1 /* $OpenBSD: if_mtw.c,v 1.11 2024/05/23 03:21:08 jsg Exp $ */ 2 /* 3 * Copyright (c) 2008-2010 Damien Bergamini <damien.bergamini@free.fr> 4 * Copyright (c) 2013-2014 Kevin Lo 5 * Copyright (c) 2021 James Hastings 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * MediaTek MT7601U 802.11b/g/n WLAN. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/systm.h> 30 #include <sys/timeout.h> 31 #include <sys/device.h> 32 #include <sys/endian.h> 33 34 #include <machine/intr.h> 35 36 #if NBPFILTER > 0 37 #include <net/bpf.h> 38 #endif 39 #include <net/if.h> 40 #include <net/if_dl.h> 41 #include <net/if_media.h> 42 43 #include <netinet/in.h> 44 #include <netinet/if_ether.h> 45 46 #include <net80211/ieee80211_var.h> 47 #include <net80211/ieee80211_amrr.h> 48 #include <net80211/ieee80211_ra.h> 49 #include <net80211/ieee80211_radiotap.h> 50 51 #include <dev/usb/usb.h> 52 #include <dev/usb/usbdi.h> 53 #include <dev/usb/usbdi_util.h> 54 #include <dev/usb/usbdevs.h> 55 56 #include <dev/ic/mtwreg.h> 57 #include <dev/usb/if_mtwvar.h> 58 59 #ifdef MTW_DEBUG 60 #define DPRINTF(x) do { if (mtw_debug) printf x; } while (0) 61 #define DPRINTFN(n, x) do { if (mtw_debug >= (n)) printf x; } while (0) 62 int mtw_debug = 0; 63 #else 64 #define DPRINTF(x) 65 #define DPRINTFN(n, x) 66 #endif 67 68 #define USB_ID(v, p) { USB_VENDOR_##v, USB_PRODUCT_##v##_##p } 69 static const struct usb_devno mtw_devs[] = { 70 USB_ID(ASUS, USBN10V2), 71 USB_ID(AZUREWAVE, MT7601_1), 72 USB_ID(AZUREWAVE, MT7601_2), 73 USB_ID(DLINK, DWA127B1), 74 USB_ID(EDIMAX, EW7711UANV2), 75 USB_ID(MEDIATEK, MT7601_1), 76 USB_ID(MEDIATEK, MT7601_2), 77 USB_ID(RALINK, MT7601), 78 USB_ID(RALINK, MT7601_2), 79 USB_ID(RALINK, MT7601_3), 80 USB_ID(RALINK, MT7601_4), 81 USB_ID(RALINK, MT7601_5), 82 USB_ID(XIAOMI, MT7601U), 83 }; 84 85 int mtw_match(struct device *, void *, void *); 86 void mtw_attach(struct device *, struct device *, void *); 87 int mtw_detach(struct device *, int); 88 void mtw_attachhook(struct device *); 89 int mtw_alloc_rx_ring(struct mtw_softc *, int); 90 void mtw_free_rx_ring(struct mtw_softc *, int); 91 int mtw_alloc_tx_ring(struct mtw_softc *, int); 92 void mtw_free_tx_ring(struct mtw_softc *, int); 93 int mtw_alloc_mcu_ring(struct mtw_softc *); 94 void mtw_free_mcu_ring(struct mtw_softc *); 95 int mtw_ucode_write(struct mtw_softc *, const uint8_t *, 96 uint32_t, uint32_t); 97 void mtw_ucode_setup(struct mtw_softc *); 98 int mtw_load_microcode(struct mtw_softc *); 99 int mtw_reset(struct mtw_softc *); 100 int mtw_read(struct mtw_softc *, uint16_t, uint32_t *); 101 int mtw_read_cfg(struct mtw_softc *, uint16_t, uint32_t *); 102 int mtw_read_region_1(struct mtw_softc *, uint16_t, 103 uint8_t *, int); 104 int mtw_write_2(struct mtw_softc *, uint16_t, uint16_t); 105 int mtw_write(struct mtw_softc *, uint16_t, uint32_t); 106 int mtw_write_cfg(struct mtw_softc *, uint16_t, uint32_t); 107 int mtw_write_ivb(struct mtw_softc *, const uint8_t *, uint16_t); 108 int mtw_write_region_1(struct mtw_softc *, uint16_t, 109 uint8_t *, int); 110 int mtw_set_region_4(struct mtw_softc *, uint16_t, uint32_t, int); 111 int mtw_efuse_read_2(struct mtw_softc *, uint16_t, uint16_t *); 112 int mtw_eeprom_read_2(struct mtw_softc *, uint16_t, uint16_t *); 113 int mtw_rf_read(struct mtw_softc *, uint8_t, uint8_t, uint8_t *); 114 int mtw_rf_write(struct mtw_softc *, uint8_t, uint8_t, uint8_t); 115 int mtw_bbp_read(struct mtw_softc *, uint8_t, uint8_t *); 116 int mtw_bbp_write(struct mtw_softc *, uint8_t, uint8_t); 117 int mtw_usb_dma_read(struct mtw_softc *, uint32_t *); 118 int mtw_usb_dma_write(struct mtw_softc *, uint32_t); 119 int mtw_mcu_calibrate(struct mtw_softc *, int, uint32_t); 120 int mtw_mcu_channel(struct mtw_softc *, uint32_t, uint32_t, uint32_t); 121 int mtw_mcu_radio(struct mtw_softc *, int, uint32_t); 122 int mtw_mcu_cmd(struct mtw_softc *, int, void *, int); 123 const char * mtw_get_rf(int); 124 void mtw_get_txpower(struct mtw_softc *); 125 int mtw_read_eeprom(struct mtw_softc *); 126 struct ieee80211_node *mtw_node_alloc(struct ieee80211com *); 127 int mtw_media_change(struct ifnet *); 128 void mtw_next_scan(void *); 129 void mtw_task(void *); 130 void mtw_do_async(struct mtw_softc *, void (*)(struct mtw_softc *, 131 void *), void *, int); 132 int mtw_newstate(struct ieee80211com *, enum ieee80211_state, int); 133 void mtw_newstate_cb(struct mtw_softc *, void *); 134 void mtw_updateedca(struct ieee80211com *); 135 void mtw_updateedca_cb(struct mtw_softc *, void *); 136 void mtw_updateslot(struct ieee80211com *); 137 void mtw_updateslot_cb(struct mtw_softc *, void *); 138 int mtw_set_key(struct ieee80211com *, struct ieee80211_node *, 139 struct ieee80211_key *); 140 void mtw_set_key_cb(struct mtw_softc *, void *); 141 void mtw_delete_key(struct ieee80211com *, struct ieee80211_node *, 142 struct ieee80211_key *); 143 void mtw_delete_key_cb(struct mtw_softc *, void *); 144 void mtw_calibrate_to(void *); 145 void mtw_calibrate_cb(struct mtw_softc *, void *); 146 void mtw_newassoc(struct ieee80211com *, struct ieee80211_node *, 147 int); 148 void mtw_rx_frame(struct mtw_softc *, uint8_t *, int, 149 struct mbuf_list *); 150 void mtw_rxeof(struct usbd_xfer *, void *, usbd_status); 151 void mtw_txeof(struct usbd_xfer *, void *, usbd_status); 152 int mtw_tx(struct mtw_softc *, struct mbuf *, 153 struct ieee80211_node *); 154 void mtw_start(struct ifnet *); 155 void mtw_watchdog(struct ifnet *); 156 int mtw_ioctl(struct ifnet *, u_long, caddr_t); 157 void mtw_select_chan_group(struct mtw_softc *, int); 158 void mt7601_set_agc(struct mtw_softc *, uint8_t); 159 void mt7601_set_chan(struct mtw_softc *, u_int); 160 int mtw_set_chan(struct mtw_softc *, struct ieee80211_channel *); 161 void mtw_enable_tsf_sync(struct mtw_softc *); 162 void mtw_abort_tsf_sync(struct mtw_softc *); 163 void mtw_enable_mrr(struct mtw_softc *); 164 void mtw_set_txrts(struct mtw_softc *); 165 void mtw_set_txpreamble(struct mtw_softc *); 166 void mtw_set_basicrates(struct mtw_softc *); 167 void mtw_set_leds(struct mtw_softc *, uint16_t); 168 void mtw_set_bssid(struct mtw_softc *, const uint8_t *); 169 void mtw_set_macaddr(struct mtw_softc *, const uint8_t *); 170 #if NBPFILTER > 0 171 int8_t mtw_rssi2dbm(struct mtw_softc *, uint8_t, uint8_t); 172 #endif 173 int mt7601_bbp_init(struct mtw_softc *); 174 int mt7601_rf_init(struct mtw_softc *); 175 int mt7601_rf_setup(struct mtw_softc *); 176 int mt7601_rf_temperature(struct mtw_softc *, int8_t *); 177 int mt7601_r49_read(struct mtw_softc *, uint8_t, int8_t *); 178 int mt7601_rxdc_cal(struct mtw_softc *); 179 int mtw_wlan_enable(struct mtw_softc *, int); 180 int mtw_txrx_enable(struct mtw_softc *); 181 int mtw_init(struct ifnet *); 182 void mtw_stop(struct ifnet *, int); 183 184 struct cfdriver mtw_cd = { 185 NULL, "mtw", DV_IFNET 186 }; 187 188 const struct cfattach mtw_ca = { 189 sizeof (struct mtw_softc), mtw_match, mtw_attach, mtw_detach 190 }; 191 192 static const struct { 193 uint32_t reg; 194 uint32_t val; 195 } mt7601_def_mac[] = { 196 MT7601_DEF_MAC 197 }; 198 199 static const struct { 200 uint8_t reg; 201 uint8_t val; 202 } mt7601_def_bbp[] = { 203 MT7601_DEF_BBP 204 }; 205 206 static const struct { 207 u_int chan; 208 uint8_t r17, r18, r19, r20; 209 } mt7601_rf_chan[] = { 210 MT7601_RF_CHAN 211 }; 212 213 static const struct { 214 uint8_t reg; 215 uint8_t val; 216 } mt7601_rf_bank0[] = { 217 MT7601_BANK0_RF 218 },mt7601_rf_bank4[] = { 219 MT7601_BANK4_RF 220 },mt7601_rf_bank5[] = { 221 MT7601_BANK5_RF 222 }; 223 224 int 225 mtw_match(struct device *parent, void *match, void *aux) 226 { 227 struct usb_attach_arg *uaa = aux; 228 229 if (uaa->iface == NULL || uaa->configno != 1) 230 return UMATCH_NONE; 231 232 return (usb_lookup(mtw_devs, uaa->vendor, uaa->product) != NULL) ? 233 UMATCH_VENDOR_PRODUCT_CONF_IFACE : UMATCH_NONE; 234 } 235 236 void 237 mtw_attach(struct device *parent, struct device *self, void *aux) 238 { 239 struct mtw_softc *sc = (struct mtw_softc *)self; 240 struct usb_attach_arg *uaa = aux; 241 usb_interface_descriptor_t *id; 242 usb_endpoint_descriptor_t *ed; 243 int i, error, nrx, ntx, ntries; 244 uint32_t ver; 245 246 sc->sc_udev = uaa->device; 247 sc->sc_iface = uaa->iface; 248 249 /* 250 * Find all bulk endpoints. 251 */ 252 nrx = ntx = 0; 253 id = usbd_get_interface_descriptor(sc->sc_iface); 254 for (i = 0; i < id->bNumEndpoints; i++) { 255 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 256 if (ed == NULL || UE_GET_XFERTYPE(ed->bmAttributes) != UE_BULK) 257 continue; 258 259 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN) { 260 sc->rxq[nrx].pipe_no = ed->bEndpointAddress; 261 nrx++; 262 } else if (ntx < 6) { 263 if (ntx == 0) 264 sc->txq[MTW_TXQ_MCU].pipe_no = 265 ed->bEndpointAddress; 266 else 267 sc->txq[ntx - 1].pipe_no = 268 ed->bEndpointAddress; 269 ntx++; 270 } 271 } 272 /* make sure we've got them all */ 273 if (nrx < 2 || ntx < 6) { 274 printf("%s: missing endpoint\n", sc->sc_dev.dv_xname); 275 return; 276 } 277 278 /* wait for the chip to settle */ 279 for (ntries = 0; ntries < 100; ntries++) { 280 if ((error = mtw_read(sc, MTW_ASIC_VER, &ver)) != 0) 281 return; 282 if (ver != 0 && ver != 0xffffffff) 283 break; 284 DPRINTF(("%08x ", ver)); 285 DELAY(10); 286 } 287 if (ntries == 100) { 288 printf("%s: timeout waiting for NIC to initialize\n", 289 sc->sc_dev.dv_xname); 290 return; 291 } 292 293 sc->asic_ver = ver >> 16; 294 sc->asic_rev = ver & 0xffff; 295 296 usb_init_task(&sc->sc_task, mtw_task, sc, USB_TASK_TYPE_GENERIC); 297 timeout_set(&sc->scan_to, mtw_next_scan, sc); 298 timeout_set(&sc->calib_to, mtw_calibrate_to, sc); 299 300 sc->amrr.amrr_min_success_threshold = 1; 301 sc->amrr.amrr_max_success_threshold = 10; 302 303 config_mountroot(self, mtw_attachhook); 304 } 305 306 int 307 mtw_detach(struct device *self, int flags) 308 { 309 struct mtw_softc *sc = (struct mtw_softc *)self; 310 struct ifnet *ifp = &sc->sc_ic.ic_if; 311 int qid, s; 312 313 s = splusb(); 314 315 if (timeout_initialized(&sc->scan_to)) 316 timeout_del(&sc->scan_to); 317 if (timeout_initialized(&sc->calib_to)) 318 timeout_del(&sc->calib_to); 319 320 /* wait for all queued asynchronous commands to complete */ 321 usb_rem_wait_task(sc->sc_udev, &sc->sc_task); 322 323 usbd_ref_wait(sc->sc_udev); 324 325 if (ifp->if_softc != NULL) { 326 ifp->if_flags &= ~IFF_RUNNING; 327 ifq_clr_oactive(&ifp->if_snd); 328 ieee80211_ifdetach(ifp); 329 if_detach(ifp); 330 } 331 332 /* free rings and close pipes */ 333 mtw_free_mcu_ring(sc); 334 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) 335 mtw_free_tx_ring(sc, qid); 336 mtw_free_rx_ring(sc, 0); 337 mtw_free_rx_ring(sc, 1); 338 339 splx(s); 340 return 0; 341 } 342 343 void 344 mtw_attachhook(struct device *self) 345 { 346 struct mtw_softc *sc = (struct mtw_softc *)self; 347 struct ieee80211com *ic = &sc->sc_ic; 348 struct ifnet *ifp = &ic->ic_if; 349 uint32_t tmp; 350 int ntries, error, i; 351 352 if (usbd_is_dying(sc->sc_udev)) 353 return; 354 355 /* enable WLAN core */ 356 if ((error = mtw_wlan_enable(sc, 1)) != 0) { 357 printf("%s: could not enable WLAN core\n", 358 sc->sc_dev.dv_xname); 359 return; 360 } 361 362 /* load firmware */ 363 if ((error = mtw_load_microcode(sc)) != 0) { 364 printf("%s: could not load microcode\n", 365 sc->sc_dev.dv_xname); 366 goto fail; 367 } 368 369 mtw_usb_dma_read(sc, &tmp); 370 mtw_usb_dma_write(sc, tmp | (MTW_USB_RX_EN | MTW_USB_TX_EN)); 371 372 /* read MAC version */ 373 for (ntries = 0; ntries < 100; ntries++) { 374 if ((error = mtw_read(sc, MTW_MAC_VER_ID, &tmp)) != 0) 375 goto fail; 376 if (tmp != 0 && tmp != 0xffffffff) 377 break; 378 DELAY(10); 379 } 380 if (ntries == 100) { 381 printf("%s: failed reading MAC\n", sc->sc_dev.dv_xname); 382 goto fail; 383 } 384 385 sc->mac_ver = tmp >> 16; 386 sc->mac_rev = tmp & 0xffff; 387 388 /* retrieve RF rev. no and various other things from EEPROM */ 389 mtw_read_eeprom(sc); 390 391 printf("%s: MAC/BBP MT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), " 392 "address %s\n", sc->sc_dev.dv_xname, sc->mac_ver, 393 sc->mac_rev, mtw_get_rf(sc->rf_rev), sc->ntxchains, 394 sc->nrxchains, ether_sprintf(ic->ic_myaddr)); 395 396 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 397 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 398 ic->ic_state = IEEE80211_S_INIT; 399 400 /* set device capabilities */ 401 ic->ic_caps = 402 IEEE80211_C_MONITOR | /* monitor mode supported */ 403 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 404 IEEE80211_C_SHSLOT | /* short slot time supported */ 405 IEEE80211_C_WEP | /* WEP */ 406 IEEE80211_C_RSN; /* WPA/RSN */ 407 408 /* set supported .11b and .11g rates */ 409 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 410 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 411 412 /* set supported .11b and .11g channels (1 through 14) */ 413 for (i = 1; i <= 14; i++) { 414 ic->ic_channels[i].ic_freq = 415 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 416 ic->ic_channels[i].ic_flags = 417 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 418 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 419 } 420 421 ifp->if_softc = sc; 422 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 423 ifp->if_ioctl = mtw_ioctl; 424 ifp->if_start = mtw_start; 425 ifp->if_watchdog = mtw_watchdog; 426 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 427 428 if_attach(ifp); 429 ieee80211_ifattach(ifp); 430 ic->ic_node_alloc = mtw_node_alloc; 431 ic->ic_newassoc = mtw_newassoc; 432 ic->ic_updateslot = mtw_updateslot; 433 ic->ic_updateedca = mtw_updateedca; 434 ic->ic_set_key = mtw_set_key; 435 ic->ic_delete_key = mtw_delete_key; 436 437 /* override 802.11 state transition machine */ 438 sc->sc_newstate = ic->ic_newstate; 439 ic->ic_newstate = mtw_newstate; 440 ieee80211_media_init(ifp, mtw_media_change, ieee80211_media_status); 441 442 #if NBPFILTER > 0 443 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 444 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 445 446 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 447 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 448 sc->sc_rxtap.wr_ihdr.it_present = htole32(MTW_RX_RADIOTAP_PRESENT); 449 450 sc->sc_txtap_len = sizeof sc->sc_txtapu; 451 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 452 sc->sc_txtap.wt_ihdr.it_present = htole32(MTW_TX_RADIOTAP_PRESENT); 453 #endif 454 fail: 455 return; 456 } 457 458 int 459 mtw_alloc_rx_ring(struct mtw_softc *sc, int qid) 460 { 461 struct mtw_rx_ring *rxq = &sc->rxq[qid]; 462 int i, error; 463 464 if ((error = usbd_open_pipe(sc->sc_iface, rxq->pipe_no, 0, 465 &rxq->pipeh)) != 0) 466 goto fail; 467 468 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 469 struct mtw_rx_data *data = &rxq->data[i]; 470 471 data->sc = sc; /* backpointer for callbacks */ 472 473 data->xfer = usbd_alloc_xfer(sc->sc_udev); 474 if (data->xfer == NULL) { 475 error = ENOMEM; 476 goto fail; 477 } 478 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_RXSZ); 479 if (data->buf == NULL) { 480 error = ENOMEM; 481 goto fail; 482 } 483 } 484 if (error != 0) 485 fail: mtw_free_rx_ring(sc, 0); 486 return error; 487 } 488 489 void 490 mtw_free_rx_ring(struct mtw_softc *sc, int qid) 491 { 492 struct mtw_rx_ring *rxq = &sc->rxq[qid]; 493 int i; 494 495 if (rxq->pipeh != NULL) { 496 usbd_close_pipe(rxq->pipeh); 497 rxq->pipeh = NULL; 498 } 499 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 500 if (rxq->data[i].xfer != NULL) 501 usbd_free_xfer(rxq->data[i].xfer); 502 rxq->data[i].xfer = NULL; 503 } 504 } 505 506 int 507 mtw_alloc_tx_ring(struct mtw_softc *sc, int qid) 508 { 509 struct mtw_tx_ring *txq = &sc->txq[qid]; 510 int i, error; 511 uint16_t txwisize; 512 513 txwisize = sizeof(struct mtw_txwi); 514 515 txq->cur = txq->queued = 0; 516 517 if ((error = usbd_open_pipe(sc->sc_iface, txq->pipe_no, 0, 518 &txq->pipeh)) != 0) 519 goto fail; 520 521 for (i = 0; i < MTW_TX_RING_COUNT; i++) { 522 struct mtw_tx_data *data = &txq->data[i]; 523 524 data->sc = sc; /* backpointer for callbacks */ 525 data->qid = qid; 526 527 data->xfer = usbd_alloc_xfer(sc->sc_udev); 528 if (data->xfer == NULL) { 529 error = ENOMEM; 530 goto fail; 531 } 532 533 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ); 534 if (data->buf == NULL) { 535 error = ENOMEM; 536 goto fail; 537 } 538 539 /* zeroize the TXD + TXWI part */ 540 memset(data->buf, 0, MTW_MAX_TXSZ); 541 } 542 if (error != 0) 543 fail: mtw_free_tx_ring(sc, qid); 544 return error; 545 } 546 547 void 548 mtw_free_tx_ring(struct mtw_softc *sc, int qid) 549 { 550 struct mtw_tx_ring *txq = &sc->txq[qid]; 551 int i; 552 553 if (txq->pipeh != NULL) { 554 usbd_close_pipe(txq->pipeh); 555 txq->pipeh = NULL; 556 } 557 for (i = 0; i < MTW_TX_RING_COUNT; i++) { 558 if (txq->data[i].xfer != NULL) 559 usbd_free_xfer(txq->data[i].xfer); 560 txq->data[i].xfer = NULL; 561 } 562 } 563 564 int 565 mtw_alloc_mcu_ring(struct mtw_softc *sc) 566 { 567 struct mtw_tx_ring *ring = &sc->sc_mcu; 568 struct mtw_tx_data *data = &ring->data[0]; 569 int error = 0; 570 571 ring->cur = ring->queued = 0; 572 573 data->sc = sc; /* backpointer for callbacks */ 574 data->qid = 5; 575 576 data->xfer = usbd_alloc_xfer(sc->sc_udev); 577 if (data->xfer == NULL) { 578 error = ENOMEM; 579 goto fail; 580 } 581 582 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ); 583 if (data->buf == NULL) { 584 error = ENOMEM; 585 goto fail; 586 } 587 /* zeroize the TXD */ 588 memset(data->buf, 0, 4); 589 590 if (error != 0) 591 fail: mtw_free_mcu_ring(sc); 592 return error; 593 594 595 } 596 void 597 mtw_free_mcu_ring(struct mtw_softc *sc) 598 { 599 struct mtw_tx_ring *txq = &sc->sc_mcu; 600 601 if (txq->data[0].xfer != NULL) 602 usbd_free_xfer(txq->data[0].xfer); 603 txq->data[0].xfer = NULL; 604 } 605 606 int 607 mtw_ucode_write(struct mtw_softc *sc, const uint8_t *fw, uint32_t len, 608 uint32_t offset) 609 { 610 struct mtw_tx_ring *ring = &sc->txq[MTW_TXQ_MCU]; 611 struct usbd_xfer *xfer; 612 struct mtw_txd *txd; 613 uint8_t *buf; 614 uint32_t blksz, sent, tmp, xferlen; 615 int error; 616 617 blksz = 0x2000; 618 if (sc->asic_ver == 0x7612 && offset >= 0x90000) 619 blksz = 0x800; /* MT7612 ROM Patch */ 620 621 xfer = usbd_alloc_xfer(sc->sc_udev); 622 if (xfer == NULL) { 623 error = ENOMEM; 624 goto fail; 625 } 626 buf = usbd_alloc_buffer(xfer, blksz + 12); 627 if (buf == NULL) { 628 error = ENOMEM; 629 goto fail; 630 } 631 632 sent = 0; 633 for (;;) { 634 xferlen = min(len - sent, blksz); 635 if (xferlen == 0) 636 break; 637 638 txd = (struct mtw_txd *)buf; 639 txd->len = htole16(xferlen); 640 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_MCU); 641 642 memcpy(buf + sizeof(struct mtw_txd), fw + sent, xferlen); 643 memset(buf + sizeof(struct mtw_txd) + xferlen, 0, MTW_DMA_PAD); 644 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, offset + sent); 645 mtw_write_cfg(sc, MTW_MCU_DMA_LEN, (xferlen << 16)); 646 647 usbd_setup_xfer(xfer, ring->pipeh, NULL, buf, 648 xferlen + sizeof(struct mtw_txd) + MTW_DMA_PAD, 649 USBD_SHORT_XFER_OK | USBD_SYNCHRONOUS | USBD_NO_COPY, 650 MTW_TX_TIMEOUT, NULL); 651 if ((error = usbd_transfer(xfer)) != 0) 652 break; 653 654 mtw_read(sc, MTW_MCU_FW_IDX, &tmp); 655 mtw_write(sc, MTW_MCU_FW_IDX, tmp++); 656 657 sent += xferlen; 658 } 659 fail: 660 if (xfer != NULL) { 661 usbd_free_xfer(xfer); 662 xfer = NULL; 663 } 664 return error; 665 } 666 667 void 668 mtw_ucode_setup(struct mtw_softc *sc) 669 { 670 mtw_usb_dma_write(sc, (MTW_USB_TX_EN | MTW_USB_RX_EN)); 671 mtw_write(sc, MTW_FCE_PSE_CTRL, 1); 672 mtw_write(sc, MTW_TX_CPU_FCE_BASE, 0x400230); 673 mtw_write(sc, MTW_TX_CPU_FCE_MAX_COUNT, 1); 674 mtw_write(sc, MTW_MCU_FW_IDX, 1); 675 mtw_write(sc, MTW_FCE_PDMA, 0x44); 676 mtw_write(sc, MTW_FCE_SKIP_FS, 3); 677 } 678 679 int 680 mtw_load_microcode(struct mtw_softc *sc) 681 { 682 const struct mtw_ucode_hdr *hdr; 683 const struct mtw_ucode *fw; 684 const char *fwname; 685 u_char *ucode; 686 size_t size; 687 uint32_t tmp, iofs, dofs; 688 int ntries, error; 689 int dlen, ilen; 690 691 /* is firmware already running? */ 692 mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp); 693 if (tmp == MTW_MCU_READY) 694 return 0; 695 696 /* open MCU pipe */ 697 if ((error = usbd_open_pipe(sc->sc_iface, sc->txq[MTW_TXQ_MCU].pipe_no, 698 0, &sc->txq[MTW_TXQ_MCU].pipeh)) != 0) 699 return error; 700 701 if (sc->asic_ver == 0x7612) { 702 fwname = "mtw-mt7662u_rom_patch"; 703 704 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 705 printf("%s: failed loadfirmware of file %s (error %d)\n", 706 sc->sc_dev.dv_xname, fwname, error); 707 return error; 708 } 709 fw = (const struct mtw_ucode *) ucode + 0x1e; 710 ilen = size - 0x1e; 711 712 mtw_ucode_setup(sc); 713 714 if ((error = mtw_ucode_write(sc, fw->data, ilen, 0x90000)) != 0) 715 goto fail; 716 717 mtw_usb_dma_write(sc, 0x00e41814); 718 free(ucode, M_DEVBUF, size); 719 } 720 721 fwname = "mtw-mt7601u"; 722 iofs = 0x40; 723 dofs = 0; 724 if (sc->asic_ver == 0x7612) { 725 fwname = "mtw-mt7662u"; 726 iofs = 0x80040; 727 dofs = 0x110800; 728 } else if (sc->asic_ver == 0x7610) { 729 fwname = "mtw-mt7610u"; 730 dofs = 0x80000; 731 } 732 733 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 734 printf("%s: failed loadfirmware of file %s (error %d)\n", 735 sc->sc_dev.dv_xname, fwname, error); 736 return error; 737 } 738 739 if (size < sizeof(struct mtw_ucode_hdr)) { 740 printf("%s: firmware header too short\n", 741 sc->sc_dev.dv_xname); 742 goto fail; 743 } 744 745 fw = (const struct mtw_ucode *) ucode; 746 hdr = (const struct mtw_ucode_hdr *) &fw->hdr; 747 748 if (size < sizeof(struct mtw_ucode_hdr) + letoh32(hdr->ilm_len) + 749 letoh32(hdr->dlm_len)) { 750 printf("%s: firmware payload too short\n", 751 sc->sc_dev.dv_xname); 752 goto fail; 753 } 754 755 ilen = le32toh(hdr->ilm_len) - MTW_MCU_IVB_LEN; 756 dlen = le32toh(hdr->dlm_len); 757 758 if (ilen > size || dlen > size) { 759 printf("%s: firmware payload too large\n", 760 sc->sc_dev.dv_xname); 761 goto fail; 762 } 763 764 mtw_write(sc, MTW_FCE_PDMA, 0); 765 mtw_write(sc, MTW_FCE_PSE_CTRL, 0); 766 mtw_ucode_setup(sc); 767 768 if ((error = mtw_ucode_write(sc, fw->data, ilen, iofs)) != 0) 769 goto fail; 770 if (dlen > 0 && dofs > 0) { 771 if ((error = mtw_ucode_write(sc, fw->data + ilen, 772 dlen, dofs)) != 0) 773 goto fail; 774 } 775 776 /* write interrupt vectors */ 777 if (sc->asic_ver == 0x7612) { 778 /* MT7612 */ 779 if ((error = mtw_ucode_write(sc, fw->ivb, 780 MTW_MCU_IVB_LEN, 0x80000)) != 0) 781 goto fail; 782 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, 0x00095000); 783 mtw_write_ivb(sc, NULL, 0); 784 } else { 785 /* MT7601/MT7610 */ 786 if ((error = mtw_write_ivb(sc, fw->ivb, 787 MTW_MCU_IVB_LEN)) != 0) 788 goto fail; 789 } 790 791 /* wait until microcontroller is ready */ 792 usbd_delay_ms(sc->sc_udev, 10); 793 794 for (ntries = 0; ntries < 100; ntries++) { 795 if ((error = mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp)) != 0) 796 return error; 797 if (tmp & MTW_MCU_READY) 798 break; 799 usbd_delay_ms(sc->sc_udev, 100); 800 } 801 802 if (ntries == 100) { 803 printf("%s: timeout waiting for MCU to initialize\n", 804 sc->sc_dev.dv_xname); 805 error = ETIMEDOUT; 806 } 807 808 DPRINTF(("%s: loaded firmware ver %d.%d\n", sc->sc_dev.dv_xname, 809 le16toh(hdr->build_ver), le16toh(hdr->fw_ver))); 810 fail: 811 free(ucode, M_DEVBUF, size); 812 usbd_close_pipe(sc->txq[MTW_TXQ_MCU].pipeh); 813 sc->txq[MTW_TXQ_MCU].pipeh = NULL; 814 return error; 815 } 816 817 int 818 mtw_reset(struct mtw_softc *sc) 819 { 820 usb_device_request_t req; 821 822 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 823 req.bRequest = MTW_RESET; 824 USETW(req.wValue, 1); 825 USETW(req.wIndex, 0); 826 USETW(req.wLength, 0); 827 return usbd_do_request(sc->sc_udev, &req, NULL); 828 } 829 830 int 831 mtw_read(struct mtw_softc *sc, uint16_t reg, uint32_t *val) 832 { 833 uint32_t tmp; 834 int error; 835 836 error = mtw_read_region_1(sc, reg, 837 (uint8_t *)&tmp, sizeof tmp); 838 if (error == 0) 839 *val = letoh32(tmp); 840 else 841 *val = 0xffffffff; 842 return error; 843 } 844 845 int 846 mtw_read_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t *val) 847 { 848 usb_device_request_t req; 849 uint32_t tmp; 850 int error; 851 852 req.bmRequestType = UT_READ_VENDOR_DEVICE; 853 req.bRequest = MTW_READ_CFG; 854 USETW(req.wValue, 0); 855 USETW(req.wIndex, reg); 856 USETW(req.wLength, 4); 857 error = usbd_do_request(sc->sc_udev, &req, &tmp); 858 859 if (error == 0) 860 *val = letoh32(tmp); 861 else 862 *val = 0xffffffff; 863 return error; 864 } 865 866 int 867 mtw_read_region_1(struct mtw_softc *sc, uint16_t reg, 868 uint8_t *buf, int len) 869 { 870 usb_device_request_t req; 871 872 req.bmRequestType = UT_READ_VENDOR_DEVICE; 873 req.bRequest = MTW_READ_REGION_1; 874 USETW(req.wValue, 0); 875 USETW(req.wIndex, reg); 876 USETW(req.wLength, len); 877 return usbd_do_request(sc->sc_udev, &req, buf); 878 } 879 880 int 881 mtw_write_2(struct mtw_softc *sc, uint16_t reg, uint16_t val) 882 { 883 usb_device_request_t req; 884 885 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 886 req.bRequest = MTW_WRITE_2; 887 USETW(req.wValue, val); 888 USETW(req.wIndex, reg); 889 USETW(req.wLength, 0); 890 return usbd_do_request(sc->sc_udev, &req, NULL); 891 } 892 893 int 894 mtw_write(struct mtw_softc *sc, uint16_t reg, uint32_t val) 895 { 896 int error; 897 898 if ((error = mtw_write_2(sc, reg, val & 0xffff)) == 0) 899 error = mtw_write_2(sc, reg + 2, val >> 16); 900 return error; 901 } 902 903 int 904 mtw_write_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t val) 905 { 906 usb_device_request_t req; 907 int error; 908 909 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 910 req.bRequest = MTW_WRITE_CFG; 911 USETW(req.wValue, 0); 912 USETW(req.wIndex, reg); 913 USETW(req.wLength, 4); 914 val = htole32(val); 915 error = usbd_do_request(sc->sc_udev, &req, &val); 916 return error; 917 } 918 919 int 920 mtw_write_ivb(struct mtw_softc *sc, const uint8_t *buf, uint16_t len) 921 { 922 usb_device_request_t req; 923 924 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 925 req.bRequest = MTW_RESET; 926 USETW(req.wValue, 0x12); 927 USETW(req.wIndex, 0); 928 USETW(req.wLength, len); 929 return usbd_do_request(sc->sc_udev, &req, (void *)buf); 930 } 931 932 int 933 mtw_write_region_1(struct mtw_softc *sc, uint16_t reg, 934 uint8_t *buf, int len) 935 { 936 usb_device_request_t req; 937 938 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 939 req.bRequest = MTW_WRITE_REGION_1; 940 USETW(req.wValue, 0); 941 USETW(req.wIndex, reg); 942 USETW(req.wLength, len); 943 return usbd_do_request(sc->sc_udev, &req, buf); 944 } 945 946 int 947 mtw_set_region_4(struct mtw_softc *sc, uint16_t reg, uint32_t val, int count) 948 { 949 int error = 0; 950 951 for (; count > 0 && error == 0; count--, reg += 4) 952 error = mtw_write(sc, reg, val); 953 return error; 954 } 955 956 /* Read 16-bit from eFUSE ROM. */ 957 int 958 mtw_efuse_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 959 { 960 uint32_t tmp; 961 uint16_t reg; 962 int error, ntries; 963 964 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0) 965 return error; 966 967 addr *= 2; 968 /* 969 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 970 * DATA0: 3 2 1 0 971 * DATA1: 7 6 5 4 972 * DATA2: B A 9 8 973 * DATA3: F E D C 974 */ 975 tmp &= ~(MTW_EFSROM_MODE_MASK | MTW_EFSROM_AIN_MASK); 976 tmp |= (addr & ~0xf) << MTW_EFSROM_AIN_SHIFT | MTW_EFSROM_KICK; 977 mtw_write(sc, MTW_EFUSE_CTRL, tmp); 978 for (ntries = 0; ntries < 100; ntries++) { 979 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0) 980 return error; 981 if (!(tmp & MTW_EFSROM_KICK)) 982 break; 983 DELAY(2); 984 } 985 if (ntries == 100) 986 return ETIMEDOUT; 987 988 if ((tmp & MTW_EFUSE_AOUT_MASK) == MTW_EFUSE_AOUT_MASK) { 989 *val = 0xffff; /* address not found */ 990 return 0; 991 } 992 /* determine to which 32-bit register our 16-bit word belongs */ 993 reg = MTW_EFUSE_DATA0 + (addr & 0xc); 994 if ((error = mtw_read(sc, reg, &tmp)) != 0) 995 return error; 996 997 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 998 return 0; 999 } 1000 1001 int 1002 mtw_eeprom_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 1003 { 1004 usb_device_request_t req; 1005 uint16_t tmp; 1006 int error; 1007 1008 addr *= 2; 1009 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1010 req.bRequest = MTW_EEPROM_READ; 1011 USETW(req.wValue, 0); 1012 USETW(req.wIndex, addr); 1013 USETW(req.wLength, sizeof tmp); 1014 error = usbd_do_request(sc->sc_udev, &req, &tmp); 1015 if (error == 0) 1016 *val = letoh16(tmp); 1017 else 1018 *val = 0xffff; 1019 return error; 1020 } 1021 1022 static __inline int 1023 mtw_srom_read(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 1024 { 1025 /* either eFUSE ROM or EEPROM */ 1026 return sc->sc_srom_read(sc, addr, val); 1027 } 1028 1029 int 1030 mtw_rf_read(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t *val) 1031 { 1032 uint32_t tmp; 1033 int error, ntries, shift; 1034 1035 for (ntries = 0; ntries < 100; ntries++) { 1036 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1037 return error; 1038 if (!(tmp & MTW_RF_CSR_KICK)) 1039 break; 1040 } 1041 if (ntries == 100) 1042 return ETIMEDOUT; 1043 1044 if (sc->mac_ver == 0x7601) 1045 shift = MT7601_BANK_SHIFT; 1046 else 1047 shift = MT7610_BANK_SHIFT; 1048 1049 tmp = MTW_RF_CSR_KICK | (bank & 0xf) << shift | reg << 8; 1050 if ((error = mtw_write(sc, MTW_RF_CSR, tmp)) != 0) 1051 return error; 1052 1053 for (ntries = 0; ntries < 100; ntries++) { 1054 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1055 return error; 1056 if (!(tmp & MTW_RF_CSR_KICK)) 1057 break; 1058 } 1059 if (ntries == 100) 1060 return ETIMEDOUT; 1061 1062 *val = tmp & 0xff; 1063 return 0; 1064 } 1065 1066 int 1067 mtw_rf_write(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t val) 1068 { 1069 uint32_t tmp; 1070 int error, ntries, shift; 1071 1072 for (ntries = 0; ntries < 10; ntries++) { 1073 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1074 return error; 1075 if (!(tmp & MTW_RF_CSR_KICK)) 1076 break; 1077 } 1078 if (ntries == 10) 1079 return ETIMEDOUT; 1080 1081 if (sc->mac_ver == 0x7601) 1082 shift = MT7601_BANK_SHIFT; 1083 else 1084 shift = MT7610_BANK_SHIFT; 1085 1086 tmp = MTW_RF_CSR_WRITE | MTW_RF_CSR_KICK | (bank & 0xf) << shift | 1087 reg << 8 | val; 1088 return mtw_write(sc, MTW_RF_CSR, tmp); 1089 } 1090 1091 int 1092 mtw_bbp_read(struct mtw_softc *sc, uint8_t reg, uint8_t *val) 1093 { 1094 uint32_t tmp; 1095 int ntries, error; 1096 1097 for (ntries = 0; ntries < 10; ntries++) { 1098 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1099 return error; 1100 if (!(tmp & MTW_BBP_CSR_KICK)) 1101 break; 1102 } 1103 if (ntries == 10) 1104 return ETIMEDOUT; 1105 1106 tmp = MTW_BBP_CSR_READ | MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT; 1107 if ((error = mtw_write(sc, MTW_BBP_CSR, tmp)) != 0) 1108 return error; 1109 1110 for (ntries = 0; ntries < 10; ntries++) { 1111 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1112 return error; 1113 if (!(tmp & MTW_BBP_CSR_KICK)) 1114 break; 1115 } 1116 if (ntries == 10) 1117 return ETIMEDOUT; 1118 1119 *val = tmp & 0xff; 1120 return 0; 1121 } 1122 1123 int 1124 mtw_bbp_write(struct mtw_softc *sc, uint8_t reg, uint8_t val) 1125 { 1126 uint32_t tmp; 1127 int ntries, error; 1128 1129 for (ntries = 0; ntries < 10; ntries++) { 1130 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1131 return error; 1132 if (!(tmp & MTW_BBP_CSR_KICK)) 1133 break; 1134 } 1135 if (ntries == 10) 1136 return ETIMEDOUT; 1137 1138 tmp = MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT | val; 1139 return mtw_write(sc, MTW_BBP_CSR, tmp); 1140 } 1141 1142 int 1143 mtw_usb_dma_read(struct mtw_softc *sc, uint32_t *val) 1144 { 1145 if (sc->asic_ver == 0x7612) 1146 return mtw_read_cfg(sc, MTW_USB_U3DMA_CFG, val); 1147 else 1148 return mtw_read(sc, MTW_USB_DMA_CFG, val); 1149 } 1150 1151 int 1152 mtw_usb_dma_write(struct mtw_softc *sc, uint32_t val) 1153 { 1154 if (sc->asic_ver == 0x7612) 1155 return mtw_write_cfg(sc, MTW_USB_U3DMA_CFG, val); 1156 else 1157 return mtw_write(sc, MTW_USB_DMA_CFG, val); 1158 } 1159 1160 int 1161 mtw_mcu_calibrate(struct mtw_softc *sc, int func, uint32_t val) 1162 { 1163 struct mtw_mcu_cmd_8 cmd; 1164 1165 cmd.func = htole32(func); 1166 cmd.val = htole32(val); 1167 return mtw_mcu_cmd(sc, 31, &cmd, sizeof(struct mtw_mcu_cmd_8)); 1168 } 1169 1170 int 1171 mtw_mcu_channel(struct mtw_softc *sc, uint32_t r1, uint32_t r2, uint32_t r4) 1172 { 1173 struct mtw_mcu_cmd_16 cmd; 1174 1175 cmd.r1 = htole32(r1); 1176 cmd.r2 = htole32(r2); 1177 cmd.r3 = 0; 1178 cmd.r4 = htole32(r4); 1179 return mtw_mcu_cmd(sc, 30, &cmd, sizeof(struct mtw_mcu_cmd_16)); 1180 } 1181 1182 int 1183 mtw_mcu_radio(struct mtw_softc *sc, int func, uint32_t val) 1184 { 1185 struct mtw_mcu_cmd_16 cmd; 1186 1187 cmd.r1 = htole32(func); 1188 cmd.r2 = htole32(val); 1189 cmd.r3 = 0; 1190 cmd.r4 = 0; 1191 return mtw_mcu_cmd(sc, 20, &cmd, sizeof(struct mtw_mcu_cmd_16)); 1192 } 1193 1194 int 1195 mtw_mcu_cmd(struct mtw_softc *sc, int cmd, void *buf, int len) 1196 { 1197 struct mtw_tx_ring *ring = &sc->sc_mcu; 1198 struct mtw_tx_data *data = &ring->data[0]; 1199 struct mtw_txd *txd; 1200 int xferlen; 1201 1202 txd = (struct mtw_txd *)(data->buf); 1203 txd->len = htole16(len); 1204 txd->flags = htole16(MTW_TXD_CMD | MTW_TXD_MCU | 1205 (cmd & 0x1f) << MTW_TXD_CMD_SHIFT | (sc->cmd_seq & 0xf)); 1206 1207 memcpy(&txd[1], buf, len); 1208 memset(&txd[1] + len, 0, MTW_DMA_PAD); 1209 xferlen = len + sizeof(struct mtw_txd) + MTW_DMA_PAD; 1210 1211 usbd_setup_xfer(data->xfer, sc->txq[MTW_TXQ_MCU].pipeh, 1212 NULL, data->buf, xferlen, 1213 USBD_SHORT_XFER_OK | USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS, 1214 MTW_TX_TIMEOUT, NULL); 1215 return usbd_transfer(data->xfer); 1216 } 1217 1218 /* 1219 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1220 * Used to adjust per-rate Tx power registers. 1221 */ 1222 static __inline uint32_t 1223 b4inc(uint32_t b32, int8_t delta) 1224 { 1225 int8_t i, b4; 1226 1227 for (i = 0; i < 8; i++) { 1228 b4 = b32 & 0xf; 1229 b4 += delta; 1230 if (b4 < 0) 1231 b4 = 0; 1232 else if (b4 > 0xf) 1233 b4 = 0xf; 1234 b32 = b32 >> 4 | b4 << 28; 1235 } 1236 return b32; 1237 } 1238 1239 const char * 1240 mtw_get_rf(int rev) 1241 { 1242 switch (rev) { 1243 case MT7601_RF_7601: return "MT7601"; 1244 case MT7610_RF_7610: return "MT7610"; 1245 case MT7612_RF_7612: return "MT7612"; 1246 } 1247 return "unknown"; 1248 } 1249 1250 void 1251 mtw_get_txpower(struct mtw_softc *sc) 1252 { 1253 uint16_t val; 1254 int i; 1255 1256 /* Read power settings for 2GHz channels. */ 1257 for (i = 0; i < 14; i += 2) { 1258 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1259 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1260 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1261 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1262 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1263 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1264 } 1265 /* Fix broken Tx power entries. */ 1266 for (i = 0; i < 14; i++) { 1267 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1268 sc->txpow1[i] = 5; 1269 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1270 sc->txpow2[i] = 5; 1271 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1272 mt7601_rf_chan[i].chan, sc->txpow1[i], sc->txpow2[i])); 1273 } 1274 #if 0 1275 /* Read power settings for 5GHz channels. */ 1276 for (i = 0; i < 40; i += 2) { 1277 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1278 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1279 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1280 1281 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1282 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1283 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1284 } 1285 /* Fix broken Tx power entries. */ 1286 for (i = 0; i < 40; i++ ) { 1287 if (sc->mac_ver != 0x5592) { 1288 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1289 sc->txpow1[14 + i] = 5; 1290 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1291 sc->txpow2[14 + i] = 5; 1292 } 1293 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1294 mt7601_rf_chan[14 + i].chan, sc->txpow1[14 + i], 1295 sc->txpow2[14 + i])); 1296 } 1297 #endif 1298 } 1299 1300 int 1301 mtw_read_eeprom(struct mtw_softc *sc) 1302 { 1303 struct ieee80211com *ic = &sc->sc_ic; 1304 int8_t delta_2ghz, delta_5ghz; 1305 uint16_t val; 1306 int ridx, ant; 1307 1308 sc->sc_srom_read = mtw_efuse_read_2; 1309 1310 /* read RF information */ 1311 mtw_srom_read(sc, MTW_EEPROM_CHIPID, &val); 1312 sc->rf_rev = val; 1313 mtw_srom_read(sc, MTW_EEPROM_ANTENNA, &val); 1314 sc->ntxchains = (val >> 4) & 0xf; 1315 sc->nrxchains = val & 0xf; 1316 DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1317 sc->rf_rev, sc->ntxchains, sc->nrxchains)); 1318 1319 /* read ROM version */ 1320 mtw_srom_read(sc, MTW_EEPROM_VERSION, &val); 1321 DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8)); 1322 1323 /* read MAC address */ 1324 mtw_srom_read(sc, MTW_EEPROM_MAC01, &val); 1325 ic->ic_myaddr[0] = val & 0xff; 1326 ic->ic_myaddr[1] = val >> 8; 1327 mtw_srom_read(sc, MTW_EEPROM_MAC23, &val); 1328 ic->ic_myaddr[2] = val & 0xff; 1329 ic->ic_myaddr[3] = val >> 8; 1330 mtw_srom_read(sc, MTW_EEPROM_MAC45, &val); 1331 ic->ic_myaddr[4] = val & 0xff; 1332 ic->ic_myaddr[5] = val >> 8; 1333 #if 0 1334 printf("eFUSE ROM\n00: "); 1335 for (int i = 0; i < 256; i++) { 1336 if (((i % 8) == 0) && i > 0) 1337 printf("\n%02x: ", i); 1338 mtw_srom_read(sc, i, &val); 1339 printf(" %04x", val); 1340 } 1341 printf("\n"); 1342 #endif 1343 /* check if RF supports automatic Tx access gain control */ 1344 mtw_srom_read(sc, MTW_EEPROM_CONFIG, &val); 1345 DPRINTF(("EEPROM CFG 0x%04x\n", val)); 1346 if ((val & 0xff) != 0xff) { 1347 sc->ext_5ghz_lna = (val >> 3) & 1; 1348 sc->ext_2ghz_lna = (val >> 2) & 1; 1349 /* check if RF supports automatic Tx access gain control */ 1350 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1351 /* check if we have a hardware radio switch */ 1352 sc->rfswitch = val & 1; 1353 } 1354 1355 /* read RF frequency offset from EEPROM */ 1356 mtw_srom_read(sc, MTW_EEPROM_FREQ_OFFSET, &val); 1357 if ((val & 0xff) != 0xff) 1358 sc->rf_freq_offset = val; 1359 else 1360 sc->rf_freq_offset = 0; 1361 DPRINTF(("frequency offset 0x%x\n", sc->rf_freq_offset)); 1362 1363 /* Read Tx power settings. */ 1364 mtw_get_txpower(sc); 1365 1366 /* read Tx power compensation for each Tx rate */ 1367 mtw_srom_read(sc, MTW_EEPROM_DELTAPWR, &val); 1368 delta_2ghz = delta_5ghz = 0; 1369 if ((val & 0xff) != 0xff && (val & 0x80)) { 1370 delta_2ghz = val & 0xf; 1371 if (!(val & 0x40)) /* negative number */ 1372 delta_2ghz = -delta_2ghz; 1373 } 1374 val >>= 8; 1375 if ((val & 0xff) != 0xff && (val & 0x80)) { 1376 delta_5ghz = val & 0xf; 1377 if (!(val & 0x40)) /* negative number */ 1378 delta_5ghz = -delta_5ghz; 1379 } 1380 DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n", 1381 delta_2ghz, delta_5ghz)); 1382 1383 for (ridx = 0; ridx < 5; ridx++) { 1384 uint32_t reg; 1385 1386 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2, &val); 1387 reg = val; 1388 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2 + 1, &val); 1389 reg |= (uint32_t)val << 16; 1390 1391 sc->txpow20mhz[ridx] = reg; 1392 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1393 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1394 1395 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1396 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1397 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx])); 1398 } 1399 1400 /* read RSSI offsets and LNA gains from EEPROM */ 1401 val = 0; 1402 mtw_srom_read(sc, MTW_EEPROM_RSSI1_2GHZ, &val); 1403 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1404 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1405 mtw_srom_read(sc, MTW_EEPROM_RSSI2_2GHZ, &val); 1406 /* 1407 * On RT3070 chips (limited to 2 Rx chains), this ROM 1408 * field contains the Tx mixer gain for the 2GHz band. 1409 */ 1410 if ((val & 0xff) != 0xff) 1411 sc->txmixgain_2ghz = val & 0x7; 1412 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz)); 1413 sc->lna[2] = val >> 8; /* channel group 2 */ 1414 mtw_srom_read(sc, MTW_EEPROM_RSSI1_5GHZ, &val); 1415 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1416 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1417 mtw_srom_read(sc, MTW_EEPROM_RSSI2_5GHZ, &val); 1418 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1419 1420 sc->lna[3] = val >> 8; /* channel group 3 */ 1421 1422 mtw_srom_read(sc, MTW_EEPROM_LNA, &val); 1423 sc->lna[0] = val & 0xff; /* channel group 0 */ 1424 sc->lna[1] = val >> 8; /* channel group 1 */ 1425 DPRINTF(("LNA0 0x%x\n", sc->lna[0])); 1426 1427 /* fix broken 5GHz LNA entries */ 1428 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1429 DPRINTF(("invalid LNA for channel group %d\n", 2)); 1430 sc->lna[2] = sc->lna[1]; 1431 } 1432 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1433 DPRINTF(("invalid LNA for channel group %d\n", 3)); 1434 sc->lna[3] = sc->lna[1]; 1435 } 1436 1437 /* fix broken RSSI offset entries */ 1438 for (ant = 0; ant < 3; ant++) { 1439 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1440 DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n", 1441 ant + 1, sc->rssi_2ghz[ant])); 1442 sc->rssi_2ghz[ant] = 0; 1443 } 1444 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1445 DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n", 1446 ant + 1, sc->rssi_5ghz[ant])); 1447 sc->rssi_5ghz[ant] = 0; 1448 } 1449 } 1450 return 0; 1451 } 1452 1453 struct ieee80211_node * 1454 mtw_node_alloc(struct ieee80211com *ic) 1455 { 1456 struct mtw_node *mn; 1457 1458 mn = malloc(sizeof (struct mtw_node), M_USBDEV, M_NOWAIT | M_ZERO); 1459 return (struct ieee80211_node *)mn; 1460 } 1461 1462 int 1463 mtw_media_change(struct ifnet *ifp) 1464 { 1465 struct mtw_softc *sc = ifp->if_softc; 1466 struct ieee80211com *ic = &sc->sc_ic; 1467 uint8_t rate, ridx; 1468 int error; 1469 1470 error = ieee80211_media_change(ifp); 1471 if (error != ENETRESET) 1472 return error; 1473 1474 if (ic->ic_fixed_rate != -1) { 1475 rate = ic->ic_sup_rates[ic->ic_curmode]. 1476 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1477 for (ridx = 0; ridx <= MTW_RIDX_MAX; ridx++) 1478 if (rt2860_rates[ridx].rate == rate) 1479 break; 1480 sc->fixed_ridx = ridx; 1481 } 1482 1483 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1484 (IFF_UP | IFF_RUNNING)) { 1485 mtw_stop(ifp, 0); 1486 error = mtw_init(ifp); 1487 } 1488 return error; 1489 } 1490 1491 void 1492 mtw_next_scan(void *arg) 1493 { 1494 struct mtw_softc *sc = arg; 1495 int s; 1496 1497 if (usbd_is_dying(sc->sc_udev)) 1498 return; 1499 1500 usbd_ref_incr(sc->sc_udev); 1501 1502 s = splnet(); 1503 if (sc->sc_ic.ic_state == IEEE80211_S_SCAN) 1504 ieee80211_next_scan(&sc->sc_ic.ic_if); 1505 splx(s); 1506 1507 usbd_ref_decr(sc->sc_udev); 1508 } 1509 1510 void 1511 mtw_task(void *arg) 1512 { 1513 struct mtw_softc *sc = arg; 1514 struct mtw_host_cmd_ring *ring = &sc->cmdq; 1515 struct mtw_host_cmd *cmd; 1516 int s; 1517 1518 if (usbd_is_dying(sc->sc_udev)) 1519 return; 1520 1521 /* process host commands */ 1522 s = splusb(); 1523 while (ring->next != ring->cur) { 1524 cmd = &ring->cmd[ring->next]; 1525 splx(s); 1526 /* callback */ 1527 cmd->cb(sc, cmd->data); 1528 s = splusb(); 1529 ring->queued--; 1530 ring->next = (ring->next + 1) % MTW_HOST_CMD_RING_COUNT; 1531 } 1532 splx(s); 1533 } 1534 1535 void 1536 mtw_do_async(struct mtw_softc *sc, void (*cb)(struct mtw_softc *, void *), 1537 void *arg, int len) 1538 { 1539 struct mtw_host_cmd_ring *ring = &sc->cmdq; 1540 struct mtw_host_cmd *cmd; 1541 int s; 1542 1543 if (usbd_is_dying(sc->sc_udev)) 1544 return; 1545 1546 s = splusb(); 1547 cmd = &ring->cmd[ring->cur]; 1548 cmd->cb = cb; 1549 KASSERT(len <= sizeof (cmd->data)); 1550 memcpy(cmd->data, arg, len); 1551 ring->cur = (ring->cur + 1) % MTW_HOST_CMD_RING_COUNT; 1552 1553 /* if there is no pending command already, schedule a task */ 1554 if (++ring->queued == 1) 1555 usb_add_task(sc->sc_udev, &sc->sc_task); 1556 splx(s); 1557 } 1558 1559 int 1560 mtw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1561 { 1562 struct mtw_softc *sc = ic->ic_softc; 1563 struct mtw_cmd_newstate cmd; 1564 1565 /* do it in a process context */ 1566 cmd.state = nstate; 1567 cmd.arg = arg; 1568 mtw_do_async(sc, mtw_newstate_cb, &cmd, sizeof cmd); 1569 return 0; 1570 } 1571 1572 void 1573 mtw_newstate_cb(struct mtw_softc *sc, void *arg) 1574 { 1575 struct mtw_cmd_newstate *cmd = arg; 1576 struct ieee80211com *ic = &sc->sc_ic; 1577 enum ieee80211_state ostate; 1578 struct ieee80211_node *ni; 1579 uint32_t sta[3]; 1580 uint8_t wcid; 1581 int s; 1582 1583 s = splnet(); 1584 ostate = ic->ic_state; 1585 1586 if (ostate == IEEE80211_S_RUN) { 1587 /* turn link LED on */ 1588 mtw_set_leds(sc, MTW_LED_MODE_ON); 1589 } 1590 1591 switch (cmd->state) { 1592 case IEEE80211_S_INIT: 1593 if (ostate == IEEE80211_S_RUN) { 1594 /* abort TSF synchronization */ 1595 mtw_abort_tsf_sync(sc); 1596 } 1597 break; 1598 1599 case IEEE80211_S_SCAN: 1600 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1601 if (!usbd_is_dying(sc->sc_udev)) 1602 timeout_add_msec(&sc->scan_to, 200); 1603 break; 1604 1605 case IEEE80211_S_AUTH: 1606 case IEEE80211_S_ASSOC: 1607 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1608 break; 1609 1610 case IEEE80211_S_RUN: 1611 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1612 1613 ni = ic->ic_bss; 1614 1615 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1616 mtw_updateslot(ic); 1617 mtw_enable_mrr(sc); 1618 mtw_set_txpreamble(sc); 1619 mtw_set_basicrates(sc); 1620 mtw_set_bssid(sc, ni->ni_bssid); 1621 } 1622 if (ic->ic_opmode == IEEE80211_M_STA) { 1623 /* add BSS entry to the WCID table */ 1624 wcid = MTW_AID2WCID(ni->ni_associd); 1625 mtw_write_region_1(sc, MTW_WCID_ENTRY(wcid), 1626 ni->ni_macaddr, IEEE80211_ADDR_LEN); 1627 1628 /* fake a join to init the tx rate */ 1629 mtw_newassoc(ic, ni, 1); 1630 } 1631 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1632 mtw_enable_tsf_sync(sc); 1633 1634 /* clear statistic registers used by AMRR */ 1635 mtw_read_region_1(sc, MTW_TX_STA_CNT0, 1636 (uint8_t *)sta, sizeof sta); 1637 /* start calibration timer */ 1638 if (!usbd_is_dying(sc->sc_udev)) 1639 timeout_add_sec(&sc->calib_to, 1); 1640 } 1641 1642 /* turn link LED on */ 1643 mtw_set_leds(sc, MTW_LED_MODE_BLINK_TX); 1644 break; 1645 } 1646 (void)sc->sc_newstate(ic, cmd->state, cmd->arg); 1647 splx(s); 1648 } 1649 1650 void 1651 mtw_updateedca(struct ieee80211com *ic) 1652 { 1653 /* do it in a process context */ 1654 mtw_do_async(ic->ic_softc, mtw_updateedca_cb, NULL, 0); 1655 } 1656 1657 void 1658 mtw_updateedca_cb(struct mtw_softc *sc, void *arg) 1659 { 1660 struct ieee80211com *ic = &sc->sc_ic; 1661 int s, aci; 1662 1663 s = splnet(); 1664 /* update MAC TX configuration registers */ 1665 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 1666 mtw_write(sc, MTW_EDCA_AC_CFG(aci), 1667 ic->ic_edca_ac[aci].ac_ecwmax << 16 | 1668 ic->ic_edca_ac[aci].ac_ecwmin << 12 | 1669 ic->ic_edca_ac[aci].ac_aifsn << 8 | 1670 ic->ic_edca_ac[aci].ac_txoplimit); 1671 } 1672 1673 /* update SCH/DMA registers too */ 1674 mtw_write(sc, MTW_WMM_AIFSN_CFG, 1675 ic->ic_edca_ac[EDCA_AC_VO].ac_aifsn << 12 | 1676 ic->ic_edca_ac[EDCA_AC_VI].ac_aifsn << 8 | 1677 ic->ic_edca_ac[EDCA_AC_BK].ac_aifsn << 4 | 1678 ic->ic_edca_ac[EDCA_AC_BE].ac_aifsn); 1679 mtw_write(sc, MTW_WMM_CWMIN_CFG, 1680 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmin << 12 | 1681 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmin << 8 | 1682 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmin << 4 | 1683 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmin); 1684 mtw_write(sc, MTW_WMM_CWMAX_CFG, 1685 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmax << 12 | 1686 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmax << 8 | 1687 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmax << 4 | 1688 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmax); 1689 mtw_write(sc, MTW_WMM_TXOP0_CFG, 1690 ic->ic_edca_ac[EDCA_AC_BK].ac_txoplimit << 16 | 1691 ic->ic_edca_ac[EDCA_AC_BE].ac_txoplimit); 1692 mtw_write(sc, MTW_WMM_TXOP1_CFG, 1693 ic->ic_edca_ac[EDCA_AC_VO].ac_txoplimit << 16 | 1694 ic->ic_edca_ac[EDCA_AC_VI].ac_txoplimit); 1695 splx(s); 1696 } 1697 1698 void 1699 mtw_updateslot(struct ieee80211com *ic) 1700 { 1701 /* do it in a process context */ 1702 mtw_do_async(ic->ic_softc, mtw_updateslot_cb, NULL, 0); 1703 } 1704 1705 void 1706 mtw_updateslot_cb(struct mtw_softc *sc, void *arg) 1707 { 1708 uint32_t tmp; 1709 1710 mtw_read(sc, MTW_BKOFF_SLOT_CFG, &tmp); 1711 tmp &= ~0xff; 1712 tmp |= (sc->sc_ic.ic_flags & IEEE80211_F_SHSLOT) ? 1713 IEEE80211_DUR_DS_SHSLOT : IEEE80211_DUR_DS_SLOT; 1714 mtw_write(sc, MTW_BKOFF_SLOT_CFG, tmp); 1715 } 1716 1717 int 1718 mtw_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1719 struct ieee80211_key *k) 1720 { 1721 struct mtw_softc *sc = ic->ic_softc; 1722 struct mtw_cmd_key cmd; 1723 1724 /* defer setting of WEP keys until interface is brought up */ 1725 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) != 1726 (IFF_UP | IFF_RUNNING)) 1727 return 0; 1728 1729 /* do it in a process context */ 1730 cmd.key = *k; 1731 cmd.ni = ni; 1732 mtw_do_async(sc, mtw_set_key_cb, &cmd, sizeof cmd); 1733 sc->sc_key_tasks++; 1734 return EBUSY; 1735 } 1736 1737 void 1738 mtw_set_key_cb(struct mtw_softc *sc, void *arg) 1739 { 1740 struct ieee80211com *ic = &sc->sc_ic; 1741 struct mtw_cmd_key *cmd = arg; 1742 struct ieee80211_key *k = &cmd->key; 1743 uint32_t attr; 1744 uint16_t base; 1745 uint8_t mode, wcid, iv[8]; 1746 1747 sc->sc_key_tasks--; 1748 1749 /* map net80211 cipher to RT2860 security mode */ 1750 switch (k->k_cipher) { 1751 case IEEE80211_CIPHER_WEP40: 1752 mode = MTW_MODE_WEP40; 1753 break; 1754 case IEEE80211_CIPHER_WEP104: 1755 mode = MTW_MODE_WEP104; 1756 break; 1757 case IEEE80211_CIPHER_TKIP: 1758 mode = MTW_MODE_TKIP; 1759 break; 1760 case IEEE80211_CIPHER_CCMP: 1761 mode = MTW_MODE_AES_CCMP; 1762 break; 1763 default: 1764 if (cmd->ni != NULL) { 1765 IEEE80211_SEND_MGMT(ic, cmd->ni, 1766 IEEE80211_FC0_SUBTYPE_DEAUTH, 1767 IEEE80211_REASON_AUTH_LEAVE); 1768 } 1769 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1770 return; 1771 } 1772 1773 if (k->k_flags & IEEE80211_KEY_GROUP) { 1774 wcid = 0; /* NB: update WCID0 for group keys */ 1775 base = MTW_SKEY(0, k->k_id); 1776 } else { 1777 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0; 1778 base = MTW_PKEY(wcid); 1779 } 1780 1781 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1782 mtw_write_region_1(sc, base, k->k_key, 16); 1783 mtw_write_region_1(sc, base + 16, &k->k_key[24], 8); 1784 mtw_write_region_1(sc, base + 24, &k->k_key[16], 8); 1785 } else { 1786 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 1787 mtw_write_region_1(sc, base, k->k_key, (k->k_len + 1) & ~1); 1788 } 1789 1790 if (!(k->k_flags & IEEE80211_KEY_GROUP) || 1791 (k->k_flags & IEEE80211_KEY_TX)) { 1792 /* set initial packet number in IV+EIV */ 1793 if (k->k_cipher == IEEE80211_CIPHER_WEP40 || 1794 k->k_cipher == IEEE80211_CIPHER_WEP104) { 1795 memset(iv, 0, sizeof iv); 1796 iv[3] = sc->sc_ic.ic_def_txkey << 6; 1797 } else { 1798 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1799 iv[0] = k->k_tsc >> 8; 1800 iv[1] = (iv[0] | 0x20) & 0x7f; 1801 iv[2] = k->k_tsc; 1802 } else /* CCMP */ { 1803 iv[0] = k->k_tsc; 1804 iv[1] = k->k_tsc >> 8; 1805 iv[2] = 0; 1806 } 1807 iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1808 iv[4] = k->k_tsc >> 16; 1809 iv[5] = k->k_tsc >> 24; 1810 iv[6] = k->k_tsc >> 32; 1811 iv[7] = k->k_tsc >> 40; 1812 } 1813 mtw_write_region_1(sc, MTW_IVEIV(wcid), iv, 8); 1814 } 1815 1816 if (k->k_flags & IEEE80211_KEY_GROUP) { 1817 /* install group key */ 1818 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr); 1819 attr &= ~(0xf << (k->k_id * 4)); 1820 attr |= mode << (k->k_id * 4); 1821 mtw_write(sc, MTW_SKEY_MODE_0_7, attr); 1822 1823 if (k->k_cipher & (IEEE80211_CIPHER_WEP104 | 1824 IEEE80211_CIPHER_WEP40)) { 1825 mtw_read(sc, MTW_WCID_ATTR(wcid + 1), &attr); 1826 attr = (attr & ~0xf) | (mode << 1); 1827 mtw_write(sc, MTW_WCID_ATTR(wcid + 1), attr); 1828 1829 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 4); 1830 1831 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1832 attr = (attr & ~0xf) | (mode << 1); 1833 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1834 } 1835 } else { 1836 /* install pairwise key */ 1837 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1838 attr = (attr & ~0xf) | (mode << 1) | MTW_RX_PKEY_EN; 1839 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1840 } 1841 1842 if (sc->sc_key_tasks == 0) { 1843 if (cmd->ni != NULL) 1844 cmd->ni->ni_port_valid = 1; 1845 ieee80211_set_link_state(ic, LINK_STATE_UP); 1846 } 1847 } 1848 1849 void 1850 mtw_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1851 struct ieee80211_key *k) 1852 { 1853 struct mtw_softc *sc = ic->ic_softc; 1854 struct mtw_cmd_key cmd; 1855 1856 if (!(ic->ic_if.if_flags & IFF_RUNNING) || 1857 ic->ic_state != IEEE80211_S_RUN) 1858 return; /* nothing to do */ 1859 1860 /* do it in a process context */ 1861 cmd.key = *k; 1862 cmd.ni = ni; 1863 mtw_do_async(sc, mtw_delete_key_cb, &cmd, sizeof cmd); 1864 } 1865 1866 void 1867 mtw_delete_key_cb(struct mtw_softc *sc, void *arg) 1868 { 1869 struct mtw_cmd_key *cmd = arg; 1870 struct ieee80211_key *k = &cmd->key; 1871 uint32_t attr; 1872 uint8_t wcid; 1873 1874 if (k->k_flags & IEEE80211_KEY_GROUP) { 1875 /* remove group key */ 1876 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr); 1877 attr &= ~(0xf << (k->k_id * 4)); 1878 mtw_write(sc, MTW_SKEY_MODE_0_7, attr); 1879 1880 } else { 1881 /* remove pairwise key */ 1882 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0; 1883 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1884 attr &= ~0xf; 1885 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1886 } 1887 } 1888 1889 void 1890 mtw_calibrate_to(void *arg) 1891 { 1892 /* do it in a process context */ 1893 mtw_do_async(arg, mtw_calibrate_cb, NULL, 0); 1894 /* next timeout will be rescheduled in the calibration task */ 1895 } 1896 1897 void 1898 mtw_calibrate_cb(struct mtw_softc *sc, void *arg) 1899 { 1900 struct ifnet *ifp = &sc->sc_ic.ic_if; 1901 uint32_t sta[3]; 1902 int s, error; 1903 1904 /* read statistic counters (clear on read) and update AMRR state */ 1905 error = mtw_read_region_1(sc, MTW_TX_STA_CNT0, (uint8_t *)sta, 1906 sizeof sta); 1907 if (error != 0) 1908 goto skip; 1909 1910 DPRINTF(("retrycnt=%d txcnt=%d failcnt=%d\n", 1911 letoh32(sta[1]) >> 16, letoh32(sta[1]) & 0xffff, 1912 letoh32(sta[0]) & 0xffff)); 1913 1914 s = splnet(); 1915 /* count failed TX as errors */ 1916 ifp->if_oerrors += letoh32(sta[0]) & 0xffff; 1917 1918 sc->amn.amn_retrycnt = 1919 (letoh32(sta[0]) & 0xffff) + /* failed TX count */ 1920 (letoh32(sta[1]) >> 16); /* TX retransmission count */ 1921 1922 sc->amn.amn_txcnt = 1923 sc->amn.amn_retrycnt + 1924 (letoh32(sta[1]) & 0xffff); /* successful TX count */ 1925 1926 ieee80211_amrr_choose(&sc->amrr, sc->sc_ic.ic_bss, &sc->amn); 1927 1928 splx(s); 1929 skip: 1930 if (!usbd_is_dying(sc->sc_udev)) 1931 timeout_add_sec(&sc->calib_to, 1); 1932 } 1933 1934 void 1935 mtw_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1936 { 1937 struct mtw_softc *sc = ic->ic_softc; 1938 struct mtw_node *mn = (void *)ni; 1939 struct ieee80211_rateset *rs = &ni->ni_rates; 1940 uint8_t rate; 1941 int ridx, i, j; 1942 1943 DPRINTF(("new assoc isnew=%d addr=%s\n", 1944 isnew, ether_sprintf(ni->ni_macaddr))); 1945 1946 ieee80211_amrr_node_init(&sc->amrr, &sc->amn); 1947 1948 /* start at lowest available bit-rate, AMRR will raise */ 1949 ni->ni_txrate = 0; 1950 1951 for (i = 0; i < rs->rs_nrates; i++) { 1952 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 1953 /* convert 802.11 rate to hardware rate index */ 1954 for (ridx = 0; ridx < MTW_RIDX_MAX; ridx++) 1955 if (rt2860_rates[ridx].rate == rate) 1956 break; 1957 mn->ridx[i] = ridx; 1958 /* determine rate of control response frames */ 1959 for (j = i; j >= 0; j--) { 1960 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 1961 rt2860_rates[mn->ridx[i]].phy == 1962 rt2860_rates[mn->ridx[j]].phy) 1963 break; 1964 } 1965 if (j >= 0) { 1966 mn->ctl_ridx[i] = mn->ridx[j]; 1967 } else { 1968 /* no basic rate found, use mandatory one */ 1969 mn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 1970 } 1971 DPRINTF(("rate=0x%02x ridx=%d ctl_ridx=%d\n", 1972 rs->rs_rates[i], mn->ridx[i], mn->ctl_ridx[i])); 1973 } 1974 } 1975 1976 /* 1977 * Return the Rx chain with the highest RSSI for a given frame. 1978 */ 1979 static __inline uint8_t 1980 mtw_maxrssi_chain(struct mtw_softc *sc, const struct mtw_rxwi *rxwi) 1981 { 1982 uint8_t rxchain = 0; 1983 1984 if (sc->nrxchains > 1) { 1985 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 1986 rxchain = 1; 1987 } 1988 return rxchain; 1989 } 1990 1991 void 1992 mtw_rx_frame(struct mtw_softc *sc, uint8_t *buf, int dmalen, 1993 struct mbuf_list *ml) 1994 { 1995 struct ieee80211com *ic = &sc->sc_ic; 1996 struct ifnet *ifp = &ic->ic_if; 1997 struct ieee80211_frame *wh; 1998 struct ieee80211_rxinfo rxi; 1999 struct ieee80211_node *ni; 2000 struct mtw_rxwi *rxwi; 2001 struct mbuf *m; 2002 uint32_t flags; 2003 uint16_t len; 2004 #if NBPFILTER > 0 2005 uint16_t phy; 2006 #endif 2007 uint16_t rxwisize; 2008 uint8_t ant, rssi; 2009 int s; 2010 2011 /* Rx Wireless Information */ 2012 rxwi = (struct mtw_rxwi *)(buf); 2013 rxwisize = sizeof(struct mtw_rxwi); 2014 len = letoh16(rxwi->len) & 0xfff; 2015 2016 if (__predict_false(len > dmalen)) { 2017 DPRINTF(("bad RXWI length %u > %u\n", len, dmalen)); 2018 return; 2019 } 2020 if (len > MCLBYTES) { 2021 DPRINTF(("frame too large (length=%d)\n", len)); 2022 ifp->if_ierrors++; 2023 return; 2024 } 2025 2026 flags = letoh32(rxwi->flags); 2027 if (__predict_false(flags & (MTW_RX_CRCERR | MTW_RX_ICVERR))) { 2028 ifp->if_ierrors++; 2029 return; 2030 } 2031 if (__predict_false((flags & MTW_RX_MICERR))) { 2032 /* report MIC failures to net80211 for TKIP */ 2033 ic->ic_stats.is_rx_locmicfail++; 2034 ieee80211_michael_mic_failure(ic, 0/* XXX */); 2035 ifp->if_ierrors++; 2036 return; 2037 } 2038 2039 wh = (struct ieee80211_frame *)(buf + rxwisize); 2040 memset(&rxi, 0, sizeof(rxi)); 2041 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2042 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2043 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 2044 } 2045 2046 if (flags & MTW_RX_L2PAD) { 2047 u_int hdrlen = ieee80211_get_hdrlen(wh); 2048 memmove((caddr_t)wh + 2, wh, hdrlen); 2049 wh = (struct ieee80211_frame *)((caddr_t)wh + 2); 2050 } 2051 2052 /* could use m_devget but net80211 wants contig mgmt frames */ 2053 MGETHDR(m, M_DONTWAIT, MT_DATA); 2054 if (__predict_false(m == NULL)) { 2055 ifp->if_ierrors++; 2056 return; 2057 } 2058 if (len > MHLEN) { 2059 MCLGET(m, M_DONTWAIT); 2060 if (__predict_false(!(m->m_flags & M_EXT))) { 2061 ifp->if_ierrors++; 2062 m_freem(m); 2063 return; 2064 } 2065 } 2066 /* finalize mbuf */ 2067 memcpy(mtod(m, caddr_t), wh, len); 2068 m->m_pkthdr.len = m->m_len = len; 2069 2070 ant = mtw_maxrssi_chain(sc, rxwi); 2071 rssi = rxwi->rssi[ant]; 2072 2073 #if NBPFILTER > 0 2074 if (__predict_false(sc->sc_drvbpf != NULL)) { 2075 struct mtw_rx_radiotap_header *tap = &sc->sc_rxtap; 2076 struct mbuf mb; 2077 2078 tap->wr_flags = 0; 2079 tap->wr_chan_freq = htole16(ic->ic_ibss_chan->ic_freq); 2080 tap->wr_chan_flags = htole16(ic->ic_ibss_chan->ic_flags); 2081 tap->wr_antsignal = rssi; 2082 tap->wr_antenna = ant; 2083 tap->wr_dbm_antsignal = mtw_rssi2dbm(sc, rssi, ant); 2084 tap->wr_rate = 2; /* in case it can't be found below */ 2085 phy = letoh16(rxwi->phy); 2086 switch (phy >> MT7601_PHY_SHIFT) { 2087 case MTW_PHY_CCK: 2088 switch ((phy & MTW_PHY_MCS) & ~MTW_PHY_SHPRE) { 2089 case 0: tap->wr_rate = 2; break; 2090 case 1: tap->wr_rate = 4; break; 2091 case 2: tap->wr_rate = 11; break; 2092 case 3: tap->wr_rate = 22; break; 2093 } 2094 if (phy & MTW_PHY_SHPRE) 2095 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2096 break; 2097 case MTW_PHY_OFDM: 2098 switch (phy & MTW_PHY_MCS) { 2099 case 0: tap->wr_rate = 12; break; 2100 case 1: tap->wr_rate = 18; break; 2101 case 2: tap->wr_rate = 24; break; 2102 case 3: tap->wr_rate = 36; break; 2103 case 4: tap->wr_rate = 48; break; 2104 case 5: tap->wr_rate = 72; break; 2105 case 6: tap->wr_rate = 96; break; 2106 case 7: tap->wr_rate = 108; break; 2107 } 2108 break; 2109 } 2110 mb.m_data = (caddr_t)tap; 2111 mb.m_len = sc->sc_rxtap_len; 2112 mb.m_next = m; 2113 mb.m_nextpkt = NULL; 2114 mb.m_type = 0; 2115 mb.m_flags = 0; 2116 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 2117 } 2118 #endif 2119 2120 s = splnet(); 2121 ni = ieee80211_find_rxnode(ic, wh); 2122 rxi.rxi_rssi = rssi; 2123 ieee80211_inputm(ifp, m, ni, &rxi, ml); 2124 2125 /* node is no longer needed */ 2126 ieee80211_release_node(ic, ni); 2127 splx(s); 2128 } 2129 2130 void 2131 mtw_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) 2132 { 2133 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 2134 struct mtw_rx_data *data = priv; 2135 struct mtw_softc *sc = data->sc; 2136 uint8_t *buf; 2137 uint32_t dmalen; 2138 int xferlen; 2139 2140 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 2141 DPRINTF(("RX status=%d\n", status)); 2142 if (status == USBD_STALLED) 2143 usbd_clear_endpoint_stall_async(sc->rxq[0].pipeh); 2144 if (status != USBD_CANCELLED) 2145 goto skip; 2146 return; 2147 } 2148 2149 usbd_get_xfer_status(xfer, NULL, NULL, &xferlen, NULL); 2150 2151 if (__predict_false(xferlen < sizeof(uint32_t) + 2152 sizeof (struct mtw_rxwi) + sizeof(struct mtw_rxd))) { 2153 DPRINTF(("RX xfer too short %d\n", xferlen)); 2154 goto skip; 2155 } 2156 2157 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2158 buf = data->buf; 2159 while (xferlen > 8) { 2160 dmalen = letoh32(*(uint32_t *)buf) & MTW_RXD_LEN; 2161 if (__predict_false(dmalen == 0 || (dmalen & 3) != 0)) { 2162 DPRINTF(("bad DMA length %u\n", dmalen)); 2163 break; 2164 } 2165 if (__predict_false(dmalen + 8 > xferlen)) { 2166 DPRINTF(("bad DMA length %u > %d\n", 2167 dmalen + 8, xferlen)); 2168 break; 2169 } 2170 mtw_rx_frame(sc, buf + sizeof(struct mtw_rxd), dmalen, &ml); 2171 buf += dmalen + 8; 2172 xferlen -= dmalen + 8; 2173 } 2174 if_input(&sc->sc_ic.ic_if, &ml); 2175 2176 skip: /* setup a new transfer */ 2177 usbd_setup_xfer(xfer, sc->rxq[0].pipeh, data, data->buf, MTW_MAX_RXSZ, 2178 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, mtw_rxeof); 2179 (void)usbd_transfer(data->xfer); 2180 } 2181 2182 void 2183 mtw_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status) 2184 { 2185 struct mtw_tx_data *data = priv; 2186 struct mtw_softc *sc = data->sc; 2187 struct mtw_tx_ring *txq = &sc->txq[data->qid]; 2188 struct ifnet *ifp = &sc->sc_ic.ic_if; 2189 int s; 2190 2191 if (usbd_is_dying(sc->sc_udev)) 2192 return; 2193 2194 s = splnet(); 2195 txq->queued--; 2196 sc->qfullmsk &= ~(1 << data->qid); 2197 2198 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 2199 DPRINTF(("TX status=%d\n", status)); 2200 if (status == USBD_STALLED) 2201 usbd_clear_endpoint_stall_async(txq->pipeh); 2202 ifp->if_oerrors++; 2203 splx(s); 2204 return; 2205 } 2206 2207 sc->sc_tx_timer = 0; 2208 2209 if (ifq_is_oactive(&ifp->if_snd)) { 2210 ifq_clr_oactive(&ifp->if_snd); 2211 mtw_start(ifp); 2212 } 2213 2214 splx(s); 2215 } 2216 2217 int 2218 mtw_tx(struct mtw_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2219 { 2220 struct ieee80211com *ic = &sc->sc_ic; 2221 struct mtw_node *mn = (void *)ni; 2222 struct ieee80211_frame *wh; 2223 struct mtw_tx_ring *ring; 2224 struct mtw_tx_data *data; 2225 struct mtw_txd *txd; 2226 struct mtw_txwi *txwi; 2227 uint16_t qos, dur; 2228 uint16_t txwisize; 2229 uint8_t type, mcs, tid, qid; 2230 int error, hasqos, ridx, ctl_ridx, xferlen; 2231 2232 wh = mtod(m, struct ieee80211_frame *); 2233 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2234 2235 /* select queue */ 2236 if ((hasqos = ieee80211_has_qos(wh))) { 2237 qos = ieee80211_get_qos(wh); 2238 tid = qos & IEEE80211_QOS_TID; 2239 qid = ieee80211_up_to_ac(ic, tid); 2240 } else { 2241 qos = 0; 2242 tid = 0; 2243 qid = EDCA_AC_BE; 2244 } 2245 2246 /* management frames go to MCU queue */ 2247 if (type == IEEE80211_FC0_TYPE_MGT) 2248 qid = MTW_TXQ_MCU; 2249 2250 ring = &sc->txq[qid]; 2251 data = &ring->data[ring->cur]; 2252 2253 /* pickup a rate index */ 2254 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2255 type != IEEE80211_FC0_TYPE_DATA) { 2256 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2257 MTW_RIDX_OFDM6 : MTW_RIDX_CCK1; 2258 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2259 } else if (ic->ic_fixed_rate != -1) { 2260 ridx = sc->fixed_ridx; 2261 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2262 } else { 2263 ridx = mn->ridx[ni->ni_txrate]; 2264 ctl_ridx = mn->ctl_ridx[ni->ni_txrate]; 2265 } 2266 2267 txwisize = sizeof(struct mtw_txwi); 2268 xferlen = txwisize + m->m_pkthdr.len; 2269 2270 /* roundup to 32-bit alignment */ 2271 xferlen = (xferlen + 3) & ~3; 2272 2273 /* setup TX descriptor */ 2274 txd = (struct mtw_txd *)data->buf; 2275 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_80211 | 2276 MTW_TXD_WLAN | MTW_TXD_QSEL_EDCA); 2277 2278 if (type != IEEE80211_FC0_TYPE_DATA) 2279 txd->flags |= htole16(MTW_TXD_WIV); 2280 txd->len = htole16(xferlen); 2281 xferlen += sizeof(struct mtw_txd); 2282 2283 /* get MCS code from rate index */ 2284 mcs = rt2860_rates[ridx].mcs; 2285 2286 /* setup TX Wireless Information */ 2287 txwi = (struct mtw_txwi *)(txd + 1); 2288 txwi->flags = 0; 2289 txwi->xflags = hasqos ? 0 : MTW_TX_NSEQ; 2290 txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ? 2291 MTW_AID2WCID(ni->ni_associd) : 0xff; 2292 txwi->len = htole16(m->m_pkthdr.len); 2293 txwi->txop = MTW_TX_TXOP_BACKOFF; 2294 2295 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2296 txwi->phy = htole16(MTW_PHY_CCK << MT7601_PHY_SHIFT); 2297 if (ridx != MTW_RIDX_CCK1 && 2298 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2299 mcs |= MTW_PHY_SHPRE; 2300 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 2301 txwi->phy = htole16(MTW_PHY_OFDM << MT7601_PHY_SHIFT); 2302 txwi->phy |= htole16(mcs); 2303 2304 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2305 (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 2306 IEEE80211_QOS_ACK_POLICY_NOACK)) { 2307 txwi->xflags |= MTW_TX_ACK; 2308 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2309 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 2310 else 2311 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 2312 *(uint16_t *)wh->i_dur = htole16(dur); 2313 } 2314 2315 #if NBPFILTER > 0 2316 if (__predict_false(sc->sc_drvbpf != NULL)) { 2317 struct mtw_tx_radiotap_header *tap = &sc->sc_txtap; 2318 struct mbuf mb; 2319 2320 tap->wt_flags = 0; 2321 tap->wt_rate = rt2860_rates[ridx].rate; 2322 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 2323 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 2324 if (mcs & MTW_PHY_SHPRE) 2325 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2326 2327 mb.m_data = (caddr_t)tap; 2328 mb.m_len = sc->sc_txtap_len; 2329 mb.m_next = m; 2330 mb.m_nextpkt = NULL; 2331 mb.m_type = 0; 2332 mb.m_flags = 0; 2333 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 2334 } 2335 #endif 2336 /* copy payload */ 2337 m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)txwi + txwisize); 2338 m_freem(m); 2339 2340 /* 4-byte pad */ 2341 memset(data->buf + xferlen, 0, MTW_DMA_PAD); 2342 xferlen += MTW_DMA_PAD; 2343 2344 usbd_setup_xfer(data->xfer, ring->pipeh, data, data->buf, 2345 xferlen, USBD_FORCE_SHORT_XFER | USBD_NO_COPY, 2346 MTW_TX_TIMEOUT, mtw_txeof); 2347 error = usbd_transfer(data->xfer); 2348 if (__predict_false(error != USBD_IN_PROGRESS && error != 0)) 2349 return error; 2350 2351 ieee80211_release_node(ic, ni); 2352 2353 ring->cur = (ring->cur + 1) % MTW_TX_RING_COUNT; 2354 if (++ring->queued >= MTW_TX_RING_COUNT) 2355 sc->qfullmsk |= 1 << qid; 2356 return 0; 2357 } 2358 2359 void 2360 mtw_start(struct ifnet *ifp) 2361 { 2362 struct mtw_softc *sc = ifp->if_softc; 2363 struct ieee80211com *ic = &sc->sc_ic; 2364 struct ieee80211_node *ni; 2365 struct mbuf *m; 2366 2367 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 2368 return; 2369 2370 for (;;) { 2371 if (sc->qfullmsk != 0) { 2372 ifq_set_oactive(&ifp->if_snd); 2373 break; 2374 } 2375 2376 /* send pending management frames first */ 2377 m = mq_dequeue(&ic->ic_mgtq); 2378 if (m != NULL) { 2379 ni = m->m_pkthdr.ph_cookie; 2380 goto sendit; 2381 } 2382 if (ic->ic_state != IEEE80211_S_RUN) 2383 break; 2384 2385 /* encapsulate and send data frames */ 2386 m = ifq_dequeue(&ifp->if_snd); 2387 if (m == NULL) 2388 break; 2389 #if NBPFILTER > 0 2390 if (ifp->if_bpf != NULL) 2391 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 2392 #endif 2393 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 2394 continue; 2395 sendit: 2396 #if NBPFILTER > 0 2397 if (ic->ic_rawbpf != NULL) 2398 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 2399 #endif 2400 if (mtw_tx(sc, m, ni) != 0) { 2401 ieee80211_release_node(ic, ni); 2402 ifp->if_oerrors++; 2403 continue; 2404 } 2405 2406 sc->sc_tx_timer = 5; 2407 ifp->if_timer = 1; 2408 } 2409 } 2410 2411 void 2412 mtw_watchdog(struct ifnet *ifp) 2413 { 2414 struct mtw_softc *sc = ifp->if_softc; 2415 2416 ifp->if_timer = 0; 2417 2418 if (sc->sc_tx_timer > 0) { 2419 if (--sc->sc_tx_timer == 0) { 2420 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 2421 /* mtw_init(ifp); XXX needs a process context! */ 2422 ifp->if_oerrors++; 2423 return; 2424 } 2425 ifp->if_timer = 1; 2426 } 2427 2428 ieee80211_watchdog(ifp); 2429 } 2430 2431 int 2432 mtw_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2433 { 2434 struct mtw_softc *sc = ifp->if_softc; 2435 struct ieee80211com *ic = &sc->sc_ic; 2436 int s, error = 0; 2437 2438 if (usbd_is_dying(sc->sc_udev)) 2439 return ENXIO; 2440 2441 usbd_ref_incr(sc->sc_udev); 2442 2443 s = splnet(); 2444 2445 switch (cmd) { 2446 case SIOCSIFADDR: 2447 ifp->if_flags |= IFF_UP; 2448 /* FALLTHROUGH */ 2449 case SIOCSIFFLAGS: 2450 if (ifp->if_flags & IFF_UP) { 2451 if (!(ifp->if_flags & IFF_RUNNING)) 2452 mtw_init(ifp); 2453 } else { 2454 if (ifp->if_flags & IFF_RUNNING) 2455 mtw_stop(ifp, 1); 2456 } 2457 break; 2458 2459 case SIOCS80211CHANNEL: 2460 /* 2461 * This allows for fast channel switching in monitor mode 2462 * (used by kismet). 2463 */ 2464 error = ieee80211_ioctl(ifp, cmd, data); 2465 if (error == ENETRESET && 2466 ic->ic_opmode == IEEE80211_M_MONITOR) { 2467 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2468 (IFF_UP | IFF_RUNNING)) 2469 mtw_set_chan(sc, ic->ic_ibss_chan); 2470 error = 0; 2471 } 2472 break; 2473 2474 default: 2475 error = ieee80211_ioctl(ifp, cmd, data); 2476 } 2477 2478 if (error == ENETRESET) { 2479 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2480 (IFF_UP | IFF_RUNNING)) { 2481 mtw_stop(ifp, 0); 2482 error = mtw_init(ifp); 2483 } else 2484 error = 0; 2485 } 2486 splx(s); 2487 2488 usbd_ref_decr(sc->sc_udev); 2489 2490 return error; 2491 } 2492 2493 void 2494 mtw_select_chan_group(struct mtw_softc *sc, int group) 2495 { 2496 uint32_t tmp; 2497 uint8_t bbp; 2498 2499 /* Tx band 20MHz 2G */ 2500 mtw_read(sc, MTW_TX_BAND_CFG, &tmp); 2501 tmp &= ~(MTW_TX_BAND_SEL_2G | MTW_TX_BAND_SEL_5G | 2502 MTW_TX_BAND_UPPER_40M); 2503 tmp |= (group == 0) ? MTW_TX_BAND_SEL_2G : MTW_TX_BAND_SEL_5G; 2504 mtw_write(sc, MTW_TX_BAND_CFG, tmp); 2505 2506 /* select 20 MHz bandwidth */ 2507 mtw_bbp_read(sc, 4, &bbp); 2508 bbp &= ~0x18; 2509 bbp |= 0x40; 2510 mtw_bbp_write(sc, 4, bbp); 2511 2512 /* calibrate BBP */ 2513 mtw_bbp_write(sc, 69, 0x12); 2514 mtw_bbp_write(sc, 91, 0x07); 2515 mtw_bbp_write(sc, 195, 0x23); 2516 mtw_bbp_write(sc, 196, 0x17); 2517 mtw_bbp_write(sc, 195, 0x24); 2518 mtw_bbp_write(sc, 196, 0x06); 2519 mtw_bbp_write(sc, 195, 0x81); 2520 mtw_bbp_write(sc, 196, 0x12); 2521 mtw_bbp_write(sc, 195, 0x83); 2522 mtw_bbp_write(sc, 196, 0x17); 2523 mtw_rf_write(sc, 5, 8, 0x00); 2524 mtw_mcu_calibrate(sc, 0x6, 0x10001); 2525 2526 /* set initial AGC value */ 2527 mt7601_set_agc(sc, 0x14); 2528 } 2529 2530 void 2531 mt7601_set_agc(struct mtw_softc *sc, uint8_t agc) 2532 { 2533 uint8_t bbp; 2534 2535 mtw_bbp_write(sc, 66, agc); 2536 mtw_bbp_write(sc, 195, 0x87); 2537 bbp = (agc & 0xf0) | 0x08; 2538 mtw_bbp_write(sc, 196, bbp); 2539 } 2540 2541 void 2542 mt7601_set_chan(struct mtw_softc *sc, u_int chan) 2543 { 2544 uint32_t tmp; 2545 uint8_t bbp, rf, txpow1; 2546 int i; 2547 2548 /* find the settings for this channel */ 2549 for (i = 0; mt7601_rf_chan[i].chan != chan; i++) 2550 ; 2551 2552 mtw_rf_write(sc, 0, 17, mt7601_rf_chan[i].r17); 2553 mtw_rf_write(sc, 0, 18, mt7601_rf_chan[i].r18); 2554 mtw_rf_write(sc, 0, 19, mt7601_rf_chan[i].r19); 2555 mtw_rf_write(sc, 0, 20, mt7601_rf_chan[i].r20); 2556 2557 /* use Tx power values from EEPROM */ 2558 txpow1 = sc->txpow1[i]; 2559 2560 /* Tx automatic level control */ 2561 mtw_read(sc, MTW_TX_ALC_CFG0, &tmp); 2562 tmp &= ~0x3f3f; 2563 tmp |= (txpow1 & 0x3f); 2564 mtw_write(sc, MTW_TX_ALC_CFG0, tmp); 2565 2566 /* LNA */ 2567 mtw_bbp_write(sc, 62, 0x37 - sc->lna[0]); 2568 mtw_bbp_write(sc, 63, 0x37 - sc->lna[0]); 2569 mtw_bbp_write(sc, 64, 0x37 - sc->lna[0]); 2570 2571 /* VCO calibration */ 2572 mtw_rf_write(sc, 0, 4, 0x0a); 2573 mtw_rf_write(sc, 0, 5, 0x20); 2574 mtw_rf_read(sc, 0, 4, &rf); 2575 mtw_rf_write(sc, 0, 4, rf | 0x80); 2576 2577 /* select 20 MHz bandwidth */ 2578 mtw_bbp_read(sc, 4, &bbp); 2579 bbp &= ~0x18; 2580 bbp |= 0x40; 2581 mtw_bbp_write(sc, 4, bbp); 2582 mtw_bbp_write(sc, 178, 0xff); 2583 } 2584 2585 int 2586 mtw_set_chan(struct mtw_softc *sc, struct ieee80211_channel *c) 2587 { 2588 struct ieee80211com *ic = &sc->sc_ic; 2589 u_int chan, group; 2590 2591 chan = ieee80211_chan2ieee(ic, c); 2592 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 2593 return EINVAL; 2594 2595 /* determine channel group */ 2596 if (chan <= 14) 2597 group = 0; 2598 else if (chan <= 64) 2599 group = 1; 2600 else if (chan <= 128) 2601 group = 2; 2602 else 2603 group = 3; 2604 2605 if (group != sc->sc_chan_group || !sc->sc_bw_calibrated) 2606 mtw_select_chan_group(sc, group); 2607 2608 sc->sc_chan_group = group; 2609 2610 /* chipset specific */ 2611 if (sc->mac_ver == 0x7601) 2612 mt7601_set_chan(sc, chan); 2613 2614 DELAY(1000); 2615 return 0; 2616 } 2617 2618 void 2619 mtw_enable_tsf_sync(struct mtw_softc *sc) 2620 { 2621 struct ieee80211com *ic = &sc->sc_ic; 2622 uint32_t tmp; 2623 2624 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp); 2625 tmp &= ~0x1fffff; 2626 tmp |= ic->ic_bss->ni_intval * 16; 2627 tmp |= MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN; 2628 2629 /* local TSF is always updated with remote TSF on beacon reception */ 2630 tmp |= 1 << MTW_TSF_SYNC_MODE_SHIFT; 2631 mtw_write(sc, MTW_BCN_TIME_CFG, tmp); 2632 } 2633 2634 void 2635 mtw_abort_tsf_sync(struct mtw_softc *sc) 2636 { 2637 uint32_t tmp; 2638 2639 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp); 2640 tmp &= ~(MTW_BCN_TX_EN | MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN); 2641 mtw_write(sc, MTW_BCN_TIME_CFG, tmp); 2642 } 2643 2644 void 2645 mtw_enable_mrr(struct mtw_softc *sc) 2646 { 2647 #define CCK(mcs) (mcs) 2648 #define OFDM(mcs) (1 << 3 | (mcs)) 2649 mtw_write(sc, MTW_LG_FBK_CFG0, 2650 OFDM(6) << 28 | /* 54->48 */ 2651 OFDM(5) << 24 | /* 48->36 */ 2652 OFDM(4) << 20 | /* 36->24 */ 2653 OFDM(3) << 16 | /* 24->18 */ 2654 OFDM(2) << 12 | /* 18->12 */ 2655 OFDM(1) << 8 | /* 12-> 9 */ 2656 OFDM(0) << 4 | /* 9-> 6 */ 2657 OFDM(0)); /* 6-> 6 */ 2658 2659 mtw_write(sc, MTW_LG_FBK_CFG1, 2660 CCK(2) << 12 | /* 11->5.5 */ 2661 CCK(1) << 8 | /* 5.5-> 2 */ 2662 CCK(0) << 4 | /* 2-> 1 */ 2663 CCK(0)); /* 1-> 1 */ 2664 #undef OFDM 2665 #undef CCK 2666 } 2667 2668 void 2669 mtw_set_txrts(struct mtw_softc *sc) 2670 { 2671 uint32_t tmp; 2672 2673 /* set RTS threshold */ 2674 mtw_read(sc, MTW_TX_RTS_CFG, &tmp); 2675 tmp &= ~0xffff00; 2676 tmp |= 0x1000 << MTW_RTS_THRES_SHIFT; 2677 mtw_write(sc, MTW_TX_RTS_CFG, tmp); 2678 } 2679 2680 void 2681 mtw_set_txpreamble(struct mtw_softc *sc) 2682 { 2683 uint32_t tmp; 2684 2685 mtw_read(sc, MTW_AUTO_RSP_CFG, &tmp); 2686 if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE) 2687 tmp |= MTW_CCK_SHORT_EN; 2688 else 2689 tmp &= ~MTW_CCK_SHORT_EN; 2690 mtw_write(sc, MTW_AUTO_RSP_CFG, tmp); 2691 } 2692 2693 void 2694 mtw_set_basicrates(struct mtw_softc *sc) 2695 { 2696 struct ieee80211com *ic = &sc->sc_ic; 2697 2698 /* set basic rates mask */ 2699 if (ic->ic_curmode == IEEE80211_MODE_11B) 2700 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x003); 2701 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2702 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x150); 2703 else /* 11g */ 2704 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x17f); 2705 } 2706 2707 void 2708 mtw_set_leds(struct mtw_softc *sc, uint16_t which) 2709 { 2710 struct mtw_mcu_cmd_8 cmd; 2711 2712 cmd.func = htole32(0x1); 2713 cmd.val = htole32(which); 2714 mtw_mcu_cmd(sc, 16, &cmd, sizeof(struct mtw_mcu_cmd_8)); 2715 } 2716 2717 void 2718 mtw_set_bssid(struct mtw_softc *sc, const uint8_t *bssid) 2719 { 2720 mtw_write(sc, MTW_MAC_BSSID_DW0, 2721 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 2722 mtw_write(sc, MTW_MAC_BSSID_DW1, 2723 bssid[4] | bssid[5] << 8); 2724 } 2725 2726 void 2727 mtw_set_macaddr(struct mtw_softc *sc, const uint8_t *addr) 2728 { 2729 mtw_write(sc, MTW_MAC_ADDR_DW0, 2730 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 2731 mtw_write(sc, MTW_MAC_ADDR_DW1, 2732 addr[4] | addr[5] << 8 | 0xff << 16); 2733 } 2734 2735 #if NBPFILTER > 0 2736 int8_t 2737 mtw_rssi2dbm(struct mtw_softc *sc, uint8_t rssi, uint8_t rxchain) 2738 { 2739 struct ieee80211com *ic = &sc->sc_ic; 2740 struct ieee80211_channel *c = ic->ic_ibss_chan; 2741 int delta; 2742 2743 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2744 u_int chan = ieee80211_chan2ieee(ic, c); 2745 delta = sc->rssi_5ghz[rxchain]; 2746 2747 /* determine channel group */ 2748 if (chan <= 64) 2749 delta -= sc->lna[1]; 2750 else if (chan <= 128) 2751 delta -= sc->lna[2]; 2752 else 2753 delta -= sc->lna[3]; 2754 } else 2755 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 2756 2757 return -12 - delta - rssi; 2758 } 2759 #endif 2760 2761 int 2762 mt7601_bbp_init(struct mtw_softc *sc) 2763 { 2764 uint8_t bbp; 2765 int i, error, ntries; 2766 2767 /* wait for BBP to wake up */ 2768 for (ntries = 0; ntries < 20; ntries++) { 2769 if ((error = mtw_bbp_read(sc, 0, &bbp)) != 0) 2770 return error; 2771 if (bbp != 0 && bbp != 0xff) 2772 break; 2773 } 2774 2775 if (ntries == 20) 2776 return ETIMEDOUT; 2777 2778 mtw_bbp_read(sc, 3, &bbp); 2779 mtw_bbp_write(sc, 3, 0); 2780 mtw_bbp_read(sc, 105, &bbp); 2781 mtw_bbp_write(sc, 105, 0); 2782 2783 /* initialize BBP registers to default values */ 2784 for (i = 0; i < nitems(mt7601_def_bbp); i++) { 2785 if ((error = mtw_bbp_write(sc, mt7601_def_bbp[i].reg, 2786 mt7601_def_bbp[i].val)) != 0) 2787 return error; 2788 } 2789 2790 sc->sc_bw_calibrated = 0; 2791 2792 return 0; 2793 } 2794 2795 int 2796 mt7601_rf_init(struct mtw_softc *sc) 2797 { 2798 int i, error; 2799 2800 /* RF bank 0 */ 2801 for (i = 0; i < nitems(mt7601_rf_bank0); i++) { 2802 error = mtw_rf_write(sc, 0, mt7601_rf_bank0[i].reg, 2803 mt7601_rf_bank0[i].val); 2804 if (error != 0) 2805 return error; 2806 } 2807 /* RF bank 4 */ 2808 for (i = 0; i < nitems(mt7601_rf_bank4); i++) { 2809 error = mtw_rf_write(sc, 4, mt7601_rf_bank4[i].reg, 2810 mt7601_rf_bank4[i].val); 2811 if (error != 0) 2812 return error; 2813 } 2814 /* RF bank 5 */ 2815 for (i = 0; i < nitems(mt7601_rf_bank5); i++) { 2816 error = mtw_rf_write(sc, 5, mt7601_rf_bank5[i].reg, 2817 mt7601_rf_bank5[i].val); 2818 if (error != 0) 2819 return error; 2820 } 2821 return 0; 2822 } 2823 2824 int 2825 mt7601_rf_setup(struct mtw_softc *sc) 2826 { 2827 uint32_t tmp; 2828 uint8_t rf; 2829 int error; 2830 2831 if (sc->sc_rf_calibrated) 2832 return 0; 2833 2834 /* init RF registers */ 2835 if ((error = mt7601_rf_init(sc)) != 0) 2836 return error; 2837 2838 /* init frequency offset */ 2839 mtw_rf_write(sc, 0, 12, sc->rf_freq_offset); 2840 mtw_rf_read(sc, 0, 12, &rf); 2841 2842 /* read temperature */ 2843 mt7601_rf_temperature(sc, &rf); 2844 sc->bbp_temp = rf; 2845 DPRINTF(("BBP temp 0x%x ", rf)); 2846 2847 mtw_rf_read(sc, 0, 7, &rf); 2848 if ((error = mtw_mcu_calibrate(sc, 0x1, 0)) != 0) 2849 return error; 2850 usbd_delay_ms(sc->sc_udev, 100); 2851 mtw_rf_read(sc, 0, 7, &rf); 2852 2853 /* Calibrate VCO RF 0/4 */ 2854 mtw_rf_write(sc, 0, 4, 0x0a); 2855 mtw_rf_write(sc, 0, 4, 0x20); 2856 mtw_rf_read(sc, 0, 4, &rf); 2857 mtw_rf_write(sc, 0, 4, rf | 0x80); 2858 2859 if ((error = mtw_mcu_calibrate(sc, 0x9, 0)) != 0) 2860 return error; 2861 if ((error = mt7601_rxdc_cal(sc)) != 0) 2862 return error; 2863 if ((error = mtw_mcu_calibrate(sc, 0x6, 1)) != 0) 2864 return error; 2865 if ((error = mtw_mcu_calibrate(sc, 0x6, 0)) != 0) 2866 return error; 2867 if ((error = mtw_mcu_calibrate(sc, 0x4, 0)) != 0) 2868 return error; 2869 if ((error = mtw_mcu_calibrate(sc, 0x5, 0)) != 0) 2870 return error; 2871 2872 mtw_read(sc, MTW_LDO_CFG0, &tmp); 2873 tmp &= ~(1 << 4); 2874 tmp |= (1 << 2); 2875 mtw_write(sc, MTW_LDO_CFG0, tmp); 2876 2877 if ((error = mtw_mcu_calibrate(sc, 0x8, 0)) != 0) 2878 return error; 2879 if ((error = mt7601_rxdc_cal(sc)) != 0) 2880 return error; 2881 2882 sc->sc_rf_calibrated = 1; 2883 return 0; 2884 } 2885 2886 int 2887 mt7601_rf_temperature(struct mtw_softc *sc, int8_t *val) 2888 { 2889 uint32_t rfb, rfs; 2890 uint8_t bbp; 2891 int ntries; 2892 2893 mtw_read(sc, MTW_RF_BYPASS0, &rfb); 2894 mtw_read(sc, MTW_RF_SETTING0, &rfs); 2895 mtw_write(sc, MTW_RF_BYPASS0, 0); 2896 mtw_write(sc, MTW_RF_SETTING0, 0x10); 2897 mtw_write(sc, MTW_RF_BYPASS0, 0x10); 2898 2899 mtw_bbp_read(sc, 47, &bbp); 2900 bbp &= ~0x7f; 2901 bbp |= 0x10; 2902 mtw_bbp_write(sc, 47, bbp); 2903 2904 mtw_bbp_write(sc, 22, 0x40); 2905 2906 for (ntries = 0; ntries < 10; ntries++) { 2907 mtw_bbp_read(sc, 47, &bbp); 2908 if ((bbp & 0x10) == 0) 2909 break; 2910 } 2911 if (ntries == 10) 2912 return ETIMEDOUT; 2913 2914 mt7601_r49_read(sc, MT7601_R47_TEMP, val); 2915 2916 mtw_bbp_write(sc, 22, 0); 2917 2918 mtw_bbp_read(sc, 21, &bbp); 2919 bbp |= 0x02; 2920 mtw_bbp_write(sc, 21, bbp); 2921 bbp &= ~0x02; 2922 mtw_bbp_write(sc, 21, bbp); 2923 2924 mtw_write(sc, MTW_RF_BYPASS0, 0); 2925 mtw_write(sc, MTW_RF_SETTING0, rfs); 2926 mtw_write(sc, MTW_RF_BYPASS0, rfb); 2927 return 0; 2928 } 2929 2930 int 2931 mt7601_r49_read(struct mtw_softc *sc, uint8_t flag, int8_t *val) 2932 { 2933 uint8_t bbp; 2934 2935 mtw_bbp_read(sc, 47, &bbp); 2936 bbp = 0x90; 2937 mtw_bbp_write(sc, 47, bbp); 2938 bbp &= ~0x0f; 2939 bbp |= flag; 2940 mtw_bbp_write(sc, 47, bbp); 2941 return mtw_bbp_read(sc, 49, val); 2942 } 2943 2944 int 2945 mt7601_rxdc_cal(struct mtw_softc *sc) 2946 { 2947 uint32_t tmp; 2948 uint8_t bbp; 2949 int ntries; 2950 2951 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp); 2952 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_RX_EN); 2953 mtw_bbp_write(sc, 158, 0x8d); 2954 mtw_bbp_write(sc, 159, 0xfc); 2955 mtw_bbp_write(sc, 158, 0x8c); 2956 mtw_bbp_write(sc, 159, 0x4c); 2957 2958 for (ntries = 0; ntries < 20; ntries++) { 2959 DELAY(300); 2960 mtw_bbp_write(sc, 158, 0x8c); 2961 mtw_bbp_read(sc, 159, &bbp); 2962 if (bbp == 0x0c) 2963 break; 2964 } 2965 2966 if (ntries == 20) 2967 return ETIMEDOUT; 2968 2969 mtw_write(sc, MTW_MAC_SYS_CTRL, 0); 2970 mtw_bbp_write(sc, 158, 0x8d); 2971 mtw_bbp_write(sc, 159, 0xe0); 2972 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp); 2973 return 0; 2974 } 2975 2976 int 2977 mtw_wlan_enable(struct mtw_softc *sc, int enable) 2978 { 2979 uint32_t tmp; 2980 int error = 0; 2981 2982 if (enable) { 2983 mtw_read(sc, MTW_WLAN_CTRL, &tmp); 2984 if (sc->asic_ver == 0x7612) 2985 tmp &= ~0xfffff000; 2986 2987 tmp &= ~MTW_WLAN_CLK_EN; 2988 tmp |= MTW_WLAN_EN; 2989 mtw_write(sc, MTW_WLAN_CTRL, tmp); 2990 usbd_delay_ms(sc->sc_udev, 2); 2991 2992 tmp |= MTW_WLAN_CLK_EN; 2993 if (sc->asic_ver == 0x7612) { 2994 tmp |= (MTW_WLAN_RESET | MTW_WLAN_RESET_RF); 2995 } 2996 mtw_write(sc, MTW_WLAN_CTRL, tmp); 2997 usbd_delay_ms(sc->sc_udev, 2); 2998 2999 mtw_read(sc, MTW_OSC_CTRL, &tmp); 3000 tmp |= MTW_OSC_EN; 3001 mtw_write(sc, MTW_OSC_CTRL, tmp); 3002 tmp |= MTW_OSC_CAL_REQ; 3003 mtw_write(sc, MTW_OSC_CTRL, tmp); 3004 } else { 3005 mtw_read(sc, MTW_WLAN_CTRL, &tmp); 3006 tmp &= ~(MTW_WLAN_CLK_EN | MTW_WLAN_EN); 3007 mtw_write(sc, MTW_WLAN_CTRL, tmp); 3008 3009 mtw_read(sc, MTW_OSC_CTRL, &tmp); 3010 tmp &= ~MTW_OSC_EN; 3011 mtw_write(sc, MTW_OSC_CTRL, tmp); 3012 } 3013 return error; 3014 } 3015 3016 int 3017 mtw_txrx_enable(struct mtw_softc *sc) 3018 { 3019 uint32_t tmp; 3020 int error, ntries; 3021 3022 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_TX_EN); 3023 for (ntries = 0; ntries < 200; ntries++) { 3024 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0) 3025 return error; 3026 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3027 break; 3028 DELAY(1000); 3029 } 3030 if (ntries == 200) 3031 return ETIMEDOUT; 3032 3033 DELAY(50); 3034 3035 tmp |= MTW_RX_DMA_EN | MTW_TX_DMA_EN | MTW_TX_WB_DDONE; 3036 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3037 3038 /* enable Rx bulk aggregation (set timeout and limit) */ 3039 tmp = MTW_USB_TX_EN | MTW_USB_RX_EN | MTW_USB_RX_AGG_EN | 3040 MTW_USB_RX_AGG_TO(128) | MTW_USB_RX_AGG_LMT(2); 3041 mtw_write(sc, MTW_USB_DMA_CFG, tmp); 3042 3043 /* set Rx filter */ 3044 tmp = MTW_DROP_CRC_ERR | MTW_DROP_PHY_ERR; 3045 if (sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR) { 3046 tmp |= MTW_DROP_UC_NOME | MTW_DROP_DUPL | 3047 MTW_DROP_CTS | MTW_DROP_BA | MTW_DROP_ACK | 3048 MTW_DROP_VER_ERR | MTW_DROP_CTRL_RSV | 3049 MTW_DROP_CFACK | MTW_DROP_CFEND; 3050 if (sc->sc_ic.ic_opmode == IEEE80211_M_STA) 3051 tmp |= MTW_DROP_RTS | MTW_DROP_PSPOLL; 3052 } 3053 mtw_write(sc, MTW_RX_FILTR_CFG, tmp); 3054 3055 mtw_write(sc, MTW_MAC_SYS_CTRL, 3056 MTW_MAC_RX_EN | MTW_MAC_TX_EN); 3057 return 0; 3058 } 3059 3060 int 3061 mtw_init(struct ifnet *ifp) 3062 { 3063 struct mtw_softc *sc = ifp->if_softc; 3064 struct ieee80211com *ic = &sc->sc_ic; 3065 uint32_t tmp; 3066 int i, error, ridx, ntries, qid; 3067 3068 if (usbd_is_dying(sc->sc_udev)) 3069 return ENXIO; 3070 3071 /* init Tx rings (4 EDCAs, 1 HCCA, 1 MGMT) */ 3072 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) { 3073 if ((error = mtw_alloc_tx_ring(sc, qid)) != 0) 3074 goto fail; 3075 } 3076 3077 /* init Rx ring */ 3078 if ((error = mtw_alloc_rx_ring(sc, 0)) != 0) 3079 goto fail; 3080 3081 /* init MCU Tx ring */ 3082 if ((error = mtw_alloc_mcu_ring(sc)) != 0) 3083 goto fail; 3084 3085 /* init host command ring */ 3086 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0; 3087 3088 for (ntries = 0; ntries < 100; ntries++) { 3089 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0) 3090 goto fail; 3091 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3092 break; 3093 DELAY(1000); 3094 } 3095 if (ntries == 100) { 3096 printf("%s: timeout waiting for DMA engine\n", 3097 sc->sc_dev.dv_xname); 3098 error = ETIMEDOUT; 3099 goto fail; 3100 } 3101 tmp &= 0xff0; 3102 tmp |= MTW_TX_WB_DDONE; 3103 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3104 3105 /* reset MAC and baseband */ 3106 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_BBP_HRST | MTW_MAC_SRST); 3107 mtw_write(sc, MTW_USB_DMA_CFG, 0); 3108 mtw_write(sc, MTW_MAC_SYS_CTRL, 0); 3109 3110 /* init MAC values */ 3111 if (sc->mac_ver == 0x7601) { 3112 for (i = 0; i < nitems(mt7601_def_mac); i++) 3113 mtw_write(sc, mt7601_def_mac[i].reg, 3114 mt7601_def_mac[i].val); 3115 } 3116 3117 /* wait while MAC is busy */ 3118 for (ntries = 0; ntries < 100; ntries++) { 3119 if ((error = mtw_read(sc, MTW_MAC_STATUS_REG, &tmp)) != 0) 3120 goto fail; 3121 if (!(tmp & (MTW_RX_STATUS_BUSY | MTW_TX_STATUS_BUSY))) 3122 break; 3123 DELAY(1000); 3124 } 3125 if (ntries == 100) { 3126 error = ETIMEDOUT; 3127 goto fail; 3128 } 3129 3130 /* set MAC address */ 3131 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 3132 mtw_set_macaddr(sc, ic->ic_myaddr); 3133 3134 /* clear WCID attribute table */ 3135 mtw_set_region_4(sc, MTW_WCID_ATTR(0), 1, 8 * 32); 3136 3137 mtw_write(sc, 0x1648, 0x00830083); 3138 mtw_read(sc, MTW_FCE_L2_STUFF, &tmp); 3139 tmp &= ~MTW_L2S_WR_MPDU_LEN_EN; 3140 mtw_write(sc, MTW_FCE_L2_STUFF, tmp); 3141 3142 /* RTS config */ 3143 mtw_set_txrts(sc); 3144 3145 /* clear Host to MCU mailbox */ 3146 mtw_write(sc, MTW_BBP_CSR, 0); 3147 mtw_write(sc, MTW_H2M_MAILBOX, 0); 3148 3149 /* clear RX WCID search table */ 3150 mtw_set_region_4(sc, MTW_WCID_ENTRY(0), 0xffffffff, 512); 3151 3152 /* abort TSF synchronization */ 3153 mtw_abort_tsf_sync(sc); 3154 3155 mtw_read(sc, MTW_US_CYC_CNT, &tmp); 3156 tmp = (tmp & ~0xff); 3157 if (sc->mac_ver == 0x7601) 3158 tmp |= 0x1e; 3159 mtw_write(sc, MTW_US_CYC_CNT, tmp); 3160 3161 /* clear shared key table */ 3162 mtw_set_region_4(sc, MTW_SKEY(0, 0), 0, 8 * 32); 3163 3164 /* clear IV/EIV table */ 3165 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 8 * 32); 3166 3167 /* clear shared key mode */ 3168 mtw_write(sc, MTW_SKEY_MODE_0_7, 0); 3169 mtw_write(sc, MTW_SKEY_MODE_8_15, 0); 3170 3171 /* txop truncation */ 3172 mtw_write(sc, MTW_TXOP_CTRL_CFG, 0x0000583f); 3173 3174 /* init Tx power for all Tx rates */ 3175 for (ridx = 0; ridx < 5; ridx++) { 3176 if (sc->txpow20mhz[ridx] == 0xffffffff) 3177 continue; 3178 mtw_write(sc, MTW_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 3179 } 3180 mtw_write(sc, MTW_TX_PWR_CFG7, 0); 3181 mtw_write(sc, MTW_TX_PWR_CFG9, 0); 3182 3183 mtw_read(sc, MTW_CMB_CTRL, &tmp); 3184 tmp &= ~(1 << 18 | 1 << 14); 3185 mtw_write(sc, MTW_CMB_CTRL, tmp); 3186 3187 /* clear USB DMA */ 3188 mtw_write(sc, MTW_USB_DMA_CFG, MTW_USB_TX_EN | MTW_USB_RX_EN | 3189 MTW_USB_RX_AGG_EN | MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT | 3190 MTW_USB_RX_WL_DROP); 3191 usbd_delay_ms(sc->sc_udev, 50); 3192 mtw_read(sc, MTW_USB_DMA_CFG, &tmp); 3193 tmp &= ~(MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT | 3194 MTW_USB_RX_WL_DROP); 3195 mtw_write(sc, MTW_USB_DMA_CFG, tmp); 3196 3197 /* enable radio */ 3198 mtw_mcu_radio(sc, 0x31, 0); 3199 3200 /* init RF registers */ 3201 if (sc->mac_ver == 0x7601) 3202 mt7601_rf_init(sc); 3203 3204 /* init baseband registers */ 3205 if (sc->mac_ver == 0x7601) 3206 error = mt7601_bbp_init(sc); 3207 3208 if (error != 0) { 3209 printf("%s: could not initialize BBP\n", sc->sc_dev.dv_xname); 3210 goto fail; 3211 } 3212 3213 /* setup and calibrate RF */ 3214 if (sc->mac_ver == 0x7601) 3215 error = mt7601_rf_setup(sc); 3216 3217 if (error != 0) { 3218 printf("%s: could not initialize RF\n", sc->sc_dev.dv_xname); 3219 goto fail; 3220 } 3221 3222 /* select default channel */ 3223 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 3224 mtw_set_chan(sc, ic->ic_ibss_chan); 3225 3226 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 3227 struct mtw_rx_data *data = &sc->rxq[MTW_RXQ_WLAN].data[i]; 3228 3229 usbd_setup_xfer(data->xfer, sc->rxq[MTW_RXQ_WLAN].pipeh, 3230 data, data->buf, 3231 MTW_MAX_RXSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY, 3232 USBD_NO_TIMEOUT, mtw_rxeof); 3233 error = usbd_transfer(data->xfer); 3234 if (error != 0 && error != USBD_IN_PROGRESS) 3235 goto fail; 3236 } 3237 3238 if ((error = mtw_txrx_enable(sc)) != 0) 3239 goto fail; 3240 3241 /* init LEDs */ 3242 mtw_set_leds(sc, MTW_LED_MODE_ON); 3243 3244 ifp->if_flags |= IFF_RUNNING; 3245 ifq_clr_oactive(&ifp->if_snd); 3246 3247 if (ic->ic_flags & IEEE80211_F_WEPON) { 3248 /* install WEP keys */ 3249 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 3250 if (ic->ic_nw_keys[i].k_cipher != IEEE80211_CIPHER_NONE) 3251 (void)mtw_set_key(ic, NULL, &ic->ic_nw_keys[i]); 3252 } 3253 } 3254 3255 if (ic->ic_opmode == IEEE80211_M_MONITOR) 3256 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3257 else 3258 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3259 3260 if (error != 0) 3261 fail: mtw_stop(ifp, 1); 3262 return error; 3263 } 3264 3265 void 3266 mtw_stop(struct ifnet *ifp, int disable) 3267 { 3268 struct mtw_softc *sc = ifp->if_softc; 3269 struct ieee80211com *ic = &sc->sc_ic; 3270 uint32_t tmp; 3271 int s, ntries, error, qid; 3272 3273 if (ifp->if_flags & IFF_RUNNING) 3274 mtw_set_leds(sc, MTW_LED_MODE_ON); 3275 3276 sc->sc_tx_timer = 0; 3277 ifp->if_timer = 0; 3278 ifp->if_flags &= ~IFF_RUNNING; 3279 ifq_clr_oactive(&ifp->if_snd); 3280 3281 timeout_del(&sc->scan_to); 3282 timeout_del(&sc->calib_to); 3283 3284 s = splusb(); 3285 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3286 /* wait for all queued asynchronous commands to complete */ 3287 usb_wait_task(sc->sc_udev, &sc->sc_task); 3288 splx(s); 3289 3290 /* Disable Tx/Rx DMA. */ 3291 mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp); 3292 tmp &= ~(MTW_RX_DMA_EN | MTW_TX_DMA_EN); 3293 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3294 mtw_usb_dma_write(sc, 0); 3295 3296 for (ntries = 0; ntries < 100; ntries++) { 3297 if (mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp) != 0) 3298 break; 3299 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3300 break; 3301 DELAY(10); 3302 } 3303 if (ntries == 100) { 3304 printf("%s: timeout waiting for DMA engine\n", 3305 sc->sc_dev.dv_xname); 3306 } 3307 3308 /* stop MAC Tx/Rx */ 3309 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp); 3310 tmp &= ~(MTW_MAC_RX_EN | MTW_MAC_TX_EN); 3311 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp); 3312 3313 /* disable RTS retry */ 3314 mtw_read(sc, MTW_TX_RTS_CFG, &tmp); 3315 tmp &= ~0xff; 3316 mtw_write(sc, MTW_TX_RTS_CFG, tmp); 3317 3318 /* US_CYC_CFG */ 3319 mtw_read(sc, MTW_US_CYC_CNT, &tmp); 3320 tmp = (tmp & ~0xff); 3321 mtw_write(sc, MTW_US_CYC_CNT, tmp); 3322 3323 /* stop PBF */ 3324 mtw_read(sc, MTW_PBF_CFG, &tmp); 3325 tmp &= ~0x3; 3326 mtw_write(sc, MTW_PBF_CFG, tmp); 3327 3328 /* wait for pending Tx to complete */ 3329 for (ntries = 0; ntries < 100; ntries++) { 3330 if ((error = mtw_read(sc, MTW_TXRXQ_PCNT, &tmp)) != 0) 3331 break; 3332 if ((tmp & MTW_TX2Q_PCNT_MASK) == 0) 3333 break; 3334 } 3335 DELAY(1000); 3336 3337 /* delete keys */ 3338 for (qid = 0; qid < 4; qid++) { 3339 mtw_read(sc, MTW_SKEY_MODE_0_7, &tmp); 3340 tmp &= ~(0xf << qid * 4); 3341 mtw_write(sc, MTW_SKEY_MODE_0_7, tmp); 3342 } 3343 3344 if (disable) { 3345 /* disable radio */ 3346 error = mtw_mcu_radio(sc, 0x30, 0x1); 3347 usbd_delay_ms(sc->sc_udev, 10); 3348 } 3349 3350 /* free Tx and Rx rings */ 3351 sc->qfullmsk = 0; 3352 mtw_free_mcu_ring(sc); 3353 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) 3354 mtw_free_tx_ring(sc, qid); 3355 mtw_free_rx_ring(sc, 0); 3356 } 3357