1 /* $OpenBSD: if_mtw.c,v 1.11 2024/05/23 03:21:08 jsg Exp $ */
2 /*
3 * Copyright (c) 2008-2010 Damien Bergamini <damien.bergamini@free.fr>
4 * Copyright (c) 2013-2014 Kevin Lo
5 * Copyright (c) 2021 James Hastings
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /*
21 * MediaTek MT7601U 802.11b/g/n WLAN.
22 */
23
24 #include "bpfilter.h"
25
26 #include <sys/param.h>
27 #include <sys/sockio.h>
28 #include <sys/mbuf.h>
29 #include <sys/systm.h>
30 #include <sys/timeout.h>
31 #include <sys/device.h>
32 #include <sys/endian.h>
33
34 #include <machine/intr.h>
35
36 #if NBPFILTER > 0
37 #include <net/bpf.h>
38 #endif
39 #include <net/if.h>
40 #include <net/if_dl.h>
41 #include <net/if_media.h>
42
43 #include <netinet/in.h>
44 #include <netinet/if_ether.h>
45
46 #include <net80211/ieee80211_var.h>
47 #include <net80211/ieee80211_amrr.h>
48 #include <net80211/ieee80211_ra.h>
49 #include <net80211/ieee80211_radiotap.h>
50
51 #include <dev/usb/usb.h>
52 #include <dev/usb/usbdi.h>
53 #include <dev/usb/usbdi_util.h>
54 #include <dev/usb/usbdevs.h>
55
56 #include <dev/ic/mtwreg.h>
57 #include <dev/usb/if_mtwvar.h>
58
59 #ifdef MTW_DEBUG
60 #define DPRINTF(x) do { if (mtw_debug) printf x; } while (0)
61 #define DPRINTFN(n, x) do { if (mtw_debug >= (n)) printf x; } while (0)
62 int mtw_debug = 0;
63 #else
64 #define DPRINTF(x)
65 #define DPRINTFN(n, x)
66 #endif
67
68 #define USB_ID(v, p) { USB_VENDOR_##v, USB_PRODUCT_##v##_##p }
69 static const struct usb_devno mtw_devs[] = {
70 USB_ID(ASUS, USBN10V2),
71 USB_ID(AZUREWAVE, MT7601_1),
72 USB_ID(AZUREWAVE, MT7601_2),
73 USB_ID(DLINK, DWA127B1),
74 USB_ID(EDIMAX, EW7711UANV2),
75 USB_ID(MEDIATEK, MT7601_1),
76 USB_ID(MEDIATEK, MT7601_2),
77 USB_ID(RALINK, MT7601),
78 USB_ID(RALINK, MT7601_2),
79 USB_ID(RALINK, MT7601_3),
80 USB_ID(RALINK, MT7601_4),
81 USB_ID(RALINK, MT7601_5),
82 USB_ID(XIAOMI, MT7601U),
83 };
84
85 int mtw_match(struct device *, void *, void *);
86 void mtw_attach(struct device *, struct device *, void *);
87 int mtw_detach(struct device *, int);
88 void mtw_attachhook(struct device *);
89 int mtw_alloc_rx_ring(struct mtw_softc *, int);
90 void mtw_free_rx_ring(struct mtw_softc *, int);
91 int mtw_alloc_tx_ring(struct mtw_softc *, int);
92 void mtw_free_tx_ring(struct mtw_softc *, int);
93 int mtw_alloc_mcu_ring(struct mtw_softc *);
94 void mtw_free_mcu_ring(struct mtw_softc *);
95 int mtw_ucode_write(struct mtw_softc *, const uint8_t *,
96 uint32_t, uint32_t);
97 void mtw_ucode_setup(struct mtw_softc *);
98 int mtw_load_microcode(struct mtw_softc *);
99 int mtw_reset(struct mtw_softc *);
100 int mtw_read(struct mtw_softc *, uint16_t, uint32_t *);
101 int mtw_read_cfg(struct mtw_softc *, uint16_t, uint32_t *);
102 int mtw_read_region_1(struct mtw_softc *, uint16_t,
103 uint8_t *, int);
104 int mtw_write_2(struct mtw_softc *, uint16_t, uint16_t);
105 int mtw_write(struct mtw_softc *, uint16_t, uint32_t);
106 int mtw_write_cfg(struct mtw_softc *, uint16_t, uint32_t);
107 int mtw_write_ivb(struct mtw_softc *, const uint8_t *, uint16_t);
108 int mtw_write_region_1(struct mtw_softc *, uint16_t,
109 uint8_t *, int);
110 int mtw_set_region_4(struct mtw_softc *, uint16_t, uint32_t, int);
111 int mtw_efuse_read_2(struct mtw_softc *, uint16_t, uint16_t *);
112 int mtw_eeprom_read_2(struct mtw_softc *, uint16_t, uint16_t *);
113 int mtw_rf_read(struct mtw_softc *, uint8_t, uint8_t, uint8_t *);
114 int mtw_rf_write(struct mtw_softc *, uint8_t, uint8_t, uint8_t);
115 int mtw_bbp_read(struct mtw_softc *, uint8_t, uint8_t *);
116 int mtw_bbp_write(struct mtw_softc *, uint8_t, uint8_t);
117 int mtw_usb_dma_read(struct mtw_softc *, uint32_t *);
118 int mtw_usb_dma_write(struct mtw_softc *, uint32_t);
119 int mtw_mcu_calibrate(struct mtw_softc *, int, uint32_t);
120 int mtw_mcu_channel(struct mtw_softc *, uint32_t, uint32_t, uint32_t);
121 int mtw_mcu_radio(struct mtw_softc *, int, uint32_t);
122 int mtw_mcu_cmd(struct mtw_softc *, int, void *, int);
123 const char * mtw_get_rf(int);
124 void mtw_get_txpower(struct mtw_softc *);
125 int mtw_read_eeprom(struct mtw_softc *);
126 struct ieee80211_node *mtw_node_alloc(struct ieee80211com *);
127 int mtw_media_change(struct ifnet *);
128 void mtw_next_scan(void *);
129 void mtw_task(void *);
130 void mtw_do_async(struct mtw_softc *, void (*)(struct mtw_softc *,
131 void *), void *, int);
132 int mtw_newstate(struct ieee80211com *, enum ieee80211_state, int);
133 void mtw_newstate_cb(struct mtw_softc *, void *);
134 void mtw_updateedca(struct ieee80211com *);
135 void mtw_updateedca_cb(struct mtw_softc *, void *);
136 void mtw_updateslot(struct ieee80211com *);
137 void mtw_updateslot_cb(struct mtw_softc *, void *);
138 int mtw_set_key(struct ieee80211com *, struct ieee80211_node *,
139 struct ieee80211_key *);
140 void mtw_set_key_cb(struct mtw_softc *, void *);
141 void mtw_delete_key(struct ieee80211com *, struct ieee80211_node *,
142 struct ieee80211_key *);
143 void mtw_delete_key_cb(struct mtw_softc *, void *);
144 void mtw_calibrate_to(void *);
145 void mtw_calibrate_cb(struct mtw_softc *, void *);
146 void mtw_newassoc(struct ieee80211com *, struct ieee80211_node *,
147 int);
148 void mtw_rx_frame(struct mtw_softc *, uint8_t *, int,
149 struct mbuf_list *);
150 void mtw_rxeof(struct usbd_xfer *, void *, usbd_status);
151 void mtw_txeof(struct usbd_xfer *, void *, usbd_status);
152 int mtw_tx(struct mtw_softc *, struct mbuf *,
153 struct ieee80211_node *);
154 void mtw_start(struct ifnet *);
155 void mtw_watchdog(struct ifnet *);
156 int mtw_ioctl(struct ifnet *, u_long, caddr_t);
157 void mtw_select_chan_group(struct mtw_softc *, int);
158 void mt7601_set_agc(struct mtw_softc *, uint8_t);
159 void mt7601_set_chan(struct mtw_softc *, u_int);
160 int mtw_set_chan(struct mtw_softc *, struct ieee80211_channel *);
161 void mtw_enable_tsf_sync(struct mtw_softc *);
162 void mtw_abort_tsf_sync(struct mtw_softc *);
163 void mtw_enable_mrr(struct mtw_softc *);
164 void mtw_set_txrts(struct mtw_softc *);
165 void mtw_set_txpreamble(struct mtw_softc *);
166 void mtw_set_basicrates(struct mtw_softc *);
167 void mtw_set_leds(struct mtw_softc *, uint16_t);
168 void mtw_set_bssid(struct mtw_softc *, const uint8_t *);
169 void mtw_set_macaddr(struct mtw_softc *, const uint8_t *);
170 #if NBPFILTER > 0
171 int8_t mtw_rssi2dbm(struct mtw_softc *, uint8_t, uint8_t);
172 #endif
173 int mt7601_bbp_init(struct mtw_softc *);
174 int mt7601_rf_init(struct mtw_softc *);
175 int mt7601_rf_setup(struct mtw_softc *);
176 int mt7601_rf_temperature(struct mtw_softc *, int8_t *);
177 int mt7601_r49_read(struct mtw_softc *, uint8_t, int8_t *);
178 int mt7601_rxdc_cal(struct mtw_softc *);
179 int mtw_wlan_enable(struct mtw_softc *, int);
180 int mtw_txrx_enable(struct mtw_softc *);
181 int mtw_init(struct ifnet *);
182 void mtw_stop(struct ifnet *, int);
183
184 struct cfdriver mtw_cd = {
185 NULL, "mtw", DV_IFNET
186 };
187
188 const struct cfattach mtw_ca = {
189 sizeof (struct mtw_softc), mtw_match, mtw_attach, mtw_detach
190 };
191
192 static const struct {
193 uint32_t reg;
194 uint32_t val;
195 } mt7601_def_mac[] = {
196 MT7601_DEF_MAC
197 };
198
199 static const struct {
200 uint8_t reg;
201 uint8_t val;
202 } mt7601_def_bbp[] = {
203 MT7601_DEF_BBP
204 };
205
206 static const struct {
207 u_int chan;
208 uint8_t r17, r18, r19, r20;
209 } mt7601_rf_chan[] = {
210 MT7601_RF_CHAN
211 };
212
213 static const struct {
214 uint8_t reg;
215 uint8_t val;
216 } mt7601_rf_bank0[] = {
217 MT7601_BANK0_RF
218 },mt7601_rf_bank4[] = {
219 MT7601_BANK4_RF
220 },mt7601_rf_bank5[] = {
221 MT7601_BANK5_RF
222 };
223
224 int
mtw_match(struct device * parent,void * match,void * aux)225 mtw_match(struct device *parent, void *match, void *aux)
226 {
227 struct usb_attach_arg *uaa = aux;
228
229 if (uaa->iface == NULL || uaa->configno != 1)
230 return UMATCH_NONE;
231
232 return (usb_lookup(mtw_devs, uaa->vendor, uaa->product) != NULL) ?
233 UMATCH_VENDOR_PRODUCT_CONF_IFACE : UMATCH_NONE;
234 }
235
236 void
mtw_attach(struct device * parent,struct device * self,void * aux)237 mtw_attach(struct device *parent, struct device *self, void *aux)
238 {
239 struct mtw_softc *sc = (struct mtw_softc *)self;
240 struct usb_attach_arg *uaa = aux;
241 usb_interface_descriptor_t *id;
242 usb_endpoint_descriptor_t *ed;
243 int i, error, nrx, ntx, ntries;
244 uint32_t ver;
245
246 sc->sc_udev = uaa->device;
247 sc->sc_iface = uaa->iface;
248
249 /*
250 * Find all bulk endpoints.
251 */
252 nrx = ntx = 0;
253 id = usbd_get_interface_descriptor(sc->sc_iface);
254 for (i = 0; i < id->bNumEndpoints; i++) {
255 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i);
256 if (ed == NULL || UE_GET_XFERTYPE(ed->bmAttributes) != UE_BULK)
257 continue;
258
259 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN) {
260 sc->rxq[nrx].pipe_no = ed->bEndpointAddress;
261 nrx++;
262 } else if (ntx < 6) {
263 if (ntx == 0)
264 sc->txq[MTW_TXQ_MCU].pipe_no =
265 ed->bEndpointAddress;
266 else
267 sc->txq[ntx - 1].pipe_no =
268 ed->bEndpointAddress;
269 ntx++;
270 }
271 }
272 /* make sure we've got them all */
273 if (nrx < 2 || ntx < 6) {
274 printf("%s: missing endpoint\n", sc->sc_dev.dv_xname);
275 return;
276 }
277
278 /* wait for the chip to settle */
279 for (ntries = 0; ntries < 100; ntries++) {
280 if ((error = mtw_read(sc, MTW_ASIC_VER, &ver)) != 0)
281 return;
282 if (ver != 0 && ver != 0xffffffff)
283 break;
284 DPRINTF(("%08x ", ver));
285 DELAY(10);
286 }
287 if (ntries == 100) {
288 printf("%s: timeout waiting for NIC to initialize\n",
289 sc->sc_dev.dv_xname);
290 return;
291 }
292
293 sc->asic_ver = ver >> 16;
294 sc->asic_rev = ver & 0xffff;
295
296 usb_init_task(&sc->sc_task, mtw_task, sc, USB_TASK_TYPE_GENERIC);
297 timeout_set(&sc->scan_to, mtw_next_scan, sc);
298 timeout_set(&sc->calib_to, mtw_calibrate_to, sc);
299
300 sc->amrr.amrr_min_success_threshold = 1;
301 sc->amrr.amrr_max_success_threshold = 10;
302
303 config_mountroot(self, mtw_attachhook);
304 }
305
306 int
mtw_detach(struct device * self,int flags)307 mtw_detach(struct device *self, int flags)
308 {
309 struct mtw_softc *sc = (struct mtw_softc *)self;
310 struct ifnet *ifp = &sc->sc_ic.ic_if;
311 int qid, s;
312
313 s = splusb();
314
315 if (timeout_initialized(&sc->scan_to))
316 timeout_del(&sc->scan_to);
317 if (timeout_initialized(&sc->calib_to))
318 timeout_del(&sc->calib_to);
319
320 /* wait for all queued asynchronous commands to complete */
321 usb_rem_wait_task(sc->sc_udev, &sc->sc_task);
322
323 usbd_ref_wait(sc->sc_udev);
324
325 if (ifp->if_softc != NULL) {
326 ifp->if_flags &= ~IFF_RUNNING;
327 ifq_clr_oactive(&ifp->if_snd);
328 ieee80211_ifdetach(ifp);
329 if_detach(ifp);
330 }
331
332 /* free rings and close pipes */
333 mtw_free_mcu_ring(sc);
334 for (qid = 0; qid < MTW_TXQ_COUNT; qid++)
335 mtw_free_tx_ring(sc, qid);
336 mtw_free_rx_ring(sc, 0);
337 mtw_free_rx_ring(sc, 1);
338
339 splx(s);
340 return 0;
341 }
342
343 void
mtw_attachhook(struct device * self)344 mtw_attachhook(struct device *self)
345 {
346 struct mtw_softc *sc = (struct mtw_softc *)self;
347 struct ieee80211com *ic = &sc->sc_ic;
348 struct ifnet *ifp = &ic->ic_if;
349 uint32_t tmp;
350 int ntries, error, i;
351
352 if (usbd_is_dying(sc->sc_udev))
353 return;
354
355 /* enable WLAN core */
356 if ((error = mtw_wlan_enable(sc, 1)) != 0) {
357 printf("%s: could not enable WLAN core\n",
358 sc->sc_dev.dv_xname);
359 return;
360 }
361
362 /* load firmware */
363 if ((error = mtw_load_microcode(sc)) != 0) {
364 printf("%s: could not load microcode\n",
365 sc->sc_dev.dv_xname);
366 goto fail;
367 }
368
369 mtw_usb_dma_read(sc, &tmp);
370 mtw_usb_dma_write(sc, tmp | (MTW_USB_RX_EN | MTW_USB_TX_EN));
371
372 /* read MAC version */
373 for (ntries = 0; ntries < 100; ntries++) {
374 if ((error = mtw_read(sc, MTW_MAC_VER_ID, &tmp)) != 0)
375 goto fail;
376 if (tmp != 0 && tmp != 0xffffffff)
377 break;
378 DELAY(10);
379 }
380 if (ntries == 100) {
381 printf("%s: failed reading MAC\n", sc->sc_dev.dv_xname);
382 goto fail;
383 }
384
385 sc->mac_ver = tmp >> 16;
386 sc->mac_rev = tmp & 0xffff;
387
388 /* retrieve RF rev. no and various other things from EEPROM */
389 mtw_read_eeprom(sc);
390
391 printf("%s: MAC/BBP MT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), "
392 "address %s\n", sc->sc_dev.dv_xname, sc->mac_ver,
393 sc->mac_rev, mtw_get_rf(sc->rf_rev), sc->ntxchains,
394 sc->nrxchains, ether_sprintf(ic->ic_myaddr));
395
396 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
397 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
398 ic->ic_state = IEEE80211_S_INIT;
399
400 /* set device capabilities */
401 ic->ic_caps =
402 IEEE80211_C_MONITOR | /* monitor mode supported */
403 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
404 IEEE80211_C_SHSLOT | /* short slot time supported */
405 IEEE80211_C_WEP | /* WEP */
406 IEEE80211_C_RSN; /* WPA/RSN */
407
408 /* set supported .11b and .11g rates */
409 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b;
410 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g;
411
412 /* set supported .11b and .11g channels (1 through 14) */
413 for (i = 1; i <= 14; i++) {
414 ic->ic_channels[i].ic_freq =
415 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
416 ic->ic_channels[i].ic_flags =
417 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
418 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
419 }
420
421 ifp->if_softc = sc;
422 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
423 ifp->if_ioctl = mtw_ioctl;
424 ifp->if_start = mtw_start;
425 ifp->if_watchdog = mtw_watchdog;
426 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ);
427
428 if_attach(ifp);
429 ieee80211_ifattach(ifp);
430 ic->ic_node_alloc = mtw_node_alloc;
431 ic->ic_newassoc = mtw_newassoc;
432 ic->ic_updateslot = mtw_updateslot;
433 ic->ic_updateedca = mtw_updateedca;
434 ic->ic_set_key = mtw_set_key;
435 ic->ic_delete_key = mtw_delete_key;
436
437 /* override 802.11 state transition machine */
438 sc->sc_newstate = ic->ic_newstate;
439 ic->ic_newstate = mtw_newstate;
440 ieee80211_media_init(ifp, mtw_media_change, ieee80211_media_status);
441
442 #if NBPFILTER > 0
443 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO,
444 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN);
445
446 sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
447 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
448 sc->sc_rxtap.wr_ihdr.it_present = htole32(MTW_RX_RADIOTAP_PRESENT);
449
450 sc->sc_txtap_len = sizeof sc->sc_txtapu;
451 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
452 sc->sc_txtap.wt_ihdr.it_present = htole32(MTW_TX_RADIOTAP_PRESENT);
453 #endif
454 fail:
455 return;
456 }
457
458 int
mtw_alloc_rx_ring(struct mtw_softc * sc,int qid)459 mtw_alloc_rx_ring(struct mtw_softc *sc, int qid)
460 {
461 struct mtw_rx_ring *rxq = &sc->rxq[qid];
462 int i, error;
463
464 if ((error = usbd_open_pipe(sc->sc_iface, rxq->pipe_no, 0,
465 &rxq->pipeh)) != 0)
466 goto fail;
467
468 for (i = 0; i < MTW_RX_RING_COUNT; i++) {
469 struct mtw_rx_data *data = &rxq->data[i];
470
471 data->sc = sc; /* backpointer for callbacks */
472
473 data->xfer = usbd_alloc_xfer(sc->sc_udev);
474 if (data->xfer == NULL) {
475 error = ENOMEM;
476 goto fail;
477 }
478 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_RXSZ);
479 if (data->buf == NULL) {
480 error = ENOMEM;
481 goto fail;
482 }
483 }
484 if (error != 0)
485 fail: mtw_free_rx_ring(sc, 0);
486 return error;
487 }
488
489 void
mtw_free_rx_ring(struct mtw_softc * sc,int qid)490 mtw_free_rx_ring(struct mtw_softc *sc, int qid)
491 {
492 struct mtw_rx_ring *rxq = &sc->rxq[qid];
493 int i;
494
495 if (rxq->pipeh != NULL) {
496 usbd_close_pipe(rxq->pipeh);
497 rxq->pipeh = NULL;
498 }
499 for (i = 0; i < MTW_RX_RING_COUNT; i++) {
500 if (rxq->data[i].xfer != NULL)
501 usbd_free_xfer(rxq->data[i].xfer);
502 rxq->data[i].xfer = NULL;
503 }
504 }
505
506 int
mtw_alloc_tx_ring(struct mtw_softc * sc,int qid)507 mtw_alloc_tx_ring(struct mtw_softc *sc, int qid)
508 {
509 struct mtw_tx_ring *txq = &sc->txq[qid];
510 int i, error;
511 uint16_t txwisize;
512
513 txwisize = sizeof(struct mtw_txwi);
514
515 txq->cur = txq->queued = 0;
516
517 if ((error = usbd_open_pipe(sc->sc_iface, txq->pipe_no, 0,
518 &txq->pipeh)) != 0)
519 goto fail;
520
521 for (i = 0; i < MTW_TX_RING_COUNT; i++) {
522 struct mtw_tx_data *data = &txq->data[i];
523
524 data->sc = sc; /* backpointer for callbacks */
525 data->qid = qid;
526
527 data->xfer = usbd_alloc_xfer(sc->sc_udev);
528 if (data->xfer == NULL) {
529 error = ENOMEM;
530 goto fail;
531 }
532
533 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ);
534 if (data->buf == NULL) {
535 error = ENOMEM;
536 goto fail;
537 }
538
539 /* zeroize the TXD + TXWI part */
540 memset(data->buf, 0, MTW_MAX_TXSZ);
541 }
542 if (error != 0)
543 fail: mtw_free_tx_ring(sc, qid);
544 return error;
545 }
546
547 void
mtw_free_tx_ring(struct mtw_softc * sc,int qid)548 mtw_free_tx_ring(struct mtw_softc *sc, int qid)
549 {
550 struct mtw_tx_ring *txq = &sc->txq[qid];
551 int i;
552
553 if (txq->pipeh != NULL) {
554 usbd_close_pipe(txq->pipeh);
555 txq->pipeh = NULL;
556 }
557 for (i = 0; i < MTW_TX_RING_COUNT; i++) {
558 if (txq->data[i].xfer != NULL)
559 usbd_free_xfer(txq->data[i].xfer);
560 txq->data[i].xfer = NULL;
561 }
562 }
563
564 int
mtw_alloc_mcu_ring(struct mtw_softc * sc)565 mtw_alloc_mcu_ring(struct mtw_softc *sc)
566 {
567 struct mtw_tx_ring *ring = &sc->sc_mcu;
568 struct mtw_tx_data *data = &ring->data[0];
569 int error = 0;
570
571 ring->cur = ring->queued = 0;
572
573 data->sc = sc; /* backpointer for callbacks */
574 data->qid = 5;
575
576 data->xfer = usbd_alloc_xfer(sc->sc_udev);
577 if (data->xfer == NULL) {
578 error = ENOMEM;
579 goto fail;
580 }
581
582 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ);
583 if (data->buf == NULL) {
584 error = ENOMEM;
585 goto fail;
586 }
587 /* zeroize the TXD */
588 memset(data->buf, 0, 4);
589
590 if (error != 0)
591 fail: mtw_free_mcu_ring(sc);
592 return error;
593
594
595 }
596 void
mtw_free_mcu_ring(struct mtw_softc * sc)597 mtw_free_mcu_ring(struct mtw_softc *sc)
598 {
599 struct mtw_tx_ring *txq = &sc->sc_mcu;
600
601 if (txq->data[0].xfer != NULL)
602 usbd_free_xfer(txq->data[0].xfer);
603 txq->data[0].xfer = NULL;
604 }
605
606 int
mtw_ucode_write(struct mtw_softc * sc,const uint8_t * fw,uint32_t len,uint32_t offset)607 mtw_ucode_write(struct mtw_softc *sc, const uint8_t *fw, uint32_t len,
608 uint32_t offset)
609 {
610 struct mtw_tx_ring *ring = &sc->txq[MTW_TXQ_MCU];
611 struct usbd_xfer *xfer;
612 struct mtw_txd *txd;
613 uint8_t *buf;
614 uint32_t blksz, sent, tmp, xferlen;
615 int error;
616
617 blksz = 0x2000;
618 if (sc->asic_ver == 0x7612 && offset >= 0x90000)
619 blksz = 0x800; /* MT7612 ROM Patch */
620
621 xfer = usbd_alloc_xfer(sc->sc_udev);
622 if (xfer == NULL) {
623 error = ENOMEM;
624 goto fail;
625 }
626 buf = usbd_alloc_buffer(xfer, blksz + 12);
627 if (buf == NULL) {
628 error = ENOMEM;
629 goto fail;
630 }
631
632 sent = 0;
633 for (;;) {
634 xferlen = min(len - sent, blksz);
635 if (xferlen == 0)
636 break;
637
638 txd = (struct mtw_txd *)buf;
639 txd->len = htole16(xferlen);
640 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_MCU);
641
642 memcpy(buf + sizeof(struct mtw_txd), fw + sent, xferlen);
643 memset(buf + sizeof(struct mtw_txd) + xferlen, 0, MTW_DMA_PAD);
644 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, offset + sent);
645 mtw_write_cfg(sc, MTW_MCU_DMA_LEN, (xferlen << 16));
646
647 usbd_setup_xfer(xfer, ring->pipeh, NULL, buf,
648 xferlen + sizeof(struct mtw_txd) + MTW_DMA_PAD,
649 USBD_SHORT_XFER_OK | USBD_SYNCHRONOUS | USBD_NO_COPY,
650 MTW_TX_TIMEOUT, NULL);
651 if ((error = usbd_transfer(xfer)) != 0)
652 break;
653
654 mtw_read(sc, MTW_MCU_FW_IDX, &tmp);
655 mtw_write(sc, MTW_MCU_FW_IDX, tmp++);
656
657 sent += xferlen;
658 }
659 fail:
660 if (xfer != NULL) {
661 usbd_free_xfer(xfer);
662 xfer = NULL;
663 }
664 return error;
665 }
666
667 void
mtw_ucode_setup(struct mtw_softc * sc)668 mtw_ucode_setup(struct mtw_softc *sc)
669 {
670 mtw_usb_dma_write(sc, (MTW_USB_TX_EN | MTW_USB_RX_EN));
671 mtw_write(sc, MTW_FCE_PSE_CTRL, 1);
672 mtw_write(sc, MTW_TX_CPU_FCE_BASE, 0x400230);
673 mtw_write(sc, MTW_TX_CPU_FCE_MAX_COUNT, 1);
674 mtw_write(sc, MTW_MCU_FW_IDX, 1);
675 mtw_write(sc, MTW_FCE_PDMA, 0x44);
676 mtw_write(sc, MTW_FCE_SKIP_FS, 3);
677 }
678
679 int
mtw_load_microcode(struct mtw_softc * sc)680 mtw_load_microcode(struct mtw_softc *sc)
681 {
682 const struct mtw_ucode_hdr *hdr;
683 const struct mtw_ucode *fw;
684 const char *fwname;
685 u_char *ucode;
686 size_t size;
687 uint32_t tmp, iofs, dofs;
688 int ntries, error;
689 int dlen, ilen;
690
691 /* is firmware already running? */
692 mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp);
693 if (tmp == MTW_MCU_READY)
694 return 0;
695
696 /* open MCU pipe */
697 if ((error = usbd_open_pipe(sc->sc_iface, sc->txq[MTW_TXQ_MCU].pipe_no,
698 0, &sc->txq[MTW_TXQ_MCU].pipeh)) != 0)
699 return error;
700
701 if (sc->asic_ver == 0x7612) {
702 fwname = "mtw-mt7662u_rom_patch";
703
704 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) {
705 printf("%s: failed loadfirmware of file %s (error %d)\n",
706 sc->sc_dev.dv_xname, fwname, error);
707 return error;
708 }
709 fw = (const struct mtw_ucode *) ucode + 0x1e;
710 ilen = size - 0x1e;
711
712 mtw_ucode_setup(sc);
713
714 if ((error = mtw_ucode_write(sc, fw->data, ilen, 0x90000)) != 0)
715 goto fail;
716
717 mtw_usb_dma_write(sc, 0x00e41814);
718 free(ucode, M_DEVBUF, size);
719 }
720
721 fwname = "mtw-mt7601u";
722 iofs = 0x40;
723 dofs = 0;
724 if (sc->asic_ver == 0x7612) {
725 fwname = "mtw-mt7662u";
726 iofs = 0x80040;
727 dofs = 0x110800;
728 } else if (sc->asic_ver == 0x7610) {
729 fwname = "mtw-mt7610u";
730 dofs = 0x80000;
731 }
732
733 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) {
734 printf("%s: failed loadfirmware of file %s (error %d)\n",
735 sc->sc_dev.dv_xname, fwname, error);
736 return error;
737 }
738
739 if (size < sizeof(struct mtw_ucode_hdr)) {
740 printf("%s: firmware header too short\n",
741 sc->sc_dev.dv_xname);
742 goto fail;
743 }
744
745 fw = (const struct mtw_ucode *) ucode;
746 hdr = (const struct mtw_ucode_hdr *) &fw->hdr;
747
748 if (size < sizeof(struct mtw_ucode_hdr) + letoh32(hdr->ilm_len) +
749 letoh32(hdr->dlm_len)) {
750 printf("%s: firmware payload too short\n",
751 sc->sc_dev.dv_xname);
752 goto fail;
753 }
754
755 ilen = le32toh(hdr->ilm_len) - MTW_MCU_IVB_LEN;
756 dlen = le32toh(hdr->dlm_len);
757
758 if (ilen > size || dlen > size) {
759 printf("%s: firmware payload too large\n",
760 sc->sc_dev.dv_xname);
761 goto fail;
762 }
763
764 mtw_write(sc, MTW_FCE_PDMA, 0);
765 mtw_write(sc, MTW_FCE_PSE_CTRL, 0);
766 mtw_ucode_setup(sc);
767
768 if ((error = mtw_ucode_write(sc, fw->data, ilen, iofs)) != 0)
769 goto fail;
770 if (dlen > 0 && dofs > 0) {
771 if ((error = mtw_ucode_write(sc, fw->data + ilen,
772 dlen, dofs)) != 0)
773 goto fail;
774 }
775
776 /* write interrupt vectors */
777 if (sc->asic_ver == 0x7612) {
778 /* MT7612 */
779 if ((error = mtw_ucode_write(sc, fw->ivb,
780 MTW_MCU_IVB_LEN, 0x80000)) != 0)
781 goto fail;
782 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, 0x00095000);
783 mtw_write_ivb(sc, NULL, 0);
784 } else {
785 /* MT7601/MT7610 */
786 if ((error = mtw_write_ivb(sc, fw->ivb,
787 MTW_MCU_IVB_LEN)) != 0)
788 goto fail;
789 }
790
791 /* wait until microcontroller is ready */
792 usbd_delay_ms(sc->sc_udev, 10);
793
794 for (ntries = 0; ntries < 100; ntries++) {
795 if ((error = mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp)) != 0)
796 return error;
797 if (tmp & MTW_MCU_READY)
798 break;
799 usbd_delay_ms(sc->sc_udev, 100);
800 }
801
802 if (ntries == 100) {
803 printf("%s: timeout waiting for MCU to initialize\n",
804 sc->sc_dev.dv_xname);
805 error = ETIMEDOUT;
806 }
807
808 DPRINTF(("%s: loaded firmware ver %d.%d\n", sc->sc_dev.dv_xname,
809 le16toh(hdr->build_ver), le16toh(hdr->fw_ver)));
810 fail:
811 free(ucode, M_DEVBUF, size);
812 usbd_close_pipe(sc->txq[MTW_TXQ_MCU].pipeh);
813 sc->txq[MTW_TXQ_MCU].pipeh = NULL;
814 return error;
815 }
816
817 int
mtw_reset(struct mtw_softc * sc)818 mtw_reset(struct mtw_softc *sc)
819 {
820 usb_device_request_t req;
821
822 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
823 req.bRequest = MTW_RESET;
824 USETW(req.wValue, 1);
825 USETW(req.wIndex, 0);
826 USETW(req.wLength, 0);
827 return usbd_do_request(sc->sc_udev, &req, NULL);
828 }
829
830 int
mtw_read(struct mtw_softc * sc,uint16_t reg,uint32_t * val)831 mtw_read(struct mtw_softc *sc, uint16_t reg, uint32_t *val)
832 {
833 uint32_t tmp;
834 int error;
835
836 error = mtw_read_region_1(sc, reg,
837 (uint8_t *)&tmp, sizeof tmp);
838 if (error == 0)
839 *val = letoh32(tmp);
840 else
841 *val = 0xffffffff;
842 return error;
843 }
844
845 int
mtw_read_cfg(struct mtw_softc * sc,uint16_t reg,uint32_t * val)846 mtw_read_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t *val)
847 {
848 usb_device_request_t req;
849 uint32_t tmp;
850 int error;
851
852 req.bmRequestType = UT_READ_VENDOR_DEVICE;
853 req.bRequest = MTW_READ_CFG;
854 USETW(req.wValue, 0);
855 USETW(req.wIndex, reg);
856 USETW(req.wLength, 4);
857 error = usbd_do_request(sc->sc_udev, &req, &tmp);
858
859 if (error == 0)
860 *val = letoh32(tmp);
861 else
862 *val = 0xffffffff;
863 return error;
864 }
865
866 int
mtw_read_region_1(struct mtw_softc * sc,uint16_t reg,uint8_t * buf,int len)867 mtw_read_region_1(struct mtw_softc *sc, uint16_t reg,
868 uint8_t *buf, int len)
869 {
870 usb_device_request_t req;
871
872 req.bmRequestType = UT_READ_VENDOR_DEVICE;
873 req.bRequest = MTW_READ_REGION_1;
874 USETW(req.wValue, 0);
875 USETW(req.wIndex, reg);
876 USETW(req.wLength, len);
877 return usbd_do_request(sc->sc_udev, &req, buf);
878 }
879
880 int
mtw_write_2(struct mtw_softc * sc,uint16_t reg,uint16_t val)881 mtw_write_2(struct mtw_softc *sc, uint16_t reg, uint16_t val)
882 {
883 usb_device_request_t req;
884
885 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
886 req.bRequest = MTW_WRITE_2;
887 USETW(req.wValue, val);
888 USETW(req.wIndex, reg);
889 USETW(req.wLength, 0);
890 return usbd_do_request(sc->sc_udev, &req, NULL);
891 }
892
893 int
mtw_write(struct mtw_softc * sc,uint16_t reg,uint32_t val)894 mtw_write(struct mtw_softc *sc, uint16_t reg, uint32_t val)
895 {
896 int error;
897
898 if ((error = mtw_write_2(sc, reg, val & 0xffff)) == 0)
899 error = mtw_write_2(sc, reg + 2, val >> 16);
900 return error;
901 }
902
903 int
mtw_write_cfg(struct mtw_softc * sc,uint16_t reg,uint32_t val)904 mtw_write_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t val)
905 {
906 usb_device_request_t req;
907 int error;
908
909 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
910 req.bRequest = MTW_WRITE_CFG;
911 USETW(req.wValue, 0);
912 USETW(req.wIndex, reg);
913 USETW(req.wLength, 4);
914 val = htole32(val);
915 error = usbd_do_request(sc->sc_udev, &req, &val);
916 return error;
917 }
918
919 int
mtw_write_ivb(struct mtw_softc * sc,const uint8_t * buf,uint16_t len)920 mtw_write_ivb(struct mtw_softc *sc, const uint8_t *buf, uint16_t len)
921 {
922 usb_device_request_t req;
923
924 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
925 req.bRequest = MTW_RESET;
926 USETW(req.wValue, 0x12);
927 USETW(req.wIndex, 0);
928 USETW(req.wLength, len);
929 return usbd_do_request(sc->sc_udev, &req, (void *)buf);
930 }
931
932 int
mtw_write_region_1(struct mtw_softc * sc,uint16_t reg,uint8_t * buf,int len)933 mtw_write_region_1(struct mtw_softc *sc, uint16_t reg,
934 uint8_t *buf, int len)
935 {
936 usb_device_request_t req;
937
938 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
939 req.bRequest = MTW_WRITE_REGION_1;
940 USETW(req.wValue, 0);
941 USETW(req.wIndex, reg);
942 USETW(req.wLength, len);
943 return usbd_do_request(sc->sc_udev, &req, buf);
944 }
945
946 int
mtw_set_region_4(struct mtw_softc * sc,uint16_t reg,uint32_t val,int count)947 mtw_set_region_4(struct mtw_softc *sc, uint16_t reg, uint32_t val, int count)
948 {
949 int error = 0;
950
951 for (; count > 0 && error == 0; count--, reg += 4)
952 error = mtw_write(sc, reg, val);
953 return error;
954 }
955
956 /* Read 16-bit from eFUSE ROM. */
957 int
mtw_efuse_read_2(struct mtw_softc * sc,uint16_t addr,uint16_t * val)958 mtw_efuse_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val)
959 {
960 uint32_t tmp;
961 uint16_t reg;
962 int error, ntries;
963
964 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0)
965 return error;
966
967 addr *= 2;
968 /*
969 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
970 * DATA0: 3 2 1 0
971 * DATA1: 7 6 5 4
972 * DATA2: B A 9 8
973 * DATA3: F E D C
974 */
975 tmp &= ~(MTW_EFSROM_MODE_MASK | MTW_EFSROM_AIN_MASK);
976 tmp |= (addr & ~0xf) << MTW_EFSROM_AIN_SHIFT | MTW_EFSROM_KICK;
977 mtw_write(sc, MTW_EFUSE_CTRL, tmp);
978 for (ntries = 0; ntries < 100; ntries++) {
979 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0)
980 return error;
981 if (!(tmp & MTW_EFSROM_KICK))
982 break;
983 DELAY(2);
984 }
985 if (ntries == 100)
986 return ETIMEDOUT;
987
988 if ((tmp & MTW_EFUSE_AOUT_MASK) == MTW_EFUSE_AOUT_MASK) {
989 *val = 0xffff; /* address not found */
990 return 0;
991 }
992 /* determine to which 32-bit register our 16-bit word belongs */
993 reg = MTW_EFUSE_DATA0 + (addr & 0xc);
994 if ((error = mtw_read(sc, reg, &tmp)) != 0)
995 return error;
996
997 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff;
998 return 0;
999 }
1000
1001 int
mtw_eeprom_read_2(struct mtw_softc * sc,uint16_t addr,uint16_t * val)1002 mtw_eeprom_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val)
1003 {
1004 usb_device_request_t req;
1005 uint16_t tmp;
1006 int error;
1007
1008 addr *= 2;
1009 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1010 req.bRequest = MTW_EEPROM_READ;
1011 USETW(req.wValue, 0);
1012 USETW(req.wIndex, addr);
1013 USETW(req.wLength, sizeof tmp);
1014 error = usbd_do_request(sc->sc_udev, &req, &tmp);
1015 if (error == 0)
1016 *val = letoh16(tmp);
1017 else
1018 *val = 0xffff;
1019 return error;
1020 }
1021
1022 static __inline int
mtw_srom_read(struct mtw_softc * sc,uint16_t addr,uint16_t * val)1023 mtw_srom_read(struct mtw_softc *sc, uint16_t addr, uint16_t *val)
1024 {
1025 /* either eFUSE ROM or EEPROM */
1026 return sc->sc_srom_read(sc, addr, val);
1027 }
1028
1029 int
mtw_rf_read(struct mtw_softc * sc,uint8_t bank,uint8_t reg,uint8_t * val)1030 mtw_rf_read(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t *val)
1031 {
1032 uint32_t tmp;
1033 int error, ntries, shift;
1034
1035 for (ntries = 0; ntries < 100; ntries++) {
1036 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0)
1037 return error;
1038 if (!(tmp & MTW_RF_CSR_KICK))
1039 break;
1040 }
1041 if (ntries == 100)
1042 return ETIMEDOUT;
1043
1044 if (sc->mac_ver == 0x7601)
1045 shift = MT7601_BANK_SHIFT;
1046 else
1047 shift = MT7610_BANK_SHIFT;
1048
1049 tmp = MTW_RF_CSR_KICK | (bank & 0xf) << shift | reg << 8;
1050 if ((error = mtw_write(sc, MTW_RF_CSR, tmp)) != 0)
1051 return error;
1052
1053 for (ntries = 0; ntries < 100; ntries++) {
1054 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0)
1055 return error;
1056 if (!(tmp & MTW_RF_CSR_KICK))
1057 break;
1058 }
1059 if (ntries == 100)
1060 return ETIMEDOUT;
1061
1062 *val = tmp & 0xff;
1063 return 0;
1064 }
1065
1066 int
mtw_rf_write(struct mtw_softc * sc,uint8_t bank,uint8_t reg,uint8_t val)1067 mtw_rf_write(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t val)
1068 {
1069 uint32_t tmp;
1070 int error, ntries, shift;
1071
1072 for (ntries = 0; ntries < 10; ntries++) {
1073 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0)
1074 return error;
1075 if (!(tmp & MTW_RF_CSR_KICK))
1076 break;
1077 }
1078 if (ntries == 10)
1079 return ETIMEDOUT;
1080
1081 if (sc->mac_ver == 0x7601)
1082 shift = MT7601_BANK_SHIFT;
1083 else
1084 shift = MT7610_BANK_SHIFT;
1085
1086 tmp = MTW_RF_CSR_WRITE | MTW_RF_CSR_KICK | (bank & 0xf) << shift |
1087 reg << 8 | val;
1088 return mtw_write(sc, MTW_RF_CSR, tmp);
1089 }
1090
1091 int
mtw_bbp_read(struct mtw_softc * sc,uint8_t reg,uint8_t * val)1092 mtw_bbp_read(struct mtw_softc *sc, uint8_t reg, uint8_t *val)
1093 {
1094 uint32_t tmp;
1095 int ntries, error;
1096
1097 for (ntries = 0; ntries < 10; ntries++) {
1098 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0)
1099 return error;
1100 if (!(tmp & MTW_BBP_CSR_KICK))
1101 break;
1102 }
1103 if (ntries == 10)
1104 return ETIMEDOUT;
1105
1106 tmp = MTW_BBP_CSR_READ | MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT;
1107 if ((error = mtw_write(sc, MTW_BBP_CSR, tmp)) != 0)
1108 return error;
1109
1110 for (ntries = 0; ntries < 10; ntries++) {
1111 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0)
1112 return error;
1113 if (!(tmp & MTW_BBP_CSR_KICK))
1114 break;
1115 }
1116 if (ntries == 10)
1117 return ETIMEDOUT;
1118
1119 *val = tmp & 0xff;
1120 return 0;
1121 }
1122
1123 int
mtw_bbp_write(struct mtw_softc * sc,uint8_t reg,uint8_t val)1124 mtw_bbp_write(struct mtw_softc *sc, uint8_t reg, uint8_t val)
1125 {
1126 uint32_t tmp;
1127 int ntries, error;
1128
1129 for (ntries = 0; ntries < 10; ntries++) {
1130 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0)
1131 return error;
1132 if (!(tmp & MTW_BBP_CSR_KICK))
1133 break;
1134 }
1135 if (ntries == 10)
1136 return ETIMEDOUT;
1137
1138 tmp = MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT | val;
1139 return mtw_write(sc, MTW_BBP_CSR, tmp);
1140 }
1141
1142 int
mtw_usb_dma_read(struct mtw_softc * sc,uint32_t * val)1143 mtw_usb_dma_read(struct mtw_softc *sc, uint32_t *val)
1144 {
1145 if (sc->asic_ver == 0x7612)
1146 return mtw_read_cfg(sc, MTW_USB_U3DMA_CFG, val);
1147 else
1148 return mtw_read(sc, MTW_USB_DMA_CFG, val);
1149 }
1150
1151 int
mtw_usb_dma_write(struct mtw_softc * sc,uint32_t val)1152 mtw_usb_dma_write(struct mtw_softc *sc, uint32_t val)
1153 {
1154 if (sc->asic_ver == 0x7612)
1155 return mtw_write_cfg(sc, MTW_USB_U3DMA_CFG, val);
1156 else
1157 return mtw_write(sc, MTW_USB_DMA_CFG, val);
1158 }
1159
1160 int
mtw_mcu_calibrate(struct mtw_softc * sc,int func,uint32_t val)1161 mtw_mcu_calibrate(struct mtw_softc *sc, int func, uint32_t val)
1162 {
1163 struct mtw_mcu_cmd_8 cmd;
1164
1165 cmd.func = htole32(func);
1166 cmd.val = htole32(val);
1167 return mtw_mcu_cmd(sc, 31, &cmd, sizeof(struct mtw_mcu_cmd_8));
1168 }
1169
1170 int
mtw_mcu_channel(struct mtw_softc * sc,uint32_t r1,uint32_t r2,uint32_t r4)1171 mtw_mcu_channel(struct mtw_softc *sc, uint32_t r1, uint32_t r2, uint32_t r4)
1172 {
1173 struct mtw_mcu_cmd_16 cmd;
1174
1175 cmd.r1 = htole32(r1);
1176 cmd.r2 = htole32(r2);
1177 cmd.r3 = 0;
1178 cmd.r4 = htole32(r4);
1179 return mtw_mcu_cmd(sc, 30, &cmd, sizeof(struct mtw_mcu_cmd_16));
1180 }
1181
1182 int
mtw_mcu_radio(struct mtw_softc * sc,int func,uint32_t val)1183 mtw_mcu_radio(struct mtw_softc *sc, int func, uint32_t val)
1184 {
1185 struct mtw_mcu_cmd_16 cmd;
1186
1187 cmd.r1 = htole32(func);
1188 cmd.r2 = htole32(val);
1189 cmd.r3 = 0;
1190 cmd.r4 = 0;
1191 return mtw_mcu_cmd(sc, 20, &cmd, sizeof(struct mtw_mcu_cmd_16));
1192 }
1193
1194 int
mtw_mcu_cmd(struct mtw_softc * sc,int cmd,void * buf,int len)1195 mtw_mcu_cmd(struct mtw_softc *sc, int cmd, void *buf, int len)
1196 {
1197 struct mtw_tx_ring *ring = &sc->sc_mcu;
1198 struct mtw_tx_data *data = &ring->data[0];
1199 struct mtw_txd *txd;
1200 int xferlen;
1201
1202 txd = (struct mtw_txd *)(data->buf);
1203 txd->len = htole16(len);
1204 txd->flags = htole16(MTW_TXD_CMD | MTW_TXD_MCU |
1205 (cmd & 0x1f) << MTW_TXD_CMD_SHIFT | (sc->cmd_seq & 0xf));
1206
1207 memcpy(&txd[1], buf, len);
1208 memset(&txd[1] + len, 0, MTW_DMA_PAD);
1209 xferlen = len + sizeof(struct mtw_txd) + MTW_DMA_PAD;
1210
1211 usbd_setup_xfer(data->xfer, sc->txq[MTW_TXQ_MCU].pipeh,
1212 NULL, data->buf, xferlen,
1213 USBD_SHORT_XFER_OK | USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS,
1214 MTW_TX_TIMEOUT, NULL);
1215 return usbd_transfer(data->xfer);
1216 }
1217
1218 /*
1219 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1220 * Used to adjust per-rate Tx power registers.
1221 */
1222 static __inline uint32_t
b4inc(uint32_t b32,int8_t delta)1223 b4inc(uint32_t b32, int8_t delta)
1224 {
1225 int8_t i, b4;
1226
1227 for (i = 0; i < 8; i++) {
1228 b4 = b32 & 0xf;
1229 b4 += delta;
1230 if (b4 < 0)
1231 b4 = 0;
1232 else if (b4 > 0xf)
1233 b4 = 0xf;
1234 b32 = b32 >> 4 | b4 << 28;
1235 }
1236 return b32;
1237 }
1238
1239 const char *
mtw_get_rf(int rev)1240 mtw_get_rf(int rev)
1241 {
1242 switch (rev) {
1243 case MT7601_RF_7601: return "MT7601";
1244 case MT7610_RF_7610: return "MT7610";
1245 case MT7612_RF_7612: return "MT7612";
1246 }
1247 return "unknown";
1248 }
1249
1250 void
mtw_get_txpower(struct mtw_softc * sc)1251 mtw_get_txpower(struct mtw_softc *sc)
1252 {
1253 uint16_t val;
1254 int i;
1255
1256 /* Read power settings for 2GHz channels. */
1257 for (i = 0; i < 14; i += 2) {
1258 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1259 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1260 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1261 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1262 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1263 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1264 }
1265 /* Fix broken Tx power entries. */
1266 for (i = 0; i < 14; i++) {
1267 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1268 sc->txpow1[i] = 5;
1269 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1270 sc->txpow2[i] = 5;
1271 DPRINTF(("chan %d: power1=%d, power2=%d\n",
1272 mt7601_rf_chan[i].chan, sc->txpow1[i], sc->txpow2[i]));
1273 }
1274 #if 0
1275 /* Read power settings for 5GHz channels. */
1276 for (i = 0; i < 40; i += 2) {
1277 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1278 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1279 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1280
1281 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1282 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1283 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1284 }
1285 /* Fix broken Tx power entries. */
1286 for (i = 0; i < 40; i++ ) {
1287 if (sc->mac_ver != 0x5592) {
1288 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1289 sc->txpow1[14 + i] = 5;
1290 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1291 sc->txpow2[14 + i] = 5;
1292 }
1293 DPRINTF(("chan %d: power1=%d, power2=%d\n",
1294 mt7601_rf_chan[14 + i].chan, sc->txpow1[14 + i],
1295 sc->txpow2[14 + i]));
1296 }
1297 #endif
1298 }
1299
1300 int
mtw_read_eeprom(struct mtw_softc * sc)1301 mtw_read_eeprom(struct mtw_softc *sc)
1302 {
1303 struct ieee80211com *ic = &sc->sc_ic;
1304 int8_t delta_2ghz, delta_5ghz;
1305 uint16_t val;
1306 int ridx, ant;
1307
1308 sc->sc_srom_read = mtw_efuse_read_2;
1309
1310 /* read RF information */
1311 mtw_srom_read(sc, MTW_EEPROM_CHIPID, &val);
1312 sc->rf_rev = val;
1313 mtw_srom_read(sc, MTW_EEPROM_ANTENNA, &val);
1314 sc->ntxchains = (val >> 4) & 0xf;
1315 sc->nrxchains = val & 0xf;
1316 DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n",
1317 sc->rf_rev, sc->ntxchains, sc->nrxchains));
1318
1319 /* read ROM version */
1320 mtw_srom_read(sc, MTW_EEPROM_VERSION, &val);
1321 DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8));
1322
1323 /* read MAC address */
1324 mtw_srom_read(sc, MTW_EEPROM_MAC01, &val);
1325 ic->ic_myaddr[0] = val & 0xff;
1326 ic->ic_myaddr[1] = val >> 8;
1327 mtw_srom_read(sc, MTW_EEPROM_MAC23, &val);
1328 ic->ic_myaddr[2] = val & 0xff;
1329 ic->ic_myaddr[3] = val >> 8;
1330 mtw_srom_read(sc, MTW_EEPROM_MAC45, &val);
1331 ic->ic_myaddr[4] = val & 0xff;
1332 ic->ic_myaddr[5] = val >> 8;
1333 #if 0
1334 printf("eFUSE ROM\n00: ");
1335 for (int i = 0; i < 256; i++) {
1336 if (((i % 8) == 0) && i > 0)
1337 printf("\n%02x: ", i);
1338 mtw_srom_read(sc, i, &val);
1339 printf(" %04x", val);
1340 }
1341 printf("\n");
1342 #endif
1343 /* check if RF supports automatic Tx access gain control */
1344 mtw_srom_read(sc, MTW_EEPROM_CONFIG, &val);
1345 DPRINTF(("EEPROM CFG 0x%04x\n", val));
1346 if ((val & 0xff) != 0xff) {
1347 sc->ext_5ghz_lna = (val >> 3) & 1;
1348 sc->ext_2ghz_lna = (val >> 2) & 1;
1349 /* check if RF supports automatic Tx access gain control */
1350 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1351 /* check if we have a hardware radio switch */
1352 sc->rfswitch = val & 1;
1353 }
1354
1355 /* read RF frequency offset from EEPROM */
1356 mtw_srom_read(sc, MTW_EEPROM_FREQ_OFFSET, &val);
1357 if ((val & 0xff) != 0xff)
1358 sc->rf_freq_offset = val;
1359 else
1360 sc->rf_freq_offset = 0;
1361 DPRINTF(("frequency offset 0x%x\n", sc->rf_freq_offset));
1362
1363 /* Read Tx power settings. */
1364 mtw_get_txpower(sc);
1365
1366 /* read Tx power compensation for each Tx rate */
1367 mtw_srom_read(sc, MTW_EEPROM_DELTAPWR, &val);
1368 delta_2ghz = delta_5ghz = 0;
1369 if ((val & 0xff) != 0xff && (val & 0x80)) {
1370 delta_2ghz = val & 0xf;
1371 if (!(val & 0x40)) /* negative number */
1372 delta_2ghz = -delta_2ghz;
1373 }
1374 val >>= 8;
1375 if ((val & 0xff) != 0xff && (val & 0x80)) {
1376 delta_5ghz = val & 0xf;
1377 if (!(val & 0x40)) /* negative number */
1378 delta_5ghz = -delta_5ghz;
1379 }
1380 DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n",
1381 delta_2ghz, delta_5ghz));
1382
1383 for (ridx = 0; ridx < 5; ridx++) {
1384 uint32_t reg;
1385
1386 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2, &val);
1387 reg = val;
1388 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2 + 1, &val);
1389 reg |= (uint32_t)val << 16;
1390
1391 sc->txpow20mhz[ridx] = reg;
1392 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1393 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1394
1395 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1396 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1397 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]));
1398 }
1399
1400 /* read RSSI offsets and LNA gains from EEPROM */
1401 val = 0;
1402 mtw_srom_read(sc, MTW_EEPROM_RSSI1_2GHZ, &val);
1403 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1404 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1405 mtw_srom_read(sc, MTW_EEPROM_RSSI2_2GHZ, &val);
1406 /*
1407 * On RT3070 chips (limited to 2 Rx chains), this ROM
1408 * field contains the Tx mixer gain for the 2GHz band.
1409 */
1410 if ((val & 0xff) != 0xff)
1411 sc->txmixgain_2ghz = val & 0x7;
1412 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz));
1413 sc->lna[2] = val >> 8; /* channel group 2 */
1414 mtw_srom_read(sc, MTW_EEPROM_RSSI1_5GHZ, &val);
1415 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1416 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1417 mtw_srom_read(sc, MTW_EEPROM_RSSI2_5GHZ, &val);
1418 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1419
1420 sc->lna[3] = val >> 8; /* channel group 3 */
1421
1422 mtw_srom_read(sc, MTW_EEPROM_LNA, &val);
1423 sc->lna[0] = val & 0xff; /* channel group 0 */
1424 sc->lna[1] = val >> 8; /* channel group 1 */
1425 DPRINTF(("LNA0 0x%x\n", sc->lna[0]));
1426
1427 /* fix broken 5GHz LNA entries */
1428 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1429 DPRINTF(("invalid LNA for channel group %d\n", 2));
1430 sc->lna[2] = sc->lna[1];
1431 }
1432 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1433 DPRINTF(("invalid LNA for channel group %d\n", 3));
1434 sc->lna[3] = sc->lna[1];
1435 }
1436
1437 /* fix broken RSSI offset entries */
1438 for (ant = 0; ant < 3; ant++) {
1439 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1440 DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n",
1441 ant + 1, sc->rssi_2ghz[ant]));
1442 sc->rssi_2ghz[ant] = 0;
1443 }
1444 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1445 DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n",
1446 ant + 1, sc->rssi_5ghz[ant]));
1447 sc->rssi_5ghz[ant] = 0;
1448 }
1449 }
1450 return 0;
1451 }
1452
1453 struct ieee80211_node *
mtw_node_alloc(struct ieee80211com * ic)1454 mtw_node_alloc(struct ieee80211com *ic)
1455 {
1456 struct mtw_node *mn;
1457
1458 mn = malloc(sizeof (struct mtw_node), M_USBDEV, M_NOWAIT | M_ZERO);
1459 return (struct ieee80211_node *)mn;
1460 }
1461
1462 int
mtw_media_change(struct ifnet * ifp)1463 mtw_media_change(struct ifnet *ifp)
1464 {
1465 struct mtw_softc *sc = ifp->if_softc;
1466 struct ieee80211com *ic = &sc->sc_ic;
1467 uint8_t rate, ridx;
1468 int error;
1469
1470 error = ieee80211_media_change(ifp);
1471 if (error != ENETRESET)
1472 return error;
1473
1474 if (ic->ic_fixed_rate != -1) {
1475 rate = ic->ic_sup_rates[ic->ic_curmode].
1476 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL;
1477 for (ridx = 0; ridx <= MTW_RIDX_MAX; ridx++)
1478 if (rt2860_rates[ridx].rate == rate)
1479 break;
1480 sc->fixed_ridx = ridx;
1481 }
1482
1483 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1484 (IFF_UP | IFF_RUNNING)) {
1485 mtw_stop(ifp, 0);
1486 error = mtw_init(ifp);
1487 }
1488 return error;
1489 }
1490
1491 void
mtw_next_scan(void * arg)1492 mtw_next_scan(void *arg)
1493 {
1494 struct mtw_softc *sc = arg;
1495 int s;
1496
1497 if (usbd_is_dying(sc->sc_udev))
1498 return;
1499
1500 usbd_ref_incr(sc->sc_udev);
1501
1502 s = splnet();
1503 if (sc->sc_ic.ic_state == IEEE80211_S_SCAN)
1504 ieee80211_next_scan(&sc->sc_ic.ic_if);
1505 splx(s);
1506
1507 usbd_ref_decr(sc->sc_udev);
1508 }
1509
1510 void
mtw_task(void * arg)1511 mtw_task(void *arg)
1512 {
1513 struct mtw_softc *sc = arg;
1514 struct mtw_host_cmd_ring *ring = &sc->cmdq;
1515 struct mtw_host_cmd *cmd;
1516 int s;
1517
1518 if (usbd_is_dying(sc->sc_udev))
1519 return;
1520
1521 /* process host commands */
1522 s = splusb();
1523 while (ring->next != ring->cur) {
1524 cmd = &ring->cmd[ring->next];
1525 splx(s);
1526 /* callback */
1527 cmd->cb(sc, cmd->data);
1528 s = splusb();
1529 ring->queued--;
1530 ring->next = (ring->next + 1) % MTW_HOST_CMD_RING_COUNT;
1531 }
1532 splx(s);
1533 }
1534
1535 void
mtw_do_async(struct mtw_softc * sc,void (* cb)(struct mtw_softc *,void *),void * arg,int len)1536 mtw_do_async(struct mtw_softc *sc, void (*cb)(struct mtw_softc *, void *),
1537 void *arg, int len)
1538 {
1539 struct mtw_host_cmd_ring *ring = &sc->cmdq;
1540 struct mtw_host_cmd *cmd;
1541 int s;
1542
1543 if (usbd_is_dying(sc->sc_udev))
1544 return;
1545
1546 s = splusb();
1547 cmd = &ring->cmd[ring->cur];
1548 cmd->cb = cb;
1549 KASSERT(len <= sizeof (cmd->data));
1550 memcpy(cmd->data, arg, len);
1551 ring->cur = (ring->cur + 1) % MTW_HOST_CMD_RING_COUNT;
1552
1553 /* if there is no pending command already, schedule a task */
1554 if (++ring->queued == 1)
1555 usb_add_task(sc->sc_udev, &sc->sc_task);
1556 splx(s);
1557 }
1558
1559 int
mtw_newstate(struct ieee80211com * ic,enum ieee80211_state nstate,int arg)1560 mtw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1561 {
1562 struct mtw_softc *sc = ic->ic_softc;
1563 struct mtw_cmd_newstate cmd;
1564
1565 /* do it in a process context */
1566 cmd.state = nstate;
1567 cmd.arg = arg;
1568 mtw_do_async(sc, mtw_newstate_cb, &cmd, sizeof cmd);
1569 return 0;
1570 }
1571
1572 void
mtw_newstate_cb(struct mtw_softc * sc,void * arg)1573 mtw_newstate_cb(struct mtw_softc *sc, void *arg)
1574 {
1575 struct mtw_cmd_newstate *cmd = arg;
1576 struct ieee80211com *ic = &sc->sc_ic;
1577 enum ieee80211_state ostate;
1578 struct ieee80211_node *ni;
1579 uint32_t sta[3];
1580 uint8_t wcid;
1581 int s;
1582
1583 s = splnet();
1584 ostate = ic->ic_state;
1585
1586 if (ostate == IEEE80211_S_RUN) {
1587 /* turn link LED on */
1588 mtw_set_leds(sc, MTW_LED_MODE_ON);
1589 }
1590
1591 switch (cmd->state) {
1592 case IEEE80211_S_INIT:
1593 if (ostate == IEEE80211_S_RUN) {
1594 /* abort TSF synchronization */
1595 mtw_abort_tsf_sync(sc);
1596 }
1597 break;
1598
1599 case IEEE80211_S_SCAN:
1600 mtw_set_chan(sc, ic->ic_bss->ni_chan);
1601 if (!usbd_is_dying(sc->sc_udev))
1602 timeout_add_msec(&sc->scan_to, 200);
1603 break;
1604
1605 case IEEE80211_S_AUTH:
1606 case IEEE80211_S_ASSOC:
1607 mtw_set_chan(sc, ic->ic_bss->ni_chan);
1608 break;
1609
1610 case IEEE80211_S_RUN:
1611 mtw_set_chan(sc, ic->ic_bss->ni_chan);
1612
1613 ni = ic->ic_bss;
1614
1615 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1616 mtw_updateslot(ic);
1617 mtw_enable_mrr(sc);
1618 mtw_set_txpreamble(sc);
1619 mtw_set_basicrates(sc);
1620 mtw_set_bssid(sc, ni->ni_bssid);
1621 }
1622 if (ic->ic_opmode == IEEE80211_M_STA) {
1623 /* add BSS entry to the WCID table */
1624 wcid = MTW_AID2WCID(ni->ni_associd);
1625 mtw_write_region_1(sc, MTW_WCID_ENTRY(wcid),
1626 ni->ni_macaddr, IEEE80211_ADDR_LEN);
1627
1628 /* fake a join to init the tx rate */
1629 mtw_newassoc(ic, ni, 1);
1630 }
1631 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1632 mtw_enable_tsf_sync(sc);
1633
1634 /* clear statistic registers used by AMRR */
1635 mtw_read_region_1(sc, MTW_TX_STA_CNT0,
1636 (uint8_t *)sta, sizeof sta);
1637 /* start calibration timer */
1638 if (!usbd_is_dying(sc->sc_udev))
1639 timeout_add_sec(&sc->calib_to, 1);
1640 }
1641
1642 /* turn link LED on */
1643 mtw_set_leds(sc, MTW_LED_MODE_BLINK_TX);
1644 break;
1645 }
1646 (void)sc->sc_newstate(ic, cmd->state, cmd->arg);
1647 splx(s);
1648 }
1649
1650 void
mtw_updateedca(struct ieee80211com * ic)1651 mtw_updateedca(struct ieee80211com *ic)
1652 {
1653 /* do it in a process context */
1654 mtw_do_async(ic->ic_softc, mtw_updateedca_cb, NULL, 0);
1655 }
1656
1657 void
mtw_updateedca_cb(struct mtw_softc * sc,void * arg)1658 mtw_updateedca_cb(struct mtw_softc *sc, void *arg)
1659 {
1660 struct ieee80211com *ic = &sc->sc_ic;
1661 int s, aci;
1662
1663 s = splnet();
1664 /* update MAC TX configuration registers */
1665 for (aci = 0; aci < EDCA_NUM_AC; aci++) {
1666 mtw_write(sc, MTW_EDCA_AC_CFG(aci),
1667 ic->ic_edca_ac[aci].ac_ecwmax << 16 |
1668 ic->ic_edca_ac[aci].ac_ecwmin << 12 |
1669 ic->ic_edca_ac[aci].ac_aifsn << 8 |
1670 ic->ic_edca_ac[aci].ac_txoplimit);
1671 }
1672
1673 /* update SCH/DMA registers too */
1674 mtw_write(sc, MTW_WMM_AIFSN_CFG,
1675 ic->ic_edca_ac[EDCA_AC_VO].ac_aifsn << 12 |
1676 ic->ic_edca_ac[EDCA_AC_VI].ac_aifsn << 8 |
1677 ic->ic_edca_ac[EDCA_AC_BK].ac_aifsn << 4 |
1678 ic->ic_edca_ac[EDCA_AC_BE].ac_aifsn);
1679 mtw_write(sc, MTW_WMM_CWMIN_CFG,
1680 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmin << 12 |
1681 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmin << 8 |
1682 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmin << 4 |
1683 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmin);
1684 mtw_write(sc, MTW_WMM_CWMAX_CFG,
1685 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmax << 12 |
1686 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmax << 8 |
1687 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmax << 4 |
1688 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmax);
1689 mtw_write(sc, MTW_WMM_TXOP0_CFG,
1690 ic->ic_edca_ac[EDCA_AC_BK].ac_txoplimit << 16 |
1691 ic->ic_edca_ac[EDCA_AC_BE].ac_txoplimit);
1692 mtw_write(sc, MTW_WMM_TXOP1_CFG,
1693 ic->ic_edca_ac[EDCA_AC_VO].ac_txoplimit << 16 |
1694 ic->ic_edca_ac[EDCA_AC_VI].ac_txoplimit);
1695 splx(s);
1696 }
1697
1698 void
mtw_updateslot(struct ieee80211com * ic)1699 mtw_updateslot(struct ieee80211com *ic)
1700 {
1701 /* do it in a process context */
1702 mtw_do_async(ic->ic_softc, mtw_updateslot_cb, NULL, 0);
1703 }
1704
1705 void
mtw_updateslot_cb(struct mtw_softc * sc,void * arg)1706 mtw_updateslot_cb(struct mtw_softc *sc, void *arg)
1707 {
1708 uint32_t tmp;
1709
1710 mtw_read(sc, MTW_BKOFF_SLOT_CFG, &tmp);
1711 tmp &= ~0xff;
1712 tmp |= (sc->sc_ic.ic_flags & IEEE80211_F_SHSLOT) ?
1713 IEEE80211_DUR_DS_SHSLOT : IEEE80211_DUR_DS_SLOT;
1714 mtw_write(sc, MTW_BKOFF_SLOT_CFG, tmp);
1715 }
1716
1717 int
mtw_set_key(struct ieee80211com * ic,struct ieee80211_node * ni,struct ieee80211_key * k)1718 mtw_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
1719 struct ieee80211_key *k)
1720 {
1721 struct mtw_softc *sc = ic->ic_softc;
1722 struct mtw_cmd_key cmd;
1723
1724 /* defer setting of WEP keys until interface is brought up */
1725 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) !=
1726 (IFF_UP | IFF_RUNNING))
1727 return 0;
1728
1729 /* do it in a process context */
1730 cmd.key = *k;
1731 cmd.ni = ni;
1732 mtw_do_async(sc, mtw_set_key_cb, &cmd, sizeof cmd);
1733 sc->sc_key_tasks++;
1734 return EBUSY;
1735 }
1736
1737 void
mtw_set_key_cb(struct mtw_softc * sc,void * arg)1738 mtw_set_key_cb(struct mtw_softc *sc, void *arg)
1739 {
1740 struct ieee80211com *ic = &sc->sc_ic;
1741 struct mtw_cmd_key *cmd = arg;
1742 struct ieee80211_key *k = &cmd->key;
1743 uint32_t attr;
1744 uint16_t base;
1745 uint8_t mode, wcid, iv[8];
1746
1747 sc->sc_key_tasks--;
1748
1749 /* map net80211 cipher to RT2860 security mode */
1750 switch (k->k_cipher) {
1751 case IEEE80211_CIPHER_WEP40:
1752 mode = MTW_MODE_WEP40;
1753 break;
1754 case IEEE80211_CIPHER_WEP104:
1755 mode = MTW_MODE_WEP104;
1756 break;
1757 case IEEE80211_CIPHER_TKIP:
1758 mode = MTW_MODE_TKIP;
1759 break;
1760 case IEEE80211_CIPHER_CCMP:
1761 mode = MTW_MODE_AES_CCMP;
1762 break;
1763 default:
1764 if (cmd->ni != NULL) {
1765 IEEE80211_SEND_MGMT(ic, cmd->ni,
1766 IEEE80211_FC0_SUBTYPE_DEAUTH,
1767 IEEE80211_REASON_AUTH_LEAVE);
1768 }
1769 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
1770 return;
1771 }
1772
1773 if (k->k_flags & IEEE80211_KEY_GROUP) {
1774 wcid = 0; /* NB: update WCID0 for group keys */
1775 base = MTW_SKEY(0, k->k_id);
1776 } else {
1777 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0;
1778 base = MTW_PKEY(wcid);
1779 }
1780
1781 if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
1782 mtw_write_region_1(sc, base, k->k_key, 16);
1783 mtw_write_region_1(sc, base + 16, &k->k_key[24], 8);
1784 mtw_write_region_1(sc, base + 24, &k->k_key[16], 8);
1785 } else {
1786 /* roundup len to 16-bit: XXX fix write_region_1() instead */
1787 mtw_write_region_1(sc, base, k->k_key, (k->k_len + 1) & ~1);
1788 }
1789
1790 if (!(k->k_flags & IEEE80211_KEY_GROUP) ||
1791 (k->k_flags & IEEE80211_KEY_TX)) {
1792 /* set initial packet number in IV+EIV */
1793 if (k->k_cipher == IEEE80211_CIPHER_WEP40 ||
1794 k->k_cipher == IEEE80211_CIPHER_WEP104) {
1795 memset(iv, 0, sizeof iv);
1796 iv[3] = sc->sc_ic.ic_def_txkey << 6;
1797 } else {
1798 if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
1799 iv[0] = k->k_tsc >> 8;
1800 iv[1] = (iv[0] | 0x20) & 0x7f;
1801 iv[2] = k->k_tsc;
1802 } else /* CCMP */ {
1803 iv[0] = k->k_tsc;
1804 iv[1] = k->k_tsc >> 8;
1805 iv[2] = 0;
1806 }
1807 iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV;
1808 iv[4] = k->k_tsc >> 16;
1809 iv[5] = k->k_tsc >> 24;
1810 iv[6] = k->k_tsc >> 32;
1811 iv[7] = k->k_tsc >> 40;
1812 }
1813 mtw_write_region_1(sc, MTW_IVEIV(wcid), iv, 8);
1814 }
1815
1816 if (k->k_flags & IEEE80211_KEY_GROUP) {
1817 /* install group key */
1818 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr);
1819 attr &= ~(0xf << (k->k_id * 4));
1820 attr |= mode << (k->k_id * 4);
1821 mtw_write(sc, MTW_SKEY_MODE_0_7, attr);
1822
1823 if (k->k_cipher & (IEEE80211_CIPHER_WEP104 |
1824 IEEE80211_CIPHER_WEP40)) {
1825 mtw_read(sc, MTW_WCID_ATTR(wcid + 1), &attr);
1826 attr = (attr & ~0xf) | (mode << 1);
1827 mtw_write(sc, MTW_WCID_ATTR(wcid + 1), attr);
1828
1829 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 4);
1830
1831 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr);
1832 attr = (attr & ~0xf) | (mode << 1);
1833 mtw_write(sc, MTW_WCID_ATTR(wcid), attr);
1834 }
1835 } else {
1836 /* install pairwise key */
1837 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr);
1838 attr = (attr & ~0xf) | (mode << 1) | MTW_RX_PKEY_EN;
1839 mtw_write(sc, MTW_WCID_ATTR(wcid), attr);
1840 }
1841
1842 if (sc->sc_key_tasks == 0) {
1843 if (cmd->ni != NULL)
1844 cmd->ni->ni_port_valid = 1;
1845 ieee80211_set_link_state(ic, LINK_STATE_UP);
1846 }
1847 }
1848
1849 void
mtw_delete_key(struct ieee80211com * ic,struct ieee80211_node * ni,struct ieee80211_key * k)1850 mtw_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
1851 struct ieee80211_key *k)
1852 {
1853 struct mtw_softc *sc = ic->ic_softc;
1854 struct mtw_cmd_key cmd;
1855
1856 if (!(ic->ic_if.if_flags & IFF_RUNNING) ||
1857 ic->ic_state != IEEE80211_S_RUN)
1858 return; /* nothing to do */
1859
1860 /* do it in a process context */
1861 cmd.key = *k;
1862 cmd.ni = ni;
1863 mtw_do_async(sc, mtw_delete_key_cb, &cmd, sizeof cmd);
1864 }
1865
1866 void
mtw_delete_key_cb(struct mtw_softc * sc,void * arg)1867 mtw_delete_key_cb(struct mtw_softc *sc, void *arg)
1868 {
1869 struct mtw_cmd_key *cmd = arg;
1870 struct ieee80211_key *k = &cmd->key;
1871 uint32_t attr;
1872 uint8_t wcid;
1873
1874 if (k->k_flags & IEEE80211_KEY_GROUP) {
1875 /* remove group key */
1876 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr);
1877 attr &= ~(0xf << (k->k_id * 4));
1878 mtw_write(sc, MTW_SKEY_MODE_0_7, attr);
1879
1880 } else {
1881 /* remove pairwise key */
1882 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0;
1883 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr);
1884 attr &= ~0xf;
1885 mtw_write(sc, MTW_WCID_ATTR(wcid), attr);
1886 }
1887 }
1888
1889 void
mtw_calibrate_to(void * arg)1890 mtw_calibrate_to(void *arg)
1891 {
1892 /* do it in a process context */
1893 mtw_do_async(arg, mtw_calibrate_cb, NULL, 0);
1894 /* next timeout will be rescheduled in the calibration task */
1895 }
1896
1897 void
mtw_calibrate_cb(struct mtw_softc * sc,void * arg)1898 mtw_calibrate_cb(struct mtw_softc *sc, void *arg)
1899 {
1900 struct ifnet *ifp = &sc->sc_ic.ic_if;
1901 uint32_t sta[3];
1902 int s, error;
1903
1904 /* read statistic counters (clear on read) and update AMRR state */
1905 error = mtw_read_region_1(sc, MTW_TX_STA_CNT0, (uint8_t *)sta,
1906 sizeof sta);
1907 if (error != 0)
1908 goto skip;
1909
1910 DPRINTF(("retrycnt=%d txcnt=%d failcnt=%d\n",
1911 letoh32(sta[1]) >> 16, letoh32(sta[1]) & 0xffff,
1912 letoh32(sta[0]) & 0xffff));
1913
1914 s = splnet();
1915 /* count failed TX as errors */
1916 ifp->if_oerrors += letoh32(sta[0]) & 0xffff;
1917
1918 sc->amn.amn_retrycnt =
1919 (letoh32(sta[0]) & 0xffff) + /* failed TX count */
1920 (letoh32(sta[1]) >> 16); /* TX retransmission count */
1921
1922 sc->amn.amn_txcnt =
1923 sc->amn.amn_retrycnt +
1924 (letoh32(sta[1]) & 0xffff); /* successful TX count */
1925
1926 ieee80211_amrr_choose(&sc->amrr, sc->sc_ic.ic_bss, &sc->amn);
1927
1928 splx(s);
1929 skip:
1930 if (!usbd_is_dying(sc->sc_udev))
1931 timeout_add_sec(&sc->calib_to, 1);
1932 }
1933
1934 void
mtw_newassoc(struct ieee80211com * ic,struct ieee80211_node * ni,int isnew)1935 mtw_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew)
1936 {
1937 struct mtw_softc *sc = ic->ic_softc;
1938 struct mtw_node *mn = (void *)ni;
1939 struct ieee80211_rateset *rs = &ni->ni_rates;
1940 uint8_t rate;
1941 int ridx, i, j;
1942
1943 DPRINTF(("new assoc isnew=%d addr=%s\n",
1944 isnew, ether_sprintf(ni->ni_macaddr)));
1945
1946 ieee80211_amrr_node_init(&sc->amrr, &sc->amn);
1947
1948 /* start at lowest available bit-rate, AMRR will raise */
1949 ni->ni_txrate = 0;
1950
1951 for (i = 0; i < rs->rs_nrates; i++) {
1952 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
1953 /* convert 802.11 rate to hardware rate index */
1954 for (ridx = 0; ridx < MTW_RIDX_MAX; ridx++)
1955 if (rt2860_rates[ridx].rate == rate)
1956 break;
1957 mn->ridx[i] = ridx;
1958 /* determine rate of control response frames */
1959 for (j = i; j >= 0; j--) {
1960 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
1961 rt2860_rates[mn->ridx[i]].phy ==
1962 rt2860_rates[mn->ridx[j]].phy)
1963 break;
1964 }
1965 if (j >= 0) {
1966 mn->ctl_ridx[i] = mn->ridx[j];
1967 } else {
1968 /* no basic rate found, use mandatory one */
1969 mn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
1970 }
1971 DPRINTF(("rate=0x%02x ridx=%d ctl_ridx=%d\n",
1972 rs->rs_rates[i], mn->ridx[i], mn->ctl_ridx[i]));
1973 }
1974 }
1975
1976 /*
1977 * Return the Rx chain with the highest RSSI for a given frame.
1978 */
1979 static __inline uint8_t
mtw_maxrssi_chain(struct mtw_softc * sc,const struct mtw_rxwi * rxwi)1980 mtw_maxrssi_chain(struct mtw_softc *sc, const struct mtw_rxwi *rxwi)
1981 {
1982 uint8_t rxchain = 0;
1983
1984 if (sc->nrxchains > 1) {
1985 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
1986 rxchain = 1;
1987 }
1988 return rxchain;
1989 }
1990
1991 void
mtw_rx_frame(struct mtw_softc * sc,uint8_t * buf,int dmalen,struct mbuf_list * ml)1992 mtw_rx_frame(struct mtw_softc *sc, uint8_t *buf, int dmalen,
1993 struct mbuf_list *ml)
1994 {
1995 struct ieee80211com *ic = &sc->sc_ic;
1996 struct ifnet *ifp = &ic->ic_if;
1997 struct ieee80211_frame *wh;
1998 struct ieee80211_rxinfo rxi;
1999 struct ieee80211_node *ni;
2000 struct mtw_rxwi *rxwi;
2001 struct mbuf *m;
2002 uint32_t flags;
2003 uint16_t len;
2004 #if NBPFILTER > 0
2005 uint16_t phy;
2006 #endif
2007 uint16_t rxwisize;
2008 uint8_t ant, rssi;
2009 int s;
2010
2011 /* Rx Wireless Information */
2012 rxwi = (struct mtw_rxwi *)(buf);
2013 rxwisize = sizeof(struct mtw_rxwi);
2014 len = letoh16(rxwi->len) & 0xfff;
2015
2016 if (__predict_false(len > dmalen)) {
2017 DPRINTF(("bad RXWI length %u > %u\n", len, dmalen));
2018 return;
2019 }
2020 if (len > MCLBYTES) {
2021 DPRINTF(("frame too large (length=%d)\n", len));
2022 ifp->if_ierrors++;
2023 return;
2024 }
2025
2026 flags = letoh32(rxwi->flags);
2027 if (__predict_false(flags & (MTW_RX_CRCERR | MTW_RX_ICVERR))) {
2028 ifp->if_ierrors++;
2029 return;
2030 }
2031 if (__predict_false((flags & MTW_RX_MICERR))) {
2032 /* report MIC failures to net80211 for TKIP */
2033 ic->ic_stats.is_rx_locmicfail++;
2034 ieee80211_michael_mic_failure(ic, 0/* XXX */);
2035 ifp->if_ierrors++;
2036 return;
2037 }
2038
2039 wh = (struct ieee80211_frame *)(buf + rxwisize);
2040 memset(&rxi, 0, sizeof(rxi));
2041 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2042 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2043 rxi.rxi_flags |= IEEE80211_RXI_HWDEC;
2044 }
2045
2046 if (flags & MTW_RX_L2PAD) {
2047 u_int hdrlen = ieee80211_get_hdrlen(wh);
2048 memmove((caddr_t)wh + 2, wh, hdrlen);
2049 wh = (struct ieee80211_frame *)((caddr_t)wh + 2);
2050 }
2051
2052 /* could use m_devget but net80211 wants contig mgmt frames */
2053 MGETHDR(m, M_DONTWAIT, MT_DATA);
2054 if (__predict_false(m == NULL)) {
2055 ifp->if_ierrors++;
2056 return;
2057 }
2058 if (len > MHLEN) {
2059 MCLGET(m, M_DONTWAIT);
2060 if (__predict_false(!(m->m_flags & M_EXT))) {
2061 ifp->if_ierrors++;
2062 m_freem(m);
2063 return;
2064 }
2065 }
2066 /* finalize mbuf */
2067 memcpy(mtod(m, caddr_t), wh, len);
2068 m->m_pkthdr.len = m->m_len = len;
2069
2070 ant = mtw_maxrssi_chain(sc, rxwi);
2071 rssi = rxwi->rssi[ant];
2072
2073 #if NBPFILTER > 0
2074 if (__predict_false(sc->sc_drvbpf != NULL)) {
2075 struct mtw_rx_radiotap_header *tap = &sc->sc_rxtap;
2076 struct mbuf mb;
2077
2078 tap->wr_flags = 0;
2079 tap->wr_chan_freq = htole16(ic->ic_ibss_chan->ic_freq);
2080 tap->wr_chan_flags = htole16(ic->ic_ibss_chan->ic_flags);
2081 tap->wr_antsignal = rssi;
2082 tap->wr_antenna = ant;
2083 tap->wr_dbm_antsignal = mtw_rssi2dbm(sc, rssi, ant);
2084 tap->wr_rate = 2; /* in case it can't be found below */
2085 phy = letoh16(rxwi->phy);
2086 switch (phy >> MT7601_PHY_SHIFT) {
2087 case MTW_PHY_CCK:
2088 switch ((phy & MTW_PHY_MCS) & ~MTW_PHY_SHPRE) {
2089 case 0: tap->wr_rate = 2; break;
2090 case 1: tap->wr_rate = 4; break;
2091 case 2: tap->wr_rate = 11; break;
2092 case 3: tap->wr_rate = 22; break;
2093 }
2094 if (phy & MTW_PHY_SHPRE)
2095 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2096 break;
2097 case MTW_PHY_OFDM:
2098 switch (phy & MTW_PHY_MCS) {
2099 case 0: tap->wr_rate = 12; break;
2100 case 1: tap->wr_rate = 18; break;
2101 case 2: tap->wr_rate = 24; break;
2102 case 3: tap->wr_rate = 36; break;
2103 case 4: tap->wr_rate = 48; break;
2104 case 5: tap->wr_rate = 72; break;
2105 case 6: tap->wr_rate = 96; break;
2106 case 7: tap->wr_rate = 108; break;
2107 }
2108 break;
2109 }
2110 mb.m_data = (caddr_t)tap;
2111 mb.m_len = sc->sc_rxtap_len;
2112 mb.m_next = m;
2113 mb.m_nextpkt = NULL;
2114 mb.m_type = 0;
2115 mb.m_flags = 0;
2116 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN);
2117 }
2118 #endif
2119
2120 s = splnet();
2121 ni = ieee80211_find_rxnode(ic, wh);
2122 rxi.rxi_rssi = rssi;
2123 ieee80211_inputm(ifp, m, ni, &rxi, ml);
2124
2125 /* node is no longer needed */
2126 ieee80211_release_node(ic, ni);
2127 splx(s);
2128 }
2129
2130 void
mtw_rxeof(struct usbd_xfer * xfer,void * priv,usbd_status status)2131 mtw_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
2132 {
2133 struct mbuf_list ml = MBUF_LIST_INITIALIZER();
2134 struct mtw_rx_data *data = priv;
2135 struct mtw_softc *sc = data->sc;
2136 uint8_t *buf;
2137 uint32_t dmalen;
2138 int xferlen;
2139
2140 if (__predict_false(status != USBD_NORMAL_COMPLETION)) {
2141 DPRINTF(("RX status=%d\n", status));
2142 if (status == USBD_STALLED)
2143 usbd_clear_endpoint_stall_async(sc->rxq[0].pipeh);
2144 if (status != USBD_CANCELLED)
2145 goto skip;
2146 return;
2147 }
2148
2149 usbd_get_xfer_status(xfer, NULL, NULL, &xferlen, NULL);
2150
2151 if (__predict_false(xferlen < sizeof(uint32_t) +
2152 sizeof (struct mtw_rxwi) + sizeof(struct mtw_rxd))) {
2153 DPRINTF(("RX xfer too short %d\n", xferlen));
2154 goto skip;
2155 }
2156
2157 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2158 buf = data->buf;
2159 while (xferlen > 8) {
2160 dmalen = letoh32(*(uint32_t *)buf) & MTW_RXD_LEN;
2161 if (__predict_false(dmalen == 0 || (dmalen & 3) != 0)) {
2162 DPRINTF(("bad DMA length %u\n", dmalen));
2163 break;
2164 }
2165 if (__predict_false(dmalen + 8 > xferlen)) {
2166 DPRINTF(("bad DMA length %u > %d\n",
2167 dmalen + 8, xferlen));
2168 break;
2169 }
2170 mtw_rx_frame(sc, buf + sizeof(struct mtw_rxd), dmalen, &ml);
2171 buf += dmalen + 8;
2172 xferlen -= dmalen + 8;
2173 }
2174 if_input(&sc->sc_ic.ic_if, &ml);
2175
2176 skip: /* setup a new transfer */
2177 usbd_setup_xfer(xfer, sc->rxq[0].pipeh, data, data->buf, MTW_MAX_RXSZ,
2178 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, mtw_rxeof);
2179 (void)usbd_transfer(data->xfer);
2180 }
2181
2182 void
mtw_txeof(struct usbd_xfer * xfer,void * priv,usbd_status status)2183 mtw_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
2184 {
2185 struct mtw_tx_data *data = priv;
2186 struct mtw_softc *sc = data->sc;
2187 struct mtw_tx_ring *txq = &sc->txq[data->qid];
2188 struct ifnet *ifp = &sc->sc_ic.ic_if;
2189 int s;
2190
2191 if (usbd_is_dying(sc->sc_udev))
2192 return;
2193
2194 s = splnet();
2195 txq->queued--;
2196 sc->qfullmsk &= ~(1 << data->qid);
2197
2198 if (__predict_false(status != USBD_NORMAL_COMPLETION)) {
2199 DPRINTF(("TX status=%d\n", status));
2200 if (status == USBD_STALLED)
2201 usbd_clear_endpoint_stall_async(txq->pipeh);
2202 ifp->if_oerrors++;
2203 splx(s);
2204 return;
2205 }
2206
2207 sc->sc_tx_timer = 0;
2208
2209 if (ifq_is_oactive(&ifp->if_snd)) {
2210 ifq_clr_oactive(&ifp->if_snd);
2211 mtw_start(ifp);
2212 }
2213
2214 splx(s);
2215 }
2216
2217 int
mtw_tx(struct mtw_softc * sc,struct mbuf * m,struct ieee80211_node * ni)2218 mtw_tx(struct mtw_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
2219 {
2220 struct ieee80211com *ic = &sc->sc_ic;
2221 struct mtw_node *mn = (void *)ni;
2222 struct ieee80211_frame *wh;
2223 struct mtw_tx_ring *ring;
2224 struct mtw_tx_data *data;
2225 struct mtw_txd *txd;
2226 struct mtw_txwi *txwi;
2227 uint16_t qos, dur;
2228 uint16_t txwisize;
2229 uint8_t type, mcs, tid, qid;
2230 int error, hasqos, ridx, ctl_ridx, xferlen;
2231
2232 wh = mtod(m, struct ieee80211_frame *);
2233 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2234
2235 /* select queue */
2236 if ((hasqos = ieee80211_has_qos(wh))) {
2237 qos = ieee80211_get_qos(wh);
2238 tid = qos & IEEE80211_QOS_TID;
2239 qid = ieee80211_up_to_ac(ic, tid);
2240 } else {
2241 qos = 0;
2242 tid = 0;
2243 qid = EDCA_AC_BE;
2244 }
2245
2246 /* management frames go to MCU queue */
2247 if (type == IEEE80211_FC0_TYPE_MGT)
2248 qid = MTW_TXQ_MCU;
2249
2250 ring = &sc->txq[qid];
2251 data = &ring->data[ring->cur];
2252
2253 /* pickup a rate index */
2254 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
2255 type != IEEE80211_FC0_TYPE_DATA) {
2256 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
2257 MTW_RIDX_OFDM6 : MTW_RIDX_CCK1;
2258 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
2259 } else if (ic->ic_fixed_rate != -1) {
2260 ridx = sc->fixed_ridx;
2261 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
2262 } else {
2263 ridx = mn->ridx[ni->ni_txrate];
2264 ctl_ridx = mn->ctl_ridx[ni->ni_txrate];
2265 }
2266
2267 txwisize = sizeof(struct mtw_txwi);
2268 xferlen = txwisize + m->m_pkthdr.len;
2269
2270 /* roundup to 32-bit alignment */
2271 xferlen = (xferlen + 3) & ~3;
2272
2273 /* setup TX descriptor */
2274 txd = (struct mtw_txd *)data->buf;
2275 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_80211 |
2276 MTW_TXD_WLAN | MTW_TXD_QSEL_EDCA);
2277
2278 if (type != IEEE80211_FC0_TYPE_DATA)
2279 txd->flags |= htole16(MTW_TXD_WIV);
2280 txd->len = htole16(xferlen);
2281 xferlen += sizeof(struct mtw_txd);
2282
2283 /* get MCS code from rate index */
2284 mcs = rt2860_rates[ridx].mcs;
2285
2286 /* setup TX Wireless Information */
2287 txwi = (struct mtw_txwi *)(txd + 1);
2288 txwi->flags = 0;
2289 txwi->xflags = hasqos ? 0 : MTW_TX_NSEQ;
2290 txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ?
2291 MTW_AID2WCID(ni->ni_associd) : 0xff;
2292 txwi->len = htole16(m->m_pkthdr.len);
2293 txwi->txop = MTW_TX_TXOP_BACKOFF;
2294
2295 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
2296 txwi->phy = htole16(MTW_PHY_CCK << MT7601_PHY_SHIFT);
2297 if (ridx != MTW_RIDX_CCK1 &&
2298 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
2299 mcs |= MTW_PHY_SHPRE;
2300 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
2301 txwi->phy = htole16(MTW_PHY_OFDM << MT7601_PHY_SHIFT);
2302 txwi->phy |= htole16(mcs);
2303
2304 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
2305 (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) !=
2306 IEEE80211_QOS_ACK_POLICY_NOACK)) {
2307 txwi->xflags |= MTW_TX_ACK;
2308 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
2309 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
2310 else
2311 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
2312 *(uint16_t *)wh->i_dur = htole16(dur);
2313 }
2314
2315 #if NBPFILTER > 0
2316 if (__predict_false(sc->sc_drvbpf != NULL)) {
2317 struct mtw_tx_radiotap_header *tap = &sc->sc_txtap;
2318 struct mbuf mb;
2319
2320 tap->wt_flags = 0;
2321 tap->wt_rate = rt2860_rates[ridx].rate;
2322 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq);
2323 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags);
2324 if (mcs & MTW_PHY_SHPRE)
2325 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2326
2327 mb.m_data = (caddr_t)tap;
2328 mb.m_len = sc->sc_txtap_len;
2329 mb.m_next = m;
2330 mb.m_nextpkt = NULL;
2331 mb.m_type = 0;
2332 mb.m_flags = 0;
2333 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT);
2334 }
2335 #endif
2336 /* copy payload */
2337 m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)txwi + txwisize);
2338 m_freem(m);
2339
2340 /* 4-byte pad */
2341 memset(data->buf + xferlen, 0, MTW_DMA_PAD);
2342 xferlen += MTW_DMA_PAD;
2343
2344 usbd_setup_xfer(data->xfer, ring->pipeh, data, data->buf,
2345 xferlen, USBD_FORCE_SHORT_XFER | USBD_NO_COPY,
2346 MTW_TX_TIMEOUT, mtw_txeof);
2347 error = usbd_transfer(data->xfer);
2348 if (__predict_false(error != USBD_IN_PROGRESS && error != 0))
2349 return error;
2350
2351 ieee80211_release_node(ic, ni);
2352
2353 ring->cur = (ring->cur + 1) % MTW_TX_RING_COUNT;
2354 if (++ring->queued >= MTW_TX_RING_COUNT)
2355 sc->qfullmsk |= 1 << qid;
2356 return 0;
2357 }
2358
2359 void
mtw_start(struct ifnet * ifp)2360 mtw_start(struct ifnet *ifp)
2361 {
2362 struct mtw_softc *sc = ifp->if_softc;
2363 struct ieee80211com *ic = &sc->sc_ic;
2364 struct ieee80211_node *ni;
2365 struct mbuf *m;
2366
2367 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd))
2368 return;
2369
2370 for (;;) {
2371 if (sc->qfullmsk != 0) {
2372 ifq_set_oactive(&ifp->if_snd);
2373 break;
2374 }
2375
2376 /* send pending management frames first */
2377 m = mq_dequeue(&ic->ic_mgtq);
2378 if (m != NULL) {
2379 ni = m->m_pkthdr.ph_cookie;
2380 goto sendit;
2381 }
2382 if (ic->ic_state != IEEE80211_S_RUN)
2383 break;
2384
2385 /* encapsulate and send data frames */
2386 m = ifq_dequeue(&ifp->if_snd);
2387 if (m == NULL)
2388 break;
2389 #if NBPFILTER > 0
2390 if (ifp->if_bpf != NULL)
2391 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT);
2392 #endif
2393 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL)
2394 continue;
2395 sendit:
2396 #if NBPFILTER > 0
2397 if (ic->ic_rawbpf != NULL)
2398 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT);
2399 #endif
2400 if (mtw_tx(sc, m, ni) != 0) {
2401 ieee80211_release_node(ic, ni);
2402 ifp->if_oerrors++;
2403 continue;
2404 }
2405
2406 sc->sc_tx_timer = 5;
2407 ifp->if_timer = 1;
2408 }
2409 }
2410
2411 void
mtw_watchdog(struct ifnet * ifp)2412 mtw_watchdog(struct ifnet *ifp)
2413 {
2414 struct mtw_softc *sc = ifp->if_softc;
2415
2416 ifp->if_timer = 0;
2417
2418 if (sc->sc_tx_timer > 0) {
2419 if (--sc->sc_tx_timer == 0) {
2420 printf("%s: device timeout\n", sc->sc_dev.dv_xname);
2421 /* mtw_init(ifp); XXX needs a process context! */
2422 ifp->if_oerrors++;
2423 return;
2424 }
2425 ifp->if_timer = 1;
2426 }
2427
2428 ieee80211_watchdog(ifp);
2429 }
2430
2431 int
mtw_ioctl(struct ifnet * ifp,u_long cmd,caddr_t data)2432 mtw_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
2433 {
2434 struct mtw_softc *sc = ifp->if_softc;
2435 struct ieee80211com *ic = &sc->sc_ic;
2436 int s, error = 0;
2437
2438 if (usbd_is_dying(sc->sc_udev))
2439 return ENXIO;
2440
2441 usbd_ref_incr(sc->sc_udev);
2442
2443 s = splnet();
2444
2445 switch (cmd) {
2446 case SIOCSIFADDR:
2447 ifp->if_flags |= IFF_UP;
2448 /* FALLTHROUGH */
2449 case SIOCSIFFLAGS:
2450 if (ifp->if_flags & IFF_UP) {
2451 if (!(ifp->if_flags & IFF_RUNNING))
2452 mtw_init(ifp);
2453 } else {
2454 if (ifp->if_flags & IFF_RUNNING)
2455 mtw_stop(ifp, 1);
2456 }
2457 break;
2458
2459 case SIOCS80211CHANNEL:
2460 /*
2461 * This allows for fast channel switching in monitor mode
2462 * (used by kismet).
2463 */
2464 error = ieee80211_ioctl(ifp, cmd, data);
2465 if (error == ENETRESET &&
2466 ic->ic_opmode == IEEE80211_M_MONITOR) {
2467 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
2468 (IFF_UP | IFF_RUNNING))
2469 mtw_set_chan(sc, ic->ic_ibss_chan);
2470 error = 0;
2471 }
2472 break;
2473
2474 default:
2475 error = ieee80211_ioctl(ifp, cmd, data);
2476 }
2477
2478 if (error == ENETRESET) {
2479 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
2480 (IFF_UP | IFF_RUNNING)) {
2481 mtw_stop(ifp, 0);
2482 error = mtw_init(ifp);
2483 } else
2484 error = 0;
2485 }
2486 splx(s);
2487
2488 usbd_ref_decr(sc->sc_udev);
2489
2490 return error;
2491 }
2492
2493 void
mtw_select_chan_group(struct mtw_softc * sc,int group)2494 mtw_select_chan_group(struct mtw_softc *sc, int group)
2495 {
2496 uint32_t tmp;
2497 uint8_t bbp;
2498
2499 /* Tx band 20MHz 2G */
2500 mtw_read(sc, MTW_TX_BAND_CFG, &tmp);
2501 tmp &= ~(MTW_TX_BAND_SEL_2G | MTW_TX_BAND_SEL_5G |
2502 MTW_TX_BAND_UPPER_40M);
2503 tmp |= (group == 0) ? MTW_TX_BAND_SEL_2G : MTW_TX_BAND_SEL_5G;
2504 mtw_write(sc, MTW_TX_BAND_CFG, tmp);
2505
2506 /* select 20 MHz bandwidth */
2507 mtw_bbp_read(sc, 4, &bbp);
2508 bbp &= ~0x18;
2509 bbp |= 0x40;
2510 mtw_bbp_write(sc, 4, bbp);
2511
2512 /* calibrate BBP */
2513 mtw_bbp_write(sc, 69, 0x12);
2514 mtw_bbp_write(sc, 91, 0x07);
2515 mtw_bbp_write(sc, 195, 0x23);
2516 mtw_bbp_write(sc, 196, 0x17);
2517 mtw_bbp_write(sc, 195, 0x24);
2518 mtw_bbp_write(sc, 196, 0x06);
2519 mtw_bbp_write(sc, 195, 0x81);
2520 mtw_bbp_write(sc, 196, 0x12);
2521 mtw_bbp_write(sc, 195, 0x83);
2522 mtw_bbp_write(sc, 196, 0x17);
2523 mtw_rf_write(sc, 5, 8, 0x00);
2524 mtw_mcu_calibrate(sc, 0x6, 0x10001);
2525
2526 /* set initial AGC value */
2527 mt7601_set_agc(sc, 0x14);
2528 }
2529
2530 void
mt7601_set_agc(struct mtw_softc * sc,uint8_t agc)2531 mt7601_set_agc(struct mtw_softc *sc, uint8_t agc)
2532 {
2533 uint8_t bbp;
2534
2535 mtw_bbp_write(sc, 66, agc);
2536 mtw_bbp_write(sc, 195, 0x87);
2537 bbp = (agc & 0xf0) | 0x08;
2538 mtw_bbp_write(sc, 196, bbp);
2539 }
2540
2541 void
mt7601_set_chan(struct mtw_softc * sc,u_int chan)2542 mt7601_set_chan(struct mtw_softc *sc, u_int chan)
2543 {
2544 uint32_t tmp;
2545 uint8_t bbp, rf, txpow1;
2546 int i;
2547
2548 /* find the settings for this channel */
2549 for (i = 0; mt7601_rf_chan[i].chan != chan; i++)
2550 ;
2551
2552 mtw_rf_write(sc, 0, 17, mt7601_rf_chan[i].r17);
2553 mtw_rf_write(sc, 0, 18, mt7601_rf_chan[i].r18);
2554 mtw_rf_write(sc, 0, 19, mt7601_rf_chan[i].r19);
2555 mtw_rf_write(sc, 0, 20, mt7601_rf_chan[i].r20);
2556
2557 /* use Tx power values from EEPROM */
2558 txpow1 = sc->txpow1[i];
2559
2560 /* Tx automatic level control */
2561 mtw_read(sc, MTW_TX_ALC_CFG0, &tmp);
2562 tmp &= ~0x3f3f;
2563 tmp |= (txpow1 & 0x3f);
2564 mtw_write(sc, MTW_TX_ALC_CFG0, tmp);
2565
2566 /* LNA */
2567 mtw_bbp_write(sc, 62, 0x37 - sc->lna[0]);
2568 mtw_bbp_write(sc, 63, 0x37 - sc->lna[0]);
2569 mtw_bbp_write(sc, 64, 0x37 - sc->lna[0]);
2570
2571 /* VCO calibration */
2572 mtw_rf_write(sc, 0, 4, 0x0a);
2573 mtw_rf_write(sc, 0, 5, 0x20);
2574 mtw_rf_read(sc, 0, 4, &rf);
2575 mtw_rf_write(sc, 0, 4, rf | 0x80);
2576
2577 /* select 20 MHz bandwidth */
2578 mtw_bbp_read(sc, 4, &bbp);
2579 bbp &= ~0x18;
2580 bbp |= 0x40;
2581 mtw_bbp_write(sc, 4, bbp);
2582 mtw_bbp_write(sc, 178, 0xff);
2583 }
2584
2585 int
mtw_set_chan(struct mtw_softc * sc,struct ieee80211_channel * c)2586 mtw_set_chan(struct mtw_softc *sc, struct ieee80211_channel *c)
2587 {
2588 struct ieee80211com *ic = &sc->sc_ic;
2589 u_int chan, group;
2590
2591 chan = ieee80211_chan2ieee(ic, c);
2592 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
2593 return EINVAL;
2594
2595 /* determine channel group */
2596 if (chan <= 14)
2597 group = 0;
2598 else if (chan <= 64)
2599 group = 1;
2600 else if (chan <= 128)
2601 group = 2;
2602 else
2603 group = 3;
2604
2605 if (group != sc->sc_chan_group || !sc->sc_bw_calibrated)
2606 mtw_select_chan_group(sc, group);
2607
2608 sc->sc_chan_group = group;
2609
2610 /* chipset specific */
2611 if (sc->mac_ver == 0x7601)
2612 mt7601_set_chan(sc, chan);
2613
2614 DELAY(1000);
2615 return 0;
2616 }
2617
2618 void
mtw_enable_tsf_sync(struct mtw_softc * sc)2619 mtw_enable_tsf_sync(struct mtw_softc *sc)
2620 {
2621 struct ieee80211com *ic = &sc->sc_ic;
2622 uint32_t tmp;
2623
2624 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp);
2625 tmp &= ~0x1fffff;
2626 tmp |= ic->ic_bss->ni_intval * 16;
2627 tmp |= MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN;
2628
2629 /* local TSF is always updated with remote TSF on beacon reception */
2630 tmp |= 1 << MTW_TSF_SYNC_MODE_SHIFT;
2631 mtw_write(sc, MTW_BCN_TIME_CFG, tmp);
2632 }
2633
2634 void
mtw_abort_tsf_sync(struct mtw_softc * sc)2635 mtw_abort_tsf_sync(struct mtw_softc *sc)
2636 {
2637 uint32_t tmp;
2638
2639 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp);
2640 tmp &= ~(MTW_BCN_TX_EN | MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN);
2641 mtw_write(sc, MTW_BCN_TIME_CFG, tmp);
2642 }
2643
2644 void
mtw_enable_mrr(struct mtw_softc * sc)2645 mtw_enable_mrr(struct mtw_softc *sc)
2646 {
2647 #define CCK(mcs) (mcs)
2648 #define OFDM(mcs) (1 << 3 | (mcs))
2649 mtw_write(sc, MTW_LG_FBK_CFG0,
2650 OFDM(6) << 28 | /* 54->48 */
2651 OFDM(5) << 24 | /* 48->36 */
2652 OFDM(4) << 20 | /* 36->24 */
2653 OFDM(3) << 16 | /* 24->18 */
2654 OFDM(2) << 12 | /* 18->12 */
2655 OFDM(1) << 8 | /* 12-> 9 */
2656 OFDM(0) << 4 | /* 9-> 6 */
2657 OFDM(0)); /* 6-> 6 */
2658
2659 mtw_write(sc, MTW_LG_FBK_CFG1,
2660 CCK(2) << 12 | /* 11->5.5 */
2661 CCK(1) << 8 | /* 5.5-> 2 */
2662 CCK(0) << 4 | /* 2-> 1 */
2663 CCK(0)); /* 1-> 1 */
2664 #undef OFDM
2665 #undef CCK
2666 }
2667
2668 void
mtw_set_txrts(struct mtw_softc * sc)2669 mtw_set_txrts(struct mtw_softc *sc)
2670 {
2671 uint32_t tmp;
2672
2673 /* set RTS threshold */
2674 mtw_read(sc, MTW_TX_RTS_CFG, &tmp);
2675 tmp &= ~0xffff00;
2676 tmp |= 0x1000 << MTW_RTS_THRES_SHIFT;
2677 mtw_write(sc, MTW_TX_RTS_CFG, tmp);
2678 }
2679
2680 void
mtw_set_txpreamble(struct mtw_softc * sc)2681 mtw_set_txpreamble(struct mtw_softc *sc)
2682 {
2683 uint32_t tmp;
2684
2685 mtw_read(sc, MTW_AUTO_RSP_CFG, &tmp);
2686 if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
2687 tmp |= MTW_CCK_SHORT_EN;
2688 else
2689 tmp &= ~MTW_CCK_SHORT_EN;
2690 mtw_write(sc, MTW_AUTO_RSP_CFG, tmp);
2691 }
2692
2693 void
mtw_set_basicrates(struct mtw_softc * sc)2694 mtw_set_basicrates(struct mtw_softc *sc)
2695 {
2696 struct ieee80211com *ic = &sc->sc_ic;
2697
2698 /* set basic rates mask */
2699 if (ic->ic_curmode == IEEE80211_MODE_11B)
2700 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x003);
2701 else if (ic->ic_curmode == IEEE80211_MODE_11A)
2702 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x150);
2703 else /* 11g */
2704 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x17f);
2705 }
2706
2707 void
mtw_set_leds(struct mtw_softc * sc,uint16_t which)2708 mtw_set_leds(struct mtw_softc *sc, uint16_t which)
2709 {
2710 struct mtw_mcu_cmd_8 cmd;
2711
2712 cmd.func = htole32(0x1);
2713 cmd.val = htole32(which);
2714 mtw_mcu_cmd(sc, 16, &cmd, sizeof(struct mtw_mcu_cmd_8));
2715 }
2716
2717 void
mtw_set_bssid(struct mtw_softc * sc,const uint8_t * bssid)2718 mtw_set_bssid(struct mtw_softc *sc, const uint8_t *bssid)
2719 {
2720 mtw_write(sc, MTW_MAC_BSSID_DW0,
2721 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
2722 mtw_write(sc, MTW_MAC_BSSID_DW1,
2723 bssid[4] | bssid[5] << 8);
2724 }
2725
2726 void
mtw_set_macaddr(struct mtw_softc * sc,const uint8_t * addr)2727 mtw_set_macaddr(struct mtw_softc *sc, const uint8_t *addr)
2728 {
2729 mtw_write(sc, MTW_MAC_ADDR_DW0,
2730 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
2731 mtw_write(sc, MTW_MAC_ADDR_DW1,
2732 addr[4] | addr[5] << 8 | 0xff << 16);
2733 }
2734
2735 #if NBPFILTER > 0
2736 int8_t
mtw_rssi2dbm(struct mtw_softc * sc,uint8_t rssi,uint8_t rxchain)2737 mtw_rssi2dbm(struct mtw_softc *sc, uint8_t rssi, uint8_t rxchain)
2738 {
2739 struct ieee80211com *ic = &sc->sc_ic;
2740 struct ieee80211_channel *c = ic->ic_ibss_chan;
2741 int delta;
2742
2743 if (IEEE80211_IS_CHAN_5GHZ(c)) {
2744 u_int chan = ieee80211_chan2ieee(ic, c);
2745 delta = sc->rssi_5ghz[rxchain];
2746
2747 /* determine channel group */
2748 if (chan <= 64)
2749 delta -= sc->lna[1];
2750 else if (chan <= 128)
2751 delta -= sc->lna[2];
2752 else
2753 delta -= sc->lna[3];
2754 } else
2755 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
2756
2757 return -12 - delta - rssi;
2758 }
2759 #endif
2760
2761 int
mt7601_bbp_init(struct mtw_softc * sc)2762 mt7601_bbp_init(struct mtw_softc *sc)
2763 {
2764 uint8_t bbp;
2765 int i, error, ntries;
2766
2767 /* wait for BBP to wake up */
2768 for (ntries = 0; ntries < 20; ntries++) {
2769 if ((error = mtw_bbp_read(sc, 0, &bbp)) != 0)
2770 return error;
2771 if (bbp != 0 && bbp != 0xff)
2772 break;
2773 }
2774
2775 if (ntries == 20)
2776 return ETIMEDOUT;
2777
2778 mtw_bbp_read(sc, 3, &bbp);
2779 mtw_bbp_write(sc, 3, 0);
2780 mtw_bbp_read(sc, 105, &bbp);
2781 mtw_bbp_write(sc, 105, 0);
2782
2783 /* initialize BBP registers to default values */
2784 for (i = 0; i < nitems(mt7601_def_bbp); i++) {
2785 if ((error = mtw_bbp_write(sc, mt7601_def_bbp[i].reg,
2786 mt7601_def_bbp[i].val)) != 0)
2787 return error;
2788 }
2789
2790 sc->sc_bw_calibrated = 0;
2791
2792 return 0;
2793 }
2794
2795 int
mt7601_rf_init(struct mtw_softc * sc)2796 mt7601_rf_init(struct mtw_softc *sc)
2797 {
2798 int i, error;
2799
2800 /* RF bank 0 */
2801 for (i = 0; i < nitems(mt7601_rf_bank0); i++) {
2802 error = mtw_rf_write(sc, 0, mt7601_rf_bank0[i].reg,
2803 mt7601_rf_bank0[i].val);
2804 if (error != 0)
2805 return error;
2806 }
2807 /* RF bank 4 */
2808 for (i = 0; i < nitems(mt7601_rf_bank4); i++) {
2809 error = mtw_rf_write(sc, 4, mt7601_rf_bank4[i].reg,
2810 mt7601_rf_bank4[i].val);
2811 if (error != 0)
2812 return error;
2813 }
2814 /* RF bank 5 */
2815 for (i = 0; i < nitems(mt7601_rf_bank5); i++) {
2816 error = mtw_rf_write(sc, 5, mt7601_rf_bank5[i].reg,
2817 mt7601_rf_bank5[i].val);
2818 if (error != 0)
2819 return error;
2820 }
2821 return 0;
2822 }
2823
2824 int
mt7601_rf_setup(struct mtw_softc * sc)2825 mt7601_rf_setup(struct mtw_softc *sc)
2826 {
2827 uint32_t tmp;
2828 uint8_t rf;
2829 int error;
2830
2831 if (sc->sc_rf_calibrated)
2832 return 0;
2833
2834 /* init RF registers */
2835 if ((error = mt7601_rf_init(sc)) != 0)
2836 return error;
2837
2838 /* init frequency offset */
2839 mtw_rf_write(sc, 0, 12, sc->rf_freq_offset);
2840 mtw_rf_read(sc, 0, 12, &rf);
2841
2842 /* read temperature */
2843 mt7601_rf_temperature(sc, &rf);
2844 sc->bbp_temp = rf;
2845 DPRINTF(("BBP temp 0x%x ", rf));
2846
2847 mtw_rf_read(sc, 0, 7, &rf);
2848 if ((error = mtw_mcu_calibrate(sc, 0x1, 0)) != 0)
2849 return error;
2850 usbd_delay_ms(sc->sc_udev, 100);
2851 mtw_rf_read(sc, 0, 7, &rf);
2852
2853 /* Calibrate VCO RF 0/4 */
2854 mtw_rf_write(sc, 0, 4, 0x0a);
2855 mtw_rf_write(sc, 0, 4, 0x20);
2856 mtw_rf_read(sc, 0, 4, &rf);
2857 mtw_rf_write(sc, 0, 4, rf | 0x80);
2858
2859 if ((error = mtw_mcu_calibrate(sc, 0x9, 0)) != 0)
2860 return error;
2861 if ((error = mt7601_rxdc_cal(sc)) != 0)
2862 return error;
2863 if ((error = mtw_mcu_calibrate(sc, 0x6, 1)) != 0)
2864 return error;
2865 if ((error = mtw_mcu_calibrate(sc, 0x6, 0)) != 0)
2866 return error;
2867 if ((error = mtw_mcu_calibrate(sc, 0x4, 0)) != 0)
2868 return error;
2869 if ((error = mtw_mcu_calibrate(sc, 0x5, 0)) != 0)
2870 return error;
2871
2872 mtw_read(sc, MTW_LDO_CFG0, &tmp);
2873 tmp &= ~(1 << 4);
2874 tmp |= (1 << 2);
2875 mtw_write(sc, MTW_LDO_CFG0, tmp);
2876
2877 if ((error = mtw_mcu_calibrate(sc, 0x8, 0)) != 0)
2878 return error;
2879 if ((error = mt7601_rxdc_cal(sc)) != 0)
2880 return error;
2881
2882 sc->sc_rf_calibrated = 1;
2883 return 0;
2884 }
2885
2886 int
mt7601_rf_temperature(struct mtw_softc * sc,int8_t * val)2887 mt7601_rf_temperature(struct mtw_softc *sc, int8_t *val)
2888 {
2889 uint32_t rfb, rfs;
2890 uint8_t bbp;
2891 int ntries;
2892
2893 mtw_read(sc, MTW_RF_BYPASS0, &rfb);
2894 mtw_read(sc, MTW_RF_SETTING0, &rfs);
2895 mtw_write(sc, MTW_RF_BYPASS0, 0);
2896 mtw_write(sc, MTW_RF_SETTING0, 0x10);
2897 mtw_write(sc, MTW_RF_BYPASS0, 0x10);
2898
2899 mtw_bbp_read(sc, 47, &bbp);
2900 bbp &= ~0x7f;
2901 bbp |= 0x10;
2902 mtw_bbp_write(sc, 47, bbp);
2903
2904 mtw_bbp_write(sc, 22, 0x40);
2905
2906 for (ntries = 0; ntries < 10; ntries++) {
2907 mtw_bbp_read(sc, 47, &bbp);
2908 if ((bbp & 0x10) == 0)
2909 break;
2910 }
2911 if (ntries == 10)
2912 return ETIMEDOUT;
2913
2914 mt7601_r49_read(sc, MT7601_R47_TEMP, val);
2915
2916 mtw_bbp_write(sc, 22, 0);
2917
2918 mtw_bbp_read(sc, 21, &bbp);
2919 bbp |= 0x02;
2920 mtw_bbp_write(sc, 21, bbp);
2921 bbp &= ~0x02;
2922 mtw_bbp_write(sc, 21, bbp);
2923
2924 mtw_write(sc, MTW_RF_BYPASS0, 0);
2925 mtw_write(sc, MTW_RF_SETTING0, rfs);
2926 mtw_write(sc, MTW_RF_BYPASS0, rfb);
2927 return 0;
2928 }
2929
2930 int
mt7601_r49_read(struct mtw_softc * sc,uint8_t flag,int8_t * val)2931 mt7601_r49_read(struct mtw_softc *sc, uint8_t flag, int8_t *val)
2932 {
2933 uint8_t bbp;
2934
2935 mtw_bbp_read(sc, 47, &bbp);
2936 bbp = 0x90;
2937 mtw_bbp_write(sc, 47, bbp);
2938 bbp &= ~0x0f;
2939 bbp |= flag;
2940 mtw_bbp_write(sc, 47, bbp);
2941 return mtw_bbp_read(sc, 49, val);
2942 }
2943
2944 int
mt7601_rxdc_cal(struct mtw_softc * sc)2945 mt7601_rxdc_cal(struct mtw_softc *sc)
2946 {
2947 uint32_t tmp;
2948 uint8_t bbp;
2949 int ntries;
2950
2951 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp);
2952 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_RX_EN);
2953 mtw_bbp_write(sc, 158, 0x8d);
2954 mtw_bbp_write(sc, 159, 0xfc);
2955 mtw_bbp_write(sc, 158, 0x8c);
2956 mtw_bbp_write(sc, 159, 0x4c);
2957
2958 for (ntries = 0; ntries < 20; ntries++) {
2959 DELAY(300);
2960 mtw_bbp_write(sc, 158, 0x8c);
2961 mtw_bbp_read(sc, 159, &bbp);
2962 if (bbp == 0x0c)
2963 break;
2964 }
2965
2966 if (ntries == 20)
2967 return ETIMEDOUT;
2968
2969 mtw_write(sc, MTW_MAC_SYS_CTRL, 0);
2970 mtw_bbp_write(sc, 158, 0x8d);
2971 mtw_bbp_write(sc, 159, 0xe0);
2972 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp);
2973 return 0;
2974 }
2975
2976 int
mtw_wlan_enable(struct mtw_softc * sc,int enable)2977 mtw_wlan_enable(struct mtw_softc *sc, int enable)
2978 {
2979 uint32_t tmp;
2980 int error = 0;
2981
2982 if (enable) {
2983 mtw_read(sc, MTW_WLAN_CTRL, &tmp);
2984 if (sc->asic_ver == 0x7612)
2985 tmp &= ~0xfffff000;
2986
2987 tmp &= ~MTW_WLAN_CLK_EN;
2988 tmp |= MTW_WLAN_EN;
2989 mtw_write(sc, MTW_WLAN_CTRL, tmp);
2990 usbd_delay_ms(sc->sc_udev, 2);
2991
2992 tmp |= MTW_WLAN_CLK_EN;
2993 if (sc->asic_ver == 0x7612) {
2994 tmp |= (MTW_WLAN_RESET | MTW_WLAN_RESET_RF);
2995 }
2996 mtw_write(sc, MTW_WLAN_CTRL, tmp);
2997 usbd_delay_ms(sc->sc_udev, 2);
2998
2999 mtw_read(sc, MTW_OSC_CTRL, &tmp);
3000 tmp |= MTW_OSC_EN;
3001 mtw_write(sc, MTW_OSC_CTRL, tmp);
3002 tmp |= MTW_OSC_CAL_REQ;
3003 mtw_write(sc, MTW_OSC_CTRL, tmp);
3004 } else {
3005 mtw_read(sc, MTW_WLAN_CTRL, &tmp);
3006 tmp &= ~(MTW_WLAN_CLK_EN | MTW_WLAN_EN);
3007 mtw_write(sc, MTW_WLAN_CTRL, tmp);
3008
3009 mtw_read(sc, MTW_OSC_CTRL, &tmp);
3010 tmp &= ~MTW_OSC_EN;
3011 mtw_write(sc, MTW_OSC_CTRL, tmp);
3012 }
3013 return error;
3014 }
3015
3016 int
mtw_txrx_enable(struct mtw_softc * sc)3017 mtw_txrx_enable(struct mtw_softc *sc)
3018 {
3019 uint32_t tmp;
3020 int error, ntries;
3021
3022 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_TX_EN);
3023 for (ntries = 0; ntries < 200; ntries++) {
3024 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0)
3025 return error;
3026 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0)
3027 break;
3028 DELAY(1000);
3029 }
3030 if (ntries == 200)
3031 return ETIMEDOUT;
3032
3033 DELAY(50);
3034
3035 tmp |= MTW_RX_DMA_EN | MTW_TX_DMA_EN | MTW_TX_WB_DDONE;
3036 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp);
3037
3038 /* enable Rx bulk aggregation (set timeout and limit) */
3039 tmp = MTW_USB_TX_EN | MTW_USB_RX_EN | MTW_USB_RX_AGG_EN |
3040 MTW_USB_RX_AGG_TO(128) | MTW_USB_RX_AGG_LMT(2);
3041 mtw_write(sc, MTW_USB_DMA_CFG, tmp);
3042
3043 /* set Rx filter */
3044 tmp = MTW_DROP_CRC_ERR | MTW_DROP_PHY_ERR;
3045 if (sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR) {
3046 tmp |= MTW_DROP_UC_NOME | MTW_DROP_DUPL |
3047 MTW_DROP_CTS | MTW_DROP_BA | MTW_DROP_ACK |
3048 MTW_DROP_VER_ERR | MTW_DROP_CTRL_RSV |
3049 MTW_DROP_CFACK | MTW_DROP_CFEND;
3050 if (sc->sc_ic.ic_opmode == IEEE80211_M_STA)
3051 tmp |= MTW_DROP_RTS | MTW_DROP_PSPOLL;
3052 }
3053 mtw_write(sc, MTW_RX_FILTR_CFG, tmp);
3054
3055 mtw_write(sc, MTW_MAC_SYS_CTRL,
3056 MTW_MAC_RX_EN | MTW_MAC_TX_EN);
3057 return 0;
3058 }
3059
3060 int
mtw_init(struct ifnet * ifp)3061 mtw_init(struct ifnet *ifp)
3062 {
3063 struct mtw_softc *sc = ifp->if_softc;
3064 struct ieee80211com *ic = &sc->sc_ic;
3065 uint32_t tmp;
3066 int i, error, ridx, ntries, qid;
3067
3068 if (usbd_is_dying(sc->sc_udev))
3069 return ENXIO;
3070
3071 /* init Tx rings (4 EDCAs, 1 HCCA, 1 MGMT) */
3072 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) {
3073 if ((error = mtw_alloc_tx_ring(sc, qid)) != 0)
3074 goto fail;
3075 }
3076
3077 /* init Rx ring */
3078 if ((error = mtw_alloc_rx_ring(sc, 0)) != 0)
3079 goto fail;
3080
3081 /* init MCU Tx ring */
3082 if ((error = mtw_alloc_mcu_ring(sc)) != 0)
3083 goto fail;
3084
3085 /* init host command ring */
3086 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0;
3087
3088 for (ntries = 0; ntries < 100; ntries++) {
3089 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0)
3090 goto fail;
3091 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0)
3092 break;
3093 DELAY(1000);
3094 }
3095 if (ntries == 100) {
3096 printf("%s: timeout waiting for DMA engine\n",
3097 sc->sc_dev.dv_xname);
3098 error = ETIMEDOUT;
3099 goto fail;
3100 }
3101 tmp &= 0xff0;
3102 tmp |= MTW_TX_WB_DDONE;
3103 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp);
3104
3105 /* reset MAC and baseband */
3106 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_BBP_HRST | MTW_MAC_SRST);
3107 mtw_write(sc, MTW_USB_DMA_CFG, 0);
3108 mtw_write(sc, MTW_MAC_SYS_CTRL, 0);
3109
3110 /* init MAC values */
3111 if (sc->mac_ver == 0x7601) {
3112 for (i = 0; i < nitems(mt7601_def_mac); i++)
3113 mtw_write(sc, mt7601_def_mac[i].reg,
3114 mt7601_def_mac[i].val);
3115 }
3116
3117 /* wait while MAC is busy */
3118 for (ntries = 0; ntries < 100; ntries++) {
3119 if ((error = mtw_read(sc, MTW_MAC_STATUS_REG, &tmp)) != 0)
3120 goto fail;
3121 if (!(tmp & (MTW_RX_STATUS_BUSY | MTW_TX_STATUS_BUSY)))
3122 break;
3123 DELAY(1000);
3124 }
3125 if (ntries == 100) {
3126 error = ETIMEDOUT;
3127 goto fail;
3128 }
3129
3130 /* set MAC address */
3131 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl));
3132 mtw_set_macaddr(sc, ic->ic_myaddr);
3133
3134 /* clear WCID attribute table */
3135 mtw_set_region_4(sc, MTW_WCID_ATTR(0), 1, 8 * 32);
3136
3137 mtw_write(sc, 0x1648, 0x00830083);
3138 mtw_read(sc, MTW_FCE_L2_STUFF, &tmp);
3139 tmp &= ~MTW_L2S_WR_MPDU_LEN_EN;
3140 mtw_write(sc, MTW_FCE_L2_STUFF, tmp);
3141
3142 /* RTS config */
3143 mtw_set_txrts(sc);
3144
3145 /* clear Host to MCU mailbox */
3146 mtw_write(sc, MTW_BBP_CSR, 0);
3147 mtw_write(sc, MTW_H2M_MAILBOX, 0);
3148
3149 /* clear RX WCID search table */
3150 mtw_set_region_4(sc, MTW_WCID_ENTRY(0), 0xffffffff, 512);
3151
3152 /* abort TSF synchronization */
3153 mtw_abort_tsf_sync(sc);
3154
3155 mtw_read(sc, MTW_US_CYC_CNT, &tmp);
3156 tmp = (tmp & ~0xff);
3157 if (sc->mac_ver == 0x7601)
3158 tmp |= 0x1e;
3159 mtw_write(sc, MTW_US_CYC_CNT, tmp);
3160
3161 /* clear shared key table */
3162 mtw_set_region_4(sc, MTW_SKEY(0, 0), 0, 8 * 32);
3163
3164 /* clear IV/EIV table */
3165 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 8 * 32);
3166
3167 /* clear shared key mode */
3168 mtw_write(sc, MTW_SKEY_MODE_0_7, 0);
3169 mtw_write(sc, MTW_SKEY_MODE_8_15, 0);
3170
3171 /* txop truncation */
3172 mtw_write(sc, MTW_TXOP_CTRL_CFG, 0x0000583f);
3173
3174 /* init Tx power for all Tx rates */
3175 for (ridx = 0; ridx < 5; ridx++) {
3176 if (sc->txpow20mhz[ridx] == 0xffffffff)
3177 continue;
3178 mtw_write(sc, MTW_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
3179 }
3180 mtw_write(sc, MTW_TX_PWR_CFG7, 0);
3181 mtw_write(sc, MTW_TX_PWR_CFG9, 0);
3182
3183 mtw_read(sc, MTW_CMB_CTRL, &tmp);
3184 tmp &= ~(1 << 18 | 1 << 14);
3185 mtw_write(sc, MTW_CMB_CTRL, tmp);
3186
3187 /* clear USB DMA */
3188 mtw_write(sc, MTW_USB_DMA_CFG, MTW_USB_TX_EN | MTW_USB_RX_EN |
3189 MTW_USB_RX_AGG_EN | MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT |
3190 MTW_USB_RX_WL_DROP);
3191 usbd_delay_ms(sc->sc_udev, 50);
3192 mtw_read(sc, MTW_USB_DMA_CFG, &tmp);
3193 tmp &= ~(MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT |
3194 MTW_USB_RX_WL_DROP);
3195 mtw_write(sc, MTW_USB_DMA_CFG, tmp);
3196
3197 /* enable radio */
3198 mtw_mcu_radio(sc, 0x31, 0);
3199
3200 /* init RF registers */
3201 if (sc->mac_ver == 0x7601)
3202 mt7601_rf_init(sc);
3203
3204 /* init baseband registers */
3205 if (sc->mac_ver == 0x7601)
3206 error = mt7601_bbp_init(sc);
3207
3208 if (error != 0) {
3209 printf("%s: could not initialize BBP\n", sc->sc_dev.dv_xname);
3210 goto fail;
3211 }
3212
3213 /* setup and calibrate RF */
3214 if (sc->mac_ver == 0x7601)
3215 error = mt7601_rf_setup(sc);
3216
3217 if (error != 0) {
3218 printf("%s: could not initialize RF\n", sc->sc_dev.dv_xname);
3219 goto fail;
3220 }
3221
3222 /* select default channel */
3223 ic->ic_bss->ni_chan = ic->ic_ibss_chan;
3224 mtw_set_chan(sc, ic->ic_ibss_chan);
3225
3226 for (i = 0; i < MTW_RX_RING_COUNT; i++) {
3227 struct mtw_rx_data *data = &sc->rxq[MTW_RXQ_WLAN].data[i];
3228
3229 usbd_setup_xfer(data->xfer, sc->rxq[MTW_RXQ_WLAN].pipeh,
3230 data, data->buf,
3231 MTW_MAX_RXSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY,
3232 USBD_NO_TIMEOUT, mtw_rxeof);
3233 error = usbd_transfer(data->xfer);
3234 if (error != 0 && error != USBD_IN_PROGRESS)
3235 goto fail;
3236 }
3237
3238 if ((error = mtw_txrx_enable(sc)) != 0)
3239 goto fail;
3240
3241 /* init LEDs */
3242 mtw_set_leds(sc, MTW_LED_MODE_ON);
3243
3244 ifp->if_flags |= IFF_RUNNING;
3245 ifq_clr_oactive(&ifp->if_snd);
3246
3247 if (ic->ic_flags & IEEE80211_F_WEPON) {
3248 /* install WEP keys */
3249 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
3250 if (ic->ic_nw_keys[i].k_cipher != IEEE80211_CIPHER_NONE)
3251 (void)mtw_set_key(ic, NULL, &ic->ic_nw_keys[i]);
3252 }
3253 }
3254
3255 if (ic->ic_opmode == IEEE80211_M_MONITOR)
3256 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
3257 else
3258 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
3259
3260 if (error != 0)
3261 fail: mtw_stop(ifp, 1);
3262 return error;
3263 }
3264
3265 void
mtw_stop(struct ifnet * ifp,int disable)3266 mtw_stop(struct ifnet *ifp, int disable)
3267 {
3268 struct mtw_softc *sc = ifp->if_softc;
3269 struct ieee80211com *ic = &sc->sc_ic;
3270 uint32_t tmp;
3271 int s, ntries, error, qid;
3272
3273 if (ifp->if_flags & IFF_RUNNING)
3274 mtw_set_leds(sc, MTW_LED_MODE_ON);
3275
3276 sc->sc_tx_timer = 0;
3277 ifp->if_timer = 0;
3278 ifp->if_flags &= ~IFF_RUNNING;
3279 ifq_clr_oactive(&ifp->if_snd);
3280
3281 timeout_del(&sc->scan_to);
3282 timeout_del(&sc->calib_to);
3283
3284 s = splusb();
3285 ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
3286 /* wait for all queued asynchronous commands to complete */
3287 usb_wait_task(sc->sc_udev, &sc->sc_task);
3288 splx(s);
3289
3290 /* Disable Tx/Rx DMA. */
3291 mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp);
3292 tmp &= ~(MTW_RX_DMA_EN | MTW_TX_DMA_EN);
3293 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp);
3294 mtw_usb_dma_write(sc, 0);
3295
3296 for (ntries = 0; ntries < 100; ntries++) {
3297 if (mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp) != 0)
3298 break;
3299 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0)
3300 break;
3301 DELAY(10);
3302 }
3303 if (ntries == 100) {
3304 printf("%s: timeout waiting for DMA engine\n",
3305 sc->sc_dev.dv_xname);
3306 }
3307
3308 /* stop MAC Tx/Rx */
3309 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp);
3310 tmp &= ~(MTW_MAC_RX_EN | MTW_MAC_TX_EN);
3311 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp);
3312
3313 /* disable RTS retry */
3314 mtw_read(sc, MTW_TX_RTS_CFG, &tmp);
3315 tmp &= ~0xff;
3316 mtw_write(sc, MTW_TX_RTS_CFG, tmp);
3317
3318 /* US_CYC_CFG */
3319 mtw_read(sc, MTW_US_CYC_CNT, &tmp);
3320 tmp = (tmp & ~0xff);
3321 mtw_write(sc, MTW_US_CYC_CNT, tmp);
3322
3323 /* stop PBF */
3324 mtw_read(sc, MTW_PBF_CFG, &tmp);
3325 tmp &= ~0x3;
3326 mtw_write(sc, MTW_PBF_CFG, tmp);
3327
3328 /* wait for pending Tx to complete */
3329 for (ntries = 0; ntries < 100; ntries++) {
3330 if ((error = mtw_read(sc, MTW_TXRXQ_PCNT, &tmp)) != 0)
3331 break;
3332 if ((tmp & MTW_TX2Q_PCNT_MASK) == 0)
3333 break;
3334 }
3335 DELAY(1000);
3336
3337 /* delete keys */
3338 for (qid = 0; qid < 4; qid++) {
3339 mtw_read(sc, MTW_SKEY_MODE_0_7, &tmp);
3340 tmp &= ~(0xf << qid * 4);
3341 mtw_write(sc, MTW_SKEY_MODE_0_7, tmp);
3342 }
3343
3344 if (disable) {
3345 /* disable radio */
3346 error = mtw_mcu_radio(sc, 0x30, 0x1);
3347 usbd_delay_ms(sc->sc_udev, 10);
3348 }
3349
3350 /* free Tx and Rx rings */
3351 sc->qfullmsk = 0;
3352 mtw_free_mcu_ring(sc);
3353 for (qid = 0; qid < MTW_TXQ_COUNT; qid++)
3354 mtw_free_tx_ring(sc, qid);
3355 mtw_free_rx_ring(sc, 0);
3356 }
3357