if_rsu.c revision 272461
1/* $OpenBSD: if_rsu.c,v 1.17 2013/04/15 09:23:01 mglocker Exp $ */ 2 3/*- 4 * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18#include <sys/cdefs.h> 19__FBSDID("$FreeBSD: releng/10.1/sys/dev/usb/wlan/if_rsu.c 267349 2014-06-11 05:50:04Z hselasky $"); 20 21/* 22 * Driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU. 23 * 24 * TODO: 25 * o 11n support 26 * o h/w crypto 27 * o hostap / ibss / mesh 28 */ 29#include <sys/param.h> 30#include <sys/endian.h> 31#include <sys/sockio.h> 32#include <sys/mbuf.h> 33#include <sys/kernel.h> 34#include <sys/socket.h> 35#include <sys/systm.h> 36#include <sys/conf.h> 37#include <sys/bus.h> 38#include <sys/rman.h> 39#include <sys/firmware.h> 40#include <sys/module.h> 41 42#include <machine/bus.h> 43#include <machine/resource.h> 44 45#include <net/bpf.h> 46#include <net/if.h> 47#include <net/if_arp.h> 48#include <net/if_dl.h> 49#include <net/if_media.h> 50#include <net/if_types.h> 51 52#include <netinet/in.h> 53#include <netinet/in_systm.h> 54#include <netinet/in_var.h> 55#include <netinet/if_ether.h> 56#include <netinet/ip.h> 57 58#include <net80211/ieee80211_var.h> 59#include <net80211/ieee80211_regdomain.h> 60#include <net80211/ieee80211_radiotap.h> 61 62#include <dev/usb/usb.h> 63#include <dev/usb/usbdi.h> 64#include "usbdevs.h" 65 66#define USB_DEBUG_VAR rsu_debug 67#include <dev/usb/usb_debug.h> 68 69#include <dev/usb/wlan/if_rsureg.h> 70 71#ifdef USB_DEBUG 72static int rsu_debug = 0; 73SYSCTL_NODE(_hw_usb, OID_AUTO, rsu, CTLFLAG_RW, 0, "USB rsu"); 74SYSCTL_INT(_hw_usb_rsu, OID_AUTO, debug, CTLFLAG_RW, &rsu_debug, 0, 75 "Debug level"); 76#endif 77 78static const STRUCT_USB_HOST_ID rsu_devs[] = { 79#define RSU_HT_NOT_SUPPORTED 0 80#define RSU_HT_SUPPORTED 1 81#define RSU_DEV_HT(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \ 82 RSU_HT_SUPPORTED) } 83#define RSU_DEV(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \ 84 RSU_HT_NOT_SUPPORTED) } 85 RSU_DEV(ASUS, RTL8192SU), 86 RSU_DEV(AZUREWAVE, RTL8192SU_4), 87 RSU_DEV_HT(ACCTON, RTL8192SU), 88 RSU_DEV_HT(ASUS, USBN10), 89 RSU_DEV_HT(AZUREWAVE, RTL8192SU_1), 90 RSU_DEV_HT(AZUREWAVE, RTL8192SU_2), 91 RSU_DEV_HT(AZUREWAVE, RTL8192SU_3), 92 RSU_DEV_HT(AZUREWAVE, RTL8192SU_5), 93 RSU_DEV_HT(BELKIN, RTL8192SU_1), 94 RSU_DEV_HT(BELKIN, RTL8192SU_2), 95 RSU_DEV_HT(BELKIN, RTL8192SU_3), 96 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_1), 97 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_2), 98 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_3), 99 RSU_DEV_HT(COREGA, RTL8192SU), 100 RSU_DEV_HT(DLINK2, DWA131A1), 101 RSU_DEV_HT(DLINK2, RTL8192SU_1), 102 RSU_DEV_HT(DLINK2, RTL8192SU_2), 103 RSU_DEV_HT(EDIMAX, RTL8192SU_1), 104 RSU_DEV_HT(EDIMAX, RTL8192SU_2), 105 RSU_DEV_HT(EDIMAX, RTL8192SU_3), 106 RSU_DEV_HT(GUILLEMOT, HWGUN54), 107 RSU_DEV_HT(GUILLEMOT, HWNUM300), 108 RSU_DEV_HT(HAWKING, RTL8192SU_1), 109 RSU_DEV_HT(HAWKING, RTL8192SU_2), 110 RSU_DEV_HT(PLANEX2, GWUSNANO), 111 RSU_DEV_HT(REALTEK, RTL8171), 112 RSU_DEV_HT(REALTEK, RTL8172), 113 RSU_DEV_HT(REALTEK, RTL8173), 114 RSU_DEV_HT(REALTEK, RTL8174), 115 RSU_DEV_HT(REALTEK, RTL8192SU), 116 RSU_DEV_HT(REALTEK, RTL8712), 117 RSU_DEV_HT(REALTEK, RTL8713), 118 RSU_DEV_HT(SENAO, RTL8192SU_1), 119 RSU_DEV_HT(SENAO, RTL8192SU_2), 120 RSU_DEV_HT(SITECOMEU, WL349V1), 121 RSU_DEV_HT(SITECOMEU, WL353), 122 RSU_DEV_HT(SWEEX2, LW154), 123#undef RSU_DEV_HT 124#undef RSU_DEV 125}; 126 127static device_probe_t rsu_match; 128static device_attach_t rsu_attach; 129static device_detach_t rsu_detach; 130static usb_callback_t rsu_bulk_tx_callback_be_bk; 131static usb_callback_t rsu_bulk_tx_callback_vi_vo; 132static usb_callback_t rsu_bulk_rx_callback; 133static usb_error_t rsu_do_request(struct rsu_softc *, 134 struct usb_device_request *, void *); 135static struct ieee80211vap * 136 rsu_vap_create(struct ieee80211com *, const char name[], 137 int, enum ieee80211_opmode, int, const uint8_t bssid[], 138 const uint8_t mac[]); 139static void rsu_vap_delete(struct ieee80211vap *); 140static void rsu_scan_start(struct ieee80211com *); 141static void rsu_scan_end(struct ieee80211com *); 142static void rsu_set_channel(struct ieee80211com *); 143static void rsu_update_mcast(struct ifnet *); 144static int rsu_alloc_rx_list(struct rsu_softc *); 145static void rsu_free_rx_list(struct rsu_softc *); 146static int rsu_alloc_tx_list(struct rsu_softc *); 147static void rsu_free_tx_list(struct rsu_softc *); 148static void rsu_free_list(struct rsu_softc *, struct rsu_data [], int); 149static struct rsu_data *_rsu_getbuf(struct rsu_softc *); 150static struct rsu_data *rsu_getbuf(struct rsu_softc *); 151static int rsu_write_region_1(struct rsu_softc *, uint16_t, uint8_t *, 152 int); 153static void rsu_write_1(struct rsu_softc *, uint16_t, uint8_t); 154static void rsu_write_2(struct rsu_softc *, uint16_t, uint16_t); 155static void rsu_write_4(struct rsu_softc *, uint16_t, uint32_t); 156static int rsu_read_region_1(struct rsu_softc *, uint16_t, uint8_t *, 157 int); 158static uint8_t rsu_read_1(struct rsu_softc *, uint16_t); 159static uint16_t rsu_read_2(struct rsu_softc *, uint16_t); 160static uint32_t rsu_read_4(struct rsu_softc *, uint16_t); 161static int rsu_fw_iocmd(struct rsu_softc *, uint32_t); 162static uint8_t rsu_efuse_read_1(struct rsu_softc *, uint16_t); 163static int rsu_read_rom(struct rsu_softc *); 164static int rsu_fw_cmd(struct rsu_softc *, uint8_t, void *, int); 165static void rsu_calib_task(void *, int); 166static int rsu_newstate(struct ieee80211vap *, enum ieee80211_state, int); 167#ifdef notyet 168static void rsu_set_key(struct rsu_softc *, const struct ieee80211_key *); 169static void rsu_delete_key(struct rsu_softc *, const struct ieee80211_key *); 170#endif 171static int rsu_site_survey(struct rsu_softc *, struct ieee80211vap *); 172static int rsu_join_bss(struct rsu_softc *, struct ieee80211_node *); 173static int rsu_disconnect(struct rsu_softc *); 174static void rsu_event_survey(struct rsu_softc *, uint8_t *, int); 175static void rsu_event_join_bss(struct rsu_softc *, uint8_t *, int); 176static void rsu_rx_event(struct rsu_softc *, uint8_t, uint8_t *, int); 177static void rsu_rx_multi_event(struct rsu_softc *, uint8_t *, int); 178static int8_t rsu_get_rssi(struct rsu_softc *, int, void *); 179static struct mbuf * 180 rsu_rx_frame(struct rsu_softc *, uint8_t *, int, int *); 181static struct mbuf * 182 rsu_rx_multi_frame(struct rsu_softc *, uint8_t *, int, int *); 183static struct mbuf * 184 rsu_rxeof(struct usb_xfer *, struct rsu_data *, int *); 185static void rsu_txeof(struct usb_xfer *, struct rsu_data *); 186static int rsu_raw_xmit(struct ieee80211_node *, struct mbuf *, 187 const struct ieee80211_bpf_params *); 188static void rsu_init(void *); 189static void rsu_init_locked(struct rsu_softc *); 190static int rsu_tx_start(struct rsu_softc *, struct ieee80211_node *, 191 struct mbuf *, struct rsu_data *); 192static void rsu_start(struct ifnet *); 193static void rsu_start_locked(struct ifnet *); 194static int rsu_ioctl(struct ifnet *, u_long, caddr_t); 195static void rsu_stop(struct ifnet *, int); 196static void rsu_stop_locked(struct ifnet *, int); 197static void rsu_ms_delay(struct rsu_softc *); 198 199static device_method_t rsu_methods[] = { 200 DEVMETHOD(device_probe, rsu_match), 201 DEVMETHOD(device_attach, rsu_attach), 202 DEVMETHOD(device_detach, rsu_detach), 203 204 DEVMETHOD_END 205}; 206 207static driver_t rsu_driver = { 208 .name = "rsu", 209 .methods = rsu_methods, 210 .size = sizeof(struct rsu_softc) 211}; 212 213static devclass_t rsu_devclass; 214 215DRIVER_MODULE(rsu, uhub, rsu_driver, rsu_devclass, NULL, 0); 216MODULE_DEPEND(rsu, wlan, 1, 1, 1); 217MODULE_DEPEND(rsu, usb, 1, 1, 1); 218MODULE_DEPEND(rsu, firmware, 1, 1, 1); 219MODULE_VERSION(rsu, 1); 220 221static uint8_t rsu_wme_ac_xfer_map[4] = { 222 [WME_AC_BE] = RSU_BULK_TX_BE_BK, 223 [WME_AC_BK] = RSU_BULK_TX_BE_BK, 224 [WME_AC_VI] = RSU_BULK_TX_VI_VO, 225 [WME_AC_VO] = RSU_BULK_TX_VI_VO, 226}; 227 228static const struct usb_config rsu_config[RSU_N_TRANSFER] = { 229 [RSU_BULK_RX] = { 230 .type = UE_BULK, 231 .endpoint = UE_ADDR_ANY, 232 .direction = UE_DIR_IN, 233 .bufsize = RSU_RXBUFSZ, 234 .flags = { 235 .pipe_bof = 1, 236 .short_xfer_ok = 1 237 }, 238 .callback = rsu_bulk_rx_callback 239 }, 240 [RSU_BULK_TX_BE_BK] = { 241 .type = UE_BULK, 242 .endpoint = 0x06, 243 .direction = UE_DIR_OUT, 244 .bufsize = RSU_TXBUFSZ, 245 .flags = { 246 .ext_buffer = 1, 247 .pipe_bof = 1, 248 .force_short_xfer = 1 249 }, 250 .callback = rsu_bulk_tx_callback_be_bk, 251 .timeout = RSU_TX_TIMEOUT 252 }, 253 [RSU_BULK_TX_VI_VO] = { 254 .type = UE_BULK, 255 .endpoint = 0x04, 256 .direction = UE_DIR_OUT, 257 .bufsize = RSU_TXBUFSZ, 258 .flags = { 259 .ext_buffer = 1, 260 .pipe_bof = 1, 261 .force_short_xfer = 1 262 }, 263 .callback = rsu_bulk_tx_callback_vi_vo, 264 .timeout = RSU_TX_TIMEOUT 265 }, 266}; 267 268static int 269rsu_match(device_t self) 270{ 271 struct usb_attach_arg *uaa = device_get_ivars(self); 272 273 if (uaa->usb_mode != USB_MODE_HOST || 274 uaa->info.bIfaceIndex != 0 || 275 uaa->info.bConfigIndex != 0) 276 return (ENXIO); 277 278 return (usbd_lookup_id_by_uaa(rsu_devs, sizeof(rsu_devs), uaa)); 279} 280 281static int 282rsu_attach(device_t self) 283{ 284 struct usb_attach_arg *uaa = device_get_ivars(self); 285 struct rsu_softc *sc = device_get_softc(self); 286 struct ifnet *ifp; 287 struct ieee80211com *ic; 288 int error; 289 uint8_t iface_index, bands; 290 291 device_set_usb_desc(self); 292 sc->sc_udev = uaa->device; 293 sc->sc_dev = self; 294 295 mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK, 296 MTX_DEF); 297 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_task, 0, 298 rsu_calib_task, sc); 299 300 /* Allocate Tx/Rx buffers. */ 301 error = rsu_alloc_rx_list(sc); 302 if (error != 0) { 303 device_printf(sc->sc_dev, "could not allocate Rx buffers\n"); 304 goto fail_usb; 305 } 306 307 error = rsu_alloc_tx_list(sc); 308 if (error != 0) { 309 device_printf(sc->sc_dev, "could not allocate Tx buffers\n"); 310 rsu_free_rx_list(sc); 311 goto fail_usb; 312 } 313 314 iface_index = 0; 315 error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer, 316 rsu_config, RSU_N_TRANSFER, sc, &sc->sc_mtx); 317 if (error) { 318 device_printf(sc->sc_dev, 319 "could not allocate USB transfers, err=%s\n", 320 usbd_errstr(error)); 321 goto fail_usb; 322 } 323 RSU_LOCK(sc); 324 /* Read chip revision. */ 325 sc->cut = MS(rsu_read_4(sc, R92S_PMC_FSM), R92S_PMC_FSM_CUT); 326 if (sc->cut != 3) 327 sc->cut = (sc->cut >> 1) + 1; 328 error = rsu_read_rom(sc); 329 if (error != 0) { 330 device_printf(self, "could not read ROM\n"); 331 goto fail_rom; 332 } 333 RSU_UNLOCK(sc); 334 IEEE80211_ADDR_COPY(sc->sc_bssid, &sc->rom[0x12]); 335 device_printf(self, "MAC/BB RTL8712 cut %d\n", sc->cut); 336 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 337 if (ifp == NULL) { 338 device_printf(self, "cannot allocate interface\n"); 339 goto fail_ifalloc; 340 } 341 ic = ifp->if_l2com; 342 ifp->if_softc = sc; 343 if_initname(ifp, "rsu", device_get_unit(self)); 344 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 345 ifp->if_init = rsu_init; 346 ifp->if_ioctl = rsu_ioctl; 347 ifp->if_start = rsu_start; 348 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 349 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 350 IFQ_SET_READY(&ifp->if_snd); 351 ifp->if_capabilities |= IFCAP_RXCSUM; 352 ifp->if_capenable |= IFCAP_RXCSUM; 353 ifp->if_hwassist = CSUM_TCP; 354 355 ic->ic_ifp = ifp; 356 ic->ic_phytype = IEEE80211_T_OFDM; /* Not only, but not used. */ 357 ic->ic_opmode = IEEE80211_M_STA; /* Default to BSS mode. */ 358 359 /* Set device capabilities. */ 360 ic->ic_caps = 361 IEEE80211_C_STA | /* station mode */ 362 IEEE80211_C_BGSCAN | /* Background scan. */ 363 IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */ 364 IEEE80211_C_SHSLOT | /* Short slot time supported. */ 365 IEEE80211_C_WPA; /* WPA/RSN. */ 366 367#if 0 368 /* Check if HT support is present. */ 369 if (usb_lookup(rsu_devs_noht, uaa->vendor, uaa->product) == NULL) { 370 /* Set HT capabilities. */ 371 ic->ic_htcaps = 372 IEEE80211_HTCAP_CBW20_40 | 373 IEEE80211_HTCAP_DSSSCCK40; 374 /* Set supported HT rates. */ 375 for (i = 0; i < 2; i++) 376 ic->ic_sup_mcs[i] = 0xff; 377 } 378#endif 379 380 /* Set supported .11b and .11g rates. */ 381 bands = 0; 382 setbit(&bands, IEEE80211_MODE_11B); 383 setbit(&bands, IEEE80211_MODE_11G); 384 ieee80211_init_channels(ic, NULL, &bands); 385 386 ieee80211_ifattach(ic, sc->sc_bssid); 387 ic->ic_raw_xmit = rsu_raw_xmit; 388 ic->ic_scan_start = rsu_scan_start; 389 ic->ic_scan_end = rsu_scan_end; 390 ic->ic_set_channel = rsu_set_channel; 391 ic->ic_vap_create = rsu_vap_create; 392 ic->ic_vap_delete = rsu_vap_delete; 393 ic->ic_update_mcast = rsu_update_mcast; 394 395 ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr, 396 sizeof(sc->sc_txtap), RSU_TX_RADIOTAP_PRESENT, 397 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 398 RSU_RX_RADIOTAP_PRESENT); 399 400 if (bootverbose) 401 ieee80211_announce(ic); 402 403 return (0); 404 405fail_ifalloc: 406fail_rom: 407 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER); 408fail_usb: 409 mtx_destroy(&sc->sc_mtx); 410 return (ENXIO); 411} 412 413static int 414rsu_detach(device_t self) 415{ 416 struct rsu_softc *sc = device_get_softc(self); 417 struct ifnet *ifp = sc->sc_ifp; 418 struct ieee80211com *ic = ifp->if_l2com; 419 420 rsu_stop(ifp, 1); 421 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER); 422 ieee80211_ifdetach(ic); 423 424 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task); 425 426 /* Free Tx/Rx buffers. */ 427 rsu_free_tx_list(sc); 428 rsu_free_rx_list(sc); 429 430 if_free(ifp); 431 mtx_destroy(&sc->sc_mtx); 432 433 return (0); 434} 435 436static usb_error_t 437rsu_do_request(struct rsu_softc *sc, struct usb_device_request *req, 438 void *data) 439{ 440 usb_error_t err; 441 int ntries = 10; 442 443 RSU_ASSERT_LOCKED(sc); 444 445 while (ntries--) { 446 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 447 req, data, 0, NULL, 250 /* ms */); 448 if (err == 0 || err == USB_ERR_NOT_CONFIGURED) 449 break; 450 DPRINTFN(1, "Control request failed, %s (retrying)\n", 451 usbd_errstr(err)); 452 usb_pause_mtx(&sc->sc_mtx, hz / 100); 453 } 454 455 return (err); 456} 457 458static struct ieee80211vap * 459rsu_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 460 enum ieee80211_opmode opmode, int flags, 461 const uint8_t bssid[IEEE80211_ADDR_LEN], 462 const uint8_t mac[IEEE80211_ADDR_LEN]) 463{ 464 struct rsu_vap *uvp; 465 struct ieee80211vap *vap; 466 467 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 468 return (NULL); 469 470 uvp = (struct rsu_vap *) malloc(sizeof(struct rsu_vap), 471 M_80211_VAP, M_NOWAIT | M_ZERO); 472 if (uvp == NULL) 473 return (NULL); 474 vap = &uvp->vap; 475 476 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, 477 flags, bssid, mac) != 0) { 478 /* out of memory */ 479 free(uvp, M_80211_VAP); 480 return (NULL); 481 } 482 483 /* override state transition machine */ 484 uvp->newstate = vap->iv_newstate; 485 vap->iv_newstate = rsu_newstate; 486 487 /* complete setup */ 488 ieee80211_vap_attach(vap, ieee80211_media_change, 489 ieee80211_media_status); 490 ic->ic_opmode = opmode; 491 492 return (vap); 493} 494 495static void 496rsu_vap_delete(struct ieee80211vap *vap) 497{ 498 struct rsu_vap *uvp = RSU_VAP(vap); 499 500 ieee80211_vap_detach(vap); 501 free(uvp, M_80211_VAP); 502} 503 504static void 505rsu_scan_start(struct ieee80211com *ic) 506{ 507 int error; 508 struct ifnet *ifp = ic->ic_ifp; 509 struct rsu_softc *sc = ifp->if_softc; 510 511 /* Scanning is done by the firmware. */ 512 RSU_LOCK(sc); 513 error = rsu_site_survey(sc, TAILQ_FIRST(&ic->ic_vaps)); 514 RSU_UNLOCK(sc); 515 if (error != 0) 516 device_printf(sc->sc_dev, 517 "could not send site survey command\n"); 518} 519 520static void 521rsu_scan_end(struct ieee80211com *ic) 522{ 523 /* Nothing to do here. */ 524} 525 526static void 527rsu_set_channel(struct ieee80211com *ic __unused) 528{ 529 /* We are unable to switch channels, yet. */ 530} 531 532static void 533rsu_update_mcast(struct ifnet *ifp) 534{ 535 /* XXX do nothing? */ 536} 537 538static int 539rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[], 540 int ndata, int maxsz) 541{ 542 int i, error; 543 544 for (i = 0; i < ndata; i++) { 545 struct rsu_data *dp = &data[i]; 546 dp->sc = sc; 547 dp->m = NULL; 548 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT); 549 if (dp->buf == NULL) { 550 device_printf(sc->sc_dev, 551 "could not allocate buffer\n"); 552 error = ENOMEM; 553 goto fail; 554 } 555 dp->ni = NULL; 556 } 557 558 return (0); 559fail: 560 rsu_free_list(sc, data, ndata); 561 return (error); 562} 563 564static int 565rsu_alloc_rx_list(struct rsu_softc *sc) 566{ 567 int error, i; 568 569 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT, 570 RSU_RXBUFSZ); 571 if (error != 0) 572 return (error); 573 574 STAILQ_INIT(&sc->sc_rx_active); 575 STAILQ_INIT(&sc->sc_rx_inactive); 576 577 for (i = 0; i < RSU_RX_LIST_COUNT; i++) 578 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next); 579 580 return (0); 581} 582 583static int 584rsu_alloc_tx_list(struct rsu_softc *sc) 585{ 586 int error, i; 587 588 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT, 589 RSU_TXBUFSZ); 590 if (error != 0) 591 return (error); 592 593 STAILQ_INIT(&sc->sc_tx_inactive); 594 595 for (i = 0; i != RSU_N_TRANSFER; i++) { 596 STAILQ_INIT(&sc->sc_tx_active[i]); 597 STAILQ_INIT(&sc->sc_tx_pending[i]); 598 } 599 600 for (i = 0; i < RSU_TX_LIST_COUNT; i++) { 601 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next); 602 } 603 604 return (0); 605} 606 607static void 608rsu_free_tx_list(struct rsu_softc *sc) 609{ 610 int i; 611 612 /* prevent further allocations from TX list(s) */ 613 STAILQ_INIT(&sc->sc_tx_inactive); 614 615 for (i = 0; i != RSU_N_TRANSFER; i++) { 616 STAILQ_INIT(&sc->sc_tx_active[i]); 617 STAILQ_INIT(&sc->sc_tx_pending[i]); 618 } 619 620 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT); 621} 622 623static void 624rsu_free_rx_list(struct rsu_softc *sc) 625{ 626 /* prevent further allocations from RX list(s) */ 627 STAILQ_INIT(&sc->sc_rx_inactive); 628 STAILQ_INIT(&sc->sc_rx_active); 629 630 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT); 631} 632 633static void 634rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata) 635{ 636 int i; 637 638 for (i = 0; i < ndata; i++) { 639 struct rsu_data *dp = &data[i]; 640 641 if (dp->buf != NULL) { 642 free(dp->buf, M_USBDEV); 643 dp->buf = NULL; 644 } 645 if (dp->ni != NULL) { 646 ieee80211_free_node(dp->ni); 647 dp->ni = NULL; 648 } 649 } 650} 651 652static struct rsu_data * 653_rsu_getbuf(struct rsu_softc *sc) 654{ 655 struct rsu_data *bf; 656 657 bf = STAILQ_FIRST(&sc->sc_tx_inactive); 658 if (bf != NULL) 659 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next); 660 else 661 bf = NULL; 662 if (bf == NULL) 663 DPRINTF("out of xmit buffers\n"); 664 return (bf); 665} 666 667static struct rsu_data * 668rsu_getbuf(struct rsu_softc *sc) 669{ 670 struct rsu_data *bf; 671 672 RSU_ASSERT_LOCKED(sc); 673 674 bf = _rsu_getbuf(sc); 675 if (bf == NULL) { 676 struct ifnet *ifp = sc->sc_ifp; 677 DPRINTF("stop queue\n"); 678 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 679 } 680 return (bf); 681} 682 683static int 684rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf, 685 int len) 686{ 687 usb_device_request_t req; 688 689 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 690 req.bRequest = R92S_REQ_REGS; 691 USETW(req.wValue, addr); 692 USETW(req.wIndex, 0); 693 USETW(req.wLength, len); 694 695 return (rsu_do_request(sc, &req, buf)); 696} 697 698static void 699rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val) 700{ 701 rsu_write_region_1(sc, addr, &val, 1); 702} 703 704static void 705rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val) 706{ 707 val = htole16(val); 708 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2); 709} 710 711static void 712rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val) 713{ 714 val = htole32(val); 715 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4); 716} 717 718static int 719rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf, 720 int len) 721{ 722 usb_device_request_t req; 723 724 req.bmRequestType = UT_READ_VENDOR_DEVICE; 725 req.bRequest = R92S_REQ_REGS; 726 USETW(req.wValue, addr); 727 USETW(req.wIndex, 0); 728 USETW(req.wLength, len); 729 730 return (rsu_do_request(sc, &req, buf)); 731} 732 733static uint8_t 734rsu_read_1(struct rsu_softc *sc, uint16_t addr) 735{ 736 uint8_t val; 737 738 if (rsu_read_region_1(sc, addr, &val, 1) != 0) 739 return (0xff); 740 return (val); 741} 742 743static uint16_t 744rsu_read_2(struct rsu_softc *sc, uint16_t addr) 745{ 746 uint16_t val; 747 748 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0) 749 return (0xffff); 750 return (le16toh(val)); 751} 752 753static uint32_t 754rsu_read_4(struct rsu_softc *sc, uint16_t addr) 755{ 756 uint32_t val; 757 758 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0) 759 return (0xffffffff); 760 return (le32toh(val)); 761} 762 763static int 764rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd) 765{ 766 int ntries; 767 768 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd); 769 rsu_ms_delay(sc); 770 for (ntries = 0; ntries < 50; ntries++) { 771 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0) 772 return (0); 773 rsu_ms_delay(sc); 774 } 775 return (ETIMEDOUT); 776} 777 778static uint8_t 779rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr) 780{ 781 uint32_t reg; 782 int ntries; 783 784 reg = rsu_read_4(sc, R92S_EFUSE_CTRL); 785 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr); 786 reg &= ~R92S_EFUSE_CTRL_VALID; 787 rsu_write_4(sc, R92S_EFUSE_CTRL, reg); 788 /* Wait for read operation to complete. */ 789 for (ntries = 0; ntries < 100; ntries++) { 790 reg = rsu_read_4(sc, R92S_EFUSE_CTRL); 791 if (reg & R92S_EFUSE_CTRL_VALID) 792 return (MS(reg, R92S_EFUSE_CTRL_DATA)); 793 rsu_ms_delay(sc); 794 } 795 device_printf(sc->sc_dev, 796 "could not read efuse byte at address 0x%x\n", addr); 797 return (0xff); 798} 799 800static int 801rsu_read_rom(struct rsu_softc *sc) 802{ 803 uint8_t *rom = sc->rom; 804 uint16_t addr = 0; 805 uint32_t reg; 806 uint8_t off, msk; 807 int i; 808 809 /* Make sure that ROM type is eFuse and that autoload succeeded. */ 810 reg = rsu_read_1(sc, R92S_EE_9346CR); 811 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN) 812 return (EIO); 813 814 /* Turn on 2.5V to prevent eFuse leakage. */ 815 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3); 816 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80); 817 rsu_ms_delay(sc); 818 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80); 819 820 /* Read full ROM image. */ 821 memset(&sc->rom, 0xff, sizeof(sc->rom)); 822 while (addr < 512) { 823 reg = rsu_efuse_read_1(sc, addr); 824 if (reg == 0xff) 825 break; 826 addr++; 827 off = reg >> 4; 828 msk = reg & 0xf; 829 for (i = 0; i < 4; i++) { 830 if (msk & (1 << i)) 831 continue; 832 rom[off * 8 + i * 2 + 0] = 833 rsu_efuse_read_1(sc, addr); 834 addr++; 835 rom[off * 8 + i * 2 + 1] = 836 rsu_efuse_read_1(sc, addr); 837 addr++; 838 } 839 } 840#ifdef USB_DEBUG 841 if (rsu_debug >= 5) { 842 /* Dump ROM content. */ 843 printf("\n"); 844 for (i = 0; i < sizeof(sc->rom); i++) 845 printf("%02x:", rom[i]); 846 printf("\n"); 847 } 848#endif 849 return (0); 850} 851 852static int 853rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len) 854{ 855 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO]; 856 struct rsu_data *data; 857 struct r92s_tx_desc *txd; 858 struct r92s_fw_cmd_hdr *cmd; 859 int cmdsz; 860 int xferlen; 861 862 data = rsu_getbuf(sc); 863 if (data == NULL) 864 return (ENOMEM); 865 866 /* Round-up command length to a multiple of 8 bytes. */ 867 cmdsz = (len + 7) & ~7; 868 869 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz; 870 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__)); 871 memset(data->buf, 0, xferlen); 872 873 /* Setup Tx descriptor. */ 874 txd = (struct r92s_tx_desc *)data->buf; 875 txd->txdw0 = htole32( 876 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) | 877 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) | 878 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG); 879 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C)); 880 881 /* Setup command header. */ 882 cmd = (struct r92s_fw_cmd_hdr *)&txd[1]; 883 cmd->len = htole16(cmdsz); 884 cmd->code = code; 885 cmd->seq = sc->cmd_seq; 886 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f; 887 888 /* Copy command payload. */ 889 memcpy(&cmd[1], buf, len); 890 891 DPRINTFN(2, "Tx cmd code=0x%x len=0x%x\n", code, cmdsz); 892 data->buflen = xferlen; 893 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 894 usbd_transfer_start(sc->sc_xfer[which]); 895 896 return (0); 897} 898 899/* ARGSUSED */ 900static void 901rsu_calib_task(void *arg, int pending __unused) 902{ 903 struct rsu_softc *sc = arg; 904 uint32_t reg; 905 906 DPRINTFN(6, "running calibration task\n"); 907 908 RSU_LOCK(sc); 909#ifdef notyet 910 /* Read WPS PBC status. */ 911 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL, 912 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG)); 913 rsu_write_1(sc, R92S_GPIO_IO_SEL, 914 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS); 915 reg = rsu_read_1(sc, R92S_GPIO_CTRL); 916 if (reg != 0xff && (reg & R92S_GPIO_WPS)) 917 DPRINTF(("WPS PBC is pushed\n")); 918#endif 919 /* Read current signal level. */ 920 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) { 921 reg = rsu_read_4(sc, R92S_IOCMD_DATA); 922 DPRINTFN(8, "RSSI=%d%%\n", reg >> 4); 923 } 924 if (sc->sc_calibrating) 925 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz); 926 RSU_UNLOCK(sc); 927} 928 929static int 930rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 931{ 932 struct rsu_vap *uvp = RSU_VAP(vap); 933 struct ieee80211com *ic = vap->iv_ic; 934 struct rsu_softc *sc = ic->ic_ifp->if_softc; 935 struct ieee80211_node *ni; 936 struct ieee80211_rateset *rs; 937 enum ieee80211_state ostate; 938 int error, startcal = 0; 939 940 ostate = vap->iv_state; 941 DPRINTF("%s -> %s\n", ieee80211_state_name[ostate], 942 ieee80211_state_name[nstate]); 943 944 IEEE80211_UNLOCK(ic); 945 if (ostate == IEEE80211_S_RUN) { 946 RSU_LOCK(sc); 947 /* Stop calibration. */ 948 sc->sc_calibrating = 0; 949 RSU_UNLOCK(sc); 950 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task); 951 /* Disassociate from our current BSS. */ 952 RSU_LOCK(sc); 953 rsu_disconnect(sc); 954 } else 955 RSU_LOCK(sc); 956 switch (nstate) { 957 case IEEE80211_S_INIT: 958 break; 959 case IEEE80211_S_AUTH: 960 ni = ieee80211_ref_node(vap->iv_bss); 961 error = rsu_join_bss(sc, ni); 962 ieee80211_free_node(ni); 963 if (error != 0) { 964 device_printf(sc->sc_dev, 965 "could not send join command\n"); 966 } 967 break; 968 case IEEE80211_S_RUN: 969 ni = ieee80211_ref_node(vap->iv_bss); 970 rs = &ni->ni_rates; 971 /* Indicate highest supported rate. */ 972 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1]; 973 ieee80211_free_node(ni); 974 startcal = 1; 975 break; 976 default: 977 break; 978 } 979 sc->sc_calibrating = 1; 980 /* Start periodic calibration. */ 981 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz); 982 RSU_UNLOCK(sc); 983 IEEE80211_LOCK(ic); 984 return (uvp->newstate(vap, nstate, arg)); 985} 986 987#ifdef notyet 988static void 989rsu_set_key(struct rsu_softc *sc, const struct ieee80211_key *k) 990{ 991 struct r92s_fw_cmd_set_key key; 992 993 memset(&key, 0, sizeof(key)); 994 /* Map net80211 cipher to HW crypto algorithm. */ 995 switch (k->wk_cipher->ic_cipher) { 996 case IEEE80211_CIPHER_WEP: 997 if (k->wk_keylen < 8) 998 key.algo = R92S_KEY_ALGO_WEP40; 999 else 1000 key.algo = R92S_KEY_ALGO_WEP104; 1001 break; 1002 case IEEE80211_CIPHER_TKIP: 1003 key.algo = R92S_KEY_ALGO_TKIP; 1004 break; 1005 case IEEE80211_CIPHER_AES_CCM: 1006 key.algo = R92S_KEY_ALGO_AES; 1007 break; 1008 default: 1009 return; 1010 } 1011 key.id = k->wk_keyix; 1012 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0; 1013 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key))); 1014 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); 1015} 1016 1017static void 1018rsu_delete_key(struct rsu_softc *sc, const struct ieee80211_key *k) 1019{ 1020 struct r92s_fw_cmd_set_key key; 1021 1022 memset(&key, 0, sizeof(key)); 1023 key.id = k->wk_keyix; 1024 (void)rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); 1025} 1026#endif 1027 1028static int 1029rsu_site_survey(struct rsu_softc *sc, struct ieee80211vap *vap) 1030{ 1031 struct r92s_fw_cmd_sitesurvey cmd; 1032 struct ifnet *ifp = sc->sc_ifp; 1033 struct ieee80211com *ic = ifp->if_l2com; 1034 1035 memset(&cmd, 0, sizeof(cmd)); 1036 if ((ic->ic_flags & IEEE80211_F_ASCAN) || sc->scan_pass == 1) 1037 cmd.active = htole32(1); 1038 cmd.limit = htole32(48); 1039 if (sc->scan_pass == 1 && vap->iv_des_nssid > 0) { 1040 /* Do a directed scan for second pass. */ 1041 cmd.ssidlen = htole32(vap->iv_des_ssid[0].len); 1042 memcpy(cmd.ssid, vap->iv_des_ssid[0].ssid, 1043 vap->iv_des_ssid[0].len); 1044 1045 } 1046 DPRINTF("sending site survey command, pass=%d\n", sc->scan_pass); 1047 return (rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd))); 1048} 1049 1050static int 1051rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni) 1052{ 1053 struct ifnet *ifp = sc->sc_ifp; 1054 struct ieee80211com *ic = ifp->if_l2com; 1055 struct ieee80211vap *vap = ni->ni_vap; 1056 struct ndis_wlan_bssid_ex *bss; 1057 struct ndis_802_11_fixed_ies *fixed; 1058 struct r92s_fw_cmd_auth auth; 1059 uint8_t buf[sizeof(*bss) + 128] __aligned(4); 1060 uint8_t *frm; 1061 uint8_t opmode; 1062 int error; 1063 1064 /* Let the FW decide the opmode based on the capinfo field. */ 1065 opmode = NDIS802_11AUTOUNKNOWN; 1066 DPRINTF("setting operating mode to %d\n", opmode); 1067 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode)); 1068 if (error != 0) 1069 return (error); 1070 1071 memset(&auth, 0, sizeof(auth)); 1072 if (vap->iv_flags & IEEE80211_F_WPA) { 1073 auth.mode = R92S_AUTHMODE_WPA; 1074 auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X); 1075 } else 1076 auth.mode = R92S_AUTHMODE_OPEN; 1077 DPRINTF("setting auth mode to %d\n", auth.mode); 1078 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth)); 1079 if (error != 0) 1080 return (error); 1081 1082 memset(buf, 0, sizeof(buf)); 1083 bss = (struct ndis_wlan_bssid_ex *)buf; 1084 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid); 1085 bss->ssid.ssidlen = htole32(ni->ni_esslen); 1086 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen); 1087 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA)) 1088 bss->privacy = htole32(1); 1089 bss->rssi = htole32(ni->ni_avgrssi); 1090 if (ic->ic_curmode == IEEE80211_MODE_11B) 1091 bss->networktype = htole32(NDIS802_11DS); 1092 else 1093 bss->networktype = htole32(NDIS802_11OFDM24); 1094 bss->config.len = htole32(sizeof(bss->config)); 1095 bss->config.bintval = htole32(ni->ni_intval); 1096 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan)); 1097 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE); 1098 memcpy(bss->supprates, ni->ni_rates.rs_rates, 1099 ni->ni_rates.rs_nrates); 1100 /* Write the fixed fields of the beacon frame. */ 1101 fixed = (struct ndis_802_11_fixed_ies *)&bss[1]; 1102 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8); 1103 fixed->bintval = htole16(ni->ni_intval); 1104 fixed->capabilities = htole16(ni->ni_capinfo); 1105 /* Write IEs to be included in the association request. */ 1106 frm = (uint8_t *)&fixed[1]; 1107 frm = ieee80211_add_rsn(frm, vap); 1108 frm = ieee80211_add_wpa(frm, vap); 1109 frm = ieee80211_add_qos(frm, ni); 1110 if (ni->ni_flags & IEEE80211_NODE_HT) 1111 frm = ieee80211_add_htcap(frm, ni); 1112 bss->ieslen = htole32(frm - (uint8_t *)fixed); 1113 bss->len = htole32(((frm - buf) + 3) & ~3); 1114 DPRINTF("sending join bss command to %s chan %d\n", 1115 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig)); 1116 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf))); 1117} 1118 1119static int 1120rsu_disconnect(struct rsu_softc *sc) 1121{ 1122 uint32_t zero = 0; /* :-) */ 1123 1124 /* Disassociate from our current BSS. */ 1125 DPRINTF("sending disconnect command\n"); 1126 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero))); 1127} 1128 1129static void 1130rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len) 1131{ 1132 struct ifnet *ifp = sc->sc_ifp; 1133 struct ieee80211com *ic = ifp->if_l2com; 1134 struct ieee80211_frame *wh; 1135 struct ieee80211_channel *c; 1136 struct ndis_wlan_bssid_ex *bss; 1137 struct mbuf *m; 1138 int pktlen; 1139 1140 if (__predict_false(len < sizeof(*bss))) 1141 return; 1142 bss = (struct ndis_wlan_bssid_ex *)buf; 1143 if (__predict_false(len < sizeof(*bss) + le32toh(bss->ieslen))) 1144 return; 1145 1146 DPRINTFN(2, "found BSS %s: len=%d chan=%d inframode=%d " 1147 "networktype=%d privacy=%d\n", 1148 ether_sprintf(bss->macaddr), le32toh(bss->len), 1149 le32toh(bss->config.dsconfig), le32toh(bss->inframode), 1150 le32toh(bss->networktype), le32toh(bss->privacy)); 1151 1152 /* Build a fake beacon frame to let net80211 do all the parsing. */ 1153 pktlen = sizeof(*wh) + le32toh(bss->ieslen); 1154 if (__predict_false(pktlen > MCLBYTES)) 1155 return; 1156 MGETHDR(m, M_NOWAIT, MT_DATA); 1157 if (__predict_false(m == NULL)) 1158 return; 1159 if (pktlen > MHLEN) { 1160 MCLGET(m, M_NOWAIT); 1161 if (!(m->m_flags & M_EXT)) { 1162 m_free(m); 1163 return; 1164 } 1165 } 1166 wh = mtod(m, struct ieee80211_frame *); 1167 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1168 IEEE80211_FC0_SUBTYPE_BEACON; 1169 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1170 USETW(wh->i_dur, 0); 1171 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 1172 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr); 1173 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr); 1174 *(uint16_t *)wh->i_seq = 0; 1175 memcpy(&wh[1], (uint8_t *)&bss[1], le32toh(bss->ieslen)); 1176 1177 /* Finalize mbuf. */ 1178 m->m_pkthdr.len = m->m_len = pktlen; 1179 m->m_pkthdr.rcvif = ifp; 1180 /* Fix the channel. */ 1181 c = ieee80211_find_channel_byieee(ic, 1182 le32toh(bss->config.dsconfig), 1183 IEEE80211_CHAN_G); 1184 if (c) { 1185 ic->ic_curchan = c; 1186 ieee80211_radiotap_chan_change(ic); 1187 } 1188 /* XXX avoid a LOR */ 1189 RSU_UNLOCK(sc); 1190 ieee80211_input_all(ic, m, le32toh(bss->rssi), 0); 1191 RSU_LOCK(sc); 1192} 1193 1194static void 1195rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len) 1196{ 1197 struct ifnet *ifp = sc->sc_ifp; 1198 struct ieee80211com *ic = ifp->if_l2com; 1199 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1200 struct ieee80211_node *ni = vap->iv_bss; 1201 struct r92s_event_join_bss *rsp; 1202 uint32_t tmp; 1203 int res; 1204 1205 if (__predict_false(len < sizeof(*rsp))) 1206 return; 1207 rsp = (struct r92s_event_join_bss *)buf; 1208 res = (int)le32toh(rsp->join_res); 1209 1210 DPRINTF("Rx join BSS event len=%d res=%d\n", len, res); 1211 if (res <= 0) { 1212 RSU_UNLOCK(sc); 1213 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); 1214 RSU_LOCK(sc); 1215 return; 1216 } 1217 tmp = le32toh(rsp->associd); 1218 if (tmp >= vap->iv_max_aid) { 1219 DPRINTF("Assoc ID overflow\n"); 1220 tmp = 1; 1221 } 1222 DPRINTF("associated with %s associd=%d\n", 1223 ether_sprintf(rsp->bss.macaddr), tmp); 1224 ni->ni_associd = tmp | 0xc000; 1225 RSU_UNLOCK(sc); 1226 ieee80211_new_state(vap, IEEE80211_S_RUN, 1227 IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 1228 RSU_LOCK(sc); 1229} 1230 1231static void 1232rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len) 1233{ 1234 struct ifnet *ifp = sc->sc_ifp; 1235 struct ieee80211com *ic = ifp->if_l2com; 1236 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1237 1238 DPRINTFN(4, "Rx event code=%d len=%d\n", code, len); 1239 switch (code) { 1240 case R92S_EVT_SURVEY: 1241 if (vap->iv_state == IEEE80211_S_SCAN) 1242 rsu_event_survey(sc, buf, len); 1243 break; 1244 case R92S_EVT_SURVEY_DONE: 1245 DPRINTF("site survey pass %d done, found %d BSS\n", 1246 sc->scan_pass, le32toh(*(uint32_t *)buf)); 1247 if (vap->iv_state != IEEE80211_S_SCAN) 1248 break; /* Ignore if not scanning. */ 1249 if (sc->scan_pass == 0 && vap->iv_des_nssid != 0) { 1250 /* Schedule a directed scan for hidden APs. */ 1251 sc->scan_pass = 1; 1252 RSU_UNLOCK(sc); 1253 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); 1254 RSU_LOCK(sc); 1255 break; 1256 } 1257 sc->scan_pass = 0; 1258 break; 1259 case R92S_EVT_JOIN_BSS: 1260 if (vap->iv_state == IEEE80211_S_AUTH) 1261 rsu_event_join_bss(sc, buf, len); 1262 break; 1263#if 0 1264XXX This event is occurring regularly, possibly due to some power saving event 1265XXX and disrupts the WLAN traffic. Disable for now. 1266 case R92S_EVT_DEL_STA: 1267 DPRINTF("disassociated from %s\n", ether_sprintf(buf)); 1268 if (vap->iv_state == IEEE80211_S_RUN && 1269 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) { 1270 RSU_UNLOCK(sc); 1271 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); 1272 RSU_LOCK(sc); 1273 } 1274 break; 1275#endif 1276 case R92S_EVT_WPS_PBC: 1277 DPRINTF("WPS PBC pushed.\n"); 1278 break; 1279 case R92S_EVT_FWDBG: 1280 if (ifp->if_flags & IFF_DEBUG) { 1281 buf[60] = '\0'; 1282 printf("FWDBG: %s\n", (char *)buf); 1283 } 1284 break; 1285 default: 1286 break; 1287 } 1288} 1289 1290static void 1291rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len) 1292{ 1293 struct r92s_fw_cmd_hdr *cmd; 1294 int cmdsz; 1295 1296 DPRINTFN(6, "Rx events len=%d\n", len); 1297 1298 /* Skip Rx status. */ 1299 buf += sizeof(struct r92s_rx_stat); 1300 len -= sizeof(struct r92s_rx_stat); 1301 1302 /* Process all events. */ 1303 for (;;) { 1304 /* Check that command header fits. */ 1305 if (__predict_false(len < sizeof(*cmd))) 1306 break; 1307 cmd = (struct r92s_fw_cmd_hdr *)buf; 1308 /* Check that command payload fits. */ 1309 cmdsz = le16toh(cmd->len); 1310 if (__predict_false(len < sizeof(*cmd) + cmdsz)) 1311 break; 1312 1313 /* Process firmware event. */ 1314 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz); 1315 1316 if (!(cmd->seq & R92S_FW_CMD_MORE)) 1317 break; 1318 buf += sizeof(*cmd) + cmdsz; 1319 len -= sizeof(*cmd) + cmdsz; 1320 } 1321} 1322 1323static int8_t 1324rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt) 1325{ 1326 static const int8_t cckoff[] = { 14, -2, -20, -40 }; 1327 struct r92s_rx_phystat *phy; 1328 struct r92s_rx_cck *cck; 1329 uint8_t rpt; 1330 int8_t rssi; 1331 1332 if (rate <= 3) { 1333 cck = (struct r92s_rx_cck *)physt; 1334 rpt = (cck->agc_rpt >> 6) & 0x3; 1335 rssi = cck->agc_rpt & 0x3e; 1336 rssi = cckoff[rpt] - rssi; 1337 } else { /* OFDM/HT. */ 1338 phy = (struct r92s_rx_phystat *)physt; 1339 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106; 1340 } 1341 return (rssi); 1342} 1343 1344static struct mbuf * 1345rsu_rx_frame(struct rsu_softc *sc, uint8_t *buf, int pktlen, int *rssi) 1346{ 1347 struct ifnet *ifp = sc->sc_ifp; 1348 struct ieee80211com *ic = ifp->if_l2com; 1349 struct ieee80211_frame *wh; 1350 struct r92s_rx_stat *stat; 1351 uint32_t rxdw0, rxdw3; 1352 struct mbuf *m; 1353 uint8_t rate; 1354 int infosz; 1355 1356 stat = (struct r92s_rx_stat *)buf; 1357 rxdw0 = le32toh(stat->rxdw0); 1358 rxdw3 = le32toh(stat->rxdw3); 1359 1360 if (__predict_false(rxdw0 & R92S_RXDW0_CRCERR)) { 1361 ifp->if_ierrors++; 1362 return NULL; 1363 } 1364 if (__predict_false(pktlen < sizeof(*wh) || pktlen > MCLBYTES)) { 1365 ifp->if_ierrors++; 1366 return NULL; 1367 } 1368 1369 rate = MS(rxdw3, R92S_RXDW3_RATE); 1370 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8; 1371 1372 /* Get RSSI from PHY status descriptor if present. */ 1373 if (infosz != 0) 1374 *rssi = rsu_get_rssi(sc, rate, &stat[1]); 1375 else 1376 *rssi = 0; 1377 1378 DPRINTFN(5, "Rx frame len=%d rate=%d infosz=%d rssi=%d\n", 1379 pktlen, rate, infosz, *rssi); 1380 1381 MGETHDR(m, M_NOWAIT, MT_DATA); 1382 if (__predict_false(m == NULL)) { 1383 ifp->if_ierrors++; 1384 return NULL; 1385 } 1386 if (pktlen > MHLEN) { 1387 MCLGET(m, M_NOWAIT); 1388 if (__predict_false(!(m->m_flags & M_EXT))) { 1389 ifp->if_ierrors++; 1390 m_freem(m); 1391 return NULL; 1392 } 1393 } 1394 /* Finalize mbuf. */ 1395 m->m_pkthdr.rcvif = ifp; 1396 /* Hardware does Rx TCP checksum offload. */ 1397 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) { 1398 if (__predict_true(rxdw3 & R92S_RXDW3_TCPCHKRPT)) 1399 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID; 1400 } 1401 wh = (struct ieee80211_frame *)((uint8_t *)&stat[1] + infosz); 1402 memcpy(mtod(m, uint8_t *), wh, pktlen); 1403 m->m_pkthdr.len = m->m_len = pktlen; 1404 1405 if (ieee80211_radiotap_active(ic)) { 1406 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap; 1407 1408 /* Map HW rate index to 802.11 rate. */ 1409 tap->wr_flags = 2; 1410 if (!(rxdw3 & R92S_RXDW3_HTC)) { 1411 switch (rate) { 1412 /* CCK. */ 1413 case 0: tap->wr_rate = 2; break; 1414 case 1: tap->wr_rate = 4; break; 1415 case 2: tap->wr_rate = 11; break; 1416 case 3: tap->wr_rate = 22; break; 1417 /* OFDM. */ 1418 case 4: tap->wr_rate = 12; break; 1419 case 5: tap->wr_rate = 18; break; 1420 case 6: tap->wr_rate = 24; break; 1421 case 7: tap->wr_rate = 36; break; 1422 case 8: tap->wr_rate = 48; break; 1423 case 9: tap->wr_rate = 72; break; 1424 case 10: tap->wr_rate = 96; break; 1425 case 11: tap->wr_rate = 108; break; 1426 } 1427 } else if (rate >= 12) { /* MCS0~15. */ 1428 /* Bit 7 set means HT MCS instead of rate. */ 1429 tap->wr_rate = 0x80 | (rate - 12); 1430 } 1431 tap->wr_dbm_antsignal = *rssi; 1432 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 1433 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 1434 } 1435 1436 return (m); 1437} 1438 1439static struct mbuf * 1440rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len, int *rssi) 1441{ 1442 struct r92s_rx_stat *stat; 1443 uint32_t rxdw0; 1444 int totlen, pktlen, infosz, npkts; 1445 struct mbuf *m, *m0 = NULL, *prevm = NULL; 1446 1447 /* Get the number of encapsulated frames. */ 1448 stat = (struct r92s_rx_stat *)buf; 1449 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT); 1450 DPRINTFN(6, "Rx %d frames in one chunk\n", npkts); 1451 1452 /* Process all of them. */ 1453 while (npkts-- > 0) { 1454 if (__predict_false(len < sizeof(*stat))) 1455 break; 1456 stat = (struct r92s_rx_stat *)buf; 1457 rxdw0 = le32toh(stat->rxdw0); 1458 1459 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN); 1460 if (__predict_false(pktlen == 0)) 1461 break; 1462 1463 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8; 1464 1465 /* Make sure everything fits in xfer. */ 1466 totlen = sizeof(*stat) + infosz + pktlen; 1467 if (__predict_false(totlen > len)) 1468 break; 1469 1470 /* Process 802.11 frame. */ 1471 m = rsu_rx_frame(sc, buf, pktlen, rssi); 1472 if (m0 == NULL) 1473 m0 = m; 1474 if (prevm == NULL) 1475 prevm = m; 1476 else { 1477 prevm->m_next = m; 1478 prevm = m; 1479 } 1480 /* Next chunk is 128-byte aligned. */ 1481 totlen = (totlen + 127) & ~127; 1482 buf += totlen; 1483 len -= totlen; 1484 } 1485 1486 return (m0); 1487} 1488 1489static struct mbuf * 1490rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data, int *rssi) 1491{ 1492 struct rsu_softc *sc = data->sc; 1493 struct r92s_rx_stat *stat; 1494 int len; 1495 1496 usbd_xfer_status(xfer, &len, NULL, NULL, NULL); 1497 1498 if (__predict_false(len < sizeof(*stat))) { 1499 DPRINTF("xfer too short %d\n", len); 1500 sc->sc_ifp->if_ierrors++; 1501 return (NULL); 1502 } 1503 /* Determine if it is a firmware C2H event or an 802.11 frame. */ 1504 stat = (struct r92s_rx_stat *)data->buf; 1505 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) { 1506 rsu_rx_multi_event(sc, data->buf, len); 1507 /* No packets to process. */ 1508 return (NULL); 1509 } else 1510 return (rsu_rx_multi_frame(sc, data->buf, len, rssi)); 1511} 1512 1513static void 1514rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 1515{ 1516 struct rsu_softc *sc = usbd_xfer_softc(xfer); 1517 struct ifnet *ifp = sc->sc_ifp; 1518 struct ieee80211com *ic = ifp->if_l2com; 1519 struct ieee80211_frame *wh; 1520 struct ieee80211_node *ni; 1521 struct mbuf *m = NULL, *next; 1522 struct rsu_data *data; 1523 int rssi = 1; 1524 1525 RSU_ASSERT_LOCKED(sc); 1526 1527 switch (USB_GET_STATE(xfer)) { 1528 case USB_ST_TRANSFERRED: 1529 data = STAILQ_FIRST(&sc->sc_rx_active); 1530 if (data == NULL) 1531 goto tr_setup; 1532 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); 1533 m = rsu_rxeof(xfer, data, &rssi); 1534 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); 1535 /* FALLTHROUGH */ 1536 case USB_ST_SETUP: 1537tr_setup: 1538 data = STAILQ_FIRST(&sc->sc_rx_inactive); 1539 if (data == NULL) { 1540 KASSERT(m == NULL, ("mbuf isn't NULL")); 1541 return; 1542 } 1543 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next); 1544 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next); 1545 usbd_xfer_set_frame_data(xfer, 0, data->buf, 1546 usbd_xfer_max_len(xfer)); 1547 usbd_transfer_submit(xfer); 1548 /* 1549 * To avoid LOR we should unlock our private mutex here to call 1550 * ieee80211_input() because here is at the end of a USB 1551 * callback and safe to unlock. 1552 */ 1553 RSU_UNLOCK(sc); 1554 while (m != NULL) { 1555 next = m->m_next; 1556 m->m_next = NULL; 1557 wh = mtod(m, struct ieee80211_frame *); 1558 ni = ieee80211_find_rxnode(ic, 1559 (struct ieee80211_frame_min *)wh); 1560 if (ni != NULL) { 1561 (void)ieee80211_input(ni, m, rssi, 0); 1562 ieee80211_free_node(ni); 1563 } else 1564 (void)ieee80211_input_all(ic, m, rssi, 0); 1565 m = next; 1566 } 1567 RSU_LOCK(sc); 1568 break; 1569 default: 1570 /* needs it to the inactive queue due to a error. */ 1571 data = STAILQ_FIRST(&sc->sc_rx_active); 1572 if (data != NULL) { 1573 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); 1574 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); 1575 } 1576 if (error != USB_ERR_CANCELLED) { 1577 usbd_xfer_set_stall(xfer); 1578 ifp->if_ierrors++; 1579 goto tr_setup; 1580 } 1581 break; 1582 } 1583 1584} 1585 1586 1587static void 1588rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data) 1589{ 1590 struct rsu_softc *sc = usbd_xfer_softc(xfer); 1591 struct ifnet *ifp = sc->sc_ifp; 1592 struct mbuf *m; 1593 1594 RSU_ASSERT_LOCKED(sc); 1595 1596 /* 1597 * Do any tx complete callback. Note this must be done before releasing 1598 * the node reference. 1599 */ 1600 if (data->m) { 1601 m = data->m; 1602 if (m->m_flags & M_TXCB) { 1603 /* XXX status? */ 1604 ieee80211_process_callback(data->ni, m, 0); 1605 } 1606 m_freem(m); 1607 data->m = NULL; 1608 } 1609 if (data->ni) { 1610 ieee80211_free_node(data->ni); 1611 data->ni = NULL; 1612 } 1613 ifp->if_opackets++; 1614 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1615} 1616 1617static void 1618rsu_bulk_tx_callback_sub(struct usb_xfer *xfer, usb_error_t error, 1619 uint8_t which) 1620{ 1621 struct rsu_softc *sc = usbd_xfer_softc(xfer); 1622 struct ifnet *ifp = sc->sc_ifp; 1623 struct rsu_data *data; 1624 1625 RSU_ASSERT_LOCKED(sc); 1626 1627 switch (USB_GET_STATE(xfer)) { 1628 case USB_ST_TRANSFERRED: 1629 data = STAILQ_FIRST(&sc->sc_tx_active[which]); 1630 if (data == NULL) 1631 goto tr_setup; 1632 DPRINTF("transfer done %p\n", data); 1633 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next); 1634 rsu_txeof(xfer, data); 1635 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, data, next); 1636 /* FALLTHROUGH */ 1637 case USB_ST_SETUP: 1638tr_setup: 1639 data = STAILQ_FIRST(&sc->sc_tx_pending[which]); 1640 if (data == NULL) { 1641 DPRINTF("empty pending queue sc %p\n", sc); 1642 return; 1643 } 1644 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next); 1645 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next); 1646 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen); 1647 DPRINTF("submitting transfer %p\n", data); 1648 usbd_transfer_submit(xfer); 1649 break; 1650 default: 1651 data = STAILQ_FIRST(&sc->sc_tx_active[which]); 1652 if (data != NULL) { 1653 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next); 1654 rsu_txeof(xfer, data); 1655 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, data, next); 1656 } 1657 ifp->if_oerrors++; 1658 1659 if (error != USB_ERR_CANCELLED) { 1660 usbd_xfer_set_stall(xfer); 1661 goto tr_setup; 1662 } 1663 break; 1664 } 1665} 1666 1667static void 1668rsu_bulk_tx_callback_be_bk(struct usb_xfer *xfer, usb_error_t error) 1669{ 1670 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_BE_BK); 1671} 1672 1673static void 1674rsu_bulk_tx_callback_vi_vo(struct usb_xfer *xfer, usb_error_t error) 1675{ 1676 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_VI_VO); 1677} 1678 1679static int 1680rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni, 1681 struct mbuf *m0, struct rsu_data *data) 1682{ 1683 struct ifnet *ifp = sc->sc_ifp; 1684 struct ieee80211com *ic = ifp->if_l2com; 1685 struct ieee80211vap *vap = ni->ni_vap; 1686 struct ieee80211_frame *wh; 1687 struct ieee80211_key *k = NULL; 1688 struct r92s_tx_desc *txd; 1689 uint8_t type; 1690 uint8_t tid = 0; 1691 uint8_t which; 1692 int hasqos; 1693 int xferlen; 1694 1695 RSU_ASSERT_LOCKED(sc); 1696 1697 wh = mtod(m0, struct ieee80211_frame *); 1698 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1699 1700 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1701 k = ieee80211_crypto_encap(ni, m0); 1702 if (k == NULL) { 1703 device_printf(sc->sc_dev, 1704 "ieee80211_crypto_encap returns NULL.\n"); 1705 /* XXX we don't expect the fragmented frames */ 1706 m_freem(m0); 1707 return (ENOBUFS); 1708 } 1709 wh = mtod(m0, struct ieee80211_frame *); 1710 } 1711 switch (type) { 1712 case IEEE80211_FC0_TYPE_CTL: 1713 case IEEE80211_FC0_TYPE_MGT: 1714 which = rsu_wme_ac_xfer_map[WME_AC_VO]; 1715 break; 1716 default: 1717 which = rsu_wme_ac_xfer_map[M_WME_GETAC(m0)]; 1718 break; 1719 } 1720 hasqos = 0; 1721 1722 /* Fill Tx descriptor. */ 1723 txd = (struct r92s_tx_desc *)data->buf; 1724 memset(txd, 0, sizeof(*txd)); 1725 1726 txd->txdw0 |= htole32( 1727 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) | 1728 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) | 1729 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG); 1730 1731 txd->txdw1 |= htole32( 1732 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) | 1733 SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_BE)); 1734 if (!hasqos) 1735 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS); 1736#ifdef notyet 1737 if (k != NULL) { 1738 switch (k->wk_cipher->ic_cipher) { 1739 case IEEE80211_CIPHER_WEP: 1740 cipher = R92S_TXDW1_CIPHER_WEP; 1741 break; 1742 case IEEE80211_CIPHER_TKIP: 1743 cipher = R92S_TXDW1_CIPHER_TKIP; 1744 break; 1745 case IEEE80211_CIPHER_AES_CCM: 1746 cipher = R92S_TXDW1_CIPHER_AES; 1747 break; 1748 default: 1749 cipher = R92S_TXDW1_CIPHER_NONE; 1750 } 1751 txd->txdw1 |= htole32( 1752 SM(R92S_TXDW1_CIPHER, cipher) | 1753 SM(R92S_TXDW1_KEYIDX, k->k_id)); 1754 } 1755#endif 1756 txd->txdw2 |= htole32(R92S_TXDW2_BK); 1757 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 1758 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST); 1759 /* 1760 * Firmware will use and increment the sequence number for the 1761 * specified TID. 1762 */ 1763 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, tid)); 1764 1765 if (ieee80211_radiotap_active_vap(vap)) { 1766 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap; 1767 1768 tap->wt_flags = 0; 1769 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 1770 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 1771 ieee80211_radiotap_tx(vap, m0); 1772 } 1773 xferlen = sizeof(*txd) + m0->m_pkthdr.len; 1774 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]); 1775 1776 data->buflen = xferlen; 1777 data->ni = ni; 1778 data->m = m0; 1779 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 1780 1781 /* start transfer, if any */ 1782 usbd_transfer_start(sc->sc_xfer[which]); 1783 return (0); 1784} 1785 1786static void 1787rsu_start(struct ifnet *ifp) 1788{ 1789 struct rsu_softc *sc = ifp->if_softc; 1790 1791 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1792 return; 1793 1794 RSU_LOCK(sc); 1795 rsu_start_locked(ifp); 1796 RSU_UNLOCK(sc); 1797} 1798 1799static void 1800rsu_start_locked(struct ifnet *ifp) 1801{ 1802 struct rsu_softc *sc = ifp->if_softc; 1803 struct ieee80211_node *ni; 1804 struct rsu_data *bf; 1805 struct mbuf *m; 1806 1807 RSU_ASSERT_LOCKED(sc); 1808 1809 for (;;) { 1810 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 1811 if (m == NULL) 1812 break; 1813 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 1814 m->m_pkthdr.rcvif = NULL; 1815 1816 bf = rsu_getbuf(sc); 1817 if (bf == NULL) { 1818 ifp->if_iqdrops++; 1819 m_freem(m); 1820 ieee80211_free_node(ni); 1821 } else if (rsu_tx_start(sc, ni, m, bf) != 0) { 1822 ifp->if_oerrors++; 1823 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next); 1824 ieee80211_free_node(ni); 1825 } 1826 } 1827} 1828 1829static int 1830rsu_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1831{ 1832 struct ieee80211com *ic = ifp->if_l2com; 1833 struct ifreq *ifr = (struct ifreq *) data; 1834 int error = 0, startall = 0; 1835 1836 switch (cmd) { 1837 case SIOCSIFFLAGS: 1838 if (ifp->if_flags & IFF_UP) { 1839 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1840 rsu_init(ifp->if_softc); 1841 startall = 1; 1842 } 1843 } else { 1844 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1845 rsu_stop(ifp, 1); 1846 } 1847 if (startall) 1848 ieee80211_start_all(ic); 1849 break; 1850 case SIOCGIFMEDIA: 1851 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 1852 break; 1853 case SIOCGIFADDR: 1854 error = ether_ioctl(ifp, cmd, data); 1855 break; 1856 default: 1857 error = EINVAL; 1858 break; 1859 } 1860 1861 return (error); 1862} 1863 1864/* 1865 * Power on sequence for A-cut adapters. 1866 */ 1867static void 1868rsu_power_on_acut(struct rsu_softc *sc) 1869{ 1870 uint32_t reg; 1871 1872 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53); 1873 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57); 1874 1875 /* Enable AFE macro block's bandgap and Mbias. */ 1876 rsu_write_1(sc, R92S_AFE_MISC, 1877 rsu_read_1(sc, R92S_AFE_MISC) | 1878 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN); 1879 /* Enable LDOA15 block. */ 1880 rsu_write_1(sc, R92S_LDOA15_CTRL, 1881 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN); 1882 1883 rsu_write_1(sc, R92S_SPS1_CTRL, 1884 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN); 1885 usb_pause_mtx(&sc->sc_mtx, 2 * hz); 1886 /* Enable switch regulator block. */ 1887 rsu_write_1(sc, R92S_SPS1_CTRL, 1888 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN); 1889 1890 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267); 1891 1892 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 1893 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08); 1894 1895 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 1896 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20); 1897 1898 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 1899 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90); 1900 1901 /* Enable AFE clock. */ 1902 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1, 1903 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04); 1904 /* Enable AFE PLL macro block. */ 1905 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 1906 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11); 1907 /* Attach AFE PLL to MACTOP/BB. */ 1908 rsu_write_1(sc, R92S_SYS_ISO_CTRL, 1909 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11); 1910 1911 /* Switch to 40MHz clock instead of 80MHz. */ 1912 rsu_write_2(sc, R92S_SYS_CLKR, 1913 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL); 1914 1915 /* Enable MAC clock. */ 1916 rsu_write_2(sc, R92S_SYS_CLKR, 1917 rsu_read_2(sc, R92S_SYS_CLKR) | 1918 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN); 1919 1920 rsu_write_1(sc, R92S_PMC_FSM, 0x02); 1921 1922 /* Enable digital core and IOREG R/W. */ 1923 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 1924 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08); 1925 1926 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 1927 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80); 1928 1929 /* Switch the control path to firmware. */ 1930 reg = rsu_read_2(sc, R92S_SYS_CLKR); 1931 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL; 1932 rsu_write_2(sc, R92S_SYS_CLKR, reg); 1933 1934 rsu_write_2(sc, R92S_CR, 0x37fc); 1935 1936 /* Fix USB RX FIFO issue. */ 1937 rsu_write_1(sc, 0xfe5c, 1938 rsu_read_1(sc, 0xfe5c) | 0x80); 1939 rsu_write_1(sc, 0x00ab, 1940 rsu_read_1(sc, 0x00ab) | 0xc0); 1941 1942 rsu_write_1(sc, R92S_SYS_CLKR, 1943 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL); 1944} 1945 1946/* 1947 * Power on sequence for B-cut and C-cut adapters. 1948 */ 1949static void 1950rsu_power_on_bcut(struct rsu_softc *sc) 1951{ 1952 uint32_t reg; 1953 int ntries; 1954 1955 /* Prevent eFuse leakage. */ 1956 rsu_write_1(sc, 0x37, 0xb0); 1957 usb_pause_mtx(&sc->sc_mtx, hz / 100); 1958 rsu_write_1(sc, 0x37, 0x30); 1959 1960 /* Switch the control path to hardware. */ 1961 reg = rsu_read_2(sc, R92S_SYS_CLKR); 1962 if (reg & R92S_FWHW_SEL) { 1963 rsu_write_2(sc, R92S_SYS_CLKR, 1964 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL)); 1965 } 1966 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 1967 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c); 1968 rsu_ms_delay(sc); 1969 1970 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53); 1971 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57); 1972 1973 reg = rsu_read_1(sc, R92S_AFE_MISC); 1974 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN); 1975 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN | 1976 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN); 1977 1978 /* Enable PLL. */ 1979 rsu_write_1(sc, R92S_LDOA15_CTRL, 1980 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN); 1981 1982 rsu_write_1(sc, R92S_LDOV12D_CTRL, 1983 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN); 1984 1985 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 1986 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08); 1987 1988 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 1989 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20); 1990 1991 /* Support 64KB IMEM. */ 1992 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 1993 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97); 1994 1995 /* Enable AFE clock. */ 1996 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1, 1997 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04); 1998 /* Enable AFE PLL macro block. */ 1999 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL); 2000 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11); 2001 rsu_ms_delay(sc); 2002 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51); 2003 rsu_ms_delay(sc); 2004 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11); 2005 rsu_ms_delay(sc); 2006 2007 /* Attach AFE PLL to MACTOP/BB. */ 2008 rsu_write_1(sc, R92S_SYS_ISO_CTRL, 2009 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11); 2010 2011 /* Switch to 40MHz clock. */ 2012 rsu_write_1(sc, R92S_SYS_CLKR, 0x00); 2013 /* Disable CPU clock and 80MHz SSC. */ 2014 rsu_write_1(sc, R92S_SYS_CLKR, 2015 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0); 2016 /* Enable MAC clock. */ 2017 rsu_write_2(sc, R92S_SYS_CLKR, 2018 rsu_read_2(sc, R92S_SYS_CLKR) | 2019 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN); 2020 2021 rsu_write_1(sc, R92S_PMC_FSM, 0x02); 2022 2023 /* Enable digital core and IOREG R/W. */ 2024 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2025 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08); 2026 2027 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 2028 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80); 2029 2030 /* Switch the control path to firmware. */ 2031 reg = rsu_read_2(sc, R92S_SYS_CLKR); 2032 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL; 2033 rsu_write_2(sc, R92S_SYS_CLKR, reg); 2034 2035 rsu_write_2(sc, R92S_CR, 0x37fc); 2036 2037 /* Fix USB RX FIFO issue. */ 2038 rsu_write_1(sc, 0xfe5c, 2039 rsu_read_1(sc, 0xfe5c) | 0x80); 2040 2041 rsu_write_1(sc, R92S_SYS_CLKR, 2042 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL); 2043 2044 rsu_write_1(sc, 0xfe1c, 0x80); 2045 2046 /* Make sure TxDMA is ready to download firmware. */ 2047 for (ntries = 0; ntries < 20; ntries++) { 2048 reg = rsu_read_1(sc, R92S_TCR); 2049 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) == 2050 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) 2051 break; 2052 rsu_ms_delay(sc); 2053 } 2054 if (ntries == 20) { 2055 DPRINTF("TxDMA is not ready\n"); 2056 /* Reset TxDMA. */ 2057 reg = rsu_read_1(sc, R92S_CR); 2058 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN); 2059 rsu_ms_delay(sc); 2060 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN); 2061 } 2062} 2063 2064static void 2065rsu_power_off(struct rsu_softc *sc) 2066{ 2067 /* Turn RF off. */ 2068 rsu_write_1(sc, R92S_RF_CTRL, 0x00); 2069 usb_pause_mtx(&sc->sc_mtx, hz / 200); 2070 2071 /* Turn MAC off. */ 2072 /* Switch control path. */ 2073 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38); 2074 /* Reset MACTOP. */ 2075 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70); 2076 rsu_write_1(sc, R92S_PMC_FSM, 0x06); 2077 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9); 2078 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8); 2079 2080 /* Disable AFE PLL. */ 2081 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00); 2082 /* Disable A15V. */ 2083 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54); 2084 /* Disable eFuse 1.2V. */ 2085 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50); 2086 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24); 2087 /* Enable AFE macro block's bandgap and Mbias. */ 2088 rsu_write_1(sc, R92S_AFE_MISC, 0x30); 2089 /* Disable 1.6V LDO. */ 2090 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56); 2091 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43); 2092} 2093 2094static int 2095rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len) 2096{ 2097 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO]; 2098 struct rsu_data *data; 2099 struct r92s_tx_desc *txd; 2100 int mlen; 2101 2102 while (len > 0) { 2103 data = rsu_getbuf(sc); 2104 if (data == NULL) 2105 return (ENOMEM); 2106 txd = (struct r92s_tx_desc *)data->buf; 2107 memset(txd, 0, sizeof(*txd)); 2108 if (len <= RSU_TXBUFSZ - sizeof(*txd)) { 2109 /* Last chunk. */ 2110 txd->txdw0 |= htole32(R92S_TXDW0_LINIP); 2111 mlen = len; 2112 } else 2113 mlen = RSU_TXBUFSZ - sizeof(*txd); 2114 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen)); 2115 memcpy(&txd[1], buf, mlen); 2116 data->buflen = sizeof(*txd) + mlen; 2117 DPRINTF("starting transfer %p\n", data); 2118 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 2119 buf += mlen; 2120 len -= mlen; 2121 } 2122 usbd_transfer_start(sc->sc_xfer[which]); 2123 return (0); 2124} 2125 2126static int 2127rsu_load_firmware(struct rsu_softc *sc) 2128{ 2129 const struct r92s_fw_hdr *hdr; 2130 struct r92s_fw_priv *dmem; 2131 const uint8_t *imem, *emem; 2132 int imemsz, ememsz; 2133 const struct firmware *fw; 2134 size_t size; 2135 uint32_t reg; 2136 int ntries, error; 2137 2138 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY) { 2139 DPRINTF("Firmware already loaded\n"); 2140 return (0); 2141 } 2142 2143 RSU_UNLOCK(sc); 2144 /* Read firmware image from the filesystem. */ 2145 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) { 2146 device_printf(sc->sc_dev, 2147 "%s: failed load firmware of file rsu-rtl8712fw\n", 2148 __func__); 2149 RSU_LOCK(sc); 2150 return (ENXIO); 2151 } 2152 RSU_LOCK(sc); 2153 size = fw->datasize; 2154 if (size < sizeof(*hdr)) { 2155 device_printf(sc->sc_dev, "firmware too short\n"); 2156 error = EINVAL; 2157 goto fail; 2158 } 2159 hdr = (const struct r92s_fw_hdr *)fw->data; 2160 if (hdr->signature != htole16(0x8712) && 2161 hdr->signature != htole16(0x8192)) { 2162 device_printf(sc->sc_dev, 2163 "invalid firmware signature 0x%x\n", 2164 le16toh(hdr->signature)); 2165 error = EINVAL; 2166 goto fail; 2167 } 2168 DPRINTF("FW V%d %02x-%02x %02x:%02x\n", le16toh(hdr->version), 2169 hdr->month, hdr->day, hdr->hour, hdr->minute); 2170 2171 /* Make sure that driver and firmware are in sync. */ 2172 if (hdr->privsz != htole32(sizeof(*dmem))) { 2173 device_printf(sc->sc_dev, "unsupported firmware image\n"); 2174 error = EINVAL; 2175 goto fail; 2176 } 2177 /* Get FW sections sizes. */ 2178 imemsz = le32toh(hdr->imemsz); 2179 ememsz = le32toh(hdr->sramsz); 2180 /* Check that all FW sections fit in image. */ 2181 if (size < sizeof(*hdr) + imemsz + ememsz) { 2182 device_printf(sc->sc_dev, "firmware too short\n"); 2183 error = EINVAL; 2184 goto fail; 2185 } 2186 imem = (const uint8_t *)&hdr[1]; 2187 emem = imem + imemsz; 2188 2189 /* Load IMEM section. */ 2190 error = rsu_fw_loadsection(sc, imem, imemsz); 2191 if (error != 0) { 2192 device_printf(sc->sc_dev, 2193 "could not load firmware section %s\n", "IMEM"); 2194 goto fail; 2195 } 2196 /* Wait for load to complete. */ 2197 for (ntries = 0; ntries != 50; ntries++) { 2198 usb_pause_mtx(&sc->sc_mtx, hz / 100); 2199 reg = rsu_read_1(sc, R92S_TCR); 2200 if (reg & R92S_TCR_IMEM_CODE_DONE) 2201 break; 2202 } 2203 if (ntries == 50) { 2204 device_printf(sc->sc_dev, "timeout waiting for IMEM transfer\n"); 2205 error = ETIMEDOUT; 2206 goto fail; 2207 } 2208 /* Load EMEM section. */ 2209 error = rsu_fw_loadsection(sc, emem, ememsz); 2210 if (error != 0) { 2211 device_printf(sc->sc_dev, 2212 "could not load firmware section %s\n", "EMEM"); 2213 goto fail; 2214 } 2215 /* Wait for load to complete. */ 2216 for (ntries = 0; ntries != 50; ntries++) { 2217 usb_pause_mtx(&sc->sc_mtx, hz / 100); 2218 reg = rsu_read_2(sc, R92S_TCR); 2219 if (reg & R92S_TCR_EMEM_CODE_DONE) 2220 break; 2221 } 2222 if (ntries == 50) { 2223 device_printf(sc->sc_dev, "timeout waiting for EMEM transfer\n"); 2224 error = ETIMEDOUT; 2225 goto fail; 2226 } 2227 /* Enable CPU. */ 2228 rsu_write_1(sc, R92S_SYS_CLKR, 2229 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL); 2230 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) { 2231 device_printf(sc->sc_dev, "could not enable system clock\n"); 2232 error = EIO; 2233 goto fail; 2234 } 2235 rsu_write_2(sc, R92S_SYS_FUNC_EN, 2236 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN); 2237 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) { 2238 device_printf(sc->sc_dev, 2239 "could not enable microcontroller\n"); 2240 error = EIO; 2241 goto fail; 2242 } 2243 /* Wait for CPU to initialize. */ 2244 for (ntries = 0; ntries < 100; ntries++) { 2245 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_IMEM_RDY) 2246 break; 2247 rsu_ms_delay(sc); 2248 } 2249 if (ntries == 100) { 2250 device_printf(sc->sc_dev, 2251 "timeout waiting for microcontroller\n"); 2252 error = ETIMEDOUT; 2253 goto fail; 2254 } 2255 2256 /* Update DMEM section before loading. */ 2257 dmem = __DECONST(struct r92s_fw_priv *, &hdr->priv); 2258 memset(dmem, 0, sizeof(*dmem)); 2259 dmem->hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172; 2260 dmem->nendpoints = 0; 2261 dmem->rf_config = 0x12; /* 1T2R */ 2262 dmem->vcs_type = R92S_VCS_TYPE_AUTO; 2263 dmem->vcs_mode = R92S_VCS_MODE_RTS_CTS; 2264#ifdef notyet 2265 dmem->bw40_en = (ic->ic_htcaps & IEEE80211_HTCAP_CBW20_40) != 0; 2266#endif 2267 dmem->turbo_mode = 1; 2268 /* Load DMEM section. */ 2269 error = rsu_fw_loadsection(sc, (uint8_t *)dmem, sizeof(*dmem)); 2270 if (error != 0) { 2271 device_printf(sc->sc_dev, 2272 "could not load firmware section %s\n", "DMEM"); 2273 goto fail; 2274 } 2275 /* Wait for load to complete. */ 2276 for (ntries = 0; ntries < 100; ntries++) { 2277 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE) 2278 break; 2279 rsu_ms_delay(sc); 2280 } 2281 if (ntries == 100) { 2282 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n", 2283 "DMEM"); 2284 error = ETIMEDOUT; 2285 goto fail; 2286 } 2287 /* Wait for firmware readiness. */ 2288 for (ntries = 0; ntries < 60; ntries++) { 2289 if (!(rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY)) 2290 break; 2291 rsu_ms_delay(sc); 2292 } 2293 if (ntries == 60) { 2294 device_printf(sc->sc_dev, 2295 "timeout waiting for firmware readiness\n"); 2296 error = ETIMEDOUT; 2297 goto fail; 2298 } 2299 fail: 2300 firmware_put(fw, FIRMWARE_UNLOAD); 2301 return (error); 2302} 2303 2304 2305static int 2306rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 2307 const struct ieee80211_bpf_params *params) 2308{ 2309 struct ieee80211com *ic = ni->ni_ic; 2310 struct ifnet *ifp = ic->ic_ifp; 2311 struct rsu_softc *sc = ifp->if_softc; 2312 struct rsu_data *bf; 2313 2314 /* prevent management frames from being sent if we're not ready */ 2315 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2316 m_freem(m); 2317 ieee80211_free_node(ni); 2318 return (ENETDOWN); 2319 } 2320 RSU_LOCK(sc); 2321 bf = rsu_getbuf(sc); 2322 if (bf == NULL) { 2323 ieee80211_free_node(ni); 2324 m_freem(m); 2325 RSU_UNLOCK(sc); 2326 return (ENOBUFS); 2327 } 2328 ifp->if_opackets++; 2329 if (rsu_tx_start(sc, ni, m, bf) != 0) { 2330 ieee80211_free_node(ni); 2331 ifp->if_oerrors++; 2332 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, bf, next); 2333 RSU_UNLOCK(sc); 2334 return (EIO); 2335 } 2336 RSU_UNLOCK(sc); 2337 2338 return (0); 2339} 2340 2341static void 2342rsu_init(void *arg) 2343{ 2344 struct rsu_softc *sc = arg; 2345 2346 RSU_LOCK(sc); 2347 rsu_init_locked(arg); 2348 RSU_UNLOCK(sc); 2349} 2350 2351static void 2352rsu_init_locked(struct rsu_softc *sc) 2353{ 2354 struct ifnet *ifp = sc->sc_ifp; 2355 struct r92s_set_pwr_mode cmd; 2356 int error; 2357 int i; 2358 2359 /* Init host async commands ring. */ 2360 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0; 2361 2362 /* Power on adapter. */ 2363 if (sc->cut == 1) 2364 rsu_power_on_acut(sc); 2365 else 2366 rsu_power_on_bcut(sc); 2367 2368 /* Load firmware. */ 2369 error = rsu_load_firmware(sc); 2370 if (error != 0) 2371 goto fail; 2372 2373 /* Enable Rx TCP checksum offload. */ 2374 rsu_write_4(sc, R92S_RCR, 2375 rsu_read_4(sc, R92S_RCR) | 0x04000000); 2376 /* Append PHY status. */ 2377 rsu_write_4(sc, R92S_RCR, 2378 rsu_read_4(sc, R92S_RCR) | 0x02000000); 2379 2380 rsu_write_4(sc, R92S_CR, 2381 rsu_read_4(sc, R92S_CR) & ~0xff000000); 2382 2383 /* Use 128 bytes pages. */ 2384 rsu_write_1(sc, 0x00b5, 2385 rsu_read_1(sc, 0x00b5) | 0x01); 2386 /* Enable USB Rx aggregation. */ 2387 rsu_write_1(sc, 0x00bd, 2388 rsu_read_1(sc, 0x00bd) | 0x80); 2389 /* Set USB Rx aggregation threshold. */ 2390 rsu_write_1(sc, 0x00d9, 0x01); 2391 /* Set USB Rx aggregation timeout (1.7ms/4). */ 2392 rsu_write_1(sc, 0xfe5b, 0x04); 2393 /* Fix USB Rx FIFO issue. */ 2394 rsu_write_1(sc, 0xfe5c, 2395 rsu_read_1(sc, 0xfe5c) | 0x80); 2396 2397 /* Set MAC address. */ 2398 rsu_write_region_1(sc, R92S_MACID, IF_LLADDR(ifp), 2399 IEEE80211_ADDR_LEN); 2400 2401 /* It really takes 1.5 seconds for the firmware to boot: */ 2402 usb_pause_mtx(&sc->sc_mtx, (3 * hz) / 2); 2403 2404 DPRINTF("setting MAC address to %s\n", ether_sprintf(IF_LLADDR(ifp))); 2405 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, IF_LLADDR(ifp), 2406 IEEE80211_ADDR_LEN); 2407 if (error != 0) { 2408 device_printf(sc->sc_dev, "could not set MAC address\n"); 2409 goto fail; 2410 } 2411 2412 rsu_write_1(sc, R92S_USB_HRPWM, 2413 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON); 2414 2415 memset(&cmd, 0, sizeof(cmd)); 2416 cmd.mode = R92S_PS_MODE_ACTIVE; 2417 DPRINTF("setting ps mode to %d\n", cmd.mode); 2418 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd)); 2419 if (error != 0) { 2420 device_printf(sc->sc_dev, "could not set PS mode\n"); 2421 goto fail; 2422 } 2423 2424#if 0 2425 if (ic->ic_htcaps & IEEE80211_HTCAP_CBW20_40) { 2426 /* Enable 40MHz mode. */ 2427 error = rsu_fw_iocmd(sc, 2428 SM(R92S_IOCMD_CLASS, 0xf4) | 2429 SM(R92S_IOCMD_INDEX, 0x00) | 2430 SM(R92S_IOCMD_VALUE, 0x0007)); 2431 if (error != 0) { 2432 device_printf(sc->sc_dev, 2433 "could not enable 40MHz mode\n"); 2434 goto fail; 2435 } 2436 } 2437 2438 /* Set default channel. */ 2439 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 2440#endif 2441 sc->scan_pass = 0; 2442 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]); 2443 2444 /* We're ready to go. */ 2445 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2446 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2447 return; 2448fail: 2449 /* Need to stop all failed transfers, if any */ 2450 for (i = 0; i != RSU_N_TRANSFER; i++) 2451 usbd_transfer_stop(sc->sc_xfer[i]); 2452} 2453 2454static void 2455rsu_stop(struct ifnet *ifp, int disable) 2456{ 2457 struct rsu_softc *sc = ifp->if_softc; 2458 2459 RSU_LOCK(sc); 2460 rsu_stop_locked(ifp, disable); 2461 RSU_UNLOCK(sc); 2462} 2463 2464static void 2465rsu_stop_locked(struct ifnet *ifp, int disable __unused) 2466{ 2467 struct rsu_softc *sc = ifp->if_softc; 2468 int i; 2469 2470 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 2471 sc->sc_calibrating = 0; 2472 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL); 2473 2474 /* Power off adapter. */ 2475 rsu_power_off(sc); 2476 2477 for (i = 0; i < RSU_N_TRANSFER; i++) 2478 usbd_transfer_stop(sc->sc_xfer[i]); 2479} 2480 2481static void 2482rsu_ms_delay(struct rsu_softc *sc) 2483{ 2484 usb_pause_mtx(&sc->sc_mtx, hz / 1000); 2485} 2486