diff options
Diffstat (limited to 'sys/dev/usb/wlan/if_rsu.c')
| -rw-r--r-- | sys/dev/usb/wlan/if_rsu.c | 3790 |
1 files changed, 3790 insertions, 0 deletions
diff --git a/sys/dev/usb/wlan/if_rsu.c b/sys/dev/usb/wlan/if_rsu.c new file mode 100644 index 000000000000..e976948f6849 --- /dev/null +++ b/sys/dev/usb/wlan/if_rsu.c @@ -0,0 +1,3790 @@ +/* $OpenBSD: if_rsu.c,v 1.17 2013/04/15 09:23:01 mglocker Exp $ */ + +/*- + * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +/* + * Driver for Realtek RTL8188SU/RTL8191SU/RTL8192SU. + * + * TODO: + * o tx a-mpdu + * o hostap / ibss / mesh + * o power-save operation + */ + +#include "opt_wlan.h" + +#include <sys/param.h> +#include <sys/endian.h> +#include <sys/sockio.h> +#include <sys/malloc.h> +#include <sys/mbuf.h> +#include <sys/kernel.h> +#include <sys/socket.h> +#include <sys/systm.h> +#include <sys/conf.h> +#include <sys/bus.h> +#include <sys/firmware.h> +#include <sys/module.h> + +#include <net/bpf.h> +#include <net/if.h> +#include <net/if_var.h> +#include <net/if_arp.h> +#include <net/if_dl.h> +#include <net/if_media.h> +#include <net/if_types.h> + +#include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/in_var.h> +#include <netinet/if_ether.h> +#include <netinet/ip.h> + +#include <net80211/ieee80211_var.h> +#include <net80211/ieee80211_regdomain.h> +#include <net80211/ieee80211_radiotap.h> + +#include <dev/usb/usb.h> +#include <dev/usb/usbdi.h> +#include "usbdevs.h" + +#include <dev/rtwn/if_rtwn_ridx.h> /* XXX */ +#include <dev/usb/wlan/if_rsureg.h> + +#define RSU_RATE_IS_CCK RTWN_RATE_IS_CCK + +#ifdef USB_DEBUG +static int rsu_debug = 0; +SYSCTL_NODE(_hw_usb, OID_AUTO, rsu, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, + "USB rsu"); +SYSCTL_INT(_hw_usb_rsu, OID_AUTO, debug, CTLFLAG_RWTUN, &rsu_debug, 0, + "Debug level"); +#define RSU_DPRINTF(_sc, _flg, ...) \ + do \ + if (((_flg) == (RSU_DEBUG_ANY)) || (rsu_debug & (_flg))) \ + device_printf((_sc)->sc_dev, __VA_ARGS__); \ + while (0) +#else +#define RSU_DPRINTF(_sc, _flg, ...) +#endif + +static int rsu_enable_11n = 1; +TUNABLE_INT("hw.usb.rsu.enable_11n", &rsu_enable_11n); + +#define RSU_DEBUG_ANY 0xffffffff +#define RSU_DEBUG_TX 0x00000001 +#define RSU_DEBUG_RX 0x00000002 +#define RSU_DEBUG_RESET 0x00000004 +#define RSU_DEBUG_CALIB 0x00000008 +#define RSU_DEBUG_STATE 0x00000010 +#define RSU_DEBUG_SCAN 0x00000020 +#define RSU_DEBUG_FWCMD 0x00000040 +#define RSU_DEBUG_TXDONE 0x00000080 +#define RSU_DEBUG_FW 0x00000100 +#define RSU_DEBUG_FWDBG 0x00000200 +#define RSU_DEBUG_AMPDU 0x00000400 +#define RSU_DEBUG_KEY 0x00000800 +#define RSU_DEBUG_USB 0x00001000 + +static const STRUCT_USB_HOST_ID rsu_devs[] = { +#define RSU_HT_NOT_SUPPORTED 0 +#define RSU_HT_SUPPORTED 1 +#define RSU_DEV_HT(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \ + RSU_HT_SUPPORTED) } +#define RSU_DEV(v,p) { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, \ + RSU_HT_NOT_SUPPORTED) } + RSU_DEV(ASUS, RTL8192SU), + RSU_DEV(AZUREWAVE, RTL8192SU_4), + RSU_DEV(SITECOMEU, WLA1000), + RSU_DEV_HT(ACCTON, RTL8192SU), + RSU_DEV_HT(ASUS, USBN10), + RSU_DEV_HT(AZUREWAVE, RTL8192SU_1), + RSU_DEV_HT(AZUREWAVE, RTL8192SU_2), + RSU_DEV_HT(AZUREWAVE, RTL8192SU_3), + RSU_DEV_HT(AZUREWAVE, RTL8192SU_5), + RSU_DEV_HT(BELKIN, RTL8192SU_1), + RSU_DEV_HT(BELKIN, RTL8192SU_2), + RSU_DEV_HT(BELKIN, RTL8192SU_3), + RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_1), + RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_2), + RSU_DEV_HT(CONCEPTRONIC2, RTL8192SU_3), + RSU_DEV_HT(COREGA, RTL8192SU), + RSU_DEV_HT(DLINK2, DWA131A1), + RSU_DEV_HT(DLINK2, RTL8192SU_1), + RSU_DEV_HT(DLINK2, RTL8192SU_2), + RSU_DEV_HT(EDIMAX, RTL8192SU_1), + RSU_DEV_HT(EDIMAX, RTL8192SU_2), + RSU_DEV_HT(EDIMAX, EW7622UMN), + RSU_DEV_HT(GUILLEMOT, HWGUN54), + RSU_DEV_HT(GUILLEMOT, HWNUM300), + RSU_DEV_HT(HAWKING, RTL8192SU_1), + RSU_DEV_HT(HAWKING, RTL8192SU_2), + RSU_DEV_HT(PLANEX2, GWUSNANO), + RSU_DEV_HT(REALTEK, RTL8171), + RSU_DEV_HT(REALTEK, RTL8172), + RSU_DEV_HT(REALTEK, RTL8173), + RSU_DEV_HT(REALTEK, RTL8174), + RSU_DEV_HT(REALTEK, RTL8192SU), + RSU_DEV_HT(REALTEK, RTL8712), + RSU_DEV_HT(REALTEK, RTL8713), + RSU_DEV_HT(SENAO, RTL8192SU_1), + RSU_DEV_HT(SENAO, RTL8192SU_2), + RSU_DEV_HT(SITECOMEU, WL349V1), + RSU_DEV_HT(SITECOMEU, WL353), + RSU_DEV_HT(SITECOMEU, RTL8188S), + RSU_DEV_HT(SWEEX2, LW154), + RSU_DEV_HT(TRENDNET, TEW646UBH), +#undef RSU_DEV_HT +#undef RSU_DEV +}; + +static device_probe_t rsu_match; +static device_attach_t rsu_attach; +static device_detach_t rsu_detach; +static usb_callback_t rsu_bulk_tx_callback_be_bk; +static usb_callback_t rsu_bulk_tx_callback_vi_vo; +static usb_callback_t rsu_bulk_tx_callback_h2c; +static usb_callback_t rsu_bulk_rx_callback; +static usb_error_t rsu_do_request(struct rsu_softc *, + struct usb_device_request *, void *); +static struct ieee80211vap * + rsu_vap_create(struct ieee80211com *, const char name[IFNAMSIZ], + int, enum ieee80211_opmode, int, + const uint8_t bssid[IEEE80211_ADDR_LEN], + const uint8_t mac[IEEE80211_ADDR_LEN]); +static void rsu_vap_delete(struct ieee80211vap *); +static void rsu_scan_start(struct ieee80211com *); +static void rsu_scan_end(struct ieee80211com *); +static void rsu_getradiocaps(struct ieee80211com *, int, int *, + struct ieee80211_channel[]); +static void rsu_set_channel(struct ieee80211com *); +static void rsu_scan_curchan(struct ieee80211_scan_state *, unsigned long); +static void rsu_scan_mindwell(struct ieee80211_scan_state *); +static void rsu_update_promisc(struct ieee80211com *); +static uint8_t rsu_get_multi_pos(const uint8_t[]); +static void rsu_set_multi(struct rsu_softc *); +static void rsu_update_mcast(struct ieee80211com *); +static int rsu_alloc_rx_list(struct rsu_softc *); +static void rsu_free_rx_list(struct rsu_softc *); +static int rsu_alloc_tx_list(struct rsu_softc *); +static void rsu_free_tx_list(struct rsu_softc *); +static void rsu_free_list(struct rsu_softc *, struct rsu_data [], int); +static struct rsu_data *_rsu_getbuf(struct rsu_softc *); +static struct rsu_data *rsu_getbuf(struct rsu_softc *); +static void rsu_freebuf(struct rsu_softc *, struct rsu_data *); +static int rsu_write_region_1(struct rsu_softc *, uint16_t, uint8_t *, + int); +static void rsu_write_1(struct rsu_softc *, uint16_t, uint8_t); +static void rsu_write_2(struct rsu_softc *, uint16_t, uint16_t); +static void rsu_write_4(struct rsu_softc *, uint16_t, uint32_t); +static int rsu_read_region_1(struct rsu_softc *, uint16_t, uint8_t *, + int); +static uint8_t rsu_read_1(struct rsu_softc *, uint16_t); +static uint16_t rsu_read_2(struct rsu_softc *, uint16_t); +static uint32_t rsu_read_4(struct rsu_softc *, uint16_t); +static int rsu_fw_iocmd(struct rsu_softc *, uint32_t); +static uint8_t rsu_efuse_read_1(struct rsu_softc *, uint16_t); +static int rsu_read_rom(struct rsu_softc *); +static int rsu_fw_cmd(struct rsu_softc *, uint8_t, void *, int); +static void rsu_calib_task(void *, int); +static void rsu_tx_task(void *, int); +static void rsu_set_led(struct rsu_softc *, int); +static int rsu_monitor_newstate(struct ieee80211vap *, + enum ieee80211_state, int); +static int rsu_newstate(struct ieee80211vap *, enum ieee80211_state, int); +static int rsu_key_alloc(struct ieee80211vap *, struct ieee80211_key *, + ieee80211_keyix *, ieee80211_keyix *); +static int rsu_process_key(struct ieee80211vap *, + const struct ieee80211_key *, int); +static int rsu_key_set(struct ieee80211vap *, + const struct ieee80211_key *); +static int rsu_key_delete(struct ieee80211vap *, + const struct ieee80211_key *); +static int rsu_cam_read(struct rsu_softc *, uint8_t, uint32_t *); +static void rsu_cam_write(struct rsu_softc *, uint8_t, uint32_t); +static int rsu_key_check(struct rsu_softc *, ieee80211_keyix, int); +static uint8_t rsu_crypto_mode(struct rsu_softc *, u_int, int); +static int rsu_set_key_group(struct rsu_softc *, + const struct ieee80211_key *); +static int rsu_set_key_pair(struct rsu_softc *, + const struct ieee80211_key *); +static int rsu_reinit_static_keys(struct rsu_softc *); +static int rsu_delete_key(struct rsu_softc *sc, ieee80211_keyix); +static void rsu_delete_key_pair_cb(void *, int); +static int rsu_site_survey(struct rsu_softc *, + struct ieee80211_scan_ssid *); +static int rsu_join_bss(struct rsu_softc *, struct ieee80211_node *); +static int rsu_disconnect(struct rsu_softc *); +static int rsu_hwrssi_to_rssi(struct rsu_softc *, int hw_rssi); +static void rsu_event_survey(struct rsu_softc *, uint8_t *, int); +static void rsu_event_join_bss(struct rsu_softc *, uint8_t *, int); +static void rsu_rx_event(struct rsu_softc *, uint8_t, uint8_t *, int); +static void rsu_rx_multi_event(struct rsu_softc *, uint8_t *, int); +static int8_t rsu_get_rssi(struct rsu_softc *, int, void *); +static struct mbuf * rsu_rx_copy_to_mbuf(struct rsu_softc *, + struct r92s_rx_stat *, int); +static uint32_t rsu_get_tsf_low(struct rsu_softc *); +static uint32_t rsu_get_tsf_high(struct rsu_softc *); +static struct ieee80211_node * rsu_rx_frame(struct rsu_softc *, struct mbuf *); +static struct mbuf * rsu_rx_multi_frame(struct rsu_softc *, uint8_t *, int); +static struct mbuf * + rsu_rxeof(struct usb_xfer *, struct rsu_data *); +static void rsu_txeof(struct usb_xfer *, struct rsu_data *); +static int rsu_raw_xmit(struct ieee80211_node *, struct mbuf *, + const struct ieee80211_bpf_params *); +static void rsu_rxfilter_init(struct rsu_softc *); +static void rsu_rxfilter_set(struct rsu_softc *, uint32_t, uint32_t); +static void rsu_rxfilter_refresh(struct rsu_softc *); +static int rsu_init(struct rsu_softc *); +static int rsu_tx_start(struct rsu_softc *, struct ieee80211_node *, + struct mbuf *, struct rsu_data *); +static int rsu_transmit(struct ieee80211com *, struct mbuf *); +static void rsu_start(struct rsu_softc *); +static void _rsu_start(struct rsu_softc *); +static int rsu_ioctl_net(struct ieee80211com *, u_long, void *); +static void rsu_parent(struct ieee80211com *); +static void rsu_stop(struct rsu_softc *); +static void rsu_ms_delay(struct rsu_softc *, int); + +static device_method_t rsu_methods[] = { + DEVMETHOD(device_probe, rsu_match), + DEVMETHOD(device_attach, rsu_attach), + DEVMETHOD(device_detach, rsu_detach), + + DEVMETHOD_END +}; + +static driver_t rsu_driver = { + .name = "rsu", + .methods = rsu_methods, + .size = sizeof(struct rsu_softc) +}; + +DRIVER_MODULE(rsu, uhub, rsu_driver, NULL, NULL); +MODULE_DEPEND(rsu, wlan, 1, 1, 1); +MODULE_DEPEND(rsu, usb, 1, 1, 1); +MODULE_DEPEND(rsu, firmware, 1, 1, 1); +MODULE_VERSION(rsu, 1); +USB_PNP_HOST_INFO(rsu_devs); + +static uint8_t rsu_wme_ac_xfer_map[4] = { + [WME_AC_BE] = RSU_BULK_TX_BE_BK, + [WME_AC_BK] = RSU_BULK_TX_BE_BK, + [WME_AC_VI] = RSU_BULK_TX_VI_VO, + [WME_AC_VO] = RSU_BULK_TX_VI_VO, +}; + +/* XXX hard-coded */ +#define RSU_H2C_ENDPOINT 3 + +static const struct usb_config rsu_config[RSU_N_TRANSFER] = { + [RSU_BULK_RX] = { + .type = UE_BULK, + .endpoint = UE_ADDR_ANY, + .direction = UE_DIR_IN, + .bufsize = RSU_RXBUFSZ, + .flags = { + .pipe_bof = 1, + .short_xfer_ok = 1 + }, + .callback = rsu_bulk_rx_callback + }, + [RSU_BULK_TX_BE_BK] = { + .type = UE_BULK, + .endpoint = 0x06, + .direction = UE_DIR_OUT, + .bufsize = RSU_TXBUFSZ, + .flags = { + .ext_buffer = 1, + .pipe_bof = 1, + .force_short_xfer = 1 + }, + .callback = rsu_bulk_tx_callback_be_bk, + .timeout = RSU_TX_TIMEOUT + }, + [RSU_BULK_TX_VI_VO] = { + .type = UE_BULK, + .endpoint = 0x04, + .direction = UE_DIR_OUT, + .bufsize = RSU_TXBUFSZ, + .flags = { + .ext_buffer = 1, + .pipe_bof = 1, + .force_short_xfer = 1 + }, + .callback = rsu_bulk_tx_callback_vi_vo, + .timeout = RSU_TX_TIMEOUT + }, + [RSU_BULK_TX_H2C] = { + .type = UE_BULK, + .endpoint = 0x0d, + .direction = UE_DIR_OUT, + .bufsize = RSU_TXBUFSZ, + .flags = { + .ext_buffer = 1, + .pipe_bof = 1, + .short_xfer_ok = 1 + }, + .callback = rsu_bulk_tx_callback_h2c, + .timeout = RSU_TX_TIMEOUT + }, +}; + +static int +rsu_match(device_t self) +{ + struct usb_attach_arg *uaa = device_get_ivars(self); + + if (uaa->usb_mode != USB_MODE_HOST || + uaa->info.bIfaceIndex != 0 || + uaa->info.bConfigIndex != 0) + return (ENXIO); + + return (usbd_lookup_id_by_uaa(rsu_devs, sizeof(rsu_devs), uaa)); +} + +static int +rsu_send_mgmt(struct ieee80211_node *ni, int type, int arg) +{ + + return (ENOTSUP); +} + +static void +rsu_update_chw(struct ieee80211com *ic) +{ + +} + +/* + * notification from net80211 that it'd like to do A-MPDU on the given TID. + */ +static int +rsu_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) +{ + struct rsu_softc *sc = ni->ni_ic->ic_softc; + struct r92s_add_ba_req req; + + RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: called, tid=%d\n", + __func__, tap->txa_tid); + + /* Don't enable if it's requested or running */ + if (IEEE80211_AMPDU_REQUESTED(tap)) + return (0); + if (IEEE80211_AMPDU_RUNNING(tap)) + return (0); + + /* We've decided to send addba; so send it */ + req.tid = htole32(tap->txa_tid); + + /* Attempt net80211 state */ + if (ieee80211_ampdu_tx_request_ext(ni, tap->txa_tid) != 1) + return (0); + + /* Send the firmware command */ + RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, + "%s: establishing AMPDU TX for TID %d\n", + __func__, + tap->txa_tid); + + RSU_LOCK(sc); + if (rsu_fw_cmd(sc, R92S_CMD_ADDBA_REQ, &req, sizeof(req)) != 0) { + RSU_UNLOCK(sc); + RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: AMPDU TX cmd failure\n", + __func__); + /* Mark failure */ + ieee80211_ampdu_tx_request_active_ext(ni, tap->txa_tid, 0); + /* Return 0, we've been driving this ourselves */ + return (0); + } + RSU_UNLOCK(sc); + + RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: AMPDU TX cmd success\n", + __func__); + + /* Mark success; we don't get any further notifications */ + ieee80211_ampdu_tx_request_active_ext(ni, tap->txa_tid, 1); + + /* Return 0, we've been driving this ourselves */ + return (0); +} + +static int +rsu_wme_update(struct ieee80211com *ic) +{ + + /* Firmware handles this; not our problem */ + return (0); +} + +static int +rsu_attach(device_t self) +{ + struct usb_attach_arg *uaa = device_get_ivars(self); + struct rsu_softc *sc = device_get_softc(self); + struct ieee80211com *ic = &sc->sc_ic; + int error; + uint8_t iface_index; + struct usb_interface *iface; + const char *rft; + + device_set_usb_desc(self); + sc->sc_udev = uaa->device; + sc->sc_dev = self; + sc->sc_rx_checksum_enable = 1; + if (rsu_enable_11n) + sc->sc_ht = !! (USB_GET_DRIVER_INFO(uaa) & RSU_HT_SUPPORTED); + + /* Get number of endpoints */ + iface = usbd_get_iface(sc->sc_udev, 0); + sc->sc_nendpoints = iface->idesc->bNumEndpoints; + + /* Endpoints are hard-coded for now, so enforce 4-endpoint only */ + if (sc->sc_nendpoints != 4) { + device_printf(sc->sc_dev, + "the driver currently only supports 4-endpoint devices\n"); + return (ENXIO); + } + + mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK, + MTX_DEF); + RSU_DELKEY_BMAP_LOCK_INIT(sc); + TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_task, 0, + rsu_calib_task, sc); + TASK_INIT(&sc->del_key_task, 0, rsu_delete_key_pair_cb, sc); + TASK_INIT(&sc->tx_task, 0, rsu_tx_task, sc); + mbufq_init(&sc->sc_snd, ifqmaxlen); + + /* Allocate Tx/Rx buffers. */ + error = rsu_alloc_rx_list(sc); + if (error != 0) { + device_printf(sc->sc_dev, "could not allocate Rx buffers\n"); + goto fail_usb; + } + + error = rsu_alloc_tx_list(sc); + if (error != 0) { + device_printf(sc->sc_dev, "could not allocate Tx buffers\n"); + rsu_free_rx_list(sc); + goto fail_usb; + } + + iface_index = 0; + error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer, + rsu_config, RSU_N_TRANSFER, sc, &sc->sc_mtx); + if (error) { + device_printf(sc->sc_dev, + "could not allocate USB transfers, err=%s\n", + usbd_errstr(error)); + goto fail_usb; + } + RSU_LOCK(sc); + /* Read chip revision. */ + sc->cut = MS(rsu_read_4(sc, R92S_PMC_FSM), R92S_PMC_FSM_CUT); + if (sc->cut != 3) + sc->cut = (sc->cut >> 1) + 1; + error = rsu_read_rom(sc); + RSU_UNLOCK(sc); + if (error != 0) { + device_printf(self, "could not read ROM\n"); + goto fail_rom; + } + + /* Figure out TX/RX streams */ + switch (sc->rom[84]) { + case 0x0: + sc->sc_rftype = RTL8712_RFCONFIG_1T1R; + sc->sc_nrxstream = 1; + sc->sc_ntxstream = 1; + rft = "1T1R"; + break; + case 0x1: + sc->sc_rftype = RTL8712_RFCONFIG_1T2R; + sc->sc_nrxstream = 2; + sc->sc_ntxstream = 1; + rft = "1T2R"; + break; + case 0x2: + sc->sc_rftype = RTL8712_RFCONFIG_2T2R; + sc->sc_nrxstream = 2; + sc->sc_ntxstream = 2; + rft = "2T2R"; + break; + case 0x3: /* "green" NIC */ + sc->sc_rftype = RTL8712_RFCONFIG_1T2R; + sc->sc_nrxstream = 2; + sc->sc_ntxstream = 1; + rft = "1T2R ('green')"; + break; + default: + device_printf(sc->sc_dev, + "%s: unknown board type (rfconfig=0x%02x)\n", + __func__, + sc->rom[84]); + goto fail_rom; + } + + IEEE80211_ADDR_COPY(ic->ic_macaddr, &sc->rom[0x12]); + device_printf(self, "MAC/BB RTL8712 cut %d %s\n", sc->cut, rft); + + ic->ic_softc = sc; + ic->ic_name = device_get_nameunit(self); + ic->ic_phytype = IEEE80211_T_OFDM; /* Not only, but not used. */ + ic->ic_opmode = IEEE80211_M_STA; /* Default to BSS mode. */ + + /* Set device capabilities. */ + ic->ic_caps = + IEEE80211_C_STA | /* station mode */ + IEEE80211_C_MONITOR | /* monitor mode supported */ +#if 0 + IEEE80211_C_BGSCAN | /* Background scan. */ +#endif + IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */ + IEEE80211_C_WME | /* WME/QoS */ + IEEE80211_C_SHSLOT | /* Short slot time supported. */ + IEEE80211_C_WPA; /* WPA/RSN. */ + + ic->ic_cryptocaps = + IEEE80211_CRYPTO_WEP | + IEEE80211_CRYPTO_TKIP | + IEEE80211_CRYPTO_AES_CCM; + + /* Check if HT support is present. */ + if (sc->sc_ht) { + device_printf(sc->sc_dev, "%s: enabling 11n\n", __func__); + + /* Enable basic HT */ + ic->ic_htcaps = IEEE80211_HTC_HT | + IEEE80211_HTC_AMPDU | + IEEE80211_HTC_AMSDU | + IEEE80211_HTCAP_MAXAMSDU_3839 | + IEEE80211_HTCAP_SMPS_OFF; + ic->ic_htcaps |= IEEE80211_HTCAP_CHWIDTH40; + + /* set number of spatial streams */ + ic->ic_txstream = sc->sc_ntxstream; + ic->ic_rxstream = sc->sc_nrxstream; + } + ic->ic_flags_ext |= IEEE80211_FEXT_SCAN_OFFLOAD; + ic->ic_flags_ext |= IEEE80211_FEXT_SEQNO_OFFLOAD; + + rsu_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, + ic->ic_channels); + + ieee80211_ifattach(ic); + ic->ic_raw_xmit = rsu_raw_xmit; + ic->ic_scan_start = rsu_scan_start; + ic->ic_scan_end = rsu_scan_end; + ic->ic_getradiocaps = rsu_getradiocaps; + ic->ic_set_channel = rsu_set_channel; + ic->ic_scan_curchan = rsu_scan_curchan; + ic->ic_scan_mindwell = rsu_scan_mindwell; + ic->ic_vap_create = rsu_vap_create; + ic->ic_vap_delete = rsu_vap_delete; + ic->ic_update_promisc = rsu_update_promisc; + ic->ic_update_mcast = rsu_update_mcast; + ic->ic_ioctl = rsu_ioctl_net; + ic->ic_parent = rsu_parent; + ic->ic_transmit = rsu_transmit; + ic->ic_send_mgmt = rsu_send_mgmt; + ic->ic_update_chw = rsu_update_chw; + ic->ic_ampdu_enable = rsu_ampdu_enable; + ic->ic_wme.wme_update = rsu_wme_update; + + ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr, + sizeof(sc->sc_txtap), RSU_TX_RADIOTAP_PRESENT, + &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), + RSU_RX_RADIOTAP_PRESENT); + + if (bootverbose) + ieee80211_announce(ic); + + return (0); + +fail_rom: + usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER); +fail_usb: + mtx_destroy(&sc->sc_mtx); + return (ENXIO); +} + +static int +rsu_detach(device_t self) +{ + struct rsu_softc *sc = device_get_softc(self); + struct ieee80211com *ic = &sc->sc_ic; + + rsu_stop(sc); + + usbd_transfer_unsetup(sc->sc_xfer, RSU_N_TRANSFER); + + /* + * Free buffers /before/ we detach from net80211, else node + * references to destroyed vaps will lead to a panic. + */ + /* Free Tx/Rx buffers. */ + RSU_LOCK(sc); + rsu_free_tx_list(sc); + rsu_free_rx_list(sc); + RSU_UNLOCK(sc); + + /* Frames are freed; detach from net80211 */ + ieee80211_ifdetach(ic); + + taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task); + taskqueue_drain(taskqueue_thread, &sc->del_key_task); + taskqueue_drain(taskqueue_thread, &sc->tx_task); + + RSU_DELKEY_BMAP_LOCK_DESTROY(sc); + mtx_destroy(&sc->sc_mtx); + + return (0); +} + +static usb_error_t +rsu_do_request(struct rsu_softc *sc, struct usb_device_request *req, + void *data) +{ + usb_error_t err; + int ntries = 10; + + RSU_ASSERT_LOCKED(sc); + + while (ntries--) { + err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, + req, data, 0, NULL, 250 /* ms */); + if (err == 0 || err == USB_ERR_NOT_CONFIGURED) + break; + RSU_DPRINTF(sc, RSU_DEBUG_USB, + "Control request failed, %s (retries left: %d)\n", + usbd_errstr(err), ntries); + rsu_ms_delay(sc, 10); + } + + return (err); +} + +static struct ieee80211vap * +rsu_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, + enum ieee80211_opmode opmode, int flags, + const uint8_t bssid[IEEE80211_ADDR_LEN], + const uint8_t mac[IEEE80211_ADDR_LEN]) +{ + struct rsu_softc *sc = ic->ic_softc; + struct rsu_vap *uvp; + struct ieee80211vap *vap; + if_t ifp; + + if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */ + return (NULL); + + uvp = malloc(sizeof(struct rsu_vap), M_80211_VAP, M_WAITOK | M_ZERO); + vap = &uvp->vap; + + if (ieee80211_vap_setup(ic, vap, name, unit, opmode, + flags, bssid) != 0) { + /* out of memory */ + free(uvp, M_80211_VAP); + return (NULL); + } + + ifp = vap->iv_ifp; + if_setcapabilities(ifp, IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6); + RSU_LOCK(sc); + if (sc->sc_rx_checksum_enable) + if_setcapenablebit(ifp, IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6, 0); + RSU_UNLOCK(sc); + + /* override state transition machine */ + uvp->newstate = vap->iv_newstate; + if (opmode == IEEE80211_M_MONITOR) + vap->iv_newstate = rsu_monitor_newstate; + else + vap->iv_newstate = rsu_newstate; + vap->iv_key_alloc = rsu_key_alloc; + vap->iv_key_set = rsu_key_set; + vap->iv_key_delete = rsu_key_delete; + + /* Limits from the r92su driver */ + vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_16; + vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K; + + /* complete setup */ + ieee80211_vap_attach(vap, ieee80211_media_change, + ieee80211_media_status, mac); + ic->ic_opmode = opmode; + + return (vap); +} + +static void +rsu_vap_delete(struct ieee80211vap *vap) +{ + struct rsu_vap *uvp = RSU_VAP(vap); + + ieee80211_vap_detach(vap); + free(uvp, M_80211_VAP); +} + +static void +rsu_scan_start(struct ieee80211com *ic) +{ + struct rsu_softc *sc = ic->ic_softc; + struct ieee80211_scan_state *ss = ic->ic_scan; + struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); + int error; + + /* Scanning is done by the firmware. */ + RSU_LOCK(sc); + sc->sc_active_scan = !!(ss->ss_flags & IEEE80211_SCAN_ACTIVE); + /* XXX TODO: force awake if in network-sleep? */ + error = rsu_site_survey(sc, ss->ss_nssid > 0 ? &ss->ss_ssid[0] : NULL); + RSU_UNLOCK(sc); + if (error != 0) { + device_printf(sc->sc_dev, + "could not send site survey command\n"); + ieee80211_cancel_scan(vap); + } +} + +static void +rsu_scan_end(struct ieee80211com *ic) +{ + /* Nothing to do here. */ +} + +static void +rsu_getradiocaps(struct ieee80211com *ic, + int maxchans, int *nchans, struct ieee80211_channel chans[]) +{ + struct rsu_softc *sc = ic->ic_softc; + uint8_t bands[IEEE80211_MODE_BYTES]; + + /* Set supported .11b and .11g rates. */ + memset(bands, 0, sizeof(bands)); + setbit(bands, IEEE80211_MODE_11B); + setbit(bands, IEEE80211_MODE_11G); + if (sc->sc_ht) + setbit(bands, IEEE80211_MODE_11NG); + ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, + bands, (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40) ? + NET80211_CBW_FLAG_HT40 : 0); +} + +static void +rsu_set_channel(struct ieee80211com *ic) +{ + struct rsu_softc *sc = ic->ic_softc; + + /* + * Only need to set the channel in Monitor mode. AP scanning and auth + * are already taken care of by their respective firmware commands. + */ + if (ic->ic_opmode == IEEE80211_M_MONITOR) { + struct r92s_set_channel cmd; + int error; + + cmd.channel = IEEE80211_CHAN2IEEE(ic->ic_curchan); + + RSU_LOCK(sc); + error = rsu_fw_cmd(sc, R92S_CMD_SET_CHANNEL, &cmd, + sizeof(cmd)); + if (error != 0) { + device_printf(sc->sc_dev, + "%s: error %d setting channel\n", __func__, + error); + } + RSU_UNLOCK(sc); + } +} + +static void +rsu_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell) +{ + /* Scan is done in rsu_scan_start(). */ +} + +/** + * Called by the net80211 framework to indicate + * the minimum dwell time has been met, terminate the scan. + * We don't actually terminate the scan as the firmware will notify + * us when it's finished and we have no way to interrupt it. + */ +static void +rsu_scan_mindwell(struct ieee80211_scan_state *ss) +{ + /* NB: don't try to abort scan; wait for firmware to finish */ +} + +static void +rsu_update_promisc(struct ieee80211com *ic) +{ + struct rsu_softc *sc = ic->ic_softc; + + RSU_LOCK(sc); + if (sc->sc_running) + rsu_rxfilter_refresh(sc); + RSU_UNLOCK(sc); +} + +/* + * The same as rtwn_get_multi_pos() / rtwn_set_multi(). + */ +static uint8_t +rsu_get_multi_pos(const uint8_t maddr[]) +{ + uint64_t mask = 0x00004d101df481b4; + uint8_t pos = 0x27; /* initial value */ + int i, j; + + for (i = 0; i < IEEE80211_ADDR_LEN; i++) + for (j = (i == 0) ? 1 : 0; j < 8; j++) + if ((maddr[i] >> j) & 1) + pos ^= (mask >> (i * 8 + j - 1)); + + pos &= 0x3f; + + return (pos); +} + +static u_int +rsu_hash_maddr(void *arg, struct sockaddr_dl *sdl, u_int cnt) +{ + uint32_t *mfilt = arg; + uint8_t pos; + + pos = rsu_get_multi_pos(LLADDR(sdl)); + mfilt[pos / 32] |= (1 << (pos % 32)); + + return (1); +} + +static void +rsu_set_multi(struct rsu_softc *sc) +{ + struct ieee80211com *ic = &sc->sc_ic; + uint32_t mfilt[2]; + + RSU_ASSERT_LOCKED(sc); + + /* general structure was copied from ath(4). */ + if (ic->ic_allmulti == 0) { + struct ieee80211vap *vap; + + /* + * Merge multicast addresses to form the hardware filter. + */ + mfilt[0] = mfilt[1] = 0; + TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) + if_foreach_llmaddr(vap->iv_ifp, rsu_hash_maddr, &mfilt); + } else + mfilt[0] = mfilt[1] = ~0; + + rsu_write_4(sc, R92S_MAR + 0, mfilt[0]); + rsu_write_4(sc, R92S_MAR + 4, mfilt[1]); + + RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: MC filter %08x:%08x\n", + __func__, mfilt[0], mfilt[1]); +} + +static void +rsu_update_mcast(struct ieee80211com *ic) +{ + struct rsu_softc *sc = ic->ic_softc; + + RSU_LOCK(sc); + if (sc->sc_running) + rsu_set_multi(sc); + RSU_UNLOCK(sc); +} + +static int +rsu_alloc_list(struct rsu_softc *sc, struct rsu_data data[], + int ndata, int maxsz) +{ + int i, error; + + for (i = 0; i < ndata; i++) { + struct rsu_data *dp = &data[i]; + dp->sc = sc; + dp->m = NULL; + dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT); + if (dp->buf == NULL) { + device_printf(sc->sc_dev, + "could not allocate buffer\n"); + error = ENOMEM; + goto fail; + } + dp->ni = NULL; + } + + return (0); +fail: + rsu_free_list(sc, data, ndata); + return (error); +} + +static int +rsu_alloc_rx_list(struct rsu_softc *sc) +{ + int error, i; + + error = rsu_alloc_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT, + RSU_RXBUFSZ); + if (error != 0) + return (error); + + STAILQ_INIT(&sc->sc_rx_active); + STAILQ_INIT(&sc->sc_rx_inactive); + + for (i = 0; i < RSU_RX_LIST_COUNT; i++) + STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next); + + return (0); +} + +static int +rsu_alloc_tx_list(struct rsu_softc *sc) +{ + int error, i; + + error = rsu_alloc_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT, + RSU_TXBUFSZ); + if (error != 0) + return (error); + + STAILQ_INIT(&sc->sc_tx_inactive); + + for (i = 0; i != RSU_N_TRANSFER; i++) { + STAILQ_INIT(&sc->sc_tx_active[i]); + STAILQ_INIT(&sc->sc_tx_pending[i]); + } + + for (i = 0; i < RSU_TX_LIST_COUNT; i++) { + STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next); + } + + return (0); +} + +static void +rsu_free_tx_list(struct rsu_softc *sc) +{ + int i; + + /* prevent further allocations from TX list(s) */ + STAILQ_INIT(&sc->sc_tx_inactive); + + for (i = 0; i != RSU_N_TRANSFER; i++) { + STAILQ_INIT(&sc->sc_tx_active[i]); + STAILQ_INIT(&sc->sc_tx_pending[i]); + } + + rsu_free_list(sc, sc->sc_tx, RSU_TX_LIST_COUNT); +} + +static void +rsu_free_rx_list(struct rsu_softc *sc) +{ + /* prevent further allocations from RX list(s) */ + STAILQ_INIT(&sc->sc_rx_inactive); + STAILQ_INIT(&sc->sc_rx_active); + + rsu_free_list(sc, sc->sc_rx, RSU_RX_LIST_COUNT); +} + +static void +rsu_free_list(struct rsu_softc *sc, struct rsu_data data[], int ndata) +{ + int i; + + for (i = 0; i < ndata; i++) { + struct rsu_data *dp = &data[i]; + + if (dp->buf != NULL) { + free(dp->buf, M_USBDEV); + dp->buf = NULL; + } + if (dp->ni != NULL) { + ieee80211_free_node(dp->ni); + dp->ni = NULL; + } + } +} + +static struct rsu_data * +_rsu_getbuf(struct rsu_softc *sc) +{ + struct rsu_data *bf; + + bf = STAILQ_FIRST(&sc->sc_tx_inactive); + if (bf != NULL) + STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next); + else + bf = NULL; + return (bf); +} + +static struct rsu_data * +rsu_getbuf(struct rsu_softc *sc) +{ + struct rsu_data *bf; + + RSU_ASSERT_LOCKED(sc); + + bf = _rsu_getbuf(sc); + if (bf == NULL) { + RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: no buffers\n", __func__); + } + return (bf); +} + +static void +rsu_freebuf(struct rsu_softc *sc, struct rsu_data *bf) +{ + + RSU_ASSERT_LOCKED(sc); + STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, bf, next); +} + +static int +rsu_write_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf, + int len) +{ + usb_device_request_t req; + + req.bmRequestType = UT_WRITE_VENDOR_DEVICE; + req.bRequest = R92S_REQ_REGS; + USETW(req.wValue, addr); + USETW(req.wIndex, 0); + USETW(req.wLength, len); + + return (rsu_do_request(sc, &req, buf)); +} + +static void +rsu_write_1(struct rsu_softc *sc, uint16_t addr, uint8_t val) +{ + rsu_write_region_1(sc, addr, &val, 1); +} + +static void +rsu_write_2(struct rsu_softc *sc, uint16_t addr, uint16_t val) +{ + val = htole16(val); + rsu_write_region_1(sc, addr, (uint8_t *)&val, 2); +} + +static void +rsu_write_4(struct rsu_softc *sc, uint16_t addr, uint32_t val) +{ + val = htole32(val); + rsu_write_region_1(sc, addr, (uint8_t *)&val, 4); +} + +static int +rsu_read_region_1(struct rsu_softc *sc, uint16_t addr, uint8_t *buf, + int len) +{ + usb_device_request_t req; + + req.bmRequestType = UT_READ_VENDOR_DEVICE; + req.bRequest = R92S_REQ_REGS; + USETW(req.wValue, addr); + USETW(req.wIndex, 0); + USETW(req.wLength, len); + + return (rsu_do_request(sc, &req, buf)); +} + +static uint8_t +rsu_read_1(struct rsu_softc *sc, uint16_t addr) +{ + uint8_t val; + + if (rsu_read_region_1(sc, addr, &val, 1) != 0) + return (0xff); + return (val); +} + +static uint16_t +rsu_read_2(struct rsu_softc *sc, uint16_t addr) +{ + uint16_t val; + + if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 2) != 0) + return (0xffff); + return (le16toh(val)); +} + +static uint32_t +rsu_read_4(struct rsu_softc *sc, uint16_t addr) +{ + uint32_t val; + + if (rsu_read_region_1(sc, addr, (uint8_t *)&val, 4) != 0) + return (0xffffffff); + return (le32toh(val)); +} + +static int +rsu_fw_iocmd(struct rsu_softc *sc, uint32_t iocmd) +{ + int ntries; + + rsu_write_4(sc, R92S_IOCMD_CTRL, iocmd); + rsu_ms_delay(sc, 1); + for (ntries = 0; ntries < 50; ntries++) { + if (rsu_read_4(sc, R92S_IOCMD_CTRL) == 0) + return (0); + rsu_ms_delay(sc, 1); + } + return (ETIMEDOUT); +} + +static uint8_t +rsu_efuse_read_1(struct rsu_softc *sc, uint16_t addr) +{ + uint32_t reg; + int ntries; + + reg = rsu_read_4(sc, R92S_EFUSE_CTRL); + reg = RW(reg, R92S_EFUSE_CTRL_ADDR, addr); + reg &= ~R92S_EFUSE_CTRL_VALID; + rsu_write_4(sc, R92S_EFUSE_CTRL, reg); + /* Wait for read operation to complete. */ + for (ntries = 0; ntries < 100; ntries++) { + reg = rsu_read_4(sc, R92S_EFUSE_CTRL); + if (reg & R92S_EFUSE_CTRL_VALID) + return (MS(reg, R92S_EFUSE_CTRL_DATA)); + rsu_ms_delay(sc, 1); + } + device_printf(sc->sc_dev, + "could not read efuse byte at address 0x%x\n", addr); + return (0xff); +} + +static int +rsu_read_rom(struct rsu_softc *sc) +{ + uint8_t *rom = sc->rom; + uint16_t addr = 0; + uint32_t reg; + uint8_t off, msk; + int i; + + /* Make sure that ROM type is eFuse and that autoload succeeded. */ + reg = rsu_read_1(sc, R92S_EE_9346CR); + if ((reg & (R92S_9356SEL | R92S_EEPROM_EN)) != R92S_EEPROM_EN) + return (EIO); + + /* Turn on 2.5V to prevent eFuse leakage. */ + reg = rsu_read_1(sc, R92S_EFUSE_TEST + 3); + rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg | 0x80); + rsu_ms_delay(sc, 1); + rsu_write_1(sc, R92S_EFUSE_TEST + 3, reg & ~0x80); + + /* Read full ROM image. */ + memset(&sc->rom, 0xff, sizeof(sc->rom)); + while (addr < 512) { + reg = rsu_efuse_read_1(sc, addr); + if (reg == 0xff) + break; + addr++; + off = reg >> 4; + msk = reg & 0xf; + for (i = 0; i < 4; i++) { + if (msk & (1 << i)) + continue; + rom[off * 8 + i * 2 + 0] = + rsu_efuse_read_1(sc, addr); + addr++; + rom[off * 8 + i * 2 + 1] = + rsu_efuse_read_1(sc, addr); + addr++; + } + } +#ifdef USB_DEBUG + if (rsu_debug & RSU_DEBUG_RESET) { + /* Dump ROM content. */ + printf("\n"); + for (i = 0; i < sizeof(sc->rom); i++) + printf("%02x:", rom[i]); + printf("\n"); + } +#endif + return (0); +} + +static int +rsu_fw_cmd(struct rsu_softc *sc, uint8_t code, void *buf, int len) +{ + const uint8_t which = RSU_H2C_ENDPOINT; + struct rsu_data *data; + struct r92s_tx_desc *txd; + struct r92s_fw_cmd_hdr *cmd; + int cmdsz; + int xferlen; + + RSU_ASSERT_LOCKED(sc); + + data = rsu_getbuf(sc); + if (data == NULL) + return (ENOMEM); + + /* Blank the entire payload, just to be safe */ + memset(data->buf, '\0', RSU_TXBUFSZ); + + /* Round-up command length to a multiple of 8 bytes. */ + /* XXX TODO: is this required? */ + cmdsz = (len + 7) & ~7; + + xferlen = sizeof(*txd) + sizeof(*cmd) + cmdsz; + KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__)); + memset(data->buf, 0, xferlen); + + /* Setup Tx descriptor. */ + txd = (struct r92s_tx_desc *)data->buf; + txd->txdw0 = htole32( + SM(R92S_TXDW0_OFFSET, sizeof(*txd)) | + SM(R92S_TXDW0_PKTLEN, sizeof(*cmd) + cmdsz) | + R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG); + txd->txdw1 = htole32(SM(R92S_TXDW1_QSEL, R92S_TXDW1_QSEL_H2C)); + + /* Setup command header. */ + cmd = (struct r92s_fw_cmd_hdr *)&txd[1]; + cmd->len = htole16(cmdsz); + cmd->code = code; + cmd->seq = sc->cmd_seq; + sc->cmd_seq = (sc->cmd_seq + 1) & 0x7f; + + /* Copy command payload. */ + memcpy(&cmd[1], buf, len); + + RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FWCMD, + "%s: Tx cmd code=0x%x len=0x%x\n", + __func__, code, cmdsz); + data->buflen = xferlen; + STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); + usbd_transfer_start(sc->sc_xfer[which]); + + return (0); +} + +/* ARGSUSED */ +static void +rsu_calib_task(void *arg, int pending __unused) +{ + struct rsu_softc *sc = arg; +#ifdef notyet + uint32_t reg; +#endif + + RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: running calibration task\n", + __func__); + + RSU_LOCK(sc); +#ifdef notyet + /* Read WPS PBC status. */ + rsu_write_1(sc, R92S_MAC_PINMUX_CTRL, + R92S_GPIOMUX_EN | SM(R92S_GPIOSEL_GPIO, R92S_GPIOSEL_GPIO_JTAG)); + rsu_write_1(sc, R92S_GPIO_IO_SEL, + rsu_read_1(sc, R92S_GPIO_IO_SEL) & ~R92S_GPIO_WPS); + reg = rsu_read_1(sc, R92S_GPIO_CTRL); + if (reg != 0xff && (reg & R92S_GPIO_WPS)) + RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "WPS PBC is pushed\n"); +#endif + /* Read current signal level. */ + if (rsu_fw_iocmd(sc, 0xf4000001) == 0) { + sc->sc_currssi = rsu_read_4(sc, R92S_IOCMD_DATA); + RSU_DPRINTF(sc, RSU_DEBUG_CALIB, "%s: RSSI=%d (%d)\n", + __func__, sc->sc_currssi, + rsu_hwrssi_to_rssi(sc, sc->sc_currssi)); + } + if (sc->sc_calibrating) + taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, hz); + RSU_UNLOCK(sc); +} + +static void +rsu_tx_task(void *arg, int pending __unused) +{ + struct rsu_softc *sc = arg; + + RSU_LOCK(sc); + _rsu_start(sc); + RSU_UNLOCK(sc); +} + +#define RSU_PWR_UNKNOWN 0x0 +#define RSU_PWR_ACTIVE 0x1 +#define RSU_PWR_OFF 0x2 +#define RSU_PWR_SLEEP 0x3 + +/* + * Set the current power state. + * + * The rtlwifi code doesn't do this so aggressively; it + * waits for an idle period after association with + * no traffic before doing this. + * + * For now - it's on in all states except RUN, and + * in RUN it'll transition to allow sleep. + */ + +struct r92s_pwr_cmd { + uint8_t mode; + uint8_t smart_ps; + uint8_t bcn_pass_time; +}; + +static int +rsu_set_fw_power_state(struct rsu_softc *sc, int state) +{ + struct r92s_set_pwr_mode cmd; + //struct r92s_pwr_cmd cmd; + int error; + + RSU_ASSERT_LOCKED(sc); + + /* only change state if required */ + if (sc->sc_curpwrstate == state) + return (0); + + memset(&cmd, 0, sizeof(cmd)); + + switch (state) { + case RSU_PWR_ACTIVE: + /* Force the hardware awake */ + rsu_write_1(sc, R92S_USB_HRPWM, + R92S_USB_HRPWM_PS_ST_ACTIVE | R92S_USB_HRPWM_PS_ALL_ON); + cmd.mode = R92S_PS_MODE_ACTIVE; + break; + case RSU_PWR_SLEEP: + cmd.mode = R92S_PS_MODE_DTIM; /* XXX configurable? */ + cmd.smart_ps = 1; /* XXX 2 if doing p2p */ + cmd.bcn_pass_time = 5; /* in 100mS usb.c, linux/rtlwifi */ + break; + case RSU_PWR_OFF: + cmd.mode = R92S_PS_MODE_RADIOOFF; + break; + default: + device_printf(sc->sc_dev, "%s: unknown ps mode (%d)\n", + __func__, + state); + return (ENXIO); + } + + RSU_DPRINTF(sc, RSU_DEBUG_RESET, + "%s: setting ps mode to %d (mode %d)\n", + __func__, state, cmd.mode); + error = rsu_fw_cmd(sc, R92S_CMD_SET_PWR_MODE, &cmd, sizeof(cmd)); + if (error == 0) + sc->sc_curpwrstate = state; + + return (error); +} + +static void +rsu_set_led(struct rsu_softc *sc, int on) +{ + rsu_write_1(sc, R92S_LEDCFG, + (rsu_read_1(sc, R92S_LEDCFG) & 0xf0) | (!on << 3)); +} + +static int +rsu_monitor_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, + int arg) +{ + struct ieee80211com *ic = vap->iv_ic; + struct rsu_softc *sc = ic->ic_softc; + struct rsu_vap *uvp = RSU_VAP(vap); + + if (vap->iv_state != nstate) { + IEEE80211_UNLOCK(ic); + RSU_LOCK(sc); + + switch (nstate) { + case IEEE80211_S_INIT: + sc->sc_vap_is_running = 0; + rsu_set_led(sc, 0); + break; + case IEEE80211_S_RUN: + sc->sc_vap_is_running = 1; + rsu_set_led(sc, 1); + break; + default: + /* NOTREACHED */ + break; + } + rsu_rxfilter_refresh(sc); + + RSU_UNLOCK(sc); + IEEE80211_LOCK(ic); + } + + return (uvp->newstate(vap, nstate, arg)); +} + +static int +rsu_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) +{ + struct rsu_vap *uvp = RSU_VAP(vap); + struct ieee80211com *ic = vap->iv_ic; + struct rsu_softc *sc = ic->ic_softc; + struct ieee80211_node *ni; + struct ieee80211_rateset *rs; + enum ieee80211_state ostate; + int error, startcal = 0; + + ostate = vap->iv_state; + RSU_DPRINTF(sc, RSU_DEBUG_STATE, "%s: %s -> %s\n", + __func__, + ieee80211_state_name[ostate], + ieee80211_state_name[nstate]); + + IEEE80211_UNLOCK(ic); + if (ostate == IEEE80211_S_RUN) { + RSU_LOCK(sc); + /* Stop calibration. */ + sc->sc_calibrating = 0; + + /* Pause Tx for AC queues. */ + rsu_write_1(sc, R92S_TXPAUSE, R92S_TXPAUSE_AC); + usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10)); + + RSU_UNLOCK(sc); + taskqueue_drain_timeout(taskqueue_thread, &sc->calib_task); + taskqueue_drain(taskqueue_thread, &sc->tx_task); + RSU_LOCK(sc); + /* Disassociate from our current BSS. */ + rsu_disconnect(sc); + usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10)); + + /* Refresh Rx filter (may be modified by firmware). */ + sc->sc_vap_is_running = 0; + rsu_rxfilter_refresh(sc); + + /* Reinstall static keys. */ + if (sc->sc_running) + rsu_reinit_static_keys(sc); + } else + RSU_LOCK(sc); + switch (nstate) { + case IEEE80211_S_INIT: + (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); + break; + case IEEE80211_S_AUTH: + ni = ieee80211_ref_node(vap->iv_bss); + (void) rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); + error = rsu_join_bss(sc, ni); + ieee80211_free_node(ni); + if (error != 0) { + device_printf(sc->sc_dev, + "could not send join command\n"); + } + break; + case IEEE80211_S_RUN: + /* Flush all AC queues. */ + rsu_write_1(sc, R92S_TXPAUSE, 0); + + ni = ieee80211_ref_node(vap->iv_bss); + rs = &ni->ni_rates; + /* Indicate highest supported rate. */ + ieee80211_node_set_txrate_dot11rate(ni, + rs->rs_rates[rs->rs_nrates - 1]); + (void) rsu_set_fw_power_state(sc, RSU_PWR_SLEEP); + ieee80211_free_node(ni); + startcal = 1; + break; + default: + break; + } + if (startcal != 0) { + sc->sc_calibrating = 1; + /* Start periodic calibration. */ + taskqueue_enqueue_timeout(taskqueue_thread, &sc->calib_task, + hz); + } + RSU_UNLOCK(sc); + IEEE80211_LOCK(ic); + return (uvp->newstate(vap, nstate, arg)); +} + +static int +rsu_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, + ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) +{ + struct rsu_softc *sc = vap->iv_ic->ic_softc; + int is_checked = 0; + + if (ieee80211_is_key_global(vap, k)) { + *keyix = ieee80211_crypto_get_key_wepidx(vap, k); + } else { + /* Note: assumes this is a pairwise key */ + if (vap->iv_opmode != IEEE80211_M_STA) { + *keyix = 0; + /* TODO: obtain keyix from node id */ + is_checked = 1; + k->wk_flags |= IEEE80211_KEY_SWCRYPT; + } else + /* + * TODO: should allocate these from the CAM space; + * skipping over the fixed slots and _BC / _BSS. + */ + *keyix = R92S_MACID_BSS; + } + + if (!is_checked) { + RSU_LOCK(sc); + if (isset(sc->keys_bmap, *keyix)) { + device_printf(sc->sc_dev, + "%s: key slot %d is already used!\n", + __func__, *keyix); + RSU_UNLOCK(sc); + return (0); + } + setbit(sc->keys_bmap, *keyix); + RSU_UNLOCK(sc); + } + + *rxkeyix = *keyix; + + return (1); +} + +static int +rsu_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, + int set) +{ + struct rsu_softc *sc = vap->iv_ic->ic_softc; + int ret; + + if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { + /* Not for us. */ + return (1); + } + + /* Handle group keys. */ + if (ieee80211_is_key_global(vap, k)) { + KASSERT(k->wk_keyix < nitems(sc->group_keys), + ("keyix %u > %zu\n", k->wk_keyix, nitems(sc->group_keys))); + + RSU_LOCK(sc); + sc->group_keys[k->wk_keyix] = (set ? k : NULL); + if (!sc->sc_running) { + /* Static keys will be set during device startup. */ + RSU_UNLOCK(sc); + return (1); + } + + if (set) + ret = rsu_set_key_group(sc, k); + else + ret = rsu_delete_key(sc, k->wk_keyix); + RSU_UNLOCK(sc); + + return (!ret); + } + + if (set) { + /* wait for pending key removal */ + taskqueue_drain(taskqueue_thread, &sc->del_key_task); + + RSU_LOCK(sc); + ret = rsu_set_key_pair(sc, k); + RSU_UNLOCK(sc); + } else { + RSU_DELKEY_BMAP_LOCK(sc); + setbit(sc->free_keys_bmap, k->wk_keyix); + RSU_DELKEY_BMAP_UNLOCK(sc); + + /* workaround ieee80211_node_delucastkey() locking */ + taskqueue_enqueue(taskqueue_thread, &sc->del_key_task); + ret = 0; /* fake success */ + } + + return (!ret); +} + +static int +rsu_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) +{ + return (rsu_process_key(vap, k, 1)); +} + +static int +rsu_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) +{ + return (rsu_process_key(vap, k, 0)); +} + +static int +rsu_cam_read(struct rsu_softc *sc, uint8_t addr, uint32_t *val) +{ + int ntries; + + rsu_write_4(sc, R92S_CAMCMD, + R92S_CAMCMD_POLLING | SM(R92S_CAMCMD_ADDR, addr)); + for (ntries = 0; ntries < 10; ntries++) { + if (!(rsu_read_4(sc, R92S_CAMCMD) & R92S_CAMCMD_POLLING)) + break; + + usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(1)); + } + if (ntries == 10) { + device_printf(sc->sc_dev, + "%s: cannot read CAM entry at address %02X\n", + __func__, addr); + return (ETIMEDOUT); + } + + *val = rsu_read_4(sc, R92S_CAMREAD); + + return (0); +} + +static void +rsu_cam_write(struct rsu_softc *sc, uint8_t addr, uint32_t data) +{ + + rsu_write_4(sc, R92S_CAMWRITE, data); + rsu_write_4(sc, R92S_CAMCMD, + R92S_CAMCMD_POLLING | R92S_CAMCMD_WRITE | + SM(R92S_CAMCMD_ADDR, addr)); +} + +static int +rsu_key_check(struct rsu_softc *sc, ieee80211_keyix keyix, int is_valid) +{ + uint32_t val; + int error, ntries; + + for (ntries = 0; ntries < 20; ntries++) { + usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(1)); + + error = rsu_cam_read(sc, R92S_CAM_CTL0(keyix), &val); + if (error != 0) { + device_printf(sc->sc_dev, + "%s: cannot check key status!\n", __func__); + return (error); + } + if (((val & R92S_CAM_VALID) == 0) ^ is_valid) + break; + } + if (ntries == 20) { + device_printf(sc->sc_dev, + "%s: key %d is %s marked as valid, rejecting request\n", + __func__, keyix, is_valid ? "not" : "still"); + return (EIO); + } + + return (0); +} + +/* + * Map net80211 cipher to RTL8712 security mode. + */ +static uint8_t +rsu_crypto_mode(struct rsu_softc *sc, u_int cipher, int keylen) +{ + switch (cipher) { + case IEEE80211_CIPHER_WEP: + return keylen < 8 ? R92S_KEY_ALGO_WEP40 : R92S_KEY_ALGO_WEP104; + case IEEE80211_CIPHER_TKIP: + return R92S_KEY_ALGO_TKIP; + case IEEE80211_CIPHER_AES_CCM: + return R92S_KEY_ALGO_AES; + default: + device_printf(sc->sc_dev, "unknown cipher %d\n", cipher); + return R92S_KEY_ALGO_INVALID; + } +} + +static int +rsu_set_key_group(struct rsu_softc *sc, const struct ieee80211_key *k) +{ + struct r92s_fw_cmd_set_key key; + uint8_t algo; + int error; + + RSU_ASSERT_LOCKED(sc); + + /* Map net80211 cipher to HW crypto algorithm. */ + algo = rsu_crypto_mode(sc, k->wk_cipher->ic_cipher, k->wk_keylen); + if (algo == R92S_KEY_ALGO_INVALID) + return (EINVAL); + + memset(&key, 0, sizeof(key)); + key.algo = algo; + key.cam_id = k->wk_keyix; + key.grpkey = (k->wk_flags & IEEE80211_KEY_GROUP) != 0; + memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key))); + + RSU_DPRINTF(sc, RSU_DEBUG_KEY | RSU_DEBUG_FWCMD, + "%s: keyix %u, group %u, algo %u/%u, flags %04X, len %u, " + "macaddr %s\n", __func__, key.cam_id, key.grpkey, + k->wk_cipher->ic_cipher, key.algo, k->wk_flags, k->wk_keylen, + ether_sprintf(k->wk_macaddr)); + + error = rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); + if (error != 0) { + device_printf(sc->sc_dev, + "%s: cannot send firmware command, error %d\n", + __func__, error); + return (error); + } + + return (rsu_key_check(sc, k->wk_keyix, 1)); +} + +static int +rsu_set_key_pair(struct rsu_softc *sc, const struct ieee80211_key *k) +{ + struct r92s_fw_cmd_set_key_mac key; + uint8_t algo; + int error; + + RSU_ASSERT_LOCKED(sc); + + if (!sc->sc_running) + return (ESHUTDOWN); + + /* Map net80211 cipher to HW crypto algorithm. */ + algo = rsu_crypto_mode(sc, k->wk_cipher->ic_cipher, k->wk_keylen); + if (algo == R92S_KEY_ALGO_INVALID) + return (EINVAL); + + memset(&key, 0, sizeof(key)); + key.algo = algo; + memcpy(key.macaddr, k->wk_macaddr, sizeof(key.macaddr)); + memcpy(key.key, k->wk_key, MIN(k->wk_keylen, sizeof(key.key))); + + RSU_DPRINTF(sc, RSU_DEBUG_KEY | RSU_DEBUG_FWCMD, + "%s: keyix %u, algo %u/%u, flags %04X, len %u, macaddr %s\n", + __func__, k->wk_keyix, k->wk_cipher->ic_cipher, key.algo, + k->wk_flags, k->wk_keylen, ether_sprintf(key.macaddr)); + + error = rsu_fw_cmd(sc, R92S_CMD_SET_STA_KEY, &key, sizeof(key)); + if (error != 0) { + device_printf(sc->sc_dev, + "%s: cannot send firmware command, error %d\n", + __func__, error); + return (error); + } + + return (rsu_key_check(sc, k->wk_keyix, 1)); +} + +static int +rsu_reinit_static_keys(struct rsu_softc *sc) +{ + int i, error; + + for (i = 0; i < nitems(sc->group_keys); i++) { + if (sc->group_keys[i] != NULL) { + error = rsu_set_key_group(sc, sc->group_keys[i]); + if (error != 0) { + device_printf(sc->sc_dev, + "%s: failed to set static key %d, " + "error %d\n", __func__, i, error); + return (error); + } + } + } + + return (0); +} + +static int +rsu_delete_key(struct rsu_softc *sc, ieee80211_keyix keyix) +{ + struct r92s_fw_cmd_set_key key; + uint32_t val; + int error; + + RSU_ASSERT_LOCKED(sc); + + if (!sc->sc_running) + return (0); + + /* check if it was automatically removed by firmware */ + error = rsu_cam_read(sc, R92S_CAM_CTL0(keyix), &val); + if (error == 0 && (val & R92S_CAM_VALID) == 0) { + RSU_DPRINTF(sc, RSU_DEBUG_KEY, + "%s: key %u does not exist\n", __func__, keyix); + clrbit(sc->keys_bmap, keyix); + return (0); + } + + memset(&key, 0, sizeof(key)); + key.cam_id = keyix; + + RSU_DPRINTF(sc, RSU_DEBUG_KEY | RSU_DEBUG_FWCMD, + "%s: removing key %u\n", __func__, key.cam_id); + + error = rsu_fw_cmd(sc, R92S_CMD_SET_KEY, &key, sizeof(key)); + if (error != 0) { + device_printf(sc->sc_dev, + "%s: cannot send firmware command, error %d\n", + __func__, error); + goto finish; + } + + usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(5)); + + /* + * Clear 'valid' bit manually (cannot be done via firmware command). + * Used for key check + when firmware command cannot be sent. + */ +finish: + rsu_cam_write(sc, R92S_CAM_CTL0(keyix), 0); + + clrbit(sc->keys_bmap, keyix); + + return (rsu_key_check(sc, keyix, 0)); +} + +static void +rsu_delete_key_pair_cb(void *arg, int pending __unused) +{ + struct rsu_softc *sc = arg; + int i; + + RSU_DELKEY_BMAP_LOCK(sc); + for (i = IEEE80211_WEP_NKID; i < R92S_CAM_ENTRY_LIMIT; i++) { + if (isset(sc->free_keys_bmap, i)) { + RSU_DELKEY_BMAP_UNLOCK(sc); + + RSU_LOCK(sc); + RSU_DPRINTF(sc, RSU_DEBUG_KEY, + "%s: calling rsu_delete_key() with keyix = %d\n", + __func__, i); + (void) rsu_delete_key(sc, i); + RSU_UNLOCK(sc); + + RSU_DELKEY_BMAP_LOCK(sc); + clrbit(sc->free_keys_bmap, i); + + /* bmap can be changed */ + i = IEEE80211_WEP_NKID - 1; + continue; + } + } + RSU_DELKEY_BMAP_UNLOCK(sc); +} + +static int +rsu_site_survey(struct rsu_softc *sc, struct ieee80211_scan_ssid *ssid) +{ + struct r92s_fw_cmd_sitesurvey cmd; + + RSU_ASSERT_LOCKED(sc); + + memset(&cmd, 0, sizeof(cmd)); + /* TODO: passive channels? */ + if (sc->sc_active_scan) + cmd.active = htole32(1); + cmd.limit = htole32(48); + + if (ssid != NULL) { + sc->sc_extra_scan = 1; + cmd.ssidlen = htole32(ssid->len); + memcpy(cmd.ssid, ssid->ssid, ssid->len); + } +#ifdef USB_DEBUG + if (rsu_debug & (RSU_DEBUG_SCAN | RSU_DEBUG_FWCMD)) { + device_printf(sc->sc_dev, + "sending site survey command, active %d", + le32toh(cmd.active)); + if (ssid != NULL) { + printf(", ssid: "); + ieee80211_print_essid(cmd.ssid, le32toh(cmd.ssidlen)); + } + printf("\n"); + } +#endif + return (rsu_fw_cmd(sc, R92S_CMD_SITE_SURVEY, &cmd, sizeof(cmd))); +} + +static int +rsu_join_bss(struct rsu_softc *sc, struct ieee80211_node *ni) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211vap *vap = ni->ni_vap; + struct ndis_wlan_bssid_ex *bss; + struct ndis_802_11_fixed_ies *fixed; + struct r92s_fw_cmd_auth auth; + uint8_t buf[sizeof(*bss) + 128] __aligned(4); + uint8_t *frm; + uint8_t opmode; + int error; + + RSU_ASSERT_LOCKED(sc); + + /* Let the FW decide the opmode based on the capinfo field. */ + opmode = NDIS802_11AUTOUNKNOWN; + RSU_DPRINTF(sc, RSU_DEBUG_RESET, + "%s: setting operating mode to %d\n", + __func__, opmode); + error = rsu_fw_cmd(sc, R92S_CMD_SET_OPMODE, &opmode, sizeof(opmode)); + if (error != 0) + return (error); + + memset(&auth, 0, sizeof(auth)); + if (vap->iv_flags & IEEE80211_F_WPA) { + auth.mode = R92S_AUTHMODE_WPA; + auth.dot1x = (ni->ni_authmode == IEEE80211_AUTH_8021X); + } else + auth.mode = R92S_AUTHMODE_OPEN; + RSU_DPRINTF(sc, RSU_DEBUG_RESET, + "%s: setting auth mode to %d\n", + __func__, auth.mode); + error = rsu_fw_cmd(sc, R92S_CMD_SET_AUTH, &auth, sizeof(auth)); + if (error != 0) + return (error); + + memset(buf, 0, sizeof(buf)); + bss = (struct ndis_wlan_bssid_ex *)buf; + IEEE80211_ADDR_COPY(bss->macaddr, ni->ni_bssid); + bss->ssid.ssidlen = htole32(ni->ni_esslen); + memcpy(bss->ssid.ssid, ni->ni_essid, ni->ni_esslen); + if (vap->iv_flags & (IEEE80211_F_PRIVACY | IEEE80211_F_WPA)) + bss->privacy = htole32(1); + bss->rssi = htole32(ni->ni_avgrssi); + if (ic->ic_curmode == IEEE80211_MODE_11B) + bss->networktype = htole32(NDIS802_11DS); + else + bss->networktype = htole32(NDIS802_11OFDM24); + bss->config.len = htole32(sizeof(bss->config)); + bss->config.bintval = htole32(ni->ni_intval); + bss->config.dsconfig = htole32(ieee80211_chan2ieee(ic, ni->ni_chan)); + bss->inframode = htole32(NDIS802_11INFRASTRUCTURE); + /* XXX verify how this is supposed to look! */ + memcpy(bss->supprates, ni->ni_rates.rs_rates, + ni->ni_rates.rs_nrates); + /* Write the fixed fields of the beacon frame. */ + fixed = (struct ndis_802_11_fixed_ies *)&bss[1]; + memcpy(&fixed->tstamp, ni->ni_tstamp.data, 8); + fixed->bintval = htole16(ni->ni_intval); + fixed->capabilities = htole16(ni->ni_capinfo); + /* Write IEs to be included in the association request. */ + frm = (uint8_t *)&fixed[1]; + frm = ieee80211_add_rsn(frm, vap); + frm = ieee80211_add_wpa(frm, vap); + frm = ieee80211_add_qos(frm, ni); + if ((ic->ic_flags & IEEE80211_F_WME) && + (ni->ni_ies.wme_ie != NULL)) + frm = ieee80211_add_wme_info(frm, &ic->ic_wme, ni); + if (ni->ni_flags & IEEE80211_NODE_HT) { + frm = ieee80211_add_htcap(frm, ni); + frm = ieee80211_add_htinfo(frm, ni); + } + bss->ieslen = htole32(frm - (uint8_t *)fixed); + bss->len = htole32(((frm - buf) + 3) & ~3); + RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_FWCMD, + "%s: sending join bss command to %s chan %d\n", + __func__, + ether_sprintf(bss->macaddr), le32toh(bss->config.dsconfig)); + return (rsu_fw_cmd(sc, R92S_CMD_JOIN_BSS, buf, sizeof(buf))); +} + +static int +rsu_disconnect(struct rsu_softc *sc) +{ + uint32_t zero = 0; /* :-) */ + + /* Disassociate from our current BSS. */ + RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, + "%s: sending disconnect command\n", __func__); + return (rsu_fw_cmd(sc, R92S_CMD_DISCONNECT, &zero, sizeof(zero))); +} + +/* + * Map the hardware provided RSSI value to a signal level. + * For the most part it's just something we divide by and cap + * so it doesn't overflow the representation by net80211. + */ +static int +rsu_hwrssi_to_rssi(struct rsu_softc *sc, int hw_rssi) +{ + int v; + + if (hw_rssi == 0) + return (0); + v = hw_rssi >> 4; + if (v > 80) + v = 80; + return (v); +} + +CTASSERT(MCLBYTES > sizeof(struct ieee80211_frame)); + +static void +rsu_event_survey(struct rsu_softc *sc, uint8_t *buf, int len) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211_frame *wh; + struct ndis_wlan_bssid_ex *bss; + struct ieee80211_rx_stats rxs; + struct mbuf *m; + uint32_t ieslen; + uint32_t pktlen; + + if (__predict_false(len < sizeof(*bss))) + return; + bss = (struct ndis_wlan_bssid_ex *)buf; + ieslen = le32toh(bss->ieslen); + /* range check length of information element */ + if (__predict_false(ieslen > (uint32_t)(len - sizeof(*bss)))) + return; + + RSU_DPRINTF(sc, RSU_DEBUG_SCAN, + "%s: found BSS %s: len=%d chan=%d inframode=%d " + "networktype=%d privacy=%d, RSSI=%d\n", + __func__, + ether_sprintf(bss->macaddr), ieslen, + le32toh(bss->config.dsconfig), le32toh(bss->inframode), + le32toh(bss->networktype), le32toh(bss->privacy), + le32toh(bss->rssi)); + + /* Build a fake beacon frame to let net80211 do all the parsing. */ + /* XXX TODO: just call the new scan API methods! */ + if (__predict_false(ieslen > (size_t)(MCLBYTES - sizeof(*wh)))) + return; + pktlen = sizeof(*wh) + ieslen; + m = m_get2(pktlen, M_NOWAIT, MT_DATA, M_PKTHDR); + if (__predict_false(m == NULL)) + return; + wh = mtod(m, struct ieee80211_frame *); + wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | + IEEE80211_FC0_SUBTYPE_BEACON; + wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; + USETW(wh->i_dur, 0); + IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr); + IEEE80211_ADDR_COPY(wh->i_addr2, bss->macaddr); + IEEE80211_ADDR_COPY(wh->i_addr3, bss->macaddr); + *(uint16_t *)wh->i_seq = 0; + memcpy(&wh[1], (uint8_t *)&bss[1], ieslen); + + /* Finalize mbuf. */ + m->m_pkthdr.len = m->m_len = pktlen; + + /* Set channel flags for input path */ + bzero(&rxs, sizeof(rxs)); + rxs.r_flags |= IEEE80211_R_IEEE | IEEE80211_R_FREQ; + rxs.r_flags |= IEEE80211_R_BAND; + rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; + rxs.c_ieee = le32toh(bss->config.dsconfig); + rxs.c_freq = ieee80211_ieee2mhz(rxs.c_ieee, IEEE80211_CHAN_2GHZ); + rxs.c_band = IEEE80211_CHAN_2GHZ; + /* This is a number from 0..100; so let's just divide it down a bit */ + rxs.c_rssi = le32toh(bss->rssi) / 2; + rxs.c_nf = -96; + if (ieee80211_add_rx_params(m, &rxs) == 0) + return; + + /* XXX avoid a LOR */ + RSU_UNLOCK(sc); + ieee80211_input_mimo_all(ic, m); + RSU_LOCK(sc); +} + +static void +rsu_event_join_bss(struct rsu_softc *sc, uint8_t *buf, int len) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); + struct ieee80211_node *ni = vap->iv_bss; + struct r92s_event_join_bss *rsp; + uint32_t tmp; + int res; + + if (__predict_false(len < sizeof(*rsp))) + return; + rsp = (struct r92s_event_join_bss *)buf; + res = (int)le32toh(rsp->join_res); + + RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, + "%s: Rx join BSS event len=%d res=%d\n", + __func__, len, res); + + /* + * XXX Don't do this; there's likely a better way to tell + * the caller we failed. + */ + if (res <= 0) { + RSU_UNLOCK(sc); + ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); + RSU_LOCK(sc); + return; + } + + tmp = le32toh(rsp->associd); + if (tmp >= vap->iv_max_aid) { + RSU_DPRINTF(sc, RSU_DEBUG_ANY, "Assoc ID overflow\n"); + tmp = 1; + } + RSU_DPRINTF(sc, RSU_DEBUG_STATE | RSU_DEBUG_FWCMD, + "%s: associated with %s associd=%d\n", + __func__, ether_sprintf(rsp->bss.macaddr), tmp); + /* XXX is this required? What's the top two bits for again? */ + ni->ni_associd = tmp | 0xc000; + + /* Refresh Rx filter (was changed by firmware). */ + sc->sc_vap_is_running = 1; + rsu_rxfilter_refresh(sc); + + RSU_UNLOCK(sc); + ieee80211_new_state(vap, IEEE80211_S_RUN, + IEEE80211_FC0_SUBTYPE_ASSOC_RESP); + RSU_LOCK(sc); +} + +static void +rsu_event_addba_req_report(struct rsu_softc *sc, uint8_t *buf, int len) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); + struct r92s_add_ba_event *ba = (void *) buf; + struct ieee80211_node *ni; + + if (len < sizeof(*ba)) { + device_printf(sc->sc_dev, "%s: short read (%d)\n", __func__, len); + return; + } + + if (vap == NULL) + return; + + RSU_DPRINTF(sc, RSU_DEBUG_AMPDU, "%s: mac=%s, tid=%d, ssn=%d\n", + __func__, + ether_sprintf(ba->mac_addr), + (int) ba->tid, + (int) le16toh(ba->ssn) >> 4); + + /* XXX do node lookup; this is STA specific */ + + ni = ieee80211_ref_node(vap->iv_bss); + ieee80211_ampdu_rx_start_ext(ni, ba->tid, le16toh(ba->ssn) >> 4, 32); + ieee80211_free_node(ni); +} + +static void +rsu_rx_event(struct rsu_softc *sc, uint8_t code, uint8_t *buf, int len) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); + + RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD, + "%s: Rx event code=%d len=%d\n", __func__, code, len); + switch (code) { + case R92S_EVT_SURVEY: + rsu_event_survey(sc, buf, len); + break; + case R92S_EVT_SURVEY_DONE: + RSU_DPRINTF(sc, RSU_DEBUG_SCAN, + "%s: %s scan done, found %d BSS\n", + __func__, sc->sc_extra_scan ? "direct" : "broadcast", + le32toh(*(uint32_t *)buf)); + if (sc->sc_extra_scan == 1) { + /* Send broadcast probe request. */ + sc->sc_extra_scan = 0; + if (vap != NULL && rsu_site_survey(sc, NULL) != 0) { + RSU_UNLOCK(sc); + ieee80211_cancel_scan(vap); + RSU_LOCK(sc); + } + break; + } + if (vap != NULL) { + RSU_UNLOCK(sc); + ieee80211_scan_done(vap); + RSU_LOCK(sc); + } + break; + case R92S_EVT_JOIN_BSS: + if (vap->iv_state == IEEE80211_S_AUTH) + rsu_event_join_bss(sc, buf, len); + break; + + /* TODO: what about R92S_EVT_ADD_STA? and decoding macid? */ + /* It likely is required for IBSS/AP mode */ + + /* TODO: should I be doing this transition in AP mode? */ + case R92S_EVT_DEL_STA: + RSU_DPRINTF(sc, RSU_DEBUG_FWCMD | RSU_DEBUG_STATE, + "%s: disassociated from %s\n", __func__, + ether_sprintf(buf)); + if (vap->iv_state == IEEE80211_S_RUN && + IEEE80211_ADDR_EQ(vap->iv_bss->ni_bssid, buf)) { + RSU_UNLOCK(sc); + ieee80211_new_state(vap, IEEE80211_S_SCAN, -1); + RSU_LOCK(sc); + } + break; + case R92S_EVT_WPS_PBC: + RSU_DPRINTF(sc, RSU_DEBUG_RX | RSU_DEBUG_FWCMD, + "%s: WPS PBC pushed.\n", __func__); + break; + case R92S_EVT_FWDBG: + buf[60] = '\0'; + /* TODO: some are \n terminated, some aren't, sigh */ + RSU_DPRINTF(sc, RSU_DEBUG_FWDBG, "FWDBG: %s\n", (char *)buf); + break; + case R92S_EVT_ADDBA_REQ_REPORT: + rsu_event_addba_req_report(sc, buf, len); + break; + default: + device_printf(sc->sc_dev, "%s: unhandled code (%d)\n", __func__, code); + break; + } +} + +static void +rsu_rx_multi_event(struct rsu_softc *sc, uint8_t *buf, int len) +{ + struct r92s_fw_cmd_hdr *cmd; + int cmdsz; + + RSU_DPRINTF(sc, RSU_DEBUG_RX, "%s: Rx events len=%d\n", __func__, len); + + /* Skip Rx status. */ + buf += sizeof(struct r92s_rx_stat); + len -= sizeof(struct r92s_rx_stat); + + /* Process all events. */ + for (;;) { + /* Check that command header fits. */ + if (__predict_false(len < sizeof(*cmd))) + break; + cmd = (struct r92s_fw_cmd_hdr *)buf; + /* Check that command payload fits. */ + cmdsz = le16toh(cmd->len); + if (__predict_false(len < sizeof(*cmd) + cmdsz)) + break; + + /* Process firmware event. */ + rsu_rx_event(sc, cmd->code, (uint8_t *)&cmd[1], cmdsz); + + if (!(cmd->seq & R92S_FW_CMD_MORE)) + break; + buf += sizeof(*cmd) + cmdsz; + len -= sizeof(*cmd) + cmdsz; + } +} + +static int8_t +rsu_get_rssi(struct rsu_softc *sc, int rate, void *physt) +{ + static const int8_t cckoff[] = { 14, -2, -20, -40 }; + struct r92s_rx_phystat *phy; + struct r92s_rx_cck *cck; + uint8_t rpt; + int8_t rssi; + + if (rate <= 3) { + cck = (struct r92s_rx_cck *)physt; + rpt = (cck->agc_rpt >> 6) & 0x3; + rssi = cck->agc_rpt & 0x3e; + rssi = cckoff[rpt] - rssi; + } else { /* OFDM/HT. */ + phy = (struct r92s_rx_phystat *)physt; + rssi = ((le32toh(phy->phydw1) >> 1) & 0x7f) - 106; + } + return (rssi); +} + +static struct mbuf * +rsu_rx_copy_to_mbuf(struct rsu_softc *sc, struct r92s_rx_stat *stat, + int totlen) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct mbuf *m; + uint32_t rxdw0; + int pktlen; + + rxdw0 = le32toh(stat->rxdw0); + if (__predict_false(rxdw0 & (R92S_RXDW0_CRCERR | R92S_RXDW0_ICVERR))) { + RSU_DPRINTF(sc, RSU_DEBUG_RX, + "%s: RX flags error (%s)\n", __func__, + rxdw0 & R92S_RXDW0_CRCERR ? "CRC" : "ICV"); + goto fail; + } + + pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN); + if (__predict_false(pktlen < sizeof (struct ieee80211_frame_ack))) { + RSU_DPRINTF(sc, RSU_DEBUG_RX, + "%s: frame is too short: %d\n", __func__, pktlen); + goto fail; + } + + m = m_get2(totlen, M_NOWAIT, MT_DATA, M_PKTHDR); + if (__predict_false(m == NULL)) { + device_printf(sc->sc_dev, + "%s: could not allocate RX mbuf, totlen %d\n", + __func__, totlen); + goto fail; + } + + /* Finalize mbuf. */ + memcpy(mtod(m, uint8_t *), (uint8_t *)stat, totlen); + m->m_pkthdr.len = m->m_len = totlen; + + return (m); +fail: + counter_u64_add(ic->ic_ierrors, 1); + return (NULL); +} + +static uint32_t +rsu_get_tsf_low(struct rsu_softc *sc) +{ + return (rsu_read_4(sc, R92S_TSFTR)); +} + +static uint32_t +rsu_get_tsf_high(struct rsu_softc *sc) +{ + return (rsu_read_4(sc, R92S_TSFTR + 4)); +} + +static struct ieee80211_node * +rsu_rx_frame(struct rsu_softc *sc, struct mbuf *m) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211_frame_min *wh; + struct ieee80211_rx_stats rxs; + struct r92s_rx_stat *stat; + uint32_t rxdw0, rxdw3; + uint8_t cipher, rate; + int infosz; + int rssi; + + stat = mtod(m, struct r92s_rx_stat *); + rxdw0 = le32toh(stat->rxdw0); + rxdw3 = le32toh(stat->rxdw3); + + rate = MS(rxdw3, R92S_RXDW3_RATE); + cipher = MS(rxdw0, R92S_RXDW0_CIPHER); + infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8; + + /* Get RSSI from PHY status descriptor if present. */ + if (infosz != 0 && (rxdw0 & R92S_RXDW0_PHYST)) + rssi = rsu_get_rssi(sc, rate, &stat[1]); + else { + /* Cheat and get the last calibrated RSSI */ + rssi = rsu_hwrssi_to_rssi(sc, sc->sc_currssi); + } + + /* Hardware does Rx TCP checksum offload. */ + /* + * This flag can be set for some other + * (e.g., EAPOL) frame types, so don't rely on it. + */ + if (rxdw3 & R92S_RXDW3_TCPCHKVALID) { + RSU_DPRINTF(sc, RSU_DEBUG_RX, + "%s: TCP/IP checksums: %schecked / %schecked\n", + __func__, + (rxdw3 & R92S_RXDW3_TCPCHKRPT) ? "" : "not ", + (rxdw3 & R92S_RXDW3_IPCHKRPT) ? "" : "not "); + + /* + * 'IP header checksum valid' bit will not be set if + * the frame was not checked / has incorrect checksum / + * does not have checksum (IPv6). + * + * NB: if DF bit is not set then frame will not be checked. + */ + if (rxdw3 & R92S_RXDW3_IPCHKRPT) { + m->m_pkthdr.csum_flags = CSUM_IP_CHECKED; + m->m_pkthdr.csum_flags |= CSUM_IP_VALID; + } + + /* + * This is independent of the above check. + */ + if (rxdw3 & R92S_RXDW3_TCPCHKRPT) { + m->m_pkthdr.csum_flags |= CSUM_DATA_VALID; + m->m_pkthdr.csum_flags |= CSUM_PSEUDO_HDR; + m->m_pkthdr.csum_data = 0xffff; + } + } + + /* RX flags */ + + /* Set channel flags for input path */ + bzero(&rxs, sizeof(rxs)); + + /* normal RSSI */ + rxs.r_flags |= IEEE80211_R_NF | IEEE80211_R_RSSI; + rxs.c_rssi = rssi; + rxs.c_nf = -96; + + /* Rate */ + if (rate < 12) { + rxs.c_rate = ridx2rate[rate]; + if (RSU_RATE_IS_CCK(rate)) + rxs.c_pktflags |= IEEE80211_RX_F_CCK; + else + rxs.c_pktflags |= IEEE80211_RX_F_OFDM; + } else { + rxs.c_rate = IEEE80211_RATE_MCS | (rate - 12); + rxs.c_pktflags |= IEEE80211_RX_F_HT; + } + + if (ieee80211_radiotap_active(ic)) { + struct rsu_rx_radiotap_header *tap = &sc->sc_rxtap; + + /* Map HW rate index to 802.11 rate. */ + tap->wr_flags = 0; /* TODO */ + tap->wr_tsft = rsu_get_tsf_high(sc); + if (le32toh(stat->tsf_low) > rsu_get_tsf_low(sc)) + tap->wr_tsft--; + tap->wr_tsft = (uint64_t)htole32(tap->wr_tsft) << 32; + tap->wr_tsft += stat->tsf_low; + + tap->wr_rate = rxs.c_rate; + tap->wr_dbm_antsignal = rssi; + }; + + (void) ieee80211_add_rx_params(m, &rxs); + + /* Drop descriptor. */ + m_adj(m, sizeof(*stat) + infosz); + wh = mtod(m, struct ieee80211_frame_min *); + if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) && + cipher != R92S_KEY_ALGO_NONE) { + m->m_flags |= M_WEP; + } + + RSU_DPRINTF(sc, RSU_DEBUG_RX, + "%s: Rx frame len %d, rate %d, infosz %d\n", + __func__, m->m_len, rate, infosz); + + if (m->m_len >= sizeof(*wh)) + return (ieee80211_find_rxnode(ic, wh)); + + return (NULL); +} + +static struct mbuf * +rsu_rx_multi_frame(struct rsu_softc *sc, uint8_t *buf, int len) +{ + struct r92s_rx_stat *stat; + uint32_t rxdw0; + int totlen, pktlen, infosz, npkts; + struct mbuf *m, *m0 = NULL, *prevm = NULL; + + /* + * don't pass packets to the ieee80211 framework if the driver isn't + * RUNNING. + */ + if (!sc->sc_running) + return (NULL); + + /* Get the number of encapsulated frames. */ + stat = (struct r92s_rx_stat *)buf; + npkts = MS(le32toh(stat->rxdw2), R92S_RXDW2_PKTCNT); + RSU_DPRINTF(sc, RSU_DEBUG_RX, + "%s: Rx %d frames in one chunk\n", __func__, npkts); + + /* Process all of them. */ + while (npkts-- > 0) { + if (__predict_false(len < sizeof(*stat))) + break; + stat = (struct r92s_rx_stat *)buf; + rxdw0 = le32toh(stat->rxdw0); + + pktlen = MS(rxdw0, R92S_RXDW0_PKTLEN); + if (__predict_false(pktlen == 0)) + break; + + infosz = MS(rxdw0, R92S_RXDW0_INFOSZ) * 8; + + /* Make sure everything fits in xfer. */ + totlen = sizeof(*stat) + infosz + pktlen; + if (__predict_false(totlen > len)) + break; + + /* Process 802.11 frame. */ + m = rsu_rx_copy_to_mbuf(sc, stat, totlen); + if (m0 == NULL) + m0 = m; + if (prevm == NULL) + prevm = m; + else { + prevm->m_next = m; + prevm = m; + } + /* Next chunk is 128-byte aligned. */ + totlen = (totlen + 127) & ~127; + buf += totlen; + len -= totlen; + } + + return (m0); +} + +static struct mbuf * +rsu_rxeof(struct usb_xfer *xfer, struct rsu_data *data) +{ + struct rsu_softc *sc = data->sc; + struct ieee80211com *ic = &sc->sc_ic; + struct r92s_rx_stat *stat; + int len; + + usbd_xfer_status(xfer, &len, NULL, NULL, NULL); + + if (__predict_false(len < sizeof(*stat))) { + RSU_DPRINTF(sc, RSU_DEBUG_RX, "xfer too short %d\n", len); + counter_u64_add(ic->ic_ierrors, 1); + return (NULL); + } + /* Determine if it is a firmware C2H event or an 802.11 frame. */ + stat = (struct r92s_rx_stat *)data->buf; + if ((le32toh(stat->rxdw1) & 0x1ff) == 0x1ff) { + rsu_rx_multi_event(sc, data->buf, len); + /* No packets to process. */ + return (NULL); + } else + return (rsu_rx_multi_frame(sc, data->buf, len)); +} + +static void +rsu_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) +{ + struct rsu_softc *sc = usbd_xfer_softc(xfer); + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211_node *ni; + struct mbuf *m = NULL, *next; + struct rsu_data *data; + + RSU_ASSERT_LOCKED(sc); + + switch (USB_GET_STATE(xfer)) { + case USB_ST_TRANSFERRED: + data = STAILQ_FIRST(&sc->sc_rx_active); + if (data == NULL) + goto tr_setup; + STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); + m = rsu_rxeof(xfer, data); + STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); + /* FALLTHROUGH */ + case USB_ST_SETUP: +tr_setup: + data = STAILQ_FIRST(&sc->sc_rx_inactive); + if (data == NULL) { + KASSERT(m == NULL, ("mbuf isn't NULL")); + return; + } + STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next); + STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next); + usbd_xfer_set_frame_data(xfer, 0, data->buf, + usbd_xfer_max_len(xfer)); + usbd_transfer_submit(xfer); + /* + * To avoid LOR we should unlock our private mutex here to call + * ieee80211_input() because here is at the end of a USB + * callback and safe to unlock. + */ + while (m != NULL) { + next = m->m_next; + m->m_next = NULL; + + ni = rsu_rx_frame(sc, m); + RSU_UNLOCK(sc); + + if (ni != NULL) { + if (ni->ni_flags & IEEE80211_NODE_HT) + m->m_flags |= M_AMPDU; + (void)ieee80211_input_mimo(ni, m); + ieee80211_free_node(ni); + } else + (void)ieee80211_input_mimo_all(ic, m); + + RSU_LOCK(sc); + m = next; + } + break; + default: + /* needs it to the inactive queue due to a error. */ + data = STAILQ_FIRST(&sc->sc_rx_active); + if (data != NULL) { + STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next); + STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next); + } + if (error != USB_ERR_CANCELLED) { + usbd_xfer_set_stall(xfer); + counter_u64_add(ic->ic_ierrors, 1); + goto tr_setup; + } + break; + } + +} + +static void +rsu_txeof(struct usb_xfer *xfer, struct rsu_data *data) +{ +#ifdef USB_DEBUG + struct rsu_softc *sc = usbd_xfer_softc(xfer); +#endif + + RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: called; data=%p\n", + __func__, + data); + + if (data->m) { + /* XXX status? */ + ieee80211_tx_complete(data->ni, data->m, 0); + data->m = NULL; + data->ni = NULL; + } +} + +static void +rsu_bulk_tx_callback_sub(struct usb_xfer *xfer, usb_error_t error, + uint8_t which) +{ + struct rsu_softc *sc = usbd_xfer_softc(xfer); + struct ieee80211com *ic = &sc->sc_ic; + struct rsu_data *data; + + RSU_ASSERT_LOCKED(sc); + + switch (USB_GET_STATE(xfer)) { + case USB_ST_TRANSFERRED: + data = STAILQ_FIRST(&sc->sc_tx_active[which]); + if (data == NULL) + goto tr_setup; + RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, "%s: transfer done %p\n", + __func__, data); + STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next); + rsu_txeof(xfer, data); + rsu_freebuf(sc, data); + /* FALLTHROUGH */ + case USB_ST_SETUP: +tr_setup: + data = STAILQ_FIRST(&sc->sc_tx_pending[which]); + if (data == NULL) { + RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, + "%s: empty pending queue sc %p\n", __func__, sc); + return; + } + STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next); + STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next); + usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen); + RSU_DPRINTF(sc, RSU_DEBUG_TXDONE, + "%s: submitting transfer %p\n", + __func__, + data); + usbd_transfer_submit(xfer); + break; + default: + data = STAILQ_FIRST(&sc->sc_tx_active[which]); + if (data != NULL) { + STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next); + rsu_txeof(xfer, data); + rsu_freebuf(sc, data); + } + counter_u64_add(ic->ic_oerrors, 1); + + if (error != USB_ERR_CANCELLED) { + usbd_xfer_set_stall(xfer); + goto tr_setup; + } + break; + } + + /* + * XXX TODO: if the queue is low, flush out FF TX frames. + * Remember to unlock the driver for now; net80211 doesn't + * defer it for us. + */ +} + +static void +rsu_bulk_tx_callback_be_bk(struct usb_xfer *xfer, usb_error_t error) +{ + struct rsu_softc *sc = usbd_xfer_softc(xfer); + + rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_BE_BK); + + /* This kicks the TX taskqueue */ + rsu_start(sc); +} + +static void +rsu_bulk_tx_callback_vi_vo(struct usb_xfer *xfer, usb_error_t error) +{ + struct rsu_softc *sc = usbd_xfer_softc(xfer); + + rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_VI_VO); + + /* This kicks the TX taskqueue */ + rsu_start(sc); +} + +static void +rsu_bulk_tx_callback_h2c(struct usb_xfer *xfer, usb_error_t error) +{ + struct rsu_softc *sc = usbd_xfer_softc(xfer); + + rsu_bulk_tx_callback_sub(xfer, error, RSU_BULK_TX_H2C); + + /* This kicks the TX taskqueue */ + rsu_start(sc); +} + +/* + * Transmit the given frame. + * + * This doesn't free the node or mbuf upon failure. + */ +static int +rsu_tx_start(struct rsu_softc *sc, struct ieee80211_node *ni, + struct mbuf *m0, struct rsu_data *data) +{ + const struct ieee80211_txparam *tp = ni->ni_txparms; + struct ieee80211vap *vap = ni->ni_vap; + struct ieee80211_frame *wh; + struct ieee80211_key *k = NULL; + struct r92s_tx_desc *txd; + uint8_t rate, ridx, type, cipher, qos; + int prio = 0; + uint8_t which; + int hasqos; + int ismcast; + int xferlen; + int qid; + + RSU_ASSERT_LOCKED(sc); + + wh = mtod(m0, struct ieee80211_frame *); + type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; + ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); + + RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: data=%p, m=%p\n", + __func__, data, m0); + + /* Choose a TX rate index. */ + if (type == IEEE80211_FC0_TYPE_MGT || + type == IEEE80211_FC0_TYPE_CTL || + (m0->m_flags & M_EAPOL) != 0) + rate = tp->mgmtrate; + else if (ismcast) + rate = tp->mcastrate; + else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) + rate = tp->ucastrate; + else + rate = 0; + + if (rate != 0) + ridx = rate2ridx(rate); + + /* Assign sequence number, A-MPDU or otherwise */ + ieee80211_output_seqno_assign(ni, -1, m0); + + if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { + k = ieee80211_crypto_encap(ni, m0); + if (k == NULL) { + device_printf(sc->sc_dev, + "ieee80211_crypto_encap returns NULL.\n"); + /* XXX we don't expect the fragmented frames */ + return (ENOBUFS); + } + wh = mtod(m0, struct ieee80211_frame *); + } + /* If we have QoS then use it */ + /* XXX TODO: mbuf WME/PRI versus TID? */ + if (IEEE80211_QOS_HAS_SEQ(wh)) { + /* Has QoS */ + prio = M_WME_GETAC(m0); + which = rsu_wme_ac_xfer_map[prio]; + hasqos = 1; + qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; + } else { + /* Non-QoS TID */ + /* XXX TODO: tid=0 for non-qos TID? */ + which = rsu_wme_ac_xfer_map[WME_AC_BE]; + hasqos = 0; + prio = 0; + qos = 0; + } + + qid = rsu_ac2qid[prio]; +#if 0 + switch (type) { + case IEEE80211_FC0_TYPE_CTL: + case IEEE80211_FC0_TYPE_MGT: + which = rsu_wme_ac_xfer_map[WME_AC_VO]; + break; + default: + which = rsu_wme_ac_xfer_map[M_WME_GETAC(m0)]; + break; + } + hasqos = 0; +#endif + + RSU_DPRINTF(sc, RSU_DEBUG_TX, "%s: pri=%d, which=%d, hasqos=%d\n", + __func__, + prio, + which, + hasqos); + + /* Fill Tx descriptor. */ + txd = (struct r92s_tx_desc *)data->buf; + memset(txd, 0, sizeof(*txd)); + + txd->txdw0 |= htole32( + SM(R92S_TXDW0_PKTLEN, m0->m_pkthdr.len) | + SM(R92S_TXDW0_OFFSET, sizeof(*txd)) | + R92S_TXDW0_OWN | R92S_TXDW0_FSG | R92S_TXDW0_LSG); + + /* TODO: correct macid here? It should be in the node */ + txd->txdw1 |= htole32( + SM(R92S_TXDW1_MACID, R92S_MACID_BSS) | SM(R92S_TXDW1_QSEL, qid)); + + if (!hasqos) + txd->txdw1 |= htole32(R92S_TXDW1_NONQOS); + if (k != NULL && !(k->wk_flags & IEEE80211_KEY_SWENCRYPT)) { + switch (k->wk_cipher->ic_cipher) { + case IEEE80211_CIPHER_WEP: + cipher = R92S_TXDW1_CIPHER_WEP; + break; + case IEEE80211_CIPHER_TKIP: + cipher = R92S_TXDW1_CIPHER_TKIP; + break; + case IEEE80211_CIPHER_AES_CCM: + cipher = R92S_TXDW1_CIPHER_AES; + break; + default: + cipher = R92S_TXDW1_CIPHER_NONE; + } + txd->txdw1 |= htole32( + SM(R92S_TXDW1_CIPHER, cipher) | + SM(R92S_TXDW1_KEYIDX, k->wk_keyix)); + } + + /* + * Note: no need to set TXDW2_AGGEN/TXDW2_BK to mark + * A-MPDU and non-AMPDU candidates; the firmware will + * handle this for us. + */ + + if (ismcast) + txd->txdw2 |= htole32(R92S_TXDW2_BMCAST); + + if (!ismcast && (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != + IEEE80211_QOS_ACKPOLICY_NOACK)) { + txd->txdw2 |= htole32(R92S_TXDW2_RTY_LMT_ENA); + txd->txdw2 |= htole32(SM(R92S_TXDW2_RTY_LMT, tp->maxretry)); + } + + /* Force mgmt / mcast / ucast rate if needed. */ + if (rate != 0) { + /* Data rate fallback limit (max). */ + txd->txdw5 |= htole32(SM(R92S_TXDW5_DATARATE_FB_LMT, 0x1f)); + txd->txdw5 |= htole32(SM(R92S_TXDW5_DATARATE, ridx)); + txd->txdw4 |= htole32(R92S_TXDW4_DRVRATE); + } + + /* + * Pass in prio here, NOT the sequence number. + * + * The hardware is in theory incrementing sequence numbers + * for us, but I haven't yet figured out exactly when/how + * it's supposed to work. + */ + txd->txdw3 |= htole32(SM(R92S_TXDW3_SEQ, prio)); + + if (ieee80211_radiotap_active_vap(vap)) { + struct rsu_tx_radiotap_header *tap = &sc->sc_txtap; + + tap->wt_flags = 0; + ieee80211_radiotap_tx(vap, m0); + } + + xferlen = sizeof(*txd) + m0->m_pkthdr.len; + KASSERT(xferlen <= RSU_TXBUFSZ, ("%s: invalid length", __func__)); + m_copydata(m0, 0, m0->m_pkthdr.len, (caddr_t)&txd[1]); + + data->buflen = xferlen; + data->ni = ni; + data->m = m0; + STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); + + /* start transfer, if any */ + usbd_transfer_start(sc->sc_xfer[which]); + return (0); +} + +static int +rsu_transmit(struct ieee80211com *ic, struct mbuf *m) +{ + struct rsu_softc *sc = ic->ic_softc; + int error; + + RSU_LOCK(sc); + if (!sc->sc_running) { + RSU_UNLOCK(sc); + return (ENXIO); + } + + /* + * XXX TODO: ensure that we treat 'm' as a list of frames + * to transmit! + */ + error = mbufq_enqueue(&sc->sc_snd, m); + if (error) { + RSU_DPRINTF(sc, RSU_DEBUG_TX, + "%s: mbufq_enable: failed (%d)\n", + __func__, + error); + RSU_UNLOCK(sc); + return (error); + } + RSU_UNLOCK(sc); + + /* This kicks the TX taskqueue */ + rsu_start(sc); + + return (0); +} + +static void +rsu_drain_mbufq(struct rsu_softc *sc) +{ + struct mbuf *m; + struct ieee80211_node *ni; + + RSU_ASSERT_LOCKED(sc); + while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { + ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; + m->m_pkthdr.rcvif = NULL; + ieee80211_free_node(ni); + m_freem(m); + } +} + +static void +_rsu_start(struct rsu_softc *sc) +{ + struct ieee80211_node *ni; + struct rsu_data *bf; + struct mbuf *m; + + RSU_ASSERT_LOCKED(sc); + + while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { + bf = rsu_getbuf(sc); + if (bf == NULL) { + RSU_DPRINTF(sc, RSU_DEBUG_TX, + "%s: failed to get buffer\n", __func__); + mbufq_prepend(&sc->sc_snd, m); + break; + } + + ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; + m->m_pkthdr.rcvif = NULL; + + if (rsu_tx_start(sc, ni, m, bf) != 0) { + RSU_DPRINTF(sc, RSU_DEBUG_TX, + "%s: failed to transmit\n", __func__); + if_inc_counter(ni->ni_vap->iv_ifp, + IFCOUNTER_OERRORS, 1); + rsu_freebuf(sc, bf); + ieee80211_free_node(ni); + m_freem(m); + break; + } + } +} + +static void +rsu_start(struct rsu_softc *sc) +{ + + taskqueue_enqueue(taskqueue_thread, &sc->tx_task); +} + +static int +rsu_ioctl_net(struct ieee80211com *ic, u_long cmd, void *data) +{ + struct rsu_softc *sc = ic->ic_softc; + struct ifreq *ifr = (struct ifreq *)data; + int error; + + error = 0; + switch (cmd) { + case SIOCSIFCAP: + { + struct ieee80211vap *vap; + int rxmask; + + rxmask = ifr->ifr_reqcap & (IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6); + + RSU_LOCK(sc); + /* Both RXCSUM bits must be set (or unset). */ + if (sc->sc_rx_checksum_enable && + rxmask != (IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6)) { + rxmask = 0; + sc->sc_rx_checksum_enable = 0; + rsu_rxfilter_set(sc, R92S_RCR_TCP_OFFLD_EN, 0); + } else if (!sc->sc_rx_checksum_enable && rxmask != 0) { + rxmask = IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6; + sc->sc_rx_checksum_enable = 1; + rsu_rxfilter_set(sc, 0, R92S_RCR_TCP_OFFLD_EN); + } else { + /* Nothing to do. */ + RSU_UNLOCK(sc); + break; + } + RSU_UNLOCK(sc); + + IEEE80211_LOCK(ic); /* XXX */ + TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { + if_t ifp = vap->iv_ifp; + + if_setcapenablebit(ifp, 0, + IFCAP_RXCSUM | IFCAP_RXCSUM_IPV6); + if_setcapenablebit(ifp, rxmask, 0); + } + IEEE80211_UNLOCK(ic); + break; + } + default: + error = ENOTTY; /* for net80211 */ + break; + } + + return (error); +} + +static void +rsu_parent(struct ieee80211com *ic) +{ + struct rsu_softc *sc = ic->ic_softc; + + if (ic->ic_nrunning > 0) { + if (rsu_init(sc) == 0) + ieee80211_start_all(ic); + else { + struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); + if (vap != NULL) + ieee80211_stop(vap); + } + } else + rsu_stop(sc); +} + +/* + * Power on sequence for A-cut adapters. + */ +static void +rsu_power_on_acut(struct rsu_softc *sc) +{ + uint32_t reg; + + rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53); + rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57); + + /* Enable AFE macro block's bandgap and Mbias. */ + rsu_write_1(sc, R92S_AFE_MISC, + rsu_read_1(sc, R92S_AFE_MISC) | + R92S_AFE_MISC_BGEN | R92S_AFE_MISC_MBEN); + /* Enable LDOA15 block. */ + rsu_write_1(sc, R92S_LDOA15_CTRL, + rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN); + + rsu_write_1(sc, R92S_SPS1_CTRL, + rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_LDEN); + rsu_ms_delay(sc, 2000); + /* Enable switch regulator block. */ + rsu_write_1(sc, R92S_SPS1_CTRL, + rsu_read_1(sc, R92S_SPS1_CTRL) | R92S_SPS1_SWEN); + + rsu_write_4(sc, R92S_SPS1_CTRL, 0x00a7b267); + + rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, + rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08); + + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, + rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20); + + rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, + rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x90); + + /* Enable AFE clock. */ + rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1, + rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04); + /* Enable AFE PLL macro block. */ + rsu_write_1(sc, R92S_AFE_PLL_CTRL, + rsu_read_1(sc, R92S_AFE_PLL_CTRL) | 0x11); + /* Attach AFE PLL to MACTOP/BB. */ + rsu_write_1(sc, R92S_SYS_ISO_CTRL, + rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11); + + /* Switch to 40MHz clock instead of 80MHz. */ + rsu_write_2(sc, R92S_SYS_CLKR, + rsu_read_2(sc, R92S_SYS_CLKR) & ~R92S_SYS_CLKSEL); + + /* Enable MAC clock. */ + rsu_write_2(sc, R92S_SYS_CLKR, + rsu_read_2(sc, R92S_SYS_CLKR) | + R92S_MAC_CLK_EN | R92S_SYS_CLK_EN); + + rsu_write_1(sc, R92S_PMC_FSM, 0x02); + + /* Enable digital core and IOREG R/W. */ + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, + rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08); + + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, + rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80); + + /* Switch the control path to firmware. */ + reg = rsu_read_2(sc, R92S_SYS_CLKR); + reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL; + rsu_write_2(sc, R92S_SYS_CLKR, reg); + + rsu_write_2(sc, R92S_CR, 0x37fc); + + /* Fix USB RX FIFO issue. */ + rsu_write_1(sc, 0xfe5c, + rsu_read_1(sc, 0xfe5c) | 0x80); + rsu_write_1(sc, 0x00ab, + rsu_read_1(sc, 0x00ab) | 0xc0); + + rsu_write_1(sc, R92S_SYS_CLKR, + rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL); +} + +/* + * Power on sequence for B-cut and C-cut adapters. + */ +static void +rsu_power_on_bcut(struct rsu_softc *sc) +{ + uint32_t reg; + int ntries; + + /* Prevent eFuse leakage. */ + rsu_write_1(sc, 0x37, 0xb0); + rsu_ms_delay(sc, 10); + rsu_write_1(sc, 0x37, 0x30); + + /* Switch the control path to hardware. */ + reg = rsu_read_2(sc, R92S_SYS_CLKR); + if (reg & R92S_FWHW_SEL) { + rsu_write_2(sc, R92S_SYS_CLKR, + reg & ~(R92S_SWHW_SEL | R92S_FWHW_SEL)); + } + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, + rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) & ~0x8c); + rsu_ms_delay(sc, 1); + + rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x53); + rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x57); + + reg = rsu_read_1(sc, R92S_AFE_MISC); + rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN); + rsu_write_1(sc, R92S_AFE_MISC, reg | R92S_AFE_MISC_BGEN | + R92S_AFE_MISC_MBEN | R92S_AFE_MISC_I32_EN); + + /* Enable PLL. */ + rsu_write_1(sc, R92S_LDOA15_CTRL, + rsu_read_1(sc, R92S_LDOA15_CTRL) | R92S_LDA15_EN); + + rsu_write_1(sc, R92S_LDOV12D_CTRL, + rsu_read_1(sc, R92S_LDOV12D_CTRL) | R92S_LDV12_EN); + + rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, + rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) | 0x08); + + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, + rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x20); + + /* Support 64KB IMEM. */ + rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, + rsu_read_1(sc, R92S_SYS_ISO_CTRL + 1) & ~0x97); + + /* Enable AFE clock. */ + rsu_write_1(sc, R92S_AFE_XTAL_CTRL + 1, + rsu_read_1(sc, R92S_AFE_XTAL_CTRL + 1) & ~0x04); + /* Enable AFE PLL macro block. */ + reg = rsu_read_1(sc, R92S_AFE_PLL_CTRL); + rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11); + rsu_ms_delay(sc, 1); + rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x51); + rsu_ms_delay(sc, 1); + rsu_write_1(sc, R92S_AFE_PLL_CTRL, reg | 0x11); + rsu_ms_delay(sc, 1); + + /* Attach AFE PLL to MACTOP/BB. */ + rsu_write_1(sc, R92S_SYS_ISO_CTRL, + rsu_read_1(sc, R92S_SYS_ISO_CTRL) & ~0x11); + + /* Switch to 40MHz clock. */ + rsu_write_1(sc, R92S_SYS_CLKR, 0x00); + /* Disable CPU clock and 80MHz SSC. */ + rsu_write_1(sc, R92S_SYS_CLKR, + rsu_read_1(sc, R92S_SYS_CLKR) | 0xa0); + /* Enable MAC clock. */ + rsu_write_2(sc, R92S_SYS_CLKR, + rsu_read_2(sc, R92S_SYS_CLKR) | + R92S_MAC_CLK_EN | R92S_SYS_CLK_EN); + + rsu_write_1(sc, R92S_PMC_FSM, 0x02); + + /* Enable digital core and IOREG R/W. */ + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, + rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x08); + + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, + rsu_read_1(sc, R92S_SYS_FUNC_EN + 1) | 0x80); + + /* Switch the control path to firmware. */ + reg = rsu_read_2(sc, R92S_SYS_CLKR); + reg = (reg & ~R92S_SWHW_SEL) | R92S_FWHW_SEL; + rsu_write_2(sc, R92S_SYS_CLKR, reg); + + rsu_write_2(sc, R92S_CR, 0x37fc); + + /* Fix USB RX FIFO issue. */ + rsu_write_1(sc, 0xfe5c, + rsu_read_1(sc, 0xfe5c) | 0x80); + + rsu_write_1(sc, R92S_SYS_CLKR, + rsu_read_1(sc, R92S_SYS_CLKR) & ~R92S_SYS_CPU_CLKSEL); + + rsu_write_1(sc, 0xfe1c, 0x80); + + /* Make sure TxDMA is ready to download firmware. */ + for (ntries = 0; ntries < 20; ntries++) { + reg = rsu_read_1(sc, R92S_TCR); + if ((reg & (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) == + (R92S_TCR_IMEM_CHK_RPT | R92S_TCR_EMEM_CHK_RPT)) + break; + rsu_ms_delay(sc, 1); + } + if (ntries == 20) { + RSU_DPRINTF(sc, RSU_DEBUG_RESET | RSU_DEBUG_TX, + "%s: TxDMA is not ready\n", + __func__); + /* Reset TxDMA. */ + reg = rsu_read_1(sc, R92S_CR); + rsu_write_1(sc, R92S_CR, reg & ~R92S_CR_TXDMA_EN); + rsu_ms_delay(sc, 1); + rsu_write_1(sc, R92S_CR, reg | R92S_CR_TXDMA_EN); + } +} + +static void +rsu_power_off(struct rsu_softc *sc) +{ + /* Turn RF off. */ + rsu_write_1(sc, R92S_RF_CTRL, 0x00); + rsu_ms_delay(sc, 5); + + /* Turn MAC off. */ + /* Switch control path. */ + rsu_write_1(sc, R92S_SYS_CLKR + 1, 0x38); + /* Reset MACTOP. */ + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x70); + rsu_write_1(sc, R92S_PMC_FSM, 0x06); + rsu_write_1(sc, R92S_SYS_ISO_CTRL + 0, 0xf9); + rsu_write_1(sc, R92S_SYS_ISO_CTRL + 1, 0xe8); + + /* Disable AFE PLL. */ + rsu_write_1(sc, R92S_AFE_PLL_CTRL, 0x00); + /* Disable A15V. */ + rsu_write_1(sc, R92S_LDOA15_CTRL, 0x54); + /* Disable eFuse 1.2V. */ + rsu_write_1(sc, R92S_SYS_FUNC_EN + 1, 0x50); + rsu_write_1(sc, R92S_LDOV12D_CTRL, 0x24); + /* Enable AFE macro block's bandgap and Mbias. */ + rsu_write_1(sc, R92S_AFE_MISC, 0x30); + /* Disable 1.6V LDO. */ + rsu_write_1(sc, R92S_SPS0_CTRL + 0, 0x56); + rsu_write_1(sc, R92S_SPS0_CTRL + 1, 0x43); + + /* Firmware - tell it to switch things off */ + (void) rsu_set_fw_power_state(sc, RSU_PWR_OFF); +} + +static int +rsu_fw_loadsection(struct rsu_softc *sc, const uint8_t *buf, int len) +{ + const uint8_t which = rsu_wme_ac_xfer_map[WME_AC_VO]; + struct rsu_data *data; + struct r92s_tx_desc *txd; + int mlen; + + while (len > 0) { + data = rsu_getbuf(sc); + if (data == NULL) + return (ENOMEM); + txd = (struct r92s_tx_desc *)data->buf; + memset(txd, 0, sizeof(*txd)); + if (len <= RSU_TXBUFSZ - sizeof(*txd)) { + /* Last chunk. */ + txd->txdw0 |= htole32(R92S_TXDW0_LINIP); + mlen = len; + } else + mlen = RSU_TXBUFSZ - sizeof(*txd); + txd->txdw0 |= htole32(SM(R92S_TXDW0_PKTLEN, mlen)); + memcpy(&txd[1], buf, mlen); + data->buflen = sizeof(*txd) + mlen; + RSU_DPRINTF(sc, RSU_DEBUG_TX | RSU_DEBUG_FW | RSU_DEBUG_RESET, + "%s: starting transfer %p\n", + __func__, data); + STAILQ_INSERT_TAIL(&sc->sc_tx_pending[which], data, next); + buf += mlen; + len -= mlen; + } + usbd_transfer_start(sc->sc_xfer[which]); + return (0); +} + +CTASSERT(sizeof(size_t) >= sizeof(uint32_t)); + +static int +rsu_load_firmware(struct rsu_softc *sc) +{ + const struct r92s_fw_hdr *hdr; + struct r92s_fw_priv dmem; + struct ieee80211com *ic = &sc->sc_ic; + const uint8_t *imem, *emem; + uint32_t imemsz, ememsz; + const struct firmware *fw; + size_t size; + uint32_t reg; + int ntries, error; + + if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY) { + RSU_DPRINTF(sc, RSU_DEBUG_ANY, + "%s: Firmware already loaded\n", + __func__); + return (0); + } + + RSU_UNLOCK(sc); + /* Read firmware image from the filesystem. */ + if ((fw = firmware_get("rsu-rtl8712fw")) == NULL) { + device_printf(sc->sc_dev, + "%s: failed load firmware of file rsu-rtl8712fw\n", + __func__); + RSU_LOCK(sc); + return (ENXIO); + } + RSU_LOCK(sc); + size = fw->datasize; + if (size < sizeof(*hdr)) { + device_printf(sc->sc_dev, "firmware too short\n"); + error = EINVAL; + goto fail; + } + hdr = (const struct r92s_fw_hdr *)fw->data; + if (hdr->signature != htole16(0x8712) && + hdr->signature != htole16(0x8192)) { + device_printf(sc->sc_dev, + "invalid firmware signature 0x%x\n", + le16toh(hdr->signature)); + error = EINVAL; + goto fail; + } + RSU_DPRINTF(sc, RSU_DEBUG_FW, "FW V%d %02x-%02x %02x:%02x\n", + le16toh(hdr->version), hdr->month, hdr->day, hdr->hour, + hdr->minute); + + /* Make sure that driver and firmware are in sync. */ + if (hdr->privsz != htole32(sizeof(dmem))) { + device_printf(sc->sc_dev, "unsupported firmware image\n"); + error = EINVAL; + goto fail; + } + /* Get FW sections sizes. */ + imemsz = le32toh(hdr->imemsz); + ememsz = le32toh(hdr->sramsz); + /* Check that all FW sections fit in image. */ + if (imemsz > (size_t)(size - sizeof(*hdr)) || + ememsz > (size_t)(size - sizeof(*hdr) - imemsz)) { + device_printf(sc->sc_dev, "firmware too short\n"); + error = EINVAL; + goto fail; + } + imem = (const uint8_t *)&hdr[1]; + emem = imem + imemsz; + + /* Load IMEM section. */ + error = rsu_fw_loadsection(sc, imem, imemsz); + if (error != 0) { + device_printf(sc->sc_dev, + "could not load firmware section %s\n", "IMEM"); + goto fail; + } + /* Wait for load to complete. */ + for (ntries = 0; ntries != 50; ntries++) { + rsu_ms_delay(sc, 10); + reg = rsu_read_1(sc, R92S_TCR); + if (reg & R92S_TCR_IMEM_CODE_DONE) + break; + } + if (ntries == 50) { + device_printf(sc->sc_dev, "timeout waiting for IMEM transfer\n"); + error = ETIMEDOUT; + goto fail; + } + /* Load EMEM section. */ + error = rsu_fw_loadsection(sc, emem, ememsz); + if (error != 0) { + device_printf(sc->sc_dev, + "could not load firmware section %s\n", "EMEM"); + goto fail; + } + /* Wait for load to complete. */ + for (ntries = 0; ntries != 50; ntries++) { + rsu_ms_delay(sc, 10); + reg = rsu_read_2(sc, R92S_TCR); + if (reg & R92S_TCR_EMEM_CODE_DONE) + break; + } + if (ntries == 50) { + device_printf(sc->sc_dev, "timeout waiting for EMEM transfer\n"); + error = ETIMEDOUT; + goto fail; + } + /* Enable CPU. */ + rsu_write_1(sc, R92S_SYS_CLKR, + rsu_read_1(sc, R92S_SYS_CLKR) | R92S_SYS_CPU_CLKSEL); + if (!(rsu_read_1(sc, R92S_SYS_CLKR) & R92S_SYS_CPU_CLKSEL)) { + device_printf(sc->sc_dev, "could not enable system clock\n"); + error = EIO; + goto fail; + } + rsu_write_2(sc, R92S_SYS_FUNC_EN, + rsu_read_2(sc, R92S_SYS_FUNC_EN) | R92S_FEN_CPUEN); + if (!(rsu_read_2(sc, R92S_SYS_FUNC_EN) & R92S_FEN_CPUEN)) { + device_printf(sc->sc_dev, + "could not enable microcontroller\n"); + error = EIO; + goto fail; + } + /* Wait for CPU to initialize. */ + for (ntries = 0; ntries < 100; ntries++) { + if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_IMEM_RDY) + break; + rsu_ms_delay(sc, 1); + } + if (ntries == 100) { + device_printf(sc->sc_dev, + "timeout waiting for microcontroller\n"); + error = ETIMEDOUT; + goto fail; + } + + /* Update DMEM section before loading. */ + memset(&dmem, 0, sizeof(dmem)); + dmem.hci_sel = R92S_HCI_SEL_USB | R92S_HCI_SEL_8172; + dmem.nendpoints = sc->sc_nendpoints; + dmem.chip_version = sc->cut; + dmem.rf_config = sc->sc_rftype; + dmem.vcs_type = R92S_VCS_TYPE_AUTO; + dmem.vcs_mode = R92S_VCS_MODE_RTS_CTS; + dmem.turbo_mode = 0; + dmem.bw40_en = !! (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40); + /* net80211 handles AMSDUs just fine */ + dmem.amsdu2ampdu_en = 0; + dmem.ampdu_en = !! (sc->sc_ht); + dmem.agg_offload = !! (sc->sc_ht); + dmem.qos_en = 1; + dmem.ps_offload = 1; + dmem.lowpower_mode = 1; /* XXX TODO: configurable? */ + /* Load DMEM section. */ + error = rsu_fw_loadsection(sc, (uint8_t *)&dmem, sizeof(dmem)); + if (error != 0) { + device_printf(sc->sc_dev, + "could not load firmware section %s\n", "DMEM"); + goto fail; + } + /* Wait for load to complete. */ + for (ntries = 0; ntries < 100; ntries++) { + if (rsu_read_1(sc, R92S_TCR) & R92S_TCR_DMEM_CODE_DONE) + break; + rsu_ms_delay(sc, 1); + } + if (ntries == 100) { + device_printf(sc->sc_dev, "timeout waiting for %s transfer\n", + "DMEM"); + error = ETIMEDOUT; + goto fail; + } + /* Wait for firmware readiness. */ + for (ntries = 0; ntries < 60; ntries++) { + if (!(rsu_read_1(sc, R92S_TCR) & R92S_TCR_FWRDY)) + break; + rsu_ms_delay(sc, 1); + } + if (ntries == 60) { + device_printf(sc->sc_dev, + "timeout waiting for firmware readiness\n"); + error = ETIMEDOUT; + goto fail; + } + fail: + firmware_put(fw, FIRMWARE_UNLOAD); + return (error); +} + +static int +rsu_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, + const struct ieee80211_bpf_params *params) +{ + struct ieee80211com *ic = ni->ni_ic; + struct rsu_softc *sc = ic->ic_softc; + struct rsu_data *bf; + + /* prevent management frames from being sent if we're not ready */ + if (!sc->sc_running) { + m_freem(m); + return (ENETDOWN); + } + RSU_LOCK(sc); + bf = rsu_getbuf(sc); + if (bf == NULL) { + m_freem(m); + RSU_UNLOCK(sc); + return (ENOBUFS); + } + if (rsu_tx_start(sc, ni, m, bf) != 0) { + m_freem(m); + rsu_freebuf(sc, bf); + RSU_UNLOCK(sc); + return (EIO); + } + RSU_UNLOCK(sc); + + return (0); +} + +static void +rsu_rxfilter_init(struct rsu_softc *sc) +{ + uint32_t reg; + + RSU_ASSERT_LOCKED(sc); + + /* Setup multicast filter. */ + rsu_set_multi(sc); + + /* Adjust Rx filter. */ + reg = rsu_read_4(sc, R92S_RCR); + reg &= ~R92S_RCR_AICV; + reg |= R92S_RCR_APP_PHYSTS; + if (sc->sc_rx_checksum_enable) + reg |= R92S_RCR_TCP_OFFLD_EN; + rsu_write_4(sc, R92S_RCR, reg); + + /* Update dynamic Rx filter parts. */ + rsu_rxfilter_refresh(sc); +} + +static void +rsu_rxfilter_set(struct rsu_softc *sc, uint32_t clear, uint32_t set) +{ + /* NB: firmware can touch this register too. */ + rsu_write_4(sc, R92S_RCR, + (rsu_read_4(sc, R92S_RCR) & ~clear) | set); +} + +static void +rsu_rxfilter_refresh(struct rsu_softc *sc) +{ + struct ieee80211com *ic = &sc->sc_ic; + uint32_t mask_all, mask_min; + + RSU_ASSERT_LOCKED(sc); + + /* NB: RCR_AMF / RXFLTMAP_MGT are used by firmware. */ + mask_all = R92S_RCR_ACF | R92S_RCR_AAP; + mask_min = R92S_RCR_APM; + if (sc->sc_vap_is_running) + mask_min |= R92S_RCR_CBSSID; + else + mask_all |= R92S_RCR_ADF; + + if (ic->ic_opmode == IEEE80211_M_MONITOR) { + uint16_t rxfltmap; + if (sc->sc_vap_is_running) + rxfltmap = 0; + else + rxfltmap = R92S_RXFLTMAP_MGT_DEF; + rsu_write_2(sc, R92S_RXFLTMAP_MGT, rxfltmap); + } + + if (ic->ic_promisc == 0 && ic->ic_opmode != IEEE80211_M_MONITOR) + rsu_rxfilter_set(sc, mask_all, mask_min); + else + rsu_rxfilter_set(sc, mask_min, mask_all); +} + +static int +rsu_init(struct rsu_softc *sc) +{ + struct ieee80211com *ic = &sc->sc_ic; + struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); + uint8_t macaddr[IEEE80211_ADDR_LEN]; + int error; + int i; + + RSU_LOCK(sc); + + if (sc->sc_running) { + RSU_UNLOCK(sc); + return (0); + } + + /* Ensure the mbuf queue is drained */ + rsu_drain_mbufq(sc); + + /* Reset power management state. */ + rsu_write_1(sc, R92S_USB_HRPWM, 0); + + /* Power on adapter. */ + if (sc->cut == 1) + rsu_power_on_acut(sc); + else + rsu_power_on_bcut(sc); + + /* Load firmware. */ + error = rsu_load_firmware(sc); + if (error != 0) + goto fail; + + rsu_write_4(sc, R92S_CR, + rsu_read_4(sc, R92S_CR) & ~0xff000000); + + /* Use 128 bytes pages. */ + rsu_write_1(sc, 0x00b5, + rsu_read_1(sc, 0x00b5) | 0x01); + /* Enable USB Rx aggregation. */ + rsu_write_1(sc, 0x00bd, + rsu_read_1(sc, 0x00bd) | 0x80); + /* Set USB Rx aggregation threshold. */ + rsu_write_1(sc, 0x00d9, 0x01); + /* Set USB Rx aggregation timeout (1.7ms/4). */ + rsu_write_1(sc, 0xfe5b, 0x04); + /* Fix USB Rx FIFO issue. */ + rsu_write_1(sc, 0xfe5c, + rsu_read_1(sc, 0xfe5c) | 0x80); + + /* Set MAC address. */ + IEEE80211_ADDR_COPY(macaddr, vap ? vap->iv_myaddr : ic->ic_macaddr); + rsu_write_region_1(sc, R92S_MACID, macaddr, IEEE80211_ADDR_LEN); + + /* It really takes 1.5 seconds for the firmware to boot: */ + usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(2000)); + + RSU_DPRINTF(sc, RSU_DEBUG_RESET, "%s: setting MAC address to %s\n", + __func__, + ether_sprintf(macaddr)); + error = rsu_fw_cmd(sc, R92S_CMD_SET_MAC_ADDRESS, macaddr, + IEEE80211_ADDR_LEN); + if (error != 0) { + device_printf(sc->sc_dev, "could not set MAC address\n"); + goto fail; + } + + /* Initialize Rx filter. */ + rsu_rxfilter_init(sc); + + /* Set PS mode fully active */ + error = rsu_set_fw_power_state(sc, RSU_PWR_ACTIVE); + if (error != 0) { + device_printf(sc->sc_dev, "could not set PS mode\n"); + goto fail; + } + + /* Install static keys (if any). */ + error = rsu_reinit_static_keys(sc); + if (error != 0) + goto fail; + + sc->sc_extra_scan = 0; + usbd_transfer_start(sc->sc_xfer[RSU_BULK_RX]); + + /* We're ready to go. */ + sc->sc_running = 1; + RSU_UNLOCK(sc); + + return (0); +fail: + /* Need to stop all failed transfers, if any */ + for (i = 0; i != RSU_N_TRANSFER; i++) + usbd_transfer_stop(sc->sc_xfer[i]); + RSU_UNLOCK(sc); + + return (error); +} + +static void +rsu_stop(struct rsu_softc *sc) +{ + int i; + + RSU_LOCK(sc); + if (!sc->sc_running) { + RSU_UNLOCK(sc); + return; + } + + sc->sc_running = 0; + sc->sc_vap_is_running = 0; + sc->sc_calibrating = 0; + taskqueue_cancel_timeout(taskqueue_thread, &sc->calib_task, NULL); + taskqueue_cancel(taskqueue_thread, &sc->tx_task, NULL); + + /* Power off adapter. */ + rsu_power_off(sc); + + /* + * CAM is not accessible after shutdown; + * all entries are marked (by firmware?) as invalid. + */ + memset(sc->free_keys_bmap, 0, sizeof(sc->free_keys_bmap)); + memset(sc->keys_bmap, 0, sizeof(sc->keys_bmap)); + + for (i = 0; i < RSU_N_TRANSFER; i++) + usbd_transfer_stop(sc->sc_xfer[i]); + + /* Ensure the mbuf queue is drained */ + rsu_drain_mbufq(sc); + RSU_UNLOCK(sc); +} + +/* + * Note: usb_pause_mtx() actually releases the mutex before calling pause(), + * which breaks any kind of driver serialisation. + */ +static void +rsu_ms_delay(struct rsu_softc *sc, int ms) +{ + + //usb_pause_mtx(&sc->sc_mtx, hz / 1000); + DELAY(ms * 1000); +} |