1 /* $OpenBSD: if_mtw.c,v 1.8 2023/03/08 04:43:08 guenther Exp $ */ 2 /* 3 * Copyright (c) 2008-2010 Damien Bergamini <damien.bergamini@free.fr> 4 * Copyright (c) 2013-2014 Kevin Lo 5 * Copyright (c) 2021 James Hastings 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * MediaTek MT7601U 802.11b/g/n WLAN. 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/mbuf.h> 29 #include <sys/kernel.h> 30 #include <sys/socket.h> 31 #include <sys/systm.h> 32 #include <sys/timeout.h> 33 #include <sys/conf.h> 34 #include <sys/device.h> 35 #include <sys/endian.h> 36 37 #include <machine/intr.h> 38 39 #if NBPFILTER > 0 40 #include <net/bpf.h> 41 #endif 42 #include <net/if.h> 43 #include <net/if_dl.h> 44 #include <net/if_media.h> 45 46 #include <netinet/in.h> 47 #include <netinet/if_ether.h> 48 49 #include <net80211/ieee80211_var.h> 50 #include <net80211/ieee80211_amrr.h> 51 #include <net80211/ieee80211_ra.h> 52 #include <net80211/ieee80211_radiotap.h> 53 54 #include <dev/usb/usb.h> 55 #include <dev/usb/usbdi.h> 56 #include <dev/usb/usbdi_util.h> 57 #include <dev/usb/usbdevs.h> 58 59 #include <dev/ic/mtwreg.h> 60 #include <dev/usb/if_mtwvar.h> 61 62 #ifdef MTW_DEBUG 63 #define DPRINTF(x) do { if (mtw_debug) printf x; } while (0) 64 #define DPRINTFN(n, x) do { if (mtw_debug >= (n)) printf x; } while (0) 65 int mtw_debug = 0; 66 #else 67 #define DPRINTF(x) 68 #define DPRINTFN(n, x) 69 #endif 70 71 #define USB_ID(v, p) { USB_VENDOR_##v, USB_PRODUCT_##v##_##p } 72 static const struct usb_devno mtw_devs[] = { 73 USB_ID(ASUS, USBN10V2), 74 USB_ID(AZUREWAVE, MT7601_1), 75 USB_ID(AZUREWAVE, MT7601_2), 76 USB_ID(DLINK, DWA127B1), 77 USB_ID(EDIMAX, EW7711UANV2), 78 USB_ID(MEDIATEK, MT7601_1), 79 USB_ID(MEDIATEK, MT7601_2), 80 USB_ID(RALINK, MT7601), 81 USB_ID(RALINK, MT7601_2), 82 USB_ID(RALINK, MT7601_3), 83 USB_ID(RALINK, MT7601_4), 84 USB_ID(RALINK, MT7601_5), 85 USB_ID(XIAOMI, MT7601U), 86 }; 87 88 int mtw_match(struct device *, void *, void *); 89 void mtw_attach(struct device *, struct device *, void *); 90 int mtw_detach(struct device *, int); 91 void mtw_attachhook(struct device *); 92 int mtw_alloc_rx_ring(struct mtw_softc *, int); 93 void mtw_free_rx_ring(struct mtw_softc *, int); 94 int mtw_alloc_tx_ring(struct mtw_softc *, int); 95 void mtw_free_tx_ring(struct mtw_softc *, int); 96 int mtw_alloc_mcu_ring(struct mtw_softc *); 97 void mtw_free_mcu_ring(struct mtw_softc *); 98 int mtw_ucode_write(struct mtw_softc *, const uint8_t *, 99 uint32_t, uint32_t); 100 void mtw_ucode_setup(struct mtw_softc *); 101 int mtw_load_microcode(struct mtw_softc *); 102 int mtw_reset(struct mtw_softc *); 103 int mtw_read(struct mtw_softc *, uint16_t, uint32_t *); 104 int mtw_read_cfg(struct mtw_softc *, uint16_t, uint32_t *); 105 int mtw_read_region_1(struct mtw_softc *, uint16_t, 106 uint8_t *, int); 107 int mtw_write_2(struct mtw_softc *, uint16_t, uint16_t); 108 int mtw_write(struct mtw_softc *, uint16_t, uint32_t); 109 int mtw_write_cfg(struct mtw_softc *, uint16_t, uint32_t); 110 int mtw_write_ivb(struct mtw_softc *, const uint8_t *, uint16_t); 111 int mtw_write_region_1(struct mtw_softc *, uint16_t, 112 uint8_t *, int); 113 int mtw_set_region_4(struct mtw_softc *, uint16_t, uint32_t, int); 114 int mtw_efuse_read_2(struct mtw_softc *, uint16_t, uint16_t *); 115 int mtw_eeprom_read_2(struct mtw_softc *, uint16_t, uint16_t *); 116 int mtw_rf_read(struct mtw_softc *, uint8_t, uint8_t, uint8_t *); 117 int mtw_rf_write(struct mtw_softc *, uint8_t, uint8_t, uint8_t); 118 int mtw_bbp_read(struct mtw_softc *, uint8_t, uint8_t *); 119 int mtw_bbp_write(struct mtw_softc *, uint8_t, uint8_t); 120 int mtw_usb_dma_read(struct mtw_softc *, uint32_t *); 121 int mtw_usb_dma_write(struct mtw_softc *, uint32_t); 122 int mtw_mcu_calibrate(struct mtw_softc *, int, uint32_t); 123 int mtw_mcu_channel(struct mtw_softc *, uint32_t, uint32_t, uint32_t); 124 int mtw_mcu_radio(struct mtw_softc *, int, uint32_t); 125 int mtw_mcu_cmd(struct mtw_softc *, int, void *, int); 126 const char * mtw_get_rf(int); 127 void mtw_get_txpower(struct mtw_softc *); 128 int mtw_read_eeprom(struct mtw_softc *); 129 struct ieee80211_node *mtw_node_alloc(struct ieee80211com *); 130 int mtw_media_change(struct ifnet *); 131 void mtw_next_scan(void *); 132 void mtw_task(void *); 133 void mtw_do_async(struct mtw_softc *, void (*)(struct mtw_softc *, 134 void *), void *, int); 135 int mtw_newstate(struct ieee80211com *, enum ieee80211_state, int); 136 void mtw_newstate_cb(struct mtw_softc *, void *); 137 void mtw_updateedca(struct ieee80211com *); 138 void mtw_updateedca_cb(struct mtw_softc *, void *); 139 void mtw_updateslot(struct ieee80211com *); 140 void mtw_updateslot_cb(struct mtw_softc *, void *); 141 int mtw_set_key(struct ieee80211com *, struct ieee80211_node *, 142 struct ieee80211_key *); 143 void mtw_set_key_cb(struct mtw_softc *, void *); 144 void mtw_delete_key(struct ieee80211com *, struct ieee80211_node *, 145 struct ieee80211_key *); 146 void mtw_delete_key_cb(struct mtw_softc *, void *); 147 void mtw_calibrate_to(void *); 148 void mtw_calibrate_cb(struct mtw_softc *, void *); 149 void mtw_newassoc(struct ieee80211com *, struct ieee80211_node *, 150 int); 151 void mtw_rx_frame(struct mtw_softc *, uint8_t *, int, 152 struct mbuf_list *); 153 void mtw_rxeof(struct usbd_xfer *, void *, usbd_status); 154 void mtw_txeof(struct usbd_xfer *, void *, usbd_status); 155 int mtw_tx(struct mtw_softc *, struct mbuf *, 156 struct ieee80211_node *); 157 void mtw_start(struct ifnet *); 158 void mtw_watchdog(struct ifnet *); 159 int mtw_ioctl(struct ifnet *, u_long, caddr_t); 160 void mtw_select_chan_group(struct mtw_softc *, int); 161 void mt7601_set_agc(struct mtw_softc *, uint8_t); 162 void mt7601_set_chan(struct mtw_softc *, u_int); 163 int mtw_set_chan(struct mtw_softc *, struct ieee80211_channel *); 164 void mtw_enable_tsf_sync(struct mtw_softc *); 165 void mtw_abort_tsf_sync(struct mtw_softc *); 166 void mtw_enable_mrr(struct mtw_softc *); 167 void mtw_set_txrts(struct mtw_softc *); 168 void mtw_set_txpreamble(struct mtw_softc *); 169 void mtw_set_basicrates(struct mtw_softc *); 170 void mtw_set_leds(struct mtw_softc *, uint16_t); 171 void mtw_set_bssid(struct mtw_softc *, const uint8_t *); 172 void mtw_set_macaddr(struct mtw_softc *, const uint8_t *); 173 #if NBPFILTER > 0 174 int8_t mtw_rssi2dbm(struct mtw_softc *, uint8_t, uint8_t); 175 #endif 176 int mt7601_bbp_init(struct mtw_softc *); 177 int mt7601_rf_init(struct mtw_softc *); 178 int mt7601_rf_setup(struct mtw_softc *); 179 int mt7601_rf_temperature(struct mtw_softc *, int8_t *); 180 int mt7601_r49_read(struct mtw_softc *, uint8_t, int8_t *); 181 int mt7601_rxdc_cal(struct mtw_softc *); 182 int mtw_wlan_enable(struct mtw_softc *, int); 183 int mtw_txrx_enable(struct mtw_softc *); 184 int mtw_init(struct ifnet *); 185 void mtw_stop(struct ifnet *, int); 186 187 struct cfdriver mtw_cd = { 188 NULL, "mtw", DV_IFNET 189 }; 190 191 const struct cfattach mtw_ca = { 192 sizeof (struct mtw_softc), mtw_match, mtw_attach, mtw_detach 193 }; 194 195 static const struct { 196 uint32_t reg; 197 uint32_t val; 198 } mt7601_def_mac[] = { 199 MT7601_DEF_MAC 200 }; 201 202 static const struct { 203 uint8_t reg; 204 uint8_t val; 205 } mt7601_def_bbp[] = { 206 MT7601_DEF_BBP 207 }; 208 209 static const struct { 210 u_int chan; 211 uint8_t r17, r18, r19, r20; 212 } mt7601_rf_chan[] = { 213 MT7601_RF_CHAN 214 }; 215 216 static const struct { 217 uint8_t reg; 218 uint8_t val; 219 } mt7601_rf_bank0[] = { 220 MT7601_BANK0_RF 221 },mt7601_rf_bank4[] = { 222 MT7601_BANK4_RF 223 },mt7601_rf_bank5[] = { 224 MT7601_BANK5_RF 225 }; 226 227 int 228 mtw_match(struct device *parent, void *match, void *aux) 229 { 230 struct usb_attach_arg *uaa = aux; 231 232 if (uaa->iface == NULL || uaa->configno != 1) 233 return UMATCH_NONE; 234 235 return (usb_lookup(mtw_devs, uaa->vendor, uaa->product) != NULL) ? 236 UMATCH_VENDOR_PRODUCT_CONF_IFACE : UMATCH_NONE; 237 } 238 239 void 240 mtw_attach(struct device *parent, struct device *self, void *aux) 241 { 242 struct mtw_softc *sc = (struct mtw_softc *)self; 243 struct usb_attach_arg *uaa = aux; 244 usb_interface_descriptor_t *id; 245 usb_endpoint_descriptor_t *ed; 246 int i, error, nrx, ntx, ntries; 247 uint32_t ver; 248 249 sc->sc_udev = uaa->device; 250 sc->sc_iface = uaa->iface; 251 252 /* 253 * Find all bulk endpoints. 254 */ 255 nrx = ntx = 0; 256 id = usbd_get_interface_descriptor(sc->sc_iface); 257 for (i = 0; i < id->bNumEndpoints; i++) { 258 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 259 if (ed == NULL || UE_GET_XFERTYPE(ed->bmAttributes) != UE_BULK) 260 continue; 261 262 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN) { 263 sc->rxq[nrx].pipe_no = ed->bEndpointAddress; 264 nrx++; 265 } else if (ntx < 6) { 266 if (ntx == 0) 267 sc->txq[MTW_TXQ_MCU].pipe_no = 268 ed->bEndpointAddress; 269 else 270 sc->txq[ntx - 1].pipe_no = 271 ed->bEndpointAddress; 272 ntx++; 273 } 274 } 275 /* make sure we've got them all */ 276 if (nrx < 2 || ntx < 6) { 277 printf("%s: missing endpoint\n", sc->sc_dev.dv_xname); 278 return; 279 } 280 281 /* wait for the chip to settle */ 282 for (ntries = 0; ntries < 100; ntries++) { 283 if ((error = mtw_read(sc, MTW_ASIC_VER, &ver)) != 0) 284 return; 285 if (ver != 0 && ver != 0xffffffff) 286 break; 287 DPRINTF(("%08x ", ver)); 288 DELAY(10); 289 } 290 if (ntries == 100) { 291 printf("%s: timeout waiting for NIC to initialize\n", 292 sc->sc_dev.dv_xname); 293 return; 294 } 295 296 sc->asic_ver = ver >> 16; 297 sc->asic_rev = ver & 0xffff; 298 299 usb_init_task(&sc->sc_task, mtw_task, sc, USB_TASK_TYPE_GENERIC); 300 timeout_set(&sc->scan_to, mtw_next_scan, sc); 301 timeout_set(&sc->calib_to, mtw_calibrate_to, sc); 302 303 sc->amrr.amrr_min_success_threshold = 1; 304 sc->amrr.amrr_max_success_threshold = 10; 305 306 config_mountroot(self, mtw_attachhook); 307 } 308 309 int 310 mtw_detach(struct device *self, int flags) 311 { 312 struct mtw_softc *sc = (struct mtw_softc *)self; 313 struct ifnet *ifp = &sc->sc_ic.ic_if; 314 int qid, s; 315 316 s = splusb(); 317 318 if (timeout_initialized(&sc->scan_to)) 319 timeout_del(&sc->scan_to); 320 if (timeout_initialized(&sc->calib_to)) 321 timeout_del(&sc->calib_to); 322 323 /* wait for all queued asynchronous commands to complete */ 324 usb_rem_wait_task(sc->sc_udev, &sc->sc_task); 325 326 usbd_ref_wait(sc->sc_udev); 327 328 if (ifp->if_softc != NULL) { 329 ifp->if_flags &= ~IFF_RUNNING; 330 ifq_clr_oactive(&ifp->if_snd); 331 ieee80211_ifdetach(ifp); 332 if_detach(ifp); 333 } 334 335 /* free rings and close pipes */ 336 mtw_free_mcu_ring(sc); 337 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) 338 mtw_free_tx_ring(sc, qid); 339 mtw_free_rx_ring(sc, 0); 340 mtw_free_rx_ring(sc, 1); 341 342 splx(s); 343 return 0; 344 } 345 346 void 347 mtw_attachhook(struct device *self) 348 { 349 struct mtw_softc *sc = (struct mtw_softc *)self; 350 struct ieee80211com *ic = &sc->sc_ic; 351 struct ifnet *ifp = &ic->ic_if; 352 uint32_t tmp; 353 int ntries, error, i; 354 355 if (usbd_is_dying(sc->sc_udev)) 356 return; 357 358 /* enable WLAN core */ 359 if ((error = mtw_wlan_enable(sc, 1)) != 0) { 360 printf("%s: could not enable WLAN core\n", 361 sc->sc_dev.dv_xname); 362 return; 363 } 364 365 /* load firmware */ 366 if ((error = mtw_load_microcode(sc)) != 0) { 367 printf("%s: could not load microcode\n", 368 sc->sc_dev.dv_xname); 369 goto fail; 370 } 371 372 mtw_usb_dma_read(sc, &tmp); 373 mtw_usb_dma_write(sc, tmp | (MTW_USB_RX_EN | MTW_USB_TX_EN)); 374 375 /* read MAC version */ 376 for (ntries = 0; ntries < 100; ntries++) { 377 if ((error = mtw_read(sc, MTW_MAC_VER_ID, &tmp)) != 0) 378 goto fail; 379 if (tmp != 0 && tmp != 0xffffffff) 380 break; 381 DELAY(10); 382 } 383 if (ntries == 100) { 384 printf("%s: failed reading MAC\n", sc->sc_dev.dv_xname); 385 goto fail; 386 } 387 388 sc->mac_ver = tmp >> 16; 389 sc->mac_rev = tmp & 0xffff; 390 391 /* retrieve RF rev. no and various other things from EEPROM */ 392 mtw_read_eeprom(sc); 393 394 printf("%s: MAC/BBP MT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), " 395 "address %s\n", sc->sc_dev.dv_xname, sc->mac_ver, 396 sc->mac_rev, mtw_get_rf(sc->rf_rev), sc->ntxchains, 397 sc->nrxchains, ether_sprintf(ic->ic_myaddr)); 398 399 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 400 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 401 ic->ic_state = IEEE80211_S_INIT; 402 403 /* set device capabilities */ 404 ic->ic_caps = 405 IEEE80211_C_MONITOR | /* monitor mode supported */ 406 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 407 IEEE80211_C_SHSLOT | /* short slot time supported */ 408 IEEE80211_C_WEP | /* WEP */ 409 IEEE80211_C_RSN; /* WPA/RSN */ 410 411 /* set supported .11b and .11g rates */ 412 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 413 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 414 415 /* set supported .11b and .11g channels (1 through 14) */ 416 for (i = 1; i <= 14; i++) { 417 ic->ic_channels[i].ic_freq = 418 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 419 ic->ic_channels[i].ic_flags = 420 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 421 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 422 } 423 424 ifp->if_softc = sc; 425 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 426 ifp->if_ioctl = mtw_ioctl; 427 ifp->if_start = mtw_start; 428 ifp->if_watchdog = mtw_watchdog; 429 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 430 431 if_attach(ifp); 432 ieee80211_ifattach(ifp); 433 ic->ic_node_alloc = mtw_node_alloc; 434 ic->ic_newassoc = mtw_newassoc; 435 ic->ic_updateslot = mtw_updateslot; 436 ic->ic_updateedca = mtw_updateedca; 437 ic->ic_set_key = mtw_set_key; 438 ic->ic_delete_key = mtw_delete_key; 439 440 /* override 802.11 state transition machine */ 441 sc->sc_newstate = ic->ic_newstate; 442 ic->ic_newstate = mtw_newstate; 443 ieee80211_media_init(ifp, mtw_media_change, ieee80211_media_status); 444 445 #if NBPFILTER > 0 446 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 447 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 448 449 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 450 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 451 sc->sc_rxtap.wr_ihdr.it_present = htole32(MTW_RX_RADIOTAP_PRESENT); 452 453 sc->sc_txtap_len = sizeof sc->sc_txtapu; 454 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 455 sc->sc_txtap.wt_ihdr.it_present = htole32(MTW_TX_RADIOTAP_PRESENT); 456 #endif 457 fail: 458 return; 459 } 460 461 int 462 mtw_alloc_rx_ring(struct mtw_softc *sc, int qid) 463 { 464 struct mtw_rx_ring *rxq = &sc->rxq[qid]; 465 int i, error; 466 467 if ((error = usbd_open_pipe(sc->sc_iface, rxq->pipe_no, 0, 468 &rxq->pipeh)) != 0) 469 goto fail; 470 471 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 472 struct mtw_rx_data *data = &rxq->data[i]; 473 474 data->sc = sc; /* backpointer for callbacks */ 475 476 data->xfer = usbd_alloc_xfer(sc->sc_udev); 477 if (data->xfer == NULL) { 478 error = ENOMEM; 479 goto fail; 480 } 481 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_RXSZ); 482 if (data->buf == NULL) { 483 error = ENOMEM; 484 goto fail; 485 } 486 } 487 if (error != 0) 488 fail: mtw_free_rx_ring(sc, 0); 489 return error; 490 } 491 492 void 493 mtw_free_rx_ring(struct mtw_softc *sc, int qid) 494 { 495 struct mtw_rx_ring *rxq = &sc->rxq[qid]; 496 int i; 497 498 if (rxq->pipeh != NULL) { 499 usbd_close_pipe(rxq->pipeh); 500 rxq->pipeh = NULL; 501 } 502 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 503 if (rxq->data[i].xfer != NULL) 504 usbd_free_xfer(rxq->data[i].xfer); 505 rxq->data[i].xfer = NULL; 506 } 507 } 508 509 int 510 mtw_alloc_tx_ring(struct mtw_softc *sc, int qid) 511 { 512 struct mtw_tx_ring *txq = &sc->txq[qid]; 513 int i, error; 514 uint16_t txwisize; 515 516 txwisize = sizeof(struct mtw_txwi); 517 518 txq->cur = txq->queued = 0; 519 520 if ((error = usbd_open_pipe(sc->sc_iface, txq->pipe_no, 0, 521 &txq->pipeh)) != 0) 522 goto fail; 523 524 for (i = 0; i < MTW_TX_RING_COUNT; i++) { 525 struct mtw_tx_data *data = &txq->data[i]; 526 527 data->sc = sc; /* backpointer for callbacks */ 528 data->qid = qid; 529 530 data->xfer = usbd_alloc_xfer(sc->sc_udev); 531 if (data->xfer == NULL) { 532 error = ENOMEM; 533 goto fail; 534 } 535 536 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ); 537 if (data->buf == NULL) { 538 error = ENOMEM; 539 goto fail; 540 } 541 542 /* zeroize the TXD + TXWI part */ 543 memset(data->buf, 0, MTW_MAX_TXSZ); 544 } 545 if (error != 0) 546 fail: mtw_free_tx_ring(sc, qid); 547 return error; 548 } 549 550 void 551 mtw_free_tx_ring(struct mtw_softc *sc, int qid) 552 { 553 struct mtw_tx_ring *txq = &sc->txq[qid]; 554 int i; 555 556 if (txq->pipeh != NULL) { 557 usbd_close_pipe(txq->pipeh); 558 txq->pipeh = NULL; 559 } 560 for (i = 0; i < MTW_TX_RING_COUNT; i++) { 561 if (txq->data[i].xfer != NULL) 562 usbd_free_xfer(txq->data[i].xfer); 563 txq->data[i].xfer = NULL; 564 } 565 } 566 567 int 568 mtw_alloc_mcu_ring(struct mtw_softc *sc) 569 { 570 struct mtw_tx_ring *ring = &sc->sc_mcu; 571 struct mtw_tx_data *data = &ring->data[0]; 572 int error = 0; 573 574 ring->cur = ring->queued = 0; 575 576 data->sc = sc; /* backpointer for callbacks */ 577 data->qid = 5; 578 579 data->xfer = usbd_alloc_xfer(sc->sc_udev); 580 if (data->xfer == NULL) { 581 error = ENOMEM; 582 goto fail; 583 } 584 585 data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ); 586 if (data->buf == NULL) { 587 error = ENOMEM; 588 goto fail; 589 } 590 /* zeroize the TXD */ 591 memset(data->buf, 0, 4); 592 593 if (error != 0) 594 fail: mtw_free_mcu_ring(sc); 595 return error; 596 597 598 } 599 void 600 mtw_free_mcu_ring(struct mtw_softc *sc) 601 { 602 struct mtw_tx_ring *txq = &sc->sc_mcu; 603 604 if (txq->data[0].xfer != NULL) 605 usbd_free_xfer(txq->data[0].xfer); 606 txq->data[0].xfer = NULL; 607 } 608 609 int 610 mtw_ucode_write(struct mtw_softc *sc, const uint8_t *fw, uint32_t len, 611 uint32_t offset) 612 { 613 struct mtw_tx_ring *ring = &sc->txq[MTW_TXQ_MCU]; 614 struct usbd_xfer *xfer; 615 struct mtw_txd *txd; 616 uint8_t *buf; 617 uint32_t blksz, sent, tmp, xferlen; 618 int error; 619 620 blksz = 0x2000; 621 if (sc->asic_ver == 0x7612 && offset >= 0x90000) 622 blksz = 0x800; /* MT7612 ROM Patch */ 623 624 xfer = usbd_alloc_xfer(sc->sc_udev); 625 if (xfer == NULL) { 626 error = ENOMEM; 627 goto fail; 628 } 629 buf = usbd_alloc_buffer(xfer, blksz + 12); 630 if (buf == NULL) { 631 error = ENOMEM; 632 goto fail; 633 } 634 635 sent = 0; 636 for (;;) { 637 xferlen = min(len - sent, blksz); 638 if (xferlen == 0) 639 break; 640 641 txd = (struct mtw_txd *)buf; 642 txd->len = htole16(xferlen); 643 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_MCU); 644 645 memcpy(buf + sizeof(struct mtw_txd), fw + sent, xferlen); 646 memset(buf + sizeof(struct mtw_txd) + xferlen, 0, MTW_DMA_PAD); 647 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, offset + sent); 648 mtw_write_cfg(sc, MTW_MCU_DMA_LEN, (xferlen << 16)); 649 650 usbd_setup_xfer(xfer, ring->pipeh, NULL, buf, 651 xferlen + sizeof(struct mtw_txd) + MTW_DMA_PAD, 652 USBD_SHORT_XFER_OK | USBD_SYNCHRONOUS | USBD_NO_COPY, 653 MTW_TX_TIMEOUT, NULL); 654 if ((error = usbd_transfer(xfer)) != 0) 655 break; 656 657 mtw_read(sc, MTW_MCU_FW_IDX, &tmp); 658 mtw_write(sc, MTW_MCU_FW_IDX, tmp++); 659 660 sent += xferlen; 661 } 662 fail: 663 if (xfer != NULL) { 664 usbd_free_xfer(xfer); 665 xfer = NULL; 666 } 667 return error; 668 } 669 670 void 671 mtw_ucode_setup(struct mtw_softc *sc) 672 { 673 mtw_usb_dma_write(sc, (MTW_USB_TX_EN | MTW_USB_RX_EN)); 674 mtw_write(sc, MTW_FCE_PSE_CTRL, 1); 675 mtw_write(sc, MTW_TX_CPU_FCE_BASE, 0x400230); 676 mtw_write(sc, MTW_TX_CPU_FCE_MAX_COUNT, 1); 677 mtw_write(sc, MTW_MCU_FW_IDX, 1); 678 mtw_write(sc, MTW_FCE_PDMA, 0x44); 679 mtw_write(sc, MTW_FCE_SKIP_FS, 3); 680 } 681 682 int 683 mtw_load_microcode(struct mtw_softc *sc) 684 { 685 const struct mtw_ucode_hdr *hdr; 686 const struct mtw_ucode *fw; 687 const char *fwname; 688 u_char *ucode; 689 size_t size; 690 uint32_t tmp, iofs, dofs; 691 int ntries, error; 692 int dlen, ilen; 693 694 /* is firmware already running? */ 695 mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp); 696 if (tmp == MTW_MCU_READY) 697 return 0; 698 699 /* open MCU pipe */ 700 if ((error = usbd_open_pipe(sc->sc_iface, sc->txq[MTW_TXQ_MCU].pipe_no, 701 0, &sc->txq[MTW_TXQ_MCU].pipeh)) != 0) 702 return error; 703 704 if (sc->asic_ver == 0x7612) { 705 fwname = "mtw-mt7662u_rom_patch"; 706 707 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 708 printf("%s: failed loadfirmware of file %s (error %d)\n", 709 sc->sc_dev.dv_xname, fwname, error); 710 return error; 711 } 712 fw = (const struct mtw_ucode *) ucode + 0x1e; 713 ilen = size - 0x1e; 714 715 mtw_ucode_setup(sc); 716 717 if ((error = mtw_ucode_write(sc, fw->data, ilen, 0x90000)) != 0) 718 goto fail; 719 720 mtw_usb_dma_write(sc, 0x00e41814); 721 free(ucode, M_DEVBUF, size); 722 } 723 724 fwname = "mtw-mt7601u"; 725 iofs = 0x40; 726 dofs = 0; 727 if (sc->asic_ver == 0x7612) { 728 fwname = "mtw-mt7662u"; 729 iofs = 0x80040; 730 dofs = 0x110800; 731 } else if (sc->asic_ver == 0x7610) { 732 fwname = "mtw-mt7610u"; 733 dofs = 0x80000; 734 } 735 736 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 737 printf("%s: failed loadfirmware of file %s (error %d)\n", 738 sc->sc_dev.dv_xname, fwname, error); 739 return error; 740 } 741 742 if (size < sizeof(struct mtw_ucode_hdr)) { 743 printf("%s: firmware header too short\n", 744 sc->sc_dev.dv_xname); 745 goto fail; 746 } 747 748 fw = (const struct mtw_ucode *) ucode; 749 hdr = (const struct mtw_ucode_hdr *) &fw->hdr; 750 751 if (size < sizeof(struct mtw_ucode_hdr) + letoh32(hdr->ilm_len) + 752 letoh32(hdr->dlm_len)) { 753 printf("%s: firmware payload too short\n", 754 sc->sc_dev.dv_xname); 755 goto fail; 756 } 757 758 ilen = le32toh(hdr->ilm_len) - MTW_MCU_IVB_LEN; 759 dlen = le32toh(hdr->dlm_len); 760 761 if (ilen > size || dlen > size) { 762 printf("%s: firmware payload too large\n", 763 sc->sc_dev.dv_xname); 764 goto fail; 765 } 766 767 mtw_write(sc, MTW_FCE_PDMA, 0); 768 mtw_write(sc, MTW_FCE_PSE_CTRL, 0); 769 mtw_ucode_setup(sc); 770 771 if ((error = mtw_ucode_write(sc, fw->data, ilen, iofs)) != 0) 772 goto fail; 773 if (dlen > 0 && dofs > 0) { 774 if ((error = mtw_ucode_write(sc, fw->data + ilen, 775 dlen, dofs)) != 0) 776 goto fail; 777 } 778 779 /* write interrupt vectors */ 780 if (sc->asic_ver == 0x7612) { 781 /* MT7612 */ 782 if ((error = mtw_ucode_write(sc, fw->ivb, 783 MTW_MCU_IVB_LEN, 0x80000)) != 0) 784 goto fail; 785 mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, 0x00095000); 786 mtw_write_ivb(sc, NULL, 0); 787 } else { 788 /* MT7601/MT7610 */ 789 if ((error = mtw_write_ivb(sc, fw->ivb, 790 MTW_MCU_IVB_LEN)) != 0) 791 goto fail; 792 } 793 794 /* wait until microcontroller is ready */ 795 usbd_delay_ms(sc->sc_udev, 10); 796 797 for (ntries = 0; ntries < 100; ntries++) { 798 if ((error = mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp)) != 0) 799 return error; 800 if (tmp & MTW_MCU_READY) 801 break; 802 usbd_delay_ms(sc->sc_udev, 100); 803 } 804 805 if (ntries == 100) { 806 printf("%s: timeout waiting for MCU to initialize\n", 807 sc->sc_dev.dv_xname); 808 error = ETIMEDOUT; 809 } 810 811 DPRINTF(("%s: loaded firmware ver %d.%d\n", sc->sc_dev.dv_xname, 812 le16toh(hdr->build_ver), le16toh(hdr->fw_ver))); 813 fail: 814 free(ucode, M_DEVBUF, size); 815 usbd_close_pipe(sc->txq[MTW_TXQ_MCU].pipeh); 816 sc->txq[MTW_TXQ_MCU].pipeh = NULL; 817 return error; 818 } 819 820 int 821 mtw_reset(struct mtw_softc *sc) 822 { 823 usb_device_request_t req; 824 825 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 826 req.bRequest = MTW_RESET; 827 USETW(req.wValue, 1); 828 USETW(req.wIndex, 0); 829 USETW(req.wLength, 0); 830 return usbd_do_request(sc->sc_udev, &req, NULL); 831 } 832 833 int 834 mtw_read(struct mtw_softc *sc, uint16_t reg, uint32_t *val) 835 { 836 uint32_t tmp; 837 int error; 838 839 error = mtw_read_region_1(sc, reg, 840 (uint8_t *)&tmp, sizeof tmp); 841 if (error == 0) 842 *val = letoh32(tmp); 843 else 844 *val = 0xffffffff; 845 return error; 846 } 847 848 int 849 mtw_read_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t *val) 850 { 851 usb_device_request_t req; 852 uint32_t tmp; 853 int error; 854 855 req.bmRequestType = UT_READ_VENDOR_DEVICE; 856 req.bRequest = MTW_READ_CFG; 857 USETW(req.wValue, 0); 858 USETW(req.wIndex, reg); 859 USETW(req.wLength, 4); 860 error = usbd_do_request(sc->sc_udev, &req, &tmp); 861 862 if (error == 0) 863 *val = letoh32(tmp); 864 else 865 *val = 0xffffffff; 866 return error; 867 } 868 869 int 870 mtw_read_region_1(struct mtw_softc *sc, uint16_t reg, 871 uint8_t *buf, int len) 872 { 873 usb_device_request_t req; 874 875 req.bmRequestType = UT_READ_VENDOR_DEVICE; 876 req.bRequest = MTW_READ_REGION_1; 877 USETW(req.wValue, 0); 878 USETW(req.wIndex, reg); 879 USETW(req.wLength, len); 880 return usbd_do_request(sc->sc_udev, &req, buf); 881 } 882 883 int 884 mtw_write_2(struct mtw_softc *sc, uint16_t reg, uint16_t val) 885 { 886 usb_device_request_t req; 887 888 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 889 req.bRequest = MTW_WRITE_2; 890 USETW(req.wValue, val); 891 USETW(req.wIndex, reg); 892 USETW(req.wLength, 0); 893 return usbd_do_request(sc->sc_udev, &req, NULL); 894 } 895 896 int 897 mtw_write(struct mtw_softc *sc, uint16_t reg, uint32_t val) 898 { 899 int error; 900 901 if ((error = mtw_write_2(sc, reg, val & 0xffff)) == 0) 902 error = mtw_write_2(sc, reg + 2, val >> 16); 903 return error; 904 } 905 906 int 907 mtw_write_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t val) 908 { 909 usb_device_request_t req; 910 int error; 911 912 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 913 req.bRequest = MTW_WRITE_CFG; 914 USETW(req.wValue, 0); 915 USETW(req.wIndex, reg); 916 USETW(req.wLength, 4); 917 val = htole32(val); 918 error = usbd_do_request(sc->sc_udev, &req, &val); 919 return error; 920 } 921 922 int 923 mtw_write_ivb(struct mtw_softc *sc, const uint8_t *buf, uint16_t len) 924 { 925 usb_device_request_t req; 926 927 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 928 req.bRequest = MTW_RESET; 929 USETW(req.wValue, 0x12); 930 USETW(req.wIndex, 0); 931 USETW(req.wLength, len); 932 return usbd_do_request(sc->sc_udev, &req, (void *)buf); 933 } 934 935 int 936 mtw_write_region_1(struct mtw_softc *sc, uint16_t reg, 937 uint8_t *buf, int len) 938 { 939 usb_device_request_t req; 940 941 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 942 req.bRequest = MTW_WRITE_REGION_1; 943 USETW(req.wValue, 0); 944 USETW(req.wIndex, reg); 945 USETW(req.wLength, len); 946 return usbd_do_request(sc->sc_udev, &req, buf); 947 } 948 949 int 950 mtw_set_region_4(struct mtw_softc *sc, uint16_t reg, uint32_t val, int count) 951 { 952 int error = 0; 953 954 for (; count > 0 && error == 0; count--, reg += 4) 955 error = mtw_write(sc, reg, val); 956 return error; 957 } 958 959 /* Read 16-bit from eFUSE ROM. */ 960 int 961 mtw_efuse_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 962 { 963 uint32_t tmp; 964 uint16_t reg; 965 int error, ntries; 966 967 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0) 968 return error; 969 970 addr *= 2; 971 /* 972 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 973 * DATA0: 3 2 1 0 974 * DATA1: 7 6 5 4 975 * DATA2: B A 9 8 976 * DATA3: F E D C 977 */ 978 tmp &= ~(MTW_EFSROM_MODE_MASK | MTW_EFSROM_AIN_MASK); 979 tmp |= (addr & ~0xf) << MTW_EFSROM_AIN_SHIFT | MTW_EFSROM_KICK; 980 mtw_write(sc, MTW_EFUSE_CTRL, tmp); 981 for (ntries = 0; ntries < 100; ntries++) { 982 if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0) 983 return error; 984 if (!(tmp & MTW_EFSROM_KICK)) 985 break; 986 DELAY(2); 987 } 988 if (ntries == 100) 989 return ETIMEDOUT; 990 991 if ((tmp & MTW_EFUSE_AOUT_MASK) == MTW_EFUSE_AOUT_MASK) { 992 *val = 0xffff; /* address not found */ 993 return 0; 994 } 995 /* determine to which 32-bit register our 16-bit word belongs */ 996 reg = MTW_EFUSE_DATA0 + (addr & 0xc); 997 if ((error = mtw_read(sc, reg, &tmp)) != 0) 998 return error; 999 1000 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1001 return 0; 1002 } 1003 1004 int 1005 mtw_eeprom_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 1006 { 1007 usb_device_request_t req; 1008 uint16_t tmp; 1009 int error; 1010 1011 addr *= 2; 1012 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1013 req.bRequest = MTW_EEPROM_READ; 1014 USETW(req.wValue, 0); 1015 USETW(req.wIndex, addr); 1016 USETW(req.wLength, sizeof tmp); 1017 error = usbd_do_request(sc->sc_udev, &req, &tmp); 1018 if (error == 0) 1019 *val = letoh16(tmp); 1020 else 1021 *val = 0xffff; 1022 return error; 1023 } 1024 1025 static __inline int 1026 mtw_srom_read(struct mtw_softc *sc, uint16_t addr, uint16_t *val) 1027 { 1028 /* either eFUSE ROM or EEPROM */ 1029 return sc->sc_srom_read(sc, addr, val); 1030 } 1031 1032 int 1033 mtw_rf_read(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t *val) 1034 { 1035 uint32_t tmp; 1036 int error, ntries, shift; 1037 1038 for (ntries = 0; ntries < 100; ntries++) { 1039 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1040 return error; 1041 if (!(tmp & MTW_RF_CSR_KICK)) 1042 break; 1043 } 1044 if (ntries == 100) 1045 return ETIMEDOUT; 1046 1047 if (sc->mac_ver == 0x7601) 1048 shift = MT7601_BANK_SHIFT; 1049 else 1050 shift = MT7610_BANK_SHIFT; 1051 1052 tmp = MTW_RF_CSR_KICK | (bank & 0xf) << shift | reg << 8; 1053 if ((error = mtw_write(sc, MTW_RF_CSR, tmp)) != 0) 1054 return error; 1055 1056 for (ntries = 0; ntries < 100; ntries++) { 1057 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1058 return error; 1059 if (!(tmp & MTW_RF_CSR_KICK)) 1060 break; 1061 } 1062 if (ntries == 100) 1063 return ETIMEDOUT; 1064 1065 *val = tmp & 0xff; 1066 return 0; 1067 } 1068 1069 int 1070 mtw_rf_write(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t val) 1071 { 1072 uint32_t tmp; 1073 int error, ntries, shift; 1074 1075 for (ntries = 0; ntries < 10; ntries++) { 1076 if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0) 1077 return error; 1078 if (!(tmp & MTW_RF_CSR_KICK)) 1079 break; 1080 } 1081 if (ntries == 10) 1082 return ETIMEDOUT; 1083 1084 if (sc->mac_ver == 0x7601) 1085 shift = MT7601_BANK_SHIFT; 1086 else 1087 shift = MT7610_BANK_SHIFT; 1088 1089 tmp = MTW_RF_CSR_WRITE | MTW_RF_CSR_KICK | (bank & 0xf) << shift | 1090 reg << 8 | val; 1091 return mtw_write(sc, MTW_RF_CSR, tmp); 1092 } 1093 1094 int 1095 mtw_bbp_read(struct mtw_softc *sc, uint8_t reg, uint8_t *val) 1096 { 1097 uint32_t tmp; 1098 int ntries, error; 1099 1100 for (ntries = 0; ntries < 10; ntries++) { 1101 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1102 return error; 1103 if (!(tmp & MTW_BBP_CSR_KICK)) 1104 break; 1105 } 1106 if (ntries == 10) 1107 return ETIMEDOUT; 1108 1109 tmp = MTW_BBP_CSR_READ | MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT; 1110 if ((error = mtw_write(sc, MTW_BBP_CSR, tmp)) != 0) 1111 return error; 1112 1113 for (ntries = 0; ntries < 10; ntries++) { 1114 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1115 return error; 1116 if (!(tmp & MTW_BBP_CSR_KICK)) 1117 break; 1118 } 1119 if (ntries == 10) 1120 return ETIMEDOUT; 1121 1122 *val = tmp & 0xff; 1123 return 0; 1124 } 1125 1126 int 1127 mtw_bbp_write(struct mtw_softc *sc, uint8_t reg, uint8_t val) 1128 { 1129 uint32_t tmp; 1130 int ntries, error; 1131 1132 for (ntries = 0; ntries < 10; ntries++) { 1133 if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0) 1134 return error; 1135 if (!(tmp & MTW_BBP_CSR_KICK)) 1136 break; 1137 } 1138 if (ntries == 10) 1139 return ETIMEDOUT; 1140 1141 tmp = MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT | val; 1142 return mtw_write(sc, MTW_BBP_CSR, tmp); 1143 } 1144 1145 int 1146 mtw_usb_dma_read(struct mtw_softc *sc, uint32_t *val) 1147 { 1148 if (sc->asic_ver == 0x7612) 1149 return mtw_read_cfg(sc, MTW_USB_U3DMA_CFG, val); 1150 else 1151 return mtw_read(sc, MTW_USB_DMA_CFG, val); 1152 } 1153 1154 int 1155 mtw_usb_dma_write(struct mtw_softc *sc, uint32_t val) 1156 { 1157 if (sc->asic_ver == 0x7612) 1158 return mtw_write_cfg(sc, MTW_USB_U3DMA_CFG, val); 1159 else 1160 return mtw_write(sc, MTW_USB_DMA_CFG, val); 1161 } 1162 1163 int 1164 mtw_mcu_calibrate(struct mtw_softc *sc, int func, uint32_t val) 1165 { 1166 struct mtw_mcu_cmd_8 cmd; 1167 1168 cmd.func = htole32(func); 1169 cmd.val = htole32(val); 1170 return mtw_mcu_cmd(sc, 31, &cmd, sizeof(struct mtw_mcu_cmd_8)); 1171 } 1172 1173 int 1174 mtw_mcu_channel(struct mtw_softc *sc, uint32_t r1, uint32_t r2, uint32_t r4) 1175 { 1176 struct mtw_mcu_cmd_16 cmd; 1177 1178 cmd.r1 = htole32(r1); 1179 cmd.r2 = htole32(r2); 1180 cmd.r3 = 0; 1181 cmd.r4 = htole32(r4); 1182 return mtw_mcu_cmd(sc, 30, &cmd, sizeof(struct mtw_mcu_cmd_16)); 1183 } 1184 1185 int 1186 mtw_mcu_radio(struct mtw_softc *sc, int func, uint32_t val) 1187 { 1188 struct mtw_mcu_cmd_16 cmd; 1189 1190 cmd.r1 = htole32(func); 1191 cmd.r2 = htole32(val); 1192 cmd.r3 = 0; 1193 cmd.r4 = 0; 1194 return mtw_mcu_cmd(sc, 20, &cmd, sizeof(struct mtw_mcu_cmd_16)); 1195 } 1196 1197 int 1198 mtw_mcu_cmd(struct mtw_softc *sc, int cmd, void *buf, int len) 1199 { 1200 struct mtw_tx_ring *ring = &sc->sc_mcu; 1201 struct mtw_tx_data *data = &ring->data[0]; 1202 struct mtw_txd *txd; 1203 int xferlen; 1204 1205 txd = (struct mtw_txd *)(data->buf); 1206 txd->len = htole16(len); 1207 txd->flags = htole16(MTW_TXD_CMD | MTW_TXD_MCU | 1208 (cmd & 0x1f) << MTW_TXD_CMD_SHIFT | (sc->cmd_seq & 0xf)); 1209 1210 memcpy(&txd[1], buf, len); 1211 memset(&txd[1] + len, 0, MTW_DMA_PAD); 1212 xferlen = len + sizeof(struct mtw_txd) + MTW_DMA_PAD; 1213 1214 usbd_setup_xfer(data->xfer, sc->txq[MTW_TXQ_MCU].pipeh, 1215 NULL, data->buf, xferlen, 1216 USBD_SHORT_XFER_OK | USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS, 1217 MTW_TX_TIMEOUT, NULL); 1218 return usbd_transfer(data->xfer); 1219 } 1220 1221 /* 1222 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1223 * Used to adjust per-rate Tx power registers. 1224 */ 1225 static __inline uint32_t 1226 b4inc(uint32_t b32, int8_t delta) 1227 { 1228 int8_t i, b4; 1229 1230 for (i = 0; i < 8; i++) { 1231 b4 = b32 & 0xf; 1232 b4 += delta; 1233 if (b4 < 0) 1234 b4 = 0; 1235 else if (b4 > 0xf) 1236 b4 = 0xf; 1237 b32 = b32 >> 4 | b4 << 28; 1238 } 1239 return b32; 1240 } 1241 1242 const char * 1243 mtw_get_rf(int rev) 1244 { 1245 switch (rev) { 1246 case MT7601_RF_7601: return "MT7601"; 1247 case MT7610_RF_7610: return "MT7610"; 1248 case MT7612_RF_7612: return "MT7612"; 1249 } 1250 return "unknown"; 1251 } 1252 1253 void 1254 mtw_get_txpower(struct mtw_softc *sc) 1255 { 1256 uint16_t val; 1257 int i; 1258 1259 /* Read power settings for 2GHz channels. */ 1260 for (i = 0; i < 14; i += 2) { 1261 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1262 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1263 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1264 mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1265 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1266 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1267 } 1268 /* Fix broken Tx power entries. */ 1269 for (i = 0; i < 14; i++) { 1270 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1271 sc->txpow1[i] = 5; 1272 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1273 sc->txpow2[i] = 5; 1274 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1275 mt7601_rf_chan[i].chan, sc->txpow1[i], sc->txpow2[i])); 1276 } 1277 #if 0 1278 /* Read power settings for 5GHz channels. */ 1279 for (i = 0; i < 40; i += 2) { 1280 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1281 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1282 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1283 1284 mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1285 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1286 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1287 } 1288 /* Fix broken Tx power entries. */ 1289 for (i = 0; i < 40; i++ ) { 1290 if (sc->mac_ver != 0x5592) { 1291 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1292 sc->txpow1[14 + i] = 5; 1293 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1294 sc->txpow2[14 + i] = 5; 1295 } 1296 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1297 mt7601_rf_chan[14 + i].chan, sc->txpow1[14 + i], 1298 sc->txpow2[14 + i])); 1299 } 1300 #endif 1301 } 1302 1303 int 1304 mtw_read_eeprom(struct mtw_softc *sc) 1305 { 1306 struct ieee80211com *ic = &sc->sc_ic; 1307 int8_t delta_2ghz, delta_5ghz; 1308 uint16_t val; 1309 int ridx, ant; 1310 1311 sc->sc_srom_read = mtw_efuse_read_2; 1312 1313 /* read RF information */ 1314 mtw_srom_read(sc, MTW_EEPROM_CHIPID, &val); 1315 sc->rf_rev = val; 1316 mtw_srom_read(sc, MTW_EEPROM_ANTENNA, &val); 1317 sc->ntxchains = (val >> 4) & 0xf; 1318 sc->nrxchains = val & 0xf; 1319 DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1320 sc->rf_rev, sc->ntxchains, sc->nrxchains)); 1321 1322 /* read ROM version */ 1323 mtw_srom_read(sc, MTW_EEPROM_VERSION, &val); 1324 DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8)); 1325 1326 /* read MAC address */ 1327 mtw_srom_read(sc, MTW_EEPROM_MAC01, &val); 1328 ic->ic_myaddr[0] = val & 0xff; 1329 ic->ic_myaddr[1] = val >> 8; 1330 mtw_srom_read(sc, MTW_EEPROM_MAC23, &val); 1331 ic->ic_myaddr[2] = val & 0xff; 1332 ic->ic_myaddr[3] = val >> 8; 1333 mtw_srom_read(sc, MTW_EEPROM_MAC45, &val); 1334 ic->ic_myaddr[4] = val & 0xff; 1335 ic->ic_myaddr[5] = val >> 8; 1336 #if 0 1337 printf("eFUSE ROM\n00: "); 1338 for (int i = 0; i < 256; i++) { 1339 if (((i % 8) == 0) && i > 0) 1340 printf("\n%02x: ", i); 1341 mtw_srom_read(sc, i, &val); 1342 printf(" %04x", val); 1343 } 1344 printf("\n"); 1345 #endif 1346 /* check if RF supports automatic Tx access gain control */ 1347 mtw_srom_read(sc, MTW_EEPROM_CONFIG, &val); 1348 DPRINTF(("EEPROM CFG 0x%04x\n", val)); 1349 if ((val & 0xff) != 0xff) { 1350 sc->ext_5ghz_lna = (val >> 3) & 1; 1351 sc->ext_2ghz_lna = (val >> 2) & 1; 1352 /* check if RF supports automatic Tx access gain control */ 1353 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1354 /* check if we have a hardware radio switch */ 1355 sc->rfswitch = val & 1; 1356 } 1357 1358 /* read RF frequency offset from EEPROM */ 1359 mtw_srom_read(sc, MTW_EEPROM_FREQ_OFFSET, &val); 1360 if ((val & 0xff) != 0xff) 1361 sc->rf_freq_offset = val; 1362 else 1363 sc->rf_freq_offset = 0; 1364 DPRINTF(("frequency offset 0x%x\n", sc->rf_freq_offset)); 1365 1366 /* Read Tx power settings. */ 1367 mtw_get_txpower(sc); 1368 1369 /* read Tx power compensation for each Tx rate */ 1370 mtw_srom_read(sc, MTW_EEPROM_DELTAPWR, &val); 1371 delta_2ghz = delta_5ghz = 0; 1372 if ((val & 0xff) != 0xff && (val & 0x80)) { 1373 delta_2ghz = val & 0xf; 1374 if (!(val & 0x40)) /* negative number */ 1375 delta_2ghz = -delta_2ghz; 1376 } 1377 val >>= 8; 1378 if ((val & 0xff) != 0xff && (val & 0x80)) { 1379 delta_5ghz = val & 0xf; 1380 if (!(val & 0x40)) /* negative number */ 1381 delta_5ghz = -delta_5ghz; 1382 } 1383 DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n", 1384 delta_2ghz, delta_5ghz)); 1385 1386 for (ridx = 0; ridx < 5; ridx++) { 1387 uint32_t reg; 1388 1389 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2, &val); 1390 reg = val; 1391 mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2 + 1, &val); 1392 reg |= (uint32_t)val << 16; 1393 1394 sc->txpow20mhz[ridx] = reg; 1395 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1396 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1397 1398 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1399 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1400 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx])); 1401 } 1402 1403 /* read RSSI offsets and LNA gains from EEPROM */ 1404 val = 0; 1405 mtw_srom_read(sc, MTW_EEPROM_RSSI1_2GHZ, &val); 1406 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1407 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1408 mtw_srom_read(sc, MTW_EEPROM_RSSI2_2GHZ, &val); 1409 /* 1410 * On RT3070 chips (limited to 2 Rx chains), this ROM 1411 * field contains the Tx mixer gain for the 2GHz band. 1412 */ 1413 if ((val & 0xff) != 0xff) 1414 sc->txmixgain_2ghz = val & 0x7; 1415 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz)); 1416 sc->lna[2] = val >> 8; /* channel group 2 */ 1417 mtw_srom_read(sc, MTW_EEPROM_RSSI1_5GHZ, &val); 1418 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1419 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1420 mtw_srom_read(sc, MTW_EEPROM_RSSI2_5GHZ, &val); 1421 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1422 1423 sc->lna[3] = val >> 8; /* channel group 3 */ 1424 1425 mtw_srom_read(sc, MTW_EEPROM_LNA, &val); 1426 sc->lna[0] = val & 0xff; /* channel group 0 */ 1427 sc->lna[1] = val >> 8; /* channel group 1 */ 1428 DPRINTF(("LNA0 0x%x\n", sc->lna[0])); 1429 1430 /* fix broken 5GHz LNA entries */ 1431 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1432 DPRINTF(("invalid LNA for channel group %d\n", 2)); 1433 sc->lna[2] = sc->lna[1]; 1434 } 1435 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1436 DPRINTF(("invalid LNA for channel group %d\n", 3)); 1437 sc->lna[3] = sc->lna[1]; 1438 } 1439 1440 /* fix broken RSSI offset entries */ 1441 for (ant = 0; ant < 3; ant++) { 1442 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1443 DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n", 1444 ant + 1, sc->rssi_2ghz[ant])); 1445 sc->rssi_2ghz[ant] = 0; 1446 } 1447 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1448 DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n", 1449 ant + 1, sc->rssi_5ghz[ant])); 1450 sc->rssi_5ghz[ant] = 0; 1451 } 1452 } 1453 return 0; 1454 } 1455 1456 struct ieee80211_node * 1457 mtw_node_alloc(struct ieee80211com *ic) 1458 { 1459 struct mtw_node *mn; 1460 1461 mn = malloc(sizeof (struct mtw_node), M_USBDEV, M_NOWAIT | M_ZERO); 1462 return (struct ieee80211_node *)mn; 1463 } 1464 1465 int 1466 mtw_media_change(struct ifnet *ifp) 1467 { 1468 struct mtw_softc *sc = ifp->if_softc; 1469 struct ieee80211com *ic = &sc->sc_ic; 1470 uint8_t rate, ridx; 1471 int error; 1472 1473 error = ieee80211_media_change(ifp); 1474 if (error != ENETRESET) 1475 return error; 1476 1477 if (ic->ic_fixed_rate != -1) { 1478 rate = ic->ic_sup_rates[ic->ic_curmode]. 1479 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1480 for (ridx = 0; ridx <= MTW_RIDX_MAX; ridx++) 1481 if (rt2860_rates[ridx].rate == rate) 1482 break; 1483 sc->fixed_ridx = ridx; 1484 } 1485 1486 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1487 (IFF_UP | IFF_RUNNING)) { 1488 mtw_stop(ifp, 0); 1489 error = mtw_init(ifp); 1490 } 1491 return error; 1492 } 1493 1494 void 1495 mtw_next_scan(void *arg) 1496 { 1497 struct mtw_softc *sc = arg; 1498 int s; 1499 1500 if (usbd_is_dying(sc->sc_udev)) 1501 return; 1502 1503 usbd_ref_incr(sc->sc_udev); 1504 1505 s = splnet(); 1506 if (sc->sc_ic.ic_state == IEEE80211_S_SCAN) 1507 ieee80211_next_scan(&sc->sc_ic.ic_if); 1508 splx(s); 1509 1510 usbd_ref_decr(sc->sc_udev); 1511 } 1512 1513 void 1514 mtw_task(void *arg) 1515 { 1516 struct mtw_softc *sc = arg; 1517 struct mtw_host_cmd_ring *ring = &sc->cmdq; 1518 struct mtw_host_cmd *cmd; 1519 int s; 1520 1521 if (usbd_is_dying(sc->sc_udev)) 1522 return; 1523 1524 /* process host commands */ 1525 s = splusb(); 1526 while (ring->next != ring->cur) { 1527 cmd = &ring->cmd[ring->next]; 1528 splx(s); 1529 /* callback */ 1530 cmd->cb(sc, cmd->data); 1531 s = splusb(); 1532 ring->queued--; 1533 ring->next = (ring->next + 1) % MTW_HOST_CMD_RING_COUNT; 1534 } 1535 splx(s); 1536 } 1537 1538 void 1539 mtw_do_async(struct mtw_softc *sc, void (*cb)(struct mtw_softc *, void *), 1540 void *arg, int len) 1541 { 1542 struct mtw_host_cmd_ring *ring = &sc->cmdq; 1543 struct mtw_host_cmd *cmd; 1544 int s; 1545 1546 if (usbd_is_dying(sc->sc_udev)) 1547 return; 1548 1549 s = splusb(); 1550 cmd = &ring->cmd[ring->cur]; 1551 cmd->cb = cb; 1552 KASSERT(len <= sizeof (cmd->data)); 1553 memcpy(cmd->data, arg, len); 1554 ring->cur = (ring->cur + 1) % MTW_HOST_CMD_RING_COUNT; 1555 1556 /* if there is no pending command already, schedule a task */ 1557 if (++ring->queued == 1) 1558 usb_add_task(sc->sc_udev, &sc->sc_task); 1559 splx(s); 1560 } 1561 1562 int 1563 mtw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1564 { 1565 struct mtw_softc *sc = ic->ic_softc; 1566 struct mtw_cmd_newstate cmd; 1567 1568 /* do it in a process context */ 1569 cmd.state = nstate; 1570 cmd.arg = arg; 1571 mtw_do_async(sc, mtw_newstate_cb, &cmd, sizeof cmd); 1572 return 0; 1573 } 1574 1575 void 1576 mtw_newstate_cb(struct mtw_softc *sc, void *arg) 1577 { 1578 struct mtw_cmd_newstate *cmd = arg; 1579 struct ieee80211com *ic = &sc->sc_ic; 1580 enum ieee80211_state ostate; 1581 struct ieee80211_node *ni; 1582 uint32_t sta[3]; 1583 uint8_t wcid; 1584 int s; 1585 1586 s = splnet(); 1587 ostate = ic->ic_state; 1588 1589 if (ostate == IEEE80211_S_RUN) { 1590 /* turn link LED on */ 1591 mtw_set_leds(sc, MTW_LED_MODE_ON); 1592 } 1593 1594 switch (cmd->state) { 1595 case IEEE80211_S_INIT: 1596 if (ostate == IEEE80211_S_RUN) { 1597 /* abort TSF synchronization */ 1598 mtw_abort_tsf_sync(sc); 1599 } 1600 break; 1601 1602 case IEEE80211_S_SCAN: 1603 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1604 if (!usbd_is_dying(sc->sc_udev)) 1605 timeout_add_msec(&sc->scan_to, 200); 1606 break; 1607 1608 case IEEE80211_S_AUTH: 1609 case IEEE80211_S_ASSOC: 1610 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1611 break; 1612 1613 case IEEE80211_S_RUN: 1614 mtw_set_chan(sc, ic->ic_bss->ni_chan); 1615 1616 ni = ic->ic_bss; 1617 1618 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1619 mtw_updateslot(ic); 1620 mtw_enable_mrr(sc); 1621 mtw_set_txpreamble(sc); 1622 mtw_set_basicrates(sc); 1623 mtw_set_bssid(sc, ni->ni_bssid); 1624 } 1625 if (ic->ic_opmode == IEEE80211_M_STA) { 1626 /* add BSS entry to the WCID table */ 1627 wcid = MTW_AID2WCID(ni->ni_associd); 1628 mtw_write_region_1(sc, MTW_WCID_ENTRY(wcid), 1629 ni->ni_macaddr, IEEE80211_ADDR_LEN); 1630 1631 /* fake a join to init the tx rate */ 1632 mtw_newassoc(ic, ni, 1); 1633 } 1634 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1635 mtw_enable_tsf_sync(sc); 1636 1637 /* clear statistic registers used by AMRR */ 1638 mtw_read_region_1(sc, MTW_TX_STA_CNT0, 1639 (uint8_t *)sta, sizeof sta); 1640 /* start calibration timer */ 1641 if (!usbd_is_dying(sc->sc_udev)) 1642 timeout_add_sec(&sc->calib_to, 1); 1643 } 1644 1645 /* turn link LED on */ 1646 mtw_set_leds(sc, MTW_LED_MODE_BLINK_TX); 1647 break; 1648 } 1649 (void)sc->sc_newstate(ic, cmd->state, cmd->arg); 1650 splx(s); 1651 } 1652 1653 void 1654 mtw_updateedca(struct ieee80211com *ic) 1655 { 1656 /* do it in a process context */ 1657 mtw_do_async(ic->ic_softc, mtw_updateedca_cb, NULL, 0); 1658 } 1659 1660 void 1661 mtw_updateedca_cb(struct mtw_softc *sc, void *arg) 1662 { 1663 struct ieee80211com *ic = &sc->sc_ic; 1664 int s, aci; 1665 1666 s = splnet(); 1667 /* update MAC TX configuration registers */ 1668 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 1669 mtw_write(sc, MTW_EDCA_AC_CFG(aci), 1670 ic->ic_edca_ac[aci].ac_ecwmax << 16 | 1671 ic->ic_edca_ac[aci].ac_ecwmin << 12 | 1672 ic->ic_edca_ac[aci].ac_aifsn << 8 | 1673 ic->ic_edca_ac[aci].ac_txoplimit); 1674 } 1675 1676 /* update SCH/DMA registers too */ 1677 mtw_write(sc, MTW_WMM_AIFSN_CFG, 1678 ic->ic_edca_ac[EDCA_AC_VO].ac_aifsn << 12 | 1679 ic->ic_edca_ac[EDCA_AC_VI].ac_aifsn << 8 | 1680 ic->ic_edca_ac[EDCA_AC_BK].ac_aifsn << 4 | 1681 ic->ic_edca_ac[EDCA_AC_BE].ac_aifsn); 1682 mtw_write(sc, MTW_WMM_CWMIN_CFG, 1683 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmin << 12 | 1684 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmin << 8 | 1685 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmin << 4 | 1686 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmin); 1687 mtw_write(sc, MTW_WMM_CWMAX_CFG, 1688 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmax << 12 | 1689 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmax << 8 | 1690 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmax << 4 | 1691 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmax); 1692 mtw_write(sc, MTW_WMM_TXOP0_CFG, 1693 ic->ic_edca_ac[EDCA_AC_BK].ac_txoplimit << 16 | 1694 ic->ic_edca_ac[EDCA_AC_BE].ac_txoplimit); 1695 mtw_write(sc, MTW_WMM_TXOP1_CFG, 1696 ic->ic_edca_ac[EDCA_AC_VO].ac_txoplimit << 16 | 1697 ic->ic_edca_ac[EDCA_AC_VI].ac_txoplimit); 1698 splx(s); 1699 } 1700 1701 void 1702 mtw_updateslot(struct ieee80211com *ic) 1703 { 1704 /* do it in a process context */ 1705 mtw_do_async(ic->ic_softc, mtw_updateslot_cb, NULL, 0); 1706 } 1707 1708 void 1709 mtw_updateslot_cb(struct mtw_softc *sc, void *arg) 1710 { 1711 uint32_t tmp; 1712 1713 mtw_read(sc, MTW_BKOFF_SLOT_CFG, &tmp); 1714 tmp &= ~0xff; 1715 tmp |= (sc->sc_ic.ic_flags & IEEE80211_F_SHSLOT) ? 1716 IEEE80211_DUR_DS_SHSLOT : IEEE80211_DUR_DS_SLOT; 1717 mtw_write(sc, MTW_BKOFF_SLOT_CFG, tmp); 1718 } 1719 1720 int 1721 mtw_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1722 struct ieee80211_key *k) 1723 { 1724 struct mtw_softc *sc = ic->ic_softc; 1725 struct mtw_cmd_key cmd; 1726 1727 /* defer setting of WEP keys until interface is brought up */ 1728 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) != 1729 (IFF_UP | IFF_RUNNING)) 1730 return 0; 1731 1732 /* do it in a process context */ 1733 cmd.key = *k; 1734 cmd.ni = ni; 1735 mtw_do_async(sc, mtw_set_key_cb, &cmd, sizeof cmd); 1736 sc->sc_key_tasks++; 1737 return EBUSY; 1738 } 1739 1740 void 1741 mtw_set_key_cb(struct mtw_softc *sc, void *arg) 1742 { 1743 struct ieee80211com *ic = &sc->sc_ic; 1744 struct mtw_cmd_key *cmd = arg; 1745 struct ieee80211_key *k = &cmd->key; 1746 uint32_t attr; 1747 uint16_t base; 1748 uint8_t mode, wcid, iv[8]; 1749 1750 sc->sc_key_tasks--; 1751 1752 /* map net80211 cipher to RT2860 security mode */ 1753 switch (k->k_cipher) { 1754 case IEEE80211_CIPHER_WEP40: 1755 mode = MTW_MODE_WEP40; 1756 break; 1757 case IEEE80211_CIPHER_WEP104: 1758 mode = MTW_MODE_WEP104; 1759 break; 1760 case IEEE80211_CIPHER_TKIP: 1761 mode = MTW_MODE_TKIP; 1762 break; 1763 case IEEE80211_CIPHER_CCMP: 1764 mode = MTW_MODE_AES_CCMP; 1765 break; 1766 default: 1767 if (cmd->ni != NULL) { 1768 IEEE80211_SEND_MGMT(ic, cmd->ni, 1769 IEEE80211_FC0_SUBTYPE_DEAUTH, 1770 IEEE80211_REASON_AUTH_LEAVE); 1771 } 1772 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1773 return; 1774 } 1775 1776 if (k->k_flags & IEEE80211_KEY_GROUP) { 1777 wcid = 0; /* NB: update WCID0 for group keys */ 1778 base = MTW_SKEY(0, k->k_id); 1779 } else { 1780 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0; 1781 base = MTW_PKEY(wcid); 1782 } 1783 1784 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1785 mtw_write_region_1(sc, base, k->k_key, 16); 1786 mtw_write_region_1(sc, base + 16, &k->k_key[24], 8); 1787 mtw_write_region_1(sc, base + 24, &k->k_key[16], 8); 1788 } else { 1789 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 1790 mtw_write_region_1(sc, base, k->k_key, (k->k_len + 1) & ~1); 1791 } 1792 1793 if (!(k->k_flags & IEEE80211_KEY_GROUP) || 1794 (k->k_flags & IEEE80211_KEY_TX)) { 1795 /* set initial packet number in IV+EIV */ 1796 if (k->k_cipher == IEEE80211_CIPHER_WEP40 || 1797 k->k_cipher == IEEE80211_CIPHER_WEP104) { 1798 memset(iv, 0, sizeof iv); 1799 iv[3] = sc->sc_ic.ic_def_txkey << 6; 1800 } else { 1801 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1802 iv[0] = k->k_tsc >> 8; 1803 iv[1] = (iv[0] | 0x20) & 0x7f; 1804 iv[2] = k->k_tsc; 1805 } else /* CCMP */ { 1806 iv[0] = k->k_tsc; 1807 iv[1] = k->k_tsc >> 8; 1808 iv[2] = 0; 1809 } 1810 iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1811 iv[4] = k->k_tsc >> 16; 1812 iv[5] = k->k_tsc >> 24; 1813 iv[6] = k->k_tsc >> 32; 1814 iv[7] = k->k_tsc >> 40; 1815 } 1816 mtw_write_region_1(sc, MTW_IVEIV(wcid), iv, 8); 1817 } 1818 1819 if (k->k_flags & IEEE80211_KEY_GROUP) { 1820 /* install group key */ 1821 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr); 1822 attr &= ~(0xf << (k->k_id * 4)); 1823 attr |= mode << (k->k_id * 4); 1824 mtw_write(sc, MTW_SKEY_MODE_0_7, attr); 1825 1826 if (k->k_cipher & (IEEE80211_CIPHER_WEP104 | 1827 IEEE80211_CIPHER_WEP40)) { 1828 mtw_read(sc, MTW_WCID_ATTR(wcid + 1), &attr); 1829 attr = (attr & ~0xf) | (mode << 1); 1830 mtw_write(sc, MTW_WCID_ATTR(wcid + 1), attr); 1831 1832 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 4); 1833 1834 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1835 attr = (attr & ~0xf) | (mode << 1); 1836 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1837 } 1838 } else { 1839 /* install pairwise key */ 1840 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1841 attr = (attr & ~0xf) | (mode << 1) | MTW_RX_PKEY_EN; 1842 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1843 } 1844 1845 if (sc->sc_key_tasks == 0) { 1846 if (cmd->ni != NULL) 1847 cmd->ni->ni_port_valid = 1; 1848 ieee80211_set_link_state(ic, LINK_STATE_UP); 1849 } 1850 } 1851 1852 void 1853 mtw_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1854 struct ieee80211_key *k) 1855 { 1856 struct mtw_softc *sc = ic->ic_softc; 1857 struct mtw_cmd_key cmd; 1858 1859 if (!(ic->ic_if.if_flags & IFF_RUNNING) || 1860 ic->ic_state != IEEE80211_S_RUN) 1861 return; /* nothing to do */ 1862 1863 /* do it in a process context */ 1864 cmd.key = *k; 1865 cmd.ni = ni; 1866 mtw_do_async(sc, mtw_delete_key_cb, &cmd, sizeof cmd); 1867 } 1868 1869 void 1870 mtw_delete_key_cb(struct mtw_softc *sc, void *arg) 1871 { 1872 struct mtw_cmd_key *cmd = arg; 1873 struct ieee80211_key *k = &cmd->key; 1874 uint32_t attr; 1875 uint8_t wcid; 1876 1877 if (k->k_flags & IEEE80211_KEY_GROUP) { 1878 /* remove group key */ 1879 mtw_read(sc, MTW_SKEY_MODE_0_7, &attr); 1880 attr &= ~(0xf << (k->k_id * 4)); 1881 mtw_write(sc, MTW_SKEY_MODE_0_7, attr); 1882 1883 } else { 1884 /* remove pairwise key */ 1885 wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0; 1886 mtw_read(sc, MTW_WCID_ATTR(wcid), &attr); 1887 attr &= ~0xf; 1888 mtw_write(sc, MTW_WCID_ATTR(wcid), attr); 1889 } 1890 } 1891 1892 void 1893 mtw_calibrate_to(void *arg) 1894 { 1895 /* do it in a process context */ 1896 mtw_do_async(arg, mtw_calibrate_cb, NULL, 0); 1897 /* next timeout will be rescheduled in the calibration task */ 1898 } 1899 1900 void 1901 mtw_calibrate_cb(struct mtw_softc *sc, void *arg) 1902 { 1903 struct ifnet *ifp = &sc->sc_ic.ic_if; 1904 uint32_t sta[3]; 1905 int s, error; 1906 1907 /* read statistic counters (clear on read) and update AMRR state */ 1908 error = mtw_read_region_1(sc, MTW_TX_STA_CNT0, (uint8_t *)sta, 1909 sizeof sta); 1910 if (error != 0) 1911 goto skip; 1912 1913 DPRINTF(("retrycnt=%d txcnt=%d failcnt=%d\n", 1914 letoh32(sta[1]) >> 16, letoh32(sta[1]) & 0xffff, 1915 letoh32(sta[0]) & 0xffff)); 1916 1917 s = splnet(); 1918 /* count failed TX as errors */ 1919 ifp->if_oerrors += letoh32(sta[0]) & 0xffff; 1920 1921 sc->amn.amn_retrycnt = 1922 (letoh32(sta[0]) & 0xffff) + /* failed TX count */ 1923 (letoh32(sta[1]) >> 16); /* TX retransmission count */ 1924 1925 sc->amn.amn_txcnt = 1926 sc->amn.amn_retrycnt + 1927 (letoh32(sta[1]) & 0xffff); /* successful TX count */ 1928 1929 ieee80211_amrr_choose(&sc->amrr, sc->sc_ic.ic_bss, &sc->amn); 1930 1931 splx(s); 1932 skip: 1933 if (!usbd_is_dying(sc->sc_udev)) 1934 timeout_add_sec(&sc->calib_to, 1); 1935 } 1936 1937 void 1938 mtw_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1939 { 1940 struct mtw_softc *sc = ic->ic_softc; 1941 struct mtw_node *mn = (void *)ni; 1942 struct ieee80211_rateset *rs = &ni->ni_rates; 1943 uint8_t rate; 1944 int ridx, i, j; 1945 1946 DPRINTF(("new assoc isnew=%d addr=%s\n", 1947 isnew, ether_sprintf(ni->ni_macaddr))); 1948 1949 ieee80211_amrr_node_init(&sc->amrr, &sc->amn); 1950 1951 /* start at lowest available bit-rate, AMRR will raise */ 1952 ni->ni_txrate = 0; 1953 1954 for (i = 0; i < rs->rs_nrates; i++) { 1955 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 1956 /* convert 802.11 rate to hardware rate index */ 1957 for (ridx = 0; ridx < MTW_RIDX_MAX; ridx++) 1958 if (rt2860_rates[ridx].rate == rate) 1959 break; 1960 mn->ridx[i] = ridx; 1961 /* determine rate of control response frames */ 1962 for (j = i; j >= 0; j--) { 1963 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 1964 rt2860_rates[mn->ridx[i]].phy == 1965 rt2860_rates[mn->ridx[j]].phy) 1966 break; 1967 } 1968 if (j >= 0) { 1969 mn->ctl_ridx[i] = mn->ridx[j]; 1970 } else { 1971 /* no basic rate found, use mandatory one */ 1972 mn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 1973 } 1974 DPRINTF(("rate=0x%02x ridx=%d ctl_ridx=%d\n", 1975 rs->rs_rates[i], mn->ridx[i], mn->ctl_ridx[i])); 1976 } 1977 } 1978 1979 /* 1980 * Return the Rx chain with the highest RSSI for a given frame. 1981 */ 1982 static __inline uint8_t 1983 mtw_maxrssi_chain(struct mtw_softc *sc, const struct mtw_rxwi *rxwi) 1984 { 1985 uint8_t rxchain = 0; 1986 1987 if (sc->nrxchains > 1) { 1988 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 1989 rxchain = 1; 1990 } 1991 return rxchain; 1992 } 1993 1994 void 1995 mtw_rx_frame(struct mtw_softc *sc, uint8_t *buf, int dmalen, 1996 struct mbuf_list *ml) 1997 { 1998 struct ieee80211com *ic = &sc->sc_ic; 1999 struct ifnet *ifp = &ic->ic_if; 2000 struct ieee80211_frame *wh; 2001 struct ieee80211_rxinfo rxi; 2002 struct ieee80211_node *ni; 2003 struct mtw_rxwi *rxwi; 2004 struct mbuf *m; 2005 uint32_t flags; 2006 uint16_t len; 2007 #if NBPFILTER > 0 2008 uint16_t phy; 2009 #endif 2010 uint16_t rxwisize; 2011 uint8_t ant, rssi; 2012 int s; 2013 2014 /* Rx Wireless Information */ 2015 rxwi = (struct mtw_rxwi *)(buf); 2016 rxwisize = sizeof(struct mtw_rxwi); 2017 len = letoh16(rxwi->len) & 0xfff; 2018 2019 if (__predict_false(len > dmalen)) { 2020 DPRINTF(("bad RXWI length %u > %u\n", len, dmalen)); 2021 return; 2022 } 2023 if (len > MCLBYTES) { 2024 DPRINTF(("frame too large (length=%d)\n", len)); 2025 ifp->if_ierrors++; 2026 return; 2027 } 2028 2029 flags = letoh32(rxwi->flags); 2030 if (__predict_false(flags & (MTW_RX_CRCERR | MTW_RX_ICVERR))) { 2031 ifp->if_ierrors++; 2032 return; 2033 } 2034 if (__predict_false((flags & MTW_RX_MICERR))) { 2035 /* report MIC failures to net80211 for TKIP */ 2036 ic->ic_stats.is_rx_locmicfail++; 2037 ieee80211_michael_mic_failure(ic, 0/* XXX */); 2038 ifp->if_ierrors++; 2039 return; 2040 } 2041 2042 wh = (struct ieee80211_frame *)(buf + rxwisize); 2043 memset(&rxi, 0, sizeof(rxi)); 2044 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2045 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2046 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 2047 } 2048 2049 if (flags & MTW_RX_L2PAD) { 2050 u_int hdrlen = ieee80211_get_hdrlen(wh); 2051 memmove((caddr_t)wh + 2, wh, hdrlen); 2052 wh = (struct ieee80211_frame *)((caddr_t)wh + 2); 2053 } 2054 2055 /* could use m_devget but net80211 wants contig mgmt frames */ 2056 MGETHDR(m, M_DONTWAIT, MT_DATA); 2057 if (__predict_false(m == NULL)) { 2058 ifp->if_ierrors++; 2059 return; 2060 } 2061 if (len > MHLEN) { 2062 MCLGET(m, M_DONTWAIT); 2063 if (__predict_false(!(m->m_flags & M_EXT))) { 2064 ifp->if_ierrors++; 2065 m_freem(m); 2066 return; 2067 } 2068 } 2069 /* finalize mbuf */ 2070 memcpy(mtod(m, caddr_t), wh, len); 2071 m->m_pkthdr.len = m->m_len = len; 2072 2073 ant = mtw_maxrssi_chain(sc, rxwi); 2074 rssi = rxwi->rssi[ant]; 2075 2076 #if NBPFILTER > 0 2077 if (__predict_false(sc->sc_drvbpf != NULL)) { 2078 struct mtw_rx_radiotap_header *tap = &sc->sc_rxtap; 2079 struct mbuf mb; 2080 2081 tap->wr_flags = 0; 2082 tap->wr_chan_freq = htole16(ic->ic_ibss_chan->ic_freq); 2083 tap->wr_chan_flags = htole16(ic->ic_ibss_chan->ic_flags); 2084 tap->wr_antsignal = rssi; 2085 tap->wr_antenna = ant; 2086 tap->wr_dbm_antsignal = mtw_rssi2dbm(sc, rssi, ant); 2087 tap->wr_rate = 2; /* in case it can't be found below */ 2088 phy = letoh16(rxwi->phy); 2089 switch (phy >> MT7601_PHY_SHIFT) { 2090 case MTW_PHY_CCK: 2091 switch ((phy & MTW_PHY_MCS) & ~MTW_PHY_SHPRE) { 2092 case 0: tap->wr_rate = 2; break; 2093 case 1: tap->wr_rate = 4; break; 2094 case 2: tap->wr_rate = 11; break; 2095 case 3: tap->wr_rate = 22; break; 2096 } 2097 if (phy & MTW_PHY_SHPRE) 2098 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2099 break; 2100 case MTW_PHY_OFDM: 2101 switch (phy & MTW_PHY_MCS) { 2102 case 0: tap->wr_rate = 12; break; 2103 case 1: tap->wr_rate = 18; break; 2104 case 2: tap->wr_rate = 24; break; 2105 case 3: tap->wr_rate = 36; break; 2106 case 4: tap->wr_rate = 48; break; 2107 case 5: tap->wr_rate = 72; break; 2108 case 6: tap->wr_rate = 96; break; 2109 case 7: tap->wr_rate = 108; break; 2110 } 2111 break; 2112 } 2113 mb.m_data = (caddr_t)tap; 2114 mb.m_len = sc->sc_rxtap_len; 2115 mb.m_next = m; 2116 mb.m_nextpkt = NULL; 2117 mb.m_type = 0; 2118 mb.m_flags = 0; 2119 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 2120 } 2121 #endif 2122 2123 s = splnet(); 2124 ni = ieee80211_find_rxnode(ic, wh); 2125 rxi.rxi_rssi = rssi; 2126 ieee80211_inputm(ifp, m, ni, &rxi, ml); 2127 2128 /* node is no longer needed */ 2129 ieee80211_release_node(ic, ni); 2130 splx(s); 2131 } 2132 2133 void 2134 mtw_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) 2135 { 2136 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 2137 struct mtw_rx_data *data = priv; 2138 struct mtw_softc *sc = data->sc; 2139 uint8_t *buf; 2140 uint32_t dmalen; 2141 int xferlen; 2142 2143 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 2144 DPRINTF(("RX status=%d\n", status)); 2145 if (status == USBD_STALLED) 2146 usbd_clear_endpoint_stall_async(sc->rxq[0].pipeh); 2147 if (status != USBD_CANCELLED) 2148 goto skip; 2149 return; 2150 } 2151 2152 usbd_get_xfer_status(xfer, NULL, NULL, &xferlen, NULL); 2153 2154 if (__predict_false(xferlen < sizeof(uint32_t) + 2155 sizeof (struct mtw_rxwi) + sizeof(struct mtw_rxd))) { 2156 DPRINTF(("RX xfer too short %d\n", xferlen)); 2157 goto skip; 2158 } 2159 2160 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2161 buf = data->buf; 2162 while (xferlen > 8) { 2163 dmalen = letoh32(*(uint32_t *)buf) & MTW_RXD_LEN; 2164 if (__predict_false(dmalen == 0 || (dmalen & 3) != 0)) { 2165 DPRINTF(("bad DMA length %u\n", dmalen)); 2166 break; 2167 } 2168 if (__predict_false(dmalen + 8 > xferlen)) { 2169 DPRINTF(("bad DMA length %u > %d\n", 2170 dmalen + 8, xferlen)); 2171 break; 2172 } 2173 mtw_rx_frame(sc, buf + sizeof(struct mtw_rxd), dmalen, &ml); 2174 buf += dmalen + 8; 2175 xferlen -= dmalen + 8; 2176 } 2177 if_input(&sc->sc_ic.ic_if, &ml); 2178 2179 skip: /* setup a new transfer */ 2180 usbd_setup_xfer(xfer, sc->rxq[0].pipeh, data, data->buf, MTW_MAX_RXSZ, 2181 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, mtw_rxeof); 2182 (void)usbd_transfer(data->xfer); 2183 } 2184 2185 void 2186 mtw_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status) 2187 { 2188 struct mtw_tx_data *data = priv; 2189 struct mtw_softc *sc = data->sc; 2190 struct mtw_tx_ring *txq = &sc->txq[data->qid]; 2191 struct ifnet *ifp = &sc->sc_ic.ic_if; 2192 int s; 2193 2194 if (usbd_is_dying(sc->sc_udev)) 2195 return; 2196 2197 s = splnet(); 2198 txq->queued--; 2199 sc->qfullmsk &= ~(1 << data->qid); 2200 2201 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 2202 DPRINTF(("TX status=%d\n", status)); 2203 if (status == USBD_STALLED) 2204 usbd_clear_endpoint_stall_async(txq->pipeh); 2205 ifp->if_oerrors++; 2206 splx(s); 2207 return; 2208 } 2209 2210 sc->sc_tx_timer = 0; 2211 2212 if (ifq_is_oactive(&ifp->if_snd)) { 2213 ifq_clr_oactive(&ifp->if_snd); 2214 mtw_start(ifp); 2215 } 2216 2217 splx(s); 2218 } 2219 2220 int 2221 mtw_tx(struct mtw_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2222 { 2223 struct ieee80211com *ic = &sc->sc_ic; 2224 struct mtw_node *mn = (void *)ni; 2225 struct ieee80211_frame *wh; 2226 struct mtw_tx_ring *ring; 2227 struct mtw_tx_data *data; 2228 struct mtw_txd *txd; 2229 struct mtw_txwi *txwi; 2230 uint16_t qos, dur; 2231 uint16_t txwisize; 2232 uint8_t type, mcs, tid, qid; 2233 int error, hasqos, ridx, ctl_ridx, xferlen; 2234 2235 wh = mtod(m, struct ieee80211_frame *); 2236 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2237 2238 /* select queue */ 2239 if ((hasqos = ieee80211_has_qos(wh))) { 2240 qos = ieee80211_get_qos(wh); 2241 tid = qos & IEEE80211_QOS_TID; 2242 qid = ieee80211_up_to_ac(ic, tid); 2243 } else { 2244 qos = 0; 2245 tid = 0; 2246 qid = EDCA_AC_BE; 2247 } 2248 2249 /* management frames go to MCU queue */ 2250 if (type == IEEE80211_FC0_TYPE_MGT) 2251 qid = MTW_TXQ_MCU; 2252 2253 ring = &sc->txq[qid]; 2254 data = &ring->data[ring->cur]; 2255 2256 /* pickup a rate index */ 2257 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2258 type != IEEE80211_FC0_TYPE_DATA) { 2259 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2260 MTW_RIDX_OFDM6 : MTW_RIDX_CCK1; 2261 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2262 } else if (ic->ic_fixed_rate != -1) { 2263 ridx = sc->fixed_ridx; 2264 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2265 } else { 2266 ridx = mn->ridx[ni->ni_txrate]; 2267 ctl_ridx = mn->ctl_ridx[ni->ni_txrate]; 2268 } 2269 2270 txwisize = sizeof(struct mtw_txwi); 2271 xferlen = txwisize + m->m_pkthdr.len; 2272 2273 /* roundup to 32-bit alignment */ 2274 xferlen = (xferlen + 3) & ~3; 2275 2276 /* setup TX descriptor */ 2277 txd = (struct mtw_txd *)data->buf; 2278 txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_80211 | 2279 MTW_TXD_WLAN | MTW_TXD_QSEL_EDCA); 2280 2281 if (type != IEEE80211_FC0_TYPE_DATA) 2282 txd->flags |= htole16(MTW_TXD_WIV); 2283 txd->len = htole16(xferlen); 2284 xferlen += sizeof(struct mtw_txd); 2285 2286 /* get MCS code from rate index */ 2287 mcs = rt2860_rates[ridx].mcs; 2288 2289 /* setup TX Wireless Information */ 2290 txwi = (struct mtw_txwi *)(txd + 1); 2291 txwi->flags = 0; 2292 txwi->xflags = hasqos ? 0 : MTW_TX_NSEQ; 2293 txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ? 2294 MTW_AID2WCID(ni->ni_associd) : 0xff; 2295 txwi->len = htole16(m->m_pkthdr.len); 2296 txwi->txop = MTW_TX_TXOP_BACKOFF; 2297 2298 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2299 txwi->phy = htole16(MTW_PHY_CCK << MT7601_PHY_SHIFT); 2300 if (ridx != MTW_RIDX_CCK1 && 2301 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2302 mcs |= MTW_PHY_SHPRE; 2303 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 2304 txwi->phy = htole16(MTW_PHY_OFDM << MT7601_PHY_SHIFT); 2305 txwi->phy |= htole16(mcs); 2306 2307 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2308 (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 2309 IEEE80211_QOS_ACK_POLICY_NOACK)) { 2310 txwi->xflags |= MTW_TX_ACK; 2311 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2312 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 2313 else 2314 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 2315 *(uint16_t *)wh->i_dur = htole16(dur); 2316 } 2317 2318 #if NBPFILTER > 0 2319 if (__predict_false(sc->sc_drvbpf != NULL)) { 2320 struct mtw_tx_radiotap_header *tap = &sc->sc_txtap; 2321 struct mbuf mb; 2322 2323 tap->wt_flags = 0; 2324 tap->wt_rate = rt2860_rates[ridx].rate; 2325 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 2326 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 2327 if (mcs & MTW_PHY_SHPRE) 2328 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2329 2330 mb.m_data = (caddr_t)tap; 2331 mb.m_len = sc->sc_txtap_len; 2332 mb.m_next = m; 2333 mb.m_nextpkt = NULL; 2334 mb.m_type = 0; 2335 mb.m_flags = 0; 2336 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 2337 } 2338 #endif 2339 /* copy payload */ 2340 m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)txwi + txwisize); 2341 m_freem(m); 2342 2343 /* 4-byte pad */ 2344 memset(data->buf + xferlen, 0, MTW_DMA_PAD); 2345 xferlen += MTW_DMA_PAD; 2346 2347 usbd_setup_xfer(data->xfer, ring->pipeh, data, data->buf, 2348 xferlen, USBD_FORCE_SHORT_XFER | USBD_NO_COPY, 2349 MTW_TX_TIMEOUT, mtw_txeof); 2350 error = usbd_transfer(data->xfer); 2351 if (__predict_false(error != USBD_IN_PROGRESS && error != 0)) 2352 return error; 2353 2354 ieee80211_release_node(ic, ni); 2355 2356 ring->cur = (ring->cur + 1) % MTW_TX_RING_COUNT; 2357 if (++ring->queued >= MTW_TX_RING_COUNT) 2358 sc->qfullmsk |= 1 << qid; 2359 return 0; 2360 } 2361 2362 void 2363 mtw_start(struct ifnet *ifp) 2364 { 2365 struct mtw_softc *sc = ifp->if_softc; 2366 struct ieee80211com *ic = &sc->sc_ic; 2367 struct ieee80211_node *ni; 2368 struct mbuf *m; 2369 2370 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 2371 return; 2372 2373 for (;;) { 2374 if (sc->qfullmsk != 0) { 2375 ifq_set_oactive(&ifp->if_snd); 2376 break; 2377 } 2378 2379 /* send pending management frames first */ 2380 m = mq_dequeue(&ic->ic_mgtq); 2381 if (m != NULL) { 2382 ni = m->m_pkthdr.ph_cookie; 2383 goto sendit; 2384 } 2385 if (ic->ic_state != IEEE80211_S_RUN) 2386 break; 2387 2388 /* encapsulate and send data frames */ 2389 m = ifq_dequeue(&ifp->if_snd); 2390 if (m == NULL) 2391 break; 2392 #if NBPFILTER > 0 2393 if (ifp->if_bpf != NULL) 2394 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 2395 #endif 2396 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 2397 continue; 2398 sendit: 2399 #if NBPFILTER > 0 2400 if (ic->ic_rawbpf != NULL) 2401 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 2402 #endif 2403 if (mtw_tx(sc, m, ni) != 0) { 2404 ieee80211_release_node(ic, ni); 2405 ifp->if_oerrors++; 2406 continue; 2407 } 2408 2409 sc->sc_tx_timer = 5; 2410 ifp->if_timer = 1; 2411 } 2412 } 2413 2414 void 2415 mtw_watchdog(struct ifnet *ifp) 2416 { 2417 struct mtw_softc *sc = ifp->if_softc; 2418 2419 ifp->if_timer = 0; 2420 2421 if (sc->sc_tx_timer > 0) { 2422 if (--sc->sc_tx_timer == 0) { 2423 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 2424 /* mtw_init(ifp); XXX needs a process context! */ 2425 ifp->if_oerrors++; 2426 return; 2427 } 2428 ifp->if_timer = 1; 2429 } 2430 2431 ieee80211_watchdog(ifp); 2432 } 2433 2434 int 2435 mtw_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2436 { 2437 struct mtw_softc *sc = ifp->if_softc; 2438 struct ieee80211com *ic = &sc->sc_ic; 2439 int s, error = 0; 2440 2441 if (usbd_is_dying(sc->sc_udev)) 2442 return ENXIO; 2443 2444 usbd_ref_incr(sc->sc_udev); 2445 2446 s = splnet(); 2447 2448 switch (cmd) { 2449 case SIOCSIFADDR: 2450 ifp->if_flags |= IFF_UP; 2451 /* FALLTHROUGH */ 2452 case SIOCSIFFLAGS: 2453 if (ifp->if_flags & IFF_UP) { 2454 if (!(ifp->if_flags & IFF_RUNNING)) 2455 mtw_init(ifp); 2456 } else { 2457 if (ifp->if_flags & IFF_RUNNING) 2458 mtw_stop(ifp, 1); 2459 } 2460 break; 2461 2462 case SIOCS80211CHANNEL: 2463 /* 2464 * This allows for fast channel switching in monitor mode 2465 * (used by kismet). 2466 */ 2467 error = ieee80211_ioctl(ifp, cmd, data); 2468 if (error == ENETRESET && 2469 ic->ic_opmode == IEEE80211_M_MONITOR) { 2470 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2471 (IFF_UP | IFF_RUNNING)) 2472 mtw_set_chan(sc, ic->ic_ibss_chan); 2473 error = 0; 2474 } 2475 break; 2476 2477 default: 2478 error = ieee80211_ioctl(ifp, cmd, data); 2479 } 2480 2481 if (error == ENETRESET) { 2482 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2483 (IFF_UP | IFF_RUNNING)) { 2484 mtw_stop(ifp, 0); 2485 error = mtw_init(ifp); 2486 } else 2487 error = 0; 2488 } 2489 splx(s); 2490 2491 usbd_ref_decr(sc->sc_udev); 2492 2493 return error; 2494 } 2495 2496 void 2497 mtw_select_chan_group(struct mtw_softc *sc, int group) 2498 { 2499 uint32_t tmp; 2500 uint8_t bbp; 2501 2502 /* Tx band 20MHz 2G */ 2503 mtw_read(sc, MTW_TX_BAND_CFG, &tmp); 2504 tmp &= ~(MTW_TX_BAND_SEL_2G | MTW_TX_BAND_SEL_5G | 2505 MTW_TX_BAND_UPPER_40M); 2506 tmp |= (group == 0) ? MTW_TX_BAND_SEL_2G : MTW_TX_BAND_SEL_5G; 2507 mtw_write(sc, MTW_TX_BAND_CFG, tmp); 2508 2509 /* select 20 MHz bandwidth */ 2510 mtw_bbp_read(sc, 4, &bbp); 2511 bbp &= ~0x18; 2512 bbp |= 0x40; 2513 mtw_bbp_write(sc, 4, bbp); 2514 2515 /* calibrate BBP */ 2516 mtw_bbp_write(sc, 69, 0x12); 2517 mtw_bbp_write(sc, 91, 0x07); 2518 mtw_bbp_write(sc, 195, 0x23); 2519 mtw_bbp_write(sc, 196, 0x17); 2520 mtw_bbp_write(sc, 195, 0x24); 2521 mtw_bbp_write(sc, 196, 0x06); 2522 mtw_bbp_write(sc, 195, 0x81); 2523 mtw_bbp_write(sc, 196, 0x12); 2524 mtw_bbp_write(sc, 195, 0x83); 2525 mtw_bbp_write(sc, 196, 0x17); 2526 mtw_rf_write(sc, 5, 8, 0x00); 2527 mtw_mcu_calibrate(sc, 0x6, 0x10001); 2528 2529 /* set initial AGC value */ 2530 mt7601_set_agc(sc, 0x14); 2531 } 2532 2533 void 2534 mt7601_set_agc(struct mtw_softc *sc, uint8_t agc) 2535 { 2536 uint8_t bbp; 2537 2538 mtw_bbp_write(sc, 66, agc); 2539 mtw_bbp_write(sc, 195, 0x87); 2540 bbp = (agc & 0xf0) | 0x08; 2541 mtw_bbp_write(sc, 196, bbp); 2542 } 2543 2544 void 2545 mt7601_set_chan(struct mtw_softc *sc, u_int chan) 2546 { 2547 uint32_t tmp; 2548 uint8_t bbp, rf, txpow1; 2549 int i; 2550 2551 /* find the settings for this channel */ 2552 for (i = 0; mt7601_rf_chan[i].chan != chan; i++) 2553 2554 mtw_rf_write(sc, 0, 17, mt7601_rf_chan[i].r17); 2555 mtw_rf_write(sc, 0, 18, mt7601_rf_chan[i].r18); 2556 mtw_rf_write(sc, 0, 19, mt7601_rf_chan[i].r19); 2557 mtw_rf_write(sc, 0, 20, mt7601_rf_chan[i].r20); 2558 2559 /* use Tx power values from EEPROM */ 2560 txpow1 = sc->txpow1[i]; 2561 2562 /* Tx automatic level control */ 2563 mtw_read(sc, MTW_TX_ALC_CFG0, &tmp); 2564 tmp &= ~0x3f3f; 2565 tmp |= (txpow1 & 0x3f); 2566 mtw_write(sc, MTW_TX_ALC_CFG0, tmp); 2567 2568 /* LNA */ 2569 mtw_bbp_write(sc, 62, 0x37 - sc->lna[0]); 2570 mtw_bbp_write(sc, 63, 0x37 - sc->lna[0]); 2571 mtw_bbp_write(sc, 64, 0x37 - sc->lna[0]); 2572 2573 /* VCO calibration */ 2574 mtw_rf_write(sc, 0, 4, 0x0a); 2575 mtw_rf_write(sc, 0, 5, 0x20); 2576 mtw_rf_read(sc, 0, 4, &rf); 2577 mtw_rf_write(sc, 0, 4, rf | 0x80); 2578 2579 /* select 20 MHz bandwidth */ 2580 mtw_bbp_read(sc, 4, &bbp); 2581 bbp &= ~0x18; 2582 bbp |= 0x40; 2583 mtw_bbp_write(sc, 4, bbp); 2584 mtw_bbp_write(sc, 178, 0xff); 2585 } 2586 2587 int 2588 mtw_set_chan(struct mtw_softc *sc, struct ieee80211_channel *c) 2589 { 2590 struct ieee80211com *ic = &sc->sc_ic; 2591 u_int chan, group; 2592 2593 chan = ieee80211_chan2ieee(ic, c); 2594 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 2595 return EINVAL; 2596 2597 /* determine channel group */ 2598 if (chan <= 14) 2599 group = 0; 2600 else if (chan <= 64) 2601 group = 1; 2602 else if (chan <= 128) 2603 group = 2; 2604 else 2605 group = 3; 2606 2607 if (group != sc->sc_chan_group || !sc->sc_bw_calibrated) 2608 mtw_select_chan_group(sc, group); 2609 2610 sc->sc_chan_group = group; 2611 2612 /* chipset specific */ 2613 if (sc->mac_ver == 0x7601) 2614 mt7601_set_chan(sc, chan); 2615 2616 DELAY(1000); 2617 return 0; 2618 } 2619 2620 void 2621 mtw_enable_tsf_sync(struct mtw_softc *sc) 2622 { 2623 struct ieee80211com *ic = &sc->sc_ic; 2624 uint32_t tmp; 2625 2626 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp); 2627 tmp &= ~0x1fffff; 2628 tmp |= ic->ic_bss->ni_intval * 16; 2629 tmp |= MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN; 2630 2631 /* local TSF is always updated with remote TSF on beacon reception */ 2632 tmp |= 1 << MTW_TSF_SYNC_MODE_SHIFT; 2633 mtw_write(sc, MTW_BCN_TIME_CFG, tmp); 2634 } 2635 2636 void 2637 mtw_abort_tsf_sync(struct mtw_softc *sc) 2638 { 2639 uint32_t tmp; 2640 2641 mtw_read(sc, MTW_BCN_TIME_CFG, &tmp); 2642 tmp &= ~(MTW_BCN_TX_EN | MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN); 2643 mtw_write(sc, MTW_BCN_TIME_CFG, tmp); 2644 } 2645 2646 void 2647 mtw_enable_mrr(struct mtw_softc *sc) 2648 { 2649 #define CCK(mcs) (mcs) 2650 #define OFDM(mcs) (1 << 3 | (mcs)) 2651 mtw_write(sc, MTW_LG_FBK_CFG0, 2652 OFDM(6) << 28 | /* 54->48 */ 2653 OFDM(5) << 24 | /* 48->36 */ 2654 OFDM(4) << 20 | /* 36->24 */ 2655 OFDM(3) << 16 | /* 24->18 */ 2656 OFDM(2) << 12 | /* 18->12 */ 2657 OFDM(1) << 8 | /* 12-> 9 */ 2658 OFDM(0) << 4 | /* 9-> 6 */ 2659 OFDM(0)); /* 6-> 6 */ 2660 2661 mtw_write(sc, MTW_LG_FBK_CFG1, 2662 CCK(2) << 12 | /* 11->5.5 */ 2663 CCK(1) << 8 | /* 5.5-> 2 */ 2664 CCK(0) << 4 | /* 2-> 1 */ 2665 CCK(0)); /* 1-> 1 */ 2666 #undef OFDM 2667 #undef CCK 2668 } 2669 2670 void 2671 mtw_set_txrts(struct mtw_softc *sc) 2672 { 2673 uint32_t tmp; 2674 2675 /* set RTS threshold */ 2676 mtw_read(sc, MTW_TX_RTS_CFG, &tmp); 2677 tmp &= ~0xffff00; 2678 tmp |= 0x1000 << MTW_RTS_THRES_SHIFT; 2679 mtw_write(sc, MTW_TX_RTS_CFG, tmp); 2680 } 2681 2682 void 2683 mtw_set_txpreamble(struct mtw_softc *sc) 2684 { 2685 uint32_t tmp; 2686 2687 mtw_read(sc, MTW_AUTO_RSP_CFG, &tmp); 2688 if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE) 2689 tmp |= MTW_CCK_SHORT_EN; 2690 else 2691 tmp &= ~MTW_CCK_SHORT_EN; 2692 mtw_write(sc, MTW_AUTO_RSP_CFG, tmp); 2693 } 2694 2695 void 2696 mtw_set_basicrates(struct mtw_softc *sc) 2697 { 2698 struct ieee80211com *ic = &sc->sc_ic; 2699 2700 /* set basic rates mask */ 2701 if (ic->ic_curmode == IEEE80211_MODE_11B) 2702 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x003); 2703 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2704 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x150); 2705 else /* 11g */ 2706 mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x17f); 2707 } 2708 2709 void 2710 mtw_set_leds(struct mtw_softc *sc, uint16_t which) 2711 { 2712 struct mtw_mcu_cmd_8 cmd; 2713 2714 cmd.func = htole32(0x1); 2715 cmd.val = htole32(which); 2716 mtw_mcu_cmd(sc, 16, &cmd, sizeof(struct mtw_mcu_cmd_8)); 2717 } 2718 2719 void 2720 mtw_set_bssid(struct mtw_softc *sc, const uint8_t *bssid) 2721 { 2722 mtw_write(sc, MTW_MAC_BSSID_DW0, 2723 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 2724 mtw_write(sc, MTW_MAC_BSSID_DW1, 2725 bssid[4] | bssid[5] << 8); 2726 } 2727 2728 void 2729 mtw_set_macaddr(struct mtw_softc *sc, const uint8_t *addr) 2730 { 2731 mtw_write(sc, MTW_MAC_ADDR_DW0, 2732 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 2733 mtw_write(sc, MTW_MAC_ADDR_DW1, 2734 addr[4] | addr[5] << 8 | 0xff << 16); 2735 } 2736 2737 #if NBPFILTER > 0 2738 int8_t 2739 mtw_rssi2dbm(struct mtw_softc *sc, uint8_t rssi, uint8_t rxchain) 2740 { 2741 struct ieee80211com *ic = &sc->sc_ic; 2742 struct ieee80211_channel *c = ic->ic_ibss_chan; 2743 int delta; 2744 2745 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2746 u_int chan = ieee80211_chan2ieee(ic, c); 2747 delta = sc->rssi_5ghz[rxchain]; 2748 2749 /* determine channel group */ 2750 if (chan <= 64) 2751 delta -= sc->lna[1]; 2752 else if (chan <= 128) 2753 delta -= sc->lna[2]; 2754 else 2755 delta -= sc->lna[3]; 2756 } else 2757 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 2758 2759 return -12 - delta - rssi; 2760 } 2761 #endif 2762 2763 int 2764 mt7601_bbp_init(struct mtw_softc *sc) 2765 { 2766 uint8_t bbp; 2767 int i, error, ntries; 2768 2769 /* wait for BBP to wake up */ 2770 for (ntries = 0; ntries < 20; ntries++) { 2771 if ((error = mtw_bbp_read(sc, 0, &bbp)) != 0) 2772 return error; 2773 if (bbp != 0 && bbp != 0xff) 2774 break; 2775 } 2776 2777 if (ntries == 20) 2778 return ETIMEDOUT; 2779 2780 mtw_bbp_read(sc, 3, &bbp); 2781 mtw_bbp_write(sc, 3, 0); 2782 mtw_bbp_read(sc, 105, &bbp); 2783 mtw_bbp_write(sc, 105, 0); 2784 2785 /* initialize BBP registers to default values */ 2786 for (i = 0; i < nitems(mt7601_def_bbp); i++) { 2787 if ((error = mtw_bbp_write(sc, mt7601_def_bbp[i].reg, 2788 mt7601_def_bbp[i].val)) != 0) 2789 return error; 2790 } 2791 2792 sc->sc_bw_calibrated = 0; 2793 2794 return 0; 2795 } 2796 2797 int 2798 mt7601_rf_init(struct mtw_softc *sc) 2799 { 2800 int i, error; 2801 2802 /* RF bank 0 */ 2803 for (i = 0; i < nitems(mt7601_rf_bank0); i++) { 2804 error = mtw_rf_write(sc, 0, mt7601_rf_bank0[i].reg, 2805 mt7601_rf_bank0[i].val); 2806 if (error != 0) 2807 return error; 2808 } 2809 /* RF bank 4 */ 2810 for (i = 0; i < nitems(mt7601_rf_bank4); i++) { 2811 error = mtw_rf_write(sc, 4, mt7601_rf_bank4[i].reg, 2812 mt7601_rf_bank4[i].val); 2813 if (error != 0) 2814 return error; 2815 } 2816 /* RF bank 5 */ 2817 for (i = 0; i < nitems(mt7601_rf_bank5); i++) { 2818 error = mtw_rf_write(sc, 5, mt7601_rf_bank5[i].reg, 2819 mt7601_rf_bank5[i].val); 2820 if (error != 0) 2821 return error; 2822 } 2823 return 0; 2824 } 2825 2826 int 2827 mt7601_rf_setup(struct mtw_softc *sc) 2828 { 2829 uint32_t tmp; 2830 uint8_t rf; 2831 int error; 2832 2833 if (sc->sc_rf_calibrated) 2834 return 0; 2835 2836 /* init RF registers */ 2837 if ((error = mt7601_rf_init(sc)) != 0) 2838 return error; 2839 2840 /* init frequency offset */ 2841 mtw_rf_write(sc, 0, 12, sc->rf_freq_offset); 2842 mtw_rf_read(sc, 0, 12, &rf); 2843 2844 /* read temperature */ 2845 mt7601_rf_temperature(sc, &rf); 2846 sc->bbp_temp = rf; 2847 DPRINTF(("BBP temp 0x%x ", rf)); 2848 2849 mtw_rf_read(sc, 0, 7, &rf); 2850 if ((error = mtw_mcu_calibrate(sc, 0x1, 0)) != 0) 2851 return error; 2852 usbd_delay_ms(sc->sc_udev, 100); 2853 mtw_rf_read(sc, 0, 7, &rf); 2854 2855 /* Calibrate VCO RF 0/4 */ 2856 mtw_rf_write(sc, 0, 4, 0x0a); 2857 mtw_rf_write(sc, 0, 4, 0x20); 2858 mtw_rf_read(sc, 0, 4, &rf); 2859 mtw_rf_write(sc, 0, 4, rf | 0x80); 2860 2861 if ((error = mtw_mcu_calibrate(sc, 0x9, 0)) != 0) 2862 return error; 2863 if ((error = mt7601_rxdc_cal(sc)) != 0) 2864 return error; 2865 if ((error = mtw_mcu_calibrate(sc, 0x6, 1)) != 0) 2866 return error; 2867 if ((error = mtw_mcu_calibrate(sc, 0x6, 0)) != 0) 2868 return error; 2869 if ((error = mtw_mcu_calibrate(sc, 0x4, 0)) != 0) 2870 return error; 2871 if ((error = mtw_mcu_calibrate(sc, 0x5, 0)) != 0) 2872 return error; 2873 2874 mtw_read(sc, MTW_LDO_CFG0, &tmp); 2875 tmp &= ~(1 << 4); 2876 tmp |= (1 << 2); 2877 mtw_write(sc, MTW_LDO_CFG0, tmp); 2878 2879 if ((error = mtw_mcu_calibrate(sc, 0x8, 0)) != 0) 2880 return error; 2881 if ((error = mt7601_rxdc_cal(sc)) != 0) 2882 return error; 2883 2884 sc->sc_rf_calibrated = 1; 2885 return 0; 2886 } 2887 2888 int 2889 mt7601_rf_temperature(struct mtw_softc *sc, int8_t *val) 2890 { 2891 uint32_t rfb, rfs; 2892 uint8_t bbp; 2893 int ntries; 2894 2895 mtw_read(sc, MTW_RF_BYPASS0, &rfb); 2896 mtw_read(sc, MTW_RF_SETTING0, &rfs); 2897 mtw_write(sc, MTW_RF_BYPASS0, 0); 2898 mtw_write(sc, MTW_RF_SETTING0, 0x10); 2899 mtw_write(sc, MTW_RF_BYPASS0, 0x10); 2900 2901 mtw_bbp_read(sc, 47, &bbp); 2902 bbp &= ~0x7f; 2903 bbp |= 0x10; 2904 mtw_bbp_write(sc, 47, bbp); 2905 2906 mtw_bbp_write(sc, 22, 0x40); 2907 2908 for (ntries = 0; ntries < 10; ntries++) { 2909 mtw_bbp_read(sc, 47, &bbp); 2910 if ((bbp & 0x10) == 0) 2911 break; 2912 } 2913 if (ntries == 10) 2914 return ETIMEDOUT; 2915 2916 mt7601_r49_read(sc, MT7601_R47_TEMP, val); 2917 2918 mtw_bbp_write(sc, 22, 0); 2919 2920 mtw_bbp_read(sc, 21, &bbp); 2921 bbp |= 0x02; 2922 mtw_bbp_write(sc, 21, bbp); 2923 bbp &= ~0x02; 2924 mtw_bbp_write(sc, 21, bbp); 2925 2926 mtw_write(sc, MTW_RF_BYPASS0, 0); 2927 mtw_write(sc, MTW_RF_SETTING0, rfs); 2928 mtw_write(sc, MTW_RF_BYPASS0, rfb); 2929 return 0; 2930 } 2931 2932 int 2933 mt7601_r49_read(struct mtw_softc *sc, uint8_t flag, int8_t *val) 2934 { 2935 uint8_t bbp; 2936 2937 mtw_bbp_read(sc, 47, &bbp); 2938 bbp = 0x90; 2939 mtw_bbp_write(sc, 47, bbp); 2940 bbp &= ~0x0f; 2941 bbp |= flag; 2942 mtw_bbp_write(sc, 47, bbp); 2943 return mtw_bbp_read(sc, 49, val); 2944 } 2945 2946 int 2947 mt7601_rxdc_cal(struct mtw_softc *sc) 2948 { 2949 uint32_t tmp; 2950 uint8_t bbp; 2951 int ntries; 2952 2953 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp); 2954 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_RX_EN); 2955 mtw_bbp_write(sc, 158, 0x8d); 2956 mtw_bbp_write(sc, 159, 0xfc); 2957 mtw_bbp_write(sc, 158, 0x8c); 2958 mtw_bbp_write(sc, 159, 0x4c); 2959 2960 for (ntries = 0; ntries < 20; ntries++) { 2961 DELAY(300); 2962 mtw_bbp_write(sc, 158, 0x8c); 2963 mtw_bbp_read(sc, 159, &bbp); 2964 if (bbp == 0x0c) 2965 break; 2966 } 2967 2968 if (ntries == 20) 2969 return ETIMEDOUT; 2970 2971 mtw_write(sc, MTW_MAC_SYS_CTRL, 0); 2972 mtw_bbp_write(sc, 158, 0x8d); 2973 mtw_bbp_write(sc, 159, 0xe0); 2974 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp); 2975 return 0; 2976 } 2977 2978 int 2979 mtw_wlan_enable(struct mtw_softc *sc, int enable) 2980 { 2981 uint32_t tmp; 2982 int error = 0; 2983 2984 if (enable) { 2985 mtw_read(sc, MTW_WLAN_CTRL, &tmp); 2986 if (sc->asic_ver == 0x7612) 2987 tmp &= ~0xfffff000; 2988 2989 tmp &= ~MTW_WLAN_CLK_EN; 2990 tmp |= MTW_WLAN_EN; 2991 mtw_write(sc, MTW_WLAN_CTRL, tmp); 2992 usbd_delay_ms(sc->sc_udev, 2); 2993 2994 tmp |= MTW_WLAN_CLK_EN; 2995 if (sc->asic_ver == 0x7612) { 2996 tmp |= (MTW_WLAN_RESET | MTW_WLAN_RESET_RF); 2997 } 2998 mtw_write(sc, MTW_WLAN_CTRL, tmp); 2999 usbd_delay_ms(sc->sc_udev, 2); 3000 3001 mtw_read(sc, MTW_OSC_CTRL, &tmp); 3002 tmp |= MTW_OSC_EN; 3003 mtw_write(sc, MTW_OSC_CTRL, tmp); 3004 tmp |= MTW_OSC_CAL_REQ; 3005 mtw_write(sc, MTW_OSC_CTRL, tmp); 3006 } else { 3007 mtw_read(sc, MTW_WLAN_CTRL, &tmp); 3008 tmp &= ~(MTW_WLAN_CLK_EN | MTW_WLAN_EN); 3009 mtw_write(sc, MTW_WLAN_CTRL, tmp); 3010 3011 mtw_read(sc, MTW_OSC_CTRL, &tmp); 3012 tmp &= ~MTW_OSC_EN; 3013 mtw_write(sc, MTW_OSC_CTRL, tmp); 3014 } 3015 return error; 3016 } 3017 3018 int 3019 mtw_txrx_enable(struct mtw_softc *sc) 3020 { 3021 uint32_t tmp; 3022 int error, ntries; 3023 3024 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_TX_EN); 3025 for (ntries = 0; ntries < 200; ntries++) { 3026 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0) 3027 return error; 3028 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3029 break; 3030 DELAY(1000); 3031 } 3032 if (ntries == 200) 3033 return ETIMEDOUT; 3034 3035 DELAY(50); 3036 3037 tmp |= MTW_RX_DMA_EN | MTW_TX_DMA_EN | MTW_TX_WB_DDONE; 3038 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3039 3040 /* enable Rx bulk aggregation (set timeout and limit) */ 3041 tmp = MTW_USB_TX_EN | MTW_USB_RX_EN | MTW_USB_RX_AGG_EN | 3042 MTW_USB_RX_AGG_TO(128) | MTW_USB_RX_AGG_LMT(2); 3043 mtw_write(sc, MTW_USB_DMA_CFG, tmp); 3044 3045 /* set Rx filter */ 3046 tmp = MTW_DROP_CRC_ERR | MTW_DROP_PHY_ERR; 3047 if (sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR) { 3048 tmp |= MTW_DROP_UC_NOME | MTW_DROP_DUPL | 3049 MTW_DROP_CTS | MTW_DROP_BA | MTW_DROP_ACK | 3050 MTW_DROP_VER_ERR | MTW_DROP_CTRL_RSV | 3051 MTW_DROP_CFACK | MTW_DROP_CFEND; 3052 if (sc->sc_ic.ic_opmode == IEEE80211_M_STA) 3053 tmp |= MTW_DROP_RTS | MTW_DROP_PSPOLL; 3054 } 3055 mtw_write(sc, MTW_RX_FILTR_CFG, tmp); 3056 3057 mtw_write(sc, MTW_MAC_SYS_CTRL, 3058 MTW_MAC_RX_EN | MTW_MAC_TX_EN); 3059 return 0; 3060 } 3061 3062 int 3063 mtw_init(struct ifnet *ifp) 3064 { 3065 struct mtw_softc *sc = ifp->if_softc; 3066 struct ieee80211com *ic = &sc->sc_ic; 3067 uint32_t tmp; 3068 int i, error, ridx, ntries, qid; 3069 3070 if (usbd_is_dying(sc->sc_udev)) 3071 return ENXIO; 3072 3073 /* init Tx rings (4 EDCAs, 1 HCCA, 1 MGMT) */ 3074 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) { 3075 if ((error = mtw_alloc_tx_ring(sc, qid)) != 0) 3076 goto fail; 3077 } 3078 3079 /* init Rx ring */ 3080 if ((error = mtw_alloc_rx_ring(sc, 0)) != 0) 3081 goto fail; 3082 3083 /* init MCU Tx ring */ 3084 if ((error = mtw_alloc_mcu_ring(sc)) != 0) 3085 goto fail; 3086 3087 /* init host command ring */ 3088 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0; 3089 3090 for (ntries = 0; ntries < 100; ntries++) { 3091 if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0) 3092 goto fail; 3093 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3094 break; 3095 DELAY(1000); 3096 } 3097 if (ntries == 100) { 3098 printf("%s: timeout waiting for DMA engine\n", 3099 sc->sc_dev.dv_xname); 3100 error = ETIMEDOUT; 3101 goto fail; 3102 } 3103 tmp &= 0xff0; 3104 tmp |= MTW_TX_WB_DDONE; 3105 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3106 3107 /* reset MAC and baseband */ 3108 mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_BBP_HRST | MTW_MAC_SRST); 3109 mtw_write(sc, MTW_USB_DMA_CFG, 0); 3110 mtw_write(sc, MTW_MAC_SYS_CTRL, 0); 3111 3112 /* init MAC values */ 3113 if (sc->mac_ver == 0x7601) { 3114 for (i = 0; i < nitems(mt7601_def_mac); i++) 3115 mtw_write(sc, mt7601_def_mac[i].reg, 3116 mt7601_def_mac[i].val); 3117 } 3118 3119 /* wait while MAC is busy */ 3120 for (ntries = 0; ntries < 100; ntries++) { 3121 if ((error = mtw_read(sc, MTW_MAC_STATUS_REG, &tmp)) != 0) 3122 goto fail; 3123 if (!(tmp & (MTW_RX_STATUS_BUSY | MTW_TX_STATUS_BUSY))) 3124 break; 3125 DELAY(1000); 3126 } 3127 if (ntries == 100) { 3128 error = ETIMEDOUT; 3129 goto fail; 3130 } 3131 3132 /* set MAC address */ 3133 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 3134 mtw_set_macaddr(sc, ic->ic_myaddr); 3135 3136 /* clear WCID attribute table */ 3137 mtw_set_region_4(sc, MTW_WCID_ATTR(0), 1, 8 * 32); 3138 3139 mtw_write(sc, 0x1648, 0x00830083); 3140 mtw_read(sc, MTW_FCE_L2_STUFF, &tmp); 3141 tmp &= ~MTW_L2S_WR_MPDU_LEN_EN; 3142 mtw_write(sc, MTW_FCE_L2_STUFF, tmp); 3143 3144 /* RTS config */ 3145 mtw_set_txrts(sc); 3146 3147 /* clear Host to MCU mailbox */ 3148 mtw_write(sc, MTW_BBP_CSR, 0); 3149 mtw_write(sc, MTW_H2M_MAILBOX, 0); 3150 3151 /* clear RX WCID search table */ 3152 mtw_set_region_4(sc, MTW_WCID_ENTRY(0), 0xffffffff, 512); 3153 3154 /* abort TSF synchronization */ 3155 mtw_abort_tsf_sync(sc); 3156 3157 mtw_read(sc, MTW_US_CYC_CNT, &tmp); 3158 tmp = (tmp & ~0xff); 3159 if (sc->mac_ver == 0x7601) 3160 tmp |= 0x1e; 3161 mtw_write(sc, MTW_US_CYC_CNT, tmp); 3162 3163 /* clear shared key table */ 3164 mtw_set_region_4(sc, MTW_SKEY(0, 0), 0, 8 * 32); 3165 3166 /* clear IV/EIV table */ 3167 mtw_set_region_4(sc, MTW_IVEIV(0), 0, 8 * 32); 3168 3169 /* clear shared key mode */ 3170 mtw_write(sc, MTW_SKEY_MODE_0_7, 0); 3171 mtw_write(sc, MTW_SKEY_MODE_8_15, 0); 3172 3173 /* txop truncation */ 3174 mtw_write(sc, MTW_TXOP_CTRL_CFG, 0x0000583f); 3175 3176 /* init Tx power for all Tx rates */ 3177 for (ridx = 0; ridx < 5; ridx++) { 3178 if (sc->txpow20mhz[ridx] == 0xffffffff) 3179 continue; 3180 mtw_write(sc, MTW_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 3181 } 3182 mtw_write(sc, MTW_TX_PWR_CFG7, 0); 3183 mtw_write(sc, MTW_TX_PWR_CFG9, 0); 3184 3185 mtw_read(sc, MTW_CMB_CTRL, &tmp); 3186 tmp &= ~(1 << 18 | 1 << 14); 3187 mtw_write(sc, MTW_CMB_CTRL, tmp); 3188 3189 /* clear USB DMA */ 3190 mtw_write(sc, MTW_USB_DMA_CFG, MTW_USB_TX_EN | MTW_USB_RX_EN | 3191 MTW_USB_RX_AGG_EN | MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT | 3192 MTW_USB_RX_WL_DROP); 3193 usbd_delay_ms(sc->sc_udev, 50); 3194 mtw_read(sc, MTW_USB_DMA_CFG, &tmp); 3195 tmp &= ~(MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT | 3196 MTW_USB_RX_WL_DROP); 3197 mtw_write(sc, MTW_USB_DMA_CFG, tmp); 3198 3199 /* enable radio */ 3200 mtw_mcu_radio(sc, 0x31, 0); 3201 3202 /* init RF registers */ 3203 if (sc->mac_ver == 0x7601) 3204 mt7601_rf_init(sc); 3205 3206 /* init baseband registers */ 3207 if (sc->mac_ver == 0x7601) 3208 error = mt7601_bbp_init(sc); 3209 3210 if (error != 0) { 3211 printf("%s: could not initialize BBP\n", sc->sc_dev.dv_xname); 3212 goto fail; 3213 } 3214 3215 /* setup and calibrate RF */ 3216 if (sc->mac_ver == 0x7601) 3217 error = mt7601_rf_setup(sc); 3218 3219 if (error != 0) { 3220 printf("%s: could not initialize RF\n", sc->sc_dev.dv_xname); 3221 goto fail; 3222 } 3223 3224 /* select default channel */ 3225 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 3226 mtw_set_chan(sc, ic->ic_ibss_chan); 3227 3228 for (i = 0; i < MTW_RX_RING_COUNT; i++) { 3229 struct mtw_rx_data *data = &sc->rxq[MTW_RXQ_WLAN].data[i]; 3230 3231 usbd_setup_xfer(data->xfer, sc->rxq[MTW_RXQ_WLAN].pipeh, 3232 data, data->buf, 3233 MTW_MAX_RXSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY, 3234 USBD_NO_TIMEOUT, mtw_rxeof); 3235 error = usbd_transfer(data->xfer); 3236 if (error != 0 && error != USBD_IN_PROGRESS) 3237 goto fail; 3238 } 3239 3240 if ((error = mtw_txrx_enable(sc)) != 0) 3241 goto fail; 3242 3243 /* init LEDs */ 3244 mtw_set_leds(sc, MTW_LED_MODE_ON); 3245 3246 ifp->if_flags |= IFF_RUNNING; 3247 ifq_clr_oactive(&ifp->if_snd); 3248 3249 if (ic->ic_flags & IEEE80211_F_WEPON) { 3250 /* install WEP keys */ 3251 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 3252 if (ic->ic_nw_keys[i].k_cipher != IEEE80211_CIPHER_NONE) 3253 (void)mtw_set_key(ic, NULL, &ic->ic_nw_keys[i]); 3254 } 3255 } 3256 3257 if (ic->ic_opmode == IEEE80211_M_MONITOR) 3258 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3259 else 3260 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3261 3262 if (error != 0) 3263 fail: mtw_stop(ifp, 1); 3264 return error; 3265 } 3266 3267 void 3268 mtw_stop(struct ifnet *ifp, int disable) 3269 { 3270 struct mtw_softc *sc = ifp->if_softc; 3271 struct ieee80211com *ic = &sc->sc_ic; 3272 uint32_t tmp; 3273 int s, ntries, error, qid; 3274 3275 if (ifp->if_flags & IFF_RUNNING) 3276 mtw_set_leds(sc, MTW_LED_MODE_ON); 3277 3278 sc->sc_tx_timer = 0; 3279 ifp->if_timer = 0; 3280 ifp->if_flags &= ~IFF_RUNNING; 3281 ifq_clr_oactive(&ifp->if_snd); 3282 3283 timeout_del(&sc->scan_to); 3284 timeout_del(&sc->calib_to); 3285 3286 s = splusb(); 3287 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3288 /* wait for all queued asynchronous commands to complete */ 3289 usb_wait_task(sc->sc_udev, &sc->sc_task); 3290 splx(s); 3291 3292 /* Disable Tx/Rx DMA. */ 3293 mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp); 3294 tmp &= ~(MTW_RX_DMA_EN | MTW_TX_DMA_EN); 3295 mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp); 3296 mtw_usb_dma_write(sc, 0); 3297 3298 for (ntries = 0; ntries < 100; ntries++) { 3299 if (mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp) != 0) 3300 break; 3301 if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0) 3302 break; 3303 DELAY(10); 3304 } 3305 if (ntries == 100) { 3306 printf("%s: timeout waiting for DMA engine\n", 3307 sc->sc_dev.dv_xname); 3308 } 3309 3310 /* stop MAC Tx/Rx */ 3311 mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp); 3312 tmp &= ~(MTW_MAC_RX_EN | MTW_MAC_TX_EN); 3313 mtw_write(sc, MTW_MAC_SYS_CTRL, tmp); 3314 3315 /* disable RTS retry */ 3316 mtw_read(sc, MTW_TX_RTS_CFG, &tmp); 3317 tmp &= ~0xff; 3318 mtw_write(sc, MTW_TX_RTS_CFG, tmp); 3319 3320 /* US_CYC_CFG */ 3321 mtw_read(sc, MTW_US_CYC_CNT, &tmp); 3322 tmp = (tmp & ~0xff); 3323 mtw_write(sc, MTW_US_CYC_CNT, tmp); 3324 3325 /* stop PBF */ 3326 mtw_read(sc, MTW_PBF_CFG, &tmp); 3327 tmp &= ~0x3; 3328 mtw_write(sc, MTW_PBF_CFG, tmp); 3329 3330 /* wait for pending Tx to complete */ 3331 for (ntries = 0; ntries < 100; ntries++) { 3332 if ((error = mtw_read(sc, MTW_TXRXQ_PCNT, &tmp)) != 0) 3333 break; 3334 if ((tmp & MTW_TX2Q_PCNT_MASK) == 0) 3335 break; 3336 } 3337 DELAY(1000); 3338 3339 /* delete keys */ 3340 for (qid = 0; qid < 4; qid++) { 3341 mtw_read(sc, MTW_SKEY_MODE_0_7, &tmp); 3342 tmp &= ~(0xf << qid * 4); 3343 mtw_write(sc, MTW_SKEY_MODE_0_7, tmp); 3344 } 3345 3346 if (disable) { 3347 /* disable radio */ 3348 error = mtw_mcu_radio(sc, 0x30, 0x1); 3349 usbd_delay_ms(sc->sc_udev, 10); 3350 } 3351 3352 /* free Tx and Rx rings */ 3353 sc->qfullmsk = 0; 3354 mtw_free_mcu_ring(sc); 3355 for (qid = 0; qid < MTW_TXQ_COUNT; qid++) 3356 mtw_free_tx_ring(sc, qid); 3357 mtw_free_rx_ring(sc, 0); 3358 } 3359