702rsu_set_channel(struct ieee80211com *ic __unused)
703{
704 /* We are unable to switch channels, yet. */
705}
706
707static void
708rsu_update_mcast(struct ieee80211com *ic)
709{
710 /* XXX do nothing? */
711}
712
713static int
714rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[],
715 int ndata, int maxsz)
716{
717 int i, error;
718
719 for (i = 0; i < ndata; i++) {
720 struct rsu_data *dp = &data[i];
721 dp->sc = sc;
722 dp->m = NULL;
723 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT);
724 if (dp->buf == NULL) {
725 device_printf(sc->sc_dev,
726 "could not allocate buffer\n");
727 error = ENOMEM;
728 goto fail;
729 }
730 dp->ni = NULL;
731 }
732
733 return (0);
734fail:
735 rsu_free_list(sc, data, ndata);
736 return (error);
737}
738
739static int
740rsu_alloc_rx_list(struct rsu_softc *sc)
741{
742 int error, i;
743
744 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT,
745 RSU_RXBUFSZ);
746 if (error != 0)
747 return (error);
748
749 STAILQ_INIT(&sc->sc_rx_active);
750 STAILQ_INIT(&sc->sc_rx_inactive);
751
752 for (i = 0; i < RSU_RX_LIST_COUNT; i++)
753 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next);
754
755 return (0);
756}
757
758static int
759rsu_alloc_tx_list(struct rsu_softc *sc)
760{
761 int error, i;
762
763 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT,
764 RSU_TXBUFSZ);
765 if (error != 0)
766 return (error);
767
768 STAILQ_INIT(&sc->sc_tx_inactive);
769
770 for (i = 0; i != RSU_N_TRANSFER; i++) {
771 STAILQ_INIT(&sc->sc_tx_active[i]);
772 STAILQ_INIT(&sc->sc_tx_pending[i]);
773 }
774
775 for (i = 0; i < RSU_TX_LIST_COUNT; i++) {
776 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next);
777 }
778
779 return (0);
780}
781
782static void
783rsu_free_tx_list(struct rsu_softc *sc)
784{
785 int i;
786
787 /* prevent further allocations from TX list(s) */
788 STAILQ_INIT(&sc->sc_tx_inactive);
789
790 for (i = 0; i != RSU_N_TRANSFER; i++) {
791 STAILQ_INIT(&sc->sc_tx_active[i]);
792 STAILQ_INIT(&sc->sc_tx_pending[i]);
793 }
794
795 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT);
796}
797
798static void
799rsu_free_rx_list(struct rsu_softc *sc)
800{
801 /* prevent further allocations from RX list(s) */
802 STAILQ_INIT(&sc->sc_rx_inactive);
803 STAILQ_INIT(&sc->sc_rx_active);
804
805 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT);
806}
807
808static void
809rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata)
810{
811 int i;
812
813 for (i = 0; i < ndata; i++) {
814 struct rsu_data *dp = &data[i];
815
816 if (dp->buf != NULL) {
817 free(dp->buf, M_USBDEV);
818 dp->buf = NULL;
819 }
820 if (dp->ni != NULL) {
821 ieee80211_free_node(dp->ni);
822 dp->ni = NULL;
823 }
824 }
825}
826
827static struct rsu_data *
828_rsu_getbuf(struct rsu_softc *sc)
829{
830 struct rsu_data *bf;
831
832 bf = STAILQ_FIRST(&sc->sc_tx_inactive);
833 if (bf != NULL)
834 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next);
835 else
836 bf = NULL;
837 return (bf);
838}
839
840static struct rsu_data *
841rsu_getbuf(struct rsu_softc *sc)
842{
843 struct rsu_data *bf;
844
845 RSU_ASSERT_LOCKED(sc);
846
847 bf = _rsu_getbuf(sc);
848 if (bf == NULL) {
849 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: no buffers\n", __func__);
850 }
851 return (bf);
852}
853
854static void
855rsu_freebuf(struct rsu_softc *sc, struct rsu_data *bf)
856{
857
858 RSU_ASSERT_LOCKED(sc);
859 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, bf, next);
860}
861
862static int
863rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
864 int len)
865{
866 usb_device_request_t req;
867
868 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
869 req.bRequest = R92S_REQ_REGS;
870 USETW(req.wValue, addr);
871 USETW(req.wIndex, 0);
872 USETW(req.wLength, len);
873
874 return (rsu_do_request(sc, &req, buf));
875}
876
877static void
878rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val)
879{
880 rsu_write_region_1(sc, addr, &val, 1);
881}
882
883static void
884rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val)
885{
886 val = htole16(val);
887 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2);
888}
889
890static void
891rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val)
892{
893 val = htole32(val);
894 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4);
895}
896
897static int
898rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
899 int len)
900{
901 usb_device_request_t req;
902
903 req.bmRequestType = UT_READ_VENDOR_DEVICE;
904 req.bRequest = R92S_REQ_REGS;
905 USETW(req.wValue, addr);
906 USETW(req.wIndex, 0);
907 USETW(req.wLength, len);
908
909 return (rsu_do_request(sc, &req, buf));
910}
911
912static uint8_t
913rsu_read_1(struct rsu_softc *sc, uint16_t addr)
914{
915 uint8_t val;
916
917 if (rsu_read_region_1(sc, addr, &val, 1) != 0)
918 return (0xff);
919 return (val);
920}
921
922static uint16_t
923rsu_read_2(struct rsu_softc *sc, uint16_t addr)
924{
925 uint16_t val;
926
927 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0)
928 return (0xffff);
929 return (le16toh(val));
930}
931
932static uint32_t
933rsu_read_4(struct rsu_softc *sc, uint16_t addr)
934{
935 uint32_t val;
936
937 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0)
938 return (0xffffffff);
939 return (le32toh(val));
940}
941
942static int
943rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd)
944{
945 int ntries;
946
947 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd);
948 rsu_ms_delay(sc, 1);
949 for (ntries = 0; ntries < 50; ntries++) {
950 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0)
951 return (0);
952 rsu_ms_delay(sc, 1);
953 }
954 return (ETIMEDOUT);
955}
956
957static uint8_t
958rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr)
959{
960 uint32_t reg;
961 int ntries;
962
963 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
964 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr);
965 reg &= ~R92S_EFUSE_CTRL_VALID;
966 rsu_write_4(sc, R92S_EFUSE_CTRL, reg);
967 /* Wait for read operation to complete. */
968 for (ntries = 0; ntries < 100; ntries++) {
969 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
970 if (reg & R92S_EFUSE_CTRL_VALID)
971 return (MS(reg, R92S_EFUSE_CTRL_DATA));
972 rsu_ms_delay(sc, 1);
973 }
974 device_printf(sc->sc_dev,
975 "could not read efuse byte at address 0x%x\n", addr);
976 return (0xff);
977}
978
979static int
980rsu_read_rom(struct rsu_softc *sc)
981{
982 uint8_t *rom = sc->rom;
983 uint16_t addr = 0;
984 uint32_t reg;
985 uint8_t off, msk;
986 int i;
987
988 /* Make sure that ROM type is eFuse and that autoload succeeded. */
989 reg = rsu_read_1(sc, R92S_EE_9346CR);
990 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN)
991 return (EIO);
992
993 /* Turn on 2.5V to prevent eFuse leakage. */
994 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3);
995 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80);
996 rsu_ms_delay(sc, 1);
997 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80);
998
999 /* Read full ROM image. */
1000 memset(&sc->rom, 0xff, sizeof(sc->rom));
1001 while (addr < 512) {
1002 reg = rsu_efuse_read_1(sc, addr);
1003 if (reg == 0xff)
1004 break;
1005 addr++;
1006 off = reg >> 4;
1007 msk = reg & 0xf;
1008 for (i = 0; i < 4; i++) {
1009 if (msk & (1 << i))
1010 continue;
1011 rom[off * 8 + i * 2 + 0] =
1012 rsu_efuse_read_1(sc, addr);
1013 addr++;
1014 rom[off * 8 + i * 2 + 1] =
1015 rsu_efuse_read_1(sc, addr);
1016 addr++;
1017 }
1018 }
1019#ifdef USB_DEBUG
1020 if (rsu_debug >= 5) {
1021 /* Dump ROM content. */
1022 printf("\n");
1023 for (i = 0; i < sizeof(sc->rom); i++)
1024 printf("%02x:", rom[i]);
1025 printf("\n");
1026 }
1027#endif
1028 return (0);
1029}
1030
1031static int
1032rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len)
1033{
1034 const uint8_t which = RSU_H2C_ENDPOINT;
1035 struct rsu_data *data;
1036 struct r92s_tx_desc *txd;
1037 struct r92s_fw_cmd_hdr *cmd;
1038 int cmdsz;
1039 int xferlen;
1040
1041 RSU_ASSERT_LOCKED(sc);
1042
1043 data = rsu_getbuf(sc);
1044 if (data == NULL)
1045 return (ENOMEM);
1046
1047 /* Blank the entire payload, just to be safe */
1048 memset(data->buf, '\0', RSU_TXBUFSZ);
1049
1050 /* Round-up command length to a multiple of 8 bytes. */
1051 /* XXX TODO: is this required? */
1052 cmdsz = (len + 7) & ~7;
1053
1054 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz;
1055 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__));
1056 memset(data->buf, 0, xferlen);
1057
1058 /* Setup Tx descriptor. */
1059 txd = (struct r92s_tx_desc *)data->buf;
1060 txd->txdw0 = htole32(
1061 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
1062 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) |
1063 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
1064 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C));
1065
1066 /* Setup command header. */
1067 cmd = (struct r92s_fw_cmd_hdr *)&txd[1];
1068 cmd->len = htole16(cmdsz);
1069 cmd->code = code;
1070 cmd->seq = sc->cmd_seq;
1071 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f;
1072
1073 /* Copy command payload. */
1074 memcpy(&cmd[1], buf, len);
1075
1076 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FWCMD,
1077 "%s: Tx cmd code=0x%x len=0x%x\n",
1078 __func__, code, cmdsz);
1079 data->buflen = xferlen;
1080 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
1081 usbd_transfer_start(sc->sc_xfer[which]);
1082
1083 return (0);
1084}
1085
1086/* ARGSUSED */
1087static void
1088rsu_calib_task(void *arg, int pending __unused)
1089{
1090 struct rsu_softc *sc = arg;
1091#ifdef notyet
1092 uint32_t reg;
1093#endif
1094
1095 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: running calibration task\n",
1096 __func__);
1097
1098 RSU_LOCK(sc);
1099#ifdef notyet
1100 /* Read WPS PBC status. */
1101 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL,
1102 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG));
1103 rsu_write_1(sc, R92S_GPIO_IO_SEL,
1104 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS);
1105 reg = rsu_read_1(sc, R92S_GPIO_CTRL);
1106 if (reg != 0xff && (reg & R92S_GPIO_WPS))
1107 DPRINTF(("WPS PBC is pushed\n"));
1108#endif
1109 /* Read current signal level. */
1110 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) {
1111 sc->sc_currssi = rsu_read_4(sc, R92S_IOCMD_DATA);
1112 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: RSSI=%d (%d)\n",
1113 __func__, sc->sc_currssi,
1114 rsu_hwrssi_to_rssi(sc, sc->sc_currssi));
1115 }
1116 if (sc->sc_calibrating)
1117 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz);
1118 RSU_UNLOCK(sc);
1119}
1120
1121static void
1122rsu_tx_task(void *arg, int pending __unused)
1123{
1124 struct rsu_softc *sc = arg;
1125
1126 RSU_LOCK(sc);
1127 _rsu_start(sc);
1128 RSU_UNLOCK(sc);
1129}
1130
1131#define RSU_PWR_UNKNOWN 0x0
1132#define RSU_PWR_ACTIVE 0x1
1133#define RSU_PWR_OFF 0x2
1134#define RSU_PWR_SLEEP 0x3
1135
1136/*
1137 * Set the current power state.
1138 *
1139 * The rtlwifi code doesn't do this so aggressively; it
1140 * waits for an idle period after association with
1141 * no traffic before doing this.
1142 *
1143 * For now - it's on in all states except RUN, and
1144 * in RUN it'll transition to allow sleep.
1145 */
1146
1147struct r92s_pwr_cmd {
1148 uint8_t mode;
1149 uint8_t smart_ps;
1150 uint8_t bcn_pass_time;
1151};
1152
1153static int
1154rsu_set_fw_power_state(struct rsu_softc *sc, int state)
1155{
1156 struct r92s_set_pwr_mode cmd;
1157 //struct r92s_pwr_cmd cmd;
1158 int error;
1159
1160 RSU_ASSERT_LOCKED(sc);
1161
1162 /* only change state if required */
1163 if (sc->sc_curpwrstate == state)
1164 return (0);
1165
1166 memset(&cmd, 0, sizeof(cmd));
1167
1168 switch (state) {
1169 case RSU_PWR_ACTIVE:
1170 /* Force the hardware awake */
1171 rsu_write_1(sc, R92S_USB_HRPWM,
1172 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON);
1173 cmd.mode = R92S_PS_MODE_ACTIVE;
1174 break;
1175 case RSU_PWR_SLEEP:
1176 cmd.mode = R92S_PS_MODE_DTIM; /* XXX configurable? */
1177 cmd.smart_ps = 1; /* XXX 2 if doing p2p */
1178 cmd.bcn_pass_time = 5; /* in 100mS usb.c, linux/rtlwifi */
1179 break;
1180 case RSU_PWR_OFF:
1181 cmd.mode = R92S_PS_MODE_RADIOOFF;
1182 break;
1183 default:
1184 device_printf(sc->sc_dev, "%s: unknown ps mode (%d)\n",
1185 __func__,
1186 state);
1187 return (ENXIO);
1188 }
1189
1190 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1191 "%s: setting ps mode to %d (mode %d)\n",
1192 __func__, state, cmd.mode);
1193 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd));
1194 if (error == 0)
1195 sc->sc_curpwrstate = state;
1196
1197 return (error);
1198}
1199
1200static int
1201rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
1202{
1203 struct rsu_vap *uvp = RSU_VAP(vap);
1204 struct ieee80211com *ic = vap->iv_ic;
1205 struct rsu_softc *sc = ic->ic_softc;
1206 struct ieee80211_node *ni;
1207 struct ieee80211_rateset *rs;
1208 enum ieee80211_state ostate;
1209 int error, startcal = 0;
1210
1211 ostate = vap->iv_state;
1212 RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: %s -> %s\n",
1213 __func__,
1214 ieee80211_state_name[ostate],
1215 ieee80211_state_name[nstate]);
1216
1217 IEEE80211_UNLOCK(ic);
1218 if (ostate == IEEE80211_S_RUN) {
1219 RSU_LOCK(sc);
1220 /* Stop calibration. */
1221 sc->sc_calibrating = 0;
1222 RSU_UNLOCK(sc);
1223 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
1224 taskqueue_drain(taskqueue_thread, &sc->tx_task);
1225 /* Disassociate from our current BSS. */
1226 RSU_LOCK(sc);
1227 rsu_disconnect(sc);
1228 } else
1229 RSU_LOCK(sc);
1230 switch (nstate) {
1231 case IEEE80211_S_INIT:
1232 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
1233 break;
1234 case IEEE80211_S_AUTH:
1235 ni = ieee80211_ref_node(vap->iv_bss);
1236 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
1237 error = rsu_join_bss(sc, ni);
1238 ieee80211_free_node(ni);
1239 if (error != 0) {
1240 device_printf(sc->sc_dev,
1241 "could not send join command\n");
1242 }
1243 break;
1244 case IEEE80211_S_RUN:
1245 ni = ieee80211_ref_node(vap->iv_bss);
1246 rs = &ni->ni_rates;
1247 /* Indicate highest supported rate. */
1248 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1];
1249 (void) rsu_set_fw_power_state(sc, RSU_PWR_SLEEP);
1250 ieee80211_free_node(ni);
1251 startcal = 1;
1252 break;
1253 default:
1254 break;
1255 }
1256 sc->sc_calibrating = 1;
1257 /* Start periodic calibration. */
1258 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz);
1259 RSU_UNLOCK(sc);
1260 IEEE80211_LOCK(ic);
1261 return (uvp->newstate(vap, nstate, arg));
1262}
1263
1264#ifdef notyet
1265static void
1266rsu_set_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1267{
1268 struct r92s_fw_cmd_set_key key;
1269
1270 memset(&key, 0, sizeof(key));
1271 /* Map net80211 cipher to HW crypto algorithm. */
1272 switch (k->wk_cipher->ic_cipher) {
1273 case IEEE80211_CIPHER_WEP:
1274 if (k->wk_keylen < 8)
1275 key.algo = R92S_KEY_ALGO_WEP40;
1276 else
1277 key.algo = R92S_KEY_ALGO_WEP104;
1278 break;
1279 case IEEE80211_CIPHER_TKIP:
1280 key.algo = R92S_KEY_ALGO_TKIP;
1281 break;
1282 case IEEE80211_CIPHER_AES_CCM:
1283 key.algo = R92S_KEY_ALGO_AES;
1284 break;
1285 default:
1286 return;
1287 }
1288 key.id = k->wk_keyix;
1289 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0;
1290 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key)));
1291 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1292}
1293
1294static void
1295rsu_delete_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1296{
1297 struct r92s_fw_cmd_set_key key;
1298
1299 memset(&key, 0, sizeof(key));
1300 key.id = k->wk_keyix;
1301 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1302}
1303#endif
1304
1305static int
1306rsu_site_survey(struct rsu_softc *sc, struct ieee80211vap *vap)
1307{
1308 struct r92s_fw_cmd_sitesurvey cmd;
1309 struct ieee80211com *ic = &sc->sc_ic;
1310 int r;
1311
1312 RSU_ASSERT_LOCKED(sc);
1313
1314 memset(&cmd, 0, sizeof(cmd));
1315 if ((ic->ic_flags & IEEE80211_F_ASCAN) || sc->sc_scan_pass == 1)
1316 cmd.active = htole32(1);
1317 cmd.limit = htole32(48);
1318 if (sc->sc_scan_pass == 1 && vap->iv_des_nssid > 0) {
1319 /* Do a directed scan for second pass. */
1320 cmd.ssidlen = htole32(vap->iv_des_ssid[0].len);
1321 memcpy(cmd.ssid, vap->iv_des_ssid[0].ssid,
1322 vap->iv_des_ssid[0].len);
1323
1324 }
1325 DPRINTF("sending site survey command, pass=%d\n", sc->sc_scan_pass);
1326 r = rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd));
1327 if (r == 0) {
1328 sc->sc_scanning = 1;
1329 }
1330 return (r);
1331}
1332
1333static int
1334rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni)
1335{
1336 struct ieee80211com *ic = &sc->sc_ic;
1337 struct ieee80211vap *vap = ni->ni_vap;
1338 struct ndis_wlan_bssid_ex *bss;
1339 struct ndis_802_11_fixed_ies *fixed;
1340 struct r92s_fw_cmd_auth auth;
1341 uint8_t buf[sizeof(*bss) + 128] __aligned(4);
1342 uint8_t *frm;
1343 uint8_t opmode;
1344 int error;
1345 int cnt;
1346 char *msg = "rsujoin";
1347
1348 RSU_ASSERT_LOCKED(sc);
1349
1350 /*
1351 * Until net80211 scanning doesn't automatically finish
1352 * before we tell it to, let's just wait until any pending
1353 * scan is done.
1354 *
1355 * XXX TODO: yes, this releases and re-acquires the lock.
1356 * We should re-verify the state whenever we re-attempt this!
1357 */
1358 cnt = 0;
1359 while (sc->sc_scanning && cnt < 10) {
1360 device_printf(sc->sc_dev,
1361 "%s: still scanning! (attempt %d)\n",
1362 __func__, cnt);
1363 msleep(msg, &sc->sc_mtx, 0, msg, hz / 2);
1364 cnt++;
1365 }
1366
1367 /* Let the FW decide the opmode based on the capinfo field. */
1368 opmode = NDIS802_11AUTOUNKNOWN;
1369 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1370 "%s: setting operating mode to %d\n",
1371 __func__, opmode);
1372 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode));
1373 if (error != 0)
1374 return (error);
1375
1376 memset(&auth, 0, sizeof(auth));
1377 if (vap->iv_flags & IEEE80211_F_WPA) {
1378 auth.mode = R92S_AUTHMODE_WPA;
1379 auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X);
1380 } else
1381 auth.mode = R92S_AUTHMODE_OPEN;
1382 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1383 "%s: setting auth mode to %d\n",
1384 __func__, auth.mode);
1385 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth));
1386 if (error != 0)
1387 return (error);
1388
1389 memset(buf, 0, sizeof(buf));
1390 bss = (struct ndis_wlan_bssid_ex *)buf;
1391 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid);
1392 bss->ssid.ssidlen = htole32(ni->ni_esslen);
1393 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen);
1394 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA))
1395 bss->privacy = htole32(1);
1396 bss->rssi = htole32(ni->ni_avgrssi);
1397 if (ic->ic_curmode == IEEE80211_MODE_11B)
1398 bss->networktype = htole32(NDIS802_11DS);
1399 else
1400 bss->networktype = htole32(NDIS802_11OFDM24);
1401 bss->config.len = htole32(sizeof(bss->config));
1402 bss->config.bintval = htole32(ni->ni_intval);
1403 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan));
1404 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE);
1405 /* XXX verify how this is supposed to look! */
1406 memcpy(bss->supprates, ni->ni_rates.rs_rates,
1407 ni->ni_rates.rs_nrates);
1408 /* Write the fixed fields of the beacon frame. */
1409 fixed = (struct ndis_802_11_fixed_ies *)&bss[1];
1410 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8);
1411 fixed->bintval = htole16(ni->ni_intval);
1412 fixed->capabilities = htole16(ni->ni_capinfo);
1413 /* Write IEs to be included in the association request. */
1414 frm = (uint8_t *)&fixed[1];
1415 frm = ieee80211_add_rsn(frm, vap);
1416 frm = ieee80211_add_wpa(frm, vap);
1417 frm = ieee80211_add_qos(frm, ni);
1418 if ((ic->ic_flags & IEEE80211_F_WME) &&
1419 (ni->ni_ies.wme_ie != NULL))
1420 frm = ieee80211_add_wme_info(frm, &ic->ic_wme);
1421 if (ni->ni_flags & IEEE80211_NODE_HT) {
1422 frm = ieee80211_add_htcap(frm, ni);
1423 frm = ieee80211_add_htinfo(frm, ni);
1424 }
1425 bss->ieslen = htole32(frm - (uint8_t *)fixed);
1426 bss->len = htole32(((frm - buf) + 3) & ~3);
1427 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_FWCMD,
1428 "%s: sending join bss command to %s chan %d\n",
1429 __func__,
1430 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig));
1431 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf)));
1432}
1433
1434static int
1435rsu_disconnect(struct rsu_softc *sc)
1436{
1437 uint32_t zero = 0; /* :-) */
1438
1439 /* Disassociate from our current BSS. */
1440 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1441 "%s: sending disconnect command\n", __func__);
1442 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero)));
1443}
1444
1445/*
1446 * Map the hardware provided RSSI value to a signal level.
1447 * For the most part it's just something we divide by and cap
1448 * so it doesn't overflow the representation by net80211.
1449 */
1450static int
1451rsu_hwrssi_to_rssi(struct rsu_softc *sc, int hw_rssi)
1452{
1453 int v;
1454
1455 if (hw_rssi == 0)
1456 return (0);
1457 v = hw_rssi >> 4;
1458 if (v > 80)
1459 v = 80;
1460 return (v);
1461}
1462
1463static void
1464rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len)
1465{
1466 struct ieee80211com *ic = &sc->sc_ic;
1467 struct ieee80211_frame *wh;
1468 struct ndis_wlan_bssid_ex *bss;
1469 struct ieee80211_rx_stats rxs;
1470 struct mbuf *m;
1471 int pktlen;
1472
1473 if (__predict_false(len < sizeof(*bss)))
1474 return;
1475 bss = (struct ndis_wlan_bssid_ex *)buf;
1476 if (__predict_false(len < sizeof(*bss) + le32toh(bss->ieslen)))
1477 return;
1478
1479 RSU_DPRINTF(sc, RSU_DEBUG_SCAN,
1480 "%s: found BSS %s: len=%d chan=%d inframode=%d "
1481 "networktype=%d privacy=%d, RSSI=%d\n",
1482 __func__,
1483 ether_sprintf(bss->macaddr), le32toh(bss->len),
1484 le32toh(bss->config.dsconfig), le32toh(bss->inframode),
1485 le32toh(bss->networktype), le32toh(bss->privacy),
1486 le32toh(bss->rssi));
1487
1488 /* Build a fake beacon frame to let net80211 do all the parsing. */
1489 /* XXX TODO: just call the new scan API methods! */
1490 pktlen = sizeof(*wh) + le32toh(bss->ieslen);
1491 if (__predict_false(pktlen > MCLBYTES))
1492 return;
1493 m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR);
1494 if (__predict_false(m == NULL))
1495 return;
1496 wh = mtod(m, struct ieee80211_frame *);
1497 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
1498 IEEE80211_FC0_SUBTYPE_BEACON;
1499 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1500 USETW(wh->i_dur, 0);
1501 IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr);
1502 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr);
1503 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr);
1504 *(uint16_t *)wh->i_seq = 0;
1505 memcpy(&wh[1], (uint8_t *)&bss[1], le32toh(bss->ieslen));
1506
1507 /* Finalize mbuf. */
1508 m->m_pkthdr.len = m->m_len = pktlen;
1509
1510 /* Set channel flags for input path */
1511 bzero(&rxs, sizeof(rxs));
1512 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
1513 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
1514 rxs.c_ieee = le32toh(bss->config.dsconfig);
1515 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
1516 /* This is a number from 0..100; so let's just divide it down a bit */
1517 rxs.rssi = le32toh(bss->rssi) / 2;
1518 rxs.nf = -96;
1519
1520 /* XXX avoid a LOR */
1521 RSU_UNLOCK(sc);
1522 ieee80211_input_mimo_all(ic, m, &rxs);
1523 RSU_LOCK(sc);
1524}
1525
1526static void
1527rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len)
1528{
1529 struct ieee80211com *ic = &sc->sc_ic;
1530 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1531 struct ieee80211_node *ni = vap->iv_bss;
1532 struct r92s_event_join_bss *rsp;
1533 uint32_t tmp;
1534 int res;
1535
1536 if (__predict_false(len < sizeof(*rsp)))
1537 return;
1538 rsp = (struct r92s_event_join_bss *)buf;
1539 res = (int)le32toh(rsp->join_res);
1540
1541 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1542 "%s: Rx join BSS event len=%d res=%d\n",
1543 __func__, len, res);
1544
1545 /*
1546 * XXX Don't do this; there's likely a better way to tell
1547 * the caller we failed.
1548 */
1549 if (res <= 0) {
1550 RSU_UNLOCK(sc);
1551 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1552 RSU_LOCK(sc);
1553 return;
1554 }
1555
1556 tmp = le32toh(rsp->associd);
1557 if (tmp >= vap->iv_max_aid) {
1558 DPRINTF("Assoc ID overflow\n");
1559 tmp = 1;
1560 }
1561 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1562 "%s: associated with %s associd=%d\n",
1563 __func__, ether_sprintf(rsp->bss.macaddr), tmp);
1564 /* XXX is this required? What's the top two bits for again? */
1565 ni->ni_associd = tmp | 0xc000;
1566 RSU_UNLOCK(sc);
1567 ieee80211_new_state(vap, IEEE80211_S_RUN,
1568 IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1569 RSU_LOCK(sc);
1570}
1571
1572static void
1573rsu_event_addba_req_report(struct rsu_softc *sc, uint8_t *buf, int len)
1574{
1575 struct ieee80211com *ic = &sc->sc_ic;
1576 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1577 struct r92s_add_ba_event *ba = (void *) buf;
1578 struct ieee80211_node *ni;
1579
1580 if (len < sizeof(*ba)) {
1581 device_printf(sc->sc_dev, "%s: short read (%d)\n", __func__, len);
1582 return;
1583 }
1584
1585 if (vap == NULL)
1586 return;
1587
1588 RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: mac=%s, tid=%d, ssn=%d\n",
1589 __func__,
1590 ether_sprintf(ba->mac_addr),
1591 (int) ba->tid,
1592 (int) le16toh(ba->ssn));
1593
1594 /* XXX do node lookup; this is STA specific */
1595
1596 ni = ieee80211_ref_node(vap->iv_bss);
1597 ieee80211_ampdu_rx_start_ext(ni, ba->tid, le16toh(ba->ssn) >> 4, 32);
1598 ieee80211_free_node(ni);
1599}
1600
1601static void
1602rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len)
1603{
1604 struct ieee80211com *ic = &sc->sc_ic;
1605 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1606
1607 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD,
1608 "%s: Rx event code=%d len=%d\n", __func__, code, len);
1609 switch (code) {
1610 case R92S_EVT_SURVEY:
1611 rsu_event_survey(sc, buf, len);
1612 break;
1613 case R92S_EVT_SURVEY_DONE:
1614 RSU_DPRINTF(sc, RSU_DEBUG_SCAN,
1615 "%s: site survey pass %d done, found %d BSS\n",
1616 __func__, sc->sc_scan_pass, le32toh(*(uint32_t *)buf));
1617 sc->sc_scanning = 0;
1618 if (vap->iv_state != IEEE80211_S_SCAN)
1619 break; /* Ignore if not scanning. */
1620
1621 /*
1622 * XXX TODO: This needs to be done without a transition to
1623 * the SCAN state again. Grr.
1624 */
1625 if (sc->sc_scan_pass == 0 && vap->iv_des_nssid != 0) {
1626 /* Schedule a directed scan for hidden APs. */
1627 /* XXX bad! */
1628 sc->sc_scan_pass = 1;
1629 RSU_UNLOCK(sc);
1630 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1631 RSU_LOCK(sc);
1632 break;
1633 }
1634 sc->sc_scan_pass = 0;
1635 break;
1636 case R92S_EVT_JOIN_BSS:
1637 if (vap->iv_state == IEEE80211_S_AUTH)
1638 rsu_event_join_bss(sc, buf, len);
1639 break;
1640 case R92S_EVT_DEL_STA:
1641 RSU_DPRINTF(sc, RSU_DEBUG_FWCMD | RSU_DEBUG_STATE,
1642 "%s: disassociated from %s\n", __func__,
1643 ether_sprintf(buf));
1644 if (vap->iv_state == IEEE80211_S_RUN &&
1645 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) {
1646 RSU_UNLOCK(sc);
1647 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1648 RSU_LOCK(sc);
1649 }
1650 break;
1651 case R92S_EVT_WPS_PBC:
1652 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD,
1653 "%s: WPS PBC pushed.\n", __func__);
1654 break;
1655 case R92S_EVT_FWDBG:
1656 buf[60] = '\0';
1657 RSU_DPRINTF(sc, RSU_DEBUG_FWDBG, "FWDBG: %s\n", (char *)buf);
1658 break;
1659 case R92S_EVT_ADDBA_REQ_REPORT:
1660 rsu_event_addba_req_report(sc, buf, len);
1661 break;
1662 default:
1663 device_printf(sc->sc_dev, "%s: unhandled code (%d)\n", __func__, code);
1664 break;
1665 }
1666}
1667
1668static void
1669rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len)
1670{
1671 struct r92s_fw_cmd_hdr *cmd;
1672 int cmdsz;
1673
1674 RSU_DPRINTF(sc, RSU_DEBUG_RX, "%s: Rx events len=%d\n", __func__, len);
1675
1676 /* Skip Rx status. */
1677 buf += sizeof(struct r92s_rx_stat);
1678 len -= sizeof(struct r92s_rx_stat);
1679
1680 /* Process all events. */
1681 for (;;) {
1682 /* Check that command header fits. */
1683 if (__predict_false(len < sizeof(*cmd)))
1684 break;
1685 cmd = (struct r92s_fw_cmd_hdr *)buf;
1686 /* Check that command payload fits. */
1687 cmdsz = le16toh(cmd->len);
1688 if (__predict_false(len < sizeof(*cmd) + cmdsz))
1689 break;
1690
1691 /* Process firmware event. */
1692 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz);
1693
1694 if (!(cmd->seq & R92S_FW_CMD_MORE))
1695 break;
1696 buf += sizeof(*cmd) + cmdsz;
1697 len -= sizeof(*cmd) + cmdsz;
1698 }
1699}
1700
1701#if 0
1702static int8_t
1703rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt)
1704{
1705 static const int8_t cckoff[] = { 14, -2, -20, -40 };
1706 struct r92s_rx_phystat *phy;
1707 struct r92s_rx_cck *cck;
1708 uint8_t rpt;
1709 int8_t rssi;
1710
1711 if (rate <= 3) {
1712 cck = (struct r92s_rx_cck *)physt;
1713 rpt = (cck->agc_rpt >> 6) & 0x3;
1714 rssi = cck->agc_rpt & 0x3e;
1715 rssi = cckoff[rpt] - rssi;
1716 } else { /* OFDM/HT. */
1717 phy = (struct r92s_rx_phystat *)physt;
1718 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106;
1719 }
1720 return (rssi);
1721}
1722#endif
1723
1724static struct mbuf *
1725rsu_rx_frame(struct rsu_softc *sc, uint8_t *buf, int pktlen)
1726{
1727 struct ieee80211com *ic = &sc->sc_ic;
1728 struct ieee80211_frame *wh;
1729 struct r92s_rx_stat *stat;
1730 uint32_t rxdw0, rxdw3;
1731 struct mbuf *m;
1732 uint8_t rate;
1733 int infosz;
1734
1735 stat = (struct r92s_rx_stat *)buf;
1736 rxdw0 = le32toh(stat->rxdw0);
1737 rxdw3 = le32toh(stat->rxdw3);
1738
1739 if (__predict_false(rxdw0 & R92S_RXDW0_CRCERR)) {
1740 counter_u64_add(ic->ic_ierrors, 1);
1741 return NULL;
1742 }
1743 if (__predict_false(pktlen < sizeof(*wh) || pktlen > MCLBYTES)) {
1744 counter_u64_add(ic->ic_ierrors, 1);
1745 return NULL;
1746 }
1747
1748 rate = MS(rxdw3, R92S_RXDW3_RATE);
1749 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1750
1751#if 0
1752 /* Get RSSI from PHY status descriptor if present. */
1753 if (infosz != 0)
1754 *rssi = rsu_get_rssi(sc, rate, &stat[1]);
1755 else
1756 *rssi = 0;
1757#endif
1758
1759 RSU_DPRINTF(sc, RSU_DEBUG_RX,
1760 "%s: Rx frame len=%d rate=%d infosz=%d\n",
1761 __func__, pktlen, rate, infosz);
1762
1763 m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR);
1764 if (__predict_false(m == NULL)) {
1765 counter_u64_add(ic->ic_ierrors, 1);
1766 return NULL;
1767 }
1768 /* Hardware does Rx TCP checksum offload. */
1769 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) {
1770 if (__predict_true(rxdw3 & R92S_RXDW3_TCPCHKRPT))
1771 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID;
1772 }
1773 wh = (struct ieee80211_frame *)((uint8_t *)&stat[1] + infosz);
1774 memcpy(mtod(m, uint8_t *), wh, pktlen);
1775 m->m_pkthdr.len = m->m_len = pktlen;
1776
1777 if (ieee80211_radiotap_active(ic)) {
1778 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap;
1779
1780 /* Map HW rate index to 802.11 rate. */
1781 tap->wr_flags = 2;
1782 if (!(rxdw3 & R92S_RXDW3_HTC)) {
1783 switch (rate) {
1784 /* CCK. */
1785 case 0: tap->wr_rate = 2; break;
1786 case 1: tap->wr_rate = 4; break;
1787 case 2: tap->wr_rate = 11; break;
1788 case 3: tap->wr_rate = 22; break;
1789 /* OFDM. */
1790 case 4: tap->wr_rate = 12; break;
1791 case 5: tap->wr_rate = 18; break;
1792 case 6: tap->wr_rate = 24; break;
1793 case 7: tap->wr_rate = 36; break;
1794 case 8: tap->wr_rate = 48; break;
1795 case 9: tap->wr_rate = 72; break;
1796 case 10: tap->wr_rate = 96; break;
1797 case 11: tap->wr_rate = 108; break;
1798 }
1799 } else if (rate >= 12) { /* MCS0~15. */
1800 /* Bit 7 set means HT MCS instead of rate. */
1801 tap->wr_rate = 0x80 | (rate - 12);
1802 }
1803#if 0
1804 tap->wr_dbm_antsignal = *rssi;
1805#endif
1806 /* XXX not nice */
1807 tap->wr_dbm_antsignal = rsu_hwrssi_to_rssi(sc, sc->sc_currssi);
1808 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
1809 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
1810 }
1811
1812 return (m);
1813}
1814
1815static struct mbuf *
1816rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len)
1817{
1818 struct r92s_rx_stat *stat;
1819 uint32_t rxdw0;
1820 int totlen, pktlen, infosz, npkts;
1821 struct mbuf *m, *m0 = NULL, *prevm = NULL;
1822
1823 /* Get the number of encapsulated frames. */
1824 stat = (struct r92s_rx_stat *)buf;
1825 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT);
1826 RSU_DPRINTF(sc, RSU_DEBUG_RX,
1827 "%s: Rx %d frames in one chunk\n", __func__, npkts);
1828
1829 /* Process all of them. */
1830 while (npkts-- > 0) {
1831 if (__predict_false(len < sizeof(*stat)))
1832 break;
1833 stat = (struct r92s_rx_stat *)buf;
1834 rxdw0 = le32toh(stat->rxdw0);
1835
1836 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN);
1837 if (__predict_false(pktlen == 0))
1838 break;
1839
1840 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1841
1842 /* Make sure everything fits in xfer. */
1843 totlen = sizeof(*stat) + infosz + pktlen;
1844 if (__predict_false(totlen > len))
1845 break;
1846
1847 /* Process 802.11 frame. */
1848 m = rsu_rx_frame(sc, buf, pktlen);
1849 if (m0 == NULL)
1850 m0 = m;
1851 if (prevm == NULL)
1852 prevm = m;
1853 else {
1854 prevm->m_next = m;
1855 prevm = m;
1856 }
1857 /* Next chunk is 128-byte aligned. */
1858 totlen = (totlen + 127) & ~127;
1859 buf += totlen;
1860 len -= totlen;
1861 }
1862
1863 return (m0);
1864}
1865
1866static struct mbuf *
1867rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data)
1868{
1869 struct rsu_softc *sc = data->sc;
1870 struct ieee80211com *ic = &sc->sc_ic;
1871 struct r92s_rx_stat *stat;
1872 int len;
1873
1874 usbd_xfer_status(xfer, &len, NULL, NULL, NULL);
1875
1876 if (__predict_false(len < sizeof(*stat))) {
1877 DPRINTF("xfer too short %d\n", len);
1878 counter_u64_add(ic->ic_ierrors, 1);
1879 return (NULL);
1880 }
1881 /* Determine if it is a firmware C2H event or an 802.11 frame. */
1882 stat = (struct r92s_rx_stat *)data->buf;
1883 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) {
1884 rsu_rx_multi_event(sc, data->buf, len);
1885 /* No packets to process. */
1886 return (NULL);
1887 } else
1888 return (rsu_rx_multi_frame(sc, data->buf, len));
1889}
1890
1891static void
1892rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
1893{
1894 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1895 struct ieee80211com *ic = &sc->sc_ic;
1896 struct ieee80211_frame *wh;
1897 struct ieee80211_node *ni;
1898 struct mbuf *m = NULL, *next;
1899 struct rsu_data *data;
1900
1901 RSU_ASSERT_LOCKED(sc);
1902
1903 switch (USB_GET_STATE(xfer)) {
1904 case USB_ST_TRANSFERRED:
1905 data = STAILQ_FIRST(&sc->sc_rx_active);
1906 if (data == NULL)
1907 goto tr_setup;
1908 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1909 m = rsu_rxeof(xfer, data);
1910 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1911 /* FALLTHROUGH */
1912 case USB_ST_SETUP:
1913tr_setup:
1914 /*
1915 * XXX TODO: if we have an mbuf list, but then
1916 * we hit data == NULL, what now?
1917 */
1918 data = STAILQ_FIRST(&sc->sc_rx_inactive);
1919 if (data == NULL) {
1920 KASSERT(m == NULL, ("mbuf isn't NULL"));
1921 return;
1922 }
1923 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next);
1924 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next);
1925 usbd_xfer_set_frame_data(xfer, 0, data->buf,
1926 usbd_xfer_max_len(xfer));
1927 usbd_transfer_submit(xfer);
1928 /*
1929 * To avoid LOR we should unlock our private mutex here to call
1930 * ieee80211_input() because here is at the end of a USB
1931 * callback and safe to unlock.
1932 */
1933 RSU_UNLOCK(sc);
1934 while (m != NULL) {
1935 int rssi;
1936
1937 /* Cheat and get the last calibrated RSSI */
1938 rssi = rsu_hwrssi_to_rssi(sc, sc->sc_currssi);
1939
1940 next = m->m_next;
1941 m->m_next = NULL;
1942 wh = mtod(m, struct ieee80211_frame *);
1943 ni = ieee80211_find_rxnode(ic,
1944 (struct ieee80211_frame_min *)wh);
1945 if (ni != NULL) {
1946 if (ni->ni_flags & IEEE80211_NODE_HT)
1947 m->m_flags |= M_AMPDU;
1948 (void)ieee80211_input(ni, m, rssi, -96);
1949 ieee80211_free_node(ni);
1950 } else
1951 (void)ieee80211_input_all(ic, m, rssi, -96);
1952 m = next;
1953 }
1954 RSU_LOCK(sc);
1955 break;
1956 default:
1957 /* needs it to the inactive queue due to a error. */
1958 data = STAILQ_FIRST(&sc->sc_rx_active);
1959 if (data != NULL) {
1960 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1961 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1962 }
1963 if (error != USB_ERR_CANCELLED) {
1964 usbd_xfer_set_stall(xfer);
1965 counter_u64_add(ic->ic_ierrors, 1);
1966 goto tr_setup;
1967 }
1968 break;
1969 }
1970
1971}
1972
1973static void
1974rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data)
1975{
1976#ifdef USB_DEBUG
1977 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1978#endif
1979
1980 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: called; data=%p\n",
1981 __func__,
1982 data);
1983
1984 if (data->m) {
1985 /* XXX status? */
1986 ieee80211_tx_complete(data->ni, data->m, 0);
1987 data->m = NULL;
1988 data->ni = NULL;
1989 }
1990}
1991
1992static void
1993rsu_bulk_tx_callback_sub(struct usb_xfer *xfer, usb_error_t error,
1994 uint8_t which)
1995{
1996 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1997 struct ieee80211com *ic = &sc->sc_ic;
1998 struct rsu_data *data;
1999
2000 RSU_ASSERT_LOCKED(sc);
2001
2002 switch (USB_GET_STATE(xfer)) {
2003 case USB_ST_TRANSFERRED:
2004 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
2005 if (data == NULL)
2006 goto tr_setup;
2007 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: transfer done %p\n",
2008 __func__, data);
2009 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
2010 rsu_txeof(xfer, data);
2011 rsu_freebuf(sc, data);
2012 /* FALLTHROUGH */
2013 case USB_ST_SETUP:
2014tr_setup:
2015 data = STAILQ_FIRST(&sc->sc_tx_pending[which]);
2016 if (data == NULL) {
2017 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE,
2018 "%s: empty pending queue sc %p\n", __func__, sc);
2019 return;
2020 }
2021 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next);
2022 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next);
2023 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen);
2024 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE,
2025 "%s: submitting transfer %p\n",
2026 __func__,
2027 data);
2028 usbd_transfer_submit(xfer);
2029 break;
2030 default:
2031 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
2032 if (data != NULL) {
2033 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
2034 rsu_txeof(xfer, data);
2035 rsu_freebuf(sc, data);
2036 }
2037 counter_u64_add(ic->ic_oerrors, 1);
2038
2039 if (error != USB_ERR_CANCELLED) {
2040 usbd_xfer_set_stall(xfer);
2041 goto tr_setup;
2042 }
2043 break;
2044 }
2045
2046 /*
2047 * XXX TODO: if the queue is low, flush out FF TX frames.
2048 * Remember to unlock the driver for now; net80211 doesn't
2049 * defer it for us.
2050 */
2051}
2052
2053static void
2054rsu_bulk_tx_callback_be_bk(struct usb_xfer *xfer, usb_error_t error)
2055{
2056 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2057
2058 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_BE_BK);
2059
2060 /* This kicks the TX taskqueue */
2061 rsu_start(sc);
2062}
2063
2064static void
2065rsu_bulk_tx_callback_vi_vo(struct usb_xfer *xfer, usb_error_t error)
2066{
2067 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2068
2069 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_VI_VO);
2070
2071 /* This kicks the TX taskqueue */
2072 rsu_start(sc);
2073}
2074
2075static void
2076rsu_bulk_tx_callback_h2c(struct usb_xfer *xfer, usb_error_t error)
2077{
2078 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2079
2080 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_H2C);
2081
2082 /* This kicks the TX taskqueue */
2083 rsu_start(sc);
2084}
2085
2086/*
2087 * Transmit the given frame.
2088 *
2089 * This doesn't free the node or mbuf upon failure.
2090 */
2091static int
2092rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni,
2093 struct mbuf *m0, struct rsu_data *data)
2094{
2095 struct ieee80211com *ic = &sc->sc_ic;
2096 struct ieee80211vap *vap = ni->ni_vap;
2097 struct ieee80211_frame *wh;
2098 struct ieee80211_key *k = NULL;
2099 struct r92s_tx_desc *txd;
2100 uint8_t type;
2101 int prio = 0;
2102 uint8_t which;
2103 int hasqos;
2104 int xferlen;
2105 int qid;
2106
2107 RSU_ASSERT_LOCKED(sc);
2108
2109 wh = mtod(m0, struct ieee80211_frame *);
2110 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2111
2112 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: data=%p, m=%p\n",
2113 __func__, data, m0);
2114
2115 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2116 k = ieee80211_crypto_encap(ni, m0);
2117 if (k == NULL) {
2118 device_printf(sc->sc_dev,
2119 "ieee80211_crypto_encap returns NULL.\n");
2120 /* XXX we don't expect the fragmented frames */
2121 return (ENOBUFS);
2122 }
2123 wh = mtod(m0, struct ieee80211_frame *);
2124 }
2125 /* If we have QoS then use it */
2126 /* XXX TODO: mbuf WME/PRI versus TID? */
2127 if (IEEE80211_QOS_HAS_SEQ(wh)) {
2128 /* Has QoS */
2129 prio = M_WME_GETAC(m0);
2130 which = rsu_wme_ac_xfer_map[prio];
2131 hasqos = 1;
2132 } else {
2133 /* Non-QoS TID */
2134 /* XXX TODO: tid=0 for non-qos TID? */
2135 which = rsu_wme_ac_xfer_map[WME_AC_BE];
2136 hasqos = 0;
2137 prio = 0;
2138 }
2139
2140 qid = rsu_ac2qid[prio];
2141#if 0
2142 switch (type) {
2143 case IEEE80211_FC0_TYPE_CTL:
2144 case IEEE80211_FC0_TYPE_MGT:
2145 which = rsu_wme_ac_xfer_map[WME_AC_VO];
2146 break;
2147 default:
2148 which = rsu_wme_ac_xfer_map[M_WME_GETAC(m0)];
2149 break;
2150 }
2151 hasqos = 0;
2152#endif
2153
2154 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: pri=%d, which=%d, hasqos=%d\n",
2155 __func__,
2156 prio,
2157 which,
2158 hasqos);
2159
2160 /* Fill Tx descriptor. */
2161 txd = (struct r92s_tx_desc *)data->buf;
2162 memset(txd, 0, sizeof(*txd));
2163
2164 txd->txdw0 |= htole32(
2165 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) |
2166 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
2167 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
2168
2169 txd->txdw1 |= htole32(
2170 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) | SM(R92S_TXDW1_QSEL, qid));
2171 if (!hasqos)
2172 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS);
2173#ifdef notyet
2174 if (k != NULL) {
2175 switch (k->wk_cipher->ic_cipher) {
2176 case IEEE80211_CIPHER_WEP:
2177 cipher = R92S_TXDW1_CIPHER_WEP;
2178 break;
2179 case IEEE80211_CIPHER_TKIP:
2180 cipher = R92S_TXDW1_CIPHER_TKIP;
2181 break;
2182 case IEEE80211_CIPHER_AES_CCM:
2183 cipher = R92S_TXDW1_CIPHER_AES;
2184 break;
2185 default:
2186 cipher = R92S_TXDW1_CIPHER_NONE;
2187 }
2188 txd->txdw1 |= htole32(
2189 SM(R92S_TXDW1_CIPHER, cipher) |
2190 SM(R92S_TXDW1_KEYIDX, k->k_id));
2191 }
2192#endif
2193 /* XXX todo: set AGGEN bit if appropriate? */
2194 txd->txdw2 |= htole32(R92S_TXDW2_BK);
2195 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
2196 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST);
2197 /*
2198 * Firmware will use and increment the sequence number for the
2199 * specified priority.
2200 */
2201 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, prio));
2202
2203 if (ieee80211_radiotap_active_vap(vap)) {
2204 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap;
2205
2206 tap->wt_flags = 0;
2207 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
2208 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
2209 ieee80211_radiotap_tx(vap, m0);
2210 }
2211
2212 xferlen = sizeof(*txd) + m0->m_pkthdr.len;
2213 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]);
2214
2215 data->buflen = xferlen;
2216 data->ni = ni;
2217 data->m = m0;
2218 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
2219
2220 /* start transfer, if any */
2221 usbd_transfer_start(sc->sc_xfer[which]);
2222 return (0);
2223}
2224
2225static int
2226rsu_transmit(struct ieee80211com *ic, struct mbuf *m)
2227{
2228 struct rsu_softc *sc = ic->ic_softc;
2229 int error;
2230
2231 RSU_LOCK(sc);
2232 if (!sc->sc_running) {
2233 RSU_UNLOCK(sc);
2234 return (ENXIO);
2235 }
2236
2237 /*
2238 * XXX TODO: ensure that we treat 'm' as a list of frames
2239 * to transmit!
2240 */
2241 error = mbufq_enqueue(&sc->sc_snd, m);
2242 if (error) {
2243 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2244 "%s: mbufq_enable: failed (%d)\n",
2245 __func__,
2246 error);
2247 RSU_UNLOCK(sc);
2248 return (error);
2249 }
2250 RSU_UNLOCK(sc);
2251
2252 /* This kicks the TX taskqueue */
2253 rsu_start(sc);
2254
2255 return (0);
2256}
2257
2258static void
2259rsu_drain_mbufq(struct rsu_softc *sc)
2260{
2261 struct mbuf *m;
2262 struct ieee80211_node *ni;
2263
2264 RSU_ASSERT_LOCKED(sc);
2265 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
2266 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
2267 m->m_pkthdr.rcvif = NULL;
2268 ieee80211_free_node(ni);
2269 m_freem(m);
2270 }
2271}
2272
2273static void
2274_rsu_start(struct rsu_softc *sc)
2275{
2276 struct ieee80211_node *ni;
2277 struct rsu_data *bf;
2278 struct mbuf *m;
2279
2280 RSU_ASSERT_LOCKED(sc);
2281
2282 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
2283 bf = rsu_getbuf(sc);
2284 if (bf == NULL) {
2285 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2286 "%s: failed to get buffer\n", __func__);
2287 mbufq_prepend(&sc->sc_snd, m);
2288 break;
2289 }
2290
2291 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
2292 m->m_pkthdr.rcvif = NULL;
2293
2294 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2295 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2296 "%s: failed to transmit\n", __func__);
2297 if_inc_counter(ni->ni_vap->iv_ifp,
2298 IFCOUNTER_OERRORS, 1);
2299 rsu_freebuf(sc, bf);
2300 ieee80211_free_node(ni);
2301 m_freem(m);
2302 break;
2303 }
2304 }
2305}
2306
2307static void
2308rsu_start(struct rsu_softc *sc)
2309{
2310
2311 taskqueue_enqueue(taskqueue_thread, &sc->tx_task);
2312}
2313
2314static void
2315rsu_parent(struct ieee80211com *ic)
2316{
2317 struct rsu_softc *sc = ic->ic_softc;
2318 int startall = 0;
2319
2320 RSU_LOCK(sc);
2321 if (ic->ic_nrunning > 0) {
2322 if (!sc->sc_running) {
2323 rsu_init(sc);
2324 startall = 1;
2325 }
2326 } else if (sc->sc_running)
2327 rsu_stop(sc);
2328 RSU_UNLOCK(sc);
2329
2330 if (startall)
2331 ieee80211_start_all(ic);
2332}
2333
2334/*
2335 * Power on sequence for A-cut adapters.
2336 */
2337static void
2338rsu_power_on_acut(struct rsu_softc *sc)
2339{
2340 uint32_t reg;
2341
2342 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
2343 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
2344
2345 /* Enable AFE macro block's bandgap and Mbias. */
2346 rsu_write_1(sc, R92S_AFE_MISC,
2347 rsu_read_1(sc, R92S_AFE_MISC) |
2348 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN);
2349 /* Enable LDOA15 block. */
2350 rsu_write_1(sc, R92S_LDOA15_CTRL,
2351 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
2352
2353 rsu_write_1(sc, R92S_SPS1_CTRL,
2354 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN);
2355 rsu_ms_delay(sc, 2000);
2356 /* Enable switch regulator block. */
2357 rsu_write_1(sc, R92S_SPS1_CTRL,
2358 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN);
2359
2360 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267);
2361
2362 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2363 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
2364
2365 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2366 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
2367
2368 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2369 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90);
2370
2371 /* Enable AFE clock. */
2372 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
2373 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
2374 /* Enable AFE PLL macro block. */
2375 rsu_write_1(sc, R92S_AFE_PLL_CTRL,
2376 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11);
2377 /* Attach AFE PLL to MACTOP/BB. */
2378 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
2379 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
2380
2381 /* Switch to 40MHz clock instead of 80MHz. */
2382 rsu_write_2(sc, R92S_SYS_CLKR,
2383 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL);
2384
2385 /* Enable MAC clock. */
2386 rsu_write_2(sc, R92S_SYS_CLKR,
2387 rsu_read_2(sc, R92S_SYS_CLKR) |
2388 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2389
2390 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2391
2392 /* Enable digital core and IOREG R/W. */
2393 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2394 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2395
2396 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2397 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2398
2399 /* Switch the control path to firmware. */
2400 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2401 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2402 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2403
2404 rsu_write_2(sc, R92S_CR, 0x37fc);
2405
2406 /* Fix USB RX FIFO issue. */
2407 rsu_write_1(sc, 0xfe5c,
2408 rsu_read_1(sc, 0xfe5c) | 0x80);
2409 rsu_write_1(sc, 0x00ab,
2410 rsu_read_1(sc, 0x00ab) | 0xc0);
2411
2412 rsu_write_1(sc, R92S_SYS_CLKR,
2413 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2414}
2415
2416/*
2417 * Power on sequence for B-cut and C-cut adapters.
2418 */
2419static void
2420rsu_power_on_bcut(struct rsu_softc *sc)
2421{
2422 uint32_t reg;
2423 int ntries;
2424
2425 /* Prevent eFuse leakage. */
2426 rsu_write_1(sc, 0x37, 0xb0);
2427 rsu_ms_delay(sc, 10);
2428 rsu_write_1(sc, 0x37, 0x30);
2429
2430 /* Switch the control path to hardware. */
2431 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2432 if (reg & R92S_FWHW_SEL) {
2433 rsu_write_2(sc, R92S_SYS_CLKR,
2434 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL));
2435 }
2436 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2437 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c);
2438 rsu_ms_delay(sc, 1);
2439
2440 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
2441 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
2442
2443 reg = rsu_read_1(sc, R92S_AFE_MISC);
2444 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN);
2445 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN |
2446 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN);
2447
2448 /* Enable PLL. */
2449 rsu_write_1(sc, R92S_LDOA15_CTRL,
2450 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
2451
2452 rsu_write_1(sc, R92S_LDOV12D_CTRL,
2453 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN);
2454
2455 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2456 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
2457
2458 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2459 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
2460
2461 /* Support 64KB IMEM. */
2462 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2463 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97);
2464
2465 /* Enable AFE clock. */
2466 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
2467 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
2468 /* Enable AFE PLL macro block. */
2469 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL);
2470 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2471 rsu_ms_delay(sc, 1);
2472 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51);
2473 rsu_ms_delay(sc, 1);
2474 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2475 rsu_ms_delay(sc, 1);
2476
2477 /* Attach AFE PLL to MACTOP/BB. */
2478 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
2479 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
2480
2481 /* Switch to 40MHz clock. */
2482 rsu_write_1(sc, R92S_SYS_CLKR, 0x00);
2483 /* Disable CPU clock and 80MHz SSC. */
2484 rsu_write_1(sc, R92S_SYS_CLKR,
2485 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0);
2486 /* Enable MAC clock. */
2487 rsu_write_2(sc, R92S_SYS_CLKR,
2488 rsu_read_2(sc, R92S_SYS_CLKR) |
2489 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2490
2491 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2492
2493 /* Enable digital core and IOREG R/W. */
2494 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2495 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2496
2497 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2498 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2499
2500 /* Switch the control path to firmware. */
2501 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2502 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2503 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2504
2505 rsu_write_2(sc, R92S_CR, 0x37fc);
2506
2507 /* Fix USB RX FIFO issue. */
2508 rsu_write_1(sc, 0xfe5c,
2509 rsu_read_1(sc, 0xfe5c) | 0x80);
2510
2511 rsu_write_1(sc, R92S_SYS_CLKR,
2512 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2513
2514 rsu_write_1(sc, 0xfe1c, 0x80);
2515
2516 /* Make sure TxDMA is ready to download firmware. */
2517 for (ntries = 0; ntries < 20; ntries++) {
2518 reg = rsu_read_1(sc, R92S_TCR);
2519 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) ==
2520 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT))
2521 break;
2522 rsu_ms_delay(sc, 1);
2523 }
2524 if (ntries == 20) {
2525 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_TX,
2526 "%s: TxDMA is not ready\n",
2527 __func__);
2528 /* Reset TxDMA. */
2529 reg = rsu_read_1(sc, R92S_CR);
2530 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN);
2531 rsu_ms_delay(sc, 1);
2532 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN);
2533 }
2534}
2535
2536static void
2537rsu_power_off(struct rsu_softc *sc)
2538{
2539 /* Turn RF off. */
2540 rsu_write_1(sc, R92S_RF_CTRL, 0x00);
2541 rsu_ms_delay(sc, 5);
2542
2543 /* Turn MAC off. */
2544 /* Switch control path. */
2545 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38);
2546 /* Reset MACTOP. */
2547 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70);
2548 rsu_write_1(sc, R92S_PMC_FSM, 0x06);
2549 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9);
2550 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8);
2551
2552 /* Disable AFE PLL. */
2553 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00);
2554 /* Disable A15V. */
2555 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54);
2556 /* Disable eFuse 1.2V. */
2557 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50);
2558 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24);
2559 /* Enable AFE macro block's bandgap and Mbias. */
2560 rsu_write_1(sc, R92S_AFE_MISC, 0x30);
2561 /* Disable 1.6V LDO. */
2562 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56);
2563 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43);
2564
2565 /* Firmware - tell it to switch things off */
2566 (void) rsu_set_fw_power_state(sc, RSU_PWR_OFF);
2567}
2568
2569static int
2570rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len)
2571{
2572 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO];
2573 struct rsu_data *data;
2574 struct r92s_tx_desc *txd;
2575 int mlen;
2576
2577 while (len > 0) {
2578 data = rsu_getbuf(sc);
2579 if (data == NULL)
2580 return (ENOMEM);
2581 txd = (struct r92s_tx_desc *)data->buf;
2582 memset(txd, 0, sizeof(*txd));
2583 if (len <= RSU_TXBUFSZ - sizeof(*txd)) {
2584 /* Last chunk. */
2585 txd->txdw0 |= htole32(R92S_TXDW0_LINIP);
2586 mlen = len;
2587 } else
2588 mlen = RSU_TXBUFSZ - sizeof(*txd);
2589 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen));
2590 memcpy(&txd[1], buf, mlen);
2591 data->buflen = sizeof(*txd) + mlen;
2592 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FW | RSU_DEBUG_RESET,
2593 "%s: starting transfer %p\n",
2594 __func__, data);
2595 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
2596 buf += mlen;
2597 len -= mlen;
2598 }
2599 usbd_transfer_start(sc->sc_xfer[which]);
2600 return (0);
2601}
2602
2603static int
2604rsu_load_firmware(struct rsu_softc *sc)
2605{
2606 const struct r92s_fw_hdr *hdr;
2607 struct r92s_fw_priv *dmem;
2608 struct ieee80211com *ic = &sc->sc_ic;
2609 const uint8_t *imem, *emem;
2610 int imemsz, ememsz;
2611 const struct firmware *fw;
2612 size_t size;
2613 uint32_t reg;
2614 int ntries, error;
2615
2616 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY) {
2617 RSU_DPRINTF(sc, RSU_DEBUG_ANY,
2618 "%s: Firmware already loaded\n",
2619 __func__);
2620 return (0);
2621 }
2622
2623 RSU_UNLOCK(sc);
2624 /* Read firmware image from the filesystem. */
2625 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) {
2626 device_printf(sc->sc_dev,
2627 "%s: failed load firmware of file rsu-rtl8712fw\n",
2628 __func__);
2629 RSU_LOCK(sc);
2630 return (ENXIO);
2631 }
2632 RSU_LOCK(sc);
2633 size = fw->datasize;
2634 if (size < sizeof(*hdr)) {
2635 device_printf(sc->sc_dev, "firmware too short\n");
2636 error = EINVAL;
2637 goto fail;
2638 }
2639 hdr = (const struct r92s_fw_hdr *)fw->data;
2640 if (hdr->signature != htole16(0x8712) &&
2641 hdr->signature != htole16(0x8192)) {
2642 device_printf(sc->sc_dev,
2643 "invalid firmware signature 0x%x\n",
2644 le16toh(hdr->signature));
2645 error = EINVAL;
2646 goto fail;
2647 }
2648 DPRINTF("FW V%d %02x-%02x %02x:%02x\n", le16toh(hdr->version),
2649 hdr->month, hdr->day, hdr->hour, hdr->minute);
2650
2651 /* Make sure that driver and firmware are in sync. */
2652 if (hdr->privsz != htole32(sizeof(*dmem))) {
2653 device_printf(sc->sc_dev, "unsupported firmware image\n");
2654 error = EINVAL;
2655 goto fail;
2656 }
2657 /* Get FW sections sizes. */
2658 imemsz = le32toh(hdr->imemsz);
2659 ememsz = le32toh(hdr->sramsz);
2660 /* Check that all FW sections fit in image. */
2661 if (size < sizeof(*hdr) + imemsz + ememsz) {
2662 device_printf(sc->sc_dev, "firmware too short\n");
2663 error = EINVAL;
2664 goto fail;
2665 }
2666 imem = (const uint8_t *)&hdr[1];
2667 emem = imem + imemsz;
2668
2669 /* Load IMEM section. */
2670 error = rsu_fw_loadsection(sc, imem, imemsz);
2671 if (error != 0) {
2672 device_printf(sc->sc_dev,
2673 "could not load firmware section %s\n", "IMEM");
2674 goto fail;
2675 }
2676 /* Wait for load to complete. */
2677 for (ntries = 0; ntries != 50; ntries++) {
2678 rsu_ms_delay(sc, 10);
2679 reg = rsu_read_1(sc, R92S_TCR);
2680 if (reg & R92S_TCR_IMEM_CODE_DONE)
2681 break;
2682 }
2683 if (ntries == 50) {
2684 device_printf(sc->sc_dev, "timeout waiting for IMEM transfer\n");
2685 error = ETIMEDOUT;
2686 goto fail;
2687 }
2688 /* Load EMEM section. */
2689 error = rsu_fw_loadsection(sc, emem, ememsz);
2690 if (error != 0) {
2691 device_printf(sc->sc_dev,
2692 "could not load firmware section %s\n", "EMEM");
2693 goto fail;
2694 }
2695 /* Wait for load to complete. */
2696 for (ntries = 0; ntries != 50; ntries++) {
2697 rsu_ms_delay(sc, 10);
2698 reg = rsu_read_2(sc, R92S_TCR);
2699 if (reg & R92S_TCR_EMEM_CODE_DONE)
2700 break;
2701 }
2702 if (ntries == 50) {
2703 device_printf(sc->sc_dev, "timeout waiting for EMEM transfer\n");
2704 error = ETIMEDOUT;
2705 goto fail;
2706 }
2707 /* Enable CPU. */
2708 rsu_write_1(sc, R92S_SYS_CLKR,
2709 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL);
2710 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) {
2711 device_printf(sc->sc_dev, "could not enable system clock\n");
2712 error = EIO;
2713 goto fail;
2714 }
2715 rsu_write_2(sc, R92S_SYS_FUNC_EN,
2716 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN);
2717 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) {
2718 device_printf(sc->sc_dev,
2719 "could not enable microcontroller\n");
2720 error = EIO;
2721 goto fail;
2722 }
2723 /* Wait for CPU to initialize. */
2724 for (ntries = 0; ntries < 100; ntries++) {
2725 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_IMEM_RDY)
2726 break;
2727 rsu_ms_delay(sc, 1);
2728 }
2729 if (ntries == 100) {
2730 device_printf(sc->sc_dev,
2731 "timeout waiting for microcontroller\n");
2732 error = ETIMEDOUT;
2733 goto fail;
2734 }
2735
2736 /* Update DMEM section before loading. */
2737 dmem = __DECONST(struct r92s_fw_priv *, &hdr->priv);
2738 memset(dmem, 0, sizeof(*dmem));
2739 dmem->hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172;
2740 dmem->nendpoints = sc->sc_nendpoints;
2741 dmem->chip_version = sc->cut;
2742 dmem->rf_config = sc->sc_rftype;
2743 dmem->vcs_type = R92S_VCS_TYPE_AUTO;
2744 dmem->vcs_mode = R92S_VCS_MODE_RTS_CTS;
2745 dmem->turbo_mode = 0;
2746 dmem->bw40_en = !! (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40);
2747 dmem->amsdu2ampdu_en = !! (sc->sc_ht);
2748 dmem->ampdu_en = !! (sc->sc_ht);
2749 dmem->agg_offload = !! (sc->sc_ht);
2750 dmem->qos_en = 1;
2751 dmem->ps_offload = 1;
2752 dmem->lowpower_mode = 1; /* XXX TODO: configurable? */
2753 /* Load DMEM section. */
2754 error = rsu_fw_loadsection(sc, (uint8_t *)dmem, sizeof(*dmem));
2755 if (error != 0) {
2756 device_printf(sc->sc_dev,
2757 "could not load firmware section %s\n", "DMEM");
2758 goto fail;
2759 }
2760 /* Wait for load to complete. */
2761 for (ntries = 0; ntries < 100; ntries++) {
2762 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE)
2763 break;
2764 rsu_ms_delay(sc, 1);
2765 }
2766 if (ntries == 100) {
2767 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2768 "DMEM");
2769 error = ETIMEDOUT;
2770 goto fail;
2771 }
2772 /* Wait for firmware readiness. */
2773 for (ntries = 0; ntries < 60; ntries++) {
2774 if (!(rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY))
2775 break;
2776 rsu_ms_delay(sc, 1);
2777 }
2778 if (ntries == 60) {
2779 device_printf(sc->sc_dev,
2780 "timeout waiting for firmware readiness\n");
2781 error = ETIMEDOUT;
2782 goto fail;
2783 }
2784 fail:
2785 firmware_put(fw, FIRMWARE_UNLOAD);
2786 return (error);
2787}
2788
2789
2790static int
2791rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2792 const struct ieee80211_bpf_params *params)
2793{
2794 struct ieee80211com *ic = ni->ni_ic;
2795 struct rsu_softc *sc = ic->ic_softc;
2796 struct rsu_data *bf;
2797
2798 /* prevent management frames from being sent if we're not ready */
2799 if (!sc->sc_running) {
2800 m_freem(m);
2801 return (ENETDOWN);
2802 }
2803 RSU_LOCK(sc);
2804 bf = rsu_getbuf(sc);
2805 if (bf == NULL) {
2806 m_freem(m);
2807 RSU_UNLOCK(sc);
2808 return (ENOBUFS);
2809 }
2810 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2811 m_freem(m);
2812 rsu_freebuf(sc, bf);
2813 RSU_UNLOCK(sc);
2814 return (EIO);
2815 }
2816 RSU_UNLOCK(sc);
2817
2818 return (0);
2819}
2820
2821static void
2822rsu_init(struct rsu_softc *sc)
2823{
2824 struct ieee80211com *ic = &sc->sc_ic;
2825 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2826 uint8_t macaddr[IEEE80211_ADDR_LEN];
2827 int error;
2828 int i;
2829
2830 RSU_ASSERT_LOCKED(sc);
2831
2832 /* Ensure the mbuf queue is drained */
2833 rsu_drain_mbufq(sc);
2834
2835 /* Init host async commands ring. */
2836 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0;
2837
2838 /* Reset power management state. */
2839 rsu_write_1(sc, R92S_USB_HRPWM, 0);
2840
2841 /* Power on adapter. */
2842 if (sc->cut == 1)
2843 rsu_power_on_acut(sc);
2844 else
2845 rsu_power_on_bcut(sc);
2846
2847 /* Load firmware. */
2848 error = rsu_load_firmware(sc);
2849 if (error != 0)
2850 goto fail;
2851
2852 /* Enable Rx TCP checksum offload. */
2853 rsu_write_4(sc, R92S_RCR,
2854 rsu_read_4(sc, R92S_RCR) | 0x04000000);
2855 /* Append PHY status. */
2856 rsu_write_4(sc, R92S_RCR,
2857 rsu_read_4(sc, R92S_RCR) | 0x02000000);
2858
2859 rsu_write_4(sc, R92S_CR,
2860 rsu_read_4(sc, R92S_CR) & ~0xff000000);
2861
2862 /* Use 128 bytes pages. */
2863 rsu_write_1(sc, 0x00b5,
2864 rsu_read_1(sc, 0x00b5) | 0x01);
2865 /* Enable USB Rx aggregation. */
2866 rsu_write_1(sc, 0x00bd,
2867 rsu_read_1(sc, 0x00bd) | 0x80);
2868 /* Set USB Rx aggregation threshold. */
2869 rsu_write_1(sc, 0x00d9, 0x01);
2870 /* Set USB Rx aggregation timeout (1.7ms/4). */
2871 rsu_write_1(sc, 0xfe5b, 0x04);
2872 /* Fix USB Rx FIFO issue. */
2873 rsu_write_1(sc, 0xfe5c,
2874 rsu_read_1(sc, 0xfe5c) | 0x80);
2875
2876 /* Set MAC address. */
2877 IEEE80211_ADDR_COPY(macaddr, vap ? vap->iv_myaddr : ic->ic_macaddr);
2878 rsu_write_region_1(sc, R92S_MACID, macaddr, IEEE80211_ADDR_LEN);
2879
2880 /* It really takes 1.5 seconds for the firmware to boot: */
2881 rsu_ms_delay(sc, 2000);
2882
2883 RSU_DPRINTF(sc, RSU_DEBUG_RESET, "%s: setting MAC address to %s\n",
2884 __func__,
2885 ether_sprintf(macaddr));
2886 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, macaddr,
2887 IEEE80211_ADDR_LEN);
2888 if (error != 0) {
2889 device_printf(sc->sc_dev, "could not set MAC address\n");
2890 goto fail;
2891 }
2892
2893 /* Set PS mode fully active */
2894 error = rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
2895
2896 if (error != 0) {
2897 device_printf(sc->sc_dev, "could not set PS mode\n");
2898 goto fail;
2899 }
2900
2901 sc->sc_scan_pass = 0;
2902 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]);
2903
2904 /* We're ready to go. */
2905 sc->sc_running = 1;
2906 sc->sc_scanning = 0;
2907 return;
2908fail:
2909 /* Need to stop all failed transfers, if any */
2910 for (i = 0; i != RSU_N_TRANSFER; i++)
2911 usbd_transfer_stop(sc->sc_xfer[i]);
2912}
2913
2914static void
2915rsu_stop(struct rsu_softc *sc)
2916{
2917 int i;
2918
2919 RSU_ASSERT_LOCKED(sc);
2920
2921 sc->sc_running = 0;
2922 sc->sc_calibrating = 0;
2923 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL);
2924 taskqueue_cancel(taskqueue_thread, &sc->tx_task, NULL);
2925
2926 /* Power off adapter. */
2927 rsu_power_off(sc);
2928
2929 for (i = 0; i < RSU_N_TRANSFER; i++)
2930 usbd_transfer_stop(sc->sc_xfer[i]);
2931
2932 /* Ensure the mbuf queue is drained */
2933 rsu_drain_mbufq(sc);
2934}
2935
2936/*
2937 * Note: usb_pause_mtx() actually releases the mutex before calling pause(),
2938 * which breaks any kind of driver serialisation.
2939 */
2940static void
2941rsu_ms_delay(struct rsu_softc *sc, int ms)
2942{
2943
2944 //usb_pause_mtx(&sc->sc_mtx, hz / 1000);
2945 DELAY(ms * 1000);
2946}
| 719rsu_set_channel(struct ieee80211com *ic __unused)
720{
721 /* We are unable to switch channels, yet. */
722}
723
724static void
725rsu_update_mcast(struct ieee80211com *ic)
726{
727 /* XXX do nothing? */
728}
729
730static int
731rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[],
732 int ndata, int maxsz)
733{
734 int i, error;
735
736 for (i = 0; i < ndata; i++) {
737 struct rsu_data *dp = &data[i];
738 dp->sc = sc;
739 dp->m = NULL;
740 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT);
741 if (dp->buf == NULL) {
742 device_printf(sc->sc_dev,
743 "could not allocate buffer\n");
744 error = ENOMEM;
745 goto fail;
746 }
747 dp->ni = NULL;
748 }
749
750 return (0);
751fail:
752 rsu_free_list(sc, data, ndata);
753 return (error);
754}
755
756static int
757rsu_alloc_rx_list(struct rsu_softc *sc)
758{
759 int error, i;
760
761 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT,
762 RSU_RXBUFSZ);
763 if (error != 0)
764 return (error);
765
766 STAILQ_INIT(&sc->sc_rx_active);
767 STAILQ_INIT(&sc->sc_rx_inactive);
768
769 for (i = 0; i < RSU_RX_LIST_COUNT; i++)
770 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next);
771
772 return (0);
773}
774
775static int
776rsu_alloc_tx_list(struct rsu_softc *sc)
777{
778 int error, i;
779
780 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT,
781 RSU_TXBUFSZ);
782 if (error != 0)
783 return (error);
784
785 STAILQ_INIT(&sc->sc_tx_inactive);
786
787 for (i = 0; i != RSU_N_TRANSFER; i++) {
788 STAILQ_INIT(&sc->sc_tx_active[i]);
789 STAILQ_INIT(&sc->sc_tx_pending[i]);
790 }
791
792 for (i = 0; i < RSU_TX_LIST_COUNT; i++) {
793 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next);
794 }
795
796 return (0);
797}
798
799static void
800rsu_free_tx_list(struct rsu_softc *sc)
801{
802 int i;
803
804 /* prevent further allocations from TX list(s) */
805 STAILQ_INIT(&sc->sc_tx_inactive);
806
807 for (i = 0; i != RSU_N_TRANSFER; i++) {
808 STAILQ_INIT(&sc->sc_tx_active[i]);
809 STAILQ_INIT(&sc->sc_tx_pending[i]);
810 }
811
812 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT);
813}
814
815static void
816rsu_free_rx_list(struct rsu_softc *sc)
817{
818 /* prevent further allocations from RX list(s) */
819 STAILQ_INIT(&sc->sc_rx_inactive);
820 STAILQ_INIT(&sc->sc_rx_active);
821
822 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT);
823}
824
825static void
826rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata)
827{
828 int i;
829
830 for (i = 0; i < ndata; i++) {
831 struct rsu_data *dp = &data[i];
832
833 if (dp->buf != NULL) {
834 free(dp->buf, M_USBDEV);
835 dp->buf = NULL;
836 }
837 if (dp->ni != NULL) {
838 ieee80211_free_node(dp->ni);
839 dp->ni = NULL;
840 }
841 }
842}
843
844static struct rsu_data *
845_rsu_getbuf(struct rsu_softc *sc)
846{
847 struct rsu_data *bf;
848
849 bf = STAILQ_FIRST(&sc->sc_tx_inactive);
850 if (bf != NULL)
851 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next);
852 else
853 bf = NULL;
854 return (bf);
855}
856
857static struct rsu_data *
858rsu_getbuf(struct rsu_softc *sc)
859{
860 struct rsu_data *bf;
861
862 RSU_ASSERT_LOCKED(sc);
863
864 bf = _rsu_getbuf(sc);
865 if (bf == NULL) {
866 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: no buffers\n", __func__);
867 }
868 return (bf);
869}
870
871static void
872rsu_freebuf(struct rsu_softc *sc, struct rsu_data *bf)
873{
874
875 RSU_ASSERT_LOCKED(sc);
876 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, bf, next);
877}
878
879static int
880rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
881 int len)
882{
883 usb_device_request_t req;
884
885 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
886 req.bRequest = R92S_REQ_REGS;
887 USETW(req.wValue, addr);
888 USETW(req.wIndex, 0);
889 USETW(req.wLength, len);
890
891 return (rsu_do_request(sc, &req, buf));
892}
893
894static void
895rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val)
896{
897 rsu_write_region_1(sc, addr, &val, 1);
898}
899
900static void
901rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val)
902{
903 val = htole16(val);
904 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2);
905}
906
907static void
908rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val)
909{
910 val = htole32(val);
911 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4);
912}
913
914static int
915rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf,
916 int len)
917{
918 usb_device_request_t req;
919
920 req.bmRequestType = UT_READ_VENDOR_DEVICE;
921 req.bRequest = R92S_REQ_REGS;
922 USETW(req.wValue, addr);
923 USETW(req.wIndex, 0);
924 USETW(req.wLength, len);
925
926 return (rsu_do_request(sc, &req, buf));
927}
928
929static uint8_t
930rsu_read_1(struct rsu_softc *sc, uint16_t addr)
931{
932 uint8_t val;
933
934 if (rsu_read_region_1(sc, addr, &val, 1) != 0)
935 return (0xff);
936 return (val);
937}
938
939static uint16_t
940rsu_read_2(struct rsu_softc *sc, uint16_t addr)
941{
942 uint16_t val;
943
944 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0)
945 return (0xffff);
946 return (le16toh(val));
947}
948
949static uint32_t
950rsu_read_4(struct rsu_softc *sc, uint16_t addr)
951{
952 uint32_t val;
953
954 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0)
955 return (0xffffffff);
956 return (le32toh(val));
957}
958
959static int
960rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd)
961{
962 int ntries;
963
964 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd);
965 rsu_ms_delay(sc, 1);
966 for (ntries = 0; ntries < 50; ntries++) {
967 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0)
968 return (0);
969 rsu_ms_delay(sc, 1);
970 }
971 return (ETIMEDOUT);
972}
973
974static uint8_t
975rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr)
976{
977 uint32_t reg;
978 int ntries;
979
980 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
981 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr);
982 reg &= ~R92S_EFUSE_CTRL_VALID;
983 rsu_write_4(sc, R92S_EFUSE_CTRL, reg);
984 /* Wait for read operation to complete. */
985 for (ntries = 0; ntries < 100; ntries++) {
986 reg = rsu_read_4(sc, R92S_EFUSE_CTRL);
987 if (reg & R92S_EFUSE_CTRL_VALID)
988 return (MS(reg, R92S_EFUSE_CTRL_DATA));
989 rsu_ms_delay(sc, 1);
990 }
991 device_printf(sc->sc_dev,
992 "could not read efuse byte at address 0x%x\n", addr);
993 return (0xff);
994}
995
996static int
997rsu_read_rom(struct rsu_softc *sc)
998{
999 uint8_t *rom = sc->rom;
1000 uint16_t addr = 0;
1001 uint32_t reg;
1002 uint8_t off, msk;
1003 int i;
1004
1005 /* Make sure that ROM type is eFuse and that autoload succeeded. */
1006 reg = rsu_read_1(sc, R92S_EE_9346CR);
1007 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN)
1008 return (EIO);
1009
1010 /* Turn on 2.5V to prevent eFuse leakage. */
1011 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3);
1012 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80);
1013 rsu_ms_delay(sc, 1);
1014 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80);
1015
1016 /* Read full ROM image. */
1017 memset(&sc->rom, 0xff, sizeof(sc->rom));
1018 while (addr < 512) {
1019 reg = rsu_efuse_read_1(sc, addr);
1020 if (reg == 0xff)
1021 break;
1022 addr++;
1023 off = reg >> 4;
1024 msk = reg & 0xf;
1025 for (i = 0; i < 4; i++) {
1026 if (msk & (1 << i))
1027 continue;
1028 rom[off * 8 + i * 2 + 0] =
1029 rsu_efuse_read_1(sc, addr);
1030 addr++;
1031 rom[off * 8 + i * 2 + 1] =
1032 rsu_efuse_read_1(sc, addr);
1033 addr++;
1034 }
1035 }
1036#ifdef USB_DEBUG
1037 if (rsu_debug >= 5) {
1038 /* Dump ROM content. */
1039 printf("\n");
1040 for (i = 0; i < sizeof(sc->rom); i++)
1041 printf("%02x:", rom[i]);
1042 printf("\n");
1043 }
1044#endif
1045 return (0);
1046}
1047
1048static int
1049rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len)
1050{
1051 const uint8_t which = RSU_H2C_ENDPOINT;
1052 struct rsu_data *data;
1053 struct r92s_tx_desc *txd;
1054 struct r92s_fw_cmd_hdr *cmd;
1055 int cmdsz;
1056 int xferlen;
1057
1058 RSU_ASSERT_LOCKED(sc);
1059
1060 data = rsu_getbuf(sc);
1061 if (data == NULL)
1062 return (ENOMEM);
1063
1064 /* Blank the entire payload, just to be safe */
1065 memset(data->buf, '\0', RSU_TXBUFSZ);
1066
1067 /* Round-up command length to a multiple of 8 bytes. */
1068 /* XXX TODO: is this required? */
1069 cmdsz = (len + 7) & ~7;
1070
1071 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz;
1072 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__));
1073 memset(data->buf, 0, xferlen);
1074
1075 /* Setup Tx descriptor. */
1076 txd = (struct r92s_tx_desc *)data->buf;
1077 txd->txdw0 = htole32(
1078 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
1079 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) |
1080 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
1081 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C));
1082
1083 /* Setup command header. */
1084 cmd = (struct r92s_fw_cmd_hdr *)&txd[1];
1085 cmd->len = htole16(cmdsz);
1086 cmd->code = code;
1087 cmd->seq = sc->cmd_seq;
1088 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f;
1089
1090 /* Copy command payload. */
1091 memcpy(&cmd[1], buf, len);
1092
1093 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FWCMD,
1094 "%s: Tx cmd code=0x%x len=0x%x\n",
1095 __func__, code, cmdsz);
1096 data->buflen = xferlen;
1097 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
1098 usbd_transfer_start(sc->sc_xfer[which]);
1099
1100 return (0);
1101}
1102
1103/* ARGSUSED */
1104static void
1105rsu_calib_task(void *arg, int pending __unused)
1106{
1107 struct rsu_softc *sc = arg;
1108#ifdef notyet
1109 uint32_t reg;
1110#endif
1111
1112 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: running calibration task\n",
1113 __func__);
1114
1115 RSU_LOCK(sc);
1116#ifdef notyet
1117 /* Read WPS PBC status. */
1118 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL,
1119 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG));
1120 rsu_write_1(sc, R92S_GPIO_IO_SEL,
1121 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS);
1122 reg = rsu_read_1(sc, R92S_GPIO_CTRL);
1123 if (reg != 0xff && (reg & R92S_GPIO_WPS))
1124 DPRINTF(("WPS PBC is pushed\n"));
1125#endif
1126 /* Read current signal level. */
1127 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) {
1128 sc->sc_currssi = rsu_read_4(sc, R92S_IOCMD_DATA);
1129 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: RSSI=%d (%d)\n",
1130 __func__, sc->sc_currssi,
1131 rsu_hwrssi_to_rssi(sc, sc->sc_currssi));
1132 }
1133 if (sc->sc_calibrating)
1134 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz);
1135 RSU_UNLOCK(sc);
1136}
1137
1138static void
1139rsu_tx_task(void *arg, int pending __unused)
1140{
1141 struct rsu_softc *sc = arg;
1142
1143 RSU_LOCK(sc);
1144 _rsu_start(sc);
1145 RSU_UNLOCK(sc);
1146}
1147
1148#define RSU_PWR_UNKNOWN 0x0
1149#define RSU_PWR_ACTIVE 0x1
1150#define RSU_PWR_OFF 0x2
1151#define RSU_PWR_SLEEP 0x3
1152
1153/*
1154 * Set the current power state.
1155 *
1156 * The rtlwifi code doesn't do this so aggressively; it
1157 * waits for an idle period after association with
1158 * no traffic before doing this.
1159 *
1160 * For now - it's on in all states except RUN, and
1161 * in RUN it'll transition to allow sleep.
1162 */
1163
1164struct r92s_pwr_cmd {
1165 uint8_t mode;
1166 uint8_t smart_ps;
1167 uint8_t bcn_pass_time;
1168};
1169
1170static int
1171rsu_set_fw_power_state(struct rsu_softc *sc, int state)
1172{
1173 struct r92s_set_pwr_mode cmd;
1174 //struct r92s_pwr_cmd cmd;
1175 int error;
1176
1177 RSU_ASSERT_LOCKED(sc);
1178
1179 /* only change state if required */
1180 if (sc->sc_curpwrstate == state)
1181 return (0);
1182
1183 memset(&cmd, 0, sizeof(cmd));
1184
1185 switch (state) {
1186 case RSU_PWR_ACTIVE:
1187 /* Force the hardware awake */
1188 rsu_write_1(sc, R92S_USB_HRPWM,
1189 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON);
1190 cmd.mode = R92S_PS_MODE_ACTIVE;
1191 break;
1192 case RSU_PWR_SLEEP:
1193 cmd.mode = R92S_PS_MODE_DTIM; /* XXX configurable? */
1194 cmd.smart_ps = 1; /* XXX 2 if doing p2p */
1195 cmd.bcn_pass_time = 5; /* in 100mS usb.c, linux/rtlwifi */
1196 break;
1197 case RSU_PWR_OFF:
1198 cmd.mode = R92S_PS_MODE_RADIOOFF;
1199 break;
1200 default:
1201 device_printf(sc->sc_dev, "%s: unknown ps mode (%d)\n",
1202 __func__,
1203 state);
1204 return (ENXIO);
1205 }
1206
1207 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1208 "%s: setting ps mode to %d (mode %d)\n",
1209 __func__, state, cmd.mode);
1210 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd));
1211 if (error == 0)
1212 sc->sc_curpwrstate = state;
1213
1214 return (error);
1215}
1216
1217static int
1218rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
1219{
1220 struct rsu_vap *uvp = RSU_VAP(vap);
1221 struct ieee80211com *ic = vap->iv_ic;
1222 struct rsu_softc *sc = ic->ic_softc;
1223 struct ieee80211_node *ni;
1224 struct ieee80211_rateset *rs;
1225 enum ieee80211_state ostate;
1226 int error, startcal = 0;
1227
1228 ostate = vap->iv_state;
1229 RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: %s -> %s\n",
1230 __func__,
1231 ieee80211_state_name[ostate],
1232 ieee80211_state_name[nstate]);
1233
1234 IEEE80211_UNLOCK(ic);
1235 if (ostate == IEEE80211_S_RUN) {
1236 RSU_LOCK(sc);
1237 /* Stop calibration. */
1238 sc->sc_calibrating = 0;
1239 RSU_UNLOCK(sc);
1240 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task);
1241 taskqueue_drain(taskqueue_thread, &sc->tx_task);
1242 /* Disassociate from our current BSS. */
1243 RSU_LOCK(sc);
1244 rsu_disconnect(sc);
1245 } else
1246 RSU_LOCK(sc);
1247 switch (nstate) {
1248 case IEEE80211_S_INIT:
1249 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
1250 break;
1251 case IEEE80211_S_AUTH:
1252 ni = ieee80211_ref_node(vap->iv_bss);
1253 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
1254 error = rsu_join_bss(sc, ni);
1255 ieee80211_free_node(ni);
1256 if (error != 0) {
1257 device_printf(sc->sc_dev,
1258 "could not send join command\n");
1259 }
1260 break;
1261 case IEEE80211_S_RUN:
1262 ni = ieee80211_ref_node(vap->iv_bss);
1263 rs = &ni->ni_rates;
1264 /* Indicate highest supported rate. */
1265 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1];
1266 (void) rsu_set_fw_power_state(sc, RSU_PWR_SLEEP);
1267 ieee80211_free_node(ni);
1268 startcal = 1;
1269 break;
1270 default:
1271 break;
1272 }
1273 sc->sc_calibrating = 1;
1274 /* Start periodic calibration. */
1275 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz);
1276 RSU_UNLOCK(sc);
1277 IEEE80211_LOCK(ic);
1278 return (uvp->newstate(vap, nstate, arg));
1279}
1280
1281#ifdef notyet
1282static void
1283rsu_set_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1284{
1285 struct r92s_fw_cmd_set_key key;
1286
1287 memset(&key, 0, sizeof(key));
1288 /* Map net80211 cipher to HW crypto algorithm. */
1289 switch (k->wk_cipher->ic_cipher) {
1290 case IEEE80211_CIPHER_WEP:
1291 if (k->wk_keylen < 8)
1292 key.algo = R92S_KEY_ALGO_WEP40;
1293 else
1294 key.algo = R92S_KEY_ALGO_WEP104;
1295 break;
1296 case IEEE80211_CIPHER_TKIP:
1297 key.algo = R92S_KEY_ALGO_TKIP;
1298 break;
1299 case IEEE80211_CIPHER_AES_CCM:
1300 key.algo = R92S_KEY_ALGO_AES;
1301 break;
1302 default:
1303 return;
1304 }
1305 key.id = k->wk_keyix;
1306 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0;
1307 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key)));
1308 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1309}
1310
1311static void
1312rsu_delete_key(struct rsu_softc *sc, const struct ieee80211_key *k)
1313{
1314 struct r92s_fw_cmd_set_key key;
1315
1316 memset(&key, 0, sizeof(key));
1317 key.id = k->wk_keyix;
1318 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key));
1319}
1320#endif
1321
1322static int
1323rsu_site_survey(struct rsu_softc *sc, struct ieee80211vap *vap)
1324{
1325 struct r92s_fw_cmd_sitesurvey cmd;
1326 struct ieee80211com *ic = &sc->sc_ic;
1327 int r;
1328
1329 RSU_ASSERT_LOCKED(sc);
1330
1331 memset(&cmd, 0, sizeof(cmd));
1332 if ((ic->ic_flags & IEEE80211_F_ASCAN) || sc->sc_scan_pass == 1)
1333 cmd.active = htole32(1);
1334 cmd.limit = htole32(48);
1335 if (sc->sc_scan_pass == 1 && vap->iv_des_nssid > 0) {
1336 /* Do a directed scan for second pass. */
1337 cmd.ssidlen = htole32(vap->iv_des_ssid[0].len);
1338 memcpy(cmd.ssid, vap->iv_des_ssid[0].ssid,
1339 vap->iv_des_ssid[0].len);
1340
1341 }
1342 DPRINTF("sending site survey command, pass=%d\n", sc->sc_scan_pass);
1343 r = rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd));
1344 if (r == 0) {
1345 sc->sc_scanning = 1;
1346 }
1347 return (r);
1348}
1349
1350static int
1351rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni)
1352{
1353 struct ieee80211com *ic = &sc->sc_ic;
1354 struct ieee80211vap *vap = ni->ni_vap;
1355 struct ndis_wlan_bssid_ex *bss;
1356 struct ndis_802_11_fixed_ies *fixed;
1357 struct r92s_fw_cmd_auth auth;
1358 uint8_t buf[sizeof(*bss) + 128] __aligned(4);
1359 uint8_t *frm;
1360 uint8_t opmode;
1361 int error;
1362 int cnt;
1363 char *msg = "rsujoin";
1364
1365 RSU_ASSERT_LOCKED(sc);
1366
1367 /*
1368 * Until net80211 scanning doesn't automatically finish
1369 * before we tell it to, let's just wait until any pending
1370 * scan is done.
1371 *
1372 * XXX TODO: yes, this releases and re-acquires the lock.
1373 * We should re-verify the state whenever we re-attempt this!
1374 */
1375 cnt = 0;
1376 while (sc->sc_scanning && cnt < 10) {
1377 device_printf(sc->sc_dev,
1378 "%s: still scanning! (attempt %d)\n",
1379 __func__, cnt);
1380 msleep(msg, &sc->sc_mtx, 0, msg, hz / 2);
1381 cnt++;
1382 }
1383
1384 /* Let the FW decide the opmode based on the capinfo field. */
1385 opmode = NDIS802_11AUTOUNKNOWN;
1386 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1387 "%s: setting operating mode to %d\n",
1388 __func__, opmode);
1389 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode));
1390 if (error != 0)
1391 return (error);
1392
1393 memset(&auth, 0, sizeof(auth));
1394 if (vap->iv_flags & IEEE80211_F_WPA) {
1395 auth.mode = R92S_AUTHMODE_WPA;
1396 auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X);
1397 } else
1398 auth.mode = R92S_AUTHMODE_OPEN;
1399 RSU_DPRINTF(sc, RSU_DEBUG_RESET,
1400 "%s: setting auth mode to %d\n",
1401 __func__, auth.mode);
1402 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth));
1403 if (error != 0)
1404 return (error);
1405
1406 memset(buf, 0, sizeof(buf));
1407 bss = (struct ndis_wlan_bssid_ex *)buf;
1408 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid);
1409 bss->ssid.ssidlen = htole32(ni->ni_esslen);
1410 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen);
1411 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA))
1412 bss->privacy = htole32(1);
1413 bss->rssi = htole32(ni->ni_avgrssi);
1414 if (ic->ic_curmode == IEEE80211_MODE_11B)
1415 bss->networktype = htole32(NDIS802_11DS);
1416 else
1417 bss->networktype = htole32(NDIS802_11OFDM24);
1418 bss->config.len = htole32(sizeof(bss->config));
1419 bss->config.bintval = htole32(ni->ni_intval);
1420 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan));
1421 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE);
1422 /* XXX verify how this is supposed to look! */
1423 memcpy(bss->supprates, ni->ni_rates.rs_rates,
1424 ni->ni_rates.rs_nrates);
1425 /* Write the fixed fields of the beacon frame. */
1426 fixed = (struct ndis_802_11_fixed_ies *)&bss[1];
1427 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8);
1428 fixed->bintval = htole16(ni->ni_intval);
1429 fixed->capabilities = htole16(ni->ni_capinfo);
1430 /* Write IEs to be included in the association request. */
1431 frm = (uint8_t *)&fixed[1];
1432 frm = ieee80211_add_rsn(frm, vap);
1433 frm = ieee80211_add_wpa(frm, vap);
1434 frm = ieee80211_add_qos(frm, ni);
1435 if ((ic->ic_flags & IEEE80211_F_WME) &&
1436 (ni->ni_ies.wme_ie != NULL))
1437 frm = ieee80211_add_wme_info(frm, &ic->ic_wme);
1438 if (ni->ni_flags & IEEE80211_NODE_HT) {
1439 frm = ieee80211_add_htcap(frm, ni);
1440 frm = ieee80211_add_htinfo(frm, ni);
1441 }
1442 bss->ieslen = htole32(frm - (uint8_t *)fixed);
1443 bss->len = htole32(((frm - buf) + 3) & ~3);
1444 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_FWCMD,
1445 "%s: sending join bss command to %s chan %d\n",
1446 __func__,
1447 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig));
1448 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf)));
1449}
1450
1451static int
1452rsu_disconnect(struct rsu_softc *sc)
1453{
1454 uint32_t zero = 0; /* :-) */
1455
1456 /* Disassociate from our current BSS. */
1457 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1458 "%s: sending disconnect command\n", __func__);
1459 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero)));
1460}
1461
1462/*
1463 * Map the hardware provided RSSI value to a signal level.
1464 * For the most part it's just something we divide by and cap
1465 * so it doesn't overflow the representation by net80211.
1466 */
1467static int
1468rsu_hwrssi_to_rssi(struct rsu_softc *sc, int hw_rssi)
1469{
1470 int v;
1471
1472 if (hw_rssi == 0)
1473 return (0);
1474 v = hw_rssi >> 4;
1475 if (v > 80)
1476 v = 80;
1477 return (v);
1478}
1479
1480static void
1481rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len)
1482{
1483 struct ieee80211com *ic = &sc->sc_ic;
1484 struct ieee80211_frame *wh;
1485 struct ndis_wlan_bssid_ex *bss;
1486 struct ieee80211_rx_stats rxs;
1487 struct mbuf *m;
1488 int pktlen;
1489
1490 if (__predict_false(len < sizeof(*bss)))
1491 return;
1492 bss = (struct ndis_wlan_bssid_ex *)buf;
1493 if (__predict_false(len < sizeof(*bss) + le32toh(bss->ieslen)))
1494 return;
1495
1496 RSU_DPRINTF(sc, RSU_DEBUG_SCAN,
1497 "%s: found BSS %s: len=%d chan=%d inframode=%d "
1498 "networktype=%d privacy=%d, RSSI=%d\n",
1499 __func__,
1500 ether_sprintf(bss->macaddr), le32toh(bss->len),
1501 le32toh(bss->config.dsconfig), le32toh(bss->inframode),
1502 le32toh(bss->networktype), le32toh(bss->privacy),
1503 le32toh(bss->rssi));
1504
1505 /* Build a fake beacon frame to let net80211 do all the parsing. */
1506 /* XXX TODO: just call the new scan API methods! */
1507 pktlen = sizeof(*wh) + le32toh(bss->ieslen);
1508 if (__predict_false(pktlen > MCLBYTES))
1509 return;
1510 m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR);
1511 if (__predict_false(m == NULL))
1512 return;
1513 wh = mtod(m, struct ieee80211_frame *);
1514 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
1515 IEEE80211_FC0_SUBTYPE_BEACON;
1516 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1517 USETW(wh->i_dur, 0);
1518 IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr);
1519 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr);
1520 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr);
1521 *(uint16_t *)wh->i_seq = 0;
1522 memcpy(&wh[1], (uint8_t *)&bss[1], le32toh(bss->ieslen));
1523
1524 /* Finalize mbuf. */
1525 m->m_pkthdr.len = m->m_len = pktlen;
1526
1527 /* Set channel flags for input path */
1528 bzero(&rxs, sizeof(rxs));
1529 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ;
1530 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI;
1531 rxs.c_ieee = le32toh(bss->config.dsconfig);
1532 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ);
1533 /* This is a number from 0..100; so let's just divide it down a bit */
1534 rxs.rssi = le32toh(bss->rssi) / 2;
1535 rxs.nf = -96;
1536
1537 /* XXX avoid a LOR */
1538 RSU_UNLOCK(sc);
1539 ieee80211_input_mimo_all(ic, m, &rxs);
1540 RSU_LOCK(sc);
1541}
1542
1543static void
1544rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len)
1545{
1546 struct ieee80211com *ic = &sc->sc_ic;
1547 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1548 struct ieee80211_node *ni = vap->iv_bss;
1549 struct r92s_event_join_bss *rsp;
1550 uint32_t tmp;
1551 int res;
1552
1553 if (__predict_false(len < sizeof(*rsp)))
1554 return;
1555 rsp = (struct r92s_event_join_bss *)buf;
1556 res = (int)le32toh(rsp->join_res);
1557
1558 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1559 "%s: Rx join BSS event len=%d res=%d\n",
1560 __func__, len, res);
1561
1562 /*
1563 * XXX Don't do this; there's likely a better way to tell
1564 * the caller we failed.
1565 */
1566 if (res <= 0) {
1567 RSU_UNLOCK(sc);
1568 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1569 RSU_LOCK(sc);
1570 return;
1571 }
1572
1573 tmp = le32toh(rsp->associd);
1574 if (tmp >= vap->iv_max_aid) {
1575 DPRINTF("Assoc ID overflow\n");
1576 tmp = 1;
1577 }
1578 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD,
1579 "%s: associated with %s associd=%d\n",
1580 __func__, ether_sprintf(rsp->bss.macaddr), tmp);
1581 /* XXX is this required? What's the top two bits for again? */
1582 ni->ni_associd = tmp | 0xc000;
1583 RSU_UNLOCK(sc);
1584 ieee80211_new_state(vap, IEEE80211_S_RUN,
1585 IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1586 RSU_LOCK(sc);
1587}
1588
1589static void
1590rsu_event_addba_req_report(struct rsu_softc *sc, uint8_t *buf, int len)
1591{
1592 struct ieee80211com *ic = &sc->sc_ic;
1593 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1594 struct r92s_add_ba_event *ba = (void *) buf;
1595 struct ieee80211_node *ni;
1596
1597 if (len < sizeof(*ba)) {
1598 device_printf(sc->sc_dev, "%s: short read (%d)\n", __func__, len);
1599 return;
1600 }
1601
1602 if (vap == NULL)
1603 return;
1604
1605 RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: mac=%s, tid=%d, ssn=%d\n",
1606 __func__,
1607 ether_sprintf(ba->mac_addr),
1608 (int) ba->tid,
1609 (int) le16toh(ba->ssn));
1610
1611 /* XXX do node lookup; this is STA specific */
1612
1613 ni = ieee80211_ref_node(vap->iv_bss);
1614 ieee80211_ampdu_rx_start_ext(ni, ba->tid, le16toh(ba->ssn) >> 4, 32);
1615 ieee80211_free_node(ni);
1616}
1617
1618static void
1619rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len)
1620{
1621 struct ieee80211com *ic = &sc->sc_ic;
1622 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1623
1624 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD,
1625 "%s: Rx event code=%d len=%d\n", __func__, code, len);
1626 switch (code) {
1627 case R92S_EVT_SURVEY:
1628 rsu_event_survey(sc, buf, len);
1629 break;
1630 case R92S_EVT_SURVEY_DONE:
1631 RSU_DPRINTF(sc, RSU_DEBUG_SCAN,
1632 "%s: site survey pass %d done, found %d BSS\n",
1633 __func__, sc->sc_scan_pass, le32toh(*(uint32_t *)buf));
1634 sc->sc_scanning = 0;
1635 if (vap->iv_state != IEEE80211_S_SCAN)
1636 break; /* Ignore if not scanning. */
1637
1638 /*
1639 * XXX TODO: This needs to be done without a transition to
1640 * the SCAN state again. Grr.
1641 */
1642 if (sc->sc_scan_pass == 0 && vap->iv_des_nssid != 0) {
1643 /* Schedule a directed scan for hidden APs. */
1644 /* XXX bad! */
1645 sc->sc_scan_pass = 1;
1646 RSU_UNLOCK(sc);
1647 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1648 RSU_LOCK(sc);
1649 break;
1650 }
1651 sc->sc_scan_pass = 0;
1652 break;
1653 case R92S_EVT_JOIN_BSS:
1654 if (vap->iv_state == IEEE80211_S_AUTH)
1655 rsu_event_join_bss(sc, buf, len);
1656 break;
1657 case R92S_EVT_DEL_STA:
1658 RSU_DPRINTF(sc, RSU_DEBUG_FWCMD | RSU_DEBUG_STATE,
1659 "%s: disassociated from %s\n", __func__,
1660 ether_sprintf(buf));
1661 if (vap->iv_state == IEEE80211_S_RUN &&
1662 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) {
1663 RSU_UNLOCK(sc);
1664 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1);
1665 RSU_LOCK(sc);
1666 }
1667 break;
1668 case R92S_EVT_WPS_PBC:
1669 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD,
1670 "%s: WPS PBC pushed.\n", __func__);
1671 break;
1672 case R92S_EVT_FWDBG:
1673 buf[60] = '\0';
1674 RSU_DPRINTF(sc, RSU_DEBUG_FWDBG, "FWDBG: %s\n", (char *)buf);
1675 break;
1676 case R92S_EVT_ADDBA_REQ_REPORT:
1677 rsu_event_addba_req_report(sc, buf, len);
1678 break;
1679 default:
1680 device_printf(sc->sc_dev, "%s: unhandled code (%d)\n", __func__, code);
1681 break;
1682 }
1683}
1684
1685static void
1686rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len)
1687{
1688 struct r92s_fw_cmd_hdr *cmd;
1689 int cmdsz;
1690
1691 RSU_DPRINTF(sc, RSU_DEBUG_RX, "%s: Rx events len=%d\n", __func__, len);
1692
1693 /* Skip Rx status. */
1694 buf += sizeof(struct r92s_rx_stat);
1695 len -= sizeof(struct r92s_rx_stat);
1696
1697 /* Process all events. */
1698 for (;;) {
1699 /* Check that command header fits. */
1700 if (__predict_false(len < sizeof(*cmd)))
1701 break;
1702 cmd = (struct r92s_fw_cmd_hdr *)buf;
1703 /* Check that command payload fits. */
1704 cmdsz = le16toh(cmd->len);
1705 if (__predict_false(len < sizeof(*cmd) + cmdsz))
1706 break;
1707
1708 /* Process firmware event. */
1709 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz);
1710
1711 if (!(cmd->seq & R92S_FW_CMD_MORE))
1712 break;
1713 buf += sizeof(*cmd) + cmdsz;
1714 len -= sizeof(*cmd) + cmdsz;
1715 }
1716}
1717
1718#if 0
1719static int8_t
1720rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt)
1721{
1722 static const int8_t cckoff[] = { 14, -2, -20, -40 };
1723 struct r92s_rx_phystat *phy;
1724 struct r92s_rx_cck *cck;
1725 uint8_t rpt;
1726 int8_t rssi;
1727
1728 if (rate <= 3) {
1729 cck = (struct r92s_rx_cck *)physt;
1730 rpt = (cck->agc_rpt >> 6) & 0x3;
1731 rssi = cck->agc_rpt & 0x3e;
1732 rssi = cckoff[rpt] - rssi;
1733 } else { /* OFDM/HT. */
1734 phy = (struct r92s_rx_phystat *)physt;
1735 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106;
1736 }
1737 return (rssi);
1738}
1739#endif
1740
1741static struct mbuf *
1742rsu_rx_frame(struct rsu_softc *sc, uint8_t *buf, int pktlen)
1743{
1744 struct ieee80211com *ic = &sc->sc_ic;
1745 struct ieee80211_frame *wh;
1746 struct r92s_rx_stat *stat;
1747 uint32_t rxdw0, rxdw3;
1748 struct mbuf *m;
1749 uint8_t rate;
1750 int infosz;
1751
1752 stat = (struct r92s_rx_stat *)buf;
1753 rxdw0 = le32toh(stat->rxdw0);
1754 rxdw3 = le32toh(stat->rxdw3);
1755
1756 if (__predict_false(rxdw0 & R92S_RXDW0_CRCERR)) {
1757 counter_u64_add(ic->ic_ierrors, 1);
1758 return NULL;
1759 }
1760 if (__predict_false(pktlen < sizeof(*wh) || pktlen > MCLBYTES)) {
1761 counter_u64_add(ic->ic_ierrors, 1);
1762 return NULL;
1763 }
1764
1765 rate = MS(rxdw3, R92S_RXDW3_RATE);
1766 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1767
1768#if 0
1769 /* Get RSSI from PHY status descriptor if present. */
1770 if (infosz != 0)
1771 *rssi = rsu_get_rssi(sc, rate, &stat[1]);
1772 else
1773 *rssi = 0;
1774#endif
1775
1776 RSU_DPRINTF(sc, RSU_DEBUG_RX,
1777 "%s: Rx frame len=%d rate=%d infosz=%d\n",
1778 __func__, pktlen, rate, infosz);
1779
1780 m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR);
1781 if (__predict_false(m == NULL)) {
1782 counter_u64_add(ic->ic_ierrors, 1);
1783 return NULL;
1784 }
1785 /* Hardware does Rx TCP checksum offload. */
1786 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) {
1787 if (__predict_true(rxdw3 & R92S_RXDW3_TCPCHKRPT))
1788 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID;
1789 }
1790 wh = (struct ieee80211_frame *)((uint8_t *)&stat[1] + infosz);
1791 memcpy(mtod(m, uint8_t *), wh, pktlen);
1792 m->m_pkthdr.len = m->m_len = pktlen;
1793
1794 if (ieee80211_radiotap_active(ic)) {
1795 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap;
1796
1797 /* Map HW rate index to 802.11 rate. */
1798 tap->wr_flags = 2;
1799 if (!(rxdw3 & R92S_RXDW3_HTC)) {
1800 switch (rate) {
1801 /* CCK. */
1802 case 0: tap->wr_rate = 2; break;
1803 case 1: tap->wr_rate = 4; break;
1804 case 2: tap->wr_rate = 11; break;
1805 case 3: tap->wr_rate = 22; break;
1806 /* OFDM. */
1807 case 4: tap->wr_rate = 12; break;
1808 case 5: tap->wr_rate = 18; break;
1809 case 6: tap->wr_rate = 24; break;
1810 case 7: tap->wr_rate = 36; break;
1811 case 8: tap->wr_rate = 48; break;
1812 case 9: tap->wr_rate = 72; break;
1813 case 10: tap->wr_rate = 96; break;
1814 case 11: tap->wr_rate = 108; break;
1815 }
1816 } else if (rate >= 12) { /* MCS0~15. */
1817 /* Bit 7 set means HT MCS instead of rate. */
1818 tap->wr_rate = 0x80 | (rate - 12);
1819 }
1820#if 0
1821 tap->wr_dbm_antsignal = *rssi;
1822#endif
1823 /* XXX not nice */
1824 tap->wr_dbm_antsignal = rsu_hwrssi_to_rssi(sc, sc->sc_currssi);
1825 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
1826 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
1827 }
1828
1829 return (m);
1830}
1831
1832static struct mbuf *
1833rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len)
1834{
1835 struct r92s_rx_stat *stat;
1836 uint32_t rxdw0;
1837 int totlen, pktlen, infosz, npkts;
1838 struct mbuf *m, *m0 = NULL, *prevm = NULL;
1839
1840 /* Get the number of encapsulated frames. */
1841 stat = (struct r92s_rx_stat *)buf;
1842 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT);
1843 RSU_DPRINTF(sc, RSU_DEBUG_RX,
1844 "%s: Rx %d frames in one chunk\n", __func__, npkts);
1845
1846 /* Process all of them. */
1847 while (npkts-- > 0) {
1848 if (__predict_false(len < sizeof(*stat)))
1849 break;
1850 stat = (struct r92s_rx_stat *)buf;
1851 rxdw0 = le32toh(stat->rxdw0);
1852
1853 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN);
1854 if (__predict_false(pktlen == 0))
1855 break;
1856
1857 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8;
1858
1859 /* Make sure everything fits in xfer. */
1860 totlen = sizeof(*stat) + infosz + pktlen;
1861 if (__predict_false(totlen > len))
1862 break;
1863
1864 /* Process 802.11 frame. */
1865 m = rsu_rx_frame(sc, buf, pktlen);
1866 if (m0 == NULL)
1867 m0 = m;
1868 if (prevm == NULL)
1869 prevm = m;
1870 else {
1871 prevm->m_next = m;
1872 prevm = m;
1873 }
1874 /* Next chunk is 128-byte aligned. */
1875 totlen = (totlen + 127) & ~127;
1876 buf += totlen;
1877 len -= totlen;
1878 }
1879
1880 return (m0);
1881}
1882
1883static struct mbuf *
1884rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data)
1885{
1886 struct rsu_softc *sc = data->sc;
1887 struct ieee80211com *ic = &sc->sc_ic;
1888 struct r92s_rx_stat *stat;
1889 int len;
1890
1891 usbd_xfer_status(xfer, &len, NULL, NULL, NULL);
1892
1893 if (__predict_false(len < sizeof(*stat))) {
1894 DPRINTF("xfer too short %d\n", len);
1895 counter_u64_add(ic->ic_ierrors, 1);
1896 return (NULL);
1897 }
1898 /* Determine if it is a firmware C2H event or an 802.11 frame. */
1899 stat = (struct r92s_rx_stat *)data->buf;
1900 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) {
1901 rsu_rx_multi_event(sc, data->buf, len);
1902 /* No packets to process. */
1903 return (NULL);
1904 } else
1905 return (rsu_rx_multi_frame(sc, data->buf, len));
1906}
1907
1908static void
1909rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
1910{
1911 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1912 struct ieee80211com *ic = &sc->sc_ic;
1913 struct ieee80211_frame *wh;
1914 struct ieee80211_node *ni;
1915 struct mbuf *m = NULL, *next;
1916 struct rsu_data *data;
1917
1918 RSU_ASSERT_LOCKED(sc);
1919
1920 switch (USB_GET_STATE(xfer)) {
1921 case USB_ST_TRANSFERRED:
1922 data = STAILQ_FIRST(&sc->sc_rx_active);
1923 if (data == NULL)
1924 goto tr_setup;
1925 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1926 m = rsu_rxeof(xfer, data);
1927 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1928 /* FALLTHROUGH */
1929 case USB_ST_SETUP:
1930tr_setup:
1931 /*
1932 * XXX TODO: if we have an mbuf list, but then
1933 * we hit data == NULL, what now?
1934 */
1935 data = STAILQ_FIRST(&sc->sc_rx_inactive);
1936 if (data == NULL) {
1937 KASSERT(m == NULL, ("mbuf isn't NULL"));
1938 return;
1939 }
1940 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next);
1941 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next);
1942 usbd_xfer_set_frame_data(xfer, 0, data->buf,
1943 usbd_xfer_max_len(xfer));
1944 usbd_transfer_submit(xfer);
1945 /*
1946 * To avoid LOR we should unlock our private mutex here to call
1947 * ieee80211_input() because here is at the end of a USB
1948 * callback and safe to unlock.
1949 */
1950 RSU_UNLOCK(sc);
1951 while (m != NULL) {
1952 int rssi;
1953
1954 /* Cheat and get the last calibrated RSSI */
1955 rssi = rsu_hwrssi_to_rssi(sc, sc->sc_currssi);
1956
1957 next = m->m_next;
1958 m->m_next = NULL;
1959 wh = mtod(m, struct ieee80211_frame *);
1960 ni = ieee80211_find_rxnode(ic,
1961 (struct ieee80211_frame_min *)wh);
1962 if (ni != NULL) {
1963 if (ni->ni_flags & IEEE80211_NODE_HT)
1964 m->m_flags |= M_AMPDU;
1965 (void)ieee80211_input(ni, m, rssi, -96);
1966 ieee80211_free_node(ni);
1967 } else
1968 (void)ieee80211_input_all(ic, m, rssi, -96);
1969 m = next;
1970 }
1971 RSU_LOCK(sc);
1972 break;
1973 default:
1974 /* needs it to the inactive queue due to a error. */
1975 data = STAILQ_FIRST(&sc->sc_rx_active);
1976 if (data != NULL) {
1977 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1978 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1979 }
1980 if (error != USB_ERR_CANCELLED) {
1981 usbd_xfer_set_stall(xfer);
1982 counter_u64_add(ic->ic_ierrors, 1);
1983 goto tr_setup;
1984 }
1985 break;
1986 }
1987
1988}
1989
1990static void
1991rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data)
1992{
1993#ifdef USB_DEBUG
1994 struct rsu_softc *sc = usbd_xfer_softc(xfer);
1995#endif
1996
1997 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: called; data=%p\n",
1998 __func__,
1999 data);
2000
2001 if (data->m) {
2002 /* XXX status? */
2003 ieee80211_tx_complete(data->ni, data->m, 0);
2004 data->m = NULL;
2005 data->ni = NULL;
2006 }
2007}
2008
2009static void
2010rsu_bulk_tx_callback_sub(struct usb_xfer *xfer, usb_error_t error,
2011 uint8_t which)
2012{
2013 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2014 struct ieee80211com *ic = &sc->sc_ic;
2015 struct rsu_data *data;
2016
2017 RSU_ASSERT_LOCKED(sc);
2018
2019 switch (USB_GET_STATE(xfer)) {
2020 case USB_ST_TRANSFERRED:
2021 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
2022 if (data == NULL)
2023 goto tr_setup;
2024 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: transfer done %p\n",
2025 __func__, data);
2026 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
2027 rsu_txeof(xfer, data);
2028 rsu_freebuf(sc, data);
2029 /* FALLTHROUGH */
2030 case USB_ST_SETUP:
2031tr_setup:
2032 data = STAILQ_FIRST(&sc->sc_tx_pending[which]);
2033 if (data == NULL) {
2034 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE,
2035 "%s: empty pending queue sc %p\n", __func__, sc);
2036 return;
2037 }
2038 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next);
2039 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next);
2040 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen);
2041 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE,
2042 "%s: submitting transfer %p\n",
2043 __func__,
2044 data);
2045 usbd_transfer_submit(xfer);
2046 break;
2047 default:
2048 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
2049 if (data != NULL) {
2050 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
2051 rsu_txeof(xfer, data);
2052 rsu_freebuf(sc, data);
2053 }
2054 counter_u64_add(ic->ic_oerrors, 1);
2055
2056 if (error != USB_ERR_CANCELLED) {
2057 usbd_xfer_set_stall(xfer);
2058 goto tr_setup;
2059 }
2060 break;
2061 }
2062
2063 /*
2064 * XXX TODO: if the queue is low, flush out FF TX frames.
2065 * Remember to unlock the driver for now; net80211 doesn't
2066 * defer it for us.
2067 */
2068}
2069
2070static void
2071rsu_bulk_tx_callback_be_bk(struct usb_xfer *xfer, usb_error_t error)
2072{
2073 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2074
2075 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_BE_BK);
2076
2077 /* This kicks the TX taskqueue */
2078 rsu_start(sc);
2079}
2080
2081static void
2082rsu_bulk_tx_callback_vi_vo(struct usb_xfer *xfer, usb_error_t error)
2083{
2084 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2085
2086 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_VI_VO);
2087
2088 /* This kicks the TX taskqueue */
2089 rsu_start(sc);
2090}
2091
2092static void
2093rsu_bulk_tx_callback_h2c(struct usb_xfer *xfer, usb_error_t error)
2094{
2095 struct rsu_softc *sc = usbd_xfer_softc(xfer);
2096
2097 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_H2C);
2098
2099 /* This kicks the TX taskqueue */
2100 rsu_start(sc);
2101}
2102
2103/*
2104 * Transmit the given frame.
2105 *
2106 * This doesn't free the node or mbuf upon failure.
2107 */
2108static int
2109rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni,
2110 struct mbuf *m0, struct rsu_data *data)
2111{
2112 struct ieee80211com *ic = &sc->sc_ic;
2113 struct ieee80211vap *vap = ni->ni_vap;
2114 struct ieee80211_frame *wh;
2115 struct ieee80211_key *k = NULL;
2116 struct r92s_tx_desc *txd;
2117 uint8_t type;
2118 int prio = 0;
2119 uint8_t which;
2120 int hasqos;
2121 int xferlen;
2122 int qid;
2123
2124 RSU_ASSERT_LOCKED(sc);
2125
2126 wh = mtod(m0, struct ieee80211_frame *);
2127 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2128
2129 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: data=%p, m=%p\n",
2130 __func__, data, m0);
2131
2132 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2133 k = ieee80211_crypto_encap(ni, m0);
2134 if (k == NULL) {
2135 device_printf(sc->sc_dev,
2136 "ieee80211_crypto_encap returns NULL.\n");
2137 /* XXX we don't expect the fragmented frames */
2138 return (ENOBUFS);
2139 }
2140 wh = mtod(m0, struct ieee80211_frame *);
2141 }
2142 /* If we have QoS then use it */
2143 /* XXX TODO: mbuf WME/PRI versus TID? */
2144 if (IEEE80211_QOS_HAS_SEQ(wh)) {
2145 /* Has QoS */
2146 prio = M_WME_GETAC(m0);
2147 which = rsu_wme_ac_xfer_map[prio];
2148 hasqos = 1;
2149 } else {
2150 /* Non-QoS TID */
2151 /* XXX TODO: tid=0 for non-qos TID? */
2152 which = rsu_wme_ac_xfer_map[WME_AC_BE];
2153 hasqos = 0;
2154 prio = 0;
2155 }
2156
2157 qid = rsu_ac2qid[prio];
2158#if 0
2159 switch (type) {
2160 case IEEE80211_FC0_TYPE_CTL:
2161 case IEEE80211_FC0_TYPE_MGT:
2162 which = rsu_wme_ac_xfer_map[WME_AC_VO];
2163 break;
2164 default:
2165 which = rsu_wme_ac_xfer_map[M_WME_GETAC(m0)];
2166 break;
2167 }
2168 hasqos = 0;
2169#endif
2170
2171 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: pri=%d, which=%d, hasqos=%d\n",
2172 __func__,
2173 prio,
2174 which,
2175 hasqos);
2176
2177 /* Fill Tx descriptor. */
2178 txd = (struct r92s_tx_desc *)data->buf;
2179 memset(txd, 0, sizeof(*txd));
2180
2181 txd->txdw0 |= htole32(
2182 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) |
2183 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) |
2184 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG);
2185
2186 txd->txdw1 |= htole32(
2187 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) | SM(R92S_TXDW1_QSEL, qid));
2188 if (!hasqos)
2189 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS);
2190#ifdef notyet
2191 if (k != NULL) {
2192 switch (k->wk_cipher->ic_cipher) {
2193 case IEEE80211_CIPHER_WEP:
2194 cipher = R92S_TXDW1_CIPHER_WEP;
2195 break;
2196 case IEEE80211_CIPHER_TKIP:
2197 cipher = R92S_TXDW1_CIPHER_TKIP;
2198 break;
2199 case IEEE80211_CIPHER_AES_CCM:
2200 cipher = R92S_TXDW1_CIPHER_AES;
2201 break;
2202 default:
2203 cipher = R92S_TXDW1_CIPHER_NONE;
2204 }
2205 txd->txdw1 |= htole32(
2206 SM(R92S_TXDW1_CIPHER, cipher) |
2207 SM(R92S_TXDW1_KEYIDX, k->k_id));
2208 }
2209#endif
2210 /* XXX todo: set AGGEN bit if appropriate? */
2211 txd->txdw2 |= htole32(R92S_TXDW2_BK);
2212 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
2213 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST);
2214 /*
2215 * Firmware will use and increment the sequence number for the
2216 * specified priority.
2217 */
2218 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, prio));
2219
2220 if (ieee80211_radiotap_active_vap(vap)) {
2221 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap;
2222
2223 tap->wt_flags = 0;
2224 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
2225 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
2226 ieee80211_radiotap_tx(vap, m0);
2227 }
2228
2229 xferlen = sizeof(*txd) + m0->m_pkthdr.len;
2230 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]);
2231
2232 data->buflen = xferlen;
2233 data->ni = ni;
2234 data->m = m0;
2235 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
2236
2237 /* start transfer, if any */
2238 usbd_transfer_start(sc->sc_xfer[which]);
2239 return (0);
2240}
2241
2242static int
2243rsu_transmit(struct ieee80211com *ic, struct mbuf *m)
2244{
2245 struct rsu_softc *sc = ic->ic_softc;
2246 int error;
2247
2248 RSU_LOCK(sc);
2249 if (!sc->sc_running) {
2250 RSU_UNLOCK(sc);
2251 return (ENXIO);
2252 }
2253
2254 /*
2255 * XXX TODO: ensure that we treat 'm' as a list of frames
2256 * to transmit!
2257 */
2258 error = mbufq_enqueue(&sc->sc_snd, m);
2259 if (error) {
2260 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2261 "%s: mbufq_enable: failed (%d)\n",
2262 __func__,
2263 error);
2264 RSU_UNLOCK(sc);
2265 return (error);
2266 }
2267 RSU_UNLOCK(sc);
2268
2269 /* This kicks the TX taskqueue */
2270 rsu_start(sc);
2271
2272 return (0);
2273}
2274
2275static void
2276rsu_drain_mbufq(struct rsu_softc *sc)
2277{
2278 struct mbuf *m;
2279 struct ieee80211_node *ni;
2280
2281 RSU_ASSERT_LOCKED(sc);
2282 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
2283 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
2284 m->m_pkthdr.rcvif = NULL;
2285 ieee80211_free_node(ni);
2286 m_freem(m);
2287 }
2288}
2289
2290static void
2291_rsu_start(struct rsu_softc *sc)
2292{
2293 struct ieee80211_node *ni;
2294 struct rsu_data *bf;
2295 struct mbuf *m;
2296
2297 RSU_ASSERT_LOCKED(sc);
2298
2299 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
2300 bf = rsu_getbuf(sc);
2301 if (bf == NULL) {
2302 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2303 "%s: failed to get buffer\n", __func__);
2304 mbufq_prepend(&sc->sc_snd, m);
2305 break;
2306 }
2307
2308 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
2309 m->m_pkthdr.rcvif = NULL;
2310
2311 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2312 RSU_DPRINTF(sc, RSU_DEBUG_TX,
2313 "%s: failed to transmit\n", __func__);
2314 if_inc_counter(ni->ni_vap->iv_ifp,
2315 IFCOUNTER_OERRORS, 1);
2316 rsu_freebuf(sc, bf);
2317 ieee80211_free_node(ni);
2318 m_freem(m);
2319 break;
2320 }
2321 }
2322}
2323
2324static void
2325rsu_start(struct rsu_softc *sc)
2326{
2327
2328 taskqueue_enqueue(taskqueue_thread, &sc->tx_task);
2329}
2330
2331static void
2332rsu_parent(struct ieee80211com *ic)
2333{
2334 struct rsu_softc *sc = ic->ic_softc;
2335 int startall = 0;
2336
2337 RSU_LOCK(sc);
2338 if (ic->ic_nrunning > 0) {
2339 if (!sc->sc_running) {
2340 rsu_init(sc);
2341 startall = 1;
2342 }
2343 } else if (sc->sc_running)
2344 rsu_stop(sc);
2345 RSU_UNLOCK(sc);
2346
2347 if (startall)
2348 ieee80211_start_all(ic);
2349}
2350
2351/*
2352 * Power on sequence for A-cut adapters.
2353 */
2354static void
2355rsu_power_on_acut(struct rsu_softc *sc)
2356{
2357 uint32_t reg;
2358
2359 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
2360 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
2361
2362 /* Enable AFE macro block's bandgap and Mbias. */
2363 rsu_write_1(sc, R92S_AFE_MISC,
2364 rsu_read_1(sc, R92S_AFE_MISC) |
2365 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN);
2366 /* Enable LDOA15 block. */
2367 rsu_write_1(sc, R92S_LDOA15_CTRL,
2368 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
2369
2370 rsu_write_1(sc, R92S_SPS1_CTRL,
2371 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN);
2372 rsu_ms_delay(sc, 2000);
2373 /* Enable switch regulator block. */
2374 rsu_write_1(sc, R92S_SPS1_CTRL,
2375 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN);
2376
2377 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267);
2378
2379 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2380 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
2381
2382 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2383 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
2384
2385 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2386 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90);
2387
2388 /* Enable AFE clock. */
2389 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
2390 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
2391 /* Enable AFE PLL macro block. */
2392 rsu_write_1(sc, R92S_AFE_PLL_CTRL,
2393 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11);
2394 /* Attach AFE PLL to MACTOP/BB. */
2395 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
2396 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
2397
2398 /* Switch to 40MHz clock instead of 80MHz. */
2399 rsu_write_2(sc, R92S_SYS_CLKR,
2400 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL);
2401
2402 /* Enable MAC clock. */
2403 rsu_write_2(sc, R92S_SYS_CLKR,
2404 rsu_read_2(sc, R92S_SYS_CLKR) |
2405 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2406
2407 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2408
2409 /* Enable digital core and IOREG R/W. */
2410 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2411 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2412
2413 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2414 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2415
2416 /* Switch the control path to firmware. */
2417 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2418 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2419 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2420
2421 rsu_write_2(sc, R92S_CR, 0x37fc);
2422
2423 /* Fix USB RX FIFO issue. */
2424 rsu_write_1(sc, 0xfe5c,
2425 rsu_read_1(sc, 0xfe5c) | 0x80);
2426 rsu_write_1(sc, 0x00ab,
2427 rsu_read_1(sc, 0x00ab) | 0xc0);
2428
2429 rsu_write_1(sc, R92S_SYS_CLKR,
2430 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2431}
2432
2433/*
2434 * Power on sequence for B-cut and C-cut adapters.
2435 */
2436static void
2437rsu_power_on_bcut(struct rsu_softc *sc)
2438{
2439 uint32_t reg;
2440 int ntries;
2441
2442 /* Prevent eFuse leakage. */
2443 rsu_write_1(sc, 0x37, 0xb0);
2444 rsu_ms_delay(sc, 10);
2445 rsu_write_1(sc, 0x37, 0x30);
2446
2447 /* Switch the control path to hardware. */
2448 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2449 if (reg & R92S_FWHW_SEL) {
2450 rsu_write_2(sc, R92S_SYS_CLKR,
2451 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL));
2452 }
2453 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2454 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c);
2455 rsu_ms_delay(sc, 1);
2456
2457 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53);
2458 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57);
2459
2460 reg = rsu_read_1(sc, R92S_AFE_MISC);
2461 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN);
2462 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN |
2463 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN);
2464
2465 /* Enable PLL. */
2466 rsu_write_1(sc, R92S_LDOA15_CTRL,
2467 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN);
2468
2469 rsu_write_1(sc, R92S_LDOV12D_CTRL,
2470 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN);
2471
2472 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2473 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08);
2474
2475 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2476 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20);
2477
2478 /* Support 64KB IMEM. */
2479 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1,
2480 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97);
2481
2482 /* Enable AFE clock. */
2483 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1,
2484 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04);
2485 /* Enable AFE PLL macro block. */
2486 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL);
2487 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2488 rsu_ms_delay(sc, 1);
2489 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51);
2490 rsu_ms_delay(sc, 1);
2491 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11);
2492 rsu_ms_delay(sc, 1);
2493
2494 /* Attach AFE PLL to MACTOP/BB. */
2495 rsu_write_1(sc, R92S_SYS_ISO_CTRL,
2496 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11);
2497
2498 /* Switch to 40MHz clock. */
2499 rsu_write_1(sc, R92S_SYS_CLKR, 0x00);
2500 /* Disable CPU clock and 80MHz SSC. */
2501 rsu_write_1(sc, R92S_SYS_CLKR,
2502 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0);
2503 /* Enable MAC clock. */
2504 rsu_write_2(sc, R92S_SYS_CLKR,
2505 rsu_read_2(sc, R92S_SYS_CLKR) |
2506 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN);
2507
2508 rsu_write_1(sc, R92S_PMC_FSM, 0x02);
2509
2510 /* Enable digital core and IOREG R/W. */
2511 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2512 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08);
2513
2514 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1,
2515 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80);
2516
2517 /* Switch the control path to firmware. */
2518 reg = rsu_read_2(sc, R92S_SYS_CLKR);
2519 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL;
2520 rsu_write_2(sc, R92S_SYS_CLKR, reg);
2521
2522 rsu_write_2(sc, R92S_CR, 0x37fc);
2523
2524 /* Fix USB RX FIFO issue. */
2525 rsu_write_1(sc, 0xfe5c,
2526 rsu_read_1(sc, 0xfe5c) | 0x80);
2527
2528 rsu_write_1(sc, R92S_SYS_CLKR,
2529 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL);
2530
2531 rsu_write_1(sc, 0xfe1c, 0x80);
2532
2533 /* Make sure TxDMA is ready to download firmware. */
2534 for (ntries = 0; ntries < 20; ntries++) {
2535 reg = rsu_read_1(sc, R92S_TCR);
2536 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) ==
2537 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT))
2538 break;
2539 rsu_ms_delay(sc, 1);
2540 }
2541 if (ntries == 20) {
2542 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_TX,
2543 "%s: TxDMA is not ready\n",
2544 __func__);
2545 /* Reset TxDMA. */
2546 reg = rsu_read_1(sc, R92S_CR);
2547 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN);
2548 rsu_ms_delay(sc, 1);
2549 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN);
2550 }
2551}
2552
2553static void
2554rsu_power_off(struct rsu_softc *sc)
2555{
2556 /* Turn RF off. */
2557 rsu_write_1(sc, R92S_RF_CTRL, 0x00);
2558 rsu_ms_delay(sc, 5);
2559
2560 /* Turn MAC off. */
2561 /* Switch control path. */
2562 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38);
2563 /* Reset MACTOP. */
2564 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70);
2565 rsu_write_1(sc, R92S_PMC_FSM, 0x06);
2566 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9);
2567 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8);
2568
2569 /* Disable AFE PLL. */
2570 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00);
2571 /* Disable A15V. */
2572 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54);
2573 /* Disable eFuse 1.2V. */
2574 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50);
2575 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24);
2576 /* Enable AFE macro block's bandgap and Mbias. */
2577 rsu_write_1(sc, R92S_AFE_MISC, 0x30);
2578 /* Disable 1.6V LDO. */
2579 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56);
2580 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43);
2581
2582 /* Firmware - tell it to switch things off */
2583 (void) rsu_set_fw_power_state(sc, RSU_PWR_OFF);
2584}
2585
2586static int
2587rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len)
2588{
2589 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO];
2590 struct rsu_data *data;
2591 struct r92s_tx_desc *txd;
2592 int mlen;
2593
2594 while (len > 0) {
2595 data = rsu_getbuf(sc);
2596 if (data == NULL)
2597 return (ENOMEM);
2598 txd = (struct r92s_tx_desc *)data->buf;
2599 memset(txd, 0, sizeof(*txd));
2600 if (len <= RSU_TXBUFSZ - sizeof(*txd)) {
2601 /* Last chunk. */
2602 txd->txdw0 |= htole32(R92S_TXDW0_LINIP);
2603 mlen = len;
2604 } else
2605 mlen = RSU_TXBUFSZ - sizeof(*txd);
2606 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen));
2607 memcpy(&txd[1], buf, mlen);
2608 data->buflen = sizeof(*txd) + mlen;
2609 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FW | RSU_DEBUG_RESET,
2610 "%s: starting transfer %p\n",
2611 __func__, data);
2612 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next);
2613 buf += mlen;
2614 len -= mlen;
2615 }
2616 usbd_transfer_start(sc->sc_xfer[which]);
2617 return (0);
2618}
2619
2620static int
2621rsu_load_firmware(struct rsu_softc *sc)
2622{
2623 const struct r92s_fw_hdr *hdr;
2624 struct r92s_fw_priv *dmem;
2625 struct ieee80211com *ic = &sc->sc_ic;
2626 const uint8_t *imem, *emem;
2627 int imemsz, ememsz;
2628 const struct firmware *fw;
2629 size_t size;
2630 uint32_t reg;
2631 int ntries, error;
2632
2633 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY) {
2634 RSU_DPRINTF(sc, RSU_DEBUG_ANY,
2635 "%s: Firmware already loaded\n",
2636 __func__);
2637 return (0);
2638 }
2639
2640 RSU_UNLOCK(sc);
2641 /* Read firmware image from the filesystem. */
2642 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) {
2643 device_printf(sc->sc_dev,
2644 "%s: failed load firmware of file rsu-rtl8712fw\n",
2645 __func__);
2646 RSU_LOCK(sc);
2647 return (ENXIO);
2648 }
2649 RSU_LOCK(sc);
2650 size = fw->datasize;
2651 if (size < sizeof(*hdr)) {
2652 device_printf(sc->sc_dev, "firmware too short\n");
2653 error = EINVAL;
2654 goto fail;
2655 }
2656 hdr = (const struct r92s_fw_hdr *)fw->data;
2657 if (hdr->signature != htole16(0x8712) &&
2658 hdr->signature != htole16(0x8192)) {
2659 device_printf(sc->sc_dev,
2660 "invalid firmware signature 0x%x\n",
2661 le16toh(hdr->signature));
2662 error = EINVAL;
2663 goto fail;
2664 }
2665 DPRINTF("FW V%d %02x-%02x %02x:%02x\n", le16toh(hdr->version),
2666 hdr->month, hdr->day, hdr->hour, hdr->minute);
2667
2668 /* Make sure that driver and firmware are in sync. */
2669 if (hdr->privsz != htole32(sizeof(*dmem))) {
2670 device_printf(sc->sc_dev, "unsupported firmware image\n");
2671 error = EINVAL;
2672 goto fail;
2673 }
2674 /* Get FW sections sizes. */
2675 imemsz = le32toh(hdr->imemsz);
2676 ememsz = le32toh(hdr->sramsz);
2677 /* Check that all FW sections fit in image. */
2678 if (size < sizeof(*hdr) + imemsz + ememsz) {
2679 device_printf(sc->sc_dev, "firmware too short\n");
2680 error = EINVAL;
2681 goto fail;
2682 }
2683 imem = (const uint8_t *)&hdr[1];
2684 emem = imem + imemsz;
2685
2686 /* Load IMEM section. */
2687 error = rsu_fw_loadsection(sc, imem, imemsz);
2688 if (error != 0) {
2689 device_printf(sc->sc_dev,
2690 "could not load firmware section %s\n", "IMEM");
2691 goto fail;
2692 }
2693 /* Wait for load to complete. */
2694 for (ntries = 0; ntries != 50; ntries++) {
2695 rsu_ms_delay(sc, 10);
2696 reg = rsu_read_1(sc, R92S_TCR);
2697 if (reg & R92S_TCR_IMEM_CODE_DONE)
2698 break;
2699 }
2700 if (ntries == 50) {
2701 device_printf(sc->sc_dev, "timeout waiting for IMEM transfer\n");
2702 error = ETIMEDOUT;
2703 goto fail;
2704 }
2705 /* Load EMEM section. */
2706 error = rsu_fw_loadsection(sc, emem, ememsz);
2707 if (error != 0) {
2708 device_printf(sc->sc_dev,
2709 "could not load firmware section %s\n", "EMEM");
2710 goto fail;
2711 }
2712 /* Wait for load to complete. */
2713 for (ntries = 0; ntries != 50; ntries++) {
2714 rsu_ms_delay(sc, 10);
2715 reg = rsu_read_2(sc, R92S_TCR);
2716 if (reg & R92S_TCR_EMEM_CODE_DONE)
2717 break;
2718 }
2719 if (ntries == 50) {
2720 device_printf(sc->sc_dev, "timeout waiting for EMEM transfer\n");
2721 error = ETIMEDOUT;
2722 goto fail;
2723 }
2724 /* Enable CPU. */
2725 rsu_write_1(sc, R92S_SYS_CLKR,
2726 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL);
2727 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) {
2728 device_printf(sc->sc_dev, "could not enable system clock\n");
2729 error = EIO;
2730 goto fail;
2731 }
2732 rsu_write_2(sc, R92S_SYS_FUNC_EN,
2733 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN);
2734 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) {
2735 device_printf(sc->sc_dev,
2736 "could not enable microcontroller\n");
2737 error = EIO;
2738 goto fail;
2739 }
2740 /* Wait for CPU to initialize. */
2741 for (ntries = 0; ntries < 100; ntries++) {
2742 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_IMEM_RDY)
2743 break;
2744 rsu_ms_delay(sc, 1);
2745 }
2746 if (ntries == 100) {
2747 device_printf(sc->sc_dev,
2748 "timeout waiting for microcontroller\n");
2749 error = ETIMEDOUT;
2750 goto fail;
2751 }
2752
2753 /* Update DMEM section before loading. */
2754 dmem = __DECONST(struct r92s_fw_priv *, &hdr->priv);
2755 memset(dmem, 0, sizeof(*dmem));
2756 dmem->hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172;
2757 dmem->nendpoints = sc->sc_nendpoints;
2758 dmem->chip_version = sc->cut;
2759 dmem->rf_config = sc->sc_rftype;
2760 dmem->vcs_type = R92S_VCS_TYPE_AUTO;
2761 dmem->vcs_mode = R92S_VCS_MODE_RTS_CTS;
2762 dmem->turbo_mode = 0;
2763 dmem->bw40_en = !! (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40);
2764 dmem->amsdu2ampdu_en = !! (sc->sc_ht);
2765 dmem->ampdu_en = !! (sc->sc_ht);
2766 dmem->agg_offload = !! (sc->sc_ht);
2767 dmem->qos_en = 1;
2768 dmem->ps_offload = 1;
2769 dmem->lowpower_mode = 1; /* XXX TODO: configurable? */
2770 /* Load DMEM section. */
2771 error = rsu_fw_loadsection(sc, (uint8_t *)dmem, sizeof(*dmem));
2772 if (error != 0) {
2773 device_printf(sc->sc_dev,
2774 "could not load firmware section %s\n", "DMEM");
2775 goto fail;
2776 }
2777 /* Wait for load to complete. */
2778 for (ntries = 0; ntries < 100; ntries++) {
2779 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE)
2780 break;
2781 rsu_ms_delay(sc, 1);
2782 }
2783 if (ntries == 100) {
2784 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n",
2785 "DMEM");
2786 error = ETIMEDOUT;
2787 goto fail;
2788 }
2789 /* Wait for firmware readiness. */
2790 for (ntries = 0; ntries < 60; ntries++) {
2791 if (!(rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY))
2792 break;
2793 rsu_ms_delay(sc, 1);
2794 }
2795 if (ntries == 60) {
2796 device_printf(sc->sc_dev,
2797 "timeout waiting for firmware readiness\n");
2798 error = ETIMEDOUT;
2799 goto fail;
2800 }
2801 fail:
2802 firmware_put(fw, FIRMWARE_UNLOAD);
2803 return (error);
2804}
2805
2806
2807static int
2808rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2809 const struct ieee80211_bpf_params *params)
2810{
2811 struct ieee80211com *ic = ni->ni_ic;
2812 struct rsu_softc *sc = ic->ic_softc;
2813 struct rsu_data *bf;
2814
2815 /* prevent management frames from being sent if we're not ready */
2816 if (!sc->sc_running) {
2817 m_freem(m);
2818 return (ENETDOWN);
2819 }
2820 RSU_LOCK(sc);
2821 bf = rsu_getbuf(sc);
2822 if (bf == NULL) {
2823 m_freem(m);
2824 RSU_UNLOCK(sc);
2825 return (ENOBUFS);
2826 }
2827 if (rsu_tx_start(sc, ni, m, bf) != 0) {
2828 m_freem(m);
2829 rsu_freebuf(sc, bf);
2830 RSU_UNLOCK(sc);
2831 return (EIO);
2832 }
2833 RSU_UNLOCK(sc);
2834
2835 return (0);
2836}
2837
2838static void
2839rsu_init(struct rsu_softc *sc)
2840{
2841 struct ieee80211com *ic = &sc->sc_ic;
2842 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2843 uint8_t macaddr[IEEE80211_ADDR_LEN];
2844 int error;
2845 int i;
2846
2847 RSU_ASSERT_LOCKED(sc);
2848
2849 /* Ensure the mbuf queue is drained */
2850 rsu_drain_mbufq(sc);
2851
2852 /* Init host async commands ring. */
2853 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0;
2854
2855 /* Reset power management state. */
2856 rsu_write_1(sc, R92S_USB_HRPWM, 0);
2857
2858 /* Power on adapter. */
2859 if (sc->cut == 1)
2860 rsu_power_on_acut(sc);
2861 else
2862 rsu_power_on_bcut(sc);
2863
2864 /* Load firmware. */
2865 error = rsu_load_firmware(sc);
2866 if (error != 0)
2867 goto fail;
2868
2869 /* Enable Rx TCP checksum offload. */
2870 rsu_write_4(sc, R92S_RCR,
2871 rsu_read_4(sc, R92S_RCR) | 0x04000000);
2872 /* Append PHY status. */
2873 rsu_write_4(sc, R92S_RCR,
2874 rsu_read_4(sc, R92S_RCR) | 0x02000000);
2875
2876 rsu_write_4(sc, R92S_CR,
2877 rsu_read_4(sc, R92S_CR) & ~0xff000000);
2878
2879 /* Use 128 bytes pages. */
2880 rsu_write_1(sc, 0x00b5,
2881 rsu_read_1(sc, 0x00b5) | 0x01);
2882 /* Enable USB Rx aggregation. */
2883 rsu_write_1(sc, 0x00bd,
2884 rsu_read_1(sc, 0x00bd) | 0x80);
2885 /* Set USB Rx aggregation threshold. */
2886 rsu_write_1(sc, 0x00d9, 0x01);
2887 /* Set USB Rx aggregation timeout (1.7ms/4). */
2888 rsu_write_1(sc, 0xfe5b, 0x04);
2889 /* Fix USB Rx FIFO issue. */
2890 rsu_write_1(sc, 0xfe5c,
2891 rsu_read_1(sc, 0xfe5c) | 0x80);
2892
2893 /* Set MAC address. */
2894 IEEE80211_ADDR_COPY(macaddr, vap ? vap->iv_myaddr : ic->ic_macaddr);
2895 rsu_write_region_1(sc, R92S_MACID, macaddr, IEEE80211_ADDR_LEN);
2896
2897 /* It really takes 1.5 seconds for the firmware to boot: */
2898 rsu_ms_delay(sc, 2000);
2899
2900 RSU_DPRINTF(sc, RSU_DEBUG_RESET, "%s: setting MAC address to %s\n",
2901 __func__,
2902 ether_sprintf(macaddr));
2903 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, macaddr,
2904 IEEE80211_ADDR_LEN);
2905 if (error != 0) {
2906 device_printf(sc->sc_dev, "could not set MAC address\n");
2907 goto fail;
2908 }
2909
2910 /* Set PS mode fully active */
2911 error = rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE);
2912
2913 if (error != 0) {
2914 device_printf(sc->sc_dev, "could not set PS mode\n");
2915 goto fail;
2916 }
2917
2918 sc->sc_scan_pass = 0;
2919 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]);
2920
2921 /* We're ready to go. */
2922 sc->sc_running = 1;
2923 sc->sc_scanning = 0;
2924 return;
2925fail:
2926 /* Need to stop all failed transfers, if any */
2927 for (i = 0; i != RSU_N_TRANSFER; i++)
2928 usbd_transfer_stop(sc->sc_xfer[i]);
2929}
2930
2931static void
2932rsu_stop(struct rsu_softc *sc)
2933{
2934 int i;
2935
2936 RSU_ASSERT_LOCKED(sc);
2937
2938 sc->sc_running = 0;
2939 sc->sc_calibrating = 0;
2940 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL);
2941 taskqueue_cancel(taskqueue_thread, &sc->tx_task, NULL);
2942
2943 /* Power off adapter. */
2944 rsu_power_off(sc);
2945
2946 for (i = 0; i < RSU_N_TRANSFER; i++)
2947 usbd_transfer_stop(sc->sc_xfer[i]);
2948
2949 /* Ensure the mbuf queue is drained */
2950 rsu_drain_mbufq(sc);
2951}
2952
2953/*
2954 * Note: usb_pause_mtx() actually releases the mutex before calling pause(),
2955 * which breaks any kind of driver serialisation.
2956 */
2957static void
2958rsu_ms_delay(struct rsu_softc *sc, int ms)
2959{
2960
2961 //usb_pause_mtx(&sc->sc_mtx, hz / 1000);
2962 DELAY(ms * 1000);
2963}
|