1 /* $OpenBSD: if_mtw.c,v 1.7 2022/07/28 00:56:02 kevlo Exp $ */ 2 /* 3 * Copyright (c) 2008-2010 Damien Bergamini <damien.bergamini@free.fr> 4 * Copyright (c) 2013-2014 Kevin Lo 5 * Copyright (c) 2021 James Hastings 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * MediaTek MT7601U 802.11b/g/n WLAN. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/kernel.h> 30 #include <sys/socket.h> 31 #include <sys/systm.h> 32 #include <sys/timeout.h> 33 #include <sys/conf.h> 34 #include <sys/device.h> 35 #include <sys/endian.h> 36 37 #include <machine/intr.h> 38 39 #if NBPFILTER > 0 40 #include <net/bpf.h> 41 #endif 42 #include <net/if.h> 43 #include <net/if_dl.h> 44 #include <net/if_media.h> 45 46 #include <netinet/in.h> 47 #include <netinet/if_ether.h> 48 49 #include <net80211/ieee80211_var.h> 50 #include <net80211/ieee80211_amrr.h> 51 #include <net80211/ieee80211_ra.h> 52 #include <net80211/ieee80211_radiotap.h> 53 54 #include <dev/usb/usb.h> 55 #include <dev/usb/usbdi.h> 56 #include <dev/usb/usbdi_util.h> 57 #include <dev/usb/usbdevs.h> 58 59 #include <dev/ic/mtwreg.h> 60 #include <dev/usb/if_mtwvar.h> 61 62 #ifdef MTW_DEBUG 63 #define DPRINTF(x) do { if (mtw_debug) printf x; } while (0) 64 #define DPRINTFN(n, x) do { if (mtw_debug >= (n)) printf x; } while (0) 65 int mtw_debug = 0; 66 #else 67 #define DPRINTF(x) 68 #define DPRINTFN(n, x) 69 #endif 70 71 #define USB_ID(v, p) { USB_VENDOR_##v, USB_PRODUCT_##v##_##p } 72 static const struct usb_devno mtw_devs[] = { 73 USB_ID(ASUS, USBN10V2), 74 USB_ID(AZUREWAVE, MT7601_1), 75 USB_ID(AZUREWAVE, MT7601_2), 76 USB_ID(DLINK, DWA127B1), 77 USB_ID(EDIMAX, EW7711UANV2), 78 USB_ID(MEDIATEK, MT7601_1), 79 USB_ID(MEDIATEK, MT7601_2), 80 USB_ID(RALINK, MT7601), 81 USB_ID(RALINK, MT7601_2), 82 USB_ID(RALINK, MT7601_3), 83 USB_ID(RALINK, MT7601_4), 84 USB_ID(RALINK, MT7601_5), 85 USB_ID(XIAOMI, MT7601U), 86 }; 87 88 int mtw_match(struct device *, void *, void *); 89 void mtw_attach(struct device *, struct device *, void *); 90 int mtw_detach(struct device *, int); 91 void mtw_attachhook(struct device *); 92 int mtw_alloc_rx_ring(struct mtw_softc *, int); 93 void mtw_free_rx_ring(struct mtw_softc *, int); 94 int mtw_alloc_tx_ring(struct mtw_softc *, int); 95 void mtw_free_tx_ring(struct mtw_softc *, int); 96 int mtw_alloc_mcu_ring(struct mtw_softc *); 97 void mtw_free_mcu_ring(struct mtw_softc *); 98 int mtw_ucode_write(struct mtw_softc *, const uint8_t *, 99 uint32_t, uint32_t); 100 void mtw_ucode_setup(struct mtw_softc *); 101 int mtw_load_microcode(struct mtw_softc *); 102 int mtw_reset(struct mtw_softc *); 103 int mtw_read(struct mtw_softc *, uint16_t, uint32_t *); 104 int mtw_read_cfg(struct mtw_softc *, uint16_t, uint32_t *); 105 int mtw_read_region_1(struct mtw_softc *, uint16_t, 106 uint8_t *, int); 107 int mtw_write_2(struct mtw_softc *, uint16_t, uint16_t); 108 int mtw_write(struct mtw_softc *, uint16_t, uint32_t); 109 int mtw_write_cfg(struct mtw_softc *, uint16_t, uint32_t); 110 int mtw_write_ivb(struct mtw_softc *, const uint8_t *, uint16_t); 111 int mtw_write_region_1(struct mtw_softc *, uint16_t, 112 uint8_t *, int); 113 int mtw_set_region_4(struct mtw_softc *, uint16_t, uint32_t, int); 114 int mtw_efuse_read_2(struct mtw_softc *, uint16_t, uint16_t *); 115 int mtw_eeprom_read_2(struct mtw_softc *, uint16_t, uint16_t *); 116 int mtw_rf_read(struct mtw_softc *, uint8_t, uint8_t, uint8_t *); 117 int mtw_rf_write(struct mtw_softc *, uint8_t, uint8_t, uint8_t); 118 int mtw_bbp_read(struct mtw_softc *, uint8_t, uint8_t *); 119 int mtw_bbp_write(struct mtw_softc *, uint8_t, uint8_t); 120 int mtw_usb_dma_read(struct mtw_softc *, uint32_t *); 121 int mtw_usb_dma_write(struct mtw_softc *, uint32_t); 122 int mtw_mcu_calibrate(struct mtw_softc *, int, uint32_t); 123 int mtw_mcu_channel(struct mtw_softc *, uint32_t, uint32_t, uint32_t); 124 int mtw_mcu_radio(struct mtw_softc *, int, uint32_t); 125 int mtw_mcu_cmd(struct mtw_softc *, int, void *, int); 126 const char * mtw_get_rf(int); 127 void mtw_get_txpower(struct mtw_softc *); 128 int mtw_read_eeprom(struct mtw_softc *); 129 struct ieee80211_node *mtw_node_alloc(struct ieee80211com *); 130 int mtw_media_change(struct ifnet *); 131 void mtw_next_scan(void *); 132 void mtw_task(void *); 133 void mtw_do_async(struct mtw_softc *, void (*)(struct mtw_softc *, 134 void *), void *, int); 135 int mtw_newstate(struct ieee80211com *, enum ieee80211_state, int); 136 void mtw_newstate_cb(struct mtw_softc *, void *); 137 void mtw_updateedca(struct ieee80211com *); 138 void mtw_updateedca_cb(struct mtw_softc *, void *); 139 void mtw_updateslot(struct ieee80211com *); 140 void mtw_updateslot_cb(struct mtw_softc *, void *); 141 int mtw_set_key(struct ieee80211com *, struct ieee80211_node *, 142 struct ieee80211_key *); 143 void mtw_set_key_cb(struct mtw_softc *, void *); 144 void mtw_delete_key(struct ieee80211com *, struct ieee80211_node *, 145 struct ieee80211_key *); 146 void mtw_delete_key_cb(struct mtw_softc *, void *); 147 void mtw_calibrate_to(void *); 148 void mtw_calibrate_cb(struct mtw_softc *, void *); 149 void mtw_newassoc(struct ieee80211com *, struct ieee80211_node *, 150 int); 151 void mtw_rx_frame(struct mtw_softc *, uint8_t *, int, 152 struct mbuf_list *); 153 void mtw_rxeof(struct usbd_xfer *, void *, usbd_status); 154 void mtw_txeof(struct usbd_xfer *, void *, usbd_status); 155 int mtw_tx(struct mtw_softc *, struct mbuf *, 156 struct ieee80211_node *); 157 void mtw_start(struct ifnet *); 158 void mtw_watchdog(struct ifnet *); 159 int mtw_ioctl(struct ifnet *, u_long, caddr_t); 160 void mtw_select_chan_group(struct mtw_softc *, int); 161 void mt7601_set_agc(struct mtw_softc *, uint8_t); 162 void mt7601_set_chan(struct mtw_softc *, u_int); 163 int mtw_set_chan(struct mtw_softc *, struct ieee80211_channel *); 164 void mtw_enable_tsf_sync(struct mtw_softc *); 165 void mtw_abort_tsf_sync(struct mtw_softc *); 166 void mtw_enable_mrr(struct mtw_softc *); 167 void mtw_set_txrts(struct mtw_softc *); 168 void mtw_set_txpreamble(struct mtw_softc *); 169 void mtw_set_basicrates(struct mtw_softc *); 170 void mtw_set_leds(struct mtw_softc *, uint16_t); 171 void mtw_set_bssid(struct mtw_softc *, const uint8_t *); 172 void mtw_set_macaddr(struct mtw_softc *, const uint8_t *); 173 #if NBPFILTER > 0 174 int8_t mtw_rssi2dbm(struct mtw_softc *, uint8_t, uint8_t); 175 #endif 176 int mt7601_bbp_init(struct mtw_softc *); 177 int mt7601_rf_init(struct mtw_softc *); 178 int mt7601_rf_setup(struct mtw_softc *); 179 int mt7601_rf_temperature(struct mtw_softc *, int8_t *); 180 int mt7601_r49_read(struct mtw_softc *, uint8_t, int8_t *); 181 int mt7601_rxdc_cal(struct mtw_softc *); 182 int mtw_wlan_enable(struct mtw_softc *, int); 183 int mtw_txrx_enable(struct mtw_softc *); 184 int mtw_init(struct ifnet *); 185 void mtw_stop(struct ifnet *, int); 186 187 struct cfdriver mtw_cd = { 188 NULL, "mtw", DV_IFNET 189 }; 190 191 const struct cfattach mtw_ca = { 192 sizeof (struct mtw_softc), mtw_match, mtw_attach, mtw_detach 193 }; 194 195 static const struct { 196 uint32_t reg; 197 uint32_t val; 198 } mt7601_def_mac[] = { 199 MT7601_DEF_MAC 200 }; 201 202 static const struct { 203 uint8_t reg; 204 uint8_t val; 205 } mt7601_def_bbp[] = { 206 MT7601_DEF_BBP 207 }; 208 209 static const struct { 210 u_int chan; 211 uint8_t r17, r18, r19, r20; 212 } mt7601_rf_chan[] = { 213 MT7601_RF_CHAN 214 }; 215 216 static const struct { 217 uint8_t reg; 218 uint8_t val; 219 } mt7601_rf_bank0[] = { 220 MT7601_BANK0_RF 221 },mt7601_rf_bank4[] = { 222 MT7601_BANK4_RF 223 },mt7601_rf_bank5[] = { 224 MT7601_BANK5_RF 225 }; 226 227 int 228 mtw_match(struct device *parent, void *match, void *aux) 229 { 230 struct usb_attach_arg *uaa = aux; 231 232 if (uaa->iface == NULL || uaa->configno != 1) 233 return UMATCH_NONE; 234 235 return (usb_lookup(mtw_devs, uaa->vendor, uaa->product) != NULL) ? 236 UMATCH_VENDOR_PRODUCT_CONF_IFACE : UMATCH_NONE; 237 } 238 239 void 240 mtw_attach(struct device *parent, struct device *self, void *aux) 241 { 242 struct mtw_softc *sc = (struct mtw_softc *)self; 243 struct usb_attach_arg *uaa = aux; 244 usb_interface_descriptor_t *id; 245 usb_endpoint_descriptor_t *ed; 246 int i, error, nrx, ntx, ntries; 247 uint32_t ver; 248 249 sc->sc_udev = uaa->device; 250 sc->sc_iface = uaa->iface; 251 252 /* 253 * Find all bulk endpoints. 254 */ 255 nrx = ntx = 0; 256 id = usbd_get_interface_descriptor(sc->sc_iface); 257 for (i = 0; i < id->bNumEndpoints; i++) { 258 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 259 if (ed == NULL || UE_GET_XFERTYPE(ed->bmAttributes) != UE_BULK) 260 continue; 261 262 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN) { 263 sc->rxq[nrx].pipe_no = ed->bEndpointAddress; 264 nrx++; 265 } else if (ntx < 6) { 266 if (ntx == 0) 267 sc->txq[MTW_TXQ_MCU].pipe_no = 268 ed->bEndpointAddress; 269 else 270 sc->txq[ntx - 1].pipe_no = 271 ed->bEndpointAddress; 272 ntx++; 273 } 274 } 275 /* make sure we've got them all */ 276 if (nrx < 2 || ntx < 6) { 277 printf("%s: missing endpoint\n", sc->sc_dev.dv_xname); 278 return; 279 } 280 281 /* wait for the chip to settle */ 282 for (ntries = 0; ntries < 100; ntries++) { 283 if ((error = mtw_read(sc, MTW_ASIC_VER, &ver)) != 0) 284 return; 285 if (ver != 0 && ver != 0xffffffff) 286 break; 287 DPRINTF(("%08x ", ver)); 288 DELAY(10); 289 } 290 if (ntries == 100) { 291 printf("%s: timeout waiting for NIC to initialize\n", 292 sc->sc_dev.dv_xname); 293 return; 294 } 295 296 sc->asic_ver = ver >> 16; 297 sc->asic_rev = ver & 0xffff; 298 299 usb_init_task(&sc->sc_task, mtw_task, sc, USB_TASK_TYPE_GENERIC); 300 timeout_set(&sc->scan_to, mtw_next_scan, sc); 301 timeout_set(&sc->calib_to, mtw_calibrate_to, sc); 302 303 sc->amrr.amrr_min_success_threshold = 1; 304 sc->amrr.amrr_max_success_threshold = 10; 305 306 config_mountroot(self, mtw_attachhook); 307 } 308 309 int 310 mtw_detach(struct device *self, int flags) 311 { 312 struct mtw_softc *sc = (struct mtw_softc *)self; 313 struct ifnet *ifp = &sc->sc_ic.ic_if; 314 int qid, s; 315 316 s = splusb(); 317 318 if (timeout_initialized(&sc->scan_to)) 319 timeout_del(&sc->scan_to); 320 if (timeout_initialized(&sc->calib_to)) 321 timeout_del(&sc->calib_to); 322 323 /* wait for all queued asynchronous commands to complete */ 324 usb_rem_wait_task(sc->sc_udev, &sc->sc_task); 325 326 usbd_ref_wait(sc->sc_udev); 327 328 if (ifp->if_softc != NULL) { 329 ifp->if_flags &= ~IFF_RUNNING; 330 ifq_clr_oactive(&ifp->if_snd); 331 ieee80211_ifdetach(ifp); 332 if_detach(ifp); 333 } 334 335 /* free rings and close pipes */ 336 mtw_free_mcu_ring(sc); 337 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) 338 mtw_free_tx_ring(sc, qid); 339 mtw_free_rx_ring(sc, 0); 340 mtw_free_rx_ring(sc, 1); 341 342 splx(s); 343 return 0; 344 } 345 346 void 347 mtw_attachhook(struct device *self) 348 { 349 struct mtw_softc *sc = (struct mtw_softc *)self; 350 struct ieee80211com *ic = &sc->sc_ic; 351 struct ifnet *ifp = &ic->ic_if; 352 uint32_t tmp; 353 int ntries, error, i; 354 355 if (usbd_is_dying(sc->sc_udev)) 356 return; 357 358 /* enable WLAN core */ 359 if ((error = mtw_wlan_enable(sc, 1)) != 0) { 360 printf("%s: could not enable WLAN core\n", 361 sc->sc_dev.dv_xname); 362 return; 363 } 364 365 /* load firmware */ 366 if ((error = mtw_load_microcode(sc)) != 0) { 367 printf("%s: could not load microcode\n", 368 sc->sc_dev.dv_xname); 369 goto fail; 370 } 371 372 mtw_usb_dma_read(sc, &tmp); 373 mtw_usb_dma_write(sc, tmp | (MTW_USB_RX_EN | MTW_USB_TX_EN)); 374 375 /* read MAC version */ 376 for (ntries = 0; ntries < 100; ntries++) { 377 if ((error = mtw_read(sc, MTW_MAC_VER_ID, &tmp)) != 0) 378 goto fail; 379 if (tmp != 0 && tmp != 0xffffffff) 380 break; 381 DELAY(10); 382 } 383 if (ntries == 100) { 384 printf("%s: failed reading MAC\n", sc->sc_dev.dv_xname); 385 goto fail; 386 } 387 388 sc->mac_ver = tmp >> 16; 389 sc->mac_rev = tmp & 0xffff; 390 391 /* retrieve RF rev. no and various other things from EEPROM */ 392 mtw_read_eeprom(sc); 393 394 printf("%s: MAC/BBP MT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), " 395 "address %s\n", sc->sc_dev.dv_xname, sc->mac_ver, 396 sc->mac_rev, mtw_get_rf(sc->rf_rev), sc->ntxchains, 397 sc->nrxchains, ether_sprintf(ic->ic_myaddr)); 398 399 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 400 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 401 ic->ic_state = IEEE80211_S_INIT; 402 403 /* set device capabilities */ 404 ic->ic_caps = 405 IEEE80211_C_MONITOR | /* monitor mode supported */ 406 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 407 IEEE80211_C_SHSLOT | /* short slot time supported */ 408 IEEE80211_C_WEP | /* WEP */ 409 IEEE80211_C_RSN; /* WPA/RSN */ 410 411 /* set supported .11b and .11g rates */ 412 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 413 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 414 415 /* set supported .11b and .11g channels (1 through 14) */ 416 for (i = 1; i <= 14; i++) { 417 ic->ic_channels[i].ic_freq = 418 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 419 ic->ic_channels[i].ic_flags = 420 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 421 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 422 } 423 424 ifp->if_softc = sc; 425 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 426 ifp->if_ioctl = mtw_ioctl; 427 ifp->if_start = mtw_start; 428 ifp->if_watchdog = mtw_watchdog; 429 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 430 431 if_attach(ifp); 432 ieee80211_ifattach(ifp); 433 ic->ic_node_alloc = mtw_node_alloc; 434 ic->ic_newassoc = mtw_newassoc; 435 ic->ic_updateslot = mtw_updateslot; 436 ic->ic_updateedca = mtw_updateedca; 437 ic->ic_set_key = mtw_set_key; 438 ic->ic_delete_key = mtw_delete_key; 439 440 /* override 802.11 state transition machine */ 441 sc->sc_newstate = ic->ic_newstate; 442 ic->ic_newstate = mtw_newstate; 443 ieee80211_media_init(ifp, mtw_media_change, ieee80211_media_status); 444 445 #if NBPFILTER > 0 446 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 447 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 448 449 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 450 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 451 sc->sc_rxtap.wr_ihdr.it_present = htole32(MTW_RX_RADIOTAP_PRESENT); 452 453 sc->sc_txtap_len = sizeof sc->sc_txtapu; 454 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 455 sc->sc_txtap.wt_ihdr.it_present = htole32(MTW_TX_RADIOTAP_PRESENT); 456 #endif 457 fail: 458 return; 459 } 460 461 int 462 mtw_alloc_rx_ring(struct mtw_softc *sc, int qid) 463 { 464 struct mtw_rx_ring *rxq = &sc->rxq[qid]; 465 int i, error; 466 467 if ((error = usbd_open_pipe(sc->sc_iface, rxq->pipe_no, 0, 468 &rxq->pipeh)) != 0) 469 goto fail; 470 471 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 472 struct mtw_rx_data *data = &rxq->data[i]; 473 474 data->sc = sc; /* backpointer for callbacks */ 475 476 data->xfer = usbd_alloc_xfer(sc->sc_udev); 477 if (data->xfer == NULL) { 478 error = ENOMEM; 479 goto fail; 480 } 481 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_RXSZ); 482 if (data->buf == NULL) { 483 error = ENOMEM; 484 goto fail; 485 } 486 } 487 if (error != 0) 488 fail: mtw_free_rx_ring(sc, 0); 489 return error; 490 } 491 492 void 493 mtw_free_rx_ring(struct mtw_softc *sc, int qid) 494 { 495 struct mtw_rx_ring *rxq = &sc->rxq[qid]; 496 int i; 497 498 if (rxq->pipeh != NULL) { 499 usbd_close_pipe(rxq->pipeh); 500 rxq->pipeh = NULL; 501 } 502 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 503 if (rxq->data[i].xfer != NULL) 504 usbd_free_xfer(rxq->data[i].xfer); 505 rxq->data[i].xfer = NULL; 506 } 507 } 508 509 int 510 mtw_alloc_tx_ring(struct mtw_softc *sc, int qid) 511 { 512 struct mtw_tx_ring *txq = &sc->txq[qid]; 513 int i, error; 514 uint16_t txwisize; 515 516 txwisize = sizeof(struct mtw_txwi); 517 518 txq->cur = txq->queued = 0; 519 520 if ((error = usbd_open_pipe(sc->sc_iface, txq->pipe_no, 0, 521 &txq->pipeh)) != 0) 522 goto fail; 523 524 for (i = 0; i < MTW_TX_RING_COUNT; i++) { 525 struct mtw_tx_data *data = &txq->data[i]; 526 527 data->sc = sc; /* backpointer for callbacks */ 528 data->qid = qid; 529 530 data->xfer = usbd_alloc_xfer(sc->sc_udev); 531 if (data->xfer == NULL) { 532 error = ENOMEM; 533 goto fail; 534 } 535 536 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ); 537 if (data->buf == NULL) { 538 error = ENOMEM; 539 goto fail; 540 } 541 542 /* zeroize the TXD + TXWI part */ 543 memset(data->buf, 0, MTW_MAX_TXSZ); 544 } 545 if (error != 0) 546 fail: mtw_free_tx_ring(sc, qid); 547 return error; 548 } 549 550 void 551 mtw_free_tx_ring(struct mtw_softc *sc, int qid) 552 { 553 struct mtw_tx_ring *txq = &sc->txq[qid]; 554 int i; 555 556 if (txq->pipeh != NULL) { 557 usbd_close_pipe(txq->pipeh); 558 txq->pipeh = NULL; 559 } 560 for (i = 0; i < MTW_TX_RING_COUNT; i++) { 561 if (txq->data[i].xfer != NULL) 562 usbd_free_xfer(txq->data[i].xfer); 563 txq->data[i].xfer = NULL; 564 } 565 } 566 567 int 568 mtw_alloc_mcu_ring(struct mtw_softc *sc) 569 { 570 struct mtw_tx_ring *ring = &sc->sc_mcu; 571 struct mtw_tx_data *data = &ring->data[0]; 572 int error = 0; 573 574 ring->cur = ring->queued = 0; 575 576 data->sc = sc; /* backpointer for callbacks */ 577 data->qid = 5; 578 579 data->xfer = usbd_alloc_xfer(sc->sc_udev); 580 if (data->xfer == NULL) { 581 error = ENOMEM; 582 goto fail; 583 } 584 585 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ); 586 if (data->buf == NULL) { 587 error = ENOMEM; 588 goto fail; 589 } 590 /* zeroize the TXD */ 591 memset(data->buf, 0, 4); 592 593 if (error != 0) 594 fail: mtw_free_mcu_ring(sc); 595 return error; 596 597 598 } 599 void 600 mtw_free_mcu_ring(struct mtw_softc *sc) 601 { 602 struct mtw_tx_ring *txq = &sc->sc_mcu; 603 604 if (txq->data[0].xfer != NULL) 605 usbd_free_xfer(txq->data[0].xfer); 606 txq->data[0].xfer = NULL; 607 } 608 609 int 610 mtw_ucode_write(struct mtw_softc *sc, const uint8_t *fw, uint32_t len, 611 uint32_t offset) 612 { 613 struct mtw_tx_ring *ring = &sc->txq[MTW_TXQ_MCU]; 614 struct usbd_xfer *xfer; 615 struct mtw_txd *txd; 616 uint8_t *buf; 617 uint32_t blksz, sent, tmp, xferlen; 618 int error; 619 620 blksz = 0x2000; 621 if (sc->asic_ver == 0x7612 && offset >= 0x90000) 622 blksz = 0x800; /* MT7612 ROM Patch */ 623 624 xfer = usbd_alloc_xfer(sc->sc_udev); 625 if (xfer == NULL) { 626 error = ENOMEM; 627 goto fail; 628 } 629 buf = usbd_alloc_buffer(xfer, blksz + 12); 630 if (buf == NULL) { 631 error = ENOMEM; 632 goto fail; 633 } 634 635 sent = 0; 636 for (;;) { 637 xferlen = min(len - sent, blksz); 638 if (xferlen == 0) 639 break; 640 641 txd = (struct mtw_txd *)buf; 642 txd->len = htole16(xferlen); 643 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_MCU); 644 645 memcpy(buf + sizeof(struct mtw_txd), fw + sent, xferlen); 646 memset(buf + sizeof(struct mtw_txd) + xferlen, 0, MTW_DMA_PAD); 647 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, offset + sent); 648 mtw_write_cfg(sc, MTW_MCU_DMA_LEN, (xferlen << 16)); 649 650 usbd_setup_xfer(xfer, ring->pipeh, NULL, buf, 651 xferlen + sizeof(struct mtw_txd) + MTW_DMA_PAD, 652 USBD_SHORT_XFER_OK | USBD_SYNCHRONOUS | USBD_NO_COPY, 653 MTW_TX_TIMEOUT, NULL); 654 if ((error = usbd_transfer(xfer)) != 0) 655 break; 656 657 mtw_read(sc, MTW_MCU_FW_IDX, &tmp); 658 mtw_write(sc, MTW_MCU_FW_IDX, tmp++); 659 660 sent += xferlen; 661 } 662 fail: 663 if (xfer != NULL) { 664 usbd_free_xfer(xfer); 665 xfer = NULL; 666 } 667 return error; 668 } 669 670 void 671 mtw_ucode_setup(struct mtw_softc *sc) 672 { 673 mtw_usb_dma_write(sc, (MTW_USB_TX_EN | MTW_USB_RX_EN)); 674 mtw_write(sc, MTW_FCE_PSE_CTRL, 1); 675 mtw_write(sc, MTW_TX_CPU_FCE_BASE, 0x400230); 676 mtw_write(sc, MTW_TX_CPU_FCE_MAX_COUNT, 1); 677 mtw_write(sc, MTW_MCU_FW_IDX, 1); 678 mtw_write(sc, MTW_FCE_PDMA, 0x44); 679 mtw_write(sc, MTW_FCE_SKIP_FS, 3); 680 } 681 682 int 683 mtw_load_microcode(struct mtw_softc *sc) 684 { 685 const struct mtw_ucode_hdr *hdr; 686 const struct mtw_ucode *fw; 687 const char *fwname; 688 u_char *ucode; 689 size_t size; 690 uint32_t tmp, iofs, dofs; 691 int ntries, error; 692 int dlen, ilen; 693 694 /* is firmware already running? */ 695 mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp); 696 if (tmp == MTW_MCU_READY) 697 return 0; 698 699 /* open MCU pipe */ 700 if ((error = usbd_open_pipe(sc->sc_iface, sc->txq[MTW_TXQ_MCU].pipe_no, 701 0, &sc->txq[MTW_TXQ_MCU].pipeh)) != 0) 702 return error; 703 704 if (sc->asic_ver == 0x7612) { 705 fwname = "mtw-mt7662u_rom_patch"; 706 707 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 708 printf("%s: failed loadfirmware of file %s (error %d)\n", 709 sc->sc_dev.dv_xname, fwname, error); 710 return error; 711 } 712 fw = (const struct mtw_ucode *) ucode + 0x1e; 713 ilen = size - 0x1e; 714 715 mtw_ucode_setup(sc); 716 717 if ((error = mtw_ucode_write(sc, fw->data, ilen, 0x90000)) != 0) 718 goto fail; 719 720 mtw_usb_dma_write(sc, 0x00e41814); 721 free(ucode, M_DEVBUF, size); 722 } 723 724 fwname = "mtw-mt7601u"; 725 iofs = 0x40; 726 dofs = 0; 727 if (sc->asic_ver == 0x7612) { 728 fwname = "mtw-mt7662u"; 729 iofs = 0x80040; 730 dofs = 0x110800; 731 } else if (sc->asic_ver == 0x7610) { 732 fwname = "mtw-mt7610u"; 733 dofs = 0x80000; 734 } 735 736 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 737 printf("%s: failed loadfirmware of file %s (error %d)\n", 738 sc->sc_dev.dv_xname, fwname, error); 739 return error; 740 } 741 742 if (size < sizeof(struct mtw_ucode_hdr)) { 743 printf("%s: firmware header too short\n", 744 sc->sc_dev.dv_xname); 745 goto fail; 746 } 747 748 fw = (const struct mtw_ucode *) ucode; 749 hdr = (const struct mtw_ucode_hdr *) &fw->hdr; 750 751 if (size < sizeof(struct mtw_ucode_hdr) + letoh32(hdr->ilm_len) + 752 letoh32(hdr->dlm_len)) { 753 printf("%s: firmware payload too short\n", 754 sc->sc_dev.dv_xname); 755 goto fail; 756 } 757 758 ilen = le32toh(hdr->ilm_len) - MTW_MCU_IVB_LEN; 759 dlen = le32toh(hdr->dlm_len); 760 761 if (ilen > size || dlen > size) { 762 printf("%s: firmware payload too large\n", 763 sc->sc_dev.dv_xname); 764 goto fail; 765 } 766 767 mtw_write(sc, MTW_FCE_PDMA, 0); 768 mtw_write(sc, MTW_FCE_PSE_CTRL, 0); 769 mtw_ucode_setup(sc); 770 771 if ((error = mtw_ucode_write(sc, fw->data, ilen, iofs)) != 0) 772 goto fail; 773 if (dlen > 0 && dofs > 0) { 774 if ((error = mtw_ucode_write(sc, fw->data + ilen, 775 dlen, dofs)) != 0) 776 goto fail; 777 } 778 779 /* write interrupt vectors */ 780 if (sc->asic_ver == 0x7612) { 781 /* MT7612 */ 782 if ((error = mtw_ucode_write(sc, fw->ivb, 783 MTW_MCU_IVB_LEN, 0x80000)) != 0) 784 goto fail; 785 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, 0x00095000); 786 mtw_write_ivb(sc, NULL, 0); 787 } else { 788 /* MT7601/MT7610 */ 789 if ((error = mtw_write_ivb(sc, fw->ivb, 790 MTW_MCU_IVB_LEN)) != 0) 791 goto fail; 792 } 793 794 /* wait until microcontroller is ready */ 795 usbd_delay_ms(sc->sc_udev, 10); 796 797 for (ntries = 0; ntries < 100; ntries++) { 798 if ((error = mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp)) != 0) 799 return error; 800 if (tmp & MTW_MCU_READY) 801 break; 802 usbd_delay_ms(sc->sc_udev, 100); 803 } 804 805 if (ntries == 100) { 806 printf("%s: timeout waiting for MCU to initialize\n", 807 sc->sc_dev.dv_xname); 808 error = ETIMEDOUT; 809 } 810 811 DPRINTF(("%s: loaded firmware ver %d.%d\n", sc->sc_dev.dv_xname, 812 le16toh(hdr->build_ver), le16toh(hdr->fw_ver))); 813 fail: 814 free(ucode, M_DEVBUF, size); 815 usbd_close_pipe(sc->txq[MTW_TXQ_MCU].pipeh); 816 sc->txq[MTW_TXQ_MCU].pipeh = NULL; 817 return error; 818 } 819 820 int 821 mtw_reset(struct mtw_softc *sc) 822 { 823 usb_device_request_t req; 824 825 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 826 req.bRequest = MTW_RESET; 827 USETW(req.wValue, 1); 828 USETW(req.wIndex, 0); 829 USETW(req.wLength, 0); 830 return usbd_do_request(sc->sc_udev, &req, NULL); 831 } 832 833 int 834 mtw_read(struct mtw_softc *sc, uint16_t reg, uint32_t *val) 835 { 836 uint32_t tmp; 837 int error; 838 839 error = mtw_read_region_1(sc, reg, 840 (uint8_t *)&tmp, sizeof tmp); 841 if (error == 0) 842 *val = letoh32(tmp); 843 else 844 *val = 0xffffffff; 845 return error; 846 } 847 848 int 849 mtw_read_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t *val) 850 { 851 usb_device_request_t req; 852 uint32_t tmp; 853 int error; 854 855 req.bmRequestType = UT_READ_VENDOR_DEVICE; 856 req.bRequest = MTW_READ_CFG; 857 USETW(req.wValue, 0); 858 USETW(req.wIndex, reg); 859 USETW(req.wLength, 4); 860 error = usbd_do_request(sc->sc_udev, &req, &tmp); 861 862 if (error == 0) 863 *val = letoh32(tmp); 864 else 865 *val = 0xffffffff; 866 return error; 867 } 868 869 int 870 mtw_read_region_1(struct mtw_softc *sc, uint16_t reg, 871 uint8_t *buf, int len) 872 { 873 usb_device_request_t req; 874 875 req.bmRequestType = UT_READ_VENDOR_DEVICE; 876 req.bRequest = MTW_READ_REGION_1; 877 USETW(req.wValue, 0); 878 USETW(req.wIndex, reg); 879 USETW(req.wLength, len); 880 return usbd_do_request(sc->sc_udev, &req, buf); 881 } 882 883 int 884 mtw_write_2(struct mtw_softc *sc, uint16_t reg, uint16_t val) 885 { 886 usb_device_request_t req; 887 888 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 889 req.bRequest = MTW_WRITE_2; 890 USETW(req.wValue, val); 891 USETW(req.wIndex, reg); 892 USETW(req.wLength, 0); 893 return usbd_do_request(sc->sc_udev, &req, NULL); 894 } 895 896 int 897 mtw_write(struct mtw_softc *sc, uint16_t reg, uint32_t val) 898 { 899 int error; 900 901 if ((error = mtw_write_2(sc, reg, val & 0xffff)) == 0) 902 error = mtw_write_2(sc, reg + 2, val >> 16); 903 return error; 904 } 905 906 int 907 mtw_write_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t val) 908 { 909 usb_device_request_t req; 910 int error; 911 912 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 913 req.bRequest = MTW_WRITE_CFG; 914 USETW(req.wValue, 0); 915 USETW(req.wIndex, reg); 916 USETW(req.wLength, 4); 917 val = htole32(val); 918 error = usbd_do_request(sc->sc_udev, &req, &val); 919 return error; 920 } 921 922 int 923 mtw_write_ivb(struct mtw_softc *sc, const uint8_t *buf, uint16_t len) 924 { 925 usb_device_request_t req; 926 927 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 928 req.bRequest = MTW_RESET; 929 USETW(req.wValue, 0x12); 930 USETW(req.wIndex, 0); 931 USETW(req.wLength, len); 932 return usbd_do_request(sc->sc_udev, &req, (void *)buf); 933 } 934 935 int 936 mtw_write_region_1(struct mtw_softc *sc, uint16_t reg, 937 uint8_t *buf, int len) 938 { 939 usb_device_request_t req; 940 941 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 942 req.bRequest = MTW_WRITE_REGION_1; 943 USETW(req.wValue, 0); 944 USETW(req.wIndex, reg); 945 USETW(req.wLength, len); 946 return usbd_do_request(sc->sc_udev, &req, buf); 947 } 948 949 int 950 mtw_set_region_4(struct mtw_softc *sc, uint16_t reg, uint32_t val, int count) 951 { 952 int error = 0; 953 954 for (; count > 0 && error == 0; count--, reg += 4) 955 error = mtw_write(sc, reg, val); 956 return error; 957 } 958 959 /* Read 16-bit from eFUSE ROM. */ 960 int 961 mtw_efuse_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 962 { 963 uint32_t tmp; 964 uint16_t reg; 965 int error, ntries; 966 967 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0) 968 return error; 969 970 addr *= 2; 971 /* 972 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 973 * DATA0: 3 2 1 0 974 * DATA1: 7 6 5 4 975 * DATA2: B A 9 8 976 * DATA3: F E D C 977 */ 978 tmp &= ~(MTW_EFSROM_MODE_MASK | MTW_EFSROM_AIN_MASK); 979 tmp |= (addr & ~0xf) << MTW_EFSROM_AIN_SHIFT | MTW_EFSROM_KICK; 980 mtw_write(sc, MTW_EFUSE_CTRL, tmp); 981 for (ntries = 0; ntries < 100; ntries++) { 982 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0) 983 return error; 984 if (!(tmp & MTW_EFSROM_KICK)) 985 break; 986 DELAY(2); 987 } 988 if (ntries == 100) 989 return ETIMEDOUT; 990 991 if ((tmp & MTW_EFUSE_AOUT_MASK) == MTW_EFUSE_AOUT_MASK) { 992 *val = 0xffff; /* address not found */ 993 return 0; 994 } 995 /* determine to which 32-bit register our 16-bit word belongs */ 996 reg = MTW_EFUSE_DATA0 + (addr & 0xc); 997 if ((error = mtw_read(sc, reg, &tmp)) != 0) 998 return error; 999 1000 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1001 return 0; 1002 } 1003 1004 int 1005 mtw_eeprom_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 1006 { 1007 usb_device_request_t req; 1008 uint16_t tmp; 1009 int error; 1010 1011 addr *= 2; 1012 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1013 req.bRequest = MTW_EEPROM_READ; 1014 USETW(req.wValue, 0); 1015 USETW(req.wIndex, addr); 1016 USETW(req.wLength, sizeof tmp); 1017 error = usbd_do_request(sc->sc_udev, &req, &tmp); 1018 if (error == 0) 1019 *val = letoh16(tmp); 1020 else 1021 *val = 0xffff; 1022 return error; 1023 } 1024 1025 static __inline int 1026 mtw_srom_read(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 1027 { 1028 /* either eFUSE ROM or EEPROM */ 1029 return sc->sc_srom_read(sc, addr, val); 1030 } 1031 1032 int 1033 mtw_rf_read(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t *val) 1034 { 1035 uint32_t tmp; 1036 int error, ntries, shift; 1037 1038 for (ntries = 0; ntries < 100; ntries++) { 1039 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1040 return error; 1041 if (!(tmp & MTW_RF_CSR_KICK)) 1042 break; 1043 } 1044 if (ntries == 100) 1045 return ETIMEDOUT; 1046 1047 if (sc->mac_ver == 0x7601) 1048 shift = MT7601_BANK_SHIFT; 1049 else 1050 shift = MT7610_BANK_SHIFT; 1051 1052 tmp = MTW_RF_CSR_KICK | (bank & 0xf) << shift | reg << 8; 1053 if ((error = mtw_write(sc, MTW_RF_CSR, tmp)) != 0) 1054 return error; 1055 1056 for (ntries = 0; ntries < 100; ntries++) { 1057 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1058 return error; 1059 if (!(tmp & MTW_RF_CSR_KICK)) 1060 break; 1061 } 1062 if (ntries == 100) 1063 return ETIMEDOUT; 1064 1065 *val = tmp & 0xff; 1066 return 0; 1067 } 1068 1069 int 1070 mtw_rf_write(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t val) 1071 { 1072 uint32_t tmp; 1073 int error, ntries, shift; 1074 1075 for (ntries = 0; ntries < 10; ntries++) { 1076 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1077 return error; 1078 if (!(tmp & MTW_RF_CSR_KICK)) 1079 break; 1080 } 1081 if (ntries == 10) 1082 return ETIMEDOUT; 1083 1084 if (sc->mac_ver == 0x7601) 1085 shift = MT7601_BANK_SHIFT; 1086 else 1087 shift = MT7610_BANK_SHIFT; 1088 1089 tmp = MTW_RF_CSR_WRITE | MTW_RF_CSR_KICK | (bank & 0xf) << shift | 1090 reg << 8 | val; 1091 return mtw_write(sc, MTW_RF_CSR, tmp); 1092 } 1093 1094 int 1095 mtw_bbp_read(struct mtw_softc *sc, uint8_t reg, uint8_t *val) 1096 { 1097 uint32_t tmp; 1098 int ntries, error; 1099 1100 for (ntries = 0; ntries < 10; ntries++) { 1101 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1102 return error; 1103 if (!(tmp & MTW_BBP_CSR_KICK)) 1104 break; 1105 } 1106 if (ntries == 10) 1107 return ETIMEDOUT; 1108 1109 tmp = MTW_BBP_CSR_READ | MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT; 1110 if ((error = mtw_write(sc, MTW_BBP_CSR, tmp)) != 0) 1111 return error; 1112 1113 for (ntries = 0; ntries < 10; ntries++) { 1114 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1115 return error; 1116 if (!(tmp & MTW_BBP_CSR_KICK)) 1117 break; 1118 } 1119 if (ntries == 10) 1120 return ETIMEDOUT; 1121 1122 *val = tmp & 0xff; 1123 return 0; 1124 } 1125 1126 int 1127 mtw_bbp_write(struct mtw_softc *sc, uint8_t reg, uint8_t val) 1128 { 1129 uint32_t tmp; 1130 int ntries, error; 1131 1132 for (ntries = 0; ntries < 10; ntries++) { 1133 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1134 return error; 1135 if (!(tmp & MTW_BBP_CSR_KICK)) 1136 break; 1137 } 1138 if (ntries == 10) 1139 return ETIMEDOUT; 1140 1141 tmp = MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT | val; 1142 return mtw_write(sc, MTW_BBP_CSR, tmp); 1143 } 1144 1145 int 1146 mtw_usb_dma_read(struct mtw_softc *sc, uint32_t *val) 1147 { 1148 if (sc->asic_ver == 0x7612) 1149 return mtw_read_cfg(sc, MTW_USB_U3DMA_CFG, val); 1150 else 1151 return mtw_read(sc, MTW_USB_DMA_CFG, val); 1152 } 1153 1154 int 1155 mtw_usb_dma_write(struct mtw_softc *sc, uint32_t val) 1156 { 1157 if (sc->asic_ver == 0x7612) 1158 return mtw_write_cfg(sc, MTW_USB_U3DMA_CFG, val); 1159 else 1160 return mtw_write(sc, MTW_USB_DMA_CFG, val); 1161 } 1162 1163 int 1164 mtw_mcu_calibrate(struct mtw_softc *sc, int func, uint32_t val) 1165 { 1166 struct mtw_mcu_cmd_8 cmd; 1167 1168 cmd.func = htole32(func); 1169 cmd.val = htole32(val); 1170 return mtw_mcu_cmd(sc, 31, &cmd, sizeof(struct mtw_mcu_cmd_8)); 1171 } 1172 1173 int 1174 mtw_mcu_channel(struct mtw_softc *sc, uint32_t r1, uint32_t r2, uint32_t r4) 1175 { 1176 struct mtw_mcu_cmd_16 cmd; 1177 1178 cmd.r1 = htole32(r1); 1179 cmd.r2 = htole32(r2); 1180 cmd.r3 = 0; 1181 cmd.r4 = htole32(r4); 1182 return mtw_mcu_cmd(sc, 30, &cmd, sizeof(struct mtw_mcu_cmd_16)); 1183 } 1184 1185 int 1186 mtw_mcu_radio(struct mtw_softc *sc, int func, uint32_t val) 1187 { 1188 struct mtw_mcu_cmd_16 cmd; 1189 1190 cmd.r1 = htole32(func); 1191 cmd.r2 = htole32(val); 1192 cmd.r3 = 0; 1193 cmd.r4 = 0; 1194 return mtw_mcu_cmd(sc, 20, &cmd, sizeof(struct mtw_mcu_cmd_16)); 1195 } 1196 1197 int 1198 mtw_mcu_cmd(struct mtw_softc *sc, int cmd, void *buf, int len) 1199 { 1200 struct mtw_tx_ring *ring = &sc->sc_mcu; 1201 struct mtw_tx_data *data = &ring->data[0]; 1202 struct mtw_txd *txd; 1203 int xferlen; 1204 1205 txd = (struct mtw_txd *)(data->buf); 1206 txd->len = htole16(len); 1207 txd->flags = htole16(MTW_TXD_CMD | MTW_TXD_MCU | 1208 (cmd & 0x1f) << MTW_TXD_CMD_SHIFT | (sc->cmd_seq & 0xf)); 1209 1210 memcpy(&txd[1], buf, len); 1211 memset(&txd[1] + len, 0, MTW_DMA_PAD); 1212 xferlen = len + sizeof(struct mtw_txd) + MTW_DMA_PAD; 1213 1214 usbd_setup_xfer(data->xfer, sc->txq[MTW_TXQ_MCU].pipeh, 1215 NULL, data->buf, xferlen, 1216 USBD_SHORT_XFER_OK | USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS, 1217 MTW_TX_TIMEOUT, NULL); 1218 return usbd_transfer(data->xfer); 1219 } 1220 1221 /* 1222 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1223 * Used to adjust per-rate Tx power registers. 1224 */ 1225 static __inline uint32_t 1226 b4inc(uint32_t b32, int8_t delta) 1227 { 1228 int8_t i, b4; 1229 1230 for (i = 0; i < 8; i++) { 1231 b4 = b32 & 0xf; 1232 b4 += delta; 1233 if (b4 < 0) 1234 b4 = 0; 1235 else if (b4 > 0xf) 1236 b4 = 0xf; 1237 b32 = b32 >> 4 | b4 << 28; 1238 } 1239 return b32; 1240 } 1241 1242 const char * 1243 mtw_get_rf(int rev) 1244 { 1245 switch (rev) { 1246 case MT7601_RF_7601: return "MT7601"; 1247 case MT7610_RF_7610: return "MT7610"; 1248 case MT7612_RF_7612: return "MT7612"; 1249 } 1250 return "unknown"; 1251 } 1252 1253 void 1254 mtw_get_txpower(struct mtw_softc *sc) 1255 { 1256 uint16_t val; 1257 int i; 1258 1259 /* Read power settings for 2GHz channels. */ 1260 for (i = 0; i < 14; i += 2) { 1261 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1262 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1263 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1264 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1265 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1266 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1267 } 1268 /* Fix broken Tx power entries. */ 1269 for (i = 0; i < 14; i++) { 1270 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1271 sc->txpow1[i] = 5; 1272 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1273 sc->txpow2[i] = 5; 1274 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1275 mt7601_rf_chan[i].chan, sc->txpow1[i], sc->txpow2[i])); 1276 } 1277 #if 0 1278 /* Read power settings for 5GHz channels. */ 1279 for (i = 0; i < 40; i += 2) { 1280 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1281 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1282 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1283 1284 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1285 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1286 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1287 } 1288 /* Fix broken Tx power entries. */ 1289 for (i = 0; i < 40; i++ ) { 1290 if (sc->mac_ver != 0x5592) { 1291 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1292 sc->txpow1[14 + i] = 5; 1293 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1294 sc->txpow2[14 + i] = 5; 1295 } 1296 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1297 mt7601_rf_chan[14 + i].chan, sc->txpow1[14 + i], 1298 sc->txpow2[14 + i])); 1299 } 1300 #endif 1301 } 1302 1303 int 1304 mtw_read_eeprom(struct mtw_softc *sc) 1305 { 1306 struct ieee80211com *ic = &sc->sc_ic; 1307 int8_t delta_2ghz, delta_5ghz; 1308 uint16_t val; 1309 int ridx, ant; 1310 1311 sc->sc_srom_read = mtw_efuse_read_2; 1312 1313 /* read RF information */ 1314 mtw_srom_read(sc, MTW_EEPROM_CHIPID, &val); 1315 sc->rf_rev = val; 1316 mtw_srom_read(sc, MTW_EEPROM_ANTENNA, &val); 1317 sc->ntxchains = (val >> 4) & 0xf; 1318 sc->nrxchains = val & 0xf; 1319 DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1320 sc->rf_rev, sc->ntxchains, sc->nrxchains)); 1321 1322 /* read ROM version */ 1323 mtw_srom_read(sc, MTW_EEPROM_VERSION, &val); 1324 DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8)); 1325 1326 /* read MAC address */ 1327 mtw_srom_read(sc, MTW_EEPROM_MAC01, &val); 1328 ic->ic_myaddr[0] = val & 0xff; 1329 ic->ic_myaddr[1] = val >> 8; 1330 mtw_srom_read(sc, MTW_EEPROM_MAC23, &val); 1331 ic->ic_myaddr[2] = val & 0xff; 1332 ic->ic_myaddr[3] = val >> 8; 1333 mtw_srom_read(sc, MTW_EEPROM_MAC45, &val); 1334 ic->ic_myaddr[4] = val & 0xff; 1335 ic->ic_myaddr[5] = val >> 8; 1336 #if 0 1337 printf("eFUSE ROM\n00: "); 1338 for (int i = 0; i < 256; i++) { 1339 if (((i % 8) == 0) && i > 0) 1340 printf("\n%02x: ", i); 1341 mtw_srom_read(sc, i, &val); 1342 printf(" %04x", val); 1343 } 1344 printf("\n"); 1345 #endif 1346 /* check if RF supports automatic Tx access gain control */ 1347 mtw_srom_read(sc, MTW_EEPROM_CONFIG, &val); 1348 DPRINTF(("EEPROM CFG 0x%04x\n", val)); 1349 if ((val & 0xff) != 0xff) { 1350 sc->ext_5ghz_lna = (val >> 3) & 1; 1351 sc->ext_2ghz_lna = (val >> 2) & 1; 1352 /* check if RF supports automatic Tx access gain control */ 1353 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1354 /* check if we have a hardware radio switch */ 1355 sc->rfswitch = val & 1; 1356 } 1357 1358 /* read RF frequency offset from EEPROM */ 1359 mtw_srom_read(sc, MTW_EEPROM_FREQ_OFFSET, &val); 1360 if ((val & 0xff) != 0xff) 1361 sc->rf_freq_offset = val; 1362 else 1363 sc->rf_freq_offset = 0; 1364 DPRINTF(("frequency offset 0x%x\n", sc->rf_freq_offset)); 1365 1366 /* Read Tx power settings. */ 1367 mtw_get_txpower(sc); 1368 1369 /* read Tx power compensation for each Tx rate */ 1370 mtw_srom_read(sc, MTW_EEPROM_DELTAPWR, &val); 1371 delta_2ghz = delta_5ghz = 0; 1372 if ((val & 0xff) != 0xff && (val & 0x80)) { 1373 delta_2ghz = val & 0xf; 1374 if (!(val & 0x40)) /* negative number */ 1375 delta_2ghz = -delta_2ghz; 1376 } 1377 val >>= 8; 1378 if ((val & 0xff) != 0xff && (val & 0x80)) { 1379 delta_5ghz = val & 0xf; 1380 if (!(val & 0x40)) /* negative number */ 1381 delta_5ghz = -delta_5ghz; 1382 } 1383 DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n", 1384 delta_2ghz, delta_5ghz)); 1385 1386 for (ridx = 0; ridx < 5; ridx++) { 1387 uint32_t reg; 1388 1389 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2, &val); 1390 reg = val; 1391 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2 + 1, &val); 1392 reg |= (uint32_t)val << 16; 1393 1394 sc->txpow20mhz[ridx] = reg; 1395 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1396 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1397 1398 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1399 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1400 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx])); 1401 } 1402 1403 /* read RSSI offsets and LNA gains from EEPROM */ 1404 val = 0; 1405 mtw_srom_read(sc, MTW_EEPROM_RSSI1_2GHZ, &val); 1406 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1407 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1408 mtw_srom_read(sc, MTW_EEPROM_RSSI2_2GHZ, &val); 1409 /* 1410 * On RT3070 chips (limited to 2 Rx chains), this ROM 1411 * field contains the Tx mixer gain for the 2GHz band. 1412 */ 1413 if ((val & 0xff) != 0xff) 1414 sc->txmixgain_2ghz = val & 0x7; 1415 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz)); 1416 sc->lna[2] = val >> 8; /* channel group 2 */ 1417 mtw_srom_read(sc, MTW_EEPROM_RSSI1_5GHZ, &val); 1418 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1419 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1420 mtw_srom_read(sc, MTW_EEPROM_RSSI2_5GHZ, &val); 1421 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1422 1423 sc->lna[3] = val >> 8; /* channel group 3 */ 1424 1425 mtw_srom_read(sc, MTW_EEPROM_LNA, &val); 1426 sc->lna[0] = val & 0xff; /* channel group 0 */ 1427 sc->lna[1] = val >> 8; /* channel group 1 */ 1428 DPRINTF(("LNA0 0x%x\n", sc->lna[0])); 1429 1430 /* fix broken 5GHz LNA entries */ 1431 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1432 DPRINTF(("invalid LNA for channel group %d\n", 2)); 1433 sc->lna[2] = sc->lna[1]; 1434 } 1435 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1436 DPRINTF(("invalid LNA for channel group %d\n", 3)); 1437 sc->lna[3] = sc->lna[1]; 1438 } 1439 1440 /* fix broken RSSI offset entries */ 1441 for (ant = 0; ant < 3; ant++) { 1442 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1443 DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n", 1444 ant + 1, sc->rssi_2ghz[ant])); 1445 sc->rssi_2ghz[ant] = 0; 1446 } 1447 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1448 DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n", 1449 ant + 1, sc->rssi_5ghz[ant])); 1450 sc->rssi_5ghz[ant] = 0; 1451 } 1452 } 1453 return 0; 1454 } 1455 1456 struct ieee80211_node * 1457 mtw_node_alloc(struct ieee80211com *ic) 1458 { 1459 struct mtw_node *mn; 1460 1461 mn = malloc(sizeof (struct mtw_node), M_USBDEV, M_NOWAIT | M_ZERO); 1462 return (struct ieee80211_node *)mn; 1463 } 1464 1465 int 1466 mtw_media_change(struct ifnet *ifp) 1467 { 1468 struct mtw_softc *sc = ifp->if_softc; 1469 struct ieee80211com *ic = &sc->sc_ic; 1470 uint8_t rate, ridx; 1471 int error; 1472 1473 error = ieee80211_media_change(ifp); 1474 if (error != ENETRESET) 1475 return error; 1476 1477 if (ic->ic_fixed_rate != -1) { 1478 rate = ic->ic_sup_rates[ic->ic_curmode]. 1479 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1480 for (ridx = 0; ridx <= MTW_RIDX_MAX; ridx++) 1481 if (rt2860_rates[ridx].rate == rate) 1482 break; 1483 sc->fixed_ridx = ridx; 1484 } 1485 1486 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1487 (IFF_UP | IFF_RUNNING)) { 1488 mtw_stop(ifp, 0); 1489 error = mtw_init(ifp); 1490 } 1491 return error; 1492 } 1493 1494 void 1495 mtw_next_scan(void *arg) 1496 { 1497 struct mtw_softc *sc = arg; 1498 int s; 1499 1500 if (usbd_is_dying(sc->sc_udev)) 1501 return; 1502 1503 usbd_ref_incr(sc->sc_udev); 1504 1505 s = splnet(); 1506 if (sc->sc_ic.ic_state == IEEE80211_S_SCAN) 1507 ieee80211_next_scan(&sc->sc_ic.ic_if); 1508 splx(s); 1509 1510 usbd_ref_decr(sc->sc_udev); 1511 } 1512 1513 void 1514 mtw_task(void *arg) 1515 { 1516 struct mtw_softc *sc = arg; 1517 struct mtw_host_cmd_ring *ring = &sc->cmdq; 1518 struct mtw_host_cmd *cmd; 1519 int s; 1520 1521 if (usbd_is_dying(sc->sc_udev)) 1522 return; 1523 1524 /* process host commands */ 1525 s = splusb(); 1526 while (ring->next != ring->cur) { 1527 cmd = &ring->cmd[ring->next]; 1528 splx(s); 1529 /* callback */ 1530 cmd->cb(sc, cmd->data); 1531 s = splusb(); 1532 ring->queued--; 1533 ring->next = (ring->next + 1) % MTW_HOST_CMD_RING_COUNT; 1534 } 1535 splx(s); 1536 } 1537 1538 void 1539 mtw_do_async(struct mtw_softc *sc, void (*cb)(struct mtw_softc *, void *), 1540 void *arg, int len) 1541 { 1542 struct mtw_host_cmd_ring *ring = &sc->cmdq; 1543 struct mtw_host_cmd *cmd; 1544 int s; 1545 1546 if (usbd_is_dying(sc->sc_udev)) 1547 return; 1548 1549 s = splusb(); 1550 cmd = &ring->cmd[ring->cur]; 1551 cmd->cb = cb; 1552 KASSERT(len <= sizeof (cmd->data)); 1553 memcpy(cmd->data, arg, len); 1554 ring->cur = (ring->cur + 1) % MTW_HOST_CMD_RING_COUNT; 1555 1556 /* if there is no pending command already, schedule a task */ 1557 if (++ring->queued == 1) 1558 usb_add_task(sc->sc_udev, &sc->sc_task); 1559 splx(s); 1560 } 1561 1562 int 1563 mtw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1564 { 1565 struct mtw_softc *sc = ic->ic_softc; 1566 struct mtw_cmd_newstate cmd; 1567 1568 /* do it in a process context */ 1569 cmd.state = nstate; 1570 cmd.arg = arg; 1571 mtw_do_async(sc, mtw_newstate_cb, &cmd, sizeof cmd); 1572 return 0; 1573 } 1574 1575 void 1576 mtw_newstate_cb(struct mtw_softc *sc, void *arg) 1577 { 1578 struct mtw_cmd_newstate *cmd = arg; 1579 struct ieee80211com *ic = &sc->sc_ic; 1580 enum ieee80211_state ostate; 1581 struct ieee80211_node *ni; 1582 uint32_t sta[3]; 1583 uint8_t wcid; 1584 int s; 1585 1586 s = splnet(); 1587 ostate = ic->ic_state; 1588 1589 if (ostate == IEEE80211_S_RUN) { 1590 /* turn link LED on */ 1591 mtw_set_leds(sc, MTW_LED_MODE_ON); 1592 } 1593 1594 switch (cmd->state) { 1595 case IEEE80211_S_INIT: 1596 if (ostate == IEEE80211_S_RUN) { 1597 /* abort TSF synchronization */ 1598 mtw_abort_tsf_sync(sc); 1599 } 1600 break; 1601 1602 case IEEE80211_S_SCAN: 1603 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1604 if (!usbd_is_dying(sc->sc_udev)) 1605 timeout_add_msec(&sc->scan_to, 200); 1606 break; 1607 1608 case IEEE80211_S_AUTH: 1609 case IEEE80211_S_ASSOC: 1610 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1611 break; 1612 1613 case IEEE80211_S_RUN: 1614 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1615 1616 ni = ic->ic_bss; 1617 1618 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1619 mtw_updateslot(ic); 1620 mtw_enable_mrr(sc); 1621 mtw_set_txpreamble(sc); 1622 mtw_set_basicrates(sc); 1623 mtw_set_bssid(sc, ni->ni_bssid); 1624 } 1625 if (ic->ic_opmode == IEEE80211_M_STA) { 1626 /* add BSS entry to the WCID table */ 1627 wcid = MTW_AID2WCID(ni->ni_associd); 1628 mtw_write_region_1(sc, MTW_WCID_ENTRY(wcid), 1629 ni->ni_macaddr, IEEE80211_ADDR_LEN); 1630 1631 /* fake a join to init the tx rate */ 1632 mtw_newassoc(ic, ni, 1); 1633 } 1634 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1635 mtw_enable_tsf_sync(sc); 1636 1637 /* clear statistic registers used by AMRR */ 1638 mtw_read_region_1(sc, MTW_TX_STA_CNT0, 1639 (uint8_t *)sta, sizeof sta); 1640 /* start calibration timer */ 1641 if (!usbd_is_dying(sc->sc_udev)) 1642 timeout_add_sec(&sc->calib_to, 1); 1643 } 1644 1645 /* turn link LED on */ 1646 mtw_set_leds(sc, MTW_LED_MODE_BLINK_TX); 1647 break; 1648 } 1649 (void)sc->sc_newstate(ic, cmd->state, cmd->arg); 1650 splx(s); 1651 } 1652 1653 void 1654 mtw_updateedca(struct ieee80211com *ic) 1655 { 1656 /* do it in a process context */ 1657 mtw_do_async(ic->ic_softc, mtw_updateedca_cb, NULL, 0); 1658 } 1659 1660 /* ARGSUSED */ 1661 void 1662 mtw_updateedca_cb(struct mtw_softc *sc, void *arg) 1663 { 1664 struct ieee80211com *ic = &sc->sc_ic; 1665 int s, aci; 1666 1667 s = splnet(); 1668 /* update MAC TX configuration registers */ 1669 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 1670 mtw_write(sc, MTW_EDCA_AC_CFG(aci), 1671 ic->ic_edca_ac[aci].ac_ecwmax << 16 | 1672 ic->ic_edca_ac[aci].ac_ecwmin << 12 | 1673 ic->ic_edca_ac[aci].ac_aifsn << 8 | 1674 ic->ic_edca_ac[aci].ac_txoplimit); 1675 } 1676 1677 /* update SCH/DMA registers too */ 1678 mtw_write(sc, MTW_WMM_AIFSN_CFG, 1679 ic->ic_edca_ac[EDCA_AC_VO].ac_aifsn << 12 | 1680 ic->ic_edca_ac[EDCA_AC_VI].ac_aifsn << 8 | 1681 ic->ic_edca_ac[EDCA_AC_BK].ac_aifsn << 4 | 1682 ic->ic_edca_ac[EDCA_AC_BE].ac_aifsn); 1683 mtw_write(sc, MTW_WMM_CWMIN_CFG, 1684 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmin << 12 | 1685 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmin << 8 | 1686 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmin << 4 | 1687 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmin); 1688 mtw_write(sc, MTW_WMM_CWMAX_CFG, 1689 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmax << 12 | 1690 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmax << 8 | 1691 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmax << 4 | 1692 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmax); 1693 mtw_write(sc, MTW_WMM_TXOP0_CFG, 1694 ic->ic_edca_ac[EDCA_AC_BK].ac_txoplimit << 16 | 1695 ic->ic_edca_ac[EDCA_AC_BE].ac_txoplimit); 1696 mtw_write(sc, MTW_WMM_TXOP1_CFG, 1697 ic->ic_edca_ac[EDCA_AC_VO].ac_txoplimit << 16 | 1698 ic->ic_edca_ac[EDCA_AC_VI].ac_txoplimit); 1699 splx(s); 1700 } 1701 1702 void 1703 mtw_updateslot(struct ieee80211com *ic) 1704 { 1705 /* do it in a process context */ 1706 mtw_do_async(ic->ic_softc, mtw_updateslot_cb, NULL, 0); 1707 } 1708 1709 /* ARGSUSED */ 1710 void 1711 mtw_updateslot_cb(struct mtw_softc *sc, void *arg) 1712 { 1713 uint32_t tmp; 1714 1715 mtw_read(sc, MTW_BKOFF_SLOT_CFG, &tmp); 1716 tmp &= ~0xff; 1717 tmp |= (sc->sc_ic.ic_flags & IEEE80211_F_SHSLOT) ? 1718 IEEE80211_DUR_DS_SHSLOT : IEEE80211_DUR_DS_SLOT; 1719 mtw_write(sc, MTW_BKOFF_SLOT_CFG, tmp); 1720 } 1721 1722 int 1723 mtw_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1724 struct ieee80211_key *k) 1725 { 1726 struct mtw_softc *sc = ic->ic_softc; 1727 struct mtw_cmd_key cmd; 1728 1729 /* defer setting of WEP keys until interface is brought up */ 1730 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) != 1731 (IFF_UP | IFF_RUNNING)) 1732 return 0; 1733 1734 /* do it in a process context */ 1735 cmd.key = *k; 1736 cmd.ni = ni; 1737 mtw_do_async(sc, mtw_set_key_cb, &cmd, sizeof cmd); 1738 sc->sc_key_tasks++; 1739 return EBUSY; 1740 } 1741 1742 void 1743 mtw_set_key_cb(struct mtw_softc *sc, void *arg) 1744 { 1745 struct ieee80211com *ic = &sc->sc_ic; 1746 struct mtw_cmd_key *cmd = arg; 1747 struct ieee80211_key *k = &cmd->key; 1748 uint32_t attr; 1749 uint16_t base; 1750 uint8_t mode, wcid, iv[8]; 1751 1752 sc->sc_key_tasks--; 1753 1754 /* map net80211 cipher to RT2860 security mode */ 1755 switch (k->k_cipher) { 1756 case IEEE80211_CIPHER_WEP40: 1757 mode = MTW_MODE_WEP40; 1758 break; 1759 case IEEE80211_CIPHER_WEP104: 1760 mode = MTW_MODE_WEP104; 1761 break; 1762 case IEEE80211_CIPHER_TKIP: 1763 mode = MTW_MODE_TKIP; 1764 break; 1765 case IEEE80211_CIPHER_CCMP: 1766 mode = MTW_MODE_AES_CCMP; 1767 break; 1768 default: 1769 if (cmd->ni != NULL) { 1770 IEEE80211_SEND_MGMT(ic, cmd->ni, 1771 IEEE80211_FC0_SUBTYPE_DEAUTH, 1772 IEEE80211_REASON_AUTH_LEAVE); 1773 } 1774 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1775 return; 1776 } 1777 1778 if (k->k_flags & IEEE80211_KEY_GROUP) { 1779 wcid = 0; /* NB: update WCID0 for group keys */ 1780 base = MTW_SKEY(0, k->k_id); 1781 } else { 1782 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0; 1783 base = MTW_PKEY(wcid); 1784 } 1785 1786 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1787 mtw_write_region_1(sc, base, k->k_key, 16); 1788 mtw_write_region_1(sc, base + 16, &k->k_key[24], 8); 1789 mtw_write_region_1(sc, base + 24, &k->k_key[16], 8); 1790 } else { 1791 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 1792 mtw_write_region_1(sc, base, k->k_key, (k->k_len + 1) & ~1); 1793 } 1794 1795 if (!(k->k_flags & IEEE80211_KEY_GROUP) || 1796 (k->k_flags & IEEE80211_KEY_TX)) { 1797 /* set initial packet number in IV+EIV */ 1798 if (k->k_cipher == IEEE80211_CIPHER_WEP40 || 1799 k->k_cipher == IEEE80211_CIPHER_WEP104) { 1800 memset(iv, 0, sizeof iv); 1801 iv[3] = sc->sc_ic.ic_def_txkey << 6; 1802 } else { 1803 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1804 iv[0] = k->k_tsc >> 8; 1805 iv[1] = (iv[0] | 0x20) & 0x7f; 1806 iv[2] = k->k_tsc; 1807 } else /* CCMP */ { 1808 iv[0] = k->k_tsc; 1809 iv[1] = k->k_tsc >> 8; 1810 iv[2] = 0; 1811 } 1812 iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1813 iv[4] = k->k_tsc >> 16; 1814 iv[5] = k->k_tsc >> 24; 1815 iv[6] = k->k_tsc >> 32; 1816 iv[7] = k->k_tsc >> 40; 1817 } 1818 mtw_write_region_1(sc, MTW_IVEIV(wcid), iv, 8); 1819 } 1820 1821 if (k->k_flags & IEEE80211_KEY_GROUP) { 1822 /* install group key */ 1823 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr); 1824 attr &= ~(0xf << (k->k_id * 4)); 1825 attr |= mode << (k->k_id * 4); 1826 mtw_write(sc, MTW_SKEY_MODE_0_7, attr); 1827 1828 if (k->k_cipher & (IEEE80211_CIPHER_WEP104 | 1829 IEEE80211_CIPHER_WEP40)) { 1830 mtw_read(sc, MTW_WCID_ATTR(wcid + 1), &attr); 1831 attr = (attr & ~0xf) | (mode << 1); 1832 mtw_write(sc, MTW_WCID_ATTR(wcid + 1), attr); 1833 1834 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 4); 1835 1836 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1837 attr = (attr & ~0xf) | (mode << 1); 1838 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1839 } 1840 } else { 1841 /* install pairwise key */ 1842 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1843 attr = (attr & ~0xf) | (mode << 1) | MTW_RX_PKEY_EN; 1844 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1845 } 1846 1847 if (sc->sc_key_tasks == 0) { 1848 if (cmd->ni != NULL) 1849 cmd->ni->ni_port_valid = 1; 1850 ieee80211_set_link_state(ic, LINK_STATE_UP); 1851 } 1852 } 1853 1854 void 1855 mtw_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1856 struct ieee80211_key *k) 1857 { 1858 struct mtw_softc *sc = ic->ic_softc; 1859 struct mtw_cmd_key cmd; 1860 1861 if (!(ic->ic_if.if_flags & IFF_RUNNING) || 1862 ic->ic_state != IEEE80211_S_RUN) 1863 return; /* nothing to do */ 1864 1865 /* do it in a process context */ 1866 cmd.key = *k; 1867 cmd.ni = ni; 1868 mtw_do_async(sc, mtw_delete_key_cb, &cmd, sizeof cmd); 1869 } 1870 1871 void 1872 mtw_delete_key_cb(struct mtw_softc *sc, void *arg) 1873 { 1874 struct mtw_cmd_key *cmd = arg; 1875 struct ieee80211_key *k = &cmd->key; 1876 uint32_t attr; 1877 uint8_t wcid; 1878 1879 if (k->k_flags & IEEE80211_KEY_GROUP) { 1880 /* remove group key */ 1881 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr); 1882 attr &= ~(0xf << (k->k_id * 4)); 1883 mtw_write(sc, MTW_SKEY_MODE_0_7, attr); 1884 1885 } else { 1886 /* remove pairwise key */ 1887 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0; 1888 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1889 attr &= ~0xf; 1890 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1891 } 1892 } 1893 1894 void 1895 mtw_calibrate_to(void *arg) 1896 { 1897 /* do it in a process context */ 1898 mtw_do_async(arg, mtw_calibrate_cb, NULL, 0); 1899 /* next timeout will be rescheduled in the calibration task */ 1900 } 1901 1902 /* ARGSUSED */ 1903 void 1904 mtw_calibrate_cb(struct mtw_softc *sc, void *arg) 1905 { 1906 struct ifnet *ifp = &sc->sc_ic.ic_if; 1907 uint32_t sta[3]; 1908 int s, error; 1909 1910 /* read statistic counters (clear on read) and update AMRR state */ 1911 error = mtw_read_region_1(sc, MTW_TX_STA_CNT0, (uint8_t *)sta, 1912 sizeof sta); 1913 if (error != 0) 1914 goto skip; 1915 1916 DPRINTF(("retrycnt=%d txcnt=%d failcnt=%d\n", 1917 letoh32(sta[1]) >> 16, letoh32(sta[1]) & 0xffff, 1918 letoh32(sta[0]) & 0xffff)); 1919 1920 s = splnet(); 1921 /* count failed TX as errors */ 1922 ifp->if_oerrors += letoh32(sta[0]) & 0xffff; 1923 1924 sc->amn.amn_retrycnt = 1925 (letoh32(sta[0]) & 0xffff) + /* failed TX count */ 1926 (letoh32(sta[1]) >> 16); /* TX retransmission count */ 1927 1928 sc->amn.amn_txcnt = 1929 sc->amn.amn_retrycnt + 1930 (letoh32(sta[1]) & 0xffff); /* successful TX count */ 1931 1932 ieee80211_amrr_choose(&sc->amrr, sc->sc_ic.ic_bss, &sc->amn); 1933 1934 splx(s); 1935 skip: 1936 if (!usbd_is_dying(sc->sc_udev)) 1937 timeout_add_sec(&sc->calib_to, 1); 1938 } 1939 1940 void 1941 mtw_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1942 { 1943 struct mtw_softc *sc = ic->ic_softc; 1944 struct mtw_node *mn = (void *)ni; 1945 struct ieee80211_rateset *rs = &ni->ni_rates; 1946 uint8_t rate; 1947 int ridx, i, j; 1948 1949 DPRINTF(("new assoc isnew=%d addr=%s\n", 1950 isnew, ether_sprintf(ni->ni_macaddr))); 1951 1952 ieee80211_amrr_node_init(&sc->amrr, &sc->amn); 1953 1954 /* start at lowest available bit-rate, AMRR will raise */ 1955 ni->ni_txrate = 0; 1956 1957 for (i = 0; i < rs->rs_nrates; i++) { 1958 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 1959 /* convert 802.11 rate to hardware rate index */ 1960 for (ridx = 0; ridx < MTW_RIDX_MAX; ridx++) 1961 if (rt2860_rates[ridx].rate == rate) 1962 break; 1963 mn->ridx[i] = ridx; 1964 /* determine rate of control response frames */ 1965 for (j = i; j >= 0; j--) { 1966 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 1967 rt2860_rates[mn->ridx[i]].phy == 1968 rt2860_rates[mn->ridx[j]].phy) 1969 break; 1970 } 1971 if (j >= 0) { 1972 mn->ctl_ridx[i] = mn->ridx[j]; 1973 } else { 1974 /* no basic rate found, use mandatory one */ 1975 mn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 1976 } 1977 DPRINTF(("rate=0x%02x ridx=%d ctl_ridx=%d\n", 1978 rs->rs_rates[i], mn->ridx[i], mn->ctl_ridx[i])); 1979 } 1980 } 1981 1982 /* 1983 * Return the Rx chain with the highest RSSI for a given frame. 1984 */ 1985 static __inline uint8_t 1986 mtw_maxrssi_chain(struct mtw_softc *sc, const struct mtw_rxwi *rxwi) 1987 { 1988 uint8_t rxchain = 0; 1989 1990 if (sc->nrxchains > 1) { 1991 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 1992 rxchain = 1; 1993 } 1994 return rxchain; 1995 } 1996 1997 void 1998 mtw_rx_frame(struct mtw_softc *sc, uint8_t *buf, int dmalen, 1999 struct mbuf_list *ml) 2000 { 2001 struct ieee80211com *ic = &sc->sc_ic; 2002 struct ifnet *ifp = &ic->ic_if; 2003 struct ieee80211_frame *wh; 2004 struct ieee80211_rxinfo rxi; 2005 struct ieee80211_node *ni; 2006 struct mtw_rxwi *rxwi; 2007 struct mbuf *m; 2008 uint32_t flags; 2009 uint16_t len; 2010 #if NBPFILTER > 0 2011 uint16_t phy; 2012 #endif 2013 uint16_t rxwisize; 2014 uint8_t ant, rssi; 2015 int s; 2016 2017 /* Rx Wireless Information */ 2018 rxwi = (struct mtw_rxwi *)(buf); 2019 rxwisize = sizeof(struct mtw_rxwi); 2020 len = letoh16(rxwi->len) & 0xfff; 2021 2022 if (__predict_false(len > dmalen)) { 2023 DPRINTF(("bad RXWI length %u > %u\n", len, dmalen)); 2024 return; 2025 } 2026 if (len > MCLBYTES) { 2027 DPRINTF(("frame too large (length=%d)\n", len)); 2028 ifp->if_ierrors++; 2029 return; 2030 } 2031 2032 flags = letoh32(rxwi->flags); 2033 if (__predict_false(flags & (MTW_RX_CRCERR | MTW_RX_ICVERR))) { 2034 ifp->if_ierrors++; 2035 return; 2036 } 2037 if (__predict_false((flags & MTW_RX_MICERR))) { 2038 /* report MIC failures to net80211 for TKIP */ 2039 ic->ic_stats.is_rx_locmicfail++; 2040 ieee80211_michael_mic_failure(ic, 0/* XXX */); 2041 ifp->if_ierrors++; 2042 return; 2043 } 2044 2045 wh = (struct ieee80211_frame *)(buf + rxwisize); 2046 memset(&rxi, 0, sizeof(rxi)); 2047 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2048 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2049 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 2050 } 2051 2052 if (flags & MTW_RX_L2PAD) { 2053 u_int hdrlen = ieee80211_get_hdrlen(wh); 2054 memmove((caddr_t)wh + 2, wh, hdrlen); 2055 wh = (struct ieee80211_frame *)((caddr_t)wh + 2); 2056 } 2057 2058 /* could use m_devget but net80211 wants contig mgmt frames */ 2059 MGETHDR(m, M_DONTWAIT, MT_DATA); 2060 if (__predict_false(m == NULL)) { 2061 ifp->if_ierrors++; 2062 return; 2063 } 2064 if (len > MHLEN) { 2065 MCLGET(m, M_DONTWAIT); 2066 if (__predict_false(!(m->m_flags & M_EXT))) { 2067 ifp->if_ierrors++; 2068 m_freem(m); 2069 return; 2070 } 2071 } 2072 /* finalize mbuf */ 2073 memcpy(mtod(m, caddr_t), wh, len); 2074 m->m_pkthdr.len = m->m_len = len; 2075 2076 ant = mtw_maxrssi_chain(sc, rxwi); 2077 rssi = rxwi->rssi[ant]; 2078 2079 #if NBPFILTER > 0 2080 if (__predict_false(sc->sc_drvbpf != NULL)) { 2081 struct mtw_rx_radiotap_header *tap = &sc->sc_rxtap; 2082 struct mbuf mb; 2083 2084 tap->wr_flags = 0; 2085 tap->wr_chan_freq = htole16(ic->ic_ibss_chan->ic_freq); 2086 tap->wr_chan_flags = htole16(ic->ic_ibss_chan->ic_flags); 2087 tap->wr_antsignal = rssi; 2088 tap->wr_antenna = ant; 2089 tap->wr_dbm_antsignal = mtw_rssi2dbm(sc, rssi, ant); 2090 tap->wr_rate = 2; /* in case it can't be found below */ 2091 phy = letoh16(rxwi->phy); 2092 switch (phy >> MT7601_PHY_SHIFT) { 2093 case MTW_PHY_CCK: 2094 switch ((phy & MTW_PHY_MCS) & ~MTW_PHY_SHPRE) { 2095 case 0: tap->wr_rate = 2; break; 2096 case 1: tap->wr_rate = 4; break; 2097 case 2: tap->wr_rate = 11; break; 2098 case 3: tap->wr_rate = 22; break; 2099 } 2100 if (phy & MTW_PHY_SHPRE) 2101 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2102 break; 2103 case MTW_PHY_OFDM: 2104 switch (phy & MTW_PHY_MCS) { 2105 case 0: tap->wr_rate = 12; break; 2106 case 1: tap->wr_rate = 18; break; 2107 case 2: tap->wr_rate = 24; break; 2108 case 3: tap->wr_rate = 36; break; 2109 case 4: tap->wr_rate = 48; break; 2110 case 5: tap->wr_rate = 72; break; 2111 case 6: tap->wr_rate = 96; break; 2112 case 7: tap->wr_rate = 108; break; 2113 } 2114 break; 2115 } 2116 mb.m_data = (caddr_t)tap; 2117 mb.m_len = sc->sc_rxtap_len; 2118 mb.m_next = m; 2119 mb.m_nextpkt = NULL; 2120 mb.m_type = 0; 2121 mb.m_flags = 0; 2122 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 2123 } 2124 #endif 2125 2126 s = splnet(); 2127 ni = ieee80211_find_rxnode(ic, wh); 2128 rxi.rxi_rssi = rssi; 2129 ieee80211_inputm(ifp, m, ni, &rxi, ml); 2130 2131 /* node is no longer needed */ 2132 ieee80211_release_node(ic, ni); 2133 splx(s); 2134 } 2135 2136 void 2137 mtw_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) 2138 { 2139 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 2140 struct mtw_rx_data *data = priv; 2141 struct mtw_softc *sc = data->sc; 2142 uint8_t *buf; 2143 uint32_t dmalen; 2144 int xferlen; 2145 2146 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 2147 DPRINTF(("RX status=%d\n", status)); 2148 if (status == USBD_STALLED) 2149 usbd_clear_endpoint_stall_async(sc->rxq[0].pipeh); 2150 if (status != USBD_CANCELLED) 2151 goto skip; 2152 return; 2153 } 2154 2155 usbd_get_xfer_status(xfer, NULL, NULL, &xferlen, NULL); 2156 2157 if (__predict_false(xferlen < sizeof(uint32_t) + 2158 sizeof (struct mtw_rxwi) + sizeof(struct mtw_rxd))) { 2159 DPRINTF(("RX xfer too short %d\n", xferlen)); 2160 goto skip; 2161 } 2162 2163 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2164 buf = data->buf; 2165 while (xferlen > 8) { 2166 dmalen = letoh32(*(uint32_t *)buf) & MTW_RXD_LEN; 2167 if (__predict_false(dmalen == 0 || (dmalen & 3) != 0)) { 2168 DPRINTF(("bad DMA length %u\n", dmalen)); 2169 break; 2170 } 2171 if (__predict_false(dmalen + 8 > xferlen)) { 2172 DPRINTF(("bad DMA length %u > %d\n", 2173 dmalen + 8, xferlen)); 2174 break; 2175 } 2176 mtw_rx_frame(sc, buf + sizeof(struct mtw_rxd), dmalen, &ml); 2177 buf += dmalen + 8; 2178 xferlen -= dmalen + 8; 2179 } 2180 if_input(&sc->sc_ic.ic_if, &ml); 2181 2182 skip: /* setup a new transfer */ 2183 usbd_setup_xfer(xfer, sc->rxq[0].pipeh, data, data->buf, MTW_MAX_RXSZ, 2184 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, mtw_rxeof); 2185 (void)usbd_transfer(data->xfer); 2186 } 2187 2188 void 2189 mtw_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status) 2190 { 2191 struct mtw_tx_data *data = priv; 2192 struct mtw_softc *sc = data->sc; 2193 struct mtw_tx_ring *txq = &sc->txq[data->qid]; 2194 struct ifnet *ifp = &sc->sc_ic.ic_if; 2195 int s; 2196 2197 if (usbd_is_dying(sc->sc_udev)) 2198 return; 2199 2200 s = splnet(); 2201 txq->queued--; 2202 sc->qfullmsk &= ~(1 << data->qid); 2203 2204 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 2205 DPRINTF(("TX status=%d\n", status)); 2206 if (status == USBD_STALLED) 2207 usbd_clear_endpoint_stall_async(txq->pipeh); 2208 ifp->if_oerrors++; 2209 splx(s); 2210 return; 2211 } 2212 2213 sc->sc_tx_timer = 0; 2214 2215 if (ifq_is_oactive(&ifp->if_snd)) { 2216 ifq_clr_oactive(&ifp->if_snd); 2217 mtw_start(ifp); 2218 } 2219 2220 splx(s); 2221 } 2222 2223 int 2224 mtw_tx(struct mtw_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2225 { 2226 struct ieee80211com *ic = &sc->sc_ic; 2227 struct mtw_node *mn = (void *)ni; 2228 struct ieee80211_frame *wh; 2229 struct mtw_tx_ring *ring; 2230 struct mtw_tx_data *data; 2231 struct mtw_txd *txd; 2232 struct mtw_txwi *txwi; 2233 uint16_t qos, dur; 2234 uint16_t txwisize; 2235 uint8_t type, mcs, tid, qid; 2236 int error, hasqos, ridx, ctl_ridx, xferlen; 2237 2238 wh = mtod(m, struct ieee80211_frame *); 2239 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2240 2241 /* select queue */ 2242 if ((hasqos = ieee80211_has_qos(wh))) { 2243 qos = ieee80211_get_qos(wh); 2244 tid = qos & IEEE80211_QOS_TID; 2245 qid = ieee80211_up_to_ac(ic, tid); 2246 } else { 2247 qos = 0; 2248 tid = 0; 2249 qid = EDCA_AC_BE; 2250 } 2251 2252 /* management frames go to MCU queue */ 2253 if (type == IEEE80211_FC0_TYPE_MGT) 2254 qid = MTW_TXQ_MCU; 2255 2256 ring = &sc->txq[qid]; 2257 data = &ring->data[ring->cur]; 2258 2259 /* pickup a rate index */ 2260 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2261 type != IEEE80211_FC0_TYPE_DATA) { 2262 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2263 MTW_RIDX_OFDM6 : MTW_RIDX_CCK1; 2264 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2265 } else if (ic->ic_fixed_rate != -1) { 2266 ridx = sc->fixed_ridx; 2267 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2268 } else { 2269 ridx = mn->ridx[ni->ni_txrate]; 2270 ctl_ridx = mn->ctl_ridx[ni->ni_txrate]; 2271 } 2272 2273 txwisize = sizeof(struct mtw_txwi); 2274 xferlen = txwisize + m->m_pkthdr.len; 2275 2276 /* roundup to 32-bit alignment */ 2277 xferlen = (xferlen + 3) & ~3; 2278 2279 /* setup TX descriptor */ 2280 txd = (struct mtw_txd *)data->buf; 2281 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_80211 | 2282 MTW_TXD_WLAN | MTW_TXD_QSEL_EDCA); 2283 2284 if (type != IEEE80211_FC0_TYPE_DATA) 2285 txd->flags |= htole16(MTW_TXD_WIV); 2286 txd->len = htole16(xferlen); 2287 xferlen += sizeof(struct mtw_txd); 2288 2289 /* get MCS code from rate index */ 2290 mcs = rt2860_rates[ridx].mcs; 2291 2292 /* setup TX Wireless Information */ 2293 txwi = (struct mtw_txwi *)(txd + 1); 2294 txwi->flags = 0; 2295 txwi->xflags = hasqos ? 0 : MTW_TX_NSEQ; 2296 txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ? 2297 MTW_AID2WCID(ni->ni_associd) : 0xff; 2298 txwi->len = htole16(m->m_pkthdr.len); 2299 txwi->txop = MTW_TX_TXOP_BACKOFF; 2300 2301 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2302 txwi->phy = htole16(MTW_PHY_CCK << MT7601_PHY_SHIFT); 2303 if (ridx != MTW_RIDX_CCK1 && 2304 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2305 mcs |= MTW_PHY_SHPRE; 2306 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 2307 txwi->phy = htole16(MTW_PHY_OFDM << MT7601_PHY_SHIFT); 2308 txwi->phy |= htole16(mcs); 2309 2310 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2311 (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 2312 IEEE80211_QOS_ACK_POLICY_NOACK)) { 2313 txwi->xflags |= MTW_TX_ACK; 2314 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2315 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 2316 else 2317 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 2318 *(uint16_t *)wh->i_dur = htole16(dur); 2319 } 2320 2321 #if NBPFILTER > 0 2322 if (__predict_false(sc->sc_drvbpf != NULL)) { 2323 struct mtw_tx_radiotap_header *tap = &sc->sc_txtap; 2324 struct mbuf mb; 2325 2326 tap->wt_flags = 0; 2327 tap->wt_rate = rt2860_rates[ridx].rate; 2328 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 2329 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 2330 if (mcs & MTW_PHY_SHPRE) 2331 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2332 2333 mb.m_data = (caddr_t)tap; 2334 mb.m_len = sc->sc_txtap_len; 2335 mb.m_next = m; 2336 mb.m_nextpkt = NULL; 2337 mb.m_type = 0; 2338 mb.m_flags = 0; 2339 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 2340 } 2341 #endif 2342 /* copy payload */ 2343 m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)txwi + txwisize); 2344 m_freem(m); 2345 2346 /* 4-byte pad */ 2347 memset(data->buf + xferlen, 0, MTW_DMA_PAD); 2348 xferlen += MTW_DMA_PAD; 2349 2350 usbd_setup_xfer(data->xfer, ring->pipeh, data, data->buf, 2351 xferlen, USBD_FORCE_SHORT_XFER | USBD_NO_COPY, 2352 MTW_TX_TIMEOUT, mtw_txeof); 2353 error = usbd_transfer(data->xfer); 2354 if (__predict_false(error != USBD_IN_PROGRESS && error != 0)) 2355 return error; 2356 2357 ieee80211_release_node(ic, ni); 2358 2359 ring->cur = (ring->cur + 1) % MTW_TX_RING_COUNT; 2360 if (++ring->queued >= MTW_TX_RING_COUNT) 2361 sc->qfullmsk |= 1 << qid; 2362 return 0; 2363 } 2364 2365 void 2366 mtw_start(struct ifnet *ifp) 2367 { 2368 struct mtw_softc *sc = ifp->if_softc; 2369 struct ieee80211com *ic = &sc->sc_ic; 2370 struct ieee80211_node *ni; 2371 struct mbuf *m; 2372 2373 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 2374 return; 2375 2376 for (;;) { 2377 if (sc->qfullmsk != 0) { 2378 ifq_set_oactive(&ifp->if_snd); 2379 break; 2380 } 2381 2382 /* send pending management frames first */ 2383 m = mq_dequeue(&ic->ic_mgtq); 2384 if (m != NULL) { 2385 ni = m->m_pkthdr.ph_cookie; 2386 goto sendit; 2387 } 2388 if (ic->ic_state != IEEE80211_S_RUN) 2389 break; 2390 2391 /* encapsulate and send data frames */ 2392 m = ifq_dequeue(&ifp->if_snd); 2393 if (m == NULL) 2394 break; 2395 #if NBPFILTER > 0 2396 if (ifp->if_bpf != NULL) 2397 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 2398 #endif 2399 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 2400 continue; 2401 sendit: 2402 #if NBPFILTER > 0 2403 if (ic->ic_rawbpf != NULL) 2404 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 2405 #endif 2406 if (mtw_tx(sc, m, ni) != 0) { 2407 ieee80211_release_node(ic, ni); 2408 ifp->if_oerrors++; 2409 continue; 2410 } 2411 2412 sc->sc_tx_timer = 5; 2413 ifp->if_timer = 1; 2414 } 2415 } 2416 2417 void 2418 mtw_watchdog(struct ifnet *ifp) 2419 { 2420 struct mtw_softc *sc = ifp->if_softc; 2421 2422 ifp->if_timer = 0; 2423 2424 if (sc->sc_tx_timer > 0) { 2425 if (--sc->sc_tx_timer == 0) { 2426 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 2427 /* mtw_init(ifp); XXX needs a process context! */ 2428 ifp->if_oerrors++; 2429 return; 2430 } 2431 ifp->if_timer = 1; 2432 } 2433 2434 ieee80211_watchdog(ifp); 2435 } 2436 2437 int 2438 mtw_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2439 { 2440 struct mtw_softc *sc = ifp->if_softc; 2441 struct ieee80211com *ic = &sc->sc_ic; 2442 int s, error = 0; 2443 2444 if (usbd_is_dying(sc->sc_udev)) 2445 return ENXIO; 2446 2447 usbd_ref_incr(sc->sc_udev); 2448 2449 s = splnet(); 2450 2451 switch (cmd) { 2452 case SIOCSIFADDR: 2453 ifp->if_flags |= IFF_UP; 2454 /* FALLTHROUGH */ 2455 case SIOCSIFFLAGS: 2456 if (ifp->if_flags & IFF_UP) { 2457 if (!(ifp->if_flags & IFF_RUNNING)) 2458 mtw_init(ifp); 2459 } else { 2460 if (ifp->if_flags & IFF_RUNNING) 2461 mtw_stop(ifp, 1); 2462 } 2463 break; 2464 2465 case SIOCS80211CHANNEL: 2466 /* 2467 * This allows for fast channel switching in monitor mode 2468 * (used by kismet). 2469 */ 2470 error = ieee80211_ioctl(ifp, cmd, data); 2471 if (error == ENETRESET && 2472 ic->ic_opmode == IEEE80211_M_MONITOR) { 2473 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2474 (IFF_UP | IFF_RUNNING)) 2475 mtw_set_chan(sc, ic->ic_ibss_chan); 2476 error = 0; 2477 } 2478 break; 2479 2480 default: 2481 error = ieee80211_ioctl(ifp, cmd, data); 2482 } 2483 2484 if (error == ENETRESET) { 2485 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2486 (IFF_UP | IFF_RUNNING)) { 2487 mtw_stop(ifp, 0); 2488 error = mtw_init(ifp); 2489 } else 2490 error = 0; 2491 } 2492 splx(s); 2493 2494 usbd_ref_decr(sc->sc_udev); 2495 2496 return error; 2497 } 2498 2499 void 2500 mtw_select_chan_group(struct mtw_softc *sc, int group) 2501 { 2502 uint32_t tmp; 2503 uint8_t bbp; 2504 2505 /* Tx band 20MHz 2G */ 2506 mtw_read(sc, MTW_TX_BAND_CFG, &tmp); 2507 tmp &= ~(MTW_TX_BAND_SEL_2G | MTW_TX_BAND_SEL_5G | 2508 MTW_TX_BAND_UPPER_40M); 2509 tmp |= (group == 0) ? MTW_TX_BAND_SEL_2G : MTW_TX_BAND_SEL_5G; 2510 mtw_write(sc, MTW_TX_BAND_CFG, tmp); 2511 2512 /* select 20 MHz bandwidth */ 2513 mtw_bbp_read(sc, 4, &bbp); 2514 bbp &= ~0x18; 2515 bbp |= 0x40; 2516 mtw_bbp_write(sc, 4, bbp); 2517 2518 /* calibrate BBP */ 2519 mtw_bbp_write(sc, 69, 0x12); 2520 mtw_bbp_write(sc, 91, 0x07); 2521 mtw_bbp_write(sc, 195, 0x23); 2522 mtw_bbp_write(sc, 196, 0x17); 2523 mtw_bbp_write(sc, 195, 0x24); 2524 mtw_bbp_write(sc, 196, 0x06); 2525 mtw_bbp_write(sc, 195, 0x81); 2526 mtw_bbp_write(sc, 196, 0x12); 2527 mtw_bbp_write(sc, 195, 0x83); 2528 mtw_bbp_write(sc, 196, 0x17); 2529 mtw_rf_write(sc, 5, 8, 0x00); 2530 mtw_mcu_calibrate(sc, 0x6, 0x10001); 2531 2532 /* set initial AGC value */ 2533 mt7601_set_agc(sc, 0x14); 2534 } 2535 2536 void 2537 mt7601_set_agc(struct mtw_softc *sc, uint8_t agc) 2538 { 2539 uint8_t bbp; 2540 2541 mtw_bbp_write(sc, 66, agc); 2542 mtw_bbp_write(sc, 195, 0x87); 2543 bbp = (agc & 0xf0) | 0x08; 2544 mtw_bbp_write(sc, 196, bbp); 2545 } 2546 2547 void 2548 mt7601_set_chan(struct mtw_softc *sc, u_int chan) 2549 { 2550 uint32_t tmp; 2551 uint8_t bbp, rf, txpow1; 2552 int i; 2553 2554 /* find the settings for this channel */ 2555 for (i = 0; mt7601_rf_chan[i].chan != chan; i++) 2556 2557 mtw_rf_write(sc, 0, 17, mt7601_rf_chan[i].r17); 2558 mtw_rf_write(sc, 0, 18, mt7601_rf_chan[i].r18); 2559 mtw_rf_write(sc, 0, 19, mt7601_rf_chan[i].r19); 2560 mtw_rf_write(sc, 0, 20, mt7601_rf_chan[i].r20); 2561 2562 /* use Tx power values from EEPROM */ 2563 txpow1 = sc->txpow1[i]; 2564 2565 /* Tx automatic level control */ 2566 mtw_read(sc, MTW_TX_ALC_CFG0, &tmp); 2567 tmp &= ~0x3f3f; 2568 tmp |= (txpow1 & 0x3f); 2569 mtw_write(sc, MTW_TX_ALC_CFG0, tmp); 2570 2571 /* LNA */ 2572 mtw_bbp_write(sc, 62, 0x37 - sc->lna[0]); 2573 mtw_bbp_write(sc, 63, 0x37 - sc->lna[0]); 2574 mtw_bbp_write(sc, 64, 0x37 - sc->lna[0]); 2575 2576 /* VCO calibration */ 2577 mtw_rf_write(sc, 0, 4, 0x0a); 2578 mtw_rf_write(sc, 0, 5, 0x20); 2579 mtw_rf_read(sc, 0, 4, &rf); 2580 mtw_rf_write(sc, 0, 4, rf | 0x80); 2581 2582 /* select 20 MHz bandwidth */ 2583 mtw_bbp_read(sc, 4, &bbp); 2584 bbp &= ~0x18; 2585 bbp |= 0x40; 2586 mtw_bbp_write(sc, 4, bbp); 2587 mtw_bbp_write(sc, 178, 0xff); 2588 } 2589 2590 int 2591 mtw_set_chan(struct mtw_softc *sc, struct ieee80211_channel *c) 2592 { 2593 struct ieee80211com *ic = &sc->sc_ic; 2594 u_int chan, group; 2595 2596 chan = ieee80211_chan2ieee(ic, c); 2597 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 2598 return EINVAL; 2599 2600 /* determine channel group */ 2601 if (chan <= 14) 2602 group = 0; 2603 else if (chan <= 64) 2604 group = 1; 2605 else if (chan <= 128) 2606 group = 2; 2607 else 2608 group = 3; 2609 2610 if (group != sc->sc_chan_group || !sc->sc_bw_calibrated) 2611 mtw_select_chan_group(sc, group); 2612 2613 sc->sc_chan_group = group; 2614 2615 /* chipset specific */ 2616 if (sc->mac_ver == 0x7601) 2617 mt7601_set_chan(sc, chan); 2618 2619 DELAY(1000); 2620 return 0; 2621 } 2622 2623 void 2624 mtw_enable_tsf_sync(struct mtw_softc *sc) 2625 { 2626 struct ieee80211com *ic = &sc->sc_ic; 2627 uint32_t tmp; 2628 2629 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp); 2630 tmp &= ~0x1fffff; 2631 tmp |= ic->ic_bss->ni_intval * 16; 2632 tmp |= MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN; 2633 2634 /* local TSF is always updated with remote TSF on beacon reception */ 2635 tmp |= 1 << MTW_TSF_SYNC_MODE_SHIFT; 2636 mtw_write(sc, MTW_BCN_TIME_CFG, tmp); 2637 } 2638 2639 void 2640 mtw_abort_tsf_sync(struct mtw_softc *sc) 2641 { 2642 uint32_t tmp; 2643 2644 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp); 2645 tmp &= ~(MTW_BCN_TX_EN | MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN); 2646 mtw_write(sc, MTW_BCN_TIME_CFG, tmp); 2647 } 2648 2649 void 2650 mtw_enable_mrr(struct mtw_softc *sc) 2651 { 2652 #define CCK(mcs) (mcs) 2653 #define OFDM(mcs) (1 << 3 | (mcs)) 2654 mtw_write(sc, MTW_LG_FBK_CFG0, 2655 OFDM(6) << 28 | /* 54->48 */ 2656 OFDM(5) << 24 | /* 48->36 */ 2657 OFDM(4) << 20 | /* 36->24 */ 2658 OFDM(3) << 16 | /* 24->18 */ 2659 OFDM(2) << 12 | /* 18->12 */ 2660 OFDM(1) << 8 | /* 12-> 9 */ 2661 OFDM(0) << 4 | /* 9-> 6 */ 2662 OFDM(0)); /* 6-> 6 */ 2663 2664 mtw_write(sc, MTW_LG_FBK_CFG1, 2665 CCK(2) << 12 | /* 11->5.5 */ 2666 CCK(1) << 8 | /* 5.5-> 2 */ 2667 CCK(0) << 4 | /* 2-> 1 */ 2668 CCK(0)); /* 1-> 1 */ 2669 #undef OFDM 2670 #undef CCK 2671 } 2672 2673 void 2674 mtw_set_txrts(struct mtw_softc *sc) 2675 { 2676 uint32_t tmp; 2677 2678 /* set RTS threshold */ 2679 mtw_read(sc, MTW_TX_RTS_CFG, &tmp); 2680 tmp &= ~0xffff00; 2681 tmp |= 0x1000 << MTW_RTS_THRES_SHIFT; 2682 mtw_write(sc, MTW_TX_RTS_CFG, tmp); 2683 } 2684 2685 void 2686 mtw_set_txpreamble(struct mtw_softc *sc) 2687 { 2688 uint32_t tmp; 2689 2690 mtw_read(sc, MTW_AUTO_RSP_CFG, &tmp); 2691 if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE) 2692 tmp |= MTW_CCK_SHORT_EN; 2693 else 2694 tmp &= ~MTW_CCK_SHORT_EN; 2695 mtw_write(sc, MTW_AUTO_RSP_CFG, tmp); 2696 } 2697 2698 void 2699 mtw_set_basicrates(struct mtw_softc *sc) 2700 { 2701 struct ieee80211com *ic = &sc->sc_ic; 2702 2703 /* set basic rates mask */ 2704 if (ic->ic_curmode == IEEE80211_MODE_11B) 2705 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x003); 2706 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2707 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x150); 2708 else /* 11g */ 2709 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x17f); 2710 } 2711 2712 void 2713 mtw_set_leds(struct mtw_softc *sc, uint16_t which) 2714 { 2715 struct mtw_mcu_cmd_8 cmd; 2716 2717 cmd.func = htole32(0x1); 2718 cmd.val = htole32(which); 2719 mtw_mcu_cmd(sc, 16, &cmd, sizeof(struct mtw_mcu_cmd_8)); 2720 } 2721 2722 void 2723 mtw_set_bssid(struct mtw_softc *sc, const uint8_t *bssid) 2724 { 2725 mtw_write(sc, MTW_MAC_BSSID_DW0, 2726 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 2727 mtw_write(sc, MTW_MAC_BSSID_DW1, 2728 bssid[4] | bssid[5] << 8); 2729 } 2730 2731 void 2732 mtw_set_macaddr(struct mtw_softc *sc, const uint8_t *addr) 2733 { 2734 mtw_write(sc, MTW_MAC_ADDR_DW0, 2735 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 2736 mtw_write(sc, MTW_MAC_ADDR_DW1, 2737 addr[4] | addr[5] << 8 | 0xff << 16); 2738 } 2739 2740 #if NBPFILTER > 0 2741 int8_t 2742 mtw_rssi2dbm(struct mtw_softc *sc, uint8_t rssi, uint8_t rxchain) 2743 { 2744 struct ieee80211com *ic = &sc->sc_ic; 2745 struct ieee80211_channel *c = ic->ic_ibss_chan; 2746 int delta; 2747 2748 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2749 u_int chan = ieee80211_chan2ieee(ic, c); 2750 delta = sc->rssi_5ghz[rxchain]; 2751 2752 /* determine channel group */ 2753 if (chan <= 64) 2754 delta -= sc->lna[1]; 2755 else if (chan <= 128) 2756 delta -= sc->lna[2]; 2757 else 2758 delta -= sc->lna[3]; 2759 } else 2760 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 2761 2762 return -12 - delta - rssi; 2763 } 2764 #endif 2765 2766 int 2767 mt7601_bbp_init(struct mtw_softc *sc) 2768 { 2769 uint8_t bbp; 2770 int i, error, ntries; 2771 2772 /* wait for BBP to wake up */ 2773 for (ntries = 0; ntries < 20; ntries++) { 2774 if ((error = mtw_bbp_read(sc, 0, &bbp)) != 0) 2775 return error; 2776 if (bbp != 0 && bbp != 0xff) 2777 break; 2778 } 2779 2780 if (ntries == 20) 2781 return ETIMEDOUT; 2782 2783 mtw_bbp_read(sc, 3, &bbp); 2784 mtw_bbp_write(sc, 3, 0); 2785 mtw_bbp_read(sc, 105, &bbp); 2786 mtw_bbp_write(sc, 105, 0); 2787 2788 /* initialize BBP registers to default values */ 2789 for (i = 0; i < nitems(mt7601_def_bbp); i++) { 2790 if ((error = mtw_bbp_write(sc, mt7601_def_bbp[i].reg, 2791 mt7601_def_bbp[i].val)) != 0) 2792 return error; 2793 } 2794 2795 sc->sc_bw_calibrated = 0; 2796 2797 return 0; 2798 } 2799 2800 int 2801 mt7601_rf_init(struct mtw_softc *sc) 2802 { 2803 int i, error; 2804 2805 /* RF bank 0 */ 2806 for (i = 0; i < nitems(mt7601_rf_bank0); i++) { 2807 error = mtw_rf_write(sc, 0, mt7601_rf_bank0[i].reg, 2808 mt7601_rf_bank0[i].val); 2809 if (error != 0) 2810 return error; 2811 } 2812 /* RF bank 4 */ 2813 for (i = 0; i < nitems(mt7601_rf_bank4); i++) { 2814 error = mtw_rf_write(sc, 4, mt7601_rf_bank4[i].reg, 2815 mt7601_rf_bank4[i].val); 2816 if (error != 0) 2817 return error; 2818 } 2819 /* RF bank 5 */ 2820 for (i = 0; i < nitems(mt7601_rf_bank5); i++) { 2821 error = mtw_rf_write(sc, 5, mt7601_rf_bank5[i].reg, 2822 mt7601_rf_bank5[i].val); 2823 if (error != 0) 2824 return error; 2825 } 2826 return 0; 2827 } 2828 2829 int 2830 mt7601_rf_setup(struct mtw_softc *sc) 2831 { 2832 uint32_t tmp; 2833 uint8_t rf; 2834 int error; 2835 2836 if (sc->sc_rf_calibrated) 2837 return 0; 2838 2839 /* init RF registers */ 2840 if ((error = mt7601_rf_init(sc)) != 0) 2841 return error; 2842 2843 /* init frequency offset */ 2844 mtw_rf_write(sc, 0, 12, sc->rf_freq_offset); 2845 mtw_rf_read(sc, 0, 12, &rf); 2846 2847 /* read temperature */ 2848 mt7601_rf_temperature(sc, &rf); 2849 sc->bbp_temp = rf; 2850 DPRINTF(("BBP temp 0x%x ", rf)); 2851 2852 mtw_rf_read(sc, 0, 7, &rf); 2853 if ((error = mtw_mcu_calibrate(sc, 0x1, 0)) != 0) 2854 return error; 2855 usbd_delay_ms(sc->sc_udev, 100); 2856 mtw_rf_read(sc, 0, 7, &rf); 2857 2858 /* Calibrate VCO RF 0/4 */ 2859 mtw_rf_write(sc, 0, 4, 0x0a); 2860 mtw_rf_write(sc, 0, 4, 0x20); 2861 mtw_rf_read(sc, 0, 4, &rf); 2862 mtw_rf_write(sc, 0, 4, rf | 0x80); 2863 2864 if ((error = mtw_mcu_calibrate(sc, 0x9, 0)) != 0) 2865 return error; 2866 if ((error = mt7601_rxdc_cal(sc)) != 0) 2867 return error; 2868 if ((error = mtw_mcu_calibrate(sc, 0x6, 1)) != 0) 2869 return error; 2870 if ((error = mtw_mcu_calibrate(sc, 0x6, 0)) != 0) 2871 return error; 2872 if ((error = mtw_mcu_calibrate(sc, 0x4, 0)) != 0) 2873 return error; 2874 if ((error = mtw_mcu_calibrate(sc, 0x5, 0)) != 0) 2875 return error; 2876 2877 mtw_read(sc, MTW_LDO_CFG0, &tmp); 2878 tmp &= ~(1 << 4); 2879 tmp |= (1 << 2); 2880 mtw_write(sc, MTW_LDO_CFG0, tmp); 2881 2882 if ((error = mtw_mcu_calibrate(sc, 0x8, 0)) != 0) 2883 return error; 2884 if ((error = mt7601_rxdc_cal(sc)) != 0) 2885 return error; 2886 2887 sc->sc_rf_calibrated = 1; 2888 return 0; 2889 } 2890 2891 int 2892 mt7601_rf_temperature(struct mtw_softc *sc, int8_t *val) 2893 { 2894 uint32_t rfb, rfs; 2895 uint8_t bbp; 2896 int ntries; 2897 2898 mtw_read(sc, MTW_RF_BYPASS0, &rfb); 2899 mtw_read(sc, MTW_RF_SETTING0, &rfs); 2900 mtw_write(sc, MTW_RF_BYPASS0, 0); 2901 mtw_write(sc, MTW_RF_SETTING0, 0x10); 2902 mtw_write(sc, MTW_RF_BYPASS0, 0x10); 2903 2904 mtw_bbp_read(sc, 47, &bbp); 2905 bbp &= ~0x7f; 2906 bbp |= 0x10; 2907 mtw_bbp_write(sc, 47, bbp); 2908 2909 mtw_bbp_write(sc, 22, 0x40); 2910 2911 for (ntries = 0; ntries < 10; ntries++) { 2912 mtw_bbp_read(sc, 47, &bbp); 2913 if ((bbp & 0x10) == 0) 2914 break; 2915 } 2916 if (ntries == 10) 2917 return ETIMEDOUT; 2918 2919 mt7601_r49_read(sc, MT7601_R47_TEMP, val); 2920 2921 mtw_bbp_write(sc, 22, 0); 2922 2923 mtw_bbp_read(sc, 21, &bbp); 2924 bbp |= 0x02; 2925 mtw_bbp_write(sc, 21, bbp); 2926 bbp &= ~0x02; 2927 mtw_bbp_write(sc, 21, bbp); 2928 2929 mtw_write(sc, MTW_RF_BYPASS0, 0); 2930 mtw_write(sc, MTW_RF_SETTING0, rfs); 2931 mtw_write(sc, MTW_RF_BYPASS0, rfb); 2932 return 0; 2933 } 2934 2935 int 2936 mt7601_r49_read(struct mtw_softc *sc, uint8_t flag, int8_t *val) 2937 { 2938 uint8_t bbp; 2939 2940 mtw_bbp_read(sc, 47, &bbp); 2941 bbp = 0x90; 2942 mtw_bbp_write(sc, 47, bbp); 2943 bbp &= ~0x0f; 2944 bbp |= flag; 2945 mtw_bbp_write(sc, 47, bbp); 2946 return mtw_bbp_read(sc, 49, val); 2947 } 2948 2949 int 2950 mt7601_rxdc_cal(struct mtw_softc *sc) 2951 { 2952 uint32_t tmp; 2953 uint8_t bbp; 2954 int ntries; 2955 2956 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp); 2957 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_RX_EN); 2958 mtw_bbp_write(sc, 158, 0x8d); 2959 mtw_bbp_write(sc, 159, 0xfc); 2960 mtw_bbp_write(sc, 158, 0x8c); 2961 mtw_bbp_write(sc, 159, 0x4c); 2962 2963 for (ntries = 0; ntries < 20; ntries++) { 2964 DELAY(300); 2965 mtw_bbp_write(sc, 158, 0x8c); 2966 mtw_bbp_read(sc, 159, &bbp); 2967 if (bbp == 0x0c) 2968 break; 2969 } 2970 2971 if (ntries == 20) 2972 return ETIMEDOUT; 2973 2974 mtw_write(sc, MTW_MAC_SYS_CTRL, 0); 2975 mtw_bbp_write(sc, 158, 0x8d); 2976 mtw_bbp_write(sc, 159, 0xe0); 2977 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp); 2978 return 0; 2979 } 2980 2981 int 2982 mtw_wlan_enable(struct mtw_softc *sc, int enable) 2983 { 2984 uint32_t tmp; 2985 int error = 0; 2986 2987 if (enable) { 2988 mtw_read(sc, MTW_WLAN_CTRL, &tmp); 2989 if (sc->asic_ver == 0x7612) 2990 tmp &= ~0xfffff000; 2991 2992 tmp &= ~MTW_WLAN_CLK_EN; 2993 tmp |= MTW_WLAN_EN; 2994 mtw_write(sc, MTW_WLAN_CTRL, tmp); 2995 usbd_delay_ms(sc->sc_udev, 2); 2996 2997 tmp |= MTW_WLAN_CLK_EN; 2998 if (sc->asic_ver == 0x7612) { 2999 tmp |= (MTW_WLAN_RESET | MTW_WLAN_RESET_RF); 3000 } 3001 mtw_write(sc, MTW_WLAN_CTRL, tmp); 3002 usbd_delay_ms(sc->sc_udev, 2); 3003 3004 mtw_read(sc, MTW_OSC_CTRL, &tmp); 3005 tmp |= MTW_OSC_EN; 3006 mtw_write(sc, MTW_OSC_CTRL, tmp); 3007 tmp |= MTW_OSC_CAL_REQ; 3008 mtw_write(sc, MTW_OSC_CTRL, tmp); 3009 } else { 3010 mtw_read(sc, MTW_WLAN_CTRL, &tmp); 3011 tmp &= ~(MTW_WLAN_CLK_EN | MTW_WLAN_EN); 3012 mtw_write(sc, MTW_WLAN_CTRL, tmp); 3013 3014 mtw_read(sc, MTW_OSC_CTRL, &tmp); 3015 tmp &= ~MTW_OSC_EN; 3016 mtw_write(sc, MTW_OSC_CTRL, tmp); 3017 } 3018 return error; 3019 } 3020 3021 int 3022 mtw_txrx_enable(struct mtw_softc *sc) 3023 { 3024 uint32_t tmp; 3025 int error, ntries; 3026 3027 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_TX_EN); 3028 for (ntries = 0; ntries < 200; ntries++) { 3029 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0) 3030 return error; 3031 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3032 break; 3033 DELAY(1000); 3034 } 3035 if (ntries == 200) 3036 return ETIMEDOUT; 3037 3038 DELAY(50); 3039 3040 tmp |= MTW_RX_DMA_EN | MTW_TX_DMA_EN | MTW_TX_WB_DDONE; 3041 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3042 3043 /* enable Rx bulk aggregation (set timeout and limit) */ 3044 tmp = MTW_USB_TX_EN | MTW_USB_RX_EN | MTW_USB_RX_AGG_EN | 3045 MTW_USB_RX_AGG_TO(128) | MTW_USB_RX_AGG_LMT(2); 3046 mtw_write(sc, MTW_USB_DMA_CFG, tmp); 3047 3048 /* set Rx filter */ 3049 tmp = MTW_DROP_CRC_ERR | MTW_DROP_PHY_ERR; 3050 if (sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR) { 3051 tmp |= MTW_DROP_UC_NOME | MTW_DROP_DUPL | 3052 MTW_DROP_CTS | MTW_DROP_BA | MTW_DROP_ACK | 3053 MTW_DROP_VER_ERR | MTW_DROP_CTRL_RSV | 3054 MTW_DROP_CFACK | MTW_DROP_CFEND; 3055 if (sc->sc_ic.ic_opmode == IEEE80211_M_STA) 3056 tmp |= MTW_DROP_RTS | MTW_DROP_PSPOLL; 3057 } 3058 mtw_write(sc, MTW_RX_FILTR_CFG, tmp); 3059 3060 mtw_write(sc, MTW_MAC_SYS_CTRL, 3061 MTW_MAC_RX_EN | MTW_MAC_TX_EN); 3062 return 0; 3063 } 3064 3065 int 3066 mtw_init(struct ifnet *ifp) 3067 { 3068 struct mtw_softc *sc = ifp->if_softc; 3069 struct ieee80211com *ic = &sc->sc_ic; 3070 uint32_t tmp; 3071 int i, error, ridx, ntries, qid; 3072 3073 if (usbd_is_dying(sc->sc_udev)) 3074 return ENXIO; 3075 3076 /* init Tx rings (4 EDCAs, 1 HCCA, 1 MGMT) */ 3077 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) { 3078 if ((error = mtw_alloc_tx_ring(sc, qid)) != 0) 3079 goto fail; 3080 } 3081 3082 /* init Rx ring */ 3083 if ((error = mtw_alloc_rx_ring(sc, 0)) != 0) 3084 goto fail; 3085 3086 /* init MCU Tx ring */ 3087 if ((error = mtw_alloc_mcu_ring(sc)) != 0) 3088 goto fail; 3089 3090 /* init host command ring */ 3091 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0; 3092 3093 for (ntries = 0; ntries < 100; ntries++) { 3094 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0) 3095 goto fail; 3096 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3097 break; 3098 DELAY(1000); 3099 } 3100 if (ntries == 100) { 3101 printf("%s: timeout waiting for DMA engine\n", 3102 sc->sc_dev.dv_xname); 3103 error = ETIMEDOUT; 3104 goto fail; 3105 } 3106 tmp &= 0xff0; 3107 tmp |= MTW_TX_WB_DDONE; 3108 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3109 3110 /* reset MAC and baseband */ 3111 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_BBP_HRST | MTW_MAC_SRST); 3112 mtw_write(sc, MTW_USB_DMA_CFG, 0); 3113 mtw_write(sc, MTW_MAC_SYS_CTRL, 0); 3114 3115 /* init MAC values */ 3116 if (sc->mac_ver == 0x7601) { 3117 for (i = 0; i < nitems(mt7601_def_mac); i++) 3118 mtw_write(sc, mt7601_def_mac[i].reg, 3119 mt7601_def_mac[i].val); 3120 } 3121 3122 /* wait while MAC is busy */ 3123 for (ntries = 0; ntries < 100; ntries++) { 3124 if ((error = mtw_read(sc, MTW_MAC_STATUS_REG, &tmp)) != 0) 3125 goto fail; 3126 if (!(tmp & (MTW_RX_STATUS_BUSY | MTW_TX_STATUS_BUSY))) 3127 break; 3128 DELAY(1000); 3129 } 3130 if (ntries == 100) { 3131 error = ETIMEDOUT; 3132 goto fail; 3133 } 3134 3135 /* set MAC address */ 3136 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 3137 mtw_set_macaddr(sc, ic->ic_myaddr); 3138 3139 /* clear WCID attribute table */ 3140 mtw_set_region_4(sc, MTW_WCID_ATTR(0), 1, 8 * 32); 3141 3142 mtw_write(sc, 0x1648, 0x00830083); 3143 mtw_read(sc, MTW_FCE_L2_STUFF, &tmp); 3144 tmp &= ~MTW_L2S_WR_MPDU_LEN_EN; 3145 mtw_write(sc, MTW_FCE_L2_STUFF, tmp); 3146 3147 /* RTS config */ 3148 mtw_set_txrts(sc); 3149 3150 /* clear Host to MCU mailbox */ 3151 mtw_write(sc, MTW_BBP_CSR, 0); 3152 mtw_write(sc, MTW_H2M_MAILBOX, 0); 3153 3154 /* clear RX WCID search table */ 3155 mtw_set_region_4(sc, MTW_WCID_ENTRY(0), 0xffffffff, 512); 3156 3157 /* abort TSF synchronization */ 3158 mtw_abort_tsf_sync(sc); 3159 3160 mtw_read(sc, MTW_US_CYC_CNT, &tmp); 3161 tmp = (tmp & ~0xff); 3162 if (sc->mac_ver == 0x7601) 3163 tmp |= 0x1e; 3164 mtw_write(sc, MTW_US_CYC_CNT, tmp); 3165 3166 /* clear shared key table */ 3167 mtw_set_region_4(sc, MTW_SKEY(0, 0), 0, 8 * 32); 3168 3169 /* clear IV/EIV table */ 3170 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 8 * 32); 3171 3172 /* clear shared key mode */ 3173 mtw_write(sc, MTW_SKEY_MODE_0_7, 0); 3174 mtw_write(sc, MTW_SKEY_MODE_8_15, 0); 3175 3176 /* txop truncation */ 3177 mtw_write(sc, MTW_TXOP_CTRL_CFG, 0x0000583f); 3178 3179 /* init Tx power for all Tx rates */ 3180 for (ridx = 0; ridx < 5; ridx++) { 3181 if (sc->txpow20mhz[ridx] == 0xffffffff) 3182 continue; 3183 mtw_write(sc, MTW_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 3184 } 3185 mtw_write(sc, MTW_TX_PWR_CFG7, 0); 3186 mtw_write(sc, MTW_TX_PWR_CFG9, 0); 3187 3188 mtw_read(sc, MTW_CMB_CTRL, &tmp); 3189 tmp &= ~(1 << 18 | 1 << 14); 3190 mtw_write(sc, MTW_CMB_CTRL, tmp); 3191 3192 /* clear USB DMA */ 3193 mtw_write(sc, MTW_USB_DMA_CFG, MTW_USB_TX_EN | MTW_USB_RX_EN | 3194 MTW_USB_RX_AGG_EN | MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT | 3195 MTW_USB_RX_WL_DROP); 3196 usbd_delay_ms(sc->sc_udev, 50); 3197 mtw_read(sc, MTW_USB_DMA_CFG, &tmp); 3198 tmp &= ~(MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT | 3199 MTW_USB_RX_WL_DROP); 3200 mtw_write(sc, MTW_USB_DMA_CFG, tmp); 3201 3202 /* enable radio */ 3203 mtw_mcu_radio(sc, 0x31, 0); 3204 3205 /* init RF registers */ 3206 if (sc->mac_ver == 0x7601) 3207 mt7601_rf_init(sc); 3208 3209 /* init baseband registers */ 3210 if (sc->mac_ver == 0x7601) 3211 error = mt7601_bbp_init(sc); 3212 3213 if (error != 0) { 3214 printf("%s: could not initialize BBP\n", sc->sc_dev.dv_xname); 3215 goto fail; 3216 } 3217 3218 /* setup and calibrate RF */ 3219 if (sc->mac_ver == 0x7601) 3220 error = mt7601_rf_setup(sc); 3221 3222 if (error != 0) { 3223 printf("%s: could not initialize RF\n", sc->sc_dev.dv_xname); 3224 goto fail; 3225 } 3226 3227 /* select default channel */ 3228 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 3229 mtw_set_chan(sc, ic->ic_ibss_chan); 3230 3231 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 3232 struct mtw_rx_data *data = &sc->rxq[MTW_RXQ_WLAN].data[i]; 3233 3234 usbd_setup_xfer(data->xfer, sc->rxq[MTW_RXQ_WLAN].pipeh, 3235 data, data->buf, 3236 MTW_MAX_RXSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY, 3237 USBD_NO_TIMEOUT, mtw_rxeof); 3238 error = usbd_transfer(data->xfer); 3239 if (error != 0 && error != USBD_IN_PROGRESS) 3240 goto fail; 3241 } 3242 3243 if ((error = mtw_txrx_enable(sc)) != 0) 3244 goto fail; 3245 3246 /* init LEDs */ 3247 mtw_set_leds(sc, MTW_LED_MODE_ON); 3248 3249 ifp->if_flags |= IFF_RUNNING; 3250 ifq_clr_oactive(&ifp->if_snd); 3251 3252 if (ic->ic_flags & IEEE80211_F_WEPON) { 3253 /* install WEP keys */ 3254 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 3255 if (ic->ic_nw_keys[i].k_cipher != IEEE80211_CIPHER_NONE) 3256 (void)mtw_set_key(ic, NULL, &ic->ic_nw_keys[i]); 3257 } 3258 } 3259 3260 if (ic->ic_opmode == IEEE80211_M_MONITOR) 3261 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3262 else 3263 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3264 3265 if (error != 0) 3266 fail: mtw_stop(ifp, 1); 3267 return error; 3268 } 3269 3270 void 3271 mtw_stop(struct ifnet *ifp, int disable) 3272 { 3273 struct mtw_softc *sc = ifp->if_softc; 3274 struct ieee80211com *ic = &sc->sc_ic; 3275 uint32_t tmp; 3276 int s, ntries, error, qid; 3277 3278 if (ifp->if_flags & IFF_RUNNING) 3279 mtw_set_leds(sc, MTW_LED_MODE_ON); 3280 3281 sc->sc_tx_timer = 0; 3282 ifp->if_timer = 0; 3283 ifp->if_flags &= ~IFF_RUNNING; 3284 ifq_clr_oactive(&ifp->if_snd); 3285 3286 timeout_del(&sc->scan_to); 3287 timeout_del(&sc->calib_to); 3288 3289 s = splusb(); 3290 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3291 /* wait for all queued asynchronous commands to complete */ 3292 usb_wait_task(sc->sc_udev, &sc->sc_task); 3293 splx(s); 3294 3295 /* Disable Tx/Rx DMA. */ 3296 mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp); 3297 tmp &= ~(MTW_RX_DMA_EN | MTW_TX_DMA_EN); 3298 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3299 mtw_usb_dma_write(sc, 0); 3300 3301 for (ntries = 0; ntries < 100; ntries++) { 3302 if (mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp) != 0) 3303 break; 3304 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3305 break; 3306 DELAY(10); 3307 } 3308 if (ntries == 100) { 3309 printf("%s: timeout waiting for DMA engine\n", 3310 sc->sc_dev.dv_xname); 3311 } 3312 3313 /* stop MAC Tx/Rx */ 3314 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp); 3315 tmp &= ~(MTW_MAC_RX_EN | MTW_MAC_TX_EN); 3316 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp); 3317 3318 /* disable RTS retry */ 3319 mtw_read(sc, MTW_TX_RTS_CFG, &tmp); 3320 tmp &= ~0xff; 3321 mtw_write(sc, MTW_TX_RTS_CFG, tmp); 3322 3323 /* US_CYC_CFG */ 3324 mtw_read(sc, MTW_US_CYC_CNT, &tmp); 3325 tmp = (tmp & ~0xff); 3326 mtw_write(sc, MTW_US_CYC_CNT, tmp); 3327 3328 /* stop PBF */ 3329 mtw_read(sc, MTW_PBF_CFG, &tmp); 3330 tmp &= ~0x3; 3331 mtw_write(sc, MTW_PBF_CFG, tmp); 3332 3333 /* wait for pending Tx to complete */ 3334 for (ntries = 0; ntries < 100; ntries++) { 3335 if ((error = mtw_read(sc, MTW_TXRXQ_PCNT, &tmp)) != 0) 3336 break; 3337 if ((tmp & MTW_TX2Q_PCNT_MASK) == 0) 3338 break; 3339 } 3340 DELAY(1000); 3341 3342 /* delete keys */ 3343 for (qid = 0; qid < 4; qid++) { 3344 mtw_read(sc, MTW_SKEY_MODE_0_7, &tmp); 3345 tmp &= ~(0xf << qid * 4); 3346 mtw_write(sc, MTW_SKEY_MODE_0_7, tmp); 3347 } 3348 3349 if (disable) { 3350 /* disable radio */ 3351 error = mtw_mcu_radio(sc, 0x30, 0x1); 3352 usbd_delay_ms(sc->sc_udev, 10); 3353 } 3354 3355 /* free Tx and Rx rings */ 3356 sc->qfullmsk = 0; 3357 mtw_free_mcu_ring(sc); 3358 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) 3359 mtw_free_tx_ring(sc, qid); 3360 mtw_free_rx_ring(sc, 0); 3361 } 3362