
2533 }
2534}
2535
2536static void
2537rsu_power_off(struct rsu_softc *sc)
2538{
2539 /* Turn RF off. */
2540 rsu_write_1(sc, R92S_RF_CTRL, 0x00);
2541 rsu_ms_delay(sc, 5);
2542
2543 /* Turn MAC off. */
2544 /* Switch control path. */
2545 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38);
2546 /* Reset MACTOP. */
2547 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70);
2548 rsu_write_1(sc, R92S_PMC_FSM, 0x06);
2549 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9);
2550 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8);
2551
2552 /* Disable AFE PLL. */
2553 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00);
2554 /* Disable A15V. */
2555 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54);
2556 /* Disable eFuse 1.2V. */
2557 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50);
2558 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24);
2559 /* Enable AFE macro block's bandgap and Mbias. */
2560 rsu_write_1(sc, R92S_AFE_MISC, 0x30);
2561 /* Disable 1.6V LDO. */
2562 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56);
2563 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43);
2564
2565 /* Firmware - tell it to switch things off */
2566 (void) rsu_set_fw_power_state(sc, RSU_PWR_OFF);
2567}
2568
2569static int
2570rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len)
2571{
2572 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO];
2573 struct rsu_data *data;
2574 struct r92s_tx_desc *txd;
2575 int mlen;
2576
2577 while (len > 0) {
2578 data = rsu_getbuf(sc);
2579 if (data == NULL)
2580 return (ENOMEM);
2581 txd = (struct r92s_tx_desc *)data->buf;
2582 memset(txd, 0, sizeof(*txd));
2583 if (len <= RSU_TXBUFSZ - sizeof(*txd)) {
2584 /* Last chunk. */
2585 txd->txdw0 |= htole32(R92S_TXDW0_LINIP);
2586 mlen = len;
2587 } else
2588 mlen = RSU_TXBUFSZ - sizeof(*txd);
2589 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen));
2590 memcpy(&txd[1], buf, mlen);
2591 data->buflen = sizeof(*txd) + mlen;
2592 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FW | RSU_DEBUG_RESET,
2593 "%s: starting transfer %p\n",
2594 __func__, data);
2595 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
2596 buf += mlen;
2597 len -= mlen;
2598 }
2599 usbd_transfer_start(sc->sc_xfer[which]);
2600 return (0);
2601}
2602
2603static int
2604rsu_load_firmware(struct rsu_softc *sc)
2605{
2606 const struct r92s_fw_hdr *hdr;
2607 struct r92s_fw_priv *dmem;
2608 struct ieee80211com *ic = &sc->sc_ic;
2609 const uint8_t *imem, *emem;
2610 int imemsz, ememsz;
2611 const struct firmware *fw;
2612 size_t size;
2613 uint32_t reg;
2614 int ntries, error;
2615
2616 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY) {
2617 RSU_DPRINTF(sc, RSU_DEBUG_ANY,
2618 "%s: Firmware already loaded\n",
2619 __func__);
2620 return (0);
2621 }
2622
2623 RSU_UNLOCK(sc);
2624 /* Read firmware image from the filesystem. */
2625 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) {
2626 device_printf(sc->sc_dev,
2627 "%s: failed load firmware of file rsu-rtl8712fw\n",
2628 __func__);
2629 RSU_LOCK(sc);
2630 return (ENXIO);
2631 }
2632 RSU_LOCK(sc);
2633 size = fw->datasize;
2634 if (size < sizeof(*hdr)) {
2635 device_printf(sc->sc_dev, "firmware too short\n");
2636 error = EINVAL;
2637 goto fail;
2638 }
2639 hdr = (const struct r92s_fw_hdr *)fw->data;
2640 if (hdr->signature != htole16(0x8712) &&
2641 hdr->signature != htole16(0x8192)) {
2642 device_printf(sc->sc_dev,
2643 "invalid firmware signature 0x%x\n",
2644 le16toh(hdr->signature));
2645 error = EINVAL;
2646 goto fail;
2647 }
2648 DPRINTF("FW V%d %02x-%02x %02x:%02x\n", le16toh(hdr->version),
2649 hdr->month, hdr->day, hdr->hour, hdr->minute);
2650
2651 /* Make sure that driver and firmware are in sync. */
2652 if (hdr->privsz != htole32(sizeof(*dmem))) {
2653 device_printf(sc->sc_dev, "unsupported firmware image\n");
2654 error = EINVAL;
2655 goto fail;
2656 }
2657 /* Get FW sections sizes. */
2658 imemsz = le32toh(hdr->imemsz);
2659 ememsz = le32toh(hdr->sramsz);
2660 /* Check that all FW sections fit in image. */
2661 if (size < sizeof(*hdr) + imemsz + ememsz) {
2662 device_printf(sc->sc_dev, "firmware too short\n");
2663 error = EINVAL;
2664 goto fail;
2665 }
2666 imem = (const uint8_t *)&hdr[1];
2667 emem = imem + imemsz;
2668
2669 /* Load IMEM section. */
2670 error = rsu_fw_loadsection(sc, imem, imemsz);
2671 if (error != 0) {
2672 device_printf(sc->sc_dev,
2673 "could not load firmware section %s\n", "IMEM");
2674 goto fail;
2675 }
2676 /* Wait for load to complete. */
2677 for (ntries = 0; ntries != 50; ntries++) {
2678 rsu_ms_delay(sc, 10);
2679 reg = rsu_read_1(sc, R92S_TCR);
2680 if (reg & R92S_TCR_IMEM_CODE_DONE)
2681 break;
2682 }
2683 if (ntries == 50) {
2684 device_printf(sc->sc_dev, "timeout waiting for IMEM transfer\n");
2685 error = ETIMEDOUT;
2686 goto fail;
2687 }
2688 /* Load EMEM section. */
2689 error = rsu_fw_loadsection(sc, emem, ememsz);
2690 if (error != 0) {
2691 device_printf(sc->sc_dev,
2692 "could not load firmware section %s\n", "EMEM");
2693 goto fail;
2694 }
2695 /* Wait for load to complete. */
2696 for (ntries = 0; ntries != 50; ntries++) {
2697 rsu_ms_delay(sc, 10);
2698 reg = rsu_read_2(sc, R92S_TCR);
2699 if (reg & R92S_TCR_EMEM_CODE_DONE)
2700 break;
2701 }
2702 if (ntries == 50) {
2703 device_printf(sc->sc_dev, "timeout waiting for EMEM transfer\n");
2704 error = ETIMEDOUT;
2705 goto fail;
2706 }
2707 /* Enable CPU. */
2708 rsu_write_1(sc, R92S_SYS_CLKR,
2709 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL);
2710 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) {
2711 device_printf(sc->sc_dev, "could not enable system clock\n");
2712 error = EIO;
2713 goto fail;
2714 }
2715 rsu_write_2(sc, R92S_SYS_FUNC_EN,
2716 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN);
2717 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) {
2718 device_printf(sc->sc_dev,
2719 "could not enable microcontroller\n");
2720 error = EIO;
2721 goto fail;
2722 }
2723 /* Wait for CPU to initialize. */
2724 for (ntries = 0; ntries < 100; ntries++) {
2725 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_IMEM_RDY)
2726 break;
2727 rsu_ms_delay(sc, 1);
2728 }
2729 if (ntries == 100) {
2730 device_printf(sc->sc_dev,
2731 "timeout waiting for microcontroller\n");
2732 error = ETIMEDOUT;
2733 goto fail;
2734 }
2735
2736 /* Update DMEM section before loading. */
2737 dmem = __DECONST(struct r92s_fw_priv *, &hdr->priv);
2738 memset(dmem, 0, sizeof(*dmem));
2739 dmem->hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172;
2740 dmem->nendpoints = sc->sc_nendpoints;
2741 dmem->chip_version = sc->cut;
2742 dmem->rf_config = sc->sc_rftype;
2743 dmem->vcs_type = R92S_VCS_TYPE_AUTO;
2744 dmem->vcs_mode = R92S_VCS_MODE_RTS_CTS;
2745 dmem->turbo_mode = 0;
2746 dmem->bw40_en = !! (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40);
2747 dmem->amsdu2ampdu_en = !! (sc->sc_ht);
2748 dmem->ampdu_en = !! (sc->sc_ht);
2749 dmem->agg_offload = !! (sc->sc_ht);
2750 dmem->qos_en = 1;
2751 dmem->ps_offload = 1;
2752 dmem->lowpower_mode = 1; /* XXX TODO: configurable? */
2753 /* Load DMEM section. */
2754 error = rsu_fw_loadsection(sc, (uint8_t *)dmem, sizeof(*dmem));
2755 if (error != 0) {
2756 device_printf(sc->sc_dev,
2757 "could not load firmware section %s\n", "DMEM");
2758 goto fail;
2759 }
2760 /* Wait for load to complete. */
2761 for (ntries = 0; ntries < 100; ntries++) {
2762 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE)
2763 break;
2764 rsu_ms_delay(sc, 1);
2765 }
2766 if (ntries == 100) {
2767 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2768 "DMEM");
2769 error = ETIMEDOUT;
2770 goto fail;
2771 }
2772 /* Wait for firmware readiness. */
2773 for (ntries = 0; ntries < 60; ntries++) {
2774 if (!(rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY))
2775 break;
2776 rsu_ms_delay(sc, 1);
2777 }
2778 if (ntries == 60) {
2779 device_printf(sc->sc_dev,
2780 "timeout waiting for firmware readiness\n");
2781 error = ETIMEDOUT;
2782 goto fail;
2783 }
2784 fail:
2785 firmware_put(fw, FIRMWARE_UNLOAD);
2786 return (error);
2787}
2788
2789
2790static int
2791rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2792 const struct ieee80211_bpf_params *params)
2793{
2794 struct ieee80211com *ic = ni->ni_ic;
2795 struct rsu_softc *sc = ic->ic_softc;
2796 struct rsu_data *bf;
2797
2798 /* prevent management frames from being sent if we're not ready */
2799 if (!sc->sc_running) {
2800 m_freem(m);
2801 return (ENETDOWN);
2802 }
2803 RSU_LOCK(sc);
2804 bf = rsu_getbuf(sc);
2805 if (bf == NULL) {
2806 m_freem(m);
2807 RSU_UNLOCK(sc);
2808 return (ENOBUFS);
2809 }
2810 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2811 m_freem(m);
2812 rsu_freebuf(sc, bf);
2813 RSU_UNLOCK(sc);
2814 return (EIO);
2815 }
2816 RSU_UNLOCK(sc);
2817
2818 return (0);
2819}
2820
2821static void
2822rsu_init(struct rsu_softc *sc)
2823{
2824 struct ieee80211com *ic = &sc->sc_ic;
2825 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2826 uint8_t macaddr[IEEE80211_ADDR_LEN];
2827 int error;
2828 int i;
2829
2830 RSU_ASSERT_LOCKED(sc);
2831
2832 /* Ensure the mbuf queue is drained */
2833 rsu_drain_mbufq(sc);
2834
2835 /* Init host async commands ring. */
2836 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0;
2837
2838 /* Reset power management state. */
2839 rsu_write_1(sc, R92S_USB_HRPWM, 0);
2840
2841 /* Power on adapter. */
2842 if (sc->cut == 1)
2843 rsu_power_on_acut(sc);
2844 else
2845 rsu_power_on_bcut(sc);
2846
2847 /* Load firmware. */
2848 error = rsu_load_firmware(sc);
2849 if (error != 0)
2850 goto fail;
2851
2852 /* Enable Rx TCP checksum offload. */
2853 rsu_write_4(sc, R92S_RCR,
2854 rsu_read_4(sc, R92S_RCR) | 0x04000000);
2855 /* Append PHY status. */
2856 rsu_write_4(sc, R92S_RCR,
2857 rsu_read_4(sc, R92S_RCR) | 0x02000000);
2858
2859 rsu_write_4(sc, R92S_CR,
2860 rsu_read_4(sc, R92S_CR) & ~0xff000000);
2861
2862 /* Use 128 bytes pages. */
2863 rsu_write_1(sc, 0x00b5,
2864 rsu_read_1(sc, 0x00b5) | 0x01);
2865 /* Enable USB Rx aggregation. */
2866 rsu_write_1(sc, 0x00bd,
2867 rsu_read_1(sc, 0x00bd) | 0x80);
2868 /* Set USB Rx aggregation threshold. */
2869 rsu_write_1(sc, 0x00d9, 0x01);
2870 /* Set USB Rx aggregation timeout (1.7ms/4). */
2871 rsu_write_1(sc, 0xfe5b, 0x04);
2872 /* Fix USB Rx FIFO issue. */
2873 rsu_write_1(sc, 0xfe5c,
2874 rsu_read_1(sc, 0xfe5c) | 0x80);
2875
2876 /* Set MAC address. */
2877 IEEE80211_ADDR_COPY(macaddr, vap ? vap->iv_myaddr : ic->ic_macaddr);
2878 rsu_write_region_1(sc, R92S_MACID, macaddr, IEEE80211_ADDR_LEN);
2879
2880 /* It really takes 1.5 seconds for the firmware to boot: */
2881 rsu_ms_delay(sc, 2000);
2882
2883 RSU_DPRINTF(sc, RSU_DEBUG_RESET, "%s: setting MAC address to %s\n",
2884 __func__,
2885 ether_sprintf(macaddr));
2886 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, macaddr,
2887 IEEE80211_ADDR_LEN);
2888 if (error != 0) {
2889 device_printf(sc->sc_dev, "could not set MAC address\n");
2890 goto fail;
2891 }
2892
2893 /* Set PS mode fully active */
2894 error = rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
2895
2896 if (error != 0) {
2897 device_printf(sc->sc_dev, "could not set PS mode\n");
2898 goto fail;
2899 }
2900
2901 sc->sc_scan_pass = 0;
2902 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]);
2903
2904 /* We're ready to go. */
2905 sc->sc_running = 1;
2906 sc->sc_scanning = 0;
2907 return;
2908fail:
2909 /* Need to stop all failed transfers, if any */
2910 for (i = 0; i != RSU_N_TRANSFER; i++)
2911 usbd_transfer_stop(sc->sc_xfer[i]);
2912}
2913
2914static void
2915rsu_stop(struct rsu_softc *sc)
2916{
2917 int i;
2918
2919 RSU_ASSERT_LOCKED(sc);
2920
2921 sc->sc_running = 0;
2922 sc->sc_calibrating = 0;
2923 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL);
2924 taskqueue_cancel(taskqueue_thread, &sc->tx_task, NULL);
2925
2926 /* Power off adapter. */
2927 rsu_power_off(sc);
2928
2929 for (i = 0; i < RSU_N_TRANSFER; i++)
2930 usbd_transfer_stop(sc->sc_xfer[i]);
2931
2932 /* Ensure the mbuf queue is drained */
2933 rsu_drain_mbufq(sc);
2934}
2935
2936/*
2937 * Note: usb_pause_mtx() actually releases the mutex before calling pause(),
2938 * which breaks any kind of driver serialisation.
2939 */
2940static void
2941rsu_ms_delay(struct rsu_softc *sc, int ms)
2942{
2943
2944 //usb_pause_mtx(&sc->sc_mtx, hz / 1000);
2945 DELAY(ms * 1000);
2946}