1 /* $OpenBSD: if_mtw.c,v 1.5 2022/04/21 21:03:03 stsp Exp $ */ 2 /* 3 * Copyright (c) 2008-2010 Damien Bergamini <damien.bergamini@free.fr> 4 * Copyright (c) 2013-2014 Kevin Lo 5 * Copyright (c) 2021 James Hastings 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * MediaTek MT7601U 802.11b/g/n WLAN. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/kernel.h> 30 #include <sys/socket.h> 31 #include <sys/systm.h> 32 #include <sys/timeout.h> 33 #include <sys/conf.h> 34 #include <sys/device.h> 35 #include <sys/endian.h> 36 37 #include <machine/intr.h> 38 39 #if NBPFILTER > 0 40 #include <net/bpf.h> 41 #endif 42 #include <net/if.h> 43 #include <net/if_dl.h> 44 #include <net/if_media.h> 45 46 #include <netinet/in.h> 47 #include <netinet/if_ether.h> 48 49 #include <net80211/ieee80211_var.h> 50 #include <net80211/ieee80211_amrr.h> 51 #include <net80211/ieee80211_ra.h> 52 #include <net80211/ieee80211_radiotap.h> 53 54 #include <dev/usb/usb.h> 55 #include <dev/usb/usbdi.h> 56 #include <dev/usb/usbdi_util.h> 57 #include <dev/usb/usbdevs.h> 58 59 #include <dev/ic/mtwreg.h> 60 #include <dev/usb/if_mtwvar.h> 61 62 #ifdef MTW_DEBUG 63 #define DPRINTF(x) do { if (mtw_debug) printf x; } while (0) 64 #define DPRINTFN(n, x) do { if (mtw_debug >= (n)) printf x; } while (0) 65 int mtw_debug = 0; 66 #else 67 #define DPRINTF(x) 68 #define DPRINTFN(n, x) 69 #endif 70 71 #define USB_ID(v, p) { USB_VENDOR_##v, USB_PRODUCT_##v##_##p } 72 static const struct usb_devno mtw_devs[] = { 73 USB_ID(ASUS, USBN10V2), 74 USB_ID(AZUREWAVE, MT7601_1), 75 USB_ID(AZUREWAVE, MT7601_2), 76 USB_ID(DLINK, DWA127B1), 77 USB_ID(EDIMAX, EW7711UANV2), 78 USB_ID(MEDIATEK, MT7601_1), 79 USB_ID(MEDIATEK, MT7601_2), 80 USB_ID(RALINK, MT7601), 81 USB_ID(RALINK, MT7601_2), 82 USB_ID(RALINK, MT7601_3), 83 USB_ID(RALINK, MT7601_4), 84 USB_ID(RALINK, MT7601_5), 85 USB_ID(XIAOMI, MT7601U), 86 }; 87 88 int mtw_match(struct device *, void *, void *); 89 void mtw_attach(struct device *, struct device *, void *); 90 int mtw_detach(struct device *, int); 91 void mtw_attachhook(struct device *); 92 int mtw_alloc_rx_ring(struct mtw_softc *, int); 93 void mtw_free_rx_ring(struct mtw_softc *, int); 94 int mtw_alloc_tx_ring(struct mtw_softc *, int); 95 void mtw_free_tx_ring(struct mtw_softc *, int); 96 int mtw_alloc_mcu_ring(struct mtw_softc *); 97 void mtw_free_mcu_ring(struct mtw_softc *); 98 int mtw_ucode_write(struct mtw_softc *, const uint8_t *, 99 uint32_t, uint32_t); 100 void mtw_ucode_setup(struct mtw_softc *); 101 int mtw_load_microcode(struct mtw_softc *); 102 int mtw_reset(struct mtw_softc *); 103 int mtw_read(struct mtw_softc *, uint16_t, uint32_t *); 104 int mtw_read_cfg(struct mtw_softc *, uint16_t, uint32_t *); 105 int mtw_read_region_1(struct mtw_softc *, uint16_t, 106 uint8_t *, int); 107 int mtw_write_2(struct mtw_softc *, uint16_t, uint16_t); 108 int mtw_write(struct mtw_softc *, uint16_t, uint32_t); 109 int mtw_write_cfg(struct mtw_softc *, uint16_t, uint32_t); 110 int mtw_write_ivb(struct mtw_softc *, const uint8_t *, uint16_t); 111 int mtw_write_region_1(struct mtw_softc *, uint16_t, 112 uint8_t *, int); 113 int mtw_set_region_4(struct mtw_softc *, uint16_t, uint32_t, int); 114 int mtw_efuse_read_2(struct mtw_softc *, uint16_t, uint16_t *); 115 int mtw_eeprom_read_2(struct mtw_softc *, uint16_t, uint16_t *); 116 int mtw_rf_read(struct mtw_softc *, uint8_t, uint8_t, uint8_t *); 117 int mtw_rf_write(struct mtw_softc *, uint8_t, uint8_t, uint8_t); 118 int mtw_bbp_read(struct mtw_softc *, uint8_t, uint8_t *); 119 int mtw_bbp_write(struct mtw_softc *, uint8_t, uint8_t); 120 int mtw_usb_dma_read(struct mtw_softc *, uint32_t *); 121 int mtw_usb_dma_write(struct mtw_softc *, uint32_t); 122 int mtw_mcu_calibrate(struct mtw_softc *, int, uint32_t); 123 int mtw_mcu_channel(struct mtw_softc *, uint32_t, uint32_t, uint32_t); 124 int mtw_mcu_radio(struct mtw_softc *, int, uint32_t); 125 int mtw_mcu_cmd(struct mtw_softc *, int, void *, int); 126 const char * mtw_get_rf(int); 127 void mtw_get_txpower(struct mtw_softc *); 128 int mtw_read_eeprom(struct mtw_softc *); 129 struct ieee80211_node *mtw_node_alloc(struct ieee80211com *); 130 int mtw_media_change(struct ifnet *); 131 void mtw_next_scan(void *); 132 void mtw_task(void *); 133 void mtw_do_async(struct mtw_softc *, void (*)(struct mtw_softc *, 134 void *), void *, int); 135 int mtw_newstate(struct ieee80211com *, enum ieee80211_state, int); 136 void mtw_newstate_cb(struct mtw_softc *, void *); 137 void mtw_updateedca(struct ieee80211com *); 138 void mtw_updateedca_cb(struct mtw_softc *, void *); 139 void mtw_updateslot(struct ieee80211com *); 140 void mtw_updateslot_cb(struct mtw_softc *, void *); 141 int mtw_set_key(struct ieee80211com *, struct ieee80211_node *, 142 struct ieee80211_key *); 143 void mtw_set_key_cb(struct mtw_softc *, void *); 144 void mtw_delete_key(struct ieee80211com *, struct ieee80211_node *, 145 struct ieee80211_key *); 146 void mtw_delete_key_cb(struct mtw_softc *, void *); 147 void mtw_calibrate_to(void *); 148 void mtw_calibrate_cb(struct mtw_softc *, void *); 149 void mtw_newassoc(struct ieee80211com *, struct ieee80211_node *, 150 int); 151 void mtw_rx_frame(struct mtw_softc *, uint8_t *, int, 152 struct mbuf_list *); 153 void mtw_rxeof(struct usbd_xfer *, void *, usbd_status); 154 void mtw_txeof(struct usbd_xfer *, void *, usbd_status); 155 int mtw_tx(struct mtw_softc *, struct mbuf *, 156 struct ieee80211_node *); 157 void mtw_start(struct ifnet *); 158 void mtw_watchdog(struct ifnet *); 159 int mtw_ioctl(struct ifnet *, u_long, caddr_t); 160 void mtw_select_chan_group(struct mtw_softc *, int); 161 void mt7601_set_agc(struct mtw_softc *, uint8_t); 162 void mt7601_set_chan(struct mtw_softc *, u_int); 163 int mtw_set_chan(struct mtw_softc *, struct ieee80211_channel *); 164 void mtw_enable_tsf_sync(struct mtw_softc *); 165 void mtw_abort_tsf_sync(struct mtw_softc *); 166 void mtw_enable_mrr(struct mtw_softc *); 167 void mtw_set_txrts(struct mtw_softc *); 168 void mtw_set_txpreamble(struct mtw_softc *); 169 void mtw_set_basicrates(struct mtw_softc *); 170 void mtw_set_leds(struct mtw_softc *, uint16_t); 171 void mtw_set_bssid(struct mtw_softc *, const uint8_t *); 172 void mtw_set_macaddr(struct mtw_softc *, const uint8_t *); 173 #if NBPFILTER > 0 174 int8_t mtw_rssi2dbm(struct mtw_softc *, uint8_t, uint8_t); 175 #endif 176 int mt7601_bbp_init(struct mtw_softc *); 177 int mt7601_rf_init(struct mtw_softc *); 178 int mt7601_rf_setup(struct mtw_softc *); 179 int mt7601_rf_temperature(struct mtw_softc *, int8_t *); 180 int mt7601_r49_read(struct mtw_softc *, uint8_t, int8_t *); 181 int mt7601_rxdc_cal(struct mtw_softc *); 182 int mtw_wlan_enable(struct mtw_softc *, int); 183 int mtw_txrx_enable(struct mtw_softc *); 184 int mtw_init(struct ifnet *); 185 void mtw_stop(struct ifnet *, int); 186 187 struct cfdriver mtw_cd = { 188 NULL, "mtw", DV_IFNET 189 }; 190 191 const struct cfattach mtw_ca = { 192 sizeof (struct mtw_softc), mtw_match, mtw_attach, mtw_detach 193 }; 194 195 static const struct { 196 uint32_t reg; 197 uint32_t val; 198 } mt7601_def_mac[] = { 199 MT7601_DEF_MAC 200 }; 201 202 static const struct { 203 uint8_t reg; 204 uint8_t val; 205 } mt7601_def_bbp[] = { 206 MT7601_DEF_BBP 207 }; 208 209 static const struct { 210 u_int chan; 211 uint8_t r17, r18, r19, r20; 212 } mt7601_rf_chan[] = { 213 MT7601_RF_CHAN 214 }; 215 216 static const struct { 217 uint8_t reg; 218 uint8_t val; 219 } mt7601_rf_bank0[] = { 220 MT7601_BANK0_RF 221 },mt7601_rf_bank4[] = { 222 MT7601_BANK4_RF 223 },mt7601_rf_bank5[] = { 224 MT7601_BANK5_RF 225 }; 226 227 int 228 mtw_match(struct device *parent, void *match, void *aux) 229 { 230 struct usb_attach_arg *uaa = aux; 231 232 if (uaa->iface == NULL || uaa->configno != 1) 233 return UMATCH_NONE; 234 235 return (usb_lookup(mtw_devs, uaa->vendor, uaa->product) != NULL) ? 236 UMATCH_VENDOR_PRODUCT_CONF_IFACE : UMATCH_NONE; 237 } 238 239 void 240 mtw_attach(struct device *parent, struct device *self, void *aux) 241 { 242 struct mtw_softc *sc = (struct mtw_softc *)self; 243 struct usb_attach_arg *uaa = aux; 244 usb_interface_descriptor_t *id; 245 usb_endpoint_descriptor_t *ed; 246 int i, error, nrx, ntx, ntries; 247 uint32_t ver; 248 249 sc->sc_udev = uaa->device; 250 sc->sc_iface = uaa->iface; 251 252 /* 253 * Find all bulk endpoints. 254 */ 255 nrx = ntx = 0; 256 id = usbd_get_interface_descriptor(sc->sc_iface); 257 for (i = 0; i < id->bNumEndpoints; i++) { 258 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 259 if (ed == NULL || UE_GET_XFERTYPE(ed->bmAttributes) != UE_BULK) 260 continue; 261 262 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN) { 263 sc->rxq[nrx].pipe_no = ed->bEndpointAddress; 264 nrx++; 265 } else if (ntx < 6) { 266 if (ntx == 0) 267 sc->txq[MTW_TXQ_MCU].pipe_no = 268 ed->bEndpointAddress; 269 else 270 sc->txq[ntx - 1].pipe_no = 271 ed->bEndpointAddress; 272 ntx++; 273 } 274 } 275 /* make sure we've got them all */ 276 if (nrx < 2 || ntx < 6) { 277 printf("%s: missing endpoint\n", sc->sc_dev.dv_xname); 278 return; 279 } 280 281 /* wait for the chip to settle */ 282 for (ntries = 0; ntries < 100; ntries++) { 283 if ((error = mtw_read(sc, MTW_ASIC_VER, &ver)) != 0) 284 return; 285 if (ver != 0 && ver != 0xffffffff) 286 break; 287 DPRINTF(("%08x ", ver)); 288 DELAY(10); 289 } 290 if (ntries == 100) { 291 printf("%s: timeout waiting for NIC to initialize\n", 292 sc->sc_dev.dv_xname); 293 return; 294 } 295 296 sc->asic_ver = ver >> 16; 297 sc->asic_rev = ver & 0xffff; 298 299 usb_init_task(&sc->sc_task, mtw_task, sc, USB_TASK_TYPE_GENERIC); 300 timeout_set(&sc->scan_to, mtw_next_scan, sc); 301 timeout_set(&sc->calib_to, mtw_calibrate_to, sc); 302 303 sc->amrr.amrr_min_success_threshold = 1; 304 sc->amrr.amrr_max_success_threshold = 10; 305 306 config_mountroot(self, mtw_attachhook); 307 } 308 309 int 310 mtw_detach(struct device *self, int flags) 311 { 312 struct mtw_softc *sc = (struct mtw_softc *)self; 313 struct ifnet *ifp = &sc->sc_ic.ic_if; 314 int qid, s; 315 316 s = splusb(); 317 318 if (timeout_initialized(&sc->scan_to)) 319 timeout_del(&sc->scan_to); 320 if (timeout_initialized(&sc->calib_to)) 321 timeout_del(&sc->calib_to); 322 323 /* wait for all queued asynchronous commands to complete */ 324 usb_rem_wait_task(sc->sc_udev, &sc->sc_task); 325 326 usbd_ref_wait(sc->sc_udev); 327 328 if (ifp->if_softc != NULL) { 329 ifp->if_flags &= ~IFF_RUNNING; 330 ifq_clr_oactive(&ifp->if_snd); 331 ieee80211_ifdetach(ifp); 332 if_detach(ifp); 333 } 334 335 /* free rings and close pipes */ 336 mtw_free_mcu_ring(sc); 337 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) 338 mtw_free_tx_ring(sc, qid); 339 mtw_free_rx_ring(sc, 0); 340 mtw_free_rx_ring(sc, 1); 341 342 splx(s); 343 return 0; 344 } 345 346 void 347 mtw_attachhook(struct device *self) 348 { 349 struct mtw_softc *sc = (struct mtw_softc *)self; 350 struct ieee80211com *ic = &sc->sc_ic; 351 struct ifnet *ifp = &ic->ic_if; 352 uint32_t tmp; 353 int ntries, error, i; 354 355 if (usbd_is_dying(sc->sc_udev)) 356 return; 357 358 /* enable WLAN core */ 359 if ((error = mtw_wlan_enable(sc, 1)) != 0) { 360 printf("%s: could not enable WLAN core\n", 361 sc->sc_dev.dv_xname); 362 return; 363 } 364 365 /* load firmware */ 366 if ((error = mtw_load_microcode(sc)) != 0) { 367 printf("%s: could not load microcode\n", 368 sc->sc_dev.dv_xname); 369 goto fail; 370 } 371 372 mtw_usb_dma_read(sc, &tmp); 373 mtw_usb_dma_write(sc, tmp | (MTW_USB_RX_EN | MTW_USB_TX_EN)); 374 375 /* read MAC version */ 376 for (ntries = 0; ntries < 100; ntries++) { 377 if ((error = mtw_read(sc, MTW_MAC_VER_ID, &tmp)) != 0) 378 goto fail; 379 if (tmp != 0 && tmp != 0xffffffff) 380 break; 381 DELAY(10); 382 } 383 if (ntries == 100) { 384 printf("%s: failed reading MAC\n", sc->sc_dev.dv_xname); 385 goto fail; 386 } 387 388 sc->mac_ver = tmp >> 16; 389 sc->mac_rev = tmp & 0xffff; 390 391 /* retrieve RF rev. no and various other things from EEPROM */ 392 mtw_read_eeprom(sc); 393 394 printf("%s: MAC/BBP MT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), " 395 "address %s\n", sc->sc_dev.dv_xname, sc->mac_ver, 396 sc->mac_rev, mtw_get_rf(sc->rf_rev), sc->ntxchains, 397 sc->nrxchains, ether_sprintf(ic->ic_myaddr)); 398 399 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 400 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 401 ic->ic_state = IEEE80211_S_INIT; 402 403 /* set device capabilities */ 404 ic->ic_caps = 405 IEEE80211_C_MONITOR | /* monitor mode supported */ 406 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 407 IEEE80211_C_SHSLOT | /* short slot time supported */ 408 IEEE80211_C_WEP | /* WEP */ 409 IEEE80211_C_RSN; /* WPA/RSN */ 410 411 /* set supported .11b and .11g rates */ 412 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 413 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 414 415 /* set supported .11b and .11g channels (1 through 14) */ 416 for (i = 1; i <= 14; i++) { 417 ic->ic_channels[i].ic_freq = 418 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 419 ic->ic_channels[i].ic_flags = 420 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 421 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 422 } 423 424 ifp->if_softc = sc; 425 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 426 ifp->if_ioctl = mtw_ioctl; 427 ifp->if_start = mtw_start; 428 ifp->if_watchdog = mtw_watchdog; 429 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 430 431 if_attach(ifp); 432 ieee80211_ifattach(ifp); 433 ic->ic_node_alloc = mtw_node_alloc; 434 ic->ic_newassoc = mtw_newassoc; 435 ic->ic_updateslot = mtw_updateslot; 436 ic->ic_updateedca = mtw_updateedca; 437 ic->ic_set_key = mtw_set_key; 438 ic->ic_delete_key = mtw_delete_key; 439 440 /* override 802.11 state transition machine */ 441 sc->sc_newstate = ic->ic_newstate; 442 ic->ic_newstate = mtw_newstate; 443 ieee80211_media_init(ifp, mtw_media_change, ieee80211_media_status); 444 445 #if NBPFILTER > 0 446 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 447 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 448 449 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 450 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 451 sc->sc_rxtap.wr_ihdr.it_present = htole32(MTW_RX_RADIOTAP_PRESENT); 452 453 sc->sc_txtap_len = sizeof sc->sc_txtapu; 454 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 455 sc->sc_txtap.wt_ihdr.it_present = htole32(MTW_TX_RADIOTAP_PRESENT); 456 #endif 457 fail: 458 return; 459 } 460 461 int 462 mtw_alloc_rx_ring(struct mtw_softc *sc, int qid) 463 { 464 struct mtw_rx_ring *rxq = &sc->rxq[qid]; 465 int i, error; 466 467 if ((error = usbd_open_pipe(sc->sc_iface, rxq->pipe_no, 0, 468 &rxq->pipeh)) != 0) 469 goto fail; 470 471 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 472 struct mtw_rx_data *data = &rxq->data[i]; 473 474 data->sc = sc; /* backpointer for callbacks */ 475 476 data->xfer = usbd_alloc_xfer(sc->sc_udev); 477 if (data->xfer == NULL) { 478 error = ENOMEM; 479 goto fail; 480 } 481 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_RXSZ); 482 if (data->buf == NULL) { 483 error = ENOMEM; 484 goto fail; 485 } 486 } 487 if (error != 0) 488 fail: mtw_free_rx_ring(sc, 0); 489 return error; 490 } 491 492 void 493 mtw_free_rx_ring(struct mtw_softc *sc, int qid) 494 { 495 struct mtw_rx_ring *rxq = &sc->rxq[qid]; 496 int i; 497 498 if (rxq->pipeh != NULL) { 499 usbd_close_pipe(rxq->pipeh); 500 rxq->pipeh = NULL; 501 } 502 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 503 if (rxq->data[i].xfer != NULL) 504 usbd_free_xfer(rxq->data[i].xfer); 505 rxq->data[i].xfer = NULL; 506 } 507 } 508 509 int 510 mtw_alloc_tx_ring(struct mtw_softc *sc, int qid) 511 { 512 struct mtw_tx_ring *txq = &sc->txq[qid]; 513 int i, error; 514 uint16_t txwisize; 515 516 txwisize = sizeof(struct mtw_txwi); 517 518 txq->cur = txq->queued = 0; 519 520 if ((error = usbd_open_pipe(sc->sc_iface, txq->pipe_no, 0, 521 &txq->pipeh)) != 0) 522 goto fail; 523 524 for (i = 0; i < MTW_TX_RING_COUNT; i++) { 525 struct mtw_tx_data *data = &txq->data[i]; 526 527 data->sc = sc; /* backpointer for callbacks */ 528 data->qid = qid; 529 530 data->xfer = usbd_alloc_xfer(sc->sc_udev); 531 if (data->xfer == NULL) { 532 error = ENOMEM; 533 goto fail; 534 } 535 536 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ); 537 if (data->buf == NULL) { 538 error = ENOMEM; 539 goto fail; 540 } 541 542 /* zeroize the TXD + TXWI part */ 543 memset(data->buf, 0, MTW_MAX_TXSZ); 544 } 545 if (error != 0) 546 fail: mtw_free_tx_ring(sc, qid); 547 return error; 548 } 549 550 void 551 mtw_free_tx_ring(struct mtw_softc *sc, int qid) 552 { 553 struct mtw_tx_ring *txq = &sc->txq[qid]; 554 int i; 555 556 if (txq->pipeh != NULL) { 557 usbd_close_pipe(txq->pipeh); 558 txq->pipeh = NULL; 559 } 560 for (i = 0; i < MTW_TX_RING_COUNT; i++) { 561 if (txq->data[i].xfer != NULL) 562 usbd_free_xfer(txq->data[i].xfer); 563 txq->data[i].xfer = NULL; 564 } 565 } 566 567 int 568 mtw_alloc_mcu_ring(struct mtw_softc *sc) 569 { 570 struct mtw_tx_ring *ring = &sc->sc_mcu; 571 struct mtw_tx_data *data = &ring->data[0]; 572 int error = 0; 573 574 ring->cur = ring->queued = 0; 575 576 data->sc = sc; /* backpointer for callbacks */ 577 data->qid = 5; 578 579 data->xfer = usbd_alloc_xfer(sc->sc_udev); 580 if (data->xfer == NULL) { 581 error = ENOMEM; 582 goto fail; 583 } 584 585 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ); 586 if (data->buf == NULL) { 587 error = ENOMEM; 588 goto fail; 589 } 590 /* zeroize the TXD */ 591 memset(data->buf, 0, 4); 592 593 if (error != 0) 594 fail: mtw_free_mcu_ring(sc); 595 return error; 596 597 598 } 599 void 600 mtw_free_mcu_ring(struct mtw_softc *sc) 601 { 602 struct mtw_tx_ring *txq = &sc->sc_mcu; 603 604 if (txq->data[0].xfer != NULL) 605 usbd_free_xfer(txq->data[0].xfer); 606 txq->data[0].xfer = NULL; 607 } 608 609 int 610 mtw_ucode_write(struct mtw_softc *sc, const uint8_t *fw, uint32_t len, 611 uint32_t offset) 612 { 613 struct mtw_tx_ring *ring = &sc->txq[MTW_TXQ_MCU]; 614 struct usbd_xfer *xfer; 615 struct mtw_txd *txd; 616 uint8_t *buf; 617 uint32_t blksz, sent, tmp, xferlen; 618 int error; 619 620 blksz = 0x2000; 621 if (sc->asic_ver == 0x7612 && offset >= 0x90000) 622 blksz = 0x800; /* MT7612 ROM Patch */ 623 624 xfer = usbd_alloc_xfer(sc->sc_udev); 625 if (xfer == NULL) { 626 error = ENOMEM; 627 goto fail; 628 } 629 buf = usbd_alloc_buffer(xfer, blksz + 12); 630 if (buf == NULL) { 631 error = ENOMEM; 632 goto fail; 633 } 634 635 sent = 0; 636 for (;;) { 637 xferlen = min(len - sent, blksz); 638 if (xferlen == 0) 639 break; 640 641 txd = (struct mtw_txd *)buf; 642 txd->len = htole16(xferlen); 643 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_MCU); 644 645 memcpy(buf + sizeof(struct mtw_txd), fw + sent, xferlen); 646 memset(buf + sizeof(struct mtw_txd) + xferlen, 0, MTW_DMA_PAD); 647 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, offset + sent); 648 mtw_write_cfg(sc, MTW_MCU_DMA_LEN, (xferlen << 16)); 649 650 usbd_setup_xfer(xfer, ring->pipeh, NULL, buf, 651 xferlen + sizeof(struct mtw_txd) + MTW_DMA_PAD, 652 USBD_SHORT_XFER_OK | USBD_SYNCHRONOUS | USBD_NO_COPY, 653 MTW_TX_TIMEOUT, NULL); 654 if ((error = usbd_transfer(xfer)) != 0) 655 break; 656 657 mtw_read_cfg(sc, MTW_MCU_DMA_LEN, &tmp); 658 659 mtw_read(sc, MTW_MCU_FW_IDX, &tmp); 660 mtw_write(sc, MTW_MCU_FW_IDX, tmp++); 661 662 sent += xferlen; 663 } 664 fail: 665 if (xfer != NULL) { 666 usbd_free_xfer(xfer); 667 xfer = NULL; 668 } 669 return error; 670 } 671 672 void 673 mtw_ucode_setup(struct mtw_softc *sc) 674 { 675 mtw_usb_dma_write(sc, (MTW_USB_TX_EN | MTW_USB_RX_EN)); 676 mtw_write(sc, MTW_FCE_PSE_CTRL, 1); 677 mtw_write(sc, MTW_TX_CPU_FCE_BASE, 0x400230); 678 mtw_write(sc, MTW_TX_CPU_FCE_MAX_COUNT, 1); 679 mtw_write(sc, MTW_MCU_FW_IDX, 1); 680 mtw_write(sc, MTW_FCE_PDMA, 0x44); 681 mtw_write(sc, MTW_FCE_SKIP_FS, 3); 682 } 683 684 int 685 mtw_load_microcode(struct mtw_softc *sc) 686 { 687 const struct mtw_ucode_hdr *hdr; 688 const struct mtw_ucode *fw; 689 const char *fwname; 690 u_char *ucode; 691 size_t size; 692 uint32_t tmp, iofs, dofs; 693 int ntries, error; 694 int dlen, ilen; 695 696 /* is firmware already running? */ 697 mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp); 698 if (tmp == MTW_MCU_READY) 699 return 0; 700 701 /* open MCU pipe */ 702 if ((error = usbd_open_pipe(sc->sc_iface, sc->txq[MTW_TXQ_MCU].pipe_no, 703 0, &sc->txq[MTW_TXQ_MCU].pipeh)) != 0) 704 return error; 705 706 if (sc->asic_ver == 0x7612) { 707 fwname = "mtw-mt7662u_rom_patch"; 708 709 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 710 printf("%s: failed loadfirmware of file %s (error %d)\n", 711 sc->sc_dev.dv_xname, fwname, error); 712 return error; 713 } 714 fw = (const struct mtw_ucode *) ucode + 0x1e; 715 ilen = size - 0x1e; 716 717 mtw_ucode_setup(sc); 718 719 if ((error = mtw_ucode_write(sc, fw->data, ilen, 0x90000)) != 0) 720 goto fail; 721 722 mtw_read_cfg(sc, 0x0208, &tmp); 723 mtw_usb_dma_write(sc, 0x00e41814); 724 free(ucode, M_DEVBUF, size); 725 } 726 727 fwname = "mtw-mt7601u"; 728 iofs = 0x40; 729 dofs = 0; 730 if (sc->asic_ver == 0x7612) { 731 fwname = "mtw-mt7662u"; 732 iofs = 0x80040; 733 dofs = 0x110800; 734 } else if (sc->asic_ver == 0x7610) { 735 fwname = "mtw-mt7610u"; 736 dofs = 0x80000; 737 } 738 739 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 740 printf("%s: failed loadfirmware of file %s (error %d)\n", 741 sc->sc_dev.dv_xname, fwname, error); 742 return error; 743 } 744 745 if (size < sizeof(struct mtw_ucode_hdr)) { 746 printf("%s: firmware header too short\n", 747 sc->sc_dev.dv_xname); 748 goto fail; 749 } 750 751 fw = (const struct mtw_ucode *) ucode; 752 hdr = (const struct mtw_ucode_hdr *) &fw->hdr; 753 754 if (size < sizeof(struct mtw_ucode_hdr) + letoh32(hdr->ilm_len) + 755 letoh32(hdr->dlm_len)) { 756 printf("%s: firmware payload too short\n", 757 sc->sc_dev.dv_xname); 758 goto fail; 759 } 760 761 ilen = le32toh(hdr->ilm_len) - MTW_MCU_IVB_LEN; 762 dlen = le32toh(hdr->dlm_len); 763 764 if (ilen > size || dlen > size) { 765 printf("%s: firmware payload too large\n", 766 sc->sc_dev.dv_xname); 767 goto fail; 768 } 769 770 mtw_write(sc, MTW_FCE_PDMA, 0); 771 mtw_write(sc, MTW_FCE_PSE_CTRL, 0); 772 mtw_ucode_setup(sc); 773 774 if ((error = mtw_ucode_write(sc, fw->data, ilen, iofs)) != 0) 775 goto fail; 776 if (dlen > 0 && dofs > 0) { 777 if ((error = mtw_ucode_write(sc, fw->data + ilen, 778 dlen, dofs)) != 0) 779 goto fail; 780 } 781 782 /* write interrupt vectors */ 783 if (sc->asic_ver == 0x7612) { 784 /* MT7612 */ 785 if ((error = mtw_ucode_write(sc, fw->ivb, 786 MTW_MCU_IVB_LEN, 0x80000)) != 0) 787 goto fail; 788 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, 0x00095000); 789 mtw_write_ivb(sc, NULL, 0); 790 } else { 791 /* MT7601/MT7610 */ 792 if ((error = mtw_write_ivb(sc, fw->ivb, 793 MTW_MCU_IVB_LEN)) != 0) 794 goto fail; 795 } 796 797 /* wait until microcontroller is ready */ 798 usbd_delay_ms(sc->sc_udev, 10); 799 800 for (ntries = 0; ntries < 100; ntries++) { 801 if ((error = mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp)) != 0) 802 return error; 803 if (tmp & MTW_MCU_READY) 804 break; 805 usbd_delay_ms(sc->sc_udev, 100); 806 } 807 808 if (ntries == 100) { 809 printf("%s: timeout waiting for MCU to initialize\n", 810 sc->sc_dev.dv_xname); 811 error = ETIMEDOUT; 812 } 813 814 DPRINTF(("%s: loaded firmware ver %d.%d\n", sc->sc_dev.dv_xname, 815 le16toh(hdr->build_ver), le16toh(hdr->fw_ver))); 816 fail: 817 free(ucode, M_DEVBUF, size); 818 usbd_close_pipe(sc->txq[MTW_TXQ_MCU].pipeh); 819 sc->txq[MTW_TXQ_MCU].pipeh = NULL; 820 return error; 821 } 822 823 int 824 mtw_reset(struct mtw_softc *sc) 825 { 826 usb_device_request_t req; 827 828 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 829 req.bRequest = MTW_RESET; 830 USETW(req.wValue, 1); 831 USETW(req.wIndex, 0); 832 USETW(req.wLength, 0); 833 return usbd_do_request(sc->sc_udev, &req, NULL); 834 } 835 836 int 837 mtw_read(struct mtw_softc *sc, uint16_t reg, uint32_t *val) 838 { 839 uint32_t tmp; 840 int error; 841 842 error = mtw_read_region_1(sc, reg, 843 (uint8_t *)&tmp, sizeof tmp); 844 if (error == 0) 845 *val = letoh32(tmp); 846 else 847 *val = 0xffffffff; 848 return error; 849 } 850 851 int 852 mtw_read_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t *val) 853 { 854 usb_device_request_t req; 855 uint32_t tmp; 856 int error; 857 858 req.bmRequestType = UT_READ_VENDOR_DEVICE; 859 req.bRequest = MTW_READ_CFG; 860 USETW(req.wValue, 0); 861 USETW(req.wIndex, reg); 862 USETW(req.wLength, 4); 863 error = usbd_do_request(sc->sc_udev, &req, &tmp); 864 865 if (error == 0) 866 *val = letoh32(tmp); 867 else 868 *val = 0xffffffff; 869 return error; 870 } 871 872 int 873 mtw_read_region_1(struct mtw_softc *sc, uint16_t reg, 874 uint8_t *buf, int len) 875 { 876 usb_device_request_t req; 877 878 req.bmRequestType = UT_READ_VENDOR_DEVICE; 879 req.bRequest = MTW_READ_REGION_1; 880 USETW(req.wValue, 0); 881 USETW(req.wIndex, reg); 882 USETW(req.wLength, len); 883 return usbd_do_request(sc->sc_udev, &req, buf); 884 } 885 886 int 887 mtw_write_2(struct mtw_softc *sc, uint16_t reg, uint16_t val) 888 { 889 usb_device_request_t req; 890 891 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 892 req.bRequest = MTW_WRITE_2; 893 USETW(req.wValue, val); 894 USETW(req.wIndex, reg); 895 USETW(req.wLength, 0); 896 return usbd_do_request(sc->sc_udev, &req, NULL); 897 } 898 899 int 900 mtw_write(struct mtw_softc *sc, uint16_t reg, uint32_t val) 901 { 902 int error; 903 904 if ((error = mtw_write_2(sc, reg, val & 0xffff)) == 0) 905 error = mtw_write_2(sc, reg + 2, val >> 16); 906 return error; 907 } 908 909 int 910 mtw_write_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t val) 911 { 912 usb_device_request_t req; 913 int error; 914 915 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 916 req.bRequest = MTW_WRITE_CFG; 917 USETW(req.wValue, 0); 918 USETW(req.wIndex, reg); 919 USETW(req.wLength, 4); 920 val = htole32(val); 921 error = usbd_do_request(sc->sc_udev, &req, &val); 922 return error; 923 } 924 925 int 926 mtw_write_ivb(struct mtw_softc *sc, const uint8_t *buf, uint16_t len) 927 { 928 usb_device_request_t req; 929 930 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 931 req.bRequest = MTW_RESET; 932 USETW(req.wValue, 0x12); 933 USETW(req.wIndex, 0); 934 USETW(req.wLength, len); 935 return usbd_do_request(sc->sc_udev, &req, (void *)buf); 936 } 937 938 int 939 mtw_write_region_1(struct mtw_softc *sc, uint16_t reg, 940 uint8_t *buf, int len) 941 { 942 usb_device_request_t req; 943 944 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 945 req.bRequest = MTW_WRITE_REGION_1; 946 USETW(req.wValue, 0); 947 USETW(req.wIndex, reg); 948 USETW(req.wLength, len); 949 return usbd_do_request(sc->sc_udev, &req, buf); 950 } 951 952 int 953 mtw_set_region_4(struct mtw_softc *sc, uint16_t reg, uint32_t val, int count) 954 { 955 int error = 0; 956 957 for (; count > 0 && error == 0; count--, reg += 4) 958 error = mtw_write(sc, reg, val); 959 return error; 960 } 961 962 /* Read 16-bit from eFUSE ROM. */ 963 int 964 mtw_efuse_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 965 { 966 uint32_t tmp; 967 uint16_t reg; 968 int error, ntries; 969 970 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0) 971 return error; 972 973 addr *= 2; 974 /* 975 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 976 * DATA0: 3 2 1 0 977 * DATA1: 7 6 5 4 978 * DATA2: B A 9 8 979 * DATA3: F E D C 980 */ 981 tmp &= ~(MTW_EFSROM_MODE_MASK | MTW_EFSROM_AIN_MASK); 982 tmp |= (addr & ~0xf) << MTW_EFSROM_AIN_SHIFT | MTW_EFSROM_KICK; 983 mtw_write(sc, MTW_EFUSE_CTRL, tmp); 984 for (ntries = 0; ntries < 100; ntries++) { 985 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0) 986 return error; 987 if (!(tmp & MTW_EFSROM_KICK)) 988 break; 989 DELAY(2); 990 } 991 if (ntries == 100) 992 return ETIMEDOUT; 993 994 if ((tmp & MTW_EFUSE_AOUT_MASK) == MTW_EFUSE_AOUT_MASK) { 995 *val = 0xffff; /* address not found */ 996 return 0; 997 } 998 /* determine to which 32-bit register our 16-bit word belongs */ 999 reg = MTW_EFUSE_DATA0 + (addr & 0xc); 1000 if ((error = mtw_read(sc, reg, &tmp)) != 0) 1001 return error; 1002 1003 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1004 return 0; 1005 } 1006 1007 int 1008 mtw_eeprom_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 1009 { 1010 usb_device_request_t req; 1011 uint16_t tmp; 1012 int error; 1013 1014 addr *= 2; 1015 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1016 req.bRequest = MTW_EEPROM_READ; 1017 USETW(req.wValue, 0); 1018 USETW(req.wIndex, addr); 1019 USETW(req.wLength, sizeof tmp); 1020 error = usbd_do_request(sc->sc_udev, &req, &tmp); 1021 if (error == 0) 1022 *val = letoh16(tmp); 1023 else 1024 *val = 0xffff; 1025 return error; 1026 } 1027 1028 static __inline int 1029 mtw_srom_read(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 1030 { 1031 /* either eFUSE ROM or EEPROM */ 1032 return sc->sc_srom_read(sc, addr, val); 1033 } 1034 1035 int 1036 mtw_rf_read(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t *val) 1037 { 1038 uint32_t tmp; 1039 int error, ntries, shift; 1040 1041 for (ntries = 0; ntries < 100; ntries++) { 1042 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1043 return error; 1044 if (!(tmp & MTW_RF_CSR_KICK)) 1045 break; 1046 } 1047 if (ntries == 100) 1048 return ETIMEDOUT; 1049 1050 if (sc->mac_ver == 0x7601) 1051 shift = MT7601_BANK_SHIFT; 1052 else 1053 shift = MT7610_BANK_SHIFT; 1054 1055 tmp = MTW_RF_CSR_KICK | (bank & 0xf) << shift | reg << 8; 1056 if ((error = mtw_write(sc, MTW_RF_CSR, tmp)) != 0) 1057 return error; 1058 1059 for (ntries = 0; ntries < 100; ntries++) { 1060 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1061 return error; 1062 if (!(tmp & MTW_RF_CSR_KICK)) 1063 break; 1064 } 1065 if (ntries == 100) 1066 return ETIMEDOUT; 1067 1068 *val = tmp & 0xff; 1069 return 0; 1070 } 1071 1072 int 1073 mtw_rf_write(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t val) 1074 { 1075 uint32_t tmp; 1076 int error, ntries, shift; 1077 1078 for (ntries = 0; ntries < 10; ntries++) { 1079 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1080 return error; 1081 if (!(tmp & MTW_RF_CSR_KICK)) 1082 break; 1083 } 1084 if (ntries == 10) 1085 return ETIMEDOUT; 1086 1087 if (sc->mac_ver == 0x7601) 1088 shift = MT7601_BANK_SHIFT; 1089 else 1090 shift = MT7610_BANK_SHIFT; 1091 1092 tmp = MTW_RF_CSR_WRITE | MTW_RF_CSR_KICK | (bank & 0xf) << shift | 1093 reg << 8 | val; 1094 return mtw_write(sc, MTW_RF_CSR, tmp); 1095 } 1096 1097 int 1098 mtw_bbp_read(struct mtw_softc *sc, uint8_t reg, uint8_t *val) 1099 { 1100 uint32_t tmp; 1101 int ntries, error; 1102 1103 for (ntries = 0; ntries < 10; ntries++) { 1104 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1105 return error; 1106 if (!(tmp & MTW_BBP_CSR_KICK)) 1107 break; 1108 } 1109 if (ntries == 10) 1110 return ETIMEDOUT; 1111 1112 tmp = MTW_BBP_CSR_READ | MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT; 1113 if ((error = mtw_write(sc, MTW_BBP_CSR, tmp)) != 0) 1114 return error; 1115 1116 for (ntries = 0; ntries < 10; ntries++) { 1117 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1118 return error; 1119 if (!(tmp & MTW_BBP_CSR_KICK)) 1120 break; 1121 } 1122 if (ntries == 10) 1123 return ETIMEDOUT; 1124 1125 *val = tmp & 0xff; 1126 return 0; 1127 } 1128 1129 int 1130 mtw_bbp_write(struct mtw_softc *sc, uint8_t reg, uint8_t val) 1131 { 1132 uint32_t tmp; 1133 int ntries, error; 1134 1135 for (ntries = 0; ntries < 10; ntries++) { 1136 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1137 return error; 1138 if (!(tmp & MTW_BBP_CSR_KICK)) 1139 break; 1140 } 1141 if (ntries == 10) 1142 return ETIMEDOUT; 1143 1144 tmp = MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT | val; 1145 return mtw_write(sc, MTW_BBP_CSR, tmp); 1146 } 1147 1148 int 1149 mtw_usb_dma_read(struct mtw_softc *sc, uint32_t *val) 1150 { 1151 if (sc->asic_ver == 0x7612) 1152 return mtw_read_cfg(sc, MTW_USB_U3DMA_CFG, val); 1153 else 1154 return mtw_read(sc, MTW_USB_DMA_CFG, val); 1155 } 1156 1157 int 1158 mtw_usb_dma_write(struct mtw_softc *sc, uint32_t val) 1159 { 1160 if (sc->asic_ver == 0x7612) 1161 return mtw_write_cfg(sc, MTW_USB_U3DMA_CFG, val); 1162 else 1163 return mtw_write(sc, MTW_USB_DMA_CFG, val); 1164 } 1165 1166 int 1167 mtw_mcu_calibrate(struct mtw_softc *sc, int func, uint32_t val) 1168 { 1169 struct mtw_mcu_cmd_8 cmd; 1170 1171 cmd.func = htole32(func); 1172 cmd.val = htole32(val); 1173 return mtw_mcu_cmd(sc, 31, &cmd, sizeof(struct mtw_mcu_cmd_8)); 1174 } 1175 1176 int 1177 mtw_mcu_channel(struct mtw_softc *sc, uint32_t r1, uint32_t r2, uint32_t r4) 1178 { 1179 struct mtw_mcu_cmd_16 cmd; 1180 1181 cmd.r1 = htole32(r1); 1182 cmd.r2 = htole32(r2); 1183 cmd.r3 = 0; 1184 cmd.r4 = htole32(r4); 1185 return mtw_mcu_cmd(sc, 30, &cmd, sizeof(struct mtw_mcu_cmd_16)); 1186 } 1187 1188 int 1189 mtw_mcu_radio(struct mtw_softc *sc, int func, uint32_t val) 1190 { 1191 struct mtw_mcu_cmd_16 cmd; 1192 1193 cmd.r1 = htole32(func); 1194 cmd.r2 = htole32(val); 1195 cmd.r3 = 0; 1196 cmd.r4 = 0; 1197 return mtw_mcu_cmd(sc, 20, &cmd, sizeof(struct mtw_mcu_cmd_16)); 1198 } 1199 1200 int 1201 mtw_mcu_cmd(struct mtw_softc *sc, int cmd, void *buf, int len) 1202 { 1203 struct mtw_tx_ring *ring = &sc->sc_mcu; 1204 struct mtw_tx_data *data = &ring->data[0]; 1205 struct mtw_txd *txd; 1206 int xferlen; 1207 1208 txd = (struct mtw_txd *)(data->buf); 1209 txd->len = htole16(len); 1210 txd->flags = htole16(MTW_TXD_CMD | MTW_TXD_MCU | 1211 (cmd & 0x1f) << MTW_TXD_CMD_SHIFT | (sc->cmd_seq & 0xf)); 1212 1213 memcpy(&txd[1], buf, len); 1214 memset(&txd[1] + len, 0, MTW_DMA_PAD); 1215 xferlen = len + sizeof(struct mtw_txd) + MTW_DMA_PAD; 1216 1217 usbd_setup_xfer(data->xfer, sc->txq[MTW_TXQ_MCU].pipeh, 1218 NULL, data->buf, xferlen, 1219 USBD_SHORT_XFER_OK | USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS, 1220 MTW_TX_TIMEOUT, NULL); 1221 return usbd_transfer(data->xfer); 1222 } 1223 1224 /* 1225 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1226 * Used to adjust per-rate Tx power registers. 1227 */ 1228 static __inline uint32_t 1229 b4inc(uint32_t b32, int8_t delta) 1230 { 1231 int8_t i, b4; 1232 1233 for (i = 0; i < 8; i++) { 1234 b4 = b32 & 0xf; 1235 b4 += delta; 1236 if (b4 < 0) 1237 b4 = 0; 1238 else if (b4 > 0xf) 1239 b4 = 0xf; 1240 b32 = b32 >> 4 | b4 << 28; 1241 } 1242 return b32; 1243 } 1244 1245 const char * 1246 mtw_get_rf(int rev) 1247 { 1248 switch (rev) { 1249 case MT7601_RF_7601: return "MT7601"; 1250 case MT7610_RF_7610: return "MT7610"; 1251 case MT7612_RF_7612: return "MT7612"; 1252 } 1253 return "unknown"; 1254 } 1255 1256 void 1257 mtw_get_txpower(struct mtw_softc *sc) 1258 { 1259 uint16_t val; 1260 int i; 1261 1262 /* Read power settings for 2GHz channels. */ 1263 for (i = 0; i < 14; i += 2) { 1264 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1265 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1266 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1267 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1268 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1269 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1270 } 1271 /* Fix broken Tx power entries. */ 1272 for (i = 0; i < 14; i++) { 1273 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1274 sc->txpow1[i] = 5; 1275 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1276 sc->txpow2[i] = 5; 1277 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1278 mt7601_rf_chan[i].chan, sc->txpow1[i], sc->txpow2[i])); 1279 } 1280 #if 0 1281 /* Read power settings for 5GHz channels. */ 1282 for (i = 0; i < 40; i += 2) { 1283 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1284 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1285 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1286 1287 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1288 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1289 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1290 } 1291 /* Fix broken Tx power entries. */ 1292 for (i = 0; i < 40; i++ ) { 1293 if (sc->mac_ver != 0x5592) { 1294 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1295 sc->txpow1[14 + i] = 5; 1296 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1297 sc->txpow2[14 + i] = 5; 1298 } 1299 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1300 mt7601_rf_chan[14 + i].chan, sc->txpow1[14 + i], 1301 sc->txpow2[14 + i])); 1302 } 1303 #endif 1304 } 1305 1306 int 1307 mtw_read_eeprom(struct mtw_softc *sc) 1308 { 1309 struct ieee80211com *ic = &sc->sc_ic; 1310 int8_t delta_2ghz, delta_5ghz; 1311 uint16_t val; 1312 int ridx, ant; 1313 1314 sc->sc_srom_read = mtw_efuse_read_2; 1315 1316 /* read RF information */ 1317 mtw_srom_read(sc, MTW_EEPROM_CHIPID, &val); 1318 sc->rf_rev = val; 1319 mtw_srom_read(sc, MTW_EEPROM_ANTENNA, &val); 1320 sc->ntxchains = (val >> 4) & 0xf; 1321 sc->nrxchains = val & 0xf; 1322 DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1323 sc->rf_rev, sc->ntxchains, sc->nrxchains)); 1324 1325 /* read ROM version */ 1326 mtw_srom_read(sc, MTW_EEPROM_VERSION, &val); 1327 DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8)); 1328 1329 /* read MAC address */ 1330 mtw_srom_read(sc, MTW_EEPROM_MAC01, &val); 1331 ic->ic_myaddr[0] = val & 0xff; 1332 ic->ic_myaddr[1] = val >> 8; 1333 mtw_srom_read(sc, MTW_EEPROM_MAC23, &val); 1334 ic->ic_myaddr[2] = val & 0xff; 1335 ic->ic_myaddr[3] = val >> 8; 1336 mtw_srom_read(sc, MTW_EEPROM_MAC45, &val); 1337 ic->ic_myaddr[4] = val & 0xff; 1338 ic->ic_myaddr[5] = val >> 8; 1339 #if 0 1340 printf("eFUSE ROM\n00: "); 1341 for (int i = 0; i < 256; i++) { 1342 if (((i % 8) == 0) && i > 0) 1343 printf("\n%02x: ", i); 1344 mtw_srom_read(sc, i, &val); 1345 printf(" %04x", val); 1346 } 1347 printf("\n"); 1348 #endif 1349 /* check if RF supports automatic Tx access gain control */ 1350 mtw_srom_read(sc, MTW_EEPROM_CONFIG, &val); 1351 DPRINTF(("EEPROM CFG 0x%04x\n", val)); 1352 if ((val & 0xff) != 0xff) { 1353 sc->ext_5ghz_lna = (val >> 3) & 1; 1354 sc->ext_2ghz_lna = (val >> 2) & 1; 1355 /* check if RF supports automatic Tx access gain control */ 1356 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1357 /* check if we have a hardware radio switch */ 1358 sc->rfswitch = val & 1; 1359 } 1360 1361 /* read RF frequency offset from EEPROM */ 1362 mtw_srom_read(sc, MTW_EEPROM_FREQ_OFFSET, &val); 1363 if ((val & 0xff) != 0xff) 1364 sc->rf_freq_offset = val; 1365 else 1366 sc->rf_freq_offset = 0; 1367 DPRINTF(("frequency offset 0x%x\n", sc->rf_freq_offset)); 1368 1369 /* Read Tx power settings. */ 1370 mtw_get_txpower(sc); 1371 1372 /* read Tx power compensation for each Tx rate */ 1373 mtw_srom_read(sc, MTW_EEPROM_DELTAPWR, &val); 1374 delta_2ghz = delta_5ghz = 0; 1375 if ((val & 0xff) != 0xff && (val & 0x80)) { 1376 delta_2ghz = val & 0xf; 1377 if (!(val & 0x40)) /* negative number */ 1378 delta_2ghz = -delta_2ghz; 1379 } 1380 val >>= 8; 1381 if ((val & 0xff) != 0xff && (val & 0x80)) { 1382 delta_5ghz = val & 0xf; 1383 if (!(val & 0x40)) /* negative number */ 1384 delta_5ghz = -delta_5ghz; 1385 } 1386 DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n", 1387 delta_2ghz, delta_5ghz)); 1388 1389 for (ridx = 0; ridx < 5; ridx++) { 1390 uint32_t reg; 1391 1392 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2, &val); 1393 reg = val; 1394 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2 + 1, &val); 1395 reg |= (uint32_t)val << 16; 1396 1397 sc->txpow20mhz[ridx] = reg; 1398 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1399 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1400 1401 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1402 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1403 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx])); 1404 } 1405 1406 /* read RSSI offsets and LNA gains from EEPROM */ 1407 val = 0; 1408 mtw_srom_read(sc, MTW_EEPROM_RSSI1_2GHZ, &val); 1409 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1410 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1411 mtw_srom_read(sc, MTW_EEPROM_RSSI2_2GHZ, &val); 1412 /* 1413 * On RT3070 chips (limited to 2 Rx chains), this ROM 1414 * field contains the Tx mixer gain for the 2GHz band. 1415 */ 1416 if ((val & 0xff) != 0xff) 1417 sc->txmixgain_2ghz = val & 0x7; 1418 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz)); 1419 sc->lna[2] = val >> 8; /* channel group 2 */ 1420 mtw_srom_read(sc, MTW_EEPROM_RSSI1_5GHZ, &val); 1421 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1422 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1423 mtw_srom_read(sc, MTW_EEPROM_RSSI2_5GHZ, &val); 1424 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1425 1426 sc->lna[3] = val >> 8; /* channel group 3 */ 1427 1428 mtw_srom_read(sc, MTW_EEPROM_LNA, &val); 1429 sc->lna[0] = val & 0xff; /* channel group 0 */ 1430 sc->lna[1] = val >> 8; /* channel group 1 */ 1431 DPRINTF(("LNA0 0x%x\n", sc->lna[0])); 1432 1433 /* fix broken 5GHz LNA entries */ 1434 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1435 DPRINTF(("invalid LNA for channel group %d\n", 2)); 1436 sc->lna[2] = sc->lna[1]; 1437 } 1438 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1439 DPRINTF(("invalid LNA for channel group %d\n", 3)); 1440 sc->lna[3] = sc->lna[1]; 1441 } 1442 1443 /* fix broken RSSI offset entries */ 1444 for (ant = 0; ant < 3; ant++) { 1445 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1446 DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n", 1447 ant + 1, sc->rssi_2ghz[ant])); 1448 sc->rssi_2ghz[ant] = 0; 1449 } 1450 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1451 DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n", 1452 ant + 1, sc->rssi_5ghz[ant])); 1453 sc->rssi_5ghz[ant] = 0; 1454 } 1455 } 1456 return 0; 1457 } 1458 1459 struct ieee80211_node * 1460 mtw_node_alloc(struct ieee80211com *ic) 1461 { 1462 struct mtw_node *mn; 1463 1464 mn = malloc(sizeof (struct mtw_node), M_USBDEV, M_NOWAIT | M_ZERO); 1465 return (struct ieee80211_node *)mn; 1466 } 1467 1468 int 1469 mtw_media_change(struct ifnet *ifp) 1470 { 1471 struct mtw_softc *sc = ifp->if_softc; 1472 struct ieee80211com *ic = &sc->sc_ic; 1473 uint8_t rate, ridx; 1474 int error; 1475 1476 error = ieee80211_media_change(ifp); 1477 if (error != ENETRESET) 1478 return error; 1479 1480 if (ic->ic_fixed_rate != -1) { 1481 rate = ic->ic_sup_rates[ic->ic_curmode]. 1482 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1483 for (ridx = 0; ridx <= MTW_RIDX_MAX; ridx++) 1484 if (rt2860_rates[ridx].rate == rate) 1485 break; 1486 sc->fixed_ridx = ridx; 1487 } 1488 1489 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1490 (IFF_UP | IFF_RUNNING)) { 1491 mtw_stop(ifp, 0); 1492 error = mtw_init(ifp); 1493 } 1494 return error; 1495 } 1496 1497 void 1498 mtw_next_scan(void *arg) 1499 { 1500 struct mtw_softc *sc = arg; 1501 int s; 1502 1503 if (usbd_is_dying(sc->sc_udev)) 1504 return; 1505 1506 usbd_ref_incr(sc->sc_udev); 1507 1508 s = splnet(); 1509 if (sc->sc_ic.ic_state == IEEE80211_S_SCAN) 1510 ieee80211_next_scan(&sc->sc_ic.ic_if); 1511 splx(s); 1512 1513 usbd_ref_decr(sc->sc_udev); 1514 } 1515 1516 void 1517 mtw_task(void *arg) 1518 { 1519 struct mtw_softc *sc = arg; 1520 struct mtw_host_cmd_ring *ring = &sc->cmdq; 1521 struct mtw_host_cmd *cmd; 1522 int s; 1523 1524 if (usbd_is_dying(sc->sc_udev)) 1525 return; 1526 1527 /* process host commands */ 1528 s = splusb(); 1529 while (ring->next != ring->cur) { 1530 cmd = &ring->cmd[ring->next]; 1531 splx(s); 1532 /* callback */ 1533 cmd->cb(sc, cmd->data); 1534 s = splusb(); 1535 ring->queued--; 1536 ring->next = (ring->next + 1) % MTW_HOST_CMD_RING_COUNT; 1537 } 1538 splx(s); 1539 } 1540 1541 void 1542 mtw_do_async(struct mtw_softc *sc, void (*cb)(struct mtw_softc *, void *), 1543 void *arg, int len) 1544 { 1545 struct mtw_host_cmd_ring *ring = &sc->cmdq; 1546 struct mtw_host_cmd *cmd; 1547 int s; 1548 1549 if (usbd_is_dying(sc->sc_udev)) 1550 return; 1551 1552 s = splusb(); 1553 cmd = &ring->cmd[ring->cur]; 1554 cmd->cb = cb; 1555 KASSERT(len <= sizeof (cmd->data)); 1556 memcpy(cmd->data, arg, len); 1557 ring->cur = (ring->cur + 1) % MTW_HOST_CMD_RING_COUNT; 1558 1559 /* if there is no pending command already, schedule a task */ 1560 if (++ring->queued == 1) 1561 usb_add_task(sc->sc_udev, &sc->sc_task); 1562 splx(s); 1563 } 1564 1565 int 1566 mtw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1567 { 1568 struct mtw_softc *sc = ic->ic_softc; 1569 struct mtw_cmd_newstate cmd; 1570 1571 /* do it in a process context */ 1572 cmd.state = nstate; 1573 cmd.arg = arg; 1574 mtw_do_async(sc, mtw_newstate_cb, &cmd, sizeof cmd); 1575 return 0; 1576 } 1577 1578 void 1579 mtw_newstate_cb(struct mtw_softc *sc, void *arg) 1580 { 1581 struct mtw_cmd_newstate *cmd = arg; 1582 struct ieee80211com *ic = &sc->sc_ic; 1583 enum ieee80211_state ostate; 1584 struct ieee80211_node *ni; 1585 uint32_t sta[3]; 1586 uint8_t wcid; 1587 int s; 1588 1589 s = splnet(); 1590 ostate = ic->ic_state; 1591 1592 if (ostate == IEEE80211_S_RUN) { 1593 /* turn link LED on */ 1594 mtw_set_leds(sc, MTW_LED_MODE_ON); 1595 } 1596 1597 switch (cmd->state) { 1598 case IEEE80211_S_INIT: 1599 if (ostate == IEEE80211_S_RUN) { 1600 /* abort TSF synchronization */ 1601 mtw_abort_tsf_sync(sc); 1602 } 1603 break; 1604 1605 case IEEE80211_S_SCAN: 1606 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1607 if (!usbd_is_dying(sc->sc_udev)) 1608 timeout_add_msec(&sc->scan_to, 200); 1609 break; 1610 1611 case IEEE80211_S_AUTH: 1612 case IEEE80211_S_ASSOC: 1613 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1614 break; 1615 1616 case IEEE80211_S_RUN: 1617 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1618 1619 ni = ic->ic_bss; 1620 1621 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1622 mtw_updateslot(ic); 1623 mtw_enable_mrr(sc); 1624 mtw_set_txpreamble(sc); 1625 mtw_set_basicrates(sc); 1626 mtw_set_bssid(sc, ni->ni_bssid); 1627 } 1628 if (ic->ic_opmode == IEEE80211_M_STA) { 1629 /* add BSS entry to the WCID table */ 1630 wcid = MTW_AID2WCID(ni->ni_associd); 1631 mtw_write_region_1(sc, MTW_WCID_ENTRY(wcid), 1632 ni->ni_macaddr, IEEE80211_ADDR_LEN); 1633 1634 /* fake a join to init the tx rate */ 1635 mtw_newassoc(ic, ni, 1); 1636 } 1637 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1638 mtw_enable_tsf_sync(sc); 1639 1640 /* clear statistic registers used by AMRR */ 1641 mtw_read_region_1(sc, MTW_TX_STA_CNT0, 1642 (uint8_t *)sta, sizeof sta); 1643 /* start calibration timer */ 1644 if (!usbd_is_dying(sc->sc_udev)) 1645 timeout_add_sec(&sc->calib_to, 1); 1646 } 1647 1648 /* turn link LED on */ 1649 mtw_set_leds(sc, MTW_LED_MODE_BLINK_TX); 1650 break; 1651 } 1652 (void)sc->sc_newstate(ic, cmd->state, cmd->arg); 1653 splx(s); 1654 } 1655 1656 void 1657 mtw_updateedca(struct ieee80211com *ic) 1658 { 1659 /* do it in a process context */ 1660 mtw_do_async(ic->ic_softc, mtw_updateedca_cb, NULL, 0); 1661 } 1662 1663 /* ARGSUSED */ 1664 void 1665 mtw_updateedca_cb(struct mtw_softc *sc, void *arg) 1666 { 1667 struct ieee80211com *ic = &sc->sc_ic; 1668 int s, aci; 1669 1670 s = splnet(); 1671 /* update MAC TX configuration registers */ 1672 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 1673 mtw_write(sc, MTW_EDCA_AC_CFG(aci), 1674 ic->ic_edca_ac[aci].ac_ecwmax << 16 | 1675 ic->ic_edca_ac[aci].ac_ecwmin << 12 | 1676 ic->ic_edca_ac[aci].ac_aifsn << 8 | 1677 ic->ic_edca_ac[aci].ac_txoplimit); 1678 } 1679 1680 /* update SCH/DMA registers too */ 1681 mtw_write(sc, MTW_WMM_AIFSN_CFG, 1682 ic->ic_edca_ac[EDCA_AC_VO].ac_aifsn << 12 | 1683 ic->ic_edca_ac[EDCA_AC_VI].ac_aifsn << 8 | 1684 ic->ic_edca_ac[EDCA_AC_BK].ac_aifsn << 4 | 1685 ic->ic_edca_ac[EDCA_AC_BE].ac_aifsn); 1686 mtw_write(sc, MTW_WMM_CWMIN_CFG, 1687 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmin << 12 | 1688 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmin << 8 | 1689 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmin << 4 | 1690 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmin); 1691 mtw_write(sc, MTW_WMM_CWMAX_CFG, 1692 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmax << 12 | 1693 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmax << 8 | 1694 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmax << 4 | 1695 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmax); 1696 mtw_write(sc, MTW_WMM_TXOP0_CFG, 1697 ic->ic_edca_ac[EDCA_AC_BK].ac_txoplimit << 16 | 1698 ic->ic_edca_ac[EDCA_AC_BE].ac_txoplimit); 1699 mtw_write(sc, MTW_WMM_TXOP1_CFG, 1700 ic->ic_edca_ac[EDCA_AC_VO].ac_txoplimit << 16 | 1701 ic->ic_edca_ac[EDCA_AC_VI].ac_txoplimit); 1702 splx(s); 1703 } 1704 1705 void 1706 mtw_updateslot(struct ieee80211com *ic) 1707 { 1708 /* do it in a process context */ 1709 mtw_do_async(ic->ic_softc, mtw_updateslot_cb, NULL, 0); 1710 } 1711 1712 /* ARGSUSED */ 1713 void 1714 mtw_updateslot_cb(struct mtw_softc *sc, void *arg) 1715 { 1716 uint32_t tmp; 1717 1718 mtw_read(sc, MTW_BKOFF_SLOT_CFG, &tmp); 1719 tmp &= ~0xff; 1720 tmp |= (sc->sc_ic.ic_flags & IEEE80211_F_SHSLOT) ? 1721 IEEE80211_DUR_DS_SHSLOT : IEEE80211_DUR_DS_SLOT; 1722 mtw_write(sc, MTW_BKOFF_SLOT_CFG, tmp); 1723 } 1724 1725 int 1726 mtw_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1727 struct ieee80211_key *k) 1728 { 1729 struct mtw_softc *sc = ic->ic_softc; 1730 struct mtw_cmd_key cmd; 1731 1732 /* defer setting of WEP keys until interface is brought up */ 1733 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) != 1734 (IFF_UP | IFF_RUNNING)) 1735 return 0; 1736 1737 /* do it in a process context */ 1738 cmd.key = *k; 1739 cmd.ni = ni; 1740 mtw_do_async(sc, mtw_set_key_cb, &cmd, sizeof cmd); 1741 sc->sc_key_tasks++; 1742 return EBUSY; 1743 } 1744 1745 void 1746 mtw_set_key_cb(struct mtw_softc *sc, void *arg) 1747 { 1748 struct ieee80211com *ic = &sc->sc_ic; 1749 struct mtw_cmd_key *cmd = arg; 1750 struct ieee80211_key *k = &cmd->key; 1751 uint32_t attr; 1752 uint16_t base; 1753 uint8_t mode, wcid, iv[8]; 1754 1755 sc->sc_key_tasks--; 1756 1757 /* map net80211 cipher to RT2860 security mode */ 1758 switch (k->k_cipher) { 1759 case IEEE80211_CIPHER_WEP40: 1760 mode = MTW_MODE_WEP40; 1761 break; 1762 case IEEE80211_CIPHER_WEP104: 1763 mode = MTW_MODE_WEP104; 1764 break; 1765 case IEEE80211_CIPHER_TKIP: 1766 mode = MTW_MODE_TKIP; 1767 break; 1768 case IEEE80211_CIPHER_CCMP: 1769 mode = MTW_MODE_AES_CCMP; 1770 break; 1771 default: 1772 if (cmd->ni != NULL) { 1773 IEEE80211_SEND_MGMT(ic, cmd->ni, 1774 IEEE80211_FC0_SUBTYPE_DEAUTH, 1775 IEEE80211_REASON_AUTH_LEAVE); 1776 } 1777 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1778 return; 1779 } 1780 1781 if (k->k_flags & IEEE80211_KEY_GROUP) { 1782 wcid = 0; /* NB: update WCID0 for group keys */ 1783 base = MTW_SKEY(0, k->k_id); 1784 } else { 1785 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0; 1786 base = MTW_PKEY(wcid); 1787 } 1788 1789 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1790 mtw_write_region_1(sc, base, k->k_key, 16); 1791 mtw_write_region_1(sc, base + 16, &k->k_key[24], 8); 1792 mtw_write_region_1(sc, base + 24, &k->k_key[16], 8); 1793 } else { 1794 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 1795 mtw_write_region_1(sc, base, k->k_key, (k->k_len + 1) & ~1); 1796 } 1797 1798 if (!(k->k_flags & IEEE80211_KEY_GROUP) || 1799 (k->k_flags & IEEE80211_KEY_TX)) { 1800 /* set initial packet number in IV+EIV */ 1801 if (k->k_cipher == IEEE80211_CIPHER_WEP40 || 1802 k->k_cipher == IEEE80211_CIPHER_WEP104) { 1803 memset(iv, 0, sizeof iv); 1804 iv[3] = sc->sc_ic.ic_def_txkey << 6; 1805 } else { 1806 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1807 iv[0] = k->k_tsc >> 8; 1808 iv[1] = (iv[0] | 0x20) & 0x7f; 1809 iv[2] = k->k_tsc; 1810 } else /* CCMP */ { 1811 iv[0] = k->k_tsc; 1812 iv[1] = k->k_tsc >> 8; 1813 iv[2] = 0; 1814 } 1815 iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1816 iv[4] = k->k_tsc >> 16; 1817 iv[5] = k->k_tsc >> 24; 1818 iv[6] = k->k_tsc >> 32; 1819 iv[7] = k->k_tsc >> 40; 1820 } 1821 mtw_write_region_1(sc, MTW_IVEIV(wcid), iv, 8); 1822 } 1823 1824 if (k->k_flags & IEEE80211_KEY_GROUP) { 1825 /* install group key */ 1826 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr); 1827 attr &= ~(0xf << (k->k_id * 4)); 1828 attr |= mode << (k->k_id * 4); 1829 mtw_write(sc, MTW_SKEY_MODE_0_7, attr); 1830 1831 if (k->k_cipher & (IEEE80211_CIPHER_WEP104 | 1832 IEEE80211_CIPHER_WEP40)) { 1833 mtw_read(sc, MTW_WCID_ATTR(wcid + 1), &attr); 1834 attr = (attr & ~0xf) | (mode << 1); 1835 mtw_write(sc, MTW_WCID_ATTR(wcid + 1), attr); 1836 1837 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 4); 1838 1839 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1840 attr = (attr & ~0xf) | (mode << 1); 1841 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1842 } 1843 } else { 1844 /* install pairwise key */ 1845 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1846 attr = (attr & ~0xf) | (mode << 1) | MTW_RX_PKEY_EN; 1847 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1848 } 1849 1850 if (sc->sc_key_tasks == 0) { 1851 if (cmd->ni != NULL) 1852 cmd->ni->ni_port_valid = 1; 1853 ieee80211_set_link_state(ic, LINK_STATE_UP); 1854 } 1855 } 1856 1857 void 1858 mtw_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1859 struct ieee80211_key *k) 1860 { 1861 struct mtw_softc *sc = ic->ic_softc; 1862 struct mtw_cmd_key cmd; 1863 1864 if (!(ic->ic_if.if_flags & IFF_RUNNING) || 1865 ic->ic_state != IEEE80211_S_RUN) 1866 return; /* nothing to do */ 1867 1868 /* do it in a process context */ 1869 cmd.key = *k; 1870 cmd.ni = ni; 1871 mtw_do_async(sc, mtw_delete_key_cb, &cmd, sizeof cmd); 1872 } 1873 1874 void 1875 mtw_delete_key_cb(struct mtw_softc *sc, void *arg) 1876 { 1877 struct mtw_cmd_key *cmd = arg; 1878 struct ieee80211_key *k = &cmd->key; 1879 uint32_t attr; 1880 uint8_t wcid; 1881 1882 if (k->k_flags & IEEE80211_KEY_GROUP) { 1883 /* remove group key */ 1884 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr); 1885 attr &= ~(0xf << (k->k_id * 4)); 1886 mtw_write(sc, MTW_SKEY_MODE_0_7, attr); 1887 1888 } else { 1889 /* remove pairwise key */ 1890 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0; 1891 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1892 attr &= ~0xf; 1893 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1894 } 1895 } 1896 1897 void 1898 mtw_calibrate_to(void *arg) 1899 { 1900 /* do it in a process context */ 1901 mtw_do_async(arg, mtw_calibrate_cb, NULL, 0); 1902 /* next timeout will be rescheduled in the calibration task */ 1903 } 1904 1905 /* ARGSUSED */ 1906 void 1907 mtw_calibrate_cb(struct mtw_softc *sc, void *arg) 1908 { 1909 struct ifnet *ifp = &sc->sc_ic.ic_if; 1910 uint32_t sta[3]; 1911 int s, error; 1912 1913 /* read statistic counters (clear on read) and update AMRR state */ 1914 error = mtw_read_region_1(sc, MTW_TX_STA_CNT0, (uint8_t *)sta, 1915 sizeof sta); 1916 if (error != 0) 1917 goto skip; 1918 1919 DPRINTF(("retrycnt=%d txcnt=%d failcnt=%d\n", 1920 letoh32(sta[1]) >> 16, letoh32(sta[1]) & 0xffff, 1921 letoh32(sta[0]) & 0xffff)); 1922 1923 s = splnet(); 1924 /* count failed TX as errors */ 1925 ifp->if_oerrors += letoh32(sta[0]) & 0xffff; 1926 1927 sc->amn.amn_retrycnt = 1928 (letoh32(sta[0]) & 0xffff) + /* failed TX count */ 1929 (letoh32(sta[1]) >> 16); /* TX retransmission count */ 1930 1931 sc->amn.amn_txcnt = 1932 sc->amn.amn_retrycnt + 1933 (letoh32(sta[1]) & 0xffff); /* successful TX count */ 1934 1935 ieee80211_amrr_choose(&sc->amrr, sc->sc_ic.ic_bss, &sc->amn); 1936 1937 splx(s); 1938 skip: 1939 if (!usbd_is_dying(sc->sc_udev)) 1940 timeout_add_sec(&sc->calib_to, 1); 1941 } 1942 1943 void 1944 mtw_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1945 { 1946 struct mtw_softc *sc = ic->ic_softc; 1947 struct mtw_node *mn = (void *)ni; 1948 struct ieee80211_rateset *rs = &ni->ni_rates; 1949 uint8_t rate; 1950 int ridx, i, j; 1951 1952 DPRINTF(("new assoc isnew=%d addr=%s\n", 1953 isnew, ether_sprintf(ni->ni_macaddr))); 1954 1955 ieee80211_amrr_node_init(&sc->amrr, &sc->amn); 1956 1957 /* start at lowest available bit-rate, AMRR will raise */ 1958 ni->ni_txrate = 0; 1959 1960 for (i = 0; i < rs->rs_nrates; i++) { 1961 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 1962 /* convert 802.11 rate to hardware rate index */ 1963 for (ridx = 0; ridx < MTW_RIDX_MAX; ridx++) 1964 if (rt2860_rates[ridx].rate == rate) 1965 break; 1966 mn->ridx[i] = ridx; 1967 /* determine rate of control response frames */ 1968 for (j = i; j >= 0; j--) { 1969 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 1970 rt2860_rates[mn->ridx[i]].phy == 1971 rt2860_rates[mn->ridx[j]].phy) 1972 break; 1973 } 1974 if (j >= 0) { 1975 mn->ctl_ridx[i] = mn->ridx[j]; 1976 } else { 1977 /* no basic rate found, use mandatory one */ 1978 mn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 1979 } 1980 DPRINTF(("rate=0x%02x ridx=%d ctl_ridx=%d\n", 1981 rs->rs_rates[i], mn->ridx[i], mn->ctl_ridx[i])); 1982 } 1983 } 1984 1985 /* 1986 * Return the Rx chain with the highest RSSI for a given frame. 1987 */ 1988 static __inline uint8_t 1989 mtw_maxrssi_chain(struct mtw_softc *sc, const struct mtw_rxwi *rxwi) 1990 { 1991 uint8_t rxchain = 0; 1992 1993 if (sc->nrxchains > 1) { 1994 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 1995 rxchain = 1; 1996 } 1997 return rxchain; 1998 } 1999 2000 void 2001 mtw_rx_frame(struct mtw_softc *sc, uint8_t *buf, int dmalen, 2002 struct mbuf_list *ml) 2003 { 2004 struct ieee80211com *ic = &sc->sc_ic; 2005 struct ifnet *ifp = &ic->ic_if; 2006 struct ieee80211_frame *wh; 2007 struct ieee80211_rxinfo rxi; 2008 struct ieee80211_node *ni; 2009 struct mtw_rxwi *rxwi; 2010 struct mbuf *m; 2011 uint32_t flags; 2012 uint16_t len; 2013 #if NBPFILTER > 0 2014 uint16_t phy; 2015 #endif 2016 uint16_t rxwisize; 2017 uint8_t ant, rssi; 2018 int s; 2019 2020 /* Rx Wireless Information */ 2021 rxwi = (struct mtw_rxwi *)(buf); 2022 rxwisize = sizeof(struct mtw_rxwi); 2023 len = letoh16(rxwi->len) & 0xfff; 2024 2025 if (__predict_false(len > dmalen)) { 2026 DPRINTF(("bad RXWI length %u > %u\n", len, dmalen)); 2027 return; 2028 } 2029 if (len > MCLBYTES) { 2030 DPRINTF(("frame too large (length=%d)\n", len)); 2031 ifp->if_ierrors++; 2032 return; 2033 } 2034 2035 flags = letoh32(rxwi->flags); 2036 if (__predict_false(flags & (MTW_RX_CRCERR | MTW_RX_ICVERR))) { 2037 ifp->if_ierrors++; 2038 return; 2039 } 2040 if (__predict_false((flags & MTW_RX_MICERR))) { 2041 /* report MIC failures to net80211 for TKIP */ 2042 ic->ic_stats.is_rx_locmicfail++; 2043 ieee80211_michael_mic_failure(ic, 0/* XXX */); 2044 ifp->if_ierrors++; 2045 return; 2046 } 2047 2048 wh = (struct ieee80211_frame *)(buf + rxwisize); 2049 memset(&rxi, 0, sizeof(rxi)); 2050 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2051 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2052 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 2053 } 2054 2055 if (flags & MTW_RX_L2PAD) { 2056 u_int hdrlen = ieee80211_get_hdrlen(wh); 2057 memmove((caddr_t)wh + 2, wh, hdrlen); 2058 wh = (struct ieee80211_frame *)((caddr_t)wh + 2); 2059 } 2060 2061 /* could use m_devget but net80211 wants contig mgmt frames */ 2062 MGETHDR(m, M_DONTWAIT, MT_DATA); 2063 if (__predict_false(m == NULL)) { 2064 ifp->if_ierrors++; 2065 return; 2066 } 2067 if (len > MHLEN) { 2068 MCLGET(m, M_DONTWAIT); 2069 if (__predict_false(!(m->m_flags & M_EXT))) { 2070 ifp->if_ierrors++; 2071 m_freem(m); 2072 return; 2073 } 2074 } 2075 /* finalize mbuf */ 2076 memcpy(mtod(m, caddr_t), wh, len); 2077 m->m_pkthdr.len = m->m_len = len; 2078 2079 ant = mtw_maxrssi_chain(sc, rxwi); 2080 rssi = rxwi->rssi[ant]; 2081 2082 #if NBPFILTER > 0 2083 if (__predict_false(sc->sc_drvbpf != NULL)) { 2084 struct mtw_rx_radiotap_header *tap = &sc->sc_rxtap; 2085 struct mbuf mb; 2086 2087 tap->wr_flags = 0; 2088 tap->wr_chan_freq = htole16(ic->ic_ibss_chan->ic_freq); 2089 tap->wr_chan_flags = htole16(ic->ic_ibss_chan->ic_flags); 2090 tap->wr_antsignal = rssi; 2091 tap->wr_antenna = ant; 2092 tap->wr_dbm_antsignal = mtw_rssi2dbm(sc, rssi, ant); 2093 tap->wr_rate = 2; /* in case it can't be found below */ 2094 phy = letoh16(rxwi->phy); 2095 switch (phy & MTW_PHY_MODE) { 2096 case MTW_PHY_CCK: 2097 switch ((phy & MTW_PHY_MCS) & ~MTW_PHY_SHPRE) { 2098 case 0: tap->wr_rate = 2; break; 2099 case 1: tap->wr_rate = 4; break; 2100 case 2: tap->wr_rate = 11; break; 2101 case 3: tap->wr_rate = 22; break; 2102 } 2103 if (phy & MTW_PHY_SHPRE) 2104 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2105 break; 2106 case MTW_PHY_OFDM: 2107 switch (phy & MTW_PHY_MCS) { 2108 case 0: tap->wr_rate = 12; break; 2109 case 1: tap->wr_rate = 18; break; 2110 case 2: tap->wr_rate = 24; break; 2111 case 3: tap->wr_rate = 36; break; 2112 case 4: tap->wr_rate = 48; break; 2113 case 5: tap->wr_rate = 72; break; 2114 case 6: tap->wr_rate = 96; break; 2115 case 7: tap->wr_rate = 108; break; 2116 } 2117 break; 2118 } 2119 mb.m_data = (caddr_t)tap; 2120 mb.m_len = sc->sc_rxtap_len; 2121 mb.m_next = m; 2122 mb.m_nextpkt = NULL; 2123 mb.m_type = 0; 2124 mb.m_flags = 0; 2125 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 2126 } 2127 #endif 2128 2129 s = splnet(); 2130 ni = ieee80211_find_rxnode(ic, wh); 2131 rxi.rxi_rssi = rssi; 2132 ieee80211_inputm(ifp, m, ni, &rxi, ml); 2133 2134 /* node is no longer needed */ 2135 ieee80211_release_node(ic, ni); 2136 splx(s); 2137 } 2138 2139 void 2140 mtw_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) 2141 { 2142 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 2143 struct mtw_rx_data *data = priv; 2144 struct mtw_softc *sc = data->sc; 2145 uint8_t *buf; 2146 uint32_t dmalen; 2147 int xferlen; 2148 2149 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 2150 DPRINTF(("RX status=%d\n", status)); 2151 if (status == USBD_STALLED) 2152 usbd_clear_endpoint_stall_async(sc->rxq[0].pipeh); 2153 if (status != USBD_CANCELLED) 2154 goto skip; 2155 return; 2156 } 2157 2158 usbd_get_xfer_status(xfer, NULL, NULL, &xferlen, NULL); 2159 2160 if (__predict_false(xferlen < sizeof(uint32_t) + 2161 sizeof (struct mtw_rxwi) + sizeof(struct mtw_rxd))) { 2162 DPRINTF(("RX xfer too short %d\n", xferlen)); 2163 goto skip; 2164 } 2165 2166 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2167 buf = data->buf; 2168 while (xferlen > 8) { 2169 dmalen = letoh32(*(uint32_t *)buf) & MTW_RXD_LEN; 2170 if (__predict_false(dmalen == 0 || (dmalen & 3) != 0)) { 2171 DPRINTF(("bad DMA length %u\n", dmalen)); 2172 break; 2173 } 2174 if (__predict_false(dmalen + 8 > xferlen)) { 2175 DPRINTF(("bad DMA length %u > %d\n", 2176 dmalen + 8, xferlen)); 2177 break; 2178 } 2179 mtw_rx_frame(sc, buf + sizeof(struct mtw_rxd), dmalen, &ml); 2180 buf += dmalen + 8; 2181 xferlen -= dmalen + 8; 2182 } 2183 if_input(&sc->sc_ic.ic_if, &ml); 2184 2185 skip: /* setup a new transfer */ 2186 usbd_setup_xfer(xfer, sc->rxq[0].pipeh, data, data->buf, MTW_MAX_RXSZ, 2187 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, mtw_rxeof); 2188 (void)usbd_transfer(data->xfer); 2189 } 2190 2191 void 2192 mtw_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status) 2193 { 2194 struct mtw_tx_data *data = priv; 2195 struct mtw_softc *sc = data->sc; 2196 struct mtw_tx_ring *txq = &sc->txq[data->qid]; 2197 struct ifnet *ifp = &sc->sc_ic.ic_if; 2198 int s; 2199 2200 if (usbd_is_dying(sc->sc_udev)) 2201 return; 2202 2203 s = splnet(); 2204 txq->queued--; 2205 sc->qfullmsk &= ~(1 << data->qid); 2206 2207 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 2208 DPRINTF(("TX status=%d\n", status)); 2209 if (status == USBD_STALLED) 2210 usbd_clear_endpoint_stall_async(txq->pipeh); 2211 ifp->if_oerrors++; 2212 splx(s); 2213 return; 2214 } 2215 2216 sc->sc_tx_timer = 0; 2217 2218 if (ifq_is_oactive(&ifp->if_snd)) { 2219 ifq_clr_oactive(&ifp->if_snd); 2220 mtw_start(ifp); 2221 } 2222 2223 splx(s); 2224 } 2225 2226 int 2227 mtw_tx(struct mtw_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2228 { 2229 struct ieee80211com *ic = &sc->sc_ic; 2230 struct mtw_node *mn = (void *)ni; 2231 struct ieee80211_frame *wh; 2232 struct mtw_tx_ring *ring; 2233 struct mtw_tx_data *data; 2234 struct mtw_txd *txd; 2235 struct mtw_txwi *txwi; 2236 uint16_t qos, dur; 2237 uint16_t txwisize; 2238 uint8_t type, mcs, tid, qid; 2239 int error, hasqos, ridx, ctl_ridx, xferlen; 2240 2241 wh = mtod(m, struct ieee80211_frame *); 2242 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2243 2244 /* select queue */ 2245 if ((hasqos = ieee80211_has_qos(wh))) { 2246 qos = ieee80211_get_qos(wh); 2247 tid = qos & IEEE80211_QOS_TID; 2248 qid = ieee80211_up_to_ac(ic, tid); 2249 } else { 2250 qos = 0; 2251 tid = 0; 2252 qid = EDCA_AC_BE; 2253 } 2254 2255 /* management frames go to MCU queue */ 2256 if (type == IEEE80211_FC0_TYPE_MGT) 2257 qid = MTW_TXQ_MCU; 2258 2259 ring = &sc->txq[qid]; 2260 data = &ring->data[ring->cur]; 2261 2262 /* pickup a rate index */ 2263 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2264 type != IEEE80211_FC0_TYPE_DATA) { 2265 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2266 MTW_RIDX_OFDM6 : MTW_RIDX_CCK1; 2267 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2268 } else if (ic->ic_fixed_rate != -1) { 2269 ridx = sc->fixed_ridx; 2270 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2271 } else { 2272 ridx = mn->ridx[ni->ni_txrate]; 2273 ctl_ridx = mn->ctl_ridx[ni->ni_txrate]; 2274 } 2275 2276 txwisize = sizeof(struct mtw_txwi); 2277 xferlen = txwisize + m->m_pkthdr.len; 2278 2279 /* roundup to 32-bit alignment */ 2280 xferlen = (xferlen + 3) & ~3; 2281 2282 /* setup TX descriptor */ 2283 txd = (struct mtw_txd *)data->buf; 2284 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_80211 | 2285 MTW_TXD_WLAN | MTW_TXD_QSEL_EDCA); 2286 2287 if (type != IEEE80211_FC0_TYPE_DATA) 2288 txd->flags |= htole16(MTW_TXD_WIV); 2289 txd->len = htole16(xferlen); 2290 xferlen += sizeof(struct mtw_txd); 2291 2292 /* get MCS code from rate index */ 2293 mcs = rt2860_rates[ridx].mcs; 2294 2295 /* setup TX Wireless Information */ 2296 txwi = (struct mtw_txwi *)(txd + 1); 2297 txwi->flags = 0; 2298 txwi->xflags = hasqos ? 0 : MTW_TX_NSEQ; 2299 txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ? 2300 MTW_AID2WCID(ni->ni_associd) : 0xff; 2301 txwi->len = htole16(m->m_pkthdr.len); 2302 txwi->txop = MTW_TX_TXOP_BACKOFF; 2303 2304 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2305 txwi->phy = htole16(MTW_PHY_CCK); 2306 if (ridx != MTW_RIDX_CCK1 && 2307 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2308 mcs |= MTW_PHY_SHPRE; 2309 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 2310 txwi->phy = htole16(MTW_PHY_OFDM); 2311 txwi->phy |= htole16(mcs); 2312 2313 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2314 (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 2315 IEEE80211_QOS_ACK_POLICY_NOACK)) { 2316 txwi->xflags |= MTW_TX_ACK; 2317 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2318 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 2319 else 2320 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 2321 *(uint16_t *)wh->i_dur = htole16(dur); 2322 } 2323 2324 #if NBPFILTER > 0 2325 if (__predict_false(sc->sc_drvbpf != NULL)) { 2326 struct mtw_tx_radiotap_header *tap = &sc->sc_txtap; 2327 struct mbuf mb; 2328 2329 tap->wt_flags = 0; 2330 tap->wt_rate = rt2860_rates[ridx].rate; 2331 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 2332 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 2333 if (mcs & MTW_PHY_SHPRE) 2334 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2335 2336 mb.m_data = (caddr_t)tap; 2337 mb.m_len = sc->sc_txtap_len; 2338 mb.m_next = m; 2339 mb.m_nextpkt = NULL; 2340 mb.m_type = 0; 2341 mb.m_flags = 0; 2342 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 2343 } 2344 #endif 2345 /* copy payload */ 2346 m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)txwi + txwisize); 2347 m_freem(m); 2348 2349 /* 4-byte pad */ 2350 memset(data->buf + xferlen, 0, MTW_DMA_PAD); 2351 xferlen += MTW_DMA_PAD; 2352 2353 usbd_setup_xfer(data->xfer, ring->pipeh, data, data->buf, 2354 xferlen, USBD_FORCE_SHORT_XFER | USBD_NO_COPY, 2355 MTW_TX_TIMEOUT, mtw_txeof); 2356 error = usbd_transfer(data->xfer); 2357 if (__predict_false(error != USBD_IN_PROGRESS && error != 0)) 2358 return error; 2359 2360 ieee80211_release_node(ic, ni); 2361 2362 ring->cur = (ring->cur + 1) % MTW_TX_RING_COUNT; 2363 if (++ring->queued >= MTW_TX_RING_COUNT) 2364 sc->qfullmsk |= 1 << qid; 2365 return 0; 2366 } 2367 2368 void 2369 mtw_start(struct ifnet *ifp) 2370 { 2371 struct mtw_softc *sc = ifp->if_softc; 2372 struct ieee80211com *ic = &sc->sc_ic; 2373 struct ieee80211_node *ni; 2374 struct mbuf *m; 2375 2376 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 2377 return; 2378 2379 for (;;) { 2380 if (sc->qfullmsk != 0) { 2381 ifq_set_oactive(&ifp->if_snd); 2382 break; 2383 } 2384 2385 /* send pending management frames first */ 2386 m = mq_dequeue(&ic->ic_mgtq); 2387 if (m != NULL) { 2388 ni = m->m_pkthdr.ph_cookie; 2389 goto sendit; 2390 } 2391 if (ic->ic_state != IEEE80211_S_RUN) 2392 break; 2393 2394 /* encapsulate and send data frames */ 2395 m = ifq_dequeue(&ifp->if_snd); 2396 if (m == NULL) 2397 break; 2398 #if NBPFILTER > 0 2399 if (ifp->if_bpf != NULL) 2400 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 2401 #endif 2402 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 2403 continue; 2404 sendit: 2405 #if NBPFILTER > 0 2406 if (ic->ic_rawbpf != NULL) 2407 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 2408 #endif 2409 if (mtw_tx(sc, m, ni) != 0) { 2410 ieee80211_release_node(ic, ni); 2411 ifp->if_oerrors++; 2412 continue; 2413 } 2414 2415 sc->sc_tx_timer = 5; 2416 ifp->if_timer = 1; 2417 } 2418 } 2419 2420 void 2421 mtw_watchdog(struct ifnet *ifp) 2422 { 2423 struct mtw_softc *sc = ifp->if_softc; 2424 2425 ifp->if_timer = 0; 2426 2427 if (sc->sc_tx_timer > 0) { 2428 if (--sc->sc_tx_timer == 0) { 2429 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 2430 /* mtw_init(ifp); XXX needs a process context! */ 2431 ifp->if_oerrors++; 2432 return; 2433 } 2434 ifp->if_timer = 1; 2435 } 2436 2437 ieee80211_watchdog(ifp); 2438 } 2439 2440 int 2441 mtw_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2442 { 2443 struct mtw_softc *sc = ifp->if_softc; 2444 struct ieee80211com *ic = &sc->sc_ic; 2445 int s, error = 0; 2446 2447 if (usbd_is_dying(sc->sc_udev)) 2448 return ENXIO; 2449 2450 usbd_ref_incr(sc->sc_udev); 2451 2452 s = splnet(); 2453 2454 switch (cmd) { 2455 case SIOCSIFADDR: 2456 ifp->if_flags |= IFF_UP; 2457 /* FALLTHROUGH */ 2458 case SIOCSIFFLAGS: 2459 if (ifp->if_flags & IFF_UP) { 2460 if (!(ifp->if_flags & IFF_RUNNING)) 2461 mtw_init(ifp); 2462 } else { 2463 if (ifp->if_flags & IFF_RUNNING) 2464 mtw_stop(ifp, 1); 2465 } 2466 break; 2467 2468 case SIOCS80211CHANNEL: 2469 /* 2470 * This allows for fast channel switching in monitor mode 2471 * (used by kismet). 2472 */ 2473 error = ieee80211_ioctl(ifp, cmd, data); 2474 if (error == ENETRESET && 2475 ic->ic_opmode == IEEE80211_M_MONITOR) { 2476 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2477 (IFF_UP | IFF_RUNNING)) 2478 mtw_set_chan(sc, ic->ic_ibss_chan); 2479 error = 0; 2480 } 2481 break; 2482 2483 default: 2484 error = ieee80211_ioctl(ifp, cmd, data); 2485 } 2486 2487 if (error == ENETRESET) { 2488 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2489 (IFF_UP | IFF_RUNNING)) { 2490 mtw_stop(ifp, 0); 2491 error = mtw_init(ifp); 2492 } else 2493 error = 0; 2494 } 2495 splx(s); 2496 2497 usbd_ref_decr(sc->sc_udev); 2498 2499 return error; 2500 } 2501 2502 void 2503 mtw_select_chan_group(struct mtw_softc *sc, int group) 2504 { 2505 uint32_t tmp; 2506 uint8_t bbp; 2507 2508 /* Tx band 20MHz 2G */ 2509 mtw_read(sc, MTW_TX_BAND_CFG, &tmp); 2510 tmp &= ~(MTW_TX_BAND_SEL_2G | MTW_TX_BAND_SEL_5G | 2511 MTW_TX_BAND_UPPER_40M); 2512 tmp |= (group == 0) ? MTW_TX_BAND_SEL_2G : MTW_TX_BAND_SEL_5G; 2513 mtw_write(sc, MTW_TX_BAND_CFG, tmp); 2514 2515 /* select 20 MHz bandwidth */ 2516 mtw_bbp_read(sc, 4, &bbp); 2517 bbp &= ~0x18; 2518 bbp |= 0x40; 2519 mtw_bbp_write(sc, 4, bbp); 2520 2521 /* calibrate BBP */ 2522 mtw_bbp_write(sc, 69, 0x12); 2523 mtw_bbp_write(sc, 91, 0x07); 2524 mtw_bbp_write(sc, 195, 0x23); 2525 mtw_bbp_write(sc, 196, 0x17); 2526 mtw_bbp_write(sc, 195, 0x24); 2527 mtw_bbp_write(sc, 196, 0x06); 2528 mtw_bbp_write(sc, 195, 0x81); 2529 mtw_bbp_write(sc, 196, 0x12); 2530 mtw_bbp_write(sc, 195, 0x83); 2531 mtw_bbp_write(sc, 196, 0x17); 2532 mtw_rf_write(sc, 5, 8, 0x00); 2533 mtw_mcu_calibrate(sc, 0x6, 0x10001); 2534 2535 /* set initial AGC value */ 2536 mt7601_set_agc(sc, 0x14); 2537 } 2538 2539 void 2540 mt7601_set_agc(struct mtw_softc *sc, uint8_t agc) 2541 { 2542 uint8_t bbp; 2543 2544 mtw_bbp_write(sc, 66, agc); 2545 mtw_bbp_write(sc, 195, 0x87); 2546 bbp = (agc & 0xf0) | 0x08; 2547 mtw_bbp_write(sc, 196, bbp); 2548 } 2549 2550 void 2551 mt7601_set_chan(struct mtw_softc *sc, u_int chan) 2552 { 2553 uint32_t tmp; 2554 uint8_t bbp, rf, txpow1; 2555 int i; 2556 2557 /* find the settings for this channel */ 2558 for (i = 0; mt7601_rf_chan[i].chan != chan; i++) 2559 2560 mtw_rf_write(sc, 0, 17, mt7601_rf_chan[i].r17); 2561 mtw_rf_write(sc, 0, 18, mt7601_rf_chan[i].r18); 2562 mtw_rf_write(sc, 0, 19, mt7601_rf_chan[i].r19); 2563 mtw_rf_write(sc, 0, 20, mt7601_rf_chan[i].r20); 2564 2565 /* use Tx power values from EEPROM */ 2566 txpow1 = sc->txpow1[i]; 2567 2568 /* Tx automatic level control */ 2569 mtw_read(sc, MTW_TX_ALC_CFG0, &tmp); 2570 tmp &= ~0x3f3f; 2571 tmp |= (txpow1 & 0x3f); 2572 mtw_write(sc, MTW_TX_ALC_CFG0, tmp); 2573 2574 /* LNA */ 2575 mtw_bbp_write(sc, 62, 0x37 - sc->lna[0]); 2576 mtw_bbp_write(sc, 63, 0x37 - sc->lna[0]); 2577 mtw_bbp_write(sc, 64, 0x37 - sc->lna[0]); 2578 2579 /* VCO calibration */ 2580 mtw_rf_write(sc, 0, 4, 0x0a); 2581 mtw_rf_write(sc, 0, 5, 0x20); 2582 mtw_rf_read(sc, 0, 4, &rf); 2583 mtw_rf_write(sc, 0, 4, rf | 0x80); 2584 2585 /* select 20 MHz bandwidth */ 2586 mtw_bbp_read(sc, 4, &bbp); 2587 bbp &= ~0x18; 2588 bbp |= 0x40; 2589 mtw_bbp_write(sc, 4, bbp); 2590 mtw_bbp_write(sc, 178, 0xff); 2591 } 2592 2593 int 2594 mtw_set_chan(struct mtw_softc *sc, struct ieee80211_channel *c) 2595 { 2596 struct ieee80211com *ic = &sc->sc_ic; 2597 u_int chan, group; 2598 2599 chan = ieee80211_chan2ieee(ic, c); 2600 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 2601 return EINVAL; 2602 2603 /* determine channel group */ 2604 if (chan <= 14) 2605 group = 0; 2606 else if (chan <= 64) 2607 group = 1; 2608 else if (chan <= 128) 2609 group = 2; 2610 else 2611 group = 3; 2612 2613 if (group != sc->sc_chan_group || !sc->sc_bw_calibrated) 2614 mtw_select_chan_group(sc, group); 2615 2616 sc->sc_chan_group = group; 2617 2618 /* chipset specific */ 2619 if (sc->mac_ver == 0x7601) 2620 mt7601_set_chan(sc, chan); 2621 2622 DELAY(1000); 2623 return 0; 2624 } 2625 2626 void 2627 mtw_enable_tsf_sync(struct mtw_softc *sc) 2628 { 2629 struct ieee80211com *ic = &sc->sc_ic; 2630 uint32_t tmp; 2631 2632 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp); 2633 tmp &= ~0x1fffff; 2634 tmp |= ic->ic_bss->ni_intval * 16; 2635 tmp |= MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN; 2636 2637 /* local TSF is always updated with remote TSF on beacon reception */ 2638 tmp |= 1 << MTW_TSF_SYNC_MODE_SHIFT; 2639 mtw_write(sc, MTW_BCN_TIME_CFG, tmp); 2640 } 2641 2642 void 2643 mtw_abort_tsf_sync(struct mtw_softc *sc) 2644 { 2645 uint32_t tmp; 2646 2647 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp); 2648 tmp &= ~(MTW_BCN_TX_EN | MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN); 2649 mtw_write(sc, MTW_BCN_TIME_CFG, tmp); 2650 } 2651 2652 void 2653 mtw_enable_mrr(struct mtw_softc *sc) 2654 { 2655 #define CCK(mcs) (mcs) 2656 #define OFDM(mcs) (1 << 3 | (mcs)) 2657 mtw_write(sc, MTW_LG_FBK_CFG0, 2658 OFDM(6) << 28 | /* 54->48 */ 2659 OFDM(5) << 24 | /* 48->36 */ 2660 OFDM(4) << 20 | /* 36->24 */ 2661 OFDM(3) << 16 | /* 24->18 */ 2662 OFDM(2) << 12 | /* 18->12 */ 2663 OFDM(1) << 8 | /* 12-> 9 */ 2664 OFDM(0) << 4 | /* 9-> 6 */ 2665 OFDM(0)); /* 6-> 6 */ 2666 2667 mtw_write(sc, MTW_LG_FBK_CFG1, 2668 CCK(2) << 12 | /* 11->5.5 */ 2669 CCK(1) << 8 | /* 5.5-> 2 */ 2670 CCK(0) << 4 | /* 2-> 1 */ 2671 CCK(0)); /* 1-> 1 */ 2672 #undef OFDM 2673 #undef CCK 2674 } 2675 2676 void 2677 mtw_set_txrts(struct mtw_softc *sc) 2678 { 2679 uint32_t tmp; 2680 2681 /* set RTS threshold */ 2682 mtw_read(sc, MTW_TX_RTS_CFG, &tmp); 2683 tmp &= ~0xffff00; 2684 tmp |= 0x1000 << MTW_RTS_THRES_SHIFT; 2685 mtw_write(sc, MTW_TX_RTS_CFG, tmp); 2686 } 2687 2688 void 2689 mtw_set_txpreamble(struct mtw_softc *sc) 2690 { 2691 uint32_t tmp; 2692 2693 mtw_read(sc, MTW_AUTO_RSP_CFG, &tmp); 2694 if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE) 2695 tmp |= MTW_CCK_SHORT_EN; 2696 else 2697 tmp &= ~MTW_CCK_SHORT_EN; 2698 mtw_write(sc, MTW_AUTO_RSP_CFG, tmp); 2699 } 2700 2701 void 2702 mtw_set_basicrates(struct mtw_softc *sc) 2703 { 2704 struct ieee80211com *ic = &sc->sc_ic; 2705 2706 /* set basic rates mask */ 2707 if (ic->ic_curmode == IEEE80211_MODE_11B) 2708 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x003); 2709 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2710 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x150); 2711 else /* 11g */ 2712 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x17f); 2713 } 2714 2715 void 2716 mtw_set_leds(struct mtw_softc *sc, uint16_t which) 2717 { 2718 struct mtw_mcu_cmd_8 cmd; 2719 2720 cmd.func = htole32(0x1); 2721 cmd.val = htole32(which); 2722 mtw_mcu_cmd(sc, 16, &cmd, sizeof(struct mtw_mcu_cmd_8)); 2723 } 2724 2725 void 2726 mtw_set_bssid(struct mtw_softc *sc, const uint8_t *bssid) 2727 { 2728 mtw_write(sc, MTW_MAC_BSSID_DW0, 2729 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 2730 mtw_write(sc, MTW_MAC_BSSID_DW1, 2731 bssid[4] | bssid[5] << 8); 2732 } 2733 2734 void 2735 mtw_set_macaddr(struct mtw_softc *sc, const uint8_t *addr) 2736 { 2737 mtw_write(sc, MTW_MAC_ADDR_DW0, 2738 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 2739 mtw_write(sc, MTW_MAC_ADDR_DW1, 2740 addr[4] | addr[5] << 8 | 0xff << 16); 2741 } 2742 2743 #if NBPFILTER > 0 2744 int8_t 2745 mtw_rssi2dbm(struct mtw_softc *sc, uint8_t rssi, uint8_t rxchain) 2746 { 2747 struct ieee80211com *ic = &sc->sc_ic; 2748 struct ieee80211_channel *c = ic->ic_ibss_chan; 2749 int delta; 2750 2751 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2752 u_int chan = ieee80211_chan2ieee(ic, c); 2753 delta = sc->rssi_5ghz[rxchain]; 2754 2755 /* determine channel group */ 2756 if (chan <= 64) 2757 delta -= sc->lna[1]; 2758 else if (chan <= 128) 2759 delta -= sc->lna[2]; 2760 else 2761 delta -= sc->lna[3]; 2762 } else 2763 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 2764 2765 return -12 - delta - rssi; 2766 } 2767 #endif 2768 2769 int 2770 mt7601_bbp_init(struct mtw_softc *sc) 2771 { 2772 uint8_t bbp; 2773 int i, error, ntries; 2774 2775 /* wait for BBP to wake up */ 2776 for (ntries = 0; ntries < 20; ntries++) { 2777 if ((error = mtw_bbp_read(sc, 0, &bbp)) != 0) 2778 return error; 2779 if (bbp != 0 && bbp != 0xff) 2780 break; 2781 } 2782 2783 if (ntries == 20) 2784 return ETIMEDOUT; 2785 2786 mtw_bbp_read(sc, 3, &bbp); 2787 mtw_bbp_write(sc, 3, 0); 2788 mtw_bbp_read(sc, 105, &bbp); 2789 mtw_bbp_write(sc, 105, 0); 2790 2791 /* initialize BBP registers to default values */ 2792 for (i = 0; i < nitems(mt7601_def_bbp); i++) { 2793 if ((error = mtw_bbp_write(sc, mt7601_def_bbp[i].reg, 2794 mt7601_def_bbp[i].val)) != 0) 2795 return error; 2796 } 2797 2798 sc->sc_bw_calibrated = 0; 2799 2800 return 0; 2801 } 2802 2803 int 2804 mt7601_rf_init(struct mtw_softc *sc) 2805 { 2806 int i, error; 2807 2808 /* RF bank 0 */ 2809 for (i = 0; i < nitems(mt7601_rf_bank0); i++) { 2810 error = mtw_rf_write(sc, 0, mt7601_rf_bank0[i].reg, 2811 mt7601_rf_bank0[i].val); 2812 if (error != 0) 2813 return error; 2814 } 2815 /* RF bank 4 */ 2816 for (i = 0; i < nitems(mt7601_rf_bank4); i++) { 2817 error = mtw_rf_write(sc, 4, mt7601_rf_bank4[i].reg, 2818 mt7601_rf_bank4[i].val); 2819 if (error != 0) 2820 return error; 2821 } 2822 /* RF bank 5 */ 2823 for (i = 0; i < nitems(mt7601_rf_bank5); i++) { 2824 error = mtw_rf_write(sc, 5, mt7601_rf_bank5[i].reg, 2825 mt7601_rf_bank5[i].val); 2826 if (error != 0) 2827 return error; 2828 } 2829 return 0; 2830 } 2831 2832 int 2833 mt7601_rf_setup(struct mtw_softc *sc) 2834 { 2835 uint32_t tmp; 2836 uint8_t rf; 2837 int error; 2838 2839 if (sc->sc_rf_calibrated) 2840 return 0; 2841 2842 /* init RF registers */ 2843 if ((error = mt7601_rf_init(sc)) != 0) 2844 return error; 2845 2846 /* init frequency offset */ 2847 mtw_rf_write(sc, 0, 12, sc->rf_freq_offset); 2848 mtw_rf_read(sc, 0, 12, &rf); 2849 2850 /* read temperature */ 2851 mt7601_rf_temperature(sc, &rf); 2852 sc->bbp_temp = rf; 2853 DPRINTF(("BBP temp 0x%x ", rf)); 2854 2855 mtw_rf_read(sc, 0, 7, &rf); 2856 if ((error = mtw_mcu_calibrate(sc, 0x1, 0)) != 0) 2857 return error; 2858 usbd_delay_ms(sc->sc_udev, 100); 2859 mtw_rf_read(sc, 0, 7, &rf); 2860 2861 /* Calibrate VCO RF 0/4 */ 2862 mtw_rf_write(sc, 0, 4, 0x0a); 2863 mtw_rf_write(sc, 0, 4, 0x20); 2864 mtw_rf_read(sc, 0, 4, &rf); 2865 mtw_rf_write(sc, 0, 4, rf | 0x80); 2866 2867 if ((error = mtw_mcu_calibrate(sc, 0x9, 0)) != 0) 2868 return error; 2869 if ((error = mt7601_rxdc_cal(sc)) != 0) 2870 return error; 2871 if ((error = mtw_mcu_calibrate(sc, 0x6, 1)) != 0) 2872 return error; 2873 if ((error = mtw_mcu_calibrate(sc, 0x6, 0)) != 0) 2874 return error; 2875 if ((error = mtw_mcu_calibrate(sc, 0x4, 0)) != 0) 2876 return error; 2877 if ((error = mtw_mcu_calibrate(sc, 0x5, 0)) != 0) 2878 return error; 2879 2880 mtw_read(sc, MTW_LDO_CFG0, &tmp); 2881 tmp &= ~(1 << 4); 2882 tmp |= (1 << 2); 2883 mtw_write(sc, MTW_LDO_CFG0, tmp); 2884 2885 if ((error = mtw_mcu_calibrate(sc, 0x8, 0)) != 0) 2886 return error; 2887 if ((error = mt7601_rxdc_cal(sc)) != 0) 2888 return error; 2889 2890 sc->sc_rf_calibrated = 1; 2891 return 0; 2892 } 2893 2894 int 2895 mt7601_rf_temperature(struct mtw_softc *sc, int8_t *val) 2896 { 2897 uint32_t rfb, rfs; 2898 uint8_t bbp; 2899 int ntries; 2900 2901 mtw_read(sc, MTW_RF_BYPASS0, &rfb); 2902 mtw_read(sc, MTW_RF_SETTING0, &rfs); 2903 mtw_write(sc, MTW_RF_BYPASS0, 0); 2904 mtw_write(sc, MTW_RF_SETTING0, 0x10); 2905 mtw_write(sc, MTW_RF_BYPASS0, 0x10); 2906 2907 mtw_bbp_read(sc, 47, &bbp); 2908 bbp &= ~0x7f; 2909 bbp |= 0x10; 2910 mtw_bbp_write(sc, 47, bbp); 2911 2912 mtw_bbp_write(sc, 22, 0x40); 2913 2914 for (ntries = 0; ntries < 10; ntries++) { 2915 mtw_bbp_read(sc, 47, &bbp); 2916 if ((bbp & 0x10) == 0) 2917 break; 2918 } 2919 if (ntries == 10) 2920 return ETIMEDOUT; 2921 2922 mt7601_r49_read(sc, MT7601_R47_TEMP, val); 2923 2924 mtw_bbp_write(sc, 22, 0); 2925 2926 mtw_bbp_read(sc, 21, &bbp); 2927 bbp |= 0x02; 2928 mtw_bbp_write(sc, 21, bbp); 2929 bbp &= ~0x02; 2930 mtw_bbp_write(sc, 21, bbp); 2931 2932 mtw_write(sc, MTW_RF_BYPASS0, 0); 2933 mtw_write(sc, MTW_RF_SETTING0, rfs); 2934 mtw_write(sc, MTW_RF_BYPASS0, rfb); 2935 return 0; 2936 } 2937 2938 int 2939 mt7601_r49_read(struct mtw_softc *sc, uint8_t flag, int8_t *val) 2940 { 2941 uint8_t bbp; 2942 2943 mtw_bbp_read(sc, 47, &bbp); 2944 bbp = 0x90; 2945 mtw_bbp_write(sc, 47, bbp); 2946 bbp &= ~0x0f; 2947 bbp |= flag; 2948 mtw_bbp_write(sc, 47, bbp); 2949 return mtw_bbp_read(sc, 49, val); 2950 } 2951 2952 int 2953 mt7601_rxdc_cal(struct mtw_softc *sc) 2954 { 2955 uint32_t tmp; 2956 uint8_t bbp; 2957 int ntries; 2958 2959 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp); 2960 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_RX_EN); 2961 mtw_bbp_write(sc, 158, 0x8d); 2962 mtw_bbp_write(sc, 159, 0xfc); 2963 mtw_bbp_write(sc, 158, 0x8c); 2964 mtw_bbp_write(sc, 159, 0x4c); 2965 2966 for (ntries = 0; ntries < 20; ntries++) { 2967 DELAY(300); 2968 mtw_bbp_write(sc, 158, 0x8c); 2969 mtw_bbp_read(sc, 159, &bbp); 2970 if (bbp == 0x0c) 2971 break; 2972 } 2973 2974 if (ntries == 20) 2975 return ETIMEDOUT; 2976 2977 mtw_write(sc, MTW_MAC_SYS_CTRL, 0); 2978 mtw_bbp_write(sc, 158, 0x8d); 2979 mtw_bbp_write(sc, 159, 0xe0); 2980 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp); 2981 return 0; 2982 } 2983 2984 int 2985 mtw_wlan_enable(struct mtw_softc *sc, int enable) 2986 { 2987 uint32_t tmp; 2988 int error = 0; 2989 2990 if (enable) { 2991 mtw_read(sc, MTW_WLAN_CTRL, &tmp); 2992 if (sc->asic_ver == 0x7612) 2993 tmp &= ~0xfffff000; 2994 2995 tmp &= ~MTW_WLAN_CLK_EN; 2996 tmp |= MTW_WLAN_EN; 2997 mtw_write(sc, MTW_WLAN_CTRL, tmp); 2998 usbd_delay_ms(sc->sc_udev, 2); 2999 3000 tmp |= MTW_WLAN_CLK_EN; 3001 if (sc->asic_ver == 0x7612) { 3002 tmp |= (MTW_WLAN_RESET | MTW_WLAN_RESET_RF); 3003 } 3004 mtw_write(sc, MTW_WLAN_CTRL, tmp); 3005 usbd_delay_ms(sc->sc_udev, 2); 3006 3007 mtw_read(sc, MTW_OSC_CTRL, &tmp); 3008 tmp |= MTW_OSC_EN; 3009 mtw_write(sc, MTW_OSC_CTRL, tmp); 3010 tmp |= MTW_OSC_CAL_REQ; 3011 mtw_write(sc, MTW_OSC_CTRL, tmp); 3012 } else { 3013 mtw_read(sc, MTW_WLAN_CTRL, &tmp); 3014 tmp &= ~(MTW_WLAN_CLK_EN | MTW_WLAN_EN); 3015 mtw_write(sc, MTW_WLAN_CTRL, tmp); 3016 3017 mtw_read(sc, MTW_OSC_CTRL, &tmp); 3018 tmp &= ~MTW_OSC_EN; 3019 mtw_write(sc, MTW_OSC_CTRL, tmp); 3020 } 3021 return error; 3022 } 3023 3024 int 3025 mtw_txrx_enable(struct mtw_softc *sc) 3026 { 3027 uint32_t tmp; 3028 int error, ntries; 3029 3030 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_TX_EN); 3031 for (ntries = 0; ntries < 200; ntries++) { 3032 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0) 3033 return error; 3034 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3035 break; 3036 DELAY(1000); 3037 } 3038 if (ntries == 200) 3039 return ETIMEDOUT; 3040 3041 DELAY(50); 3042 3043 tmp |= MTW_RX_DMA_EN | MTW_TX_DMA_EN | MTW_TX_WB_DDONE; 3044 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3045 3046 /* enable Rx bulk aggregation (set timeout and limit) */ 3047 tmp = MTW_USB_TX_EN | MTW_USB_RX_EN | MTW_USB_RX_AGG_EN | 3048 MTW_USB_RX_AGG_TO(128) | MTW_USB_RX_AGG_LMT(2); 3049 mtw_write(sc, MTW_USB_DMA_CFG, tmp); 3050 3051 /* set Rx filter */ 3052 tmp = MTW_DROP_CRC_ERR | MTW_DROP_PHY_ERR; 3053 if (sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR) { 3054 tmp |= MTW_DROP_UC_NOME | MTW_DROP_DUPL | 3055 MTW_DROP_CTS | MTW_DROP_BA | MTW_DROP_ACK | 3056 MTW_DROP_VER_ERR | MTW_DROP_CTRL_RSV | 3057 MTW_DROP_CFACK | MTW_DROP_CFEND; 3058 if (sc->sc_ic.ic_opmode == IEEE80211_M_STA) 3059 tmp |= MTW_DROP_RTS | MTW_DROP_PSPOLL; 3060 } 3061 mtw_write(sc, MTW_RX_FILTR_CFG, tmp); 3062 3063 mtw_write(sc, MTW_MAC_SYS_CTRL, 3064 MTW_MAC_RX_EN | MTW_MAC_TX_EN); 3065 return 0; 3066 } 3067 3068 int 3069 mtw_init(struct ifnet *ifp) 3070 { 3071 struct mtw_softc *sc = ifp->if_softc; 3072 struct ieee80211com *ic = &sc->sc_ic; 3073 uint32_t tmp; 3074 int i, error, ridx, ntries, qid; 3075 3076 if (usbd_is_dying(sc->sc_udev)) 3077 return ENXIO; 3078 3079 /* init Tx rings (4 EDCAs, 1 HCCA, 1 MGMT) */ 3080 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) { 3081 if ((error = mtw_alloc_tx_ring(sc, qid)) != 0) 3082 goto fail; 3083 } 3084 3085 /* init Rx ring */ 3086 if ((error = mtw_alloc_rx_ring(sc, 0)) != 0) 3087 goto fail; 3088 3089 /* init MCU Tx ring */ 3090 if ((error = mtw_alloc_mcu_ring(sc)) != 0) 3091 goto fail; 3092 3093 /* init host command ring */ 3094 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0; 3095 3096 for (ntries = 0; ntries < 100; ntries++) { 3097 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0) 3098 goto fail; 3099 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3100 break; 3101 DELAY(1000); 3102 } 3103 if (ntries == 100) { 3104 printf("%s: timeout waiting for DMA engine\n", 3105 sc->sc_dev.dv_xname); 3106 error = ETIMEDOUT; 3107 goto fail; 3108 } 3109 tmp &= 0xff0; 3110 tmp |= MTW_TX_WB_DDONE; 3111 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3112 3113 /* reset MAC and baseband */ 3114 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_BBP_HRST | MTW_MAC_SRST); 3115 mtw_write(sc, MTW_USB_DMA_CFG, 0); 3116 mtw_write(sc, MTW_MAC_SYS_CTRL, 0); 3117 3118 /* init MAC values */ 3119 if (sc->mac_ver == 0x7601) { 3120 for (i = 0; i < nitems(mt7601_def_mac); i++) 3121 mtw_write(sc, mt7601_def_mac[i].reg, 3122 mt7601_def_mac[i].val); 3123 } 3124 3125 /* wait while MAC is busy */ 3126 for (ntries = 0; ntries < 100; ntries++) { 3127 if ((error = mtw_read(sc, MTW_MAC_STATUS_REG, &tmp)) != 0) 3128 goto fail; 3129 if (!(tmp & (MTW_RX_STATUS_BUSY | MTW_TX_STATUS_BUSY))) 3130 break; 3131 DELAY(1000); 3132 } 3133 if (ntries == 100) { 3134 error = ETIMEDOUT; 3135 goto fail; 3136 } 3137 3138 /* set MAC address */ 3139 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 3140 mtw_set_macaddr(sc, ic->ic_myaddr); 3141 3142 /* clear WCID attribute table */ 3143 mtw_set_region_4(sc, MTW_WCID_ATTR(0), 1, 8 * 32); 3144 3145 mtw_write(sc, 0x1648, 0x00830083); 3146 mtw_read(sc, MTW_FCE_L2_STUFF, &tmp); 3147 tmp &= ~MTW_L2S_WR_MPDU_LEN_EN; 3148 mtw_write(sc, MTW_FCE_L2_STUFF, tmp); 3149 3150 /* RTS config */ 3151 mtw_set_txrts(sc); 3152 3153 /* clear Host to MCU mailbox */ 3154 mtw_write(sc, MTW_BBP_CSR, 0); 3155 mtw_write(sc, MTW_H2M_MAILBOX, 0); 3156 3157 /* clear RX WCID search table */ 3158 mtw_set_region_4(sc, MTW_WCID_ENTRY(0), 0xffffffff, 512); 3159 3160 /* abort TSF synchronization */ 3161 mtw_abort_tsf_sync(sc); 3162 3163 mtw_read(sc, MTW_US_CYC_CNT, &tmp); 3164 tmp = (tmp & ~0xff); 3165 if (sc->mac_ver == 0x7601) 3166 tmp |= 0x1e; 3167 mtw_write(sc, MTW_US_CYC_CNT, tmp); 3168 3169 /* clear shared key table */ 3170 mtw_set_region_4(sc, MTW_SKEY(0, 0), 0, 8 * 32); 3171 3172 /* clear IV/EIV table */ 3173 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 8 * 32); 3174 3175 /* clear shared key mode */ 3176 mtw_write(sc, MTW_SKEY_MODE_0_7, 0); 3177 mtw_write(sc, MTW_SKEY_MODE_8_15, 0); 3178 3179 /* txop truncation */ 3180 mtw_write(sc, MTW_TXOP_CTRL_CFG, 0x0000583f); 3181 3182 /* init Tx power for all Tx rates */ 3183 for (ridx = 0; ridx < 5; ridx++) { 3184 if (sc->txpow20mhz[ridx] == 0xffffffff) 3185 continue; 3186 mtw_write(sc, MTW_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 3187 } 3188 mtw_write(sc, MTW_TX_PWR_CFG7, 0); 3189 mtw_write(sc, MTW_TX_PWR_CFG9, 0); 3190 3191 mtw_read(sc, MTW_CMB_CTRL, &tmp); 3192 tmp &= ~(1 << 18 | 1 << 14); 3193 mtw_write(sc, MTW_CMB_CTRL, tmp); 3194 3195 /* clear USB DMA */ 3196 mtw_write(sc, MTW_USB_DMA_CFG, MTW_USB_TX_EN | MTW_USB_RX_EN | 3197 MTW_USB_RX_AGG_EN | MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT | 3198 MTW_USB_RX_WL_DROP); 3199 usbd_delay_ms(sc->sc_udev, 50); 3200 mtw_read(sc, MTW_USB_DMA_CFG, &tmp); 3201 tmp &= ~(MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT | 3202 MTW_USB_RX_WL_DROP); 3203 mtw_write(sc, MTW_USB_DMA_CFG, tmp); 3204 3205 /* enable radio */ 3206 mtw_mcu_radio(sc, 0x31, 0); 3207 3208 /* init RF registers */ 3209 if (sc->mac_ver == 0x7601) 3210 mt7601_rf_init(sc); 3211 3212 /* init baseband registers */ 3213 if (sc->mac_ver == 0x7601) 3214 error = mt7601_bbp_init(sc); 3215 3216 if (error != 0) { 3217 printf("%s: could not initialize BBP\n", sc->sc_dev.dv_xname); 3218 goto fail; 3219 } 3220 3221 /* setup and calibrate RF */ 3222 if (sc->mac_ver == 0x7601) 3223 error = mt7601_rf_setup(sc); 3224 3225 if (error != 0) { 3226 printf("%s: could not initialize RF\n", sc->sc_dev.dv_xname); 3227 goto fail; 3228 } 3229 3230 /* select default channel */ 3231 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 3232 mtw_set_chan(sc, ic->ic_ibss_chan); 3233 3234 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 3235 struct mtw_rx_data *data = &sc->rxq[MTW_RXQ_WLAN].data[i]; 3236 3237 usbd_setup_xfer(data->xfer, sc->rxq[MTW_RXQ_WLAN].pipeh, 3238 data, data->buf, 3239 MTW_MAX_RXSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY, 3240 USBD_NO_TIMEOUT, mtw_rxeof); 3241 error = usbd_transfer(data->xfer); 3242 if (error != 0 && error != USBD_IN_PROGRESS) 3243 goto fail; 3244 } 3245 3246 if ((error = mtw_txrx_enable(sc)) != 0) 3247 goto fail; 3248 3249 /* init LEDs */ 3250 mtw_set_leds(sc, MTW_LED_MODE_ON); 3251 3252 ifp->if_flags |= IFF_RUNNING; 3253 ifq_clr_oactive(&ifp->if_snd); 3254 3255 if (ic->ic_flags & IEEE80211_F_WEPON) { 3256 /* install WEP keys */ 3257 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 3258 if (ic->ic_nw_keys[i].k_cipher != IEEE80211_CIPHER_NONE) 3259 (void)mtw_set_key(ic, NULL, &ic->ic_nw_keys[i]); 3260 } 3261 } 3262 3263 if (ic->ic_opmode == IEEE80211_M_MONITOR) 3264 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3265 else 3266 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3267 3268 if (error != 0) 3269 fail: mtw_stop(ifp, 1); 3270 return error; 3271 } 3272 3273 void 3274 mtw_stop(struct ifnet *ifp, int disable) 3275 { 3276 struct mtw_softc *sc = ifp->if_softc; 3277 struct ieee80211com *ic = &sc->sc_ic; 3278 uint32_t tmp; 3279 int s, ntries, error, qid; 3280 3281 if (ifp->if_flags & IFF_RUNNING) 3282 mtw_set_leds(sc, MTW_LED_MODE_ON); 3283 3284 sc->sc_tx_timer = 0; 3285 ifp->if_timer = 0; 3286 ifp->if_flags &= ~IFF_RUNNING; 3287 ifq_clr_oactive(&ifp->if_snd); 3288 3289 timeout_del(&sc->scan_to); 3290 timeout_del(&sc->calib_to); 3291 3292 s = splusb(); 3293 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3294 /* wait for all queued asynchronous commands to complete */ 3295 usb_wait_task(sc->sc_udev, &sc->sc_task); 3296 splx(s); 3297 3298 /* Disable Tx/Rx DMA. */ 3299 mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp); 3300 tmp &= ~(MTW_RX_DMA_EN | MTW_TX_DMA_EN); 3301 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3302 mtw_usb_dma_write(sc, 0); 3303 3304 for (ntries = 0; ntries < 100; ntries++) { 3305 if (mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp) != 0) 3306 break; 3307 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3308 break; 3309 DELAY(10); 3310 } 3311 if (ntries == 100) { 3312 printf("%s: timeout waiting for DMA engine\n", 3313 sc->sc_dev.dv_xname); 3314 } 3315 3316 /* stop MAC Tx/Rx */ 3317 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp); 3318 tmp &= ~(MTW_MAC_RX_EN | MTW_MAC_TX_EN); 3319 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp); 3320 3321 /* disable RTS retry */ 3322 mtw_read(sc, MTW_TX_RTS_CFG, &tmp); 3323 tmp &= ~0xff; 3324 mtw_write(sc, MTW_TX_RTS_CFG, tmp); 3325 3326 /* US_CYC_CFG */ 3327 mtw_read(sc, MTW_US_CYC_CNT, &tmp); 3328 tmp = (tmp & ~0xff); 3329 mtw_write(sc, MTW_US_CYC_CNT, tmp); 3330 3331 /* stop PBF */ 3332 mtw_read(sc, MTW_PBF_CFG, &tmp); 3333 tmp &= ~0x3; 3334 mtw_write(sc, MTW_PBF_CFG, tmp); 3335 3336 /* wait for pending Tx to complete */ 3337 for (ntries = 0; ntries < 100; ntries++) { 3338 if ((error = mtw_read(sc, MTW_TXRXQ_PCNT, &tmp)) != 0) 3339 break; 3340 if ((tmp & MTW_TX2Q_PCNT_MASK) == 0) 3341 break; 3342 } 3343 DELAY(1000); 3344 3345 /* delete keys */ 3346 for (qid = 0; qid < 4; qid++) { 3347 mtw_read(sc, MTW_SKEY_MODE_0_7, &tmp); 3348 tmp &= ~(0xf << qid * 4); 3349 mtw_write(sc, MTW_SKEY_MODE_0_7, tmp); 3350 } 3351 3352 if (disable) { 3353 /* disable radio */ 3354 error = mtw_mcu_radio(sc, 0x30, 0x1); 3355 usbd_delay_ms(sc->sc_udev, 10); 3356 } 3357 3358 /* free Tx and Rx rings */ 3359 sc->qfullmsk = 0; 3360 mtw_free_mcu_ring(sc); 3361 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) 3362 mtw_free_tx_ring(sc, qid); 3363 mtw_free_rx_ring(sc, 0); 3364 } 3365