Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/dev/usb/wlan/if_rsu.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $OpenBSD: if_rsu.c,v 1.17 2013/04/15 09:23:01 mglocker Exp $ */ 2 3 /*- 4 * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 #include <sys/cdefs.h> 19 __FBSDID("$FreeBSD$"); 20 21 /* 22 * Driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU. 23 * 24 * TODO: 25 * o tx a-mpdu 26 * o hostap / ibss / mesh 27 * o power-save operation 28 */ 29 30 #include "opt_wlan.h" 31 32 #include <sys/param.h> 33 #include <sys/endian.h> 34 #include <sys/sockio.h> 35 #include <sys/malloc.h> 36 #include <sys/mbuf.h> 37 #include <sys/kernel.h> 38 #include <sys/socket.h> 39 #include <sys/systm.h> 40 #include <sys/conf.h> 41 #include <sys/bus.h> 42 #include <sys/firmware.h> 43 #include <sys/module.h> 44 45 #include <net/bpf.h> 46 #include <net/if.h> 47 #include <net/if_var.h> 48 #include <net/if_arp.h> 49 #include <net/if_dl.h> 50 #include <net/if_media.h> 51 #include <net/if_types.h> 52 53 #include <netinet/in.h> 54 #include <netinet/in_systm.h> 55 #include <netinet/in_var.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip.h> 58 59 #include <net80211/ieee80211_var.h> 60 #include <net80211/ieee80211_regdomain.h> 61 #include <net80211/ieee80211_radiotap.h> 62 63 #include <dev/usb/usb.h> 64 #include <dev/usb/usbdi.h> 65 #include "usbdevs.h" 66 67 #include <dev/rtwn/if_rtwn_ridx.h> /* XXX */ 68 #include <dev/usb/wlan/if_rsureg.h> 69 70 #define RSU_RATE_IS_CCK RTWN_RATE_IS_CCK 71 72 #ifdef USB_DEBUG 73 static int rsu_debug = 0; 74 SYSCTL_NODE(_hw_usb, OID_AUTO, rsu, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 75 "USB rsu"); 76 SYSCTL_INT(_hw_usb_rsu, OID_AUTO, debug, CTLFLAG_RWTUN, &rsu_debug, 0, 77 "Debug level"); 78 #define RSU_DPRINTF(_sc, _flg, ...) \ 79 do \ 80 if (((_flg) == (RSU_DEBUG_ANY)) || (rsu_debug & (_flg))) \ 81 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 82 while (0) 83 #else 84 #define RSU_DPRINTF(_sc, _flg, ...) 85 #endif 86 87 static int rsu_enable_11n = 1; 88 TUNABLE_INT("hw.usb.rsu.enable_11n", &rsu_enable_11n); 89 90 #define RSU_DEBUG_ANY 0xffffffff 91 #define RSU_DEBUG_TX 0x00000001 92 #define RSU_DEBUG_RX 0x00000002 93 #define RSU_DEBUG_RESET 0x00000004 94 #define RSU_DEBUG_CALIB 0x00000008 95 #define RSU_DEBUG_STATE 0x00000010 96 #define RSU_DEBUG_SCAN 0x00000020 97 #define RSU_DEBUG_FWCMD 0x00000040 98 #define RSU_DEBUG_TXDONE 0x00000080 99 #define RSU_DEBUG_FW 0x00000100 100 #define RSU_DEBUG_FWDBG 0x00000200 101 #define RSU_DEBUG_AMPDU 0x00000400 102 #define RSU_DEBUG_KEY 0x00000800 103 #define RSU_DEBUG_USB 0x00001000 104 105 static const STRUCT_USB_HOST_ID rsu_devs[] = { 106 #define RSU_HT_NOT_SUPPORTED 0 107 #define RSU_HT_SUPPORTED 1 108 #define RSU_DEV_HT(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \ 109 RSU_HT_SUPPORTED) } 110 #define RSU_DEV(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \ 111 RSU_HT_NOT_SUPPORTED) } 112 RSU_DEV(ASUS, RTL8192SU), 113 RSU_DEV(AZUREWAVE, RTL8192SU_4), 114 RSU_DEV(SITECOMEU, WLA1000), 115 RSU_DEV_HT(ACCTON, RTL8192SU), 116 RSU_DEV_HT(ASUS, USBN10), 117 RSU_DEV_HT(AZUREWAVE, RTL8192SU_1), 118 RSU_DEV_HT(AZUREWAVE, RTL8192SU_2), 119 RSU_DEV_HT(AZUREWAVE, RTL8192SU_3), 120 RSU_DEV_HT(AZUREWAVE, RTL8192SU_5), 121 RSU_DEV_HT(BELKIN, RTL8192SU_1), 122 RSU_DEV_HT(BELKIN, RTL8192SU_2), 123 RSU_DEV_HT(BELKIN, RTL8192SU_3), 124 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_1), 125 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_2), 126 RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_3), 127 RSU_DEV_HT(COREGA, RTL8192SU), 128 RSU_DEV_HT(DLINK2, DWA131A1), 129 RSU_DEV_HT(DLINK2, RTL8192SU_1), 130 RSU_DEV_HT(DLINK2, RTL8192SU_2), 131 RSU_DEV_HT(EDIMAX, RTL8192SU_1), 132 RSU_DEV_HT(EDIMAX, RTL8192SU_2), 133 RSU_DEV_HT(EDIMAX, EW7622UMN), 134 RSU_DEV_HT(GUILLEMOT, HWGUN54), 135 RSU_DEV_HT(GUILLEMOT, HWNUM300), 136 RSU_DEV_HT(HAWKING, RTL8192SU_1), 137 RSU_DEV_HT(HAWKING, RTL8192SU_2), 138 RSU_DEV_HT(PLANEX2, GWUSNANO), 139 RSU_DEV_HT(REALTEK, RTL8171), 140 RSU_DEV_HT(REALTEK, RTL8172), 141 RSU_DEV_HT(REALTEK, RTL8173), 142 RSU_DEV_HT(REALTEK, RTL8174), 143 RSU_DEV_HT(REALTEK, RTL8192SU), 144 RSU_DEV_HT(REALTEK, RTL8712), 145 RSU_DEV_HT(REALTEK, RTL8713), 146 RSU_DEV_HT(SENAO, RTL8192SU_1), 147 RSU_DEV_HT(SENAO, RTL8192SU_2), 148 RSU_DEV_HT(SITECOMEU, WL349V1), 149 RSU_DEV_HT(SITECOMEU, WL353), 150 RSU_DEV_HT(SWEEX2, LW154), 151 RSU_DEV_HT(TRENDNET, TEW646UBH), 152 #undef RSU_DEV_HT 153 #undef RSU_DEV 154 }; 155 156 static device_probe_t rsu_match; 157 static device_attach_t rsu_attach; 158 static device_detach_t rsu_detach; 159 static usb_callback_t rsu_bulk_tx_callback_be_bk; 160 static usb_callback_t rsu_bulk_tx_callback_vi_vo; 161 static usb_callback_t rsu_bulk_tx_callback_h2c; 162 static usb_callback_t rsu_bulk_rx_callback; 163 static usb_error_t rsu_do_request(struct rsu_softc *, 164 struct usb_device_request *, void *); 165 static struct ieee80211vap * 166 rsu_vap_create(struct ieee80211com *, const char name[IFNAMSIZ], 167 int, enum ieee80211_opmode, int, 168 const uint8_t bssid[IEEE80211_ADDR_LEN], 169 const uint8_t mac[IEEE80211_ADDR_LEN]); 170 static void rsu_vap_delete(struct ieee80211vap *); 171 static void rsu_scan_start(struct ieee80211com *); 172 static void rsu_scan_end(struct ieee80211com *); 173 static void rsu_getradiocaps(struct ieee80211com *, int, int *, 174 struct ieee80211_channel[]); 175 static void rsu_set_channel(struct ieee80211com *); 176 static void rsu_scan_curchan(struct ieee80211_scan_state *, unsigned long); 177 static void rsu_scan_mindwell(struct ieee80211_scan_state *); 178 static void rsu_update_promisc(struct ieee80211com *); 179 static uint8_t rsu_get_multi_pos(const uint8_t[]); 180 static void rsu_set_multi(struct rsu_softc *); 181 static void rsu_update_mcast(struct ieee80211com *); 182 static int rsu_alloc_rx_list(struct rsu_softc *); 183 static void rsu_free_rx_list(struct rsu_softc *); 184 static int rsu_alloc_tx_list(struct rsu_softc *); 185 static void rsu_free_tx_list(struct rsu_softc *); 186 static void rsu_free_list(struct rsu_softc *, struct rsu_data [], int); 187 static struct rsu_data *_rsu_getbuf(struct rsu_softc *); 188 static struct rsu_data *rsu_getbuf(struct rsu_softc *); 189 static void rsu_freebuf(struct rsu_softc *, struct rsu_data *); 190 static int rsu_write_region_1(struct rsu_softc *, uint16_t, uint8_t *, 191 int); 192 static void rsu_write_1(struct rsu_softc *, uint16_t, uint8_t); 193 static void rsu_write_2(struct rsu_softc *, uint16_t, uint16_t); 194 static void rsu_write_4(struct rsu_softc *, uint16_t, uint32_t); 195 static int rsu_read_region_1(struct rsu_softc *, uint16_t, uint8_t *, 196 int); 197 static uint8_t rsu_read_1(struct rsu_softc *, uint16_t); 198 static uint16_t rsu_read_2(struct rsu_softc *, uint16_t); 199 static uint32_t rsu_read_4(struct rsu_softc *, uint16_t); 200 static int rsu_fw_iocmd(struct rsu_softc *, uint32_t); 201 static uint8_t rsu_efuse_read_1(struct rsu_softc *, uint16_t); 202 static int rsu_read_rom(struct rsu_softc *); 203 static int rsu_fw_cmd(struct rsu_softc *, uint8_t, void *, int); 204 static void rsu_calib_task(void *, int); 205 static void rsu_tx_task(void *, int); 206 static void rsu_set_led(struct rsu_softc *, int); 207 static int rsu_monitor_newstate(struct ieee80211vap *, 208 enum ieee80211_state, int); 209 static int rsu_newstate(struct ieee80211vap *, enum ieee80211_state, int); 210 static int rsu_key_alloc(struct ieee80211vap *, struct ieee80211_key *, 211 ieee80211_keyix *, ieee80211_keyix *); 212 static int rsu_process_key(struct ieee80211vap *, 213 const struct ieee80211_key *, int); 214 static int rsu_key_set(struct ieee80211vap *, 215 const struct ieee80211_key *); 216 static int rsu_key_delete(struct ieee80211vap *, 217 const struct ieee80211_key *); 218 static int rsu_cam_read(struct rsu_softc *, uint8_t, uint32_t *); 219 static void rsu_cam_write(struct rsu_softc *, uint8_t, uint32_t); 220 static int rsu_key_check(struct rsu_softc *, ieee80211_keyix, int); 221 static uint8_t rsu_crypto_mode(struct rsu_softc *, u_int, int); 222 static int rsu_set_key_group(struct rsu_softc *, 223 const struct ieee80211_key *); 224 static int rsu_set_key_pair(struct rsu_softc *, 225 const struct ieee80211_key *); 226 static int rsu_reinit_static_keys(struct rsu_softc *); 227 static int rsu_delete_key(struct rsu_softc *sc, ieee80211_keyix); 228 static void rsu_delete_key_pair_cb(void *, int); 229 static int rsu_site_survey(struct rsu_softc *, 230 struct ieee80211_scan_ssid *); 231 static int rsu_join_bss(struct rsu_softc *, struct ieee80211_node *); 232 static int rsu_disconnect(struct rsu_softc *); 233 static int rsu_hwrssi_to_rssi(struct rsu_softc *, int hw_rssi); 234 static void rsu_event_survey(struct rsu_softc *, uint8_t *, int); 235 static void rsu_event_join_bss(struct rsu_softc *, uint8_t *, int); 236 static void rsu_rx_event(struct rsu_softc *, uint8_t, uint8_t *, int); 237 static void rsu_rx_multi_event(struct rsu_softc *, uint8_t *, int); 238 static int8_t rsu_get_rssi(struct rsu_softc *, int, void *); 239 static struct mbuf * rsu_rx_copy_to_mbuf(struct rsu_softc *, 240 struct r92s_rx_stat *, int); 241 static uint32_t rsu_get_tsf_low(struct rsu_softc *); 242 static uint32_t rsu_get_tsf_high(struct rsu_softc *); 243 static struct ieee80211_node * rsu_rx_frame(struct rsu_softc *, struct mbuf *); 244 static struct mbuf * rsu_rx_multi_frame(struct rsu_softc *, uint8_t *, int); 245 static struct mbuf * 246 rsu_rxeof(struct usb_xfer *, struct rsu_data *); 247 static void rsu_txeof(struct usb_xfer *, struct rsu_data *); 248 static int rsu_raw_xmit(struct ieee80211_node *, struct mbuf *, 249 const struct ieee80211_bpf_params *); 250 static void rsu_rxfilter_init(struct rsu_softc *); 251 static void rsu_rxfilter_set(struct rsu_softc *, uint32_t, uint32_t); 252 static void rsu_rxfilter_refresh(struct rsu_softc *); 253 static int rsu_init(struct rsu_softc *); 254 static int rsu_tx_start(struct rsu_softc *, struct ieee80211_node *, 255 struct mbuf *, struct rsu_data *); 256 static int rsu_transmit(struct ieee80211com *, struct mbuf *); 257 static void rsu_start(struct rsu_softc *); 258 static void _rsu_start(struct rsu_softc *); 259 static int rsu_ioctl_net(struct ieee80211com *, u_long, void *); 260 static void rsu_parent(struct ieee80211com *); 261 static void rsu_stop(struct rsu_softc *); 262 static void rsu_ms_delay(struct rsu_softc *, int); 263 264 static device_method_t rsu_methods[] = { 265 DEVMETHOD(device_probe, rsu_match), 266 DEVMETHOD(device_attach, rsu_attach), 267 DEVMETHOD(device_detach, rsu_detach), 268 269 DEVMETHOD_END 270 }; 271 272 static driver_t rsu_driver = { 273 .name = "rsu", 274 .methods = rsu_methods, 275 .size = sizeof(struct rsu_softc) 276 }; 277 278 DRIVER_MODULE(rsu, uhub, rsu_driver, NULL, NULL); 279 MODULE_DEPEND(rsu, wlan, 1, 1, 1); 280 MODULE_DEPEND(rsu, usb, 1, 1, 1); 281 MODULE_DEPEND(rsu, firmware, 1, 1, 1); 282 MODULE_VERSION(rsu, 1); 283 USB_PNP_HOST_INFO(rsu_devs); 284 285 static uint8_t rsu_wme_ac_xfer_map[4] = { 286 [WME_AC_BE] = RSU_BULK_TX_BE_BK, 287 [WME_AC_BK] = RSU_BULK_TX_BE_BK, 288 [WME_AC_VI] = RSU_BULK_TX_VI_VO, 289 [WME_AC_VO] = RSU_BULK_TX_VI_VO, 290 }; 291 292 /* XXX hard-coded */ 293 #define RSU_H2C_ENDPOINT 3 294 295 static const struct usb_config rsu_config[RSU_N_TRANSFER] = { 296 [RSU_BULK_RX] = { 297 .type = UE_BULK, 298 .endpoint = UE_ADDR_ANY, 299 .direction = UE_DIR_IN, 300 .bufsize = RSU_RXBUFSZ, 301 .flags = { 302 .pipe_bof = 1, 303 .short_xfer_ok = 1 304 }, 305 .callback = rsu_bulk_rx_callback 306 }, 307 [RSU_BULK_TX_BE_BK] = { 308 .type = UE_BULK, 309 .endpoint = 0x06, 310 .direction = UE_DIR_OUT, 311 .bufsize = RSU_TXBUFSZ, 312 .flags = { 313 .ext_buffer = 1, 314 .pipe_bof = 1, 315 .force_short_xfer = 1 316 }, 317 .callback = rsu_bulk_tx_callback_be_bk, 318 .timeout = RSU_TX_TIMEOUT 319 }, 320 [RSU_BULK_TX_VI_VO] = { 321 .type = UE_BULK, 322 .endpoint = 0x04, 323 .direction = UE_DIR_OUT, 324 .bufsize = RSU_TXBUFSZ, 325 .flags = { 326 .ext_buffer = 1, 327 .pipe_bof = 1, 328 .force_short_xfer = 1 329 }, 330 .callback = rsu_bulk_tx_callback_vi_vo, 331 .timeout = RSU_TX_TIMEOUT 332 }, 333 [RSU_BULK_TX_H2C] = { 334 .type = UE_BULK, 335 .endpoint = 0x0d, 336 .direction = UE_DIR_OUT, 337 .bufsize = RSU_TXBUFSZ, 338 .flags = { 339 .ext_buffer = 1, 340 .pipe_bof = 1, 341 .short_xfer_ok = 1 342 }, 343 .callback = rsu_bulk_tx_callback_h2c, 344 .timeout = RSU_TX_TIMEOUT 345 }, 346 }; 347 348 static int 349 rsu_match(device_t self) 350 { 351 struct usb_attach_arg *uaa = device_get_ivars(self); 352 353 if (uaa->usb_mode != USB_MODE_HOST || 354 uaa->info.bIfaceIndex != 0 || 355 uaa->info.bConfigIndex != 0) 356 return (ENXIO); 357 358 return (usbd_lookup_id_by_uaa(rsu_devs, sizeof(rsu_devs), uaa)); 359 } 360 361 static int 362 rsu_send_mgmt(struct ieee80211_node *ni, int type, int arg) 363 { 364 365 return (ENOTSUP); 366 } 367 368 static void 369 rsu_update_chw(struct ieee80211com *ic) 370 { 371 372 } 373 374 /* 375 * notification from net80211 that it'd like to do A-MPDU on the given TID. 376 * 377 * Note: this actually hangs traffic at the present moment, so don't use it. 378 * The firmware debug does indiciate it's sending and establishing a TX AMPDU 379 * session, but then no traffic flows. 380 */ 381 static int 382 rsu_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 383 { 384 #if 0 385 struct rsu_softc *sc = ni->ni_ic->ic_softc; 386 struct r92s_add_ba_req req; 387 388 /* Don't enable if it's requested or running */ 389 if (IEEE80211_AMPDU_REQUESTED(tap)) 390 return (0); 391 if (IEEE80211_AMPDU_RUNNING(tap)) 392 return (0); 393 394 /* We've decided to send addba; so send it */ 395 req.tid = htole32(tap->txa_tid); 396 397 /* Attempt net80211 state */ 398 if (ieee80211_ampdu_tx_request_ext(ni, tap->txa_tid) != 1) 399 return (0); 400 401 /* Send the firmware command */ 402 RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: establishing AMPDU TX for TID %d\n", 403 __func__, 404 tap->txa_tid); 405 406 RSU_LOCK(sc); 407 if (rsu_fw_cmd(sc, R92S_CMD_ADDBA_REQ, &req, sizeof(req)) != 1) { 408 RSU_UNLOCK(sc); 409 /* Mark failure */ 410 (void) ieee80211_ampdu_tx_request_active_ext(ni, tap->txa_tid, 0); 411 return (0); 412 } 413 RSU_UNLOCK(sc); 414 415 /* Mark success; we don't get any further notifications */ 416 (void) ieee80211_ampdu_tx_request_active_ext(ni, tap->txa_tid, 1); 417 #endif 418 /* Return 0, we're driving this ourselves */ 419 return (0); 420 } 421 422 static int 423 rsu_wme_update(struct ieee80211com *ic) 424 { 425 426 /* Firmware handles this; not our problem */ 427 return (0); 428 } 429 430 static int 431 rsu_attach(device_t self) 432 { 433 struct usb_attach_arg *uaa = device_get_ivars(self); 434 struct rsu_softc *sc = device_get_softc(self); 435 struct ieee80211com *ic = &sc->sc_ic; 436 int error; 437 uint8_t iface_index; 438 struct usb_interface *iface; 439 const char *rft; 440 441 device_set_usb_desc(self); 442 sc->sc_udev = uaa->device; 443 sc->sc_dev = self; 444 sc->sc_rx_checksum_enable = 1; 445 if (rsu_enable_11n) 446 sc->sc_ht = !! (USB_GET_DRIVER_INFO(uaa) & RSU_HT_SUPPORTED); 447 448 /* Get number of endpoints */ 449 iface = usbd_get_iface(sc->sc_udev, 0); 450 sc->sc_nendpoints = iface->idesc->bNumEndpoints; 451 452 /* Endpoints are hard-coded for now, so enforce 4-endpoint only */ 453 if (sc->sc_nendpoints != 4) { 454 device_printf(sc->sc_dev, 455 "the driver currently only supports 4-endpoint devices\n"); 456 return (ENXIO); 457 } 458 459 mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK, 460 MTX_DEF); 461 RSU_DELKEY_BMAP_LOCK_INIT(sc); 462 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_task, 0, 463 rsu_calib_task, sc); 464 TASK_INIT(&sc->del_key_task, 0, rsu_delete_key_pair_cb, sc); 465 TASK_INIT(&sc->tx_task, 0, rsu_tx_task, sc); 466 mbufq_init(&sc->sc_snd, ifqmaxlen); 467 468 /* Allocate Tx/Rx buffers. */ 469 error = rsu_alloc_rx_list(sc); 470 if (error != 0) { 471 device_printf(sc->sc_dev, "could not allocate Rx buffers\n"); 472 goto fail_usb; 473 } 474 475 error = rsu_alloc_tx_list(sc); 476 if (error != 0) { 477 device_printf(sc->sc_dev, "could not allocate Tx buffers\n"); 478 rsu_free_rx_list(sc); 479 goto fail_usb; 480 } 481 482 iface_index = 0; 483 error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer, 484 rsu_config, RSU_N_TRANSFER, sc, &sc->sc_mtx); 485 if (error) { 486 device_printf(sc->sc_dev, 487 "could not allocate USB transfers, err=%s\n", 488 usbd_errstr(error)); 489 goto fail_usb; 490 } 491 RSU_LOCK(sc); 492 /* Read chip revision. */ 493 sc->cut = MS(rsu_read_4(sc, R92S_PMC_FSM), R92S_PMC_FSM_CUT); 494 if (sc->cut != 3) 495 sc->cut = (sc->cut >> 1) + 1; 496 error = rsu_read_rom(sc); 497 RSU_UNLOCK(sc); 498 if (error != 0) { 499 device_printf(self, "could not read ROM\n"); 500 goto fail_rom; 501 } 502 503 /* Figure out TX/RX streams */ 504 switch (sc->rom[84]) { 505 case 0x0: 506 sc->sc_rftype = RTL8712_RFCONFIG_1T1R; 507 sc->sc_nrxstream = 1; 508 sc->sc_ntxstream = 1; 509 rft = "1T1R"; 510 break; 511 case 0x1: 512 sc->sc_rftype = RTL8712_RFCONFIG_1T2R; 513 sc->sc_nrxstream = 2; 514 sc->sc_ntxstream = 1; 515 rft = "1T2R"; 516 break; 517 case 0x2: 518 sc->sc_rftype = RTL8712_RFCONFIG_2T2R; 519 sc->sc_nrxstream = 2; 520 sc->sc_ntxstream = 2; 521 rft = "2T2R"; 522 break; 523 case 0x3: /* "green" NIC */ 524 sc->sc_rftype = RTL8712_RFCONFIG_1T2R; 525 sc->sc_nrxstream = 2; 526 sc->sc_ntxstream = 1; 527 rft = "1T2R ('green')"; 528 break; 529 default: 530 device_printf(sc->sc_dev, 531 "%s: unknown board type (rfconfig=0x%02x)\n", 532 __func__, 533 sc->rom[84]); 534 goto fail_rom; 535 } 536 537 IEEE80211_ADDR_COPY(ic->ic_macaddr, &sc->rom[0x12]); 538 device_printf(self, "MAC/BB RTL8712 cut %d %s\n", sc->cut, rft); 539 540 ic->ic_softc = sc; 541 ic->ic_name = device_get_nameunit(self); 542 ic->ic_phytype = IEEE80211_T_OFDM; /* Not only, but not used. */ 543 ic->ic_opmode = IEEE80211_M_STA; /* Default to BSS mode. */ 544 545 /* Set device capabilities. */ 546 ic->ic_caps = 547 IEEE80211_C_STA | /* station mode */ 548 IEEE80211_C_MONITOR | /* monitor mode supported */ 549 #if 0 550 IEEE80211_C_BGSCAN | /* Background scan. */ 551 #endif 552 IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */ 553 IEEE80211_C_WME | /* WME/QoS */ 554 IEEE80211_C_SHSLOT | /* Short slot time supported. */ 555 IEEE80211_C_WPA; /* WPA/RSN. */ 556 557 ic->ic_cryptocaps = 558 IEEE80211_CRYPTO_WEP | 559 IEEE80211_CRYPTO_TKIP | 560 IEEE80211_CRYPTO_AES_CCM; 561 562 /* Check if HT support is present. */ 563 if (sc->sc_ht) { 564 device_printf(sc->sc_dev, "%s: enabling 11n\n", __func__); 565 566 /* Enable basic HT */ 567 ic->ic_htcaps = IEEE80211_HTC_HT | 568 #if 0 569 IEEE80211_HTC_AMPDU | 570 #endif 571 IEEE80211_HTC_AMSDU | 572 IEEE80211_HTCAP_MAXAMSDU_3839 | 573 IEEE80211_HTCAP_SMPS_OFF; 574 ic->ic_htcaps |= IEEE80211_HTCAP_CHWIDTH40; 575 576 /* set number of spatial streams */ 577 ic->ic_txstream = sc->sc_ntxstream; 578 ic->ic_rxstream = sc->sc_nrxstream; 579 } 580 ic->ic_flags_ext |= IEEE80211_FEXT_SCAN_OFFLOAD; 581 582 rsu_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 583 ic->ic_channels); 584 585 ieee80211_ifattach(ic); 586 ic->ic_raw_xmit = rsu_raw_xmit; 587 ic->ic_scan_start = rsu_scan_start; 588 ic->ic_scan_end = rsu_scan_end; 589 ic->ic_getradiocaps = rsu_getradiocaps; 590 ic->ic_set_channel = rsu_set_channel; 591 ic->ic_scan_curchan = rsu_scan_curchan; 592 ic->ic_scan_mindwell = rsu_scan_mindwell; 593 ic->ic_vap_create = rsu_vap_create; 594 ic->ic_vap_delete = rsu_vap_delete; 595 ic->ic_update_promisc = rsu_update_promisc; 596 ic->ic_update_mcast = rsu_update_mcast; 597 ic->ic_ioctl = rsu_ioctl_net; 598 ic->ic_parent = rsu_parent; 599 ic->ic_transmit = rsu_transmit; 600 ic->ic_send_mgmt = rsu_send_mgmt; 601 ic->ic_update_chw = rsu_update_chw; 602 ic->ic_ampdu_enable = rsu_ampdu_enable; 603 ic->ic_wme.wme_update = rsu_wme_update; 604 605 ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr, 606 sizeof(sc->sc_txtap), RSU_TX_RADIOTAP_PRESENT, 607 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 608 RSU_RX_RADIOTAP_PRESENT); 609 610 if (bootverbose) 611 ieee80211_announce(ic); 612 613 return (0); 614 615 fail_rom: 616 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER); 617 fail_usb: 618 mtx_destroy(&sc->sc_mtx); 619 return (ENXIO); 620 } 621 622 static int 623 rsu_detach(device_t self) 624 { 625 struct rsu_softc *sc = device_get_softc(self); 626 struct ieee80211com *ic = &sc->sc_ic; 627 628 rsu_stop(sc); 629 630 usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER); 631 632 /* 633 * Free buffers /before/ we detach from net80211, else node 634 * references to destroyed vaps will lead to a panic. 635 */ 636 /* Free Tx/Rx buffers. */ 637 RSU_LOCK(sc); 638 rsu_free_tx_list(sc); 639 rsu_free_rx_list(sc); 640 RSU_UNLOCK(sc); 641 642 /* Frames are freed; detach from net80211 */ 643 ieee80211_ifdetach(ic); 644 645 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task); 646 taskqueue_drain(taskqueue_thread, &sc->del_key_task); 647 taskqueue_drain(taskqueue_thread, &sc->tx_task); 648 649 RSU_DELKEY_BMAP_LOCK_DESTROY(sc); 650 mtx_destroy(&sc->sc_mtx); 651 652 return (0); 653 } 654 655 static usb_error_t 656 rsu_do_request(struct rsu_softc *sc, struct usb_device_request *req, 657 void *data) 658 { 659 usb_error_t err; 660 int ntries = 10; 661 662 RSU_ASSERT_LOCKED(sc); 663 664 while (ntries--) { 665 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 666 req, data, 0, NULL, 250 /* ms */); 667 if (err == 0 || err == USB_ERR_NOT_CONFIGURED) 668 break; 669 RSU_DPRINTF(sc, RSU_DEBUG_USB, 670 "Control request failed, %s (retries left: %d)\n", 671 usbd_errstr(err), ntries); 672 rsu_ms_delay(sc, 10); 673 } 674 675 return (err); 676 } 677 678 static struct ieee80211vap * 679 rsu_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 680 enum ieee80211_opmode opmode, int flags, 681 const uint8_t bssid[IEEE80211_ADDR_LEN], 682 const uint8_t mac[IEEE80211_ADDR_LEN]) 683 { 684 struct rsu_softc *sc = ic->ic_softc; 685 struct rsu_vap *uvp; 686 struct ieee80211vap *vap; 687 struct ifnet *ifp; 688 689 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ 690 return (NULL); 691 692 uvp = malloc(sizeof(struct rsu_vap), M_80211_VAP, M_WAITOK | M_ZERO); 693 vap = &uvp->vap; 694 695 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, 696 flags, bssid) != 0) { 697 /* out of memory */ 698 free(uvp, M_80211_VAP); 699 return (NULL); 700 } 701 702 ifp = vap->iv_ifp; 703 ifp->if_capabilities = IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6; 704 RSU_LOCK(sc); 705 if (sc->sc_rx_checksum_enable) 706 ifp->if_capenable |= IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6; 707 RSU_UNLOCK(sc); 708 709 /* override state transition machine */ 710 uvp->newstate = vap->iv_newstate; 711 if (opmode == IEEE80211_M_MONITOR) 712 vap->iv_newstate = rsu_monitor_newstate; 713 else 714 vap->iv_newstate = rsu_newstate; 715 vap->iv_key_alloc = rsu_key_alloc; 716 vap->iv_key_set = rsu_key_set; 717 vap->iv_key_delete = rsu_key_delete; 718 719 /* Limits from the r92su driver */ 720 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_16; 721 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K; 722 723 /* complete setup */ 724 ieee80211_vap_attach(vap, ieee80211_media_change, 725 ieee80211_media_status, mac); 726 ic->ic_opmode = opmode; 727 728 return (vap); 729 } 730 731 static void 732 rsu_vap_delete(struct ieee80211vap *vap) 733 { 734 struct rsu_vap *uvp = RSU_VAP(vap); 735 736 ieee80211_vap_detach(vap); 737 free(uvp, M_80211_VAP); 738 } 739 740 static void 741 rsu_scan_start(struct ieee80211com *ic) 742 { 743 struct rsu_softc *sc = ic->ic_softc; 744 struct ieee80211_scan_state *ss = ic->ic_scan; 745 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 746 int error; 747 748 /* Scanning is done by the firmware. */ 749 RSU_LOCK(sc); 750 sc->sc_active_scan = !!(ss->ss_flags & IEEE80211_SCAN_ACTIVE); 751 /* XXX TODO: force awake if in network-sleep? */ 752 error = rsu_site_survey(sc, ss->ss_nssid > 0 ? &ss->ss_ssid[0] : NULL); 753 RSU_UNLOCK(sc); 754 if (error != 0) { 755 device_printf(sc->sc_dev, 756 "could not send site survey command\n"); 757 ieee80211_cancel_scan(vap); 758 } 759 } 760 761 static void 762 rsu_scan_end(struct ieee80211com *ic) 763 { 764 /* Nothing to do here. */ 765 } 766 767 static void 768 rsu_getradiocaps(struct ieee80211com *ic, 769 int maxchans, int *nchans, struct ieee80211_channel chans[]) 770 { 771 struct rsu_softc *sc = ic->ic_softc; 772 uint8_t bands[IEEE80211_MODE_BYTES]; 773 774 /* Set supported .11b and .11g rates. */ 775 memset(bands, 0, sizeof(bands)); 776 setbit(bands, IEEE80211_MODE_11B); 777 setbit(bands, IEEE80211_MODE_11G); 778 if (sc->sc_ht) 779 setbit(bands, IEEE80211_MODE_11NG); 780 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, 781 bands, (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40) ? 782 NET80211_CBW_FLAG_HT40 : 0); 783 } 784 785 static void 786 rsu_set_channel(struct ieee80211com *ic) 787 { 788 struct rsu_softc *sc = ic->ic_softc; 789 790 /* 791 * Only need to set the channel in Monitor mode. AP scanning and auth 792 * are already taken care of by their respective firmware commands. 793 */ 794 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 795 struct r92s_set_channel cmd; 796 int error; 797 798 cmd.channel = IEEE80211_CHAN2IEEE(ic->ic_curchan); 799 800 RSU_LOCK(sc); 801 error = rsu_fw_cmd(sc, R92S_CMD_SET_CHANNEL, &cmd, 802 sizeof(cmd)); 803 if (error != 0) { 804 device_printf(sc->sc_dev, 805 "%s: error %d setting channel\n", __func__, 806 error); 807 } 808 RSU_UNLOCK(sc); 809 } 810 } 811 812 static void 813 rsu_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) 814 { 815 /* Scan is done in rsu_scan_start(). */ 816 } 817 818 /** 819 * Called by the net80211 framework to indicate 820 * the minimum dwell time has been met, terminate the scan. 821 * We don't actually terminate the scan as the firmware will notify 822 * us when it's finished and we have no way to interrupt it. 823 */ 824 static void 825 rsu_scan_mindwell(struct ieee80211_scan_state *ss) 826 { 827 /* NB: don't try to abort scan; wait for firmware to finish */ 828 } 829 830 static void 831 rsu_update_promisc(struct ieee80211com *ic) 832 { 833 struct rsu_softc *sc = ic->ic_softc; 834 835 RSU_LOCK(sc); 836 if (sc->sc_running) 837 rsu_rxfilter_refresh(sc); 838 RSU_UNLOCK(sc); 839 } 840 841 /* 842 * The same as rtwn_get_multi_pos() / rtwn_set_multi(). 843 */ 844 static uint8_t 845 rsu_get_multi_pos(const uint8_t maddr[]) 846 { 847 uint64_t mask = 0x00004d101df481b4; 848 uint8_t pos = 0x27; /* initial value */ 849 int i, j; 850 851 for (i = 0; i < IEEE80211_ADDR_LEN; i++) 852 for (j = (i == 0) ? 1 : 0; j < 8; j++) 853 if ((maddr[i] >> j) & 1) 854 pos ^= (mask >> (i * 8 + j - 1)); 855 856 pos &= 0x3f; 857 858 return (pos); 859 } 860 861 static u_int 862 rsu_hash_maddr(void *arg, struct sockaddr_dl *sdl, u_int cnt) 863 { 864 uint32_t *mfilt = arg; 865 uint8_t pos; 866 867 pos = rsu_get_multi_pos(LLADDR(sdl)); 868 mfilt[pos / 32] |= (1 << (pos % 32)); 869 870 return (1); 871 } 872 873 static void 874 rsu_set_multi(struct rsu_softc *sc) 875 { 876 struct ieee80211com *ic = &sc->sc_ic; 877 uint32_t mfilt[2]; 878 879 RSU_ASSERT_LOCKED(sc); 880 881 /* general structure was copied from ath(4). */ 882 if (ic->ic_allmulti == 0) { 883 struct ieee80211vap *vap; 884 885 /* 886 * Merge multicast addresses to form the hardware filter. 887 */ 888 mfilt[0] = mfilt[1] = 0; 889 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 890 if_foreach_llmaddr(vap->iv_ifp, rsu_hash_maddr, &mfilt); 891 } else 892 mfilt[0] = mfilt[1] = ~0; 893 894 rsu_write_4(sc, R92S_MAR + 0, mfilt[0]); 895 rsu_write_4(sc, R92S_MAR + 4, mfilt[1]); 896 897 RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: MC filter %08x:%08x\n", 898 __func__, mfilt[0], mfilt[1]); 899 } 900 901 static void 902 rsu_update_mcast(struct ieee80211com *ic) 903 { 904 struct rsu_softc *sc = ic->ic_softc; 905 906 RSU_LOCK(sc); 907 if (sc->sc_running) 908 rsu_set_multi(sc); 909 RSU_UNLOCK(sc); 910 } 911 912 static int 913 rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[], 914 int ndata, int maxsz) 915 { 916 int i, error; 917 918 for (i = 0; i < ndata; i++) { 919 struct rsu_data *dp = &data[i]; 920 dp->sc = sc; 921 dp->m = NULL; 922 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT); 923 if (dp->buf == NULL) { 924 device_printf(sc->sc_dev, 925 "could not allocate buffer\n"); 926 error = ENOMEM; 927 goto fail; 928 } 929 dp->ni = NULL; 930 } 931 932 return (0); 933 fail: 934 rsu_free_list(sc, data, ndata); 935 return (error); 936 } 937 938 static int 939 rsu_alloc_rx_list(struct rsu_softc *sc) 940 { 941 int error, i; 942 943 error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT, 944 RSU_RXBUFSZ); 945 if (error != 0) 946 return (error); 947 948 STAILQ_INIT(&sc->sc_rx_active); 949 STAILQ_INIT(&sc->sc_rx_inactive); 950 951 for (i = 0; i < RSU_RX_LIST_COUNT; i++) 952 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next); 953 954 return (0); 955 } 956 957 static int 958 rsu_alloc_tx_list(struct rsu_softc *sc) 959 { 960 int error, i; 961 962 error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT, 963 RSU_TXBUFSZ); 964 if (error != 0) 965 return (error); 966 967 STAILQ_INIT(&sc->sc_tx_inactive); 968 969 for (i = 0; i != RSU_N_TRANSFER; i++) { 970 STAILQ_INIT(&sc->sc_tx_active[i]); 971 STAILQ_INIT(&sc->sc_tx_pending[i]); 972 } 973 974 for (i = 0; i < RSU_TX_LIST_COUNT; i++) { 975 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next); 976 } 977 978 return (0); 979 } 980 981 static void 982 rsu_free_tx_list(struct rsu_softc *sc) 983 { 984 int i; 985 986 /* prevent further allocations from TX list(s) */ 987 STAILQ_INIT(&sc->sc_tx_inactive); 988 989 for (i = 0; i != RSU_N_TRANSFER; i++) { 990 STAILQ_INIT(&sc->sc_tx_active[i]); 991 STAILQ_INIT(&sc->sc_tx_pending[i]); 992 } 993 994 rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT); 995 } 996 997 static void 998 rsu_free_rx_list(struct rsu_softc *sc) 999 { 1000 /* prevent further allocations from RX list(s) */ 1001 STAILQ_INIT(&sc->sc_rx_inactive); 1002 STAILQ_INIT(&sc->sc_rx_active); 1003 1004 rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT); 1005 } 1006 1007 static void 1008 rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata) 1009 { 1010 int i; 1011 1012 for (i = 0; i < ndata; i++) { 1013 struct rsu_data *dp = &data[i]; 1014 1015 if (dp->buf != NULL) { 1016 free(dp->buf, M_USBDEV); 1017 dp->buf = NULL; 1018 } 1019 if (dp->ni != NULL) { 1020 ieee80211_free_node(dp->ni); 1021 dp->ni = NULL; 1022 } 1023 } 1024 } 1025 1026 static struct rsu_data * 1027 _rsu_getbuf(struct rsu_softc *sc) 1028 { 1029 struct rsu_data *bf; 1030 1031 bf = STAILQ_FIRST(&sc->sc_tx_inactive); 1032 if (bf != NULL) 1033 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next); 1034 else 1035 bf = NULL; 1036 return (bf); 1037 } 1038 1039 static struct rsu_data * 1040 rsu_getbuf(struct rsu_softc *sc) 1041 { 1042 struct rsu_data *bf; 1043 1044 RSU_ASSERT_LOCKED(sc); 1045 1046 bf = _rsu_getbuf(sc); 1047 if (bf == NULL) { 1048 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: no buffers\n", __func__); 1049 } 1050 return (bf); 1051 } 1052 1053 static void 1054 rsu_freebuf(struct rsu_softc *sc, struct rsu_data *bf) 1055 { 1056 1057 RSU_ASSERT_LOCKED(sc); 1058 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, bf, next); 1059 } 1060 1061 static int 1062 rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf, 1063 int len) 1064 { 1065 usb_device_request_t req; 1066 1067 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1068 req.bRequest = R92S_REQ_REGS; 1069 USETW(req.wValue, addr); 1070 USETW(req.wIndex, 0); 1071 USETW(req.wLength, len); 1072 1073 return (rsu_do_request(sc, &req, buf)); 1074 } 1075 1076 static void 1077 rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val) 1078 { 1079 rsu_write_region_1(sc, addr, &val, 1); 1080 } 1081 1082 static void 1083 rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val) 1084 { 1085 val = htole16(val); 1086 rsu_write_region_1(sc, addr, (uint8_t *)&val, 2); 1087 } 1088 1089 static void 1090 rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val) 1091 { 1092 val = htole32(val); 1093 rsu_write_region_1(sc, addr, (uint8_t *)&val, 4); 1094 } 1095 1096 static int 1097 rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf, 1098 int len) 1099 { 1100 usb_device_request_t req; 1101 1102 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1103 req.bRequest = R92S_REQ_REGS; 1104 USETW(req.wValue, addr); 1105 USETW(req.wIndex, 0); 1106 USETW(req.wLength, len); 1107 1108 return (rsu_do_request(sc, &req, buf)); 1109 } 1110 1111 static uint8_t 1112 rsu_read_1(struct rsu_softc *sc, uint16_t addr) 1113 { 1114 uint8_t val; 1115 1116 if (rsu_read_region_1(sc, addr, &val, 1) != 0) 1117 return (0xff); 1118 return (val); 1119 } 1120 1121 static uint16_t 1122 rsu_read_2(struct rsu_softc *sc, uint16_t addr) 1123 { 1124 uint16_t val; 1125 1126 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0) 1127 return (0xffff); 1128 return (le16toh(val)); 1129 } 1130 1131 static uint32_t 1132 rsu_read_4(struct rsu_softc *sc, uint16_t addr) 1133 { 1134 uint32_t val; 1135 1136 if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0) 1137 return (0xffffffff); 1138 return (le32toh(val)); 1139 } 1140 1141 static int 1142 rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd) 1143 { 1144 int ntries; 1145 1146 rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd); 1147 rsu_ms_delay(sc, 1); 1148 for (ntries = 0; ntries < 50; ntries++) { 1149 if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0) 1150 return (0); 1151 rsu_ms_delay(sc, 1); 1152 } 1153 return (ETIMEDOUT); 1154 } 1155 1156 static uint8_t 1157 rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr) 1158 { 1159 uint32_t reg; 1160 int ntries; 1161 1162 reg = rsu_read_4(sc, R92S_EFUSE_CTRL); 1163 reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr); 1164 reg &= ~R92S_EFUSE_CTRL_VALID; 1165 rsu_write_4(sc, R92S_EFUSE_CTRL, reg); 1166 /* Wait for read operation to complete. */ 1167 for (ntries = 0; ntries < 100; ntries++) { 1168 reg = rsu_read_4(sc, R92S_EFUSE_CTRL); 1169 if (reg & R92S_EFUSE_CTRL_VALID) 1170 return (MS(reg, R92S_EFUSE_CTRL_DATA)); 1171 rsu_ms_delay(sc, 1); 1172 } 1173 device_printf(sc->sc_dev, 1174 "could not read efuse byte at address 0x%x\n", addr); 1175 return (0xff); 1176 } 1177 1178 static int 1179 rsu_read_rom(struct rsu_softc *sc) 1180 { 1181 uint8_t *rom = sc->rom; 1182 uint16_t addr = 0; 1183 uint32_t reg; 1184 uint8_t off, msk; 1185 int i; 1186 1187 /* Make sure that ROM type is eFuse and that autoload succeeded. */ 1188 reg = rsu_read_1(sc, R92S_EE_9346CR); 1189 if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN) 1190 return (EIO); 1191 1192 /* Turn on 2.5V to prevent eFuse leakage. */ 1193 reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3); 1194 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80); 1195 rsu_ms_delay(sc, 1); 1196 rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80); 1197 1198 /* Read full ROM image. */ 1199 memset(&sc->rom, 0xff, sizeof(sc->rom)); 1200 while (addr < 512) { 1201 reg = rsu_efuse_read_1(sc, addr); 1202 if (reg == 0xff) 1203 break; 1204 addr++; 1205 off = reg >> 4; 1206 msk = reg & 0xf; 1207 for (i = 0; i < 4; i++) { 1208 if (msk & (1 << i)) 1209 continue; 1210 rom[off * 8 + i * 2 + 0] = 1211 rsu_efuse_read_1(sc, addr); 1212 addr++; 1213 rom[off * 8 + i * 2 + 1] = 1214 rsu_efuse_read_1(sc, addr); 1215 addr++; 1216 } 1217 } 1218 #ifdef USB_DEBUG 1219 if (rsu_debug & RSU_DEBUG_RESET) { 1220 /* Dump ROM content. */ 1221 printf("\n"); 1222 for (i = 0; i < sizeof(sc->rom); i++) 1223 printf("%02x:", rom[i]); 1224 printf("\n"); 1225 } 1226 #endif 1227 return (0); 1228 } 1229 1230 static int 1231 rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len) 1232 { 1233 const uint8_t which = RSU_H2C_ENDPOINT; 1234 struct rsu_data *data; 1235 struct r92s_tx_desc *txd; 1236 struct r92s_fw_cmd_hdr *cmd; 1237 int cmdsz; 1238 int xferlen; 1239 1240 RSU_ASSERT_LOCKED(sc); 1241 1242 data = rsu_getbuf(sc); 1243 if (data == NULL) 1244 return (ENOMEM); 1245 1246 /* Blank the entire payload, just to be safe */ 1247 memset(data->buf, '\0', RSU_TXBUFSZ); 1248 1249 /* Round-up command length to a multiple of 8 bytes. */ 1250 /* XXX TODO: is this required? */ 1251 cmdsz = (len + 7) & ~7; 1252 1253 xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz; 1254 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__)); 1255 memset(data->buf, 0, xferlen); 1256 1257 /* Setup Tx descriptor. */ 1258 txd = (struct r92s_tx_desc *)data->buf; 1259 txd->txdw0 = htole32( 1260 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) | 1261 SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) | 1262 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG); 1263 txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C)); 1264 1265 /* Setup command header. */ 1266 cmd = (struct r92s_fw_cmd_hdr *)&txd[1]; 1267 cmd->len = htole16(cmdsz); 1268 cmd->code = code; 1269 cmd->seq = sc->cmd_seq; 1270 sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f; 1271 1272 /* Copy command payload. */ 1273 memcpy(&cmd[1], buf, len); 1274 1275 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FWCMD, 1276 "%s: Tx cmd code=0x%x len=0x%x\n", 1277 __func__, code, cmdsz); 1278 data->buflen = xferlen; 1279 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 1280 usbd_transfer_start(sc->sc_xfer[which]); 1281 1282 return (0); 1283 } 1284 1285 /* ARGSUSED */ 1286 static void 1287 rsu_calib_task(void *arg, int pending __unused) 1288 { 1289 struct rsu_softc *sc = arg; 1290 #ifdef notyet 1291 uint32_t reg; 1292 #endif 1293 1294 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: running calibration task\n", 1295 __func__); 1296 1297 RSU_LOCK(sc); 1298 #ifdef notyet 1299 /* Read WPS PBC status. */ 1300 rsu_write_1(sc, R92S_MAC_PINMUX_CTRL, 1301 R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG)); 1302 rsu_write_1(sc, R92S_GPIO_IO_SEL, 1303 rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS); 1304 reg = rsu_read_1(sc, R92S_GPIO_CTRL); 1305 if (reg != 0xff && (reg & R92S_GPIO_WPS)) 1306 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "WPS PBC is pushed\n"); 1307 #endif 1308 /* Read current signal level. */ 1309 if (rsu_fw_iocmd(sc, 0xf4000001) == 0) { 1310 sc->sc_currssi = rsu_read_4(sc, R92S_IOCMD_DATA); 1311 RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: RSSI=%d (%d)\n", 1312 __func__, sc->sc_currssi, 1313 rsu_hwrssi_to_rssi(sc, sc->sc_currssi)); 1314 } 1315 if (sc->sc_calibrating) 1316 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz); 1317 RSU_UNLOCK(sc); 1318 } 1319 1320 static void 1321 rsu_tx_task(void *arg, int pending __unused) 1322 { 1323 struct rsu_softc *sc = arg; 1324 1325 RSU_LOCK(sc); 1326 _rsu_start(sc); 1327 RSU_UNLOCK(sc); 1328 } 1329 1330 #define RSU_PWR_UNKNOWN 0x0 1331 #define RSU_PWR_ACTIVE 0x1 1332 #define RSU_PWR_OFF 0x2 1333 #define RSU_PWR_SLEEP 0x3 1334 1335 /* 1336 * Set the current power state. 1337 * 1338 * The rtlwifi code doesn't do this so aggressively; it 1339 * waits for an idle period after association with 1340 * no traffic before doing this. 1341 * 1342 * For now - it's on in all states except RUN, and 1343 * in RUN it'll transition to allow sleep. 1344 */ 1345 1346 struct r92s_pwr_cmd { 1347 uint8_t mode; 1348 uint8_t smart_ps; 1349 uint8_t bcn_pass_time; 1350 }; 1351 1352 static int 1353 rsu_set_fw_power_state(struct rsu_softc *sc, int state) 1354 { 1355 struct r92s_set_pwr_mode cmd; 1356 //struct r92s_pwr_cmd cmd; 1357 int error; 1358 1359 RSU_ASSERT_LOCKED(sc); 1360 1361 /* only change state if required */ 1362 if (sc->sc_curpwrstate == state) 1363 return (0); 1364 1365 memset(&cmd, 0, sizeof(cmd)); 1366 1367 switch (state) { 1368 case RSU_PWR_ACTIVE: 1369 /* Force the hardware awake */ 1370 rsu_write_1(sc, R92S_USB_HRPWM, 1371 R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON); 1372 cmd.mode = R92S_PS_MODE_ACTIVE; 1373 break; 1374 case RSU_PWR_SLEEP: 1375 cmd.mode = R92S_PS_MODE_DTIM; /* XXX configurable? */ 1376 cmd.smart_ps = 1; /* XXX 2 if doing p2p */ 1377 cmd.bcn_pass_time = 5; /* in 100mS usb.c, linux/rtlwifi */ 1378 break; 1379 case RSU_PWR_OFF: 1380 cmd.mode = R92S_PS_MODE_RADIOOFF; 1381 break; 1382 default: 1383 device_printf(sc->sc_dev, "%s: unknown ps mode (%d)\n", 1384 __func__, 1385 state); 1386 return (ENXIO); 1387 } 1388 1389 RSU_DPRINTF(sc, RSU_DEBUG_RESET, 1390 "%s: setting ps mode to %d (mode %d)\n", 1391 __func__, state, cmd.mode); 1392 error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd)); 1393 if (error == 0) 1394 sc->sc_curpwrstate = state; 1395 1396 return (error); 1397 } 1398 1399 static void 1400 rsu_set_led(struct rsu_softc *sc, int on) 1401 { 1402 rsu_write_1(sc, R92S_LEDCFG, 1403 (rsu_read_1(sc, R92S_LEDCFG) & 0xf0) | (!on << 3)); 1404 } 1405 1406 static int 1407 rsu_monitor_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, 1408 int arg) 1409 { 1410 struct ieee80211com *ic = vap->iv_ic; 1411 struct rsu_softc *sc = ic->ic_softc; 1412 struct rsu_vap *uvp = RSU_VAP(vap); 1413 1414 if (vap->iv_state != nstate) { 1415 IEEE80211_UNLOCK(ic); 1416 RSU_LOCK(sc); 1417 1418 switch (nstate) { 1419 case IEEE80211_S_INIT: 1420 sc->sc_vap_is_running = 0; 1421 rsu_set_led(sc, 0); 1422 break; 1423 case IEEE80211_S_RUN: 1424 sc->sc_vap_is_running = 1; 1425 rsu_set_led(sc, 1); 1426 break; 1427 default: 1428 /* NOTREACHED */ 1429 break; 1430 } 1431 rsu_rxfilter_refresh(sc); 1432 1433 RSU_UNLOCK(sc); 1434 IEEE80211_LOCK(ic); 1435 } 1436 1437 return (uvp->newstate(vap, nstate, arg)); 1438 } 1439 1440 static int 1441 rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1442 { 1443 struct rsu_vap *uvp = RSU_VAP(vap); 1444 struct ieee80211com *ic = vap->iv_ic; 1445 struct rsu_softc *sc = ic->ic_softc; 1446 struct ieee80211_node *ni; 1447 struct ieee80211_rateset *rs; 1448 enum ieee80211_state ostate; 1449 int error, startcal = 0; 1450 1451 ostate = vap->iv_state; 1452 RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: %s -> %s\n", 1453 __func__, 1454 ieee80211_state_name[ostate], 1455 ieee80211_state_name[nstate]); 1456 1457 IEEE80211_UNLOCK(ic); 1458 if (ostate == IEEE80211_S_RUN) { 1459 RSU_LOCK(sc); 1460 /* Stop calibration. */ 1461 sc->sc_calibrating = 0; 1462 1463 /* Pause Tx for AC queues. */ 1464 rsu_write_1(sc, R92S_TXPAUSE, R92S_TXPAUSE_AC); 1465 usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10)); 1466 1467 RSU_UNLOCK(sc); 1468 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task); 1469 taskqueue_drain(taskqueue_thread, &sc->tx_task); 1470 RSU_LOCK(sc); 1471 /* Disassociate from our current BSS. */ 1472 rsu_disconnect(sc); 1473 usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10)); 1474 1475 /* Refresh Rx filter (may be modified by firmware). */ 1476 sc->sc_vap_is_running = 0; 1477 rsu_rxfilter_refresh(sc); 1478 1479 /* Reinstall static keys. */ 1480 if (sc->sc_running) 1481 rsu_reinit_static_keys(sc); 1482 } else 1483 RSU_LOCK(sc); 1484 switch (nstate) { 1485 case IEEE80211_S_INIT: 1486 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); 1487 break; 1488 case IEEE80211_S_AUTH: 1489 ni = ieee80211_ref_node(vap->iv_bss); 1490 (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); 1491 error = rsu_join_bss(sc, ni); 1492 ieee80211_free_node(ni); 1493 if (error != 0) { 1494 device_printf(sc->sc_dev, 1495 "could not send join command\n"); 1496 } 1497 break; 1498 case IEEE80211_S_RUN: 1499 /* Flush all AC queues. */ 1500 rsu_write_1(sc, R92S_TXPAUSE, 0); 1501 1502 ni = ieee80211_ref_node(vap->iv_bss); 1503 rs = &ni->ni_rates; 1504 /* Indicate highest supported rate. */ 1505 ni->ni_txrate = rs->rs_rates[rs->rs_nrates - 1]; 1506 (void) rsu_set_fw_power_state(sc, RSU_PWR_SLEEP); 1507 ieee80211_free_node(ni); 1508 startcal = 1; 1509 break; 1510 default: 1511 break; 1512 } 1513 if (startcal != 0) { 1514 sc->sc_calibrating = 1; 1515 /* Start periodic calibration. */ 1516 taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, 1517 hz); 1518 } 1519 RSU_UNLOCK(sc); 1520 IEEE80211_LOCK(ic); 1521 return (uvp->newstate(vap, nstate, arg)); 1522 } 1523 1524 static int 1525 rsu_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, 1526 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) 1527 { 1528 struct rsu_softc *sc = vap->iv_ic->ic_softc; 1529 int is_checked = 0; 1530 1531 if (&vap->iv_nw_keys[0] <= k && 1532 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 1533 *keyix = ieee80211_crypto_get_key_wepidx(vap, k); 1534 } else { 1535 if (vap->iv_opmode != IEEE80211_M_STA) { 1536 *keyix = 0; 1537 /* TODO: obtain keyix from node id */ 1538 is_checked = 1; 1539 k->wk_flags |= IEEE80211_KEY_SWCRYPT; 1540 } else 1541 *keyix = R92S_MACID_BSS; 1542 } 1543 1544 if (!is_checked) { 1545 RSU_LOCK(sc); 1546 if (isset(sc->keys_bmap, *keyix)) { 1547 device_printf(sc->sc_dev, 1548 "%s: key slot %d is already used!\n", 1549 __func__, *keyix); 1550 RSU_UNLOCK(sc); 1551 return (0); 1552 } 1553 setbit(sc->keys_bmap, *keyix); 1554 RSU_UNLOCK(sc); 1555 } 1556 1557 *rxkeyix = *keyix; 1558 1559 return (1); 1560 } 1561 1562 static int 1563 rsu_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, 1564 int set) 1565 { 1566 struct rsu_softc *sc = vap->iv_ic->ic_softc; 1567 int ret; 1568 1569 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { 1570 /* Not for us. */ 1571 return (1); 1572 } 1573 1574 /* Handle group keys. */ 1575 if (&vap->iv_nw_keys[0] <= k && 1576 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { 1577 KASSERT(k->wk_keyix < nitems(sc->group_keys), 1578 ("keyix %u > %zu\n", k->wk_keyix, nitems(sc->group_keys))); 1579 1580 RSU_LOCK(sc); 1581 sc->group_keys[k->wk_keyix] = (set ? k : NULL); 1582 if (!sc->sc_running) { 1583 /* Static keys will be set during device startup. */ 1584 RSU_UNLOCK(sc); 1585 return (1); 1586 } 1587 1588 if (set) 1589 ret = rsu_set_key_group(sc, k); 1590 else 1591 ret = rsu_delete_key(sc, k->wk_keyix); 1592 RSU_UNLOCK(sc); 1593 1594 return (!ret); 1595 } 1596 1597 if (set) { 1598 /* wait for pending key removal */ 1599 taskqueue_drain(taskqueue_thread, &sc->del_key_task); 1600 1601 RSU_LOCK(sc); 1602 ret = rsu_set_key_pair(sc, k); 1603 RSU_UNLOCK(sc); 1604 } else { 1605 RSU_DELKEY_BMAP_LOCK(sc); 1606 setbit(sc->free_keys_bmap, k->wk_keyix); 1607 RSU_DELKEY_BMAP_UNLOCK(sc); 1608 1609 /* workaround ieee80211_node_delucastkey() locking */ 1610 taskqueue_enqueue(taskqueue_thread, &sc->del_key_task); 1611 ret = 0; /* fake success */ 1612 } 1613 1614 return (!ret); 1615 } 1616 1617 static int 1618 rsu_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) 1619 { 1620 return (rsu_process_key(vap, k, 1)); 1621 } 1622 1623 static int 1624 rsu_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 1625 { 1626 return (rsu_process_key(vap, k, 0)); 1627 } 1628 1629 static int 1630 rsu_cam_read(struct rsu_softc *sc, uint8_t addr, uint32_t *val) 1631 { 1632 int ntries; 1633 1634 rsu_write_4(sc, R92S_CAMCMD, 1635 R92S_CAMCMD_POLLING | SM(R92S_CAMCMD_ADDR, addr)); 1636 for (ntries = 0; ntries < 10; ntries++) { 1637 if (!(rsu_read_4(sc, R92S_CAMCMD) & R92S_CAMCMD_POLLING)) 1638 break; 1639 1640 usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(1)); 1641 } 1642 if (ntries == 10) { 1643 device_printf(sc->sc_dev, 1644 "%s: cannot read CAM entry at address %02X\n", 1645 __func__, addr); 1646 return (ETIMEDOUT); 1647 } 1648 1649 *val = rsu_read_4(sc, R92S_CAMREAD); 1650 1651 return (0); 1652 } 1653 1654 static void 1655 rsu_cam_write(struct rsu_softc *sc, uint8_t addr, uint32_t data) 1656 { 1657 1658 rsu_write_4(sc, R92S_CAMWRITE, data); 1659 rsu_write_4(sc, R92S_CAMCMD, 1660 R92S_CAMCMD_POLLING | R92S_CAMCMD_WRITE | 1661 SM(R92S_CAMCMD_ADDR, addr)); 1662 } 1663 1664 static int 1665 rsu_key_check(struct rsu_softc *sc, ieee80211_keyix keyix, int is_valid) 1666 { 1667 uint32_t val; 1668 int error, ntries; 1669 1670 for (ntries = 0; ntries < 20; ntries++) { 1671 usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(1)); 1672 1673 error = rsu_cam_read(sc, R92S_CAM_CTL0(keyix), &val); 1674 if (error != 0) { 1675 device_printf(sc->sc_dev, 1676 "%s: cannot check key status!\n", __func__); 1677 return (error); 1678 } 1679 if (((val & R92S_CAM_VALID) == 0) ^ is_valid) 1680 break; 1681 } 1682 if (ntries == 20) { 1683 device_printf(sc->sc_dev, 1684 "%s: key %d is %s marked as valid, rejecting request\n", 1685 __func__, keyix, is_valid ? "not" : "still"); 1686 return (EIO); 1687 } 1688 1689 return (0); 1690 } 1691 1692 /* 1693 * Map net80211 cipher to RTL8712 security mode. 1694 */ 1695 static uint8_t 1696 rsu_crypto_mode(struct rsu_softc *sc, u_int cipher, int keylen) 1697 { 1698 switch (cipher) { 1699 case IEEE80211_CIPHER_WEP: 1700 return keylen < 8 ? R92S_KEY_ALGO_WEP40 : R92S_KEY_ALGO_WEP104; 1701 case IEEE80211_CIPHER_TKIP: 1702 return R92S_KEY_ALGO_TKIP; 1703 case IEEE80211_CIPHER_AES_CCM: 1704 return R92S_KEY_ALGO_AES; 1705 default: 1706 device_printf(sc->sc_dev, "unknown cipher %d\n", cipher); 1707 return R92S_KEY_ALGO_INVALID; 1708 } 1709 } 1710 1711 static int 1712 rsu_set_key_group(struct rsu_softc *sc, const struct ieee80211_key *k) 1713 { 1714 struct r92s_fw_cmd_set_key key; 1715 uint8_t algo; 1716 int error; 1717 1718 RSU_ASSERT_LOCKED(sc); 1719 1720 /* Map net80211 cipher to HW crypto algorithm. */ 1721 algo = rsu_crypto_mode(sc, k->wk_cipher->ic_cipher, k->wk_keylen); 1722 if (algo == R92S_KEY_ALGO_INVALID) 1723 return (EINVAL); 1724 1725 memset(&key, 0, sizeof(key)); 1726 key.algo = algo; 1727 key.cam_id = k->wk_keyix; 1728 key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0; 1729 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key))); 1730 1731 RSU_DPRINTF(sc, RSU_DEBUG_KEY | RSU_DEBUG_FWCMD, 1732 "%s: keyix %u, group %u, algo %u/%u, flags %04X, len %u, " 1733 "macaddr %s\n", __func__, key.cam_id, key.grpkey, 1734 k->wk_cipher->ic_cipher, key.algo, k->wk_flags, k->wk_keylen, 1735 ether_sprintf(k->wk_macaddr)); 1736 1737 error = rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); 1738 if (error != 0) { 1739 device_printf(sc->sc_dev, 1740 "%s: cannot send firmware command, error %d\n", 1741 __func__, error); 1742 return (error); 1743 } 1744 1745 return (rsu_key_check(sc, k->wk_keyix, 1)); 1746 } 1747 1748 static int 1749 rsu_set_key_pair(struct rsu_softc *sc, const struct ieee80211_key *k) 1750 { 1751 struct r92s_fw_cmd_set_key_mac key; 1752 uint8_t algo; 1753 int error; 1754 1755 RSU_ASSERT_LOCKED(sc); 1756 1757 if (!sc->sc_running) 1758 return (ESHUTDOWN); 1759 1760 /* Map net80211 cipher to HW crypto algorithm. */ 1761 algo = rsu_crypto_mode(sc, k->wk_cipher->ic_cipher, k->wk_keylen); 1762 if (algo == R92S_KEY_ALGO_INVALID) 1763 return (EINVAL); 1764 1765 memset(&key, 0, sizeof(key)); 1766 key.algo = algo; 1767 memcpy(key.macaddr, k->wk_macaddr, sizeof(key.macaddr)); 1768 memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key))); 1769 1770 RSU_DPRINTF(sc, RSU_DEBUG_KEY | RSU_DEBUG_FWCMD, 1771 "%s: keyix %u, algo %u/%u, flags %04X, len %u, macaddr %s\n", 1772 __func__, k->wk_keyix, k->wk_cipher->ic_cipher, key.algo, 1773 k->wk_flags, k->wk_keylen, ether_sprintf(key.macaddr)); 1774 1775 error = rsu_fw_cmd(sc, R92S_CMD_SET_STA_KEY, &key, sizeof(key)); 1776 if (error != 0) { 1777 device_printf(sc->sc_dev, 1778 "%s: cannot send firmware command, error %d\n", 1779 __func__, error); 1780 return (error); 1781 } 1782 1783 return (rsu_key_check(sc, k->wk_keyix, 1)); 1784 } 1785 1786 static int 1787 rsu_reinit_static_keys(struct rsu_softc *sc) 1788 { 1789 int i, error; 1790 1791 for (i = 0; i < nitems(sc->group_keys); i++) { 1792 if (sc->group_keys[i] != NULL) { 1793 error = rsu_set_key_group(sc, sc->group_keys[i]); 1794 if (error != 0) { 1795 device_printf(sc->sc_dev, 1796 "%s: failed to set static key %d, " 1797 "error %d\n", __func__, i, error); 1798 return (error); 1799 } 1800 } 1801 } 1802 1803 return (0); 1804 } 1805 1806 static int 1807 rsu_delete_key(struct rsu_softc *sc, ieee80211_keyix keyix) 1808 { 1809 struct r92s_fw_cmd_set_key key; 1810 uint32_t val; 1811 int error; 1812 1813 RSU_ASSERT_LOCKED(sc); 1814 1815 if (!sc->sc_running) 1816 return (0); 1817 1818 /* check if it was automatically removed by firmware */ 1819 error = rsu_cam_read(sc, R92S_CAM_CTL0(keyix), &val); 1820 if (error == 0 && (val & R92S_CAM_VALID) == 0) { 1821 RSU_DPRINTF(sc, RSU_DEBUG_KEY, 1822 "%s: key %u does not exist\n", __func__, keyix); 1823 clrbit(sc->keys_bmap, keyix); 1824 return (0); 1825 } 1826 1827 memset(&key, 0, sizeof(key)); 1828 key.cam_id = keyix; 1829 1830 RSU_DPRINTF(sc, RSU_DEBUG_KEY | RSU_DEBUG_FWCMD, 1831 "%s: removing key %u\n", __func__, key.cam_id); 1832 1833 error = rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); 1834 if (error != 0) { 1835 device_printf(sc->sc_dev, 1836 "%s: cannot send firmware command, error %d\n", 1837 __func__, error); 1838 goto finish; 1839 } 1840 1841 usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(5)); 1842 1843 /* 1844 * Clear 'valid' bit manually (cannot be done via firmware command). 1845 * Used for key check + when firmware command cannot be sent. 1846 */ 1847 finish: 1848 rsu_cam_write(sc, R92S_CAM_CTL0(keyix), 0); 1849 1850 clrbit(sc->keys_bmap, keyix); 1851 1852 return (rsu_key_check(sc, keyix, 0)); 1853 } 1854 1855 static void 1856 rsu_delete_key_pair_cb(void *arg, int pending __unused) 1857 { 1858 struct rsu_softc *sc = arg; 1859 int i; 1860 1861 RSU_DELKEY_BMAP_LOCK(sc); 1862 for (i = IEEE80211_WEP_NKID; i < R92S_CAM_ENTRY_LIMIT; i++) { 1863 if (isset(sc->free_keys_bmap, i)) { 1864 RSU_DELKEY_BMAP_UNLOCK(sc); 1865 1866 RSU_LOCK(sc); 1867 RSU_DPRINTF(sc, RSU_DEBUG_KEY, 1868 "%s: calling rsu_delete_key() with keyix = %d\n", 1869 __func__, i); 1870 (void) rsu_delete_key(sc, i); 1871 RSU_UNLOCK(sc); 1872 1873 RSU_DELKEY_BMAP_LOCK(sc); 1874 clrbit(sc->free_keys_bmap, i); 1875 1876 /* bmap can be changed */ 1877 i = IEEE80211_WEP_NKID - 1; 1878 continue; 1879 } 1880 } 1881 RSU_DELKEY_BMAP_UNLOCK(sc); 1882 } 1883 1884 static int 1885 rsu_site_survey(struct rsu_softc *sc, struct ieee80211_scan_ssid *ssid) 1886 { 1887 struct r92s_fw_cmd_sitesurvey cmd; 1888 1889 RSU_ASSERT_LOCKED(sc); 1890 1891 memset(&cmd, 0, sizeof(cmd)); 1892 /* TODO: passive channels? */ 1893 if (sc->sc_active_scan) 1894 cmd.active = htole32(1); 1895 cmd.limit = htole32(48); 1896 1897 if (ssid != NULL) { 1898 sc->sc_extra_scan = 1; 1899 cmd.ssidlen = htole32(ssid->len); 1900 memcpy(cmd.ssid, ssid->ssid, ssid->len); 1901 } 1902 #ifdef USB_DEBUG 1903 if (rsu_debug & (RSU_DEBUG_SCAN | RSU_DEBUG_FWCMD)) { 1904 device_printf(sc->sc_dev, 1905 "sending site survey command, active %d", 1906 le32toh(cmd.active)); 1907 if (ssid != NULL) { 1908 printf(", ssid: "); 1909 ieee80211_print_essid(cmd.ssid, le32toh(cmd.ssidlen)); 1910 } 1911 printf("\n"); 1912 } 1913 #endif 1914 return (rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd))); 1915 } 1916 1917 static int 1918 rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni) 1919 { 1920 struct ieee80211com *ic = &sc->sc_ic; 1921 struct ieee80211vap *vap = ni->ni_vap; 1922 struct ndis_wlan_bssid_ex *bss; 1923 struct ndis_802_11_fixed_ies *fixed; 1924 struct r92s_fw_cmd_auth auth; 1925 uint8_t buf[sizeof(*bss) + 128] __aligned(4); 1926 uint8_t *frm; 1927 uint8_t opmode; 1928 int error; 1929 1930 RSU_ASSERT_LOCKED(sc); 1931 1932 /* Let the FW decide the opmode based on the capinfo field. */ 1933 opmode = NDIS802_11AUTOUNKNOWN; 1934 RSU_DPRINTF(sc, RSU_DEBUG_RESET, 1935 "%s: setting operating mode to %d\n", 1936 __func__, opmode); 1937 error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode)); 1938 if (error != 0) 1939 return (error); 1940 1941 memset(&auth, 0, sizeof(auth)); 1942 if (vap->iv_flags & IEEE80211_F_WPA) { 1943 auth.mode = R92S_AUTHMODE_WPA; 1944 auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X); 1945 } else 1946 auth.mode = R92S_AUTHMODE_OPEN; 1947 RSU_DPRINTF(sc, RSU_DEBUG_RESET, 1948 "%s: setting auth mode to %d\n", 1949 __func__, auth.mode); 1950 error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth)); 1951 if (error != 0) 1952 return (error); 1953 1954 memset(buf, 0, sizeof(buf)); 1955 bss = (struct ndis_wlan_bssid_ex *)buf; 1956 IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid); 1957 bss->ssid.ssidlen = htole32(ni->ni_esslen); 1958 memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen); 1959 if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA)) 1960 bss->privacy = htole32(1); 1961 bss->rssi = htole32(ni->ni_avgrssi); 1962 if (ic->ic_curmode == IEEE80211_MODE_11B) 1963 bss->networktype = htole32(NDIS802_11DS); 1964 else 1965 bss->networktype = htole32(NDIS802_11OFDM24); 1966 bss->config.len = htole32(sizeof(bss->config)); 1967 bss->config.bintval = htole32(ni->ni_intval); 1968 bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan)); 1969 bss->inframode = htole32(NDIS802_11INFRASTRUCTURE); 1970 /* XXX verify how this is supposed to look! */ 1971 memcpy(bss->supprates, ni->ni_rates.rs_rates, 1972 ni->ni_rates.rs_nrates); 1973 /* Write the fixed fields of the beacon frame. */ 1974 fixed = (struct ndis_802_11_fixed_ies *)&bss[1]; 1975 memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8); 1976 fixed->bintval = htole16(ni->ni_intval); 1977 fixed->capabilities = htole16(ni->ni_capinfo); 1978 /* Write IEs to be included in the association request. */ 1979 frm = (uint8_t *)&fixed[1]; 1980 frm = ieee80211_add_rsn(frm, vap); 1981 frm = ieee80211_add_wpa(frm, vap); 1982 frm = ieee80211_add_qos(frm, ni); 1983 if ((ic->ic_flags & IEEE80211_F_WME) && 1984 (ni->ni_ies.wme_ie != NULL)) 1985 frm = ieee80211_add_wme_info(frm, &ic->ic_wme, ni); 1986 if (ni->ni_flags & IEEE80211_NODE_HT) { 1987 frm = ieee80211_add_htcap(frm, ni); 1988 frm = ieee80211_add_htinfo(frm, ni); 1989 } 1990 bss->ieslen = htole32(frm - (uint8_t *)fixed); 1991 bss->len = htole32(((frm - buf) + 3) & ~3); 1992 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_FWCMD, 1993 "%s: sending join bss command to %s chan %d\n", 1994 __func__, 1995 ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig)); 1996 return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf))); 1997 } 1998 1999 static int 2000 rsu_disconnect(struct rsu_softc *sc) 2001 { 2002 uint32_t zero = 0; /* :-) */ 2003 2004 /* Disassociate from our current BSS. */ 2005 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, 2006 "%s: sending disconnect command\n", __func__); 2007 return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero))); 2008 } 2009 2010 /* 2011 * Map the hardware provided RSSI value to a signal level. 2012 * For the most part it's just something we divide by and cap 2013 * so it doesn't overflow the representation by net80211. 2014 */ 2015 static int 2016 rsu_hwrssi_to_rssi(struct rsu_softc *sc, int hw_rssi) 2017 { 2018 int v; 2019 2020 if (hw_rssi == 0) 2021 return (0); 2022 v = hw_rssi >> 4; 2023 if (v > 80) 2024 v = 80; 2025 return (v); 2026 } 2027 2028 CTASSERT(MCLBYTES > sizeof(struct ieee80211_frame)); 2029 2030 static void 2031 rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len) 2032 { 2033 struct ieee80211com *ic = &sc->sc_ic; 2034 struct ieee80211_frame *wh; 2035 struct ndis_wlan_bssid_ex *bss; 2036 struct ieee80211_rx_stats rxs; 2037 struct mbuf *m; 2038 uint32_t ieslen; 2039 uint32_t pktlen; 2040 2041 if (__predict_false(len < sizeof(*bss))) 2042 return; 2043 bss = (struct ndis_wlan_bssid_ex *)buf; 2044 ieslen = le32toh(bss->ieslen); 2045 /* range check length of information element */ 2046 if (__predict_false(ieslen > (uint32_t)(len - sizeof(*bss)))) 2047 return; 2048 2049 RSU_DPRINTF(sc, RSU_DEBUG_SCAN, 2050 "%s: found BSS %s: len=%d chan=%d inframode=%d " 2051 "networktype=%d privacy=%d, RSSI=%d\n", 2052 __func__, 2053 ether_sprintf(bss->macaddr), ieslen, 2054 le32toh(bss->config.dsconfig), le32toh(bss->inframode), 2055 le32toh(bss->networktype), le32toh(bss->privacy), 2056 le32toh(bss->rssi)); 2057 2058 /* Build a fake beacon frame to let net80211 do all the parsing. */ 2059 /* XXX TODO: just call the new scan API methods! */ 2060 if (__predict_false(ieslen > (size_t)(MCLBYTES - sizeof(*wh)))) 2061 return; 2062 pktlen = sizeof(*wh) + ieslen; 2063 m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR); 2064 if (__predict_false(m == NULL)) 2065 return; 2066 wh = mtod(m, struct ieee80211_frame *); 2067 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2068 IEEE80211_FC0_SUBTYPE_BEACON; 2069 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2070 USETW(wh->i_dur, 0); 2071 IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr); 2072 IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr); 2073 IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr); 2074 *(uint16_t *)wh->i_seq = 0; 2075 memcpy(&wh[1], (uint8_t *)&bss[1], ieslen); 2076 2077 /* Finalize mbuf. */ 2078 m->m_pkthdr.len = m->m_len = pktlen; 2079 2080 /* Set channel flags for input path */ 2081 bzero(&rxs, sizeof(rxs)); 2082 rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; 2083 rxs.r_flags |= IEEE80211_R_BAND; 2084 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 2085 rxs.c_ieee = le32toh(bss->config.dsconfig); 2086 rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); 2087 rxs.c_band = IEEE80211_CHAN_2GHZ; 2088 /* This is a number from 0..100; so let's just divide it down a bit */ 2089 rxs.c_rssi = le32toh(bss->rssi) / 2; 2090 rxs.c_nf = -96; 2091 if (ieee80211_add_rx_params(m, &rxs) == 0) 2092 return; 2093 2094 /* XXX avoid a LOR */ 2095 RSU_UNLOCK(sc); 2096 ieee80211_input_mimo_all(ic, m); 2097 RSU_LOCK(sc); 2098 } 2099 2100 static void 2101 rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len) 2102 { 2103 struct ieee80211com *ic = &sc->sc_ic; 2104 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2105 struct ieee80211_node *ni = vap->iv_bss; 2106 struct r92s_event_join_bss *rsp; 2107 uint32_t tmp; 2108 int res; 2109 2110 if (__predict_false(len < sizeof(*rsp))) 2111 return; 2112 rsp = (struct r92s_event_join_bss *)buf; 2113 res = (int)le32toh(rsp->join_res); 2114 2115 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, 2116 "%s: Rx join BSS event len=%d res=%d\n", 2117 __func__, len, res); 2118 2119 /* 2120 * XXX Don't do this; there's likely a better way to tell 2121 * the caller we failed. 2122 */ 2123 if (res <= 0) { 2124 RSU_UNLOCK(sc); 2125 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); 2126 RSU_LOCK(sc); 2127 return; 2128 } 2129 2130 tmp = le32toh(rsp->associd); 2131 if (tmp >= vap->iv_max_aid) { 2132 RSU_DPRINTF(sc, RSU_DEBUG_ANY, "Assoc ID overflow\n"); 2133 tmp = 1; 2134 } 2135 RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, 2136 "%s: associated with %s associd=%d\n", 2137 __func__, ether_sprintf(rsp->bss.macaddr), tmp); 2138 /* XXX is this required? What's the top two bits for again? */ 2139 ni->ni_associd = tmp | 0xc000; 2140 2141 /* Refresh Rx filter (was changed by firmware). */ 2142 sc->sc_vap_is_running = 1; 2143 rsu_rxfilter_refresh(sc); 2144 2145 RSU_UNLOCK(sc); 2146 ieee80211_new_state(vap, IEEE80211_S_RUN, 2147 IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2148 RSU_LOCK(sc); 2149 } 2150 2151 static void 2152 rsu_event_addba_req_report(struct rsu_softc *sc, uint8_t *buf, int len) 2153 { 2154 struct ieee80211com *ic = &sc->sc_ic; 2155 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2156 struct r92s_add_ba_event *ba = (void *) buf; 2157 struct ieee80211_node *ni; 2158 2159 if (len < sizeof(*ba)) { 2160 device_printf(sc->sc_dev, "%s: short read (%d)\n", __func__, len); 2161 return; 2162 } 2163 2164 if (vap == NULL) 2165 return; 2166 2167 RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: mac=%s, tid=%d, ssn=%d\n", 2168 __func__, 2169 ether_sprintf(ba->mac_addr), 2170 (int) ba->tid, 2171 (int) le16toh(ba->ssn)); 2172 2173 /* XXX do node lookup; this is STA specific */ 2174 2175 ni = ieee80211_ref_node(vap->iv_bss); 2176 ieee80211_ampdu_rx_start_ext(ni, ba->tid, le16toh(ba->ssn) >> 4, 32); 2177 ieee80211_free_node(ni); 2178 } 2179 2180 static void 2181 rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len) 2182 { 2183 struct ieee80211com *ic = &sc->sc_ic; 2184 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2185 2186 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD, 2187 "%s: Rx event code=%d len=%d\n", __func__, code, len); 2188 switch (code) { 2189 case R92S_EVT_SURVEY: 2190 rsu_event_survey(sc, buf, len); 2191 break; 2192 case R92S_EVT_SURVEY_DONE: 2193 RSU_DPRINTF(sc, RSU_DEBUG_SCAN, 2194 "%s: %s scan done, found %d BSS\n", 2195 __func__, sc->sc_extra_scan ? "direct" : "broadcast", 2196 le32toh(*(uint32_t *)buf)); 2197 if (sc->sc_extra_scan == 1) { 2198 /* Send broadcast probe request. */ 2199 sc->sc_extra_scan = 0; 2200 if (vap != NULL && rsu_site_survey(sc, NULL) != 0) { 2201 RSU_UNLOCK(sc); 2202 ieee80211_cancel_scan(vap); 2203 RSU_LOCK(sc); 2204 } 2205 break; 2206 } 2207 if (vap != NULL) { 2208 RSU_UNLOCK(sc); 2209 ieee80211_scan_done(vap); 2210 RSU_LOCK(sc); 2211 } 2212 break; 2213 case R92S_EVT_JOIN_BSS: 2214 if (vap->iv_state == IEEE80211_S_AUTH) 2215 rsu_event_join_bss(sc, buf, len); 2216 break; 2217 case R92S_EVT_DEL_STA: 2218 RSU_DPRINTF(sc, RSU_DEBUG_FWCMD | RSU_DEBUG_STATE, 2219 "%s: disassociated from %s\n", __func__, 2220 ether_sprintf(buf)); 2221 if (vap->iv_state == IEEE80211_S_RUN && 2222 IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) { 2223 RSU_UNLOCK(sc); 2224 ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); 2225 RSU_LOCK(sc); 2226 } 2227 break; 2228 case R92S_EVT_WPS_PBC: 2229 RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD, 2230 "%s: WPS PBC pushed.\n", __func__); 2231 break; 2232 case R92S_EVT_FWDBG: 2233 buf[60] = '\0'; 2234 RSU_DPRINTF(sc, RSU_DEBUG_FWDBG, "FWDBG: %s\n", (char *)buf); 2235 break; 2236 case R92S_EVT_ADDBA_REQ_REPORT: 2237 rsu_event_addba_req_report(sc, buf, len); 2238 break; 2239 default: 2240 device_printf(sc->sc_dev, "%s: unhandled code (%d)\n", __func__, code); 2241 break; 2242 } 2243 } 2244 2245 static void 2246 rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len) 2247 { 2248 struct r92s_fw_cmd_hdr *cmd; 2249 int cmdsz; 2250 2251 RSU_DPRINTF(sc, RSU_DEBUG_RX, "%s: Rx events len=%d\n", __func__, len); 2252 2253 /* Skip Rx status. */ 2254 buf += sizeof(struct r92s_rx_stat); 2255 len -= sizeof(struct r92s_rx_stat); 2256 2257 /* Process all events. */ 2258 for (;;) { 2259 /* Check that command header fits. */ 2260 if (__predict_false(len < sizeof(*cmd))) 2261 break; 2262 cmd = (struct r92s_fw_cmd_hdr *)buf; 2263 /* Check that command payload fits. */ 2264 cmdsz = le16toh(cmd->len); 2265 if (__predict_false(len < sizeof(*cmd) + cmdsz)) 2266 break; 2267 2268 /* Process firmware event. */ 2269 rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz); 2270 2271 if (!(cmd->seq & R92S_FW_CMD_MORE)) 2272 break; 2273 buf += sizeof(*cmd) + cmdsz; 2274 len -= sizeof(*cmd) + cmdsz; 2275 } 2276 } 2277 2278 static int8_t 2279 rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt) 2280 { 2281 static const int8_t cckoff[] = { 14, -2, -20, -40 }; 2282 struct r92s_rx_phystat *phy; 2283 struct r92s_rx_cck *cck; 2284 uint8_t rpt; 2285 int8_t rssi; 2286 2287 if (rate <= 3) { 2288 cck = (struct r92s_rx_cck *)physt; 2289 rpt = (cck->agc_rpt >> 6) & 0x3; 2290 rssi = cck->agc_rpt & 0x3e; 2291 rssi = cckoff[rpt] - rssi; 2292 } else { /* OFDM/HT. */ 2293 phy = (struct r92s_rx_phystat *)physt; 2294 rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106; 2295 } 2296 return (rssi); 2297 } 2298 2299 static struct mbuf * 2300 rsu_rx_copy_to_mbuf(struct rsu_softc *sc, struct r92s_rx_stat *stat, 2301 int totlen) 2302 { 2303 struct ieee80211com *ic = &sc->sc_ic; 2304 struct mbuf *m; 2305 uint32_t rxdw0; 2306 int pktlen; 2307 2308 rxdw0 = le32toh(stat->rxdw0); 2309 if (__predict_false(rxdw0 & (R92S_RXDW0_CRCERR | R92S_RXDW0_ICVERR))) { 2310 RSU_DPRINTF(sc, RSU_DEBUG_RX, 2311 "%s: RX flags error (%s)\n", __func__, 2312 rxdw0 & R92S_RXDW0_CRCERR ? "CRC" : "ICV"); 2313 goto fail; 2314 } 2315 2316 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN); 2317 if (__predict_false(pktlen < sizeof (struct ieee80211_frame_ack))) { 2318 RSU_DPRINTF(sc, RSU_DEBUG_RX, 2319 "%s: frame is too short: %d\n", __func__, pktlen); 2320 goto fail; 2321 } 2322 2323 m = m_get2(totlen, M_NOWAIT, MT_DATA, M_PKTHDR); 2324 if (__predict_false(m == NULL)) { 2325 device_printf(sc->sc_dev, 2326 "%s: could not allocate RX mbuf, totlen %d\n", 2327 __func__, totlen); 2328 goto fail; 2329 } 2330 2331 /* Finalize mbuf. */ 2332 memcpy(mtod(m, uint8_t *), (uint8_t *)stat, totlen); 2333 m->m_pkthdr.len = m->m_len = totlen; 2334 2335 return (m); 2336 fail: 2337 counter_u64_add(ic->ic_ierrors, 1); 2338 return (NULL); 2339 } 2340 2341 static uint32_t 2342 rsu_get_tsf_low(struct rsu_softc *sc) 2343 { 2344 return (rsu_read_4(sc, R92S_TSFTR)); 2345 } 2346 2347 static uint32_t 2348 rsu_get_tsf_high(struct rsu_softc *sc) 2349 { 2350 return (rsu_read_4(sc, R92S_TSFTR + 4)); 2351 } 2352 2353 static struct ieee80211_node * 2354 rsu_rx_frame(struct rsu_softc *sc, struct mbuf *m) 2355 { 2356 struct ieee80211com *ic = &sc->sc_ic; 2357 struct ieee80211_frame_min *wh; 2358 struct ieee80211_rx_stats rxs; 2359 struct r92s_rx_stat *stat; 2360 uint32_t rxdw0, rxdw3; 2361 uint8_t cipher, rate; 2362 int infosz; 2363 int rssi; 2364 2365 stat = mtod(m, struct r92s_rx_stat *); 2366 rxdw0 = le32toh(stat->rxdw0); 2367 rxdw3 = le32toh(stat->rxdw3); 2368 2369 rate = MS(rxdw3, R92S_RXDW3_RATE); 2370 cipher = MS(rxdw0, R92S_RXDW0_CIPHER); 2371 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8; 2372 2373 /* Get RSSI from PHY status descriptor if present. */ 2374 if (infosz != 0 && (rxdw0 & R92S_RXDW0_PHYST)) 2375 rssi = rsu_get_rssi(sc, rate, &stat[1]); 2376 else { 2377 /* Cheat and get the last calibrated RSSI */ 2378 rssi = rsu_hwrssi_to_rssi(sc, sc->sc_currssi); 2379 } 2380 2381 /* Hardware does Rx TCP checksum offload. */ 2382 /* 2383 * This flag can be set for some other 2384 * (e.g., EAPOL) frame types, so don't rely on it. 2385 */ 2386 if (rxdw3 & R92S_RXDW3_TCPCHKVALID) { 2387 RSU_DPRINTF(sc, RSU_DEBUG_RX, 2388 "%s: TCP/IP checksums: %schecked / %schecked\n", 2389 __func__, 2390 (rxdw3 & R92S_RXDW3_TCPCHKRPT) ? "" : "not ", 2391 (rxdw3 & R92S_RXDW3_IPCHKRPT) ? "" : "not "); 2392 2393 /* 2394 * 'IP header checksum valid' bit will not be set if 2395 * the frame was not checked / has incorrect checksum / 2396 * does not have checksum (IPv6). 2397 * 2398 * NB: if DF bit is not set then frame will not be checked. 2399 */ 2400 if (rxdw3 & R92S_RXDW3_IPCHKRPT) { 2401 m->m_pkthdr.csum_flags = CSUM_IP_CHECKED; 2402 m->m_pkthdr.csum_flags |= CSUM_IP_VALID; 2403 } 2404 2405 /* 2406 * This is independent of the above check. 2407 */ 2408 if (rxdw3 & R92S_RXDW3_TCPCHKRPT) { 2409 m->m_pkthdr.csum_flags |= CSUM_DATA_VALID; 2410 m->m_pkthdr.csum_flags |= CSUM_PSEUDO_HDR; 2411 m->m_pkthdr.csum_data = 0xffff; 2412 } 2413 } 2414 2415 /* RX flags */ 2416 2417 /* Set channel flags for input path */ 2418 bzero(&rxs, sizeof(rxs)); 2419 2420 /* normal RSSI */ 2421 rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; 2422 rxs.c_rssi = rssi; 2423 rxs.c_nf = -96; 2424 2425 /* Rate */ 2426 if (rate < 12) { 2427 rxs.c_rate = ridx2rate[rate]; 2428 if (RSU_RATE_IS_CCK(rate)) 2429 rxs.c_pktflags |= IEEE80211_RX_F_CCK; 2430 else 2431 rxs.c_pktflags |= IEEE80211_RX_F_OFDM; 2432 } else { 2433 rxs.c_rate = IEEE80211_RATE_MCS | (rate - 12); 2434 rxs.c_pktflags |= IEEE80211_RX_F_HT; 2435 } 2436 2437 if (ieee80211_radiotap_active(ic)) { 2438 struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap; 2439 2440 /* Map HW rate index to 802.11 rate. */ 2441 tap->wr_flags = 0; /* TODO */ 2442 tap->wr_tsft = rsu_get_tsf_high(sc); 2443 if (le32toh(stat->tsf_low) > rsu_get_tsf_low(sc)) 2444 tap->wr_tsft--; 2445 tap->wr_tsft = (uint64_t)htole32(tap->wr_tsft) << 32; 2446 tap->wr_tsft += stat->tsf_low; 2447 2448 tap->wr_rate = rxs.c_rate; 2449 tap->wr_dbm_antsignal = rssi; 2450 }; 2451 2452 (void) ieee80211_add_rx_params(m, &rxs); 2453 2454 /* Drop descriptor. */ 2455 m_adj(m, sizeof(*stat) + infosz); 2456 wh = mtod(m, struct ieee80211_frame_min *); 2457 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && 2458 cipher != R92S_KEY_ALGO_NONE) { 2459 m->m_flags |= M_WEP; 2460 } 2461 2462 RSU_DPRINTF(sc, RSU_DEBUG_RX, 2463 "%s: Rx frame len %d, rate %d, infosz %d\n", 2464 __func__, m->m_len, rate, infosz); 2465 2466 if (m->m_len >= sizeof(*wh)) 2467 return (ieee80211_find_rxnode(ic, wh)); 2468 2469 return (NULL); 2470 } 2471 2472 static struct mbuf * 2473 rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len) 2474 { 2475 struct r92s_rx_stat *stat; 2476 uint32_t rxdw0; 2477 int totlen, pktlen, infosz, npkts; 2478 struct mbuf *m, *m0 = NULL, *prevm = NULL; 2479 2480 /* 2481 * don't pass packets to the ieee80211 framework if the driver isn't 2482 * RUNNING. 2483 */ 2484 if (!sc->sc_running) 2485 return (NULL); 2486 2487 /* Get the number of encapsulated frames. */ 2488 stat = (struct r92s_rx_stat *)buf; 2489 npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT); 2490 RSU_DPRINTF(sc, RSU_DEBUG_RX, 2491 "%s: Rx %d frames in one chunk\n", __func__, npkts); 2492 2493 /* Process all of them. */ 2494 while (npkts-- > 0) { 2495 if (__predict_false(len < sizeof(*stat))) 2496 break; 2497 stat = (struct r92s_rx_stat *)buf; 2498 rxdw0 = le32toh(stat->rxdw0); 2499 2500 pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN); 2501 if (__predict_false(pktlen == 0)) 2502 break; 2503 2504 infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8; 2505 2506 /* Make sure everything fits in xfer. */ 2507 totlen = sizeof(*stat) + infosz + pktlen; 2508 if (__predict_false(totlen > len)) 2509 break; 2510 2511 /* Process 802.11 frame. */ 2512 m = rsu_rx_copy_to_mbuf(sc, stat, totlen); 2513 if (m0 == NULL) 2514 m0 = m; 2515 if (prevm == NULL) 2516 prevm = m; 2517 else { 2518 prevm->m_next = m; 2519 prevm = m; 2520 } 2521 /* Next chunk is 128-byte aligned. */ 2522 totlen = (totlen + 127) & ~127; 2523 buf += totlen; 2524 len -= totlen; 2525 } 2526 2527 return (m0); 2528 } 2529 2530 static struct mbuf * 2531 rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data) 2532 { 2533 struct rsu_softc *sc = data->sc; 2534 struct ieee80211com *ic = &sc->sc_ic; 2535 struct r92s_rx_stat *stat; 2536 int len; 2537 2538 usbd_xfer_status(xfer, &len, NULL, NULL, NULL); 2539 2540 if (__predict_false(len < sizeof(*stat))) { 2541 RSU_DPRINTF(sc, RSU_DEBUG_RX, "xfer too short %d\n", len); 2542 counter_u64_add(ic->ic_ierrors, 1); 2543 return (NULL); 2544 } 2545 /* Determine if it is a firmware C2H event or an 802.11 frame. */ 2546 stat = (struct r92s_rx_stat *)data->buf; 2547 if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) { 2548 rsu_rx_multi_event(sc, data->buf, len); 2549 /* No packets to process. */ 2550 return (NULL); 2551 } else 2552 return (rsu_rx_multi_frame(sc, data->buf, len)); 2553 } 2554 2555 static void 2556 rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2557 { 2558 struct epoch_tracker et; 2559 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2560 struct ieee80211com *ic = &sc->sc_ic; 2561 struct ieee80211_node *ni; 2562 struct mbuf *m = NULL, *next; 2563 struct rsu_data *data; 2564 2565 RSU_ASSERT_LOCKED(sc); 2566 2567 switch (USB_GET_STATE(xfer)) { 2568 case USB_ST_TRANSFERRED: 2569 data = STAILQ_FIRST(&sc->sc_rx_active); 2570 if (data == NULL) 2571 goto tr_setup; 2572 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); 2573 m = rsu_rxeof(xfer, data); 2574 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); 2575 /* FALLTHROUGH */ 2576 case USB_ST_SETUP: 2577 tr_setup: 2578 data = STAILQ_FIRST(&sc->sc_rx_inactive); 2579 if (data == NULL) { 2580 KASSERT(m == NULL, ("mbuf isn't NULL")); 2581 return; 2582 } 2583 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next); 2584 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next); 2585 usbd_xfer_set_frame_data(xfer, 0, data->buf, 2586 usbd_xfer_max_len(xfer)); 2587 usbd_transfer_submit(xfer); 2588 /* 2589 * To avoid LOR we should unlock our private mutex here to call 2590 * ieee80211_input() because here is at the end of a USB 2591 * callback and safe to unlock. 2592 */ 2593 NET_EPOCH_ENTER(et); 2594 while (m != NULL) { 2595 next = m->m_next; 2596 m->m_next = NULL; 2597 2598 ni = rsu_rx_frame(sc, m); 2599 RSU_UNLOCK(sc); 2600 2601 if (ni != NULL) { 2602 if (ni->ni_flags & IEEE80211_NODE_HT) 2603 m->m_flags |= M_AMPDU; 2604 (void)ieee80211_input_mimo(ni, m); 2605 ieee80211_free_node(ni); 2606 } else 2607 (void)ieee80211_input_mimo_all(ic, m); 2608 2609 RSU_LOCK(sc); 2610 m = next; 2611 } 2612 NET_EPOCH_EXIT(et); 2613 break; 2614 default: 2615 /* needs it to the inactive queue due to a error. */ 2616 data = STAILQ_FIRST(&sc->sc_rx_active); 2617 if (data != NULL) { 2618 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); 2619 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); 2620 } 2621 if (error != USB_ERR_CANCELLED) { 2622 usbd_xfer_set_stall(xfer); 2623 counter_u64_add(ic->ic_ierrors, 1); 2624 goto tr_setup; 2625 } 2626 break; 2627 } 2628 2629 } 2630 2631 static void 2632 rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data) 2633 { 2634 #ifdef USB_DEBUG 2635 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2636 #endif 2637 2638 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: called; data=%p\n", 2639 __func__, 2640 data); 2641 2642 if (data->m) { 2643 /* XXX status? */ 2644 ieee80211_tx_complete(data->ni, data->m, 0); 2645 data->m = NULL; 2646 data->ni = NULL; 2647 } 2648 } 2649 2650 static void 2651 rsu_bulk_tx_callback_sub(struct usb_xfer *xfer, usb_error_t error, 2652 uint8_t which) 2653 { 2654 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2655 struct ieee80211com *ic = &sc->sc_ic; 2656 struct rsu_data *data; 2657 2658 RSU_ASSERT_LOCKED(sc); 2659 2660 switch (USB_GET_STATE(xfer)) { 2661 case USB_ST_TRANSFERRED: 2662 data = STAILQ_FIRST(&sc->sc_tx_active[which]); 2663 if (data == NULL) 2664 goto tr_setup; 2665 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: transfer done %p\n", 2666 __func__, data); 2667 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next); 2668 rsu_txeof(xfer, data); 2669 rsu_freebuf(sc, data); 2670 /* FALLTHROUGH */ 2671 case USB_ST_SETUP: 2672 tr_setup: 2673 data = STAILQ_FIRST(&sc->sc_tx_pending[which]); 2674 if (data == NULL) { 2675 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, 2676 "%s: empty pending queue sc %p\n", __func__, sc); 2677 return; 2678 } 2679 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next); 2680 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next); 2681 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen); 2682 RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, 2683 "%s: submitting transfer %p\n", 2684 __func__, 2685 data); 2686 usbd_transfer_submit(xfer); 2687 break; 2688 default: 2689 data = STAILQ_FIRST(&sc->sc_tx_active[which]); 2690 if (data != NULL) { 2691 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next); 2692 rsu_txeof(xfer, data); 2693 rsu_freebuf(sc, data); 2694 } 2695 counter_u64_add(ic->ic_oerrors, 1); 2696 2697 if (error != USB_ERR_CANCELLED) { 2698 usbd_xfer_set_stall(xfer); 2699 goto tr_setup; 2700 } 2701 break; 2702 } 2703 2704 /* 2705 * XXX TODO: if the queue is low, flush out FF TX frames. 2706 * Remember to unlock the driver for now; net80211 doesn't 2707 * defer it for us. 2708 */ 2709 } 2710 2711 static void 2712 rsu_bulk_tx_callback_be_bk(struct usb_xfer *xfer, usb_error_t error) 2713 { 2714 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2715 2716 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_BE_BK); 2717 2718 /* This kicks the TX taskqueue */ 2719 rsu_start(sc); 2720 } 2721 2722 static void 2723 rsu_bulk_tx_callback_vi_vo(struct usb_xfer *xfer, usb_error_t error) 2724 { 2725 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2726 2727 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_VI_VO); 2728 2729 /* This kicks the TX taskqueue */ 2730 rsu_start(sc); 2731 } 2732 2733 static void 2734 rsu_bulk_tx_callback_h2c(struct usb_xfer *xfer, usb_error_t error) 2735 { 2736 struct rsu_softc *sc = usbd_xfer_softc(xfer); 2737 2738 rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_H2C); 2739 2740 /* This kicks the TX taskqueue */ 2741 rsu_start(sc); 2742 } 2743 2744 /* 2745 * Transmit the given frame. 2746 * 2747 * This doesn't free the node or mbuf upon failure. 2748 */ 2749 static int 2750 rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni, 2751 struct mbuf *m0, struct rsu_data *data) 2752 { 2753 const struct ieee80211_txparam *tp = ni->ni_txparms; 2754 struct ieee80211vap *vap = ni->ni_vap; 2755 struct ieee80211_frame *wh; 2756 struct ieee80211_key *k = NULL; 2757 struct r92s_tx_desc *txd; 2758 uint8_t rate, ridx, type, cipher, qos; 2759 int prio = 0; 2760 uint8_t which; 2761 int hasqos; 2762 int ismcast; 2763 int xferlen; 2764 int qid; 2765 2766 RSU_ASSERT_LOCKED(sc); 2767 2768 wh = mtod(m0, struct ieee80211_frame *); 2769 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2770 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 2771 2772 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: data=%p, m=%p\n", 2773 __func__, data, m0); 2774 2775 /* Choose a TX rate index. */ 2776 if (type == IEEE80211_FC0_TYPE_MGT || 2777 type == IEEE80211_FC0_TYPE_CTL || 2778 (m0->m_flags & M_EAPOL) != 0) 2779 rate = tp->mgmtrate; 2780 else if (ismcast) 2781 rate = tp->mcastrate; 2782 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2783 rate = tp->ucastrate; 2784 else 2785 rate = 0; 2786 2787 if (rate != 0) 2788 ridx = rate2ridx(rate); 2789 2790 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2791 k = ieee80211_crypto_encap(ni, m0); 2792 if (k == NULL) { 2793 device_printf(sc->sc_dev, 2794 "ieee80211_crypto_encap returns NULL.\n"); 2795 /* XXX we don't expect the fragmented frames */ 2796 return (ENOBUFS); 2797 } 2798 wh = mtod(m0, struct ieee80211_frame *); 2799 } 2800 /* If we have QoS then use it */ 2801 /* XXX TODO: mbuf WME/PRI versus TID? */ 2802 if (IEEE80211_QOS_HAS_SEQ(wh)) { 2803 /* Has QoS */ 2804 prio = M_WME_GETAC(m0); 2805 which = rsu_wme_ac_xfer_map[prio]; 2806 hasqos = 1; 2807 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 2808 } else { 2809 /* Non-QoS TID */ 2810 /* XXX TODO: tid=0 for non-qos TID? */ 2811 which = rsu_wme_ac_xfer_map[WME_AC_BE]; 2812 hasqos = 0; 2813 prio = 0; 2814 qos = 0; 2815 } 2816 2817 qid = rsu_ac2qid[prio]; 2818 #if 0 2819 switch (type) { 2820 case IEEE80211_FC0_TYPE_CTL: 2821 case IEEE80211_FC0_TYPE_MGT: 2822 which = rsu_wme_ac_xfer_map[WME_AC_VO]; 2823 break; 2824 default: 2825 which = rsu_wme_ac_xfer_map[M_WME_GETAC(m0)]; 2826 break; 2827 } 2828 hasqos = 0; 2829 #endif 2830 2831 RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: pri=%d, which=%d, hasqos=%d\n", 2832 __func__, 2833 prio, 2834 which, 2835 hasqos); 2836 2837 /* Fill Tx descriptor. */ 2838 txd = (struct r92s_tx_desc *)data->buf; 2839 memset(txd, 0, sizeof(*txd)); 2840 2841 txd->txdw0 |= htole32( 2842 SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) | 2843 SM(R92S_TXDW0_OFFSET, sizeof(*txd)) | 2844 R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG); 2845 2846 txd->txdw1 |= htole32( 2847 SM(R92S_TXDW1_MACID, R92S_MACID_BSS) | SM(R92S_TXDW1_QSEL, qid)); 2848 if (!hasqos) 2849 txd->txdw1 |= htole32(R92S_TXDW1_NONQOS); 2850 if (k != NULL && !(k->wk_flags & IEEE80211_KEY_SWENCRYPT)) { 2851 switch (k->wk_cipher->ic_cipher) { 2852 case IEEE80211_CIPHER_WEP: 2853 cipher = R92S_TXDW1_CIPHER_WEP; 2854 break; 2855 case IEEE80211_CIPHER_TKIP: 2856 cipher = R92S_TXDW1_CIPHER_TKIP; 2857 break; 2858 case IEEE80211_CIPHER_AES_CCM: 2859 cipher = R92S_TXDW1_CIPHER_AES; 2860 break; 2861 default: 2862 cipher = R92S_TXDW1_CIPHER_NONE; 2863 } 2864 txd->txdw1 |= htole32( 2865 SM(R92S_TXDW1_CIPHER, cipher) | 2866 SM(R92S_TXDW1_KEYIDX, k->wk_keyix)); 2867 } 2868 /* XXX todo: set AGGEN bit if appropriate? */ 2869 txd->txdw2 |= htole32(R92S_TXDW2_BK); 2870 if (ismcast) 2871 txd->txdw2 |= htole32(R92S_TXDW2_BMCAST); 2872 2873 if (!ismcast && (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 2874 IEEE80211_QOS_ACKPOLICY_NOACK)) { 2875 txd->txdw2 |= htole32(R92S_TXDW2_RTY_LMT_ENA); 2876 txd->txdw2 |= htole32(SM(R92S_TXDW2_RTY_LMT, tp->maxretry)); 2877 } 2878 2879 /* Force mgmt / mcast / ucast rate if needed. */ 2880 if (rate != 0) { 2881 /* Data rate fallback limit (max). */ 2882 txd->txdw5 |= htole32(SM(R92S_TXDW5_DATARATE_FB_LMT, 0x1f)); 2883 txd->txdw5 |= htole32(SM(R92S_TXDW5_DATARATE, ridx)); 2884 txd->txdw4 |= htole32(R92S_TXDW4_DRVRATE); 2885 } 2886 2887 /* 2888 * Firmware will use and increment the sequence number for the 2889 * specified priority. 2890 */ 2891 txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, prio)); 2892 2893 if (ieee80211_radiotap_active_vap(vap)) { 2894 struct rsu_tx_radiotap_header *tap = &sc->sc_txtap; 2895 2896 tap->wt_flags = 0; 2897 ieee80211_radiotap_tx(vap, m0); 2898 } 2899 2900 xferlen = sizeof(*txd) + m0->m_pkthdr.len; 2901 KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__)); 2902 m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]); 2903 2904 data->buflen = xferlen; 2905 data->ni = ni; 2906 data->m = m0; 2907 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 2908 2909 /* start transfer, if any */ 2910 usbd_transfer_start(sc->sc_xfer[which]); 2911 return (0); 2912 } 2913 2914 static int 2915 rsu_transmit(struct ieee80211com *ic, struct mbuf *m) 2916 { 2917 struct rsu_softc *sc = ic->ic_softc; 2918 int error; 2919 2920 RSU_LOCK(sc); 2921 if (!sc->sc_running) { 2922 RSU_UNLOCK(sc); 2923 return (ENXIO); 2924 } 2925 2926 /* 2927 * XXX TODO: ensure that we treat 'm' as a list of frames 2928 * to transmit! 2929 */ 2930 error = mbufq_enqueue(&sc->sc_snd, m); 2931 if (error) { 2932 RSU_DPRINTF(sc, RSU_DEBUG_TX, 2933 "%s: mbufq_enable: failed (%d)\n", 2934 __func__, 2935 error); 2936 RSU_UNLOCK(sc); 2937 return (error); 2938 } 2939 RSU_UNLOCK(sc); 2940 2941 /* This kicks the TX taskqueue */ 2942 rsu_start(sc); 2943 2944 return (0); 2945 } 2946 2947 static void 2948 rsu_drain_mbufq(struct rsu_softc *sc) 2949 { 2950 struct mbuf *m; 2951 struct ieee80211_node *ni; 2952 2953 RSU_ASSERT_LOCKED(sc); 2954 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 2955 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2956 m->m_pkthdr.rcvif = NULL; 2957 ieee80211_free_node(ni); 2958 m_freem(m); 2959 } 2960 } 2961 2962 static void 2963 _rsu_start(struct rsu_softc *sc) 2964 { 2965 struct ieee80211_node *ni; 2966 struct rsu_data *bf; 2967 struct mbuf *m; 2968 2969 RSU_ASSERT_LOCKED(sc); 2970 2971 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 2972 bf = rsu_getbuf(sc); 2973 if (bf == NULL) { 2974 RSU_DPRINTF(sc, RSU_DEBUG_TX, 2975 "%s: failed to get buffer\n", __func__); 2976 mbufq_prepend(&sc->sc_snd, m); 2977 break; 2978 } 2979 2980 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 2981 m->m_pkthdr.rcvif = NULL; 2982 2983 if (rsu_tx_start(sc, ni, m, bf) != 0) { 2984 RSU_DPRINTF(sc, RSU_DEBUG_TX, 2985 "%s: failed to transmit\n", __func__); 2986 if_inc_counter(ni->ni_vap->iv_ifp, 2987 IFCOUNTER_OERRORS, 1); 2988 rsu_freebuf(sc, bf); 2989 ieee80211_free_node(ni); 2990 m_freem(m); 2991 break; 2992 } 2993 } 2994 } 2995 2996 static void 2997 rsu_start(struct rsu_softc *sc) 2998 { 2999 3000 taskqueue_enqueue(taskqueue_thread, &sc->tx_task); 3001 } 3002 3003 static int 3004 rsu_ioctl_net(struct ieee80211com *ic, u_long cmd, void *data) 3005 { 3006 struct rsu_softc *sc = ic->ic_softc; 3007 struct ifreq *ifr = (struct ifreq *)data; 3008 int error; 3009 3010 error = 0; 3011 switch (cmd) { 3012 case SIOCSIFCAP: 3013 { 3014 struct ieee80211vap *vap; 3015 int rxmask; 3016 3017 rxmask = ifr->ifr_reqcap & (IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6); 3018 3019 RSU_LOCK(sc); 3020 /* Both RXCSUM bits must be set (or unset). */ 3021 if (sc->sc_rx_checksum_enable && 3022 rxmask != (IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6)) { 3023 rxmask = 0; 3024 sc->sc_rx_checksum_enable = 0; 3025 rsu_rxfilter_set(sc, R92S_RCR_TCP_OFFLD_EN, 0); 3026 } else if (!sc->sc_rx_checksum_enable && rxmask != 0) { 3027 rxmask = IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6; 3028 sc->sc_rx_checksum_enable = 1; 3029 rsu_rxfilter_set(sc, 0, R92S_RCR_TCP_OFFLD_EN); 3030 } else { 3031 /* Nothing to do. */ 3032 RSU_UNLOCK(sc); 3033 break; 3034 } 3035 RSU_UNLOCK(sc); 3036 3037 IEEE80211_LOCK(ic); /* XXX */ 3038 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 3039 struct ifnet *ifp = vap->iv_ifp; 3040 3041 ifp->if_capenable &= 3042 ~(IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6); 3043 ifp->if_capenable |= rxmask; 3044 } 3045 IEEE80211_UNLOCK(ic); 3046 break; 3047 } 3048 default: 3049 error = ENOTTY; /* for net80211 */ 3050 break; 3051 } 3052 3053 return (error); 3054 } 3055 3056 static void 3057 rsu_parent(struct ieee80211com *ic) 3058 { 3059 struct rsu_softc *sc = ic->ic_softc; 3060 3061 if (ic->ic_nrunning > 0) { 3062 if (rsu_init(sc) == 0) 3063 ieee80211_start_all(ic); 3064 else { 3065 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3066 if (vap != NULL) 3067 ieee80211_stop(vap); 3068 } 3069 } else 3070 rsu_stop(sc); 3071 } 3072 3073 /* 3074 * Power on sequence for A-cut adapters. 3075 */ 3076 static void 3077 rsu_power_on_acut(struct rsu_softc *sc) 3078 { 3079 uint32_t reg; 3080 3081 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53); 3082 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57); 3083 3084 /* Enable AFE macro block's bandgap and Mbias. */ 3085 rsu_write_1(sc, R92S_AFE_MISC, 3086 rsu_read_1(sc, R92S_AFE_MISC) | 3087 R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN); 3088 /* Enable LDOA15 block. */ 3089 rsu_write_1(sc, R92S_LDOA15_CTRL, 3090 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN); 3091 3092 rsu_write_1(sc, R92S_SPS1_CTRL, 3093 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN); 3094 rsu_ms_delay(sc, 2000); 3095 /* Enable switch regulator block. */ 3096 rsu_write_1(sc, R92S_SPS1_CTRL, 3097 rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN); 3098 3099 rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267); 3100 3101 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 3102 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08); 3103 3104 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 3105 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20); 3106 3107 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 3108 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90); 3109 3110 /* Enable AFE clock. */ 3111 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1, 3112 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04); 3113 /* Enable AFE PLL macro block. */ 3114 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 3115 rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11); 3116 /* Attach AFE PLL to MACTOP/BB. */ 3117 rsu_write_1(sc, R92S_SYS_ISO_CTRL, 3118 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11); 3119 3120 /* Switch to 40MHz clock instead of 80MHz. */ 3121 rsu_write_2(sc, R92S_SYS_CLKR, 3122 rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL); 3123 3124 /* Enable MAC clock. */ 3125 rsu_write_2(sc, R92S_SYS_CLKR, 3126 rsu_read_2(sc, R92S_SYS_CLKR) | 3127 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN); 3128 3129 rsu_write_1(sc, R92S_PMC_FSM, 0x02); 3130 3131 /* Enable digital core and IOREG R/W. */ 3132 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 3133 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08); 3134 3135 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 3136 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80); 3137 3138 /* Switch the control path to firmware. */ 3139 reg = rsu_read_2(sc, R92S_SYS_CLKR); 3140 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL; 3141 rsu_write_2(sc, R92S_SYS_CLKR, reg); 3142 3143 rsu_write_2(sc, R92S_CR, 0x37fc); 3144 3145 /* Fix USB RX FIFO issue. */ 3146 rsu_write_1(sc, 0xfe5c, 3147 rsu_read_1(sc, 0xfe5c) | 0x80); 3148 rsu_write_1(sc, 0x00ab, 3149 rsu_read_1(sc, 0x00ab) | 0xc0); 3150 3151 rsu_write_1(sc, R92S_SYS_CLKR, 3152 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL); 3153 } 3154 3155 /* 3156 * Power on sequence for B-cut and C-cut adapters. 3157 */ 3158 static void 3159 rsu_power_on_bcut(struct rsu_softc *sc) 3160 { 3161 uint32_t reg; 3162 int ntries; 3163 3164 /* Prevent eFuse leakage. */ 3165 rsu_write_1(sc, 0x37, 0xb0); 3166 rsu_ms_delay(sc, 10); 3167 rsu_write_1(sc, 0x37, 0x30); 3168 3169 /* Switch the control path to hardware. */ 3170 reg = rsu_read_2(sc, R92S_SYS_CLKR); 3171 if (reg & R92S_FWHW_SEL) { 3172 rsu_write_2(sc, R92S_SYS_CLKR, 3173 reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL)); 3174 } 3175 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 3176 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c); 3177 rsu_ms_delay(sc, 1); 3178 3179 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53); 3180 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57); 3181 3182 reg = rsu_read_1(sc, R92S_AFE_MISC); 3183 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN); 3184 rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN | 3185 R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN); 3186 3187 /* Enable PLL. */ 3188 rsu_write_1(sc, R92S_LDOA15_CTRL, 3189 rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN); 3190 3191 rsu_write_1(sc, R92S_LDOV12D_CTRL, 3192 rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN); 3193 3194 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 3195 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08); 3196 3197 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 3198 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20); 3199 3200 /* Support 64KB IMEM. */ 3201 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 3202 rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97); 3203 3204 /* Enable AFE clock. */ 3205 rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1, 3206 rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04); 3207 /* Enable AFE PLL macro block. */ 3208 reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL); 3209 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11); 3210 rsu_ms_delay(sc, 1); 3211 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51); 3212 rsu_ms_delay(sc, 1); 3213 rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11); 3214 rsu_ms_delay(sc, 1); 3215 3216 /* Attach AFE PLL to MACTOP/BB. */ 3217 rsu_write_1(sc, R92S_SYS_ISO_CTRL, 3218 rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11); 3219 3220 /* Switch to 40MHz clock. */ 3221 rsu_write_1(sc, R92S_SYS_CLKR, 0x00); 3222 /* Disable CPU clock and 80MHz SSC. */ 3223 rsu_write_1(sc, R92S_SYS_CLKR, 3224 rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0); 3225 /* Enable MAC clock. */ 3226 rsu_write_2(sc, R92S_SYS_CLKR, 3227 rsu_read_2(sc, R92S_SYS_CLKR) | 3228 R92S_MAC_CLK_EN | R92S_SYS_CLK_EN); 3229 3230 rsu_write_1(sc, R92S_PMC_FSM, 0x02); 3231 3232 /* Enable digital core and IOREG R/W. */ 3233 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 3234 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08); 3235 3236 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 3237 rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80); 3238 3239 /* Switch the control path to firmware. */ 3240 reg = rsu_read_2(sc, R92S_SYS_CLKR); 3241 reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL; 3242 rsu_write_2(sc, R92S_SYS_CLKR, reg); 3243 3244 rsu_write_2(sc, R92S_CR, 0x37fc); 3245 3246 /* Fix USB RX FIFO issue. */ 3247 rsu_write_1(sc, 0xfe5c, 3248 rsu_read_1(sc, 0xfe5c) | 0x80); 3249 3250 rsu_write_1(sc, R92S_SYS_CLKR, 3251 rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL); 3252 3253 rsu_write_1(sc, 0xfe1c, 0x80); 3254 3255 /* Make sure TxDMA is ready to download firmware. */ 3256 for (ntries = 0; ntries < 20; ntries++) { 3257 reg = rsu_read_1(sc, R92S_TCR); 3258 if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) == 3259 (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) 3260 break; 3261 rsu_ms_delay(sc, 1); 3262 } 3263 if (ntries == 20) { 3264 RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_TX, 3265 "%s: TxDMA is not ready\n", 3266 __func__); 3267 /* Reset TxDMA. */ 3268 reg = rsu_read_1(sc, R92S_CR); 3269 rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN); 3270 rsu_ms_delay(sc, 1); 3271 rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN); 3272 } 3273 } 3274 3275 static void 3276 rsu_power_off(struct rsu_softc *sc) 3277 { 3278 /* Turn RF off. */ 3279 rsu_write_1(sc, R92S_RF_CTRL, 0x00); 3280 rsu_ms_delay(sc, 5); 3281 3282 /* Turn MAC off. */ 3283 /* Switch control path. */ 3284 rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38); 3285 /* Reset MACTOP. */ 3286 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70); 3287 rsu_write_1(sc, R92S_PMC_FSM, 0x06); 3288 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9); 3289 rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8); 3290 3291 /* Disable AFE PLL. */ 3292 rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00); 3293 /* Disable A15V. */ 3294 rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54); 3295 /* Disable eFuse 1.2V. */ 3296 rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50); 3297 rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24); 3298 /* Enable AFE macro block's bandgap and Mbias. */ 3299 rsu_write_1(sc, R92S_AFE_MISC, 0x30); 3300 /* Disable 1.6V LDO. */ 3301 rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56); 3302 rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43); 3303 3304 /* Firmware - tell it to switch things off */ 3305 (void) rsu_set_fw_power_state(sc, RSU_PWR_OFF); 3306 } 3307 3308 static int 3309 rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len) 3310 { 3311 const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO]; 3312 struct rsu_data *data; 3313 struct r92s_tx_desc *txd; 3314 int mlen; 3315 3316 while (len > 0) { 3317 data = rsu_getbuf(sc); 3318 if (data == NULL) 3319 return (ENOMEM); 3320 txd = (struct r92s_tx_desc *)data->buf; 3321 memset(txd, 0, sizeof(*txd)); 3322 if (len <= RSU_TXBUFSZ - sizeof(*txd)) { 3323 /* Last chunk. */ 3324 txd->txdw0 |= htole32(R92S_TXDW0_LINIP); 3325 mlen = len; 3326 } else 3327 mlen = RSU_TXBUFSZ - sizeof(*txd); 3328 txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen)); 3329 memcpy(&txd[1], buf, mlen); 3330 data->buflen = sizeof(*txd) + mlen; 3331 RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FW | RSU_DEBUG_RESET, 3332 "%s: starting transfer %p\n", 3333 __func__, data); 3334 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); 3335 buf += mlen; 3336 len -= mlen; 3337 } 3338 usbd_transfer_start(sc->sc_xfer[which]); 3339 return (0); 3340 } 3341 3342 CTASSERT(sizeof(size_t) >= sizeof(uint32_t)); 3343 3344 static int 3345 rsu_load_firmware(struct rsu_softc *sc) 3346 { 3347 const struct r92s_fw_hdr *hdr; 3348 struct r92s_fw_priv dmem; 3349 struct ieee80211com *ic = &sc->sc_ic; 3350 const uint8_t *imem, *emem; 3351 uint32_t imemsz, ememsz; 3352 const struct firmware *fw; 3353 size_t size; 3354 uint32_t reg; 3355 int ntries, error; 3356 3357 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY) { 3358 RSU_DPRINTF(sc, RSU_DEBUG_ANY, 3359 "%s: Firmware already loaded\n", 3360 __func__); 3361 return (0); 3362 } 3363 3364 RSU_UNLOCK(sc); 3365 /* Read firmware image from the filesystem. */ 3366 if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) { 3367 device_printf(sc->sc_dev, 3368 "%s: failed load firmware of file rsu-rtl8712fw\n", 3369 __func__); 3370 RSU_LOCK(sc); 3371 return (ENXIO); 3372 } 3373 RSU_LOCK(sc); 3374 size = fw->datasize; 3375 if (size < sizeof(*hdr)) { 3376 device_printf(sc->sc_dev, "firmware too short\n"); 3377 error = EINVAL; 3378 goto fail; 3379 } 3380 hdr = (const struct r92s_fw_hdr *)fw->data; 3381 if (hdr->signature != htole16(0x8712) && 3382 hdr->signature != htole16(0x8192)) { 3383 device_printf(sc->sc_dev, 3384 "invalid firmware signature 0x%x\n", 3385 le16toh(hdr->signature)); 3386 error = EINVAL; 3387 goto fail; 3388 } 3389 RSU_DPRINTF(sc, RSU_DEBUG_FW, "FW V%d %02x-%02x %02x:%02x\n", 3390 le16toh(hdr->version), hdr->month, hdr->day, hdr->hour, 3391 hdr->minute); 3392 3393 /* Make sure that driver and firmware are in sync. */ 3394 if (hdr->privsz != htole32(sizeof(dmem))) { 3395 device_printf(sc->sc_dev, "unsupported firmware image\n"); 3396 error = EINVAL; 3397 goto fail; 3398 } 3399 /* Get FW sections sizes. */ 3400 imemsz = le32toh(hdr->imemsz); 3401 ememsz = le32toh(hdr->sramsz); 3402 /* Check that all FW sections fit in image. */ 3403 if (imemsz > (size_t)(size - sizeof(*hdr)) || 3404 ememsz > (size_t)(size - sizeof(*hdr) - imemsz)) { 3405 device_printf(sc->sc_dev, "firmware too short\n"); 3406 error = EINVAL; 3407 goto fail; 3408 } 3409 imem = (const uint8_t *)&hdr[1]; 3410 emem = imem + imemsz; 3411 3412 /* Load IMEM section. */ 3413 error = rsu_fw_loadsection(sc, imem, imemsz); 3414 if (error != 0) { 3415 device_printf(sc->sc_dev, 3416 "could not load firmware section %s\n", "IMEM"); 3417 goto fail; 3418 } 3419 /* Wait for load to complete. */ 3420 for (ntries = 0; ntries != 50; ntries++) { 3421 rsu_ms_delay(sc, 10); 3422 reg = rsu_read_1(sc, R92S_TCR); 3423 if (reg & R92S_TCR_IMEM_CODE_DONE) 3424 break; 3425 } 3426 if (ntries == 50) { 3427 device_printf(sc->sc_dev, "timeout waiting for IMEM transfer\n"); 3428 error = ETIMEDOUT; 3429 goto fail; 3430 } 3431 /* Load EMEM section. */ 3432 error = rsu_fw_loadsection(sc, emem, ememsz); 3433 if (error != 0) { 3434 device_printf(sc->sc_dev, 3435 "could not load firmware section %s\n", "EMEM"); 3436 goto fail; 3437 } 3438 /* Wait for load to complete. */ 3439 for (ntries = 0; ntries != 50; ntries++) { 3440 rsu_ms_delay(sc, 10); 3441 reg = rsu_read_2(sc, R92S_TCR); 3442 if (reg & R92S_TCR_EMEM_CODE_DONE) 3443 break; 3444 } 3445 if (ntries == 50) { 3446 device_printf(sc->sc_dev, "timeout waiting for EMEM transfer\n"); 3447 error = ETIMEDOUT; 3448 goto fail; 3449 } 3450 /* Enable CPU. */ 3451 rsu_write_1(sc, R92S_SYS_CLKR, 3452 rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL); 3453 if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) { 3454 device_printf(sc->sc_dev, "could not enable system clock\n"); 3455 error = EIO; 3456 goto fail; 3457 } 3458 rsu_write_2(sc, R92S_SYS_FUNC_EN, 3459 rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN); 3460 if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) { 3461 device_printf(sc->sc_dev, 3462 "could not enable microcontroller\n"); 3463 error = EIO; 3464 goto fail; 3465 } 3466 /* Wait for CPU to initialize. */ 3467 for (ntries = 0; ntries < 100; ntries++) { 3468 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_IMEM_RDY) 3469 break; 3470 rsu_ms_delay(sc, 1); 3471 } 3472 if (ntries == 100) { 3473 device_printf(sc->sc_dev, 3474 "timeout waiting for microcontroller\n"); 3475 error = ETIMEDOUT; 3476 goto fail; 3477 } 3478 3479 /* Update DMEM section before loading. */ 3480 memset(&dmem, 0, sizeof(dmem)); 3481 dmem.hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172; 3482 dmem.nendpoints = sc->sc_nendpoints; 3483 dmem.chip_version = sc->cut; 3484 dmem.rf_config = sc->sc_rftype; 3485 dmem.vcs_type = R92S_VCS_TYPE_AUTO; 3486 dmem.vcs_mode = R92S_VCS_MODE_RTS_CTS; 3487 dmem.turbo_mode = 0; 3488 dmem.bw40_en = !! (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40); 3489 dmem.amsdu2ampdu_en = !! (sc->sc_ht); 3490 dmem.ampdu_en = !! (sc->sc_ht); 3491 dmem.agg_offload = !! (sc->sc_ht); 3492 dmem.qos_en = 1; 3493 dmem.ps_offload = 1; 3494 dmem.lowpower_mode = 1; /* XXX TODO: configurable? */ 3495 /* Load DMEM section. */ 3496 error = rsu_fw_loadsection(sc, (uint8_t *)&dmem, sizeof(dmem)); 3497 if (error != 0) { 3498 device_printf(sc->sc_dev, 3499 "could not load firmware section %s\n", "DMEM"); 3500 goto fail; 3501 } 3502 /* Wait for load to complete. */ 3503 for (ntries = 0; ntries < 100; ntries++) { 3504 if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE) 3505 break; 3506 rsu_ms_delay(sc, 1); 3507 } 3508 if (ntries == 100) { 3509 device_printf(sc->sc_dev, "timeout waiting for %s transfer\n", 3510 "DMEM"); 3511 error = ETIMEDOUT; 3512 goto fail; 3513 } 3514 /* Wait for firmware readiness. */ 3515 for (ntries = 0; ntries < 60; ntries++) { 3516 if (!(rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY)) 3517 break; 3518 rsu_ms_delay(sc, 1); 3519 } 3520 if (ntries == 60) { 3521 device_printf(sc->sc_dev, 3522 "timeout waiting for firmware readiness\n"); 3523 error = ETIMEDOUT; 3524 goto fail; 3525 } 3526 fail: 3527 firmware_put(fw, FIRMWARE_UNLOAD); 3528 return (error); 3529 } 3530 3531 static int 3532 rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3533 const struct ieee80211_bpf_params *params) 3534 { 3535 struct ieee80211com *ic = ni->ni_ic; 3536 struct rsu_softc *sc = ic->ic_softc; 3537 struct rsu_data *bf; 3538 3539 /* prevent management frames from being sent if we're not ready */ 3540 if (!sc->sc_running) { 3541 m_freem(m); 3542 return (ENETDOWN); 3543 } 3544 RSU_LOCK(sc); 3545 bf = rsu_getbuf(sc); 3546 if (bf == NULL) { 3547 m_freem(m); 3548 RSU_UNLOCK(sc); 3549 return (ENOBUFS); 3550 } 3551 if (rsu_tx_start(sc, ni, m, bf) != 0) { 3552 m_freem(m); 3553 rsu_freebuf(sc, bf); 3554 RSU_UNLOCK(sc); 3555 return (EIO); 3556 } 3557 RSU_UNLOCK(sc); 3558 3559 return (0); 3560 } 3561 3562 static void 3563 rsu_rxfilter_init(struct rsu_softc *sc) 3564 { 3565 uint32_t reg; 3566 3567 RSU_ASSERT_LOCKED(sc); 3568 3569 /* Setup multicast filter. */ 3570 rsu_set_multi(sc); 3571 3572 /* Adjust Rx filter. */ 3573 reg = rsu_read_4(sc, R92S_RCR); 3574 reg &= ~R92S_RCR_AICV; 3575 reg |= R92S_RCR_APP_PHYSTS; 3576 if (sc->sc_rx_checksum_enable) 3577 reg |= R92S_RCR_TCP_OFFLD_EN; 3578 rsu_write_4(sc, R92S_RCR, reg); 3579 3580 /* Update dynamic Rx filter parts. */ 3581 rsu_rxfilter_refresh(sc); 3582 } 3583 3584 static void 3585 rsu_rxfilter_set(struct rsu_softc *sc, uint32_t clear, uint32_t set) 3586 { 3587 /* NB: firmware can touch this register too. */ 3588 rsu_write_4(sc, R92S_RCR, 3589 (rsu_read_4(sc, R92S_RCR) & ~clear) | set); 3590 } 3591 3592 static void 3593 rsu_rxfilter_refresh(struct rsu_softc *sc) 3594 { 3595 struct ieee80211com *ic = &sc->sc_ic; 3596 uint32_t mask_all, mask_min; 3597 3598 RSU_ASSERT_LOCKED(sc); 3599 3600 /* NB: RCR_AMF / RXFLTMAP_MGT are used by firmware. */ 3601 mask_all = R92S_RCR_ACF | R92S_RCR_AAP; 3602 mask_min = R92S_RCR_APM; 3603 if (sc->sc_vap_is_running) 3604 mask_min |= R92S_RCR_CBSSID; 3605 else 3606 mask_all |= R92S_RCR_ADF; 3607 3608 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 3609 uint16_t rxfltmap; 3610 if (sc->sc_vap_is_running) 3611 rxfltmap = 0; 3612 else 3613 rxfltmap = R92S_RXFLTMAP_MGT_DEF; 3614 rsu_write_2(sc, R92S_RXFLTMAP_MGT, rxfltmap); 3615 } 3616 3617 if (ic->ic_promisc == 0 && ic->ic_opmode != IEEE80211_M_MONITOR) 3618 rsu_rxfilter_set(sc, mask_all, mask_min); 3619 else 3620 rsu_rxfilter_set(sc, mask_min, mask_all); 3621 } 3622 3623 static int 3624 rsu_init(struct rsu_softc *sc) 3625 { 3626 struct ieee80211com *ic = &sc->sc_ic; 3627 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3628 uint8_t macaddr[IEEE80211_ADDR_LEN]; 3629 int error; 3630 int i; 3631 3632 RSU_LOCK(sc); 3633 3634 if (sc->sc_running) { 3635 RSU_UNLOCK(sc); 3636 return (0); 3637 } 3638 3639 /* Ensure the mbuf queue is drained */ 3640 rsu_drain_mbufq(sc); 3641 3642 /* Reset power management state. */ 3643 rsu_write_1(sc, R92S_USB_HRPWM, 0); 3644 3645 /* Power on adapter. */ 3646 if (sc->cut == 1) 3647 rsu_power_on_acut(sc); 3648 else 3649 rsu_power_on_bcut(sc); 3650 3651 /* Load firmware. */ 3652 error = rsu_load_firmware(sc); 3653 if (error != 0) 3654 goto fail; 3655 3656 rsu_write_4(sc, R92S_CR, 3657 rsu_read_4(sc, R92S_CR) & ~0xff000000); 3658 3659 /* Use 128 bytes pages. */ 3660 rsu_write_1(sc, 0x00b5, 3661 rsu_read_1(sc, 0x00b5) | 0x01); 3662 /* Enable USB Rx aggregation. */ 3663 rsu_write_1(sc, 0x00bd, 3664 rsu_read_1(sc, 0x00bd) | 0x80); 3665 /* Set USB Rx aggregation threshold. */ 3666 rsu_write_1(sc, 0x00d9, 0x01); 3667 /* Set USB Rx aggregation timeout (1.7ms/4). */ 3668 rsu_write_1(sc, 0xfe5b, 0x04); 3669 /* Fix USB Rx FIFO issue. */ 3670 rsu_write_1(sc, 0xfe5c, 3671 rsu_read_1(sc, 0xfe5c) | 0x80); 3672 3673 /* Set MAC address. */ 3674 IEEE80211_ADDR_COPY(macaddr, vap ? vap->iv_myaddr : ic->ic_macaddr); 3675 rsu_write_region_1(sc, R92S_MACID, macaddr, IEEE80211_ADDR_LEN); 3676 3677 /* It really takes 1.5 seconds for the firmware to boot: */ 3678 usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(2000)); 3679 3680 RSU_DPRINTF(sc, RSU_DEBUG_RESET, "%s: setting MAC address to %s\n", 3681 __func__, 3682 ether_sprintf(macaddr)); 3683 error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, macaddr, 3684 IEEE80211_ADDR_LEN); 3685 if (error != 0) { 3686 device_printf(sc->sc_dev, "could not set MAC address\n"); 3687 goto fail; 3688 } 3689 3690 /* Initialize Rx filter. */ 3691 rsu_rxfilter_init(sc); 3692 3693 /* Set PS mode fully active */ 3694 error = rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); 3695 if (error != 0) { 3696 device_printf(sc->sc_dev, "could not set PS mode\n"); 3697 goto fail; 3698 } 3699 3700 /* Install static keys (if any). */ 3701 error = rsu_reinit_static_keys(sc); 3702 if (error != 0) 3703 goto fail; 3704 3705 sc->sc_extra_scan = 0; 3706 usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]); 3707 3708 /* We're ready to go. */ 3709 sc->sc_running = 1; 3710 RSU_UNLOCK(sc); 3711 3712 return (0); 3713 fail: 3714 /* Need to stop all failed transfers, if any */ 3715 for (i = 0; i != RSU_N_TRANSFER; i++) 3716 usbd_transfer_stop(sc->sc_xfer[i]); 3717 RSU_UNLOCK(sc); 3718 3719 return (error); 3720 } 3721 3722 static void 3723 rsu_stop(struct rsu_softc *sc) 3724 { 3725 int i; 3726 3727 RSU_LOCK(sc); 3728 if (!sc->sc_running) { 3729 RSU_UNLOCK(sc); 3730 return; 3731 } 3732 3733 sc->sc_running = 0; 3734 sc->sc_vap_is_running = 0; 3735 sc->sc_calibrating = 0; 3736 taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL); 3737 taskqueue_cancel(taskqueue_thread, &sc->tx_task, NULL); 3738 3739 /* Power off adapter. */ 3740 rsu_power_off(sc); 3741 3742 /* 3743 * CAM is not accessible after shutdown; 3744 * all entries are marked (by firmware?) as invalid. 3745 */ 3746 memset(sc->free_keys_bmap, 0, sizeof(sc->free_keys_bmap)); 3747 memset(sc->keys_bmap, 0, sizeof(sc->keys_bmap)); 3748 3749 for (i = 0; i < RSU_N_TRANSFER; i++) 3750 usbd_transfer_stop(sc->sc_xfer[i]); 3751 3752 /* Ensure the mbuf queue is drained */ 3753 rsu_drain_mbufq(sc); 3754 RSU_UNLOCK(sc); 3755 } 3756 3757 /* 3758 * Note: usb_pause_mtx() actually releases the mutex before calling pause(), 3759 * which breaks any kind of driver serialisation. 3760 */ 3761 static void 3762 rsu_ms_delay(struct rsu_softc *sc, int ms) 3763 { 3764 3765 //usb_pause_mtx(&sc->sc_mtx, hz / 1000); 3766 DELAY(ms * 1000); 3767 }
Cache object: f4beb9e7dd2933dfefa07a96093e9607
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]