--- /dev/null
+/* $OpenBSD: mtwreg.h,v 1.1 2021/12/20 13:59:02 hastings Exp $ */
+/*
+ * Copyright (c) 2007 Damien Bergamini <damien.bergamini@free.fr>
+ * Copyright (c) 2021 James Hastings
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define MTW_ASIC_VER 0x0000
+#define MTW_CMB_CTRL 0x0020
+#define MTW_EFUSE_CTRL 0x0024
+#define MTW_EFUSE_DATA0 0x0028
+#define MTW_EFUSE_DATA1 0x002c
+#define MTW_EFUSE_DATA2 0x0030
+#define MTW_EFUSE_DATA3 0x0034
+#define MTW_OSC_CTRL 0x0038
+#define MTW_COEX_CFG0 0x0040
+#define MTW_PLL_CTRL 0x0050
+#define MTW_LDO_CFG0 0x006c
+#define MTW_LDO_CFG1 0x0070
+#define MTW_WLAN_CTRL 0x0080
+
+/* SCH/DMA registers */
+#define MTW_INT_STATUS 0x0200
+#define RT2860_INT_MASK 0x0204
+#define MTW_WPDMA_GLO_CFG 0x0208
+#define RT2860_WPDMA_RST_IDX 0x020c
+#define RT2860_DELAY_INT_CFG 0x0210
+#define MTW_WMM_AIFSN_CFG 0x0214
+#define MTW_WMM_CWMIN_CFG 0x0218
+#define MTW_WMM_CWMAX_CFG 0x021c
+#define MTW_WMM_TXOP0_CFG 0x0220
+#define MTW_WMM_TXOP1_CFG 0x0224
+#define RT2860_GPIO_CTRL 0x0228
+#define RT2860_MCU_CMD_REG 0x022c
+#define MTW_MCU_DMA_ADDR 0x0230
+#define MTW_MCU_DMA_LEN 0x0234
+#define MTW_USB_DMA_CFG 0x0238
+#define RT2860_TX_BASE_PTR(qid) (0x0230 + (qid) * 16)
+#define RT2860_TX_MAX_CNT(qid) (0x0234 + (qid) * 16)
+#define RT2860_TX_CTX_IDX(qid) (0x0238 + (qid) * 16)
+#define RT2860_TX_DTX_IDX(qid) (0x023c + (qid) * 16)
+#define MTW_TSO_CTRL 0x0250
+#define MTW_HDR_TRANS_CTRL 0x0260
+#define RT2860_RX_BASE_PTR 0x0290
+#define RT2860_RX_MAX_CNT 0x0294
+#define RT2860_RX_CALC_IDX 0x0298
+#define RT2860_FS_DRX_IDX 0x029c
+#define MTW_US_CYC_CNT 0x02a4
+
+#define MTW_TX_RING_BASE 0x0300
+#define MTW_RX_RING_BASE 0x03c0
+
+/* Packet Buffer registers */
+#define MTW_SYS_CTRL 0x0400
+#define MTW_PBF_CFG 0x0404
+#define MTW_TX_MAX_PCNT 0x0408
+#define MTW_RX_MAX_PCNT 0x040c
+#define MTW_PBF_CTRL 0x0410
+#define RT2860_BUF_CTRL 0x0410
+#define RT2860_MCU_INT_STA 0x0414
+#define RT2860_MCU_INT_ENA 0x0418
+#define RT2860_TXQ_IO(qid) (0x041c + (qid) * 4)
+#define MTW_BCN_OFFSET0 0x041c
+#define MTW_BCN_OFFSET1 0x0420
+#define MTW_BCN_OFFSET2 0x0424
+#define MTW_BCN_OFFSET3 0x0428
+#define RT2860_RX0Q_IO 0x0424
+#define MTW_RXQ_STA 0x0430
+#define MTW_TXQ_STA 0x0434
+#define MTW_TXRXQ_PCNT 0x0438
+
+/* RF registers */
+#define MTW_RF_CSR 0x0500
+#define MTW_RF_BYPASS0 0x0504
+#define MTW_RF_BYPASS1 0x0508
+#define MTW_RF_SETTING0 0x050C
+#define MTW_RF_MISC 0x0518
+#define MTW_RF_DATA_WR 0x0524
+#define MTW_RF_CTRL 0x0528
+#define MTW_RF_DATA_RD 0x052c
+
+/* MCU registers */
+#define MTW_MCU_RESET_CTL 0x070c
+#define MTW_MCU_INT_LEVEL 0x0718
+#define MTW_MCU_COM_REG0 0x0730
+#define MTW_MCU_COM_REG1 0x0734
+#define MTW_MCU_COM_REG2 0x0738
+#define MTW_MCU_COM_REG3 0x073c
+#define MTW_FCE_PSE_CTRL 0x0800
+#define MTW_FCE_PARAMETERS 0x0804
+#define MTW_FCE_CSO 0x0808
+#define MTW_FCE_L2_STUFF 0x080c
+#define MTW_FCE_WLAN_FLOW_CTRL 0x0824
+#define MTW_TX_CPU_FCE_BASE 0x09a0
+#define MTW_TX_CPU_FCE_MAX_COUNT 0x09a4
+#define MTW_MCU_FW_IDX 0x09a8
+#define MTW_FCE_PDMA 0x09c4
+#define MTW_FCE_SKIP_FS 0x0a6c
+
+/* MAC registers */
+#define MTW_MAC_VER_ID 0x1000
+#define MTW_MAC_SYS_CTRL 0x1004
+#define MTW_MAC_ADDR_DW0 0x1008
+#define MTW_MAC_ADDR_DW1 0x100c
+#define MTW_MAC_BSSID_DW0 0x1010
+#define MTW_MAC_BSSID_DW1 0x1014
+#define MTW_MAX_LEN_CFG 0x1018
+#define MTW_BBP_CSR 0x101c
+#define MTW_LED_CFG 0x102c
+#define MTW_AMPDU_MAX_LEN_20M1S 0x1030
+#define MTW_AMPDU_MAX_LEN_20M2S 0x1034
+#define MTW_AMPDU_MAX_LEN_40M1S 0x1038
+#define MTW_AMPDU_MAX_LEN_40M2S 0x103c
+#define MTW_AMPDU_MAX_LEN 0x1040
+
+/* MAC Timing control registers */
+#define MTW_XIFS_TIME_CFG 0x1100
+#define MTW_BKOFF_SLOT_CFG 0x1104
+#define RT2860_NAV_TIME_CFG 0x1108
+#define RT2860_CH_TIME_CFG 0x110c
+#define RT2860_PBF_LIFE_TIMER 0x1110
+#define MTW_BCN_TIME_CFG 0x1114
+#define MTW_TBTT_SYNC_CFG 0x1118
+#define MTW_TSF_TIMER_DW0 0x111c
+#define MTW_TSF_TIMER_DW1 0x1120
+#define RT2860_TBTT_TIMER 0x1124
+#define MTW_INT_TIMER_CFG 0x1128
+#define RT2860_INT_TIMER_EN 0x112c
+#define RT2860_CH_IDLE_TIME 0x1130
+
+/* MAC Power Save configuration registers */
+#define MTW_MAC_STATUS_REG 0x1200
+#define MTW_PWR_PIN_CFG 0x1204
+#define MTW_AUTO_WAKEUP_CFG 0x1208
+#define MTW_AUX_CLK_CFG 0x120c
+#define MTW_BBP_PA_MODE_CFG0 0x1214
+#define MTW_BBP_PA_MODE_CFG1 0x1218
+#define MTW_RF_PA_MODE_CFG0 0x121c
+#define MTW_RF_PA_MODE_CFG1 0x1220
+#define MTW_RF_PA_MODE_ADJ0 0x1228
+#define MTW_RF_PA_MODE_ADJ1 0x122c
+#define MTW_DACCLK_EN_DLY_CFG 0x1264 /* MT7612 */
+
+/* MAC TX configuration registers */
+#define MTW_EDCA_AC_CFG(aci) (0x1300 + (aci) * 4)
+#define MTW_EDCA_TID_AC_MAP 0x1310
+#define MTW_TX_PWR_CFG(ridx) (0x1314 + (ridx) * 4)
+#define MTW_TX_PIN_CFG 0x1328
+#define MTW_TX_BAND_CFG 0x132c
+#define MTW_TX_SW_CFG0 0x1330
+#define MTW_TX_SW_CFG1 0x1334
+#define MTW_TX_SW_CFG2 0x1338
+#define RT2860_TXOP_THRES_CFG 0x133c
+#define MTW_TXOP_CTRL_CFG 0x1340
+#define MTW_TX_RTS_CFG 0x1344
+#define MTW_TX_TIMEOUT_CFG 0x1348
+#define MTW_TX_RETRY_CFG 0x134c
+#define MTW_TX_LINK_CFG 0x1350
+#define MTW_HT_FBK_CFG0 0x1354
+#define MTW_HT_FBK_CFG1 0x1358
+#define MTW_LG_FBK_CFG0 0x135c
+#define MTW_LG_FBK_CFG1 0x1360
+#define MTW_CCK_PROT_CFG 0x1364
+#define MTW_OFDM_PROT_CFG 0x1368
+#define MTW_MM20_PROT_CFG 0x136c
+#define MTW_MM40_PROT_CFG 0x1370
+#define MTW_GF20_PROT_CFG 0x1374
+#define MTW_GF40_PROT_CFG 0x1378
+#define RT2860_EXP_CTS_TIME 0x137c
+#define MTW_EXP_ACK_TIME 0x1380
+#define MTW_TX_PWR_CFG5 0x1384
+#define MTW_TX_PWR_CFG6 0x1388
+#define MTW_TX_PWR_EXT_CFG(ridx) (0x1390 + (ridx) * 4)
+#define MTW_TX0_RF_GAIN_CORR 0x13a0
+#define MTW_TX1_RF_GAIN_CORR 0x13a4
+#define MTW_TX0_RF_GAIN_ATTEN 0x13a8
+#define MTW_TX_ALC_CFG3 0x13ac
+#define MTW_TX_ALC_CFG0 0x13b0
+#define MTW_TX_ALC_CFG1 0x13b4
+#define MTW_TX_ALC_CFG4 0x13c0
+#define MTW_TX_ALC_VGA3 0x13c8
+#define MTW_TX_PWR_CFG7 0x13d4
+#define MTW_TX_PWR_CFG8 0x13d8
+#define MTW_TX_PWR_CFG9 0x13dc
+#define MTW_VHT20_PROT_CFG 0x13e0
+#define MTW_VHT40_PROT_CFG 0x13e4
+#define MTW_VHT80_PROT_CFG 0x13e8
+#define MTW_TX_PIFS_CFG 0x13ec /* MT761X */
+
+/* MAC RX configuration registers */
+#define MTW_RX_FILTR_CFG 0x1400
+#define MTW_AUTO_RSP_CFG 0x1404
+#define MTW_LEGACY_BASIC_RATE 0x1408
+#define MTW_HT_BASIC_RATE 0x140c
+#define MTW_HT_CTRL_CFG 0x1410
+#define RT2860_SIFS_COST_CFG 0x1414
+#define RT2860_RX_PARSER_CFG 0x1418
+
+/* MAC Security configuration registers */
+#define RT2860_TX_SEC_CNT0 0x1500
+#define RT2860_RX_SEC_CNT0 0x1504
+#define RT2860_CCMP_FC_MUTE 0x1508
+#define MTW_PN_PAD_MODE 0x150c /* MT761X */
+
+/* MAC HCCA/PSMP configuration registers */
+#define MTW_TXOP_HLDR_ADDR0 0x1600
+#define MTW_TXOP_HLDR_ADDR1 0x1604
+#define MTW_TXOP_HLDR_ET 0x1608
+#define RT2860_QOS_CFPOLL_RA_DW0 0x160c
+#define RT2860_QOS_CFPOLL_A1_DW1 0x1610
+#define RT2860_QOS_CFPOLL_QC 0x1614
+#define MTW_PROT_AUTO_TX_CFG 0x1648
+
+/* MAC Statistics Counters */
+#define MTW_RX_STA_CNT0 0x1700
+#define MTW_RX_STA_CNT1 0x1704
+#define MTW_RX_STA_CNT2 0x1708
+#define MTW_TX_STA_CNT0 0x170c
+#define MTW_TX_STA_CNT1 0x1710
+#define MTW_TX_STA_CNT2 0x1714
+#define MTW_TX_STAT_FIFO 0x1718
+
+/* RX WCID search table */
+#define MTW_WCID_ENTRY(wcid) (0x1800 + (wcid) * 8)
+
+/* MT761x Baseband */
+#define MTW_BBP_CORE(x) (0x2000 + (x) * 4)
+#define MTW_BBP_IBI(x) (0x2100 + (x) * 4)
+#define MTW_BBP_AGC(x) (0x2300 + (x) * 4)
+#define MTW_BBP_TXC(x) (0x2400 + (x) * 4)
+#define MTW_BBP_RXC(x) (0x2500 + (x) * 4)
+#define MTW_BBP_TXQ(x) (0x2600 + (x) * 4)
+#define MTW_BBP_TXBE(x) (0x2700 + (x) * 4)
+#define MTW_BBP_RXFE(x) (0x2800 + (x) * 4)
+#define MTW_BBP_RXO(x) (0x2900 + (x) * 4)
+#define MTW_BBP_DFS(x) (0x2a00 + (x) * 4)
+#define MTW_BBP_TR(x) (0x2b00 + (x) * 4)
+#define MTW_BBP_CAL(x) (0x2c00 + (x) * 4)
+#define MTW_BBP_DSC(x) (0x2e00 + (x) * 4)
+#define MTW_BBP_PFMU(x) (0x2f00 + (x) * 4)
+
+#define MTW_SKEY_MODE_16_23 0x7008
+#define MTW_SKEY_MODE_24_31 0x700c
+#define MTW_H2M_MAILBOX 0x7010
+
+/* Pair-wise key table */
+#define MTW_PKEY(wcid) (0x8000 + (wcid) * 32)
+
+/* USB 3.0 DMA */
+#define MTW_USB_U3DMA_CFG 0x9018
+
+/* IV/EIV table */
+#define MTW_IVEIV(wcid) (0xa000 + (wcid) * 8)
+
+/* WCID attribute table */
+#define MTW_WCID_ATTR(wcid) (0xa800 + (wcid) * 4)
+
+/* Shared Key Table */
+#define MTW_SKEY(vap, kidx) ((vap & 8) ? MTW_SKEY_1(vap, kidx) : \
+ MTW_SKEY_0(vap, kidx))
+#define MTW_SKEY_0(vap, kidx) (0xac00 + (4 * (vap) + (kidx)) * 32)
+#define MTW_SKEY_1(vap, kidx) (0xb400 + (4 * ((vap) & 7) + (kidx)) * 32)
+
+/* Shared Key Mode */
+#define MTW_SKEY_MODE_0_7 0xb000
+#define MTW_SKEY_MODE_8_15 0xb004
+
+/* Shared Key Mode */
+#define MTW_SKEY_MODE_BASE 0xb000
+
+/* Beacon */
+#define MTW_BCN_BASE 0xc000
+
+/* possible flags for register CMB_CTRL 0x0020 */
+#define MTW_PLL_LD (1U << 23)
+#define MTW_XTAL_RDY (1U << 22)
+
+/* possible flags for register EFUSE_CTRL 0x0024 */
+#define MTW_SEL_EFUSE (1U << 31)
+#define MTW_EFSROM_KICK (1U << 30)
+#define MTW_EFSROM_AIN_MASK 0x03ff0000
+#define MTW_EFSROM_AIN_SHIFT 16
+#define MTW_EFSROM_MODE_MASK 0x000000c0
+#define MTW_EFUSE_AOUT_MASK 0x0000003f
+
+/* possible flags for register OSC_CTRL 0x0038 */
+#define MTW_OSC_EN (1U << 31)
+#define MTW_OSC_CAL_REQ (1U << 30)
+#define MTW_OSC_CLK_32K_VLD (1U << 29)
+#define MTW_OSC_CAL_ACK (1U << 28)
+#define MTW_OSC_CAL_CNT (0xfff << 16)
+#define MTW_OSC_REF_CYCLE 0x1fff
+
+/* possible flags for register WLAN_CTRL 0x0080 */
+#define MTW_GPIO_OUT_OE_ALL (0xff << 24)
+#define MTW_GPIO_OUT_ALL (0xff << 16)
+#define MTW_GPIO_IN_ALL (0xff << 8)
+#define MTW_THERM_CKEN (1U << 9)
+#define MTW_THERM_RST (1U << 8)
+#define MTW_INV_TR_SW0 (1U << 6)
+#define MTW_FRC_WL_ANT_SET (1U << 5)
+#define MTW_PCIE_APP0_CLK_REQ (1U << 4)
+#define MTW_WLAN_RESET (1U << 3)
+#define MTW_WLAN_RESET_RF (1U << 2)
+#define MTW_WLAN_CLK_EN (1U << 1)
+#define MTW_WLAN_EN (1U << 0)
+
+/* possible flags for registers INT_STATUS/INT_MASK 0x0200 */
+#define RT2860_TX_COHERENT (1 << 17)
+#define RT2860_RX_COHERENT (1 << 16)
+#define RT2860_MAC_INT_4 (1 << 15)
+#define RT2860_MAC_INT_3 (1 << 14)
+#define RT2860_MAC_INT_2 (1 << 13)
+#define RT2860_MAC_INT_1 (1 << 12)
+#define RT2860_MAC_INT_0 (1 << 11)
+#define RT2860_TX_RX_COHERENT (1 << 10)
+#define RT2860_MCU_CMD_INT (1 << 9)
+#define RT2860_TX_DONE_INT5 (1 << 8)
+#define RT2860_TX_DONE_INT4 (1 << 7)
+#define RT2860_TX_DONE_INT3 (1 << 6)
+#define RT2860_TX_DONE_INT2 (1 << 5)
+#define RT2860_TX_DONE_INT1 (1 << 4)
+#define RT2860_TX_DONE_INT0 (1 << 3)
+#define RT2860_RX_DONE_INT (1 << 2)
+#define RT2860_TX_DLY_INT (1 << 1)
+#define RT2860_RX_DLY_INT (1 << 0)
+
+/* possible flags for register WPDMA_GLO_CFG 0x0208 */
+#define MTW_HDR_SEG_LEN_SHIFT 8
+#define MTW_BIG_ENDIAN (1 << 7)
+#define MTW_TX_WB_DDONE (1 << 6)
+#define MTW_WPDMA_BT_SIZE_SHIFT 4
+#define MTW_WPDMA_BT_SIZE16 0
+#define MTW_WPDMA_BT_SIZE32 1
+#define MTW_WPDMA_BT_SIZE64 2
+#define MTW_WPDMA_BT_SIZE128 3
+#define MTW_RX_DMA_BUSY (1 << 3)
+#define MTW_RX_DMA_EN (1 << 2)
+#define MTW_TX_DMA_BUSY (1 << 1)
+#define MTW_TX_DMA_EN (1 << 0)
+
+/* possible flags for register DELAY_INT_CFG */
+#define RT2860_TXDLY_INT_EN (1U << 31)
+#define RT2860_TXMAX_PINT_SHIFT 24
+#define RT2860_TXMAX_PTIME_SHIFT 16
+#define RT2860_RXDLY_INT_EN (1U << 15)
+#define RT2860_RXMAX_PINT_SHIFT 8
+#define RT2860_RXMAX_PTIME_SHIFT 0
+
+/* possible flags for register GPIO_CTRL */
+#define RT2860_GPIO_D_SHIFT 8
+#define RT2860_GPIO_O_SHIFT 0
+
+/* possible flags for register MCU_DMA_ADDR 0x0230 */
+#define MTW_MCU_READY (1U << 0)
+
+/* possible flags for register USB_DMA_CFG 0x0238 */
+#define MTW_USB_TX_BUSY (1U << 31)
+#define MTW_USB_RX_BUSY (1U << 30)
+#define MTW_USB_EPOUT_VLD_SHIFT 24
+#define MTW_USB_RX_WL_DROP (1U << 25)
+#define MTW_USB_TX_EN (1U << 23)
+#define MTW_USB_RX_EN (1U << 22)
+#define MTW_USB_RX_AGG_EN (1U << 21)
+#define MTW_USB_TXOP_HALT (1U << 20)
+#define MTW_USB_TX_CLEAR (1U << 19)
+#define MTW_USB_PHY_WD_EN (1U << 16)
+#define MTW_USB_PHY_MAN_RST (1U << 15)
+#define MTW_USB_RX_AGG_LMT(x) ((x) << 8) /* in unit of 1KB */
+#define MTW_USB_RX_AGG_TO(x) ((x) & 0xff) /* in unit of 33ns */
+
+/* possible flags for register US_CYC_CNT 0x02a4 */
+#define RT2860_TEST_EN (1 << 24)
+#define RT2860_TEST_SEL_SHIFT 16
+#define RT2860_BT_MODE_EN (1 << 8)
+#define RT2860_US_CYC_CNT_SHIFT 0
+
+/* possible flags for register PBF_CFG 0x0404 */
+#define MTW_PBF_CFG_RX_DROP (1 << 8)
+#define MTW_PBF_CFG_RX0Q_EN (1 << 4)
+#define MTW_PBF_CFG_TX3Q_EN (1 << 3)
+#define MTW_PBF_CFG_TX2Q_EN (1 << 2)
+#define MTW_PBF_CFG_TX1Q_EN (1 << 1)
+#define MTW_PBF_CFG_TX0Q_EN (1 << 0)
+
+/* possible flags for register BUF_CTRL 0x0410 */
+#define RT2860_WRITE_TXQ(qid) (1 << (11 - (qid)))
+#define RT2860_NULL0_KICK (1 << 7)
+#define RT2860_NULL1_KICK (1 << 6)
+#define RT2860_BUF_RESET (1 << 5)
+#define RT2860_READ_TXQ(qid) (1 << (3 - (qid))
+#define RT2860_READ_RX0Q (1 << 0)
+
+/* possible flags for registers MCU_INT_STA/MCU_INT_ENA */
+#define RT2860_MCU_MAC_INT_8 (1 << 24)
+#define RT2860_MCU_MAC_INT_7 (1 << 23)
+#define RT2860_MCU_MAC_INT_6 (1 << 22)
+#define RT2860_MCU_MAC_INT_4 (1 << 20)
+#define RT2860_MCU_MAC_INT_3 (1 << 19)
+#define RT2860_MCU_MAC_INT_2 (1 << 18)
+#define RT2860_MCU_MAC_INT_1 (1 << 17)
+#define RT2860_MCU_MAC_INT_0 (1 << 16)
+#define RT2860_DTX0_INT (1 << 11)
+#define RT2860_DTX1_INT (1 << 10)
+#define RT2860_DTX2_INT (1 << 9)
+#define RT2860_DRX0_INT (1 << 8)
+#define RT2860_HCMD_INT (1 << 7)
+#define RT2860_N0TX_INT (1 << 6)
+#define RT2860_N1TX_INT (1 << 5)
+#define RT2860_BCNTX_INT (1 << 4)
+#define RT2860_MTX0_INT (1 << 3)
+#define RT2860_MTX1_INT (1 << 2)
+#define RT2860_MTX2_INT (1 << 1)
+#define RT2860_MRX0_INT (1 << 0)
+
+/* possible flags for register TXRXQ_PCNT 0x0438 */
+#define MTW_RX0Q_PCNT_MASK 0xff000000
+#define MTW_TX2Q_PCNT_MASK 0x00ff0000
+#define MTW_TX1Q_PCNT_MASK 0x0000ff00
+#define MTW_TX0Q_PCNT_MASK 0x000000ff
+
+/* possible flags for register RF_CSR_CFG 0x0500 */
+#define MTW_RF_CSR_KICK (1U << 31)
+#define MTW_RF_CSR_WRITE (1U << 30)
+#define MT7610_BANK_SHIFT 15
+#define MT7601_BANK_SHIFT 14
+
+/* possible flags for register FCE_L2_STUFF 0x080c */
+#define MTW_L2S_WR_MPDU_LEN_EN (1 << 4)
+
+/* possible flag for register DEBUG_INDEX */
+#define RT5592_SEL_XTAL (1U << 31)
+
+/* possible flags for register MAC_SYS_CTRL 0x1004 */
+#define MTW_RX_TS_EN (1 << 7)
+#define MTW_WLAN_HALT_EN (1 << 6)
+#define MTW_PBF_LOOP_EN (1 << 5)
+#define MTW_CONT_TX_TEST (1 << 4)
+#define MTW_MAC_RX_EN (1 << 3)
+#define MTW_MAC_TX_EN (1 << 2)
+#define MTW_BBP_HRST (1 << 1)
+#define MTW_MAC_SRST (1 << 0)
+
+/* possible flags for register MAC_BSSID_DW1 0x100c */
+#define RT2860_MULTI_BCN_NUM_SHIFT 18
+#define RT2860_MULTI_BSSID_MODE_SHIFT 16
+
+/* possible flags for register MAX_LEN_CFG 0x1018 */
+#define RT2860_MIN_MPDU_LEN_SHIFT 16
+#define RT2860_MAX_PSDU_LEN_SHIFT 12
+#define RT2860_MAX_PSDU_LEN8K 0
+#define RT2860_MAX_PSDU_LEN16K 1
+#define RT2860_MAX_PSDU_LEN32K 2
+#define RT2860_MAX_PSDU_LEN64K 3
+#define RT2860_MAX_MPDU_LEN_SHIFT 0
+
+/* possible flags for registers BBP_CSR_CFG 0x101c */
+#define MTW_BBP_CSR_KICK (1 << 17)
+#define MTW_BBP_CSR_READ (1 << 16)
+#define MTW_BBP_ADDR_SHIFT 8
+#define MTW_BBP_DATA_SHIFT 0
+
+/* possible flags for register LED_CFG */
+#define MTW_LED_MODE_ON 0
+#define MTW_LED_MODE_DIM 1
+#define MTW_LED_MODE_BLINK_TX 2
+#define MTW_LED_MODE_SLOW_BLINK 3
+
+/* possible flags for register XIFS_TIME_CFG 0x1100 */
+#define MTW_BB_RXEND_EN (1 << 29)
+#define MTW_EIFS_TIME_SHIFT 20
+#define MTW_OFDM_XIFS_TIME_SHIFT 16
+#define MTW_OFDM_SIFS_TIME_SHIFT 8
+#define MTW_CCK_SIFS_TIME_SHIFT 0
+
+/* possible flags for register BKOFF_SLOT_CFG 0x1104 */
+#define MTW_CC_DELAY_TIME_SHIFT 8
+#define MTW_SLOT_TIME 0
+
+/* possible flags for register NAV_TIME_CFG */
+#define RT2860_NAV_UPD (1U << 31)
+#define RT2860_NAV_UPD_VAL_SHIFT 16
+#define RT2860_NAV_CLR_EN (1U << 15)
+#define RT2860_NAV_TIMER_SHIFT 0
+
+/* possible flags for register CH_TIME_CFG */
+#define RT2860_EIFS_AS_CH_BUSY (1 << 4)
+#define RT2860_NAV_AS_CH_BUSY (1 << 3)
+#define RT2860_RX_AS_CH_BUSY (1 << 2)
+#define RT2860_TX_AS_CH_BUSY (1 << 1)
+#define RT2860_CH_STA_TIMER_EN (1 << 0)
+
+/* possible values for register BCN_TIME_CFG 0x1114 */
+#define MTW_TSF_INS_COMP_SHIFT 24
+#define MTW_BCN_TX_EN (1 << 20)
+#define MTW_TBTT_TIMER_EN (1 << 19)
+#define MTW_TSF_SYNC_MODE_SHIFT 17
+#define MTW_TSF_SYNC_MODE_DIS 0
+#define MTW_TSF_SYNC_MODE_STA 1
+#define MTW_TSF_SYNC_MODE_IBSS 2
+#define MTW_TSF_SYNC_MODE_HOSTAP 3
+#define MTW_TSF_TIMER_EN (1 << 16)
+#define MTW_BCN_INTVAL_SHIFT 0
+
+/* possible flags for register TBTT_SYNC_CFG 0x1118 */
+#define RT2860_BCN_CWMIN_SHIFT 20
+#define RT2860_BCN_AIFSN_SHIFT 16
+#define RT2860_BCN_EXP_WIN_SHIFT 8
+#define RT2860_TBTT_ADJUST_SHIFT 0
+
+/* possible flags for register INT_TIMER_CFG 0x1128 */
+#define RT2860_GP_TIMER_SHIFT 16
+#define RT2860_PRE_TBTT_TIMER_SHIFT 0
+
+/* possible flags for register INT_TIMER_EN */
+#define RT2860_GP_TIMER_EN (1 << 1)
+#define RT2860_PRE_TBTT_INT_EN (1 << 0)
+
+/* possible flags for register MAC_STATUS_REG 0x1200 */
+#define MTW_RX_STATUS_BUSY (1 << 1)
+#define MTW_TX_STATUS_BUSY (1 << 0)
+
+/* possible flags for register PWR_PIN_CFG 0x1204 */
+#define RT2860_IO_ADDA_PD (1 << 3)
+#define RT2860_IO_PLL_PD (1 << 2)
+#define RT2860_IO_RA_PE (1 << 1)
+#define RT2860_IO_RF_PE (1 << 0)
+
+/* possible flags for register AUTO_WAKEUP_CFG 0x1208 */
+#define MTW_AUTO_WAKEUP_EN (1 << 15)
+#define MTW_SLEEP_TBTT_NUM_SHIFT 8
+#define MTW_WAKEUP_LEAD_TIME_SHIFT 0
+
+/* possible flags for register TX_PIN_CFG 0x1328 */
+#define RT2860_TRSW_POL (1U << 19)
+#define RT2860_TRSW_EN (1U << 18)
+#define RT2860_RFTR_POL (1U << 17)
+#define RT2860_RFTR_EN (1U << 16)
+#define RT2860_LNA_PE_G1_POL (1U << 15)
+#define RT2860_LNA_PE_A1_POL (1U << 14)
+#define RT2860_LNA_PE_G0_POL (1U << 13)
+#define RT2860_LNA_PE_A0_POL (1U << 12)
+#define RT2860_LNA_PE_G1_EN (1U << 11)
+#define RT2860_LNA_PE_A1_EN (1U << 10)
+#define RT2860_LNA_PE1_EN (RT2860_LNA_PE_A1_EN | RT2860_LNA_PE_G1_EN)
+#define RT2860_LNA_PE_G0_EN (1U << 9)
+#define RT2860_LNA_PE_A0_EN (1U << 8)
+#define RT2860_LNA_PE0_EN (RT2860_LNA_PE_A0_EN | RT2860_LNA_PE_G0_EN)
+#define RT2860_PA_PE_G1_POL (1U << 7)
+#define RT2860_PA_PE_A1_POL (1U << 6)
+#define RT2860_PA_PE_G0_POL (1U << 5)
+#define RT2860_PA_PE_A0_POL (1U << 4)
+#define RT2860_PA_PE_G1_EN (1U << 3)
+#define RT2860_PA_PE_A1_EN (1U << 2)
+#define RT2860_PA_PE_G0_EN (1U << 1)
+#define RT2860_PA_PE_A0_EN (1U << 0)
+
+/* possible flags for register TX_BAND_CFG 0x132c */
+#define MTW_TX_BAND_SEL_2G (1 << 2)
+#define MTW_TX_BAND_SEL_5G (1 << 1)
+#define MTW_TX_BAND_UPPER_40M (1 << 0)
+
+/* possible flags for register TX_SW_CFG0 0x1330 */
+#define RT2860_DLY_RFTR_EN_SHIFT 24
+#define RT2860_DLY_TRSW_EN_SHIFT 16
+#define RT2860_DLY_PAPE_EN_SHIFT 8
+#define RT2860_DLY_TXPE_EN_SHIFT 0
+
+/* possible flags for register TX_SW_CFG1 0x1334 */
+#define RT2860_DLY_RFTR_DIS_SHIFT 16
+#define RT2860_DLY_TRSW_DIS_SHIFT 8
+#define RT2860_DLY_PAPE_DIS SHIFT 0
+
+/* possible flags for register TX_SW_CFG2 0x1338 */
+#define RT2860_DLY_LNA_EN_SHIFT 24
+#define RT2860_DLY_LNA_DIS_SHIFT 16
+#define RT2860_DLY_DAC_EN_SHIFT 8
+#define RT2860_DLY_DAC_DIS_SHIFT 0
+
+/* possible flags for register TXOP_THRES_CFG 0x133c */
+#define RT2860_TXOP_REM_THRES_SHIFT 24
+#define RT2860_CF_END_THRES_SHIFT 16
+#define RT2860_RDG_IN_THRES 8
+#define RT2860_RDG_OUT_THRES 0
+
+/* possible flags for register TXOP_CTRL_CFG 0x1340 */
+#define MTW_TXOP_ED_CCA_EN (1 << 20)
+#define MTW_EXT_CW_MIN_SHIFT 16
+#define MTW_EXT_CCA_DLY_SHIFT 8
+#define MTW_EXT_CCA_EN (1 << 7)
+#define MTW_LSIG_TXOP_EN (1 << 6)
+#define MTW_TXOP_TRUN_EN_MIMOPS (1 << 4)
+#define MTW_TXOP_TRUN_EN_TXOP (1 << 3)
+#define MTW_TXOP_TRUN_EN_RATE (1 << 2)
+#define MTW_TXOP_TRUN_EN_AC (1 << 1)
+#define MTW_TXOP_TRUN_EN_TIMEOUT (1 << 0)
+
+/* possible flags for register TX_RTS_CFG 0x1344 */
+#define MTW_RTS_FBK_EN (1 << 24)
+#define MTW_RTS_THRES_SHIFT 8
+#define MTW_RTS_RTY_LIMIT_SHIFT 0
+
+/* possible flags for register TX_TIMEOUT_CFG 0x1348 */
+#define MTW_TXOP_TIMEOUT_SHIFT 16
+#define MTW_RX_ACK_TIMEOUT_SHIFT 8
+#define MTW_MPDU_LIFE_TIME_SHIFT 4
+
+/* possible flags for register TX_RETRY_CFG 0x134c */
+#define MTW_TX_AUTOFB_EN (1 << 30)
+#define MTW_AGG_RTY_MODE_TIMER (1 << 29)
+#define MTW_NAG_RTY_MODE_TIMER (1 << 28)
+#define MTW_LONG_RTY_THRES_SHIFT 16
+#define MTW_LONG_RTY_LIMIT_SHIFT 8
+#define MTW_SHORT_RTY_LIMIT_SHIFT 0
+
+/* possible flags for register TX_LINK_CFG 0x1350 */
+#define MTW_REMOTE_MFS_SHIFT 24
+#define MTW_REMOTE_MFB_SHIFT 16
+#define MTW_TX_CFACK_EN (1 << 12)
+#define MTW_TX_RDG_EN (1 << 11)
+#define MTW_TX_MRQ_EN (1 << 10)
+#define MTW_REMOTE_UMFS_EN (1 << 9)
+#define MTW_TX_MFB_EN (1 << 8)
+#define MTW_REMOTE_MFB_LT_SHIFT 0
+
+/* possible flags for registers *_PROT_CFG */
+#define RT2860_RTSTH_EN (1 << 26)
+#define RT2860_TXOP_ALLOW_GF40 (1 << 25)
+#define RT2860_TXOP_ALLOW_GF20 (1 << 24)
+#define RT2860_TXOP_ALLOW_MM40 (1 << 23)
+#define RT2860_TXOP_ALLOW_MM20 (1 << 22)
+#define RT2860_TXOP_ALLOW_OFDM (1 << 21)
+#define RT2860_TXOP_ALLOW_CCK (1 << 20)
+#define RT2860_TXOP_ALLOW_ALL (0x3f << 20)
+#define RT2860_PROT_NAV_SHORT (1 << 18)
+#define RT2860_PROT_NAV_LONG (2 << 18)
+#define RT2860_PROT_CTRL_RTS_CTS (1 << 16)
+#define RT2860_PROT_CTRL_CTS (2 << 16)
+
+/* possible flags for registers EXP_{CTS,ACK}_TIME */
+#define RT2860_EXP_OFDM_TIME_SHIFT 16
+#define RT2860_EXP_CCK_TIME_SHIFT 0
+
+/* possible flags for register RX_FILTR_CFG 0x1400 */
+#define MTW_DROP_CTRL_RSV (1 << 16)
+#define MTW_DROP_BAR (1 << 15)
+#define MTW_DROP_BA (1 << 14)
+#define MTW_DROP_PSPOLL (1 << 13)
+#define MTW_DROP_RTS (1 << 12)
+#define MTW_DROP_CTS (1 << 11)
+#define MTW_DROP_ACK (1 << 10)
+#define MTW_DROP_CFEND (1 << 9)
+#define MTW_DROP_CFACK (1 << 8)
+#define MTW_DROP_DUPL (1 << 7)
+#define MTW_DROP_BC (1 << 6)
+#define MTW_DROP_MC (1 << 5)
+#define MTW_DROP_VER_ERR (1 << 4)
+#define MTW_DROP_NOT_MYBSS (1 << 3)
+#define MTW_DROP_UC_NOME (1 << 2)
+#define MTW_DROP_PHY_ERR (1 << 1)
+#define MTW_DROP_CRC_ERR (1 << 0)
+
+/* possible flags for register AUTO_RSP_CFG 0x1404 */
+#define MTW_CTRL_PWR_BIT (1 << 7)
+#define MTW_BAC_ACK_POLICY (1 << 6)
+#define MTW_CCK_SHORT_EN (1 << 4)
+#define MTW_CTS_40M_REF_EN (1 << 3)
+#define MTW_CTS_40M_MODE_EN (1 << 2)
+#define MTW_BAC_ACKPOLICY_EN (1 << 1)
+#define MTW_AUTO_RSP_EN (1 << 0)
+
+/* possible flags for register SIFS_COST_CFG */
+#define RT2860_OFDM_SIFS_COST_SHIFT 8
+#define RT2860_CCK_SIFS_COST_SHIFT 0
+
+/* possible flags for register TXOP_HLDR_ET 0x1608 */
+#define MTW_TXOP_ETM1_EN (1 << 25)
+#define MTW_TXOP_ETM0_EN (1 << 24)
+#define MTW_TXOP_ETM_THRES_SHIFT 16
+#define MTW_TXOP_ETO_EN (1 << 8)
+#define MTW_TXOP_ETO_THRES_SHIFT 1
+#define MTW_PER_RX_RST_EN (1 << 0)
+
+/* possible flags for register TX_STAT_FIFO 0x1718 */
+#define MTW_TXQ_MCS_SHIFT 16
+#define MTW_TXQ_WCID_SHIFT 8
+#define MTW_TXQ_ACKREQ (1 << 7)
+#define MTW_TXQ_AGG (1 << 6)
+#define MTW_TXQ_OK (1 << 5)
+#define MTW_TXQ_PID_SHIFT 1
+#define MTW_TXQ_VLD (1 << 0)
+
+/* possible flags for register TX_STAT_FIFO_EXT 0x1798 */
+#define MTW_TXQ_PKTID_SHIFT 8
+#define MTW_TXQ_RETRY_SHIFT 0
+
+/* possible flags for register WCID_ATTR 0xa800 */
+#define MTW_MODE_NOSEC 0
+#define MTW_MODE_WEP40 1
+#define MTW_MODE_WEP104 2
+#define MTW_MODE_TKIP 3
+#define MTW_MODE_AES_CCMP 4
+#define MTW_MODE_CKIP40 5
+#define MTW_MODE_CKIP104 6
+#define MTW_MODE_CKIP128 7
+#define MTW_RX_PKEY_EN (1 << 0)
+
+/* possible flags for MT7601 BBP register 47 */
+#define MT7601_R47_MASK 0x07
+#define MT7601_R47_TSSI (0 << 0)
+#define MT7601_R47_PKT (1 << 0)
+#define MT7601_R47_TXRATE (1 << 1)
+#define MT7601_R47_TEMP (1 << 2)
+
+#define MTW_RXQ_WLAN 0
+#define MTW_RXQ_MCU 1
+#define MTW_TXQ_MCU 5
+
+/* RT2860 TX descriptor */
+struct rt2860_txd {
+ uint32_t sdp0; /* Segment Data Pointer 0 */
+ uint16_t sdl1; /* Segment Data Length 1 */
+#define RT2860_TX_BURST (1 << 15)
+#define RT2860_TX_LS1 (1 << 14) /* SDP1 is the last segment */
+
+ uint16_t sdl0; /* Segment Data Length 0 */
+#define RT2860_TX_DDONE (1 << 15)
+#define RT2860_TX_LS0 (1 << 14) /* SDP0 is the last segment */
+
+ uint32_t sdp1; /* Segment Data Pointer 1 */
+ uint8_t reserved[3];
+ uint8_t flags;
+#define RT2860_TX_QSEL_SHIFT 1
+#define RT2860_TX_QSEL_MGMT (0 << 1)
+#define RT2860_TX_QSEL_HCCA (1 << 1)
+#define RT2860_TX_QSEL_EDCA (2 << 1)
+#define RT2860_TX_WIV (1 << 0)
+} __packed;
+
+/* TX descriptor */
+struct mtw_txd {
+ uint16_t len;
+ uint16_t flags;
+#define MTW_TXD_CMD (1 << 14)
+#define MTW_TXD_DATA (0 << 14)
+#define MTW_TXD_MCU (2 << 11)
+#define MTW_TXD_WLAN (0 << 11)
+#define MTW_TXD_QSEL_EDCA (2 << 9)
+#define MTW_TXD_QSEL_HCCA (1 << 9)
+#define MTW_TXD_QSEL_MGMT (0 << 9)
+#define MTW_TXD_WIV (1 << 8)
+#define MTW_TXD_CMD_SHIFT 4
+#define MTW_TXD_80211 (1 << 3)
+} __packed;
+
+/* TX Wireless Information */
+struct mtw_txwi {
+ uint8_t flags;
+#define MTW_TX_MPDU_DSITY_SHIFT 5
+#define MTW_TX_AMPDU (1 << 4)
+#define MTW_TX_TS (1 << 3)
+#define MTW_TX_CFACK (1 << 2)
+#define MTW_TX_MMPS (1 << 1)
+#define MTW_TX_FRAG (1 << 0)
+
+ uint8_t txop;
+#define MTW_TX_TXOP_HT 0
+#define MTW_TX_TXOP_PIFS 1
+#define MTW_TX_TXOP_SIFS 2
+#define MTW_TX_TXOP_BACKOFF 3
+
+ uint16_t phy;
+#define MTW_PHY_MODE 0xe000
+#define MTW_PHY_CCK (0 << 13)
+#define MTW_PHY_OFDM (1 << 13)
+#define MTW_PHY_HT (2 << 13)
+#define MTW_PHY_HT_GF (3 << 13)
+#define MTW_PHY_VHT (4 << 13)
+#define MTW_PHY_STBC (1 << 10)
+#define MTW_PHY_SGI (1 << 9)
+#define MTW_PHY_BW20 (0 << 7)
+#define MTW_PHY_BW40 (1 << 7)
+#define MTW_PHY_BW80 (2 << 7)
+#define MTW_PHY_BW160 (3 << 7)
+#define MTW_PHY_LDPC (1 << 6)
+#define MTW_PHY_MCS 0x3f
+#define MTW_PHY_SHPRE (1 << 3)
+
+ uint8_t xflags;
+#define MTW_TX_BAWINSIZE_SHIFT 2
+#define MTW_TX_NSEQ (1 << 1)
+#define MTW_TX_ACK (1 << 0)
+
+ uint8_t wcid; /* Wireless Client ID */
+ uint16_t len;
+#define MTW_TX_PID_SHIFT 12
+
+ uint32_t iv;
+ uint32_t eiv;
+ uint32_t reserved1;
+} __packed;
+
+/* RT2860 RX descriptor */
+struct rt2860_rxd {
+ uint32_t sdp0;
+ uint16_t sdl1; /* unused */
+ uint16_t sdl0;
+#define MTW_RX_DDONE (1 << 15)
+#define MTW_RX_LS0 (1 << 14)
+
+ uint32_t sdp1; /* unused */
+ uint32_t flags;
+#define MTW_RX_DEC (1 << 16)
+#define MTW_RX_AMPDU (1 << 15)
+#define MTW_RX_L2PAD (1 << 14)
+#define MTW_RX_RSSI (1 << 13)
+#define MTW_RX_HTC (1 << 12)
+#define MTW_RX_AMSDU (1 << 11)
+#define MTW_RX_MICERR (1 << 10)
+#define MTW_RX_ICVERR (1 << 9)
+#define MTW_RX_CRCERR (1 << 8)
+#define MTW_RX_MYBSS (1 << 7)
+#define MTW_RX_BC (1 << 6)
+#define MTW_RX_MC (1 << 5)
+#define MTW_RX_UC2ME (1 << 4)
+#define MTW_RX_FRAG (1 << 3)
+#define MTW_RX_NULL (1 << 2)
+#define MTW_RX_DATA (1 << 1)
+#define MTW_RX_BA (1 << 0)
+} __packed;
+
+/* RX descriptor */
+struct mtw_rxd {
+ uint16_t len;
+#define MTW_RXD_SELF_GEN (1 << 15)
+#define MTW_RXD_LEN 0x3fff
+
+ uint16_t flags;
+} __packed;
+
+/* RX Wireless Information */
+struct mtw_rxwi {
+ uint32_t flags;
+ uint8_t wcid;
+ uint8_t keyidx;
+#define MTW_RX_UDF_SHIFT 5
+#define MTW_RX_BSS_IDX_SHIFT 2
+
+ uint16_t len;
+#define MTW_RX_TID_SHIFT 12
+
+ uint16_t seq;
+ uint16_t phy;
+ uint8_t rssi[4];
+ uint32_t reserved1;
+ uint32_t reserved2;
+ uint32_t reserved3;
+} __packed __aligned(4);
+
+/* MCU Command */
+struct mtw_mcu_cmd_8 {
+ uint32_t func;
+ uint32_t val;
+} __packed __aligned(4);
+
+struct mtw_mcu_cmd_16 {
+ uint32_t r1;
+ uint32_t r2;
+ uint32_t r3;
+ uint32_t r4;
+} __packed __aligned(4);
+
+#define MTW_DMA_PAD 4
+
+/* first DMA segment contains TXWI + 802.11 header + 32-bit padding */
+#define MTW_TXWI_DMASZ \
+ (sizeof (struct mtw_txwi) + \
+ sizeof (struct ieee80211_htframe) + \
+ sizeof (uint16_t))
+
+#define MT7601_RF_7601 0x7601 /* 1T1R */
+#define MT7610_RF_7610 0x7610 /* 1T1R */
+#define MT7612_RF_7612 0x7612 /* 2T2R */
+
+#define MTW_CONFIG_NO 1
+
+/* USB vendor request */
+#define MTW_RESET 0x1
+#define MTW_WRITE_2 0x2
+#define MTW_WRITE_REGION_1 0x6
+#define MTW_READ_REGION_1 0x7
+#define MTW_EEPROM_READ 0x9
+#define MTW_WRITE_CFG 0x46
+#define MTW_READ_CFG 0x47
+
+/* eFUSE ROM */
+#define MTW_EEPROM_CHIPID 0x00
+#define MTW_EEPROM_VERSION 0x01
+#define MTW_EEPROM_MAC01 0x02
+#define MTW_EEPROM_MAC23 0x03
+#define MTW_EEPROM_MAC45 0x04
+#define MTW_EEPROM_ANTENNA 0x1a
+#define MTW_EEPROM_CONFIG 0x1b
+#define MTW_EEPROM_COUNTRY 0x1c
+#define MTW_EEPROM_FREQ_OFFSET 0x1d
+#define MTW_EEPROM_LED1 0x1e
+#define MTW_EEPROM_LED2 0x1f
+#define MTW_EEPROM_LED3 0x20
+#define MTW_EEPROM_LNA 0x22
+#define MTW_EEPROM_RSSI1_2GHZ 0x23
+#define MTW_EEPROM_RSSI2_2GHZ 0x24
+#define MTW_EEPROM_RSSI1_5GHZ 0x25
+#define MTW_EEPROM_RSSI2_5GHZ 0x26
+#define MTW_EEPROM_DELTAPWR 0x28
+#define MTW_EEPROM_PWR2GHZ_BASE1 0x29
+#define MTW_EEPROM_PWR2GHZ_BASE2 0x30
+#define MTW_EEPROM_TSSI1_2GHZ 0x37
+#define MTW_EEPROM_TSSI2_2GHZ 0x38
+#define MTW_EEPROM_TSSI3_2GHZ 0x39
+#define MTW_EEPROM_TSSI4_2GHZ 0x3a
+#define MTW_EEPROM_TSSI5_2GHZ 0x3b
+#define MTW_EEPROM_PWR5GHZ_BASE1 0x3c
+#define MTW_NIC_CONF2 0x42
+#define MTW_EEPROM_PWR5GHZ_BASE2 0x53
+#define MTW_TXPWR_EXT_PA_5G 0x54
+#define MTW_TXPWR_START_2G_0 0x56
+#define MTW_TXPWR_START_2G_1 0x5c
+#define MTW_TXPWR_START_5G_0 0x62
+#define RT2860_EEPROM_TSSI1_5GHZ 0x6a
+#define RT2860_EEPROM_TSSI2_5GHZ 0x6b
+#define RT2860_EEPROM_TSSI3_5GHZ 0x6c
+#define RT2860_EEPROM_TSSI4_5GHZ 0x6d
+#define RT2860_EEPROM_TSSI5_5GHZ 0x6e
+#define MTW_TX_TSSI_SLOPE 0x6e
+#define MTW_EEPROM_RPWR 0x6f
+
+#define MTW_RIDX_CCK1 0
+#define MTW_RIDX_CCK11 3
+#define MTW_RIDX_OFDM6 4
+#define MTW_RIDX_MAX 11
+static const struct rt2860_rate {
+ uint8_t rate;
+ uint8_t mcs;
+ enum ieee80211_phytype phy;
+ uint8_t ctl_ridx;
+ uint16_t sp_ack_dur;
+ uint16_t lp_ack_dur;
+} rt2860_rates[] = {
+ { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
+ { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
+ { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
+ { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
+ { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
+ { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
+ { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
+ { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
+ { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
+ { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
+ { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
+ { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
+};
+
+#define MT7601_RF_CHAN \
+ { 1, 0x99, 0x99, 0x09, 0x50 }, \
+ { 2, 0x46, 0x44, 0x0a, 0x50 }, \
+ { 3, 0xec, 0xee, 0x0a, 0x50 }, \
+ { 4, 0x99, 0x99, 0x0b, 0x50 }, \
+ { 5, 0x46, 0x44, 0x08, 0x51 }, \
+ { 6, 0xec, 0xee, 0x08, 0x51 }, \
+ { 7, 0x99, 0x99, 0x09, 0x51 }, \
+ { 8, 0x46, 0x44, 0x0a, 0x51 }, \
+ { 9, 0xec, 0xee, 0x0a, 0x51 }, \
+ { 10, 0x99, 0x99, 0x0b, 0x51 }, \
+ { 11, 0x46, 0x44, 0x08, 0x52 }, \
+ { 12, 0xec, 0xee, 0x08, 0x52 }, \
+ { 13, 0x99, 0x99, 0x09, 0x52 }, \
+ { 14, 0x33, 0x33, 0x0b, 0x52 }
+
+/*
+ * Default values for MAC registers.
+ */
+#define MT7601_DEF_MAC \
+ { MTW_BCN_OFFSET0, 0x18100800 }, \
+ { MTW_BCN_OFFSET1, 0x38302820 }, \
+ { MTW_BCN_OFFSET2, 0x58504840 }, \
+ { MTW_BCN_OFFSET3, 0x78706860 }, \
+ { MTW_MAC_SYS_CTRL, 0x0000000c }, \
+ { MTW_MAX_LEN_CFG, 0x000a3fff }, \
+ { MTW_AMPDU_MAX_LEN_20M1S, 0x77777777 }, \
+ { MTW_AMPDU_MAX_LEN_20M2S, 0x77777777 }, \
+ { MTW_AMPDU_MAX_LEN_40M1S, 0x77777777 }, \
+ { MTW_AMPDU_MAX_LEN_40M2S, 0x77777777 }, \
+ { MTW_XIFS_TIME_CFG, 0x33a41010 }, \
+ { MTW_BKOFF_SLOT_CFG, 0x00000209 }, \
+ { MTW_TBTT_SYNC_CFG, 0x00422010 }, \
+ { MTW_INT_TIMER_CFG, 0x00000000 }, \
+ { MTW_PWR_PIN_CFG, 0x00000000 }, \
+ { MTW_AUTO_WAKEUP_CFG, 0x00000014 }, \
+ { MTW_EDCA_AC_CFG(0), 0x000a4360 }, \
+ { MTW_EDCA_AC_CFG(1), 0x000a4700 }, \
+ { MTW_EDCA_AC_CFG(2), 0x00043338 }, \
+ { MTW_EDCA_AC_CFG(3), 0x0003222f }, \
+ { MTW_TX_PIN_CFG, 0x33150f0f }, \
+ { MTW_TX_BAND_CFG, 0x00000005 }, \
+ { MTW_TX_SW_CFG0, 0x00000402 }, \
+ { MTW_TX_SW_CFG1, 0x00000000 }, \
+ { MTW_TX_SW_CFG2, 0x00000000 }, \
+ { MTW_TXOP_CTRL_CFG, 0x0000583f }, \
+ { MTW_TX_RTS_CFG, 0x01100020 }, \
+ { MTW_TX_TIMEOUT_CFG, 0x000a2090 }, \
+ { MTW_TX_RETRY_CFG, 0x47d01f0f }, \
+ { MTW_TX_LINK_CFG, 0x007f1820 }, \
+ { MTW_HT_FBK_CFG1, 0xedcba980 }, \
+ { MTW_CCK_PROT_CFG, 0x07f40000 }, \
+ { MTW_OFDM_PROT_CFG, 0x07f60000 }, \
+ { MTW_MM20_PROT_CFG, 0x01750003 }, \
+ { MTW_MM40_PROT_CFG, 0x03f50003 }, \
+ { MTW_GF20_PROT_CFG, 0x01750003 }, \
+ { MTW_GF40_PROT_CFG, 0x03f50003 }, \
+ { MTW_EXP_ACK_TIME, 0x002400ca }, \
+ { MTW_TX_PWR_CFG5, 0x00000000 }, \
+ { MTW_TX_PWR_CFG6, 0x01010101 }, \
+ { MTW_TX0_RF_GAIN_CORR, 0x003b0005 }, \
+ { MTW_TX1_RF_GAIN_CORR, 0x00000000 }, \
+ { MTW_TX0_RF_GAIN_ATTEN, 0x00006969 }, \
+ { MTW_TX_ALC_CFG3, 0x6c6c6c6c }, \
+ { MTW_TX_ALC_CFG0, 0x2f2f0005 }, \
+ { MTW_TX_ALC_CFG4, 0x00000400 }, \
+ { MTW_TX_ALC_VGA3, 0x00060006 }, \
+ { MTW_RX_FILTR_CFG, 0x00015f97 }, \
+ { MTW_AUTO_RSP_CFG, 0x00000003 }, \
+ { MTW_LEGACY_BASIC_RATE, 0x0000015f }, \
+ { MTW_HT_BASIC_RATE, 0x00008003 }, \
+ { MTW_RX_MAX_PCNT, 0x0000009f }, \
+ { MTW_WPDMA_GLO_CFG, 0x00000030 }, \
+ { MTW_WMM_AIFSN_CFG, 0x00002273 }, \
+ { MTW_WMM_CWMIN_CFG, 0x00002344 }, \
+ { MTW_WMM_CWMAX_CFG, 0x000034aa }, \
+ { MTW_TSO_CTRL, 0x00000000 }, \
+ { MTW_SYS_CTRL, 0x00080c00 }, \
+ { MTW_FCE_PSE_CTRL, 0x00000001 }, \
+ { MTW_AUX_CLK_CFG, 0x00000000 }, \
+ { MTW_BBP_PA_MODE_CFG0, 0x010055ff }, \
+ { MTW_BBP_PA_MODE_CFG1, 0x00550055 }, \
+ { MTW_RF_PA_MODE_CFG0, 0x010055ff }, \
+ { MTW_RF_PA_MODE_CFG1, 0x00550055 }, \
+ { 0x0a38, 0x00000000 }, \
+ { MTW_BBP_CSR, 0x00000000 }, \
+ { MTW_PBF_CFG, 0x7f723c1f }
+
+/*
+ * Default values for Baseband registers
+ */
+#define MT7601_DEF_BBP \
+ { 1, 0x04 }, \
+ { 4, 0x40 }, \
+ { 20, 0x06 }, \
+ { 31, 0x08 }, \
+ { 178, 0xff }, \
+ { 66, 0x14 }, \
+ { 68, 0x8b }, \
+ { 69, 0x12 }, \
+ { 70, 0x09 }, \
+ { 73, 0x11 }, \
+ { 75, 0x60 }, \
+ { 76, 0x44 }, \
+ { 84, 0x9a }, \
+ { 86, 0x38 }, \
+ { 91, 0x07 }, \
+ { 92, 0x02 }, \
+ { 99, 0x50 }, \
+ { 101, 0x00 }, \
+ { 103, 0xc0 }, \
+ { 104, 0x92 }, \
+ { 105, 0x3c }, \
+ { 106, 0x03 }, \
+ { 128, 0x12 }, \
+ { 142, 0x04 }, \
+ { 143, 0x37 }, \
+ { 142, 0x03 }, \
+ { 143, 0x99 }, \
+ { 160, 0xeb }, \
+ { 161, 0xc4 }, \
+ { 162, 0x77 }, \
+ { 163, 0xf9 }, \
+ { 164, 0x88 }, \
+ { 165, 0x80 }, \
+ { 166, 0xff }, \
+ { 167, 0xe4 }, \
+ { 195, 0x00 }, \
+ { 196, 0x00 }, \
+ { 195, 0x01 }, \
+ { 196, 0x04 }, \
+ { 195, 0x02 }, \
+ { 196, 0x20 }, \
+ { 195, 0x03 }, \
+ { 196, 0x0a }, \
+ { 195, 0x06 }, \
+ { 196, 0x16 }, \
+ { 195, 0x07 }, \
+ { 196, 0x05 }, \
+ { 195, 0x08 }, \
+ { 196, 0x37 }, \
+ { 195, 0x0a }, \
+ { 196, 0x15 }, \
+ { 195, 0x0b }, \
+ { 196, 0x17 }, \
+ { 195, 0x0c }, \
+ { 196, 0x06 }, \
+ { 195, 0x0d }, \
+ { 196, 0x09 }, \
+ { 195, 0x0e }, \
+ { 196, 0x05 }, \
+ { 195, 0x0f }, \
+ { 196, 0x09 }, \
+ { 195, 0x10 }, \
+ { 196, 0x20 }, \
+ { 195, 0x20 }, \
+ { 196, 0x17 }, \
+ { 195, 0x21 }, \
+ { 196, 0x06 }, \
+ { 195, 0x22 }, \
+ { 196, 0x09 }, \
+ { 195, 0x23 }, \
+ { 196, 0x17 }, \
+ { 195, 0x24 }, \
+ { 196, 0x06 }, \
+ { 195, 0x25 }, \
+ { 196, 0x09 }, \
+ { 195, 0x26 }, \
+ { 196, 0x17 }, \
+ { 195, 0x27 }, \
+ { 196, 0x06 }, \
+ { 195, 0x28 }, \
+ { 196, 0x09 }, \
+ { 195, 0x29 }, \
+ { 196, 0x05 }, \
+ { 195, 0x2a }, \
+ { 196, 0x09 }, \
+ { 195, 0x80 }, \
+ { 196, 0x8b }, \
+ { 195, 0x81 }, \
+ { 196, 0x12 }, \
+ { 195, 0x82 }, \
+ { 196, 0x09 }, \
+ { 195, 0x83 }, \
+ { 196, 0x17 }, \
+ { 195, 0x84 }, \
+ { 196, 0x11 }, \
+ { 195, 0x85 }, \
+ { 196, 0x00 }, \
+ { 195, 0x86 }, \
+ { 196, 0x00 }, \
+ { 195, 0x87 }, \
+ { 196, 0x18 }, \
+ { 195, 0x88 }, \
+ { 196, 0x60 }, \
+ { 195, 0x89 }, \
+ { 196, 0x44 }, \
+ { 195, 0x8a }, \
+ { 196, 0x8b }, \
+ { 195, 0x8b }, \
+ { 196, 0x8b }, \
+ { 195, 0x8c }, \
+ { 196, 0x8b }, \
+ { 195, 0x8d }, \
+ { 196, 0x8b }, \
+ { 195, 0x8e }, \
+ { 196, 0x09 }, \
+ { 195, 0x8f }, \
+ { 196, 0x09 }, \
+ { 195, 0x90 }, \
+ { 196, 0x09 }, \
+ { 195, 0x91 }, \
+ { 196, 0x09 }, \
+ { 195, 0x92 }, \
+ { 196, 0x11 }, \
+ { 195, 0x93 }, \
+ { 196, 0x11 }, \
+ { 195, 0x94 }, \
+ { 196, 0x11 }, \
+ { 195, 0x95 }, \
+ { 196, 0x11 }, \
+ { 47, 0x80 }, \
+ { 60, 0x80 }, \
+ { 150, 0xd2 }, \
+ { 151, 0x32 }, \
+ { 152, 0x23 }, \
+ { 153, 0x41 }, \
+ { 154, 0x00 }, \
+ { 155, 0x4f }, \
+ { 253, 0x7e }, \
+ { 195, 0x30 }, \
+ { 196, 0x32 }, \
+ { 195, 0x31 }, \
+ { 196, 0x23 }, \
+ { 195, 0x32 }, \
+ { 196, 0x45 }, \
+ { 195, 0x35 }, \
+ { 196, 0x4a }, \
+ { 195, 0x36 }, \
+ { 196, 0x5a }, \
+ { 195, 0x37 }, \
+ { 196, 0x5a }
+
+/*
+ * Default values for RF registers
+ */
+#define MT7601_BANK0_RF \
+ { 0, 0x02 }, \
+ { 1, 0x01 }, \
+ { 2, 0x11 }, \
+ { 3, 0xff }, \
+ { 4, 0x0a }, \
+ { 5, 0x20 }, \
+ { 6, 0x00 }, \
+ { 7, 0x00 }, \
+ { 8, 0x00 }, \
+ { 9, 0x00 }, \
+ { 10, 0x00 }, \
+ { 11, 0x21 }, \
+ { 13, 0x00 }, \
+ { 14, 0x7c }, \
+ { 15, 0x22 }, \
+ { 16, 0x80 }, \
+ { 17, 0x99 }, \
+ { 18, 0x99 }, \
+ { 19, 0x09 }, \
+ { 20, 0x50 }, \
+ { 21, 0xb0 }, \
+ { 22, 0x00 }, \
+ { 23, 0xc5 }, \
+ { 24, 0xfc }, \
+ { 25, 0x40 }, \
+ { 26, 0x4d }, \
+ { 27, 0x02 }, \
+ { 28, 0x72 }, \
+ { 29, 0x01 }, \
+ { 30, 0x00 }, \
+ { 31, 0x00 }, \
+ { 32, 0x00 }, \
+ { 33, 0x00 }, \
+ { 34, 0x23 }, \
+ { 35, 0x01 }, \
+ { 36, 0x00 }, \
+ { 37, 0x00 }, \
+ { 38, 0x00 }, \
+ { 39, 0x20 }, \
+ { 40, 0x00 }, \
+ { 41, 0xd0 }, \
+ { 42, 0x1b }, \
+ { 43, 0x02 }, \
+ { 44, 0x00 }
+
+#define MT7601_BANK4_RF \
+ { 0, 0x01 }, \
+ { 1, 0x00 }, \
+ { 2, 0x00 }, \
+ { 3, 0x00 }, \
+ { 4, 0x00 }, \
+ { 5, 0x08 }, \
+ { 6, 0x00 }, \
+ { 7, 0x5b }, \
+ { 8, 0x52 }, \
+ { 9, 0xb6 }, \
+ { 10, 0x57 }, \
+ { 11, 0x33 }, \
+ { 12, 0x22 }, \
+ { 13, 0x3d }, \
+ { 14, 0x3e }, \
+ { 15, 0x13 }, \
+ { 16, 0x22 }, \
+ { 17, 0x23 }, \
+ { 18, 0x02 }, \
+ { 19, 0xa4 }, \
+ { 20, 0x01 }, \
+ { 21, 0x12 }, \
+ { 22, 0x80 }, \
+ { 23, 0xb3 }, \
+ { 24, 0x00 }, \
+ { 25, 0x00 }, \
+ { 26, 0x00 }, \
+ { 27, 0x00 }, \
+ { 28, 0x18 }, \
+ { 29, 0xee }, \
+ { 30, 0x6b }, \
+ { 31, 0x31 }, \
+ { 32, 0x5d }, \
+ { 33, 0x00 }, \
+ { 34, 0x96 }, \
+ { 35, 0x55 }, \
+ { 36, 0x08 }, \
+ { 37, 0xbb }, \
+ { 38, 0xb3 }, \
+ { 39, 0xb3 }, \
+ { 40, 0x03 }, \
+ { 41, 0x00 }, \
+ { 42, 0x00 }, \
+ { 43, 0xc5 }, \
+ { 44, 0xc5 }, \
+ { 45, 0xc5 }, \
+ { 46, 0x07 }, \
+ { 47, 0xa8 }, \
+ { 48, 0xef }, \
+ { 49, 0x1a }, \
+ { 54, 0x07 }, \
+ { 55, 0xa7 }, \
+ { 56, 0xcc }, \
+ { 57, 0x14 }, \
+ { 58, 0x07 }, \
+ { 59, 0xa8 }, \
+ { 60, 0xd7 }, \
+ { 61, 0x10 }, \
+ { 62, 0x1c }, \
+ { 63, 0x00 }
+
+#define MT7601_BANK5_RF \
+ { 0, 0x47 }, \
+ { 1, 0x00 }, \
+ { 2, 0x00 }, \
+ { 3, 0x08 }, \
+ { 4, 0x04 }, \
+ { 5, 0x20 }, \
+ { 6, 0x3a }, \
+ { 7, 0x3a }, \
+ { 8, 0x00 }, \
+ { 9, 0x00 }, \
+ { 10, 0x10 }, \
+ { 11, 0x10 }, \
+ { 12, 0x10 }, \
+ { 13, 0x10 }, \
+ { 14, 0x10 }, \
+ { 15, 0x20 }, \
+ { 16, 0x22 }, \
+ { 17, 0x7c }, \
+ { 18, 0x00 }, \
+ { 19, 0x00 }, \
+ { 20, 0x00 }, \
+ { 21, 0xf1 }, \
+ { 22, 0x11 }, \
+ { 23, 0x02 }, \
+ { 24, 0x41 }, \
+ { 25, 0x20 }, \
+ { 26, 0x00 }, \
+ { 27, 0xd7 }, \
+ { 28, 0xa2 }, \
+ { 29, 0x20 }, \
+ { 30, 0x49 }, \
+ { 31, 0x20 }, \
+ { 32, 0x04 }, \
+ { 33, 0xf1 }, \
+ { 34, 0xa1 }, \
+ { 35, 0x01 }, \
+ { 41, 0x00 }, \
+ { 42, 0x00 }, \
+ { 43, 0x00 }, \
+ { 44, 0x00 }, \
+ { 45, 0x00 }, \
+ { 46, 0x00 }, \
+ { 47, 0x00 }, \
+ { 48, 0x00 }, \
+ { 49, 0x00 }, \
+ { 50, 0x00 }, \
+ { 51, 0x00 }, \
+ { 52, 0x00 }, \
+ { 53, 0x00 }, \
+ { 54, 0x00 }, \
+ { 55, 0x00 }, \
+ { 56, 0x00 }, \
+ { 57, 0x00 }, \
+ { 58, 0x31 }, \
+ { 59, 0x31 }, \
+ { 60, 0x0a }, \
+ { 61, 0x02 }, \
+ { 62, 0x00 }, \
+ { 63, 0x00 }
--- /dev/null
+/* $OpenBSD: if_mtw.c,v 1.1 2021/12/20 13:59:02 hastings Exp $ */
+/*
+ * Copyright (c) 2008-2010 Damien Bergamini <damien.bergamini@free.fr>
+ * Copyright (c) 2013-2014 Kevin Lo
+ * Copyright (c) 2021 James Hastings
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * MediaTek MT7601U 802.11b/g/n WLAN.
+ */
+
+#include "bpfilter.h"
+
+#include <sys/param.h>
+#include <sys/sockio.h>
+#include <sys/mbuf.h>
+#include <sys/kernel.h>
+#include <sys/socket.h>
+#include <sys/systm.h>
+#include <sys/timeout.h>
+#include <sys/conf.h>
+#include <sys/device.h>
+#include <sys/endian.h>
+
+#include <machine/intr.h>
+
+#if NBPFILTER > 0
+#include <net/bpf.h>
+#endif
+#include <net/if.h>
+#include <net/if_dl.h>
+#include <net/if_media.h>
+
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+
+#include <net80211/ieee80211_var.h>
+#include <net80211/ieee80211_amrr.h>
+#include <net80211/ieee80211_ra.h>
+#include <net80211/ieee80211_radiotap.h>
+
+#include <dev/usb/usb.h>
+#include <dev/usb/usbdi.h>
+#include <dev/usb/usbdi_util.h>
+#include <dev/usb/usbdevs.h>
+
+#include <dev/ic/mtwreg.h>
+#include <dev/usb/if_mtwvar.h>
+
+#ifdef MTW_DEBUG
+#define DPRINTF(x) do { if (mtw_debug) printf x; } while (0)
+#define DPRINTFN(n, x) do { if (mtw_debug >= (n)) printf x; } while (0)
+int mtw_debug = 0;
+#else
+#define DPRINTF(x)
+#define DPRINTFN(n, x)
+#endif
+
+#define USB_ID(v, p) { USB_VENDOR_##v, USB_PRODUCT_##v##_##p }
+static const struct usb_devno mtw_devs[] = {
+ USB_ID(RALINK, MT7601),
+};
+
+int mtw_match(struct device *, void *, void *);
+void mtw_attach(struct device *, struct device *, void *);
+int mtw_detach(struct device *, int);
+void mtw_attachhook(struct device *);
+int mtw_alloc_rx_ring(struct mtw_softc *, int);
+void mtw_free_rx_ring(struct mtw_softc *, int);
+int mtw_alloc_tx_ring(struct mtw_softc *, int);
+void mtw_free_tx_ring(struct mtw_softc *, int);
+int mtw_alloc_mcu_ring(struct mtw_softc *);
+void mtw_free_mcu_ring(struct mtw_softc *);
+int mtw_ucode_write(struct mtw_softc *, const uint8_t *,
+ uint32_t, uint32_t);
+void mtw_ucode_setup(struct mtw_softc *);
+int mtw_load_microcode(struct mtw_softc *);
+int mtw_reset(struct mtw_softc *);
+int mtw_read(struct mtw_softc *, uint16_t, uint32_t *);
+int mtw_read_cfg(struct mtw_softc *, uint16_t, uint32_t *);
+int mtw_read_region_1(struct mtw_softc *, uint16_t,
+ uint8_t *, int);
+int mtw_write_2(struct mtw_softc *, uint16_t, uint16_t);
+int mtw_write(struct mtw_softc *, uint16_t, uint32_t);
+int mtw_write_cfg(struct mtw_softc *, uint16_t, uint32_t);
+int mtw_write_ivb(struct mtw_softc *, const uint8_t *, uint16_t);
+int mtw_write_region_1(struct mtw_softc *, uint16_t,
+ uint8_t *, int);
+int mtw_set_region_4(struct mtw_softc *, uint16_t, uint32_t, int);
+int mtw_efuse_read_2(struct mtw_softc *, uint16_t, uint16_t *);
+int mtw_eeprom_read_2(struct mtw_softc *, uint16_t, uint16_t *);
+int mtw_rf_read(struct mtw_softc *, uint8_t, uint8_t, uint8_t *);
+int mtw_rf_write(struct mtw_softc *, uint8_t, uint8_t, uint8_t);
+int mtw_bbp_read(struct mtw_softc *, uint8_t, uint8_t *);
+int mtw_bbp_write(struct mtw_softc *, uint8_t, uint8_t);
+int mtw_usb_dma_read(struct mtw_softc *, uint32_t *);
+int mtw_usb_dma_write(struct mtw_softc *, uint32_t);
+int mtw_mcu_calibrate(struct mtw_softc *, int, uint32_t);
+int mtw_mcu_channel(struct mtw_softc *, uint32_t, uint32_t, uint32_t);
+int mtw_mcu_radio(struct mtw_softc *, int, uint32_t);
+int mtw_mcu_cmd(struct mtw_softc *, int, void *, int);
+const char * mtw_get_rf(int);
+void mtw_get_txpower(struct mtw_softc *);
+int mtw_read_eeprom(struct mtw_softc *);
+struct ieee80211_node *mtw_node_alloc(struct ieee80211com *);
+int mtw_media_change(struct ifnet *);
+void mtw_next_scan(void *);
+void mtw_task(void *);
+void mtw_do_async(struct mtw_softc *, void (*)(struct mtw_softc *,
+ void *), void *, int);
+int mtw_newstate(struct ieee80211com *, enum ieee80211_state, int);
+void mtw_newstate_cb(struct mtw_softc *, void *);
+void mtw_updateedca(struct ieee80211com *);
+void mtw_updateedca_cb(struct mtw_softc *, void *);
+void mtw_updateslot(struct ieee80211com *);
+void mtw_updateslot_cb(struct mtw_softc *, void *);
+int mtw_set_key(struct ieee80211com *, struct ieee80211_node *,
+ struct ieee80211_key *);
+void mtw_set_key_cb(struct mtw_softc *, void *);
+void mtw_delete_key(struct ieee80211com *, struct ieee80211_node *,
+ struct ieee80211_key *);
+void mtw_delete_key_cb(struct mtw_softc *, void *);
+void mtw_calibrate_to(void *);
+void mtw_calibrate_cb(struct mtw_softc *, void *);
+void mtw_newassoc(struct ieee80211com *, struct ieee80211_node *,
+ int);
+void mtw_rx_frame(struct mtw_softc *, uint8_t *, int,
+ struct mbuf_list *);
+void mtw_rxeof(struct usbd_xfer *, void *, usbd_status);
+void mtw_txeof(struct usbd_xfer *, void *, usbd_status);
+int mtw_tx(struct mtw_softc *, struct mbuf *,
+ struct ieee80211_node *);
+void mtw_start(struct ifnet *);
+void mtw_watchdog(struct ifnet *);
+int mtw_ioctl(struct ifnet *, u_long, caddr_t);
+void mtw_select_chan_group(struct mtw_softc *, int);
+void mt7601_set_agc(struct mtw_softc *, uint8_t);
+void mt7601_set_chan(struct mtw_softc *, u_int);
+int mtw_set_chan(struct mtw_softc *, struct ieee80211_channel *);
+void mtw_enable_tsf_sync(struct mtw_softc *);
+void mtw_abort_tsf_sync(struct mtw_softc *);
+void mtw_enable_mrr(struct mtw_softc *);
+void mtw_set_txrts(struct mtw_softc *);
+void mtw_set_txpreamble(struct mtw_softc *);
+void mtw_set_basicrates(struct mtw_softc *);
+void mtw_set_leds(struct mtw_softc *, uint16_t);
+void mtw_set_bssid(struct mtw_softc *, const uint8_t *);
+void mtw_set_macaddr(struct mtw_softc *, const uint8_t *);
+#if NBPFILTER > 0
+int8_t mtw_rssi2dbm(struct mtw_softc *, uint8_t, uint8_t);
+#endif
+int mt7601_bbp_init(struct mtw_softc *);
+int mt7601_rf_init(struct mtw_softc *);
+int mt7601_rf_setup(struct mtw_softc *);
+int mt7601_rf_temperature(struct mtw_softc *, int8_t *);
+int mt7601_r49_read(struct mtw_softc *, uint8_t, int8_t *);
+int mt7601_rxdc_cal(struct mtw_softc *);
+int mtw_wlan_enable(struct mtw_softc *, int);
+int mtw_txrx_enable(struct mtw_softc *);
+int mtw_init(struct ifnet *);
+void mtw_stop(struct ifnet *, int);
+
+struct cfdriver mtw_cd = {
+ NULL, "mtw", DV_IFNET
+};
+
+const struct cfattach mtw_ca = {
+ sizeof (struct mtw_softc), mtw_match, mtw_attach, mtw_detach
+};
+
+static const struct {
+ uint32_t reg;
+ uint32_t val;
+} mt7601_def_mac[] = {
+ MT7601_DEF_MAC
+};
+
+static const struct {
+ uint8_t reg;
+ uint8_t val;
+} mt7601_def_bbp[] = {
+ MT7601_DEF_BBP
+};
+
+static const struct {
+ u_int chan;
+ uint8_t r17, r18, r19, r20;
+} mt7601_rf_chan[] = {
+ MT7601_RF_CHAN
+};
+
+static const struct {
+ uint8_t reg;
+ uint8_t val;
+} mt7601_rf_bank0[] = {
+ MT7601_BANK0_RF
+},mt7601_rf_bank4[] = {
+ MT7601_BANK4_RF
+},mt7601_rf_bank5[] = {
+ MT7601_BANK5_RF
+};
+
+int
+mtw_match(struct device *parent, void *match, void *aux)
+{
+ struct usb_attach_arg *uaa = aux;
+
+ if (uaa->iface == NULL || uaa->configno != 1)
+ return UMATCH_NONE;
+
+ return (usb_lookup(mtw_devs, uaa->vendor, uaa->product) != NULL) ?
+ UMATCH_VENDOR_PRODUCT_CONF_IFACE : UMATCH_NONE;
+}
+
+void
+mtw_attach(struct device *parent, struct device *self, void *aux)
+{
+ struct mtw_softc *sc = (struct mtw_softc *)self;
+ struct usb_attach_arg *uaa = aux;
+ usb_interface_descriptor_t *id;
+ usb_endpoint_descriptor_t *ed;
+ int i, error, nrx, ntx, ntries;
+ uint32_t ver;
+
+ sc->sc_udev = uaa->device;
+ sc->sc_iface = uaa->iface;
+
+ /*
+ * Find all bulk endpoints.
+ */
+ nrx = ntx = 0;
+ id = usbd_get_interface_descriptor(sc->sc_iface);
+ for (i = 0; i < id->bNumEndpoints; i++) {
+ ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i);
+ if (ed == NULL || UE_GET_XFERTYPE(ed->bmAttributes) != UE_BULK)
+ continue;
+
+ if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN) {
+ sc->rxq[nrx].pipe_no = ed->bEndpointAddress;
+ nrx++;
+ } else if (ntx < 6) {
+ if (ntx == 0)
+ sc->txq[MTW_TXQ_MCU].pipe_no =
+ ed->bEndpointAddress;
+ else
+ sc->txq[ntx - 1].pipe_no =
+ ed->bEndpointAddress;
+ ntx++;
+ }
+ }
+ /* make sure we've got them all */
+ if (nrx < 2 || ntx < 6) {
+ printf("%s: missing endpoint\n", sc->sc_dev.dv_xname);
+ return;
+ }
+
+ /* wait for the chip to settle */
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read(sc, MTW_ASIC_VER, &ver)) != 0)
+ return;
+ if (ver != 0 && ver != 0xffffffff)
+ break;
+ DPRINTF(("%08x ", ver));
+ DELAY(10);
+ }
+ if (ntries == 100) {
+ printf("%s: timeout waiting for NIC to initialize\n",
+ sc->sc_dev.dv_xname);
+ return;
+ }
+
+ sc->asic_ver = ver >> 16;
+ sc->asic_rev = ver & 0xffff;
+
+ usb_init_task(&sc->sc_task, mtw_task, sc, USB_TASK_TYPE_GENERIC);
+ timeout_set(&sc->scan_to, mtw_next_scan, sc);
+ timeout_set(&sc->calib_to, mtw_calibrate_to, sc);
+
+ sc->amrr.amrr_min_success_threshold = 1;
+ sc->amrr.amrr_max_success_threshold = 10;
+
+ config_mountroot(self, mtw_attachhook);
+}
+
+int
+mtw_detach(struct device *self, int flags)
+{
+ struct mtw_softc *sc = (struct mtw_softc *)self;
+ struct ifnet *ifp = &sc->sc_ic.ic_if;
+ int qid, s;
+
+ s = splusb();
+
+ if (timeout_initialized(&sc->scan_to))
+ timeout_del(&sc->scan_to);
+ if (timeout_initialized(&sc->calib_to))
+ timeout_del(&sc->calib_to);
+
+ /* wait for all queued asynchronous commands to complete */
+ usb_rem_wait_task(sc->sc_udev, &sc->sc_task);
+
+ usbd_ref_wait(sc->sc_udev);
+
+ if (ifp->if_softc != NULL) {
+ ifp->if_flags &= ~IFF_RUNNING;
+ ifq_clr_oactive(&ifp->if_snd);
+ ieee80211_ifdetach(ifp);
+ if_detach(ifp);
+ }
+
+ /* free rings and close pipes */
+ mtw_free_mcu_ring(sc);
+ for (qid = 0; qid < MTW_TXQ_COUNT; qid++)
+ mtw_free_tx_ring(sc, qid);
+ mtw_free_rx_ring(sc, 0);
+ mtw_free_rx_ring(sc, 1);
+
+ splx(s);
+ return 0;
+}
+
+void
+mtw_attachhook(struct device *self)
+{
+ struct mtw_softc *sc = (struct mtw_softc *)self;
+ struct ieee80211com *ic = &sc->sc_ic;
+ struct ifnet *ifp = &ic->ic_if;
+ uint32_t tmp;
+ int ntries, error, i;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return;
+
+ /* enable WLAN core */
+ if ((error = mtw_wlan_enable(sc, 1)) != 0) {
+ printf("%s: could not enable WLAN core\n",
+ sc->sc_dev.dv_xname);
+ return;
+ }
+
+ /* load firmware */
+ if ((error = mtw_load_microcode(sc)) != 0) {
+ printf("%s: could not load microcode\n",
+ sc->sc_dev.dv_xname);
+ goto fail;
+ }
+
+ mtw_usb_dma_read(sc, &tmp);
+ mtw_usb_dma_write(sc, tmp | (MTW_USB_RX_EN | MTW_USB_TX_EN));
+
+ /* read MAC version */
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read(sc, MTW_MAC_VER_ID, &tmp)) != 0)
+ goto fail;
+ if (tmp != 0 && tmp != 0xffffffff)
+ break;
+ DELAY(10);
+ }
+ if (ntries == 100) {
+ printf("%s: failed reading MAC\n", sc->sc_dev.dv_xname);
+ goto fail;
+ }
+
+ sc->mac_ver = tmp >> 16;
+ sc->mac_rev = tmp & 0xffff;
+
+ /* retrieve RF rev. no and various other things from EEPROM */
+ mtw_read_eeprom(sc);
+
+ printf("%s: MAC/BBP MT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), "
+ "address %s\n", sc->sc_dev.dv_xname, sc->mac_ver,
+ sc->mac_rev, mtw_get_rf(sc->rf_rev), sc->ntxchains,
+ sc->nrxchains, ether_sprintf(ic->ic_myaddr));
+
+ ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
+ ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
+ ic->ic_state = IEEE80211_S_INIT;
+
+ /* set device capabilities */
+ ic->ic_caps =
+ IEEE80211_C_MONITOR | /* monitor mode supported */
+ IEEE80211_C_SHPREAMBLE | /* short preamble supported */
+ IEEE80211_C_SHSLOT | /* short slot time supported */
+ IEEE80211_C_WEP | /* WEP */
+ IEEE80211_C_RSN; /* WPA/RSN */
+
+ /* set supported .11b and .11g rates */
+ ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b;
+ ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g;
+
+ /* set supported .11b and .11g channels (1 through 14) */
+ for (i = 1; i <= 14; i++) {
+ ic->ic_channels[i].ic_freq =
+ ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
+ ic->ic_channels[i].ic_flags =
+ IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
+ IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
+ }
+
+ ifp->if_softc = sc;
+ ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
+ ifp->if_ioctl = mtw_ioctl;
+ ifp->if_start = mtw_start;
+ ifp->if_watchdog = mtw_watchdog;
+ memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ);
+
+ if_attach(ifp);
+ ieee80211_ifattach(ifp);
+ ic->ic_node_alloc = mtw_node_alloc;
+ ic->ic_newassoc = mtw_newassoc;
+ ic->ic_updateslot = mtw_updateslot;
+ ic->ic_updateedca = mtw_updateedca;
+ ic->ic_set_key = mtw_set_key;
+ ic->ic_delete_key = mtw_delete_key;
+
+ /* override 802.11 state transition machine */
+ sc->sc_newstate = ic->ic_newstate;
+ ic->ic_newstate = mtw_newstate;
+ ieee80211_media_init(ifp, mtw_media_change, ieee80211_media_status);
+
+#if NBPFILTER > 0
+ bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO,
+ sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN);
+
+ sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
+ sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
+ sc->sc_rxtap.wr_ihdr.it_present = htole32(MTW_RX_RADIOTAP_PRESENT);
+
+ sc->sc_txtap_len = sizeof sc->sc_txtapu;
+ sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
+ sc->sc_txtap.wt_ihdr.it_present = htole32(MTW_TX_RADIOTAP_PRESENT);
+#endif
+fail:
+ return;
+}
+
+int
+mtw_alloc_rx_ring(struct mtw_softc *sc, int qid)
+{
+ struct mtw_rx_ring *rxq = &sc->rxq[qid];
+ int i, error;
+
+ if ((error = usbd_open_pipe(sc->sc_iface, rxq->pipe_no, 0,
+ &rxq->pipeh)) != 0)
+ goto fail;
+
+ for (i = 0; i < MTW_RX_RING_COUNT; i++) {
+ struct mtw_rx_data *data = &rxq->data[i];
+
+ data->sc = sc; /* backpointer for callbacks */
+
+ data->xfer = usbd_alloc_xfer(sc->sc_udev);
+ if (data->xfer == NULL) {
+ error = ENOMEM;
+ goto fail;
+ }
+ data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_RXSZ);
+ if (data->buf == NULL) {
+ error = ENOMEM;
+ goto fail;
+ }
+ }
+ if (error != 0)
+fail: mtw_free_rx_ring(sc, 0);
+ return error;
+}
+
+void
+mtw_free_rx_ring(struct mtw_softc *sc, int qid)
+{
+ struct mtw_rx_ring *rxq = &sc->rxq[qid];
+ int i;
+
+ if (rxq->pipeh != NULL) {
+ usbd_close_pipe(rxq->pipeh);
+ rxq->pipeh = NULL;
+ }
+ for (i = 0; i < MTW_RX_RING_COUNT; i++) {
+ if (rxq->data[i].xfer != NULL)
+ usbd_free_xfer(rxq->data[i].xfer);
+ rxq->data[i].xfer = NULL;
+ }
+}
+
+int
+mtw_alloc_tx_ring(struct mtw_softc *sc, int qid)
+{
+ struct mtw_tx_ring *txq = &sc->txq[qid];
+ int i, error;
+ uint16_t txwisize;
+
+ txwisize = sizeof(struct mtw_txwi);
+
+ txq->cur = txq->queued = 0;
+
+ if ((error = usbd_open_pipe(sc->sc_iface, txq->pipe_no, 0,
+ &txq->pipeh)) != 0)
+ goto fail;
+
+ for (i = 0; i < MTW_TX_RING_COUNT; i++) {
+ struct mtw_tx_data *data = &txq->data[i];
+
+ data->sc = sc; /* backpointer for callbacks */
+ data->qid = qid;
+
+ data->xfer = usbd_alloc_xfer(sc->sc_udev);
+ if (data->xfer == NULL) {
+ error = ENOMEM;
+ goto fail;
+ }
+
+ data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ);
+ if (data->buf == NULL) {
+ error = ENOMEM;
+ goto fail;
+ }
+
+ /* zeroize the TXD + TXWI part */
+ memset(data->buf, 0, MTW_MAX_TXSZ);
+ }
+ if (error != 0)
+fail: mtw_free_tx_ring(sc, qid);
+ return error;
+}
+
+void
+mtw_free_tx_ring(struct mtw_softc *sc, int qid)
+{
+ struct mtw_tx_ring *txq = &sc->txq[qid];
+ int i;
+
+ if (txq->pipeh != NULL) {
+ usbd_close_pipe(txq->pipeh);
+ txq->pipeh = NULL;
+ }
+ for (i = 0; i < MTW_TX_RING_COUNT; i++) {
+ if (txq->data[i].xfer != NULL)
+ usbd_free_xfer(txq->data[i].xfer);
+ txq->data[i].xfer = NULL;
+ }
+}
+
+int
+mtw_alloc_mcu_ring(struct mtw_softc *sc)
+{
+ struct mtw_tx_ring *ring = &sc->sc_mcu;
+ struct mtw_tx_data *data = &ring->data[0];
+ int error = 0;
+
+ ring->cur = ring->queued = 0;
+
+ data->sc = sc; /* backpointer for callbacks */
+ data->qid = 5;
+
+ data->xfer = usbd_alloc_xfer(sc->sc_udev);
+ if (data->xfer == NULL) {
+ error = ENOMEM;
+ goto fail;
+ }
+
+ data->buf = usbd_alloc_buffer(data->xfer, MTW_MAX_TXSZ);
+ if (data->buf == NULL) {
+ error = ENOMEM;
+ goto fail;
+ }
+ /* zeroize the TXD */
+ memset(data->buf, 0, 4);
+
+ if (error != 0)
+fail: mtw_free_mcu_ring(sc);
+ return error;
+
+
+}
+void
+mtw_free_mcu_ring(struct mtw_softc *sc)
+{
+ struct mtw_tx_ring *txq = &sc->sc_mcu;
+
+ if (txq->data[0].xfer != NULL)
+ usbd_free_xfer(txq->data[0].xfer);
+ txq->data[0].xfer = NULL;
+}
+
+int
+mtw_ucode_write(struct mtw_softc *sc, const uint8_t *fw, uint32_t len,
+ uint32_t offset)
+{
+ struct mtw_tx_ring *ring = &sc->txq[MTW_TXQ_MCU];
+ struct usbd_xfer *xfer;
+ struct mtw_txd *txd;
+ uint8_t *buf;
+ uint32_t blksz, sent, tmp, xferlen;
+ int error;
+
+ blksz = 0x2000;
+ if (sc->asic_ver == 0x7612 && offset >= 0x90000)
+ blksz = 0x800; /* MT7612 ROM Patch */
+
+ xfer = usbd_alloc_xfer(sc->sc_udev);
+ if (xfer == NULL) {
+ error = ENOMEM;
+ goto fail;
+ }
+ buf = usbd_alloc_buffer(xfer, blksz + 12);
+ if (buf == NULL) {
+ error = ENOMEM;
+ goto fail;
+ }
+
+ sent = 0;
+ for (;;) {
+ xferlen = min(len - sent, blksz);
+ if (xferlen == 0)
+ break;
+
+ txd = (struct mtw_txd *)buf;
+ txd->len = htole16(xferlen);
+ txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_MCU);
+
+ memcpy(buf + sizeof(struct mtw_txd), fw + sent, xferlen);
+ memset(buf + sizeof(struct mtw_txd) + xferlen, 0, MTW_DMA_PAD);
+ mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, offset + sent);
+ mtw_write_cfg(sc, MTW_MCU_DMA_LEN, (xferlen << 16));
+
+ usbd_setup_xfer(xfer, ring->pipeh, NULL, buf,
+ xferlen + sizeof(struct mtw_txd) + MTW_DMA_PAD,
+ USBD_SHORT_XFER_OK | USBD_SYNCHRONOUS | USBD_NO_COPY,
+ MTW_TX_TIMEOUT, NULL);
+ if ((error = usbd_transfer(xfer)) != 0)
+ break;
+
+ mtw_read_cfg(sc, MTW_MCU_DMA_LEN, &tmp);
+
+ mtw_read(sc, MTW_MCU_FW_IDX, &tmp);
+ mtw_write(sc, MTW_MCU_FW_IDX, tmp++);
+
+ sent += xferlen;
+ }
+fail:
+ if (xfer != NULL) {
+ usbd_free_xfer(xfer);
+ xfer = NULL;
+ }
+ return error;
+}
+
+void
+mtw_ucode_setup(struct mtw_softc *sc)
+{
+ mtw_usb_dma_write(sc, (MTW_USB_TX_EN | MTW_USB_RX_EN));
+ mtw_write(sc, MTW_FCE_PSE_CTRL, 1);
+ mtw_write(sc, MTW_TX_CPU_FCE_BASE, 0x400230);
+ mtw_write(sc, MTW_TX_CPU_FCE_MAX_COUNT, 1);
+ mtw_write(sc, MTW_MCU_FW_IDX, 1);
+ mtw_write(sc, MTW_FCE_PDMA, 0x44);
+ mtw_write(sc, MTW_FCE_SKIP_FS, 3);
+}
+
+int
+mtw_load_microcode(struct mtw_softc *sc)
+{
+ const struct mtw_ucode_hdr *hdr;
+ const struct mtw_ucode *fw;
+ const char *fwname;
+ u_char *ucode;
+ size_t size;
+ uint32_t tmp, iofs, dofs;
+ int ntries, error;
+ int dlen, ilen;
+
+ /* is firmware already running? */
+ mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp);
+ if (tmp == MTW_MCU_READY)
+ return 0;
+
+ /* open MCU pipe */
+ if ((error = usbd_open_pipe(sc->sc_iface, sc->txq[MTW_TXQ_MCU].pipe_no,
+ 0, &sc->txq[MTW_TXQ_MCU].pipeh)) != 0)
+ return error;
+
+ if (sc->asic_ver == 0x7612) {
+ fwname = "mtw-mt7662u_rom_patch";
+
+ if ((error = loadfirmware(fwname, &ucode, &size)) != 0) {
+ printf("%s: failed loadfirmware of file %s (error %d)\n",
+ sc->sc_dev.dv_xname, fwname, error);
+ return error;
+ }
+ fw = (const struct mtw_ucode *) ucode + 0x1e;
+ ilen = size - 0x1e;
+
+ mtw_ucode_setup(sc);
+
+ if ((error = mtw_ucode_write(sc, fw->data, ilen, 0x90000)) != 0)
+ goto fail;
+
+ mtw_read_cfg(sc, 0x0208, &tmp);
+ mtw_usb_dma_write(sc, 0x00e41814);
+ free(ucode, M_DEVBUF, size);
+ }
+
+ fwname = "mtw-mt7601u";
+ iofs = 0x40;
+ dofs = 0;
+ if (sc->asic_ver == 0x7612) {
+ fwname = "mtw-mt7662u";
+ iofs = 0x80040;
+ dofs = 0x110800;
+ } else if (sc->asic_ver == 0x7610) {
+ fwname = "mtw-mt7610u";
+ dofs = 0x80000;
+ }
+
+ if ((error = loadfirmware(fwname, &ucode, &size)) != 0) {
+ printf("%s: failed loadfirmware of file %s (error %d)\n",
+ sc->sc_dev.dv_xname, fwname, error);
+ return error;
+ }
+
+ if (size < sizeof(struct mtw_ucode_hdr)) {
+ printf("%s: firmware header too short\n",
+ sc->sc_dev.dv_xname);
+ goto fail;
+ }
+
+ fw = (const struct mtw_ucode *) ucode;
+ hdr = (const struct mtw_ucode_hdr *) &fw->hdr;
+
+ if (size < sizeof(struct mtw_ucode_hdr) + letoh32(hdr->ilm_len) +
+ letoh32(hdr->dlm_len)) {
+ printf("%s: firmware payload too short\n",
+ sc->sc_dev.dv_xname);
+ goto fail;
+ }
+
+ ilen = le32toh(hdr->ilm_len) - MTW_MCU_IVB_LEN;
+ dlen = le32toh(hdr->dlm_len);
+
+ if (ilen > size || dlen > size) {
+ printf("%s: firmware payload too large\n",
+ sc->sc_dev.dv_xname);
+ goto fail;
+ }
+
+ mtw_write(sc, MTW_FCE_PDMA, 0);
+ mtw_write(sc, MTW_FCE_PSE_CTRL, 0);
+ mtw_ucode_setup(sc);
+
+ if ((error = mtw_ucode_write(sc, fw->data, ilen, iofs)) != 0)
+ goto fail;
+ if (dlen > 0 && dofs > 0) {
+ if ((error = mtw_ucode_write(sc, fw->data + ilen,
+ dlen, dofs)) != 0)
+ goto fail;
+ }
+
+ /* write interrupt vectors */
+ if (sc->asic_ver == 0x7612) {
+ /* MT7612 */
+ if ((error = mtw_ucode_write(sc, fw->ivb,
+ MTW_MCU_IVB_LEN, 0x80000)) != 0)
+ goto fail;
+ mtw_write_cfg(sc, MTW_MCU_DMA_ADDR, 0x00095000);
+ mtw_write_ivb(sc, NULL, 0);
+ } else {
+ /* MT7601/MT7610 */
+ if ((error = mtw_write_ivb(sc, fw->ivb,
+ MTW_MCU_IVB_LEN)) != 0)
+ goto fail;
+ }
+
+ /* wait until microcontroller is ready */
+ usbd_delay_ms(sc->sc_udev, 10);
+
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read_cfg(sc, MTW_MCU_DMA_ADDR, &tmp)) != 0)
+ return error;
+ if (tmp & MTW_MCU_READY)
+ break;
+ usbd_delay_ms(sc->sc_udev, 100);
+ }
+
+ if (ntries == 100) {
+ printf("%s: timeout waiting for MCU to initialize\n",
+ sc->sc_dev.dv_xname);
+ error = ETIMEDOUT;
+ }
+
+ DPRINTF(("%s: loaded firmware ver %d.%d\n", sc->sc_dev.dv_xname,
+ le16toh(hdr->build_ver), le16toh(hdr->fw_ver)));
+fail:
+ free(ucode, M_DEVBUF, size);
+ usbd_close_pipe(sc->txq[MTW_TXQ_MCU].pipeh);
+ sc->txq[MTW_TXQ_MCU].pipeh = NULL;
+ return error;
+}
+
+int
+mtw_reset(struct mtw_softc *sc)
+{
+ usb_device_request_t req;
+
+ req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
+ req.bRequest = MTW_RESET;
+ USETW(req.wValue, 1);
+ USETW(req.wIndex, 0);
+ USETW(req.wLength, 0);
+ return usbd_do_request(sc->sc_udev, &req, NULL);
+}
+
+int
+mtw_read(struct mtw_softc *sc, uint16_t reg, uint32_t *val)
+{
+ uint32_t tmp;
+ int error;
+
+ error = mtw_read_region_1(sc, reg,
+ (uint8_t *)&tmp, sizeof tmp);
+ if (error == 0)
+ *val = letoh32(tmp);
+ else
+ *val = 0xffffffff;
+ return error;
+}
+
+int
+mtw_read_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t *val)
+{
+ usb_device_request_t req;
+ uint32_t tmp;
+ int error;
+
+ req.bmRequestType = UT_READ_VENDOR_DEVICE;
+ req.bRequest = MTW_READ_CFG;
+ USETW(req.wValue, 0);
+ USETW(req.wIndex, reg);
+ USETW(req.wLength, 4);
+ error = usbd_do_request(sc->sc_udev, &req, &tmp);
+
+ if (error == 0)
+ *val = letoh32(tmp);
+ else
+ *val = 0xffffffff;
+ return error;
+}
+
+int
+mtw_read_region_1(struct mtw_softc *sc, uint16_t reg,
+ uint8_t *buf, int len)
+{
+ usb_device_request_t req;
+
+ req.bmRequestType = UT_READ_VENDOR_DEVICE;
+ req.bRequest = MTW_READ_REGION_1;
+ USETW(req.wValue, 0);
+ USETW(req.wIndex, reg);
+ USETW(req.wLength, len);
+ return usbd_do_request(sc->sc_udev, &req, buf);
+}
+
+int
+mtw_write_2(struct mtw_softc *sc, uint16_t reg, uint16_t val)
+{
+ usb_device_request_t req;
+
+ req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
+ req.bRequest = MTW_WRITE_2;
+ USETW(req.wValue, val);
+ USETW(req.wIndex, reg);
+ USETW(req.wLength, 0);
+ return usbd_do_request(sc->sc_udev, &req, NULL);
+}
+
+int
+mtw_write(struct mtw_softc *sc, uint16_t reg, uint32_t val)
+{
+ int error;
+
+ if ((error = mtw_write_2(sc, reg, val & 0xffff)) == 0)
+ error = mtw_write_2(sc, reg + 2, val >> 16);
+ return error;
+}
+
+int
+mtw_write_cfg(struct mtw_softc *sc, uint16_t reg, uint32_t val)
+{
+ usb_device_request_t req;
+ int error;
+
+ req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
+ req.bRequest = MTW_WRITE_CFG;
+ USETW(req.wValue, 0);
+ USETW(req.wIndex, reg);
+ USETW(req.wLength, 4);
+ error = usbd_do_request(sc->sc_udev, &req, &val);
+ return error;
+}
+
+int
+mtw_write_ivb(struct mtw_softc *sc, const uint8_t *buf, uint16_t len)
+{
+ usb_device_request_t req;
+
+ req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
+ req.bRequest = MTW_RESET;
+ USETW(req.wValue, 0x12);
+ USETW(req.wIndex, 0);
+ USETW(req.wLength, len);
+ return usbd_do_request(sc->sc_udev, &req, (void *)buf);
+}
+
+int
+mtw_write_region_1(struct mtw_softc *sc, uint16_t reg,
+ uint8_t *buf, int len)
+{
+ usb_device_request_t req;
+
+ req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
+ req.bRequest = MTW_WRITE_REGION_1;
+ USETW(req.wValue, 0);
+ USETW(req.wIndex, reg);
+ USETW(req.wLength, len);
+ return usbd_do_request(sc->sc_udev, &req, buf);
+}
+
+int
+mtw_set_region_4(struct mtw_softc *sc, uint16_t reg, uint32_t val, int count)
+{
+ int error = 0;
+
+ for (; count > 0 && error == 0; count--, reg += 4)
+ error = mtw_write(sc, reg, val);
+ return error;
+}
+
+/* Read 16-bit from eFUSE ROM. */
+int
+mtw_efuse_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val)
+{
+ uint32_t tmp;
+ uint16_t reg;
+ int error, ntries;
+
+ if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0)
+ return error;
+
+ addr *= 2;
+ /*
+ * Read one 16-byte block into registers EFUSE_DATA[0-3]:
+ * DATA0: 3 2 1 0
+ * DATA1: 7 6 5 4
+ * DATA2: B A 9 8
+ * DATA3: F E D C
+ */
+ tmp &= ~(MTW_EFSROM_MODE_MASK | MTW_EFSROM_AIN_MASK);
+ tmp |= (addr & ~0xf) << MTW_EFSROM_AIN_SHIFT | MTW_EFSROM_KICK;
+ mtw_write(sc, MTW_EFUSE_CTRL, tmp);
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read(sc, MTW_EFUSE_CTRL, &tmp)) != 0)
+ return error;
+ if (!(tmp & MTW_EFSROM_KICK))
+ break;
+ DELAY(2);
+ }
+ if (ntries == 100)
+ return ETIMEDOUT;
+
+ if ((tmp & MTW_EFUSE_AOUT_MASK) == MTW_EFUSE_AOUT_MASK) {
+ *val = 0xffff; /* address not found */
+ return 0;
+ }
+ /* determine to which 32-bit register our 16-bit word belongs */
+ reg = MTW_EFUSE_DATA0 + (addr & 0xc);
+ if ((error = mtw_read(sc, reg, &tmp)) != 0)
+ return error;
+
+ *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff;
+ return 0;
+}
+
+int
+mtw_eeprom_read_2(struct mtw_softc *sc, uint16_t addr, uint16_t *val)
+{
+ usb_device_request_t req;
+ uint16_t tmp;
+ int error;
+
+ addr *= 2;
+ req.bmRequestType = UT_READ_VENDOR_DEVICE;
+ req.bRequest = MTW_EEPROM_READ;
+ USETW(req.wValue, 0);
+ USETW(req.wIndex, addr);
+ USETW(req.wLength, sizeof tmp);
+ error = usbd_do_request(sc->sc_udev, &req, &tmp);
+ if (error == 0)
+ *val = letoh16(tmp);
+ else
+ *val = 0xffff;
+ return error;
+}
+
+static __inline int
+mtw_srom_read(struct mtw_softc *sc, uint16_t addr, uint16_t *val)
+{
+ /* either eFUSE ROM or EEPROM */
+ return sc->sc_srom_read(sc, addr, val);
+}
+
+int
+mtw_rf_read(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t *val)
+{
+ uint32_t tmp;
+ int error, ntries, shift;
+
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0)
+ return error;
+ if (!(tmp & MTW_RF_CSR_KICK))
+ break;
+ }
+ if (ntries == 100)
+ return ETIMEDOUT;
+
+ if (sc->mac_ver == 0x7601)
+ shift = MT7601_BANK_SHIFT;
+ else
+ shift = MT7610_BANK_SHIFT;
+
+ tmp = MTW_RF_CSR_KICK | (bank & 0xf) << shift | reg << 8;
+ if ((error = mtw_write(sc, MTW_RF_CSR, tmp)) != 0)
+ return error;
+
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0)
+ return error;
+ if (!(tmp & MTW_RF_CSR_KICK))
+ break;
+ }
+ if (ntries == 100)
+ return ETIMEDOUT;
+
+ *val = tmp & 0xff;
+ return 0;
+}
+
+int
+mtw_rf_write(struct mtw_softc *sc, uint8_t bank, uint8_t reg, uint8_t val)
+{
+ uint32_t tmp;
+ int error, ntries, shift;
+
+ for (ntries = 0; ntries < 10; ntries++) {
+ if ((error = mtw_read(sc, MTW_RF_CSR, &tmp)) != 0)
+ return error;
+ if (!(tmp & MTW_RF_CSR_KICK))
+ break;
+ }
+ if (ntries == 10)
+ return ETIMEDOUT;
+
+ if (sc->mac_ver == 0x7601)
+ shift = MT7601_BANK_SHIFT;
+ else
+ shift = MT7610_BANK_SHIFT;
+
+ tmp = MTW_RF_CSR_WRITE | MTW_RF_CSR_KICK | (bank & 0xf) << shift |
+ reg << 8 | val;
+ return mtw_write(sc, MTW_RF_CSR, tmp);
+}
+
+int
+mtw_bbp_read(struct mtw_softc *sc, uint8_t reg, uint8_t *val)
+{
+ uint32_t tmp;
+ int ntries, error;
+
+ for (ntries = 0; ntries < 10; ntries++) {
+ if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0)
+ return error;
+ if (!(tmp & MTW_BBP_CSR_KICK))
+ break;
+ }
+ if (ntries == 10)
+ return ETIMEDOUT;
+
+ tmp = MTW_BBP_CSR_READ | MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT;
+ if ((error = mtw_write(sc, MTW_BBP_CSR, tmp)) != 0)
+ return error;
+
+ for (ntries = 0; ntries < 10; ntries++) {
+ if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0)
+ return error;
+ if (!(tmp & MTW_BBP_CSR_KICK))
+ break;
+ }
+ if (ntries == 10)
+ return ETIMEDOUT;
+
+ *val = tmp & 0xff;
+ return 0;
+}
+
+int
+mtw_bbp_write(struct mtw_softc *sc, uint8_t reg, uint8_t val)
+{
+ uint32_t tmp;
+ int ntries, error;
+
+ for (ntries = 0; ntries < 10; ntries++) {
+ if ((error = mtw_read(sc, MTW_BBP_CSR, &tmp)) != 0)
+ return error;
+ if (!(tmp & MTW_BBP_CSR_KICK))
+ break;
+ }
+ if (ntries == 10)
+ return ETIMEDOUT;
+
+ tmp = MTW_BBP_CSR_KICK | reg << MTW_BBP_ADDR_SHIFT | val;
+ return mtw_write(sc, MTW_BBP_CSR, tmp);
+}
+
+int
+mtw_usb_dma_read(struct mtw_softc *sc, uint32_t *val)
+{
+ if (sc->asic_ver == 0x7612)
+ return mtw_read_cfg(sc, MTW_USB_U3DMA_CFG, val);
+ else
+ return mtw_read(sc, MTW_USB_DMA_CFG, val);
+}
+
+int
+mtw_usb_dma_write(struct mtw_softc *sc, uint32_t val)
+{
+ if (sc->asic_ver == 0x7612)
+ return mtw_write_cfg(sc, MTW_USB_U3DMA_CFG, val);
+ else
+ return mtw_write(sc, MTW_USB_DMA_CFG, val);
+}
+
+int
+mtw_mcu_calibrate(struct mtw_softc *sc, int func, uint32_t val)
+{
+ struct mtw_mcu_cmd_8 cmd;
+
+ cmd.func = htole32(func);
+ cmd.val = htole32(val);
+ return mtw_mcu_cmd(sc, 31, &cmd, sizeof(struct mtw_mcu_cmd_8));
+}
+
+int
+mtw_mcu_channel(struct mtw_softc *sc, uint32_t r1, uint32_t r2, uint32_t r4)
+{
+ struct mtw_mcu_cmd_16 cmd;
+
+ cmd.r1 = htole32(r1);
+ cmd.r2 = htole32(r2);
+ cmd.r3 = 0;
+ cmd.r4 = htole32(r4);
+ return mtw_mcu_cmd(sc, 30, &cmd, sizeof(struct mtw_mcu_cmd_16));
+}
+
+int
+mtw_mcu_radio(struct mtw_softc *sc, int func, uint32_t val)
+{
+ struct mtw_mcu_cmd_16 cmd;
+
+ cmd.r1 = htole32(func);
+ cmd.r2 = htole32(val);
+ cmd.r3 = 0;
+ cmd.r4 = 0;
+ return mtw_mcu_cmd(sc, 20, &cmd, sizeof(struct mtw_mcu_cmd_16));
+}
+
+int
+mtw_mcu_cmd(struct mtw_softc *sc, int cmd, void *buf, int len)
+{
+ struct mtw_tx_ring *ring = &sc->sc_mcu;
+ struct mtw_tx_data *data = &ring->data[0];
+ struct mtw_txd *txd;
+ int xferlen;
+
+ txd = (struct mtw_txd *)(data->buf);
+ txd->len = htole16(len);
+ txd->flags = htole16(MTW_TXD_CMD | MTW_TXD_MCU |
+ (cmd & 0x1f) << MTW_TXD_CMD_SHIFT | (sc->cmd_seq & 0xf));
+
+ memcpy(&txd[1], buf, len);
+ memset(&txd[1] + len, 0, MTW_DMA_PAD);
+ xferlen = len + sizeof(struct mtw_txd) + MTW_DMA_PAD;
+
+ usbd_setup_xfer(data->xfer, sc->txq[MTW_TXQ_MCU].pipeh,
+ NULL, data->buf, xferlen,
+ USBD_SHORT_XFER_OK | USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS,
+ MTW_TX_TIMEOUT, NULL);
+ return usbd_transfer(data->xfer);
+}
+
+/*
+ * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
+ * Used to adjust per-rate Tx power registers.
+ */
+static __inline uint32_t
+b4inc(uint32_t b32, int8_t delta)
+{
+ int8_t i, b4;
+
+ for (i = 0; i < 8; i++) {
+ b4 = b32 & 0xf;
+ b4 += delta;
+ if (b4 < 0)
+ b4 = 0;
+ else if (b4 > 0xf)
+ b4 = 0xf;
+ b32 = b32 >> 4 | b4 << 28;
+ }
+ return b32;
+}
+
+const char *
+mtw_get_rf(int rev)
+{
+ switch (rev) {
+ case MT7601_RF_7601: return "MT7601";
+ case MT7610_RF_7610: return "MT7610";
+ case MT7612_RF_7612: return "MT7612";
+ }
+ return "unknown";
+}
+
+void
+mtw_get_txpower(struct mtw_softc *sc)
+{
+ uint16_t val;
+ int i;
+
+ /* Read power settings for 2GHz channels. */
+ for (i = 0; i < 14; i += 2) {
+ mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
+ sc->txpow1[i + 0] = (int8_t)(val & 0xff);
+ sc->txpow1[i + 1] = (int8_t)(val >> 8);
+ mtw_srom_read(sc, MTW_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
+ sc->txpow2[i + 0] = (int8_t)(val & 0xff);
+ sc->txpow2[i + 1] = (int8_t)(val >> 8);
+ }
+ /* Fix broken Tx power entries. */
+ for (i = 0; i < 14; i++) {
+ if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
+ sc->txpow1[i] = 5;
+ if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
+ sc->txpow2[i] = 5;
+ DPRINTF(("chan %d: power1=%d, power2=%d\n",
+ mt7601_rf_chan[i].chan, sc->txpow1[i], sc->txpow2[i]));
+ }
+#if 0
+ /* Read power settings for 5GHz channels. */
+ for (i = 0; i < 40; i += 2) {
+ mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
+ sc->txpow1[i + 14] = (int8_t)(val & 0xff);
+ sc->txpow1[i + 15] = (int8_t)(val >> 8);
+
+ mtw_srom_read(sc, MTW_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
+ sc->txpow2[i + 14] = (int8_t)(val & 0xff);
+ sc->txpow2[i + 15] = (int8_t)(val >> 8);
+ }
+ /* Fix broken Tx power entries. */
+ for (i = 0; i < 40; i++ ) {
+ if (sc->mac_ver != 0x5592) {
+ if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
+ sc->txpow1[14 + i] = 5;
+ if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
+ sc->txpow2[14 + i] = 5;
+ }
+ DPRINTF(("chan %d: power1=%d, power2=%d\n",
+ mt7601_rf_chan[14 + i].chan, sc->txpow1[14 + i],
+ sc->txpow2[14 + i]));
+ }
+#endif
+}
+
+int
+mtw_read_eeprom(struct mtw_softc *sc)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ int8_t delta_2ghz, delta_5ghz;
+ uint16_t val;
+ int ridx, ant;
+
+ sc->sc_srom_read = mtw_efuse_read_2;
+
+ /* read RF information */
+ mtw_srom_read(sc, MTW_EEPROM_CHIPID, &val);
+ sc->rf_rev = val;
+ mtw_srom_read(sc, MTW_EEPROM_ANTENNA, &val);
+ sc->ntxchains = (val >> 4) & 0xf;
+ sc->nrxchains = val & 0xf;
+ DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n",
+ sc->rf_rev, sc->ntxchains, sc->nrxchains));
+
+ /* read ROM version */
+ mtw_srom_read(sc, MTW_EEPROM_VERSION, &val);
+ DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8));
+
+ /* read MAC address */
+ mtw_srom_read(sc, MTW_EEPROM_MAC01, &val);
+ ic->ic_myaddr[0] = val & 0xff;
+ ic->ic_myaddr[1] = val >> 8;
+ mtw_srom_read(sc, MTW_EEPROM_MAC23, &val);
+ ic->ic_myaddr[2] = val & 0xff;
+ ic->ic_myaddr[3] = val >> 8;
+ mtw_srom_read(sc, MTW_EEPROM_MAC45, &val);
+ ic->ic_myaddr[4] = val & 0xff;
+ ic->ic_myaddr[5] = val >> 8;
+#if 0
+ printf("eFUSE ROM\n00: ");
+ for (int i = 0; i < 256; i++) {
+ if (((i % 8) == 0) && i > 0)
+ printf("\n%02x: ", i);
+ mtw_srom_read(sc, i, &val);
+ printf(" %04x", val);
+ }
+ printf("\n");
+#endif
+ /* check if RF supports automatic Tx access gain control */
+ mtw_srom_read(sc, MTW_EEPROM_CONFIG, &val);
+ DPRINTF(("EEPROM CFG 0x%04x\n", val));
+ if ((val & 0xff) != 0xff) {
+ sc->ext_5ghz_lna = (val >> 3) & 1;
+ sc->ext_2ghz_lna = (val >> 2) & 1;
+ /* check if RF supports automatic Tx access gain control */
+ sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
+ /* check if we have a hardware radio switch */
+ sc->rfswitch = val & 1;
+ }
+
+ /* read RF frequency offset from EEPROM */
+ mtw_srom_read(sc, MTW_EEPROM_FREQ_OFFSET, &val);
+ if ((val & 0xff) != 0xff)
+ sc->rf_freq_offset = val;
+ else
+ sc->rf_freq_offset = 0;
+ DPRINTF(("frequency offset 0x%x\n", sc->rf_freq_offset));
+
+ /* Read Tx power settings. */
+ mtw_get_txpower(sc);
+
+ /* read Tx power compensation for each Tx rate */
+ mtw_srom_read(sc, MTW_EEPROM_DELTAPWR, &val);
+ delta_2ghz = delta_5ghz = 0;
+ if ((val & 0xff) != 0xff && (val & 0x80)) {
+ delta_2ghz = val & 0xf;
+ if (!(val & 0x40)) /* negative number */
+ delta_2ghz = -delta_2ghz;
+ }
+ val >>= 8;
+ if ((val & 0xff) != 0xff && (val & 0x80)) {
+ delta_5ghz = val & 0xf;
+ if (!(val & 0x40)) /* negative number */
+ delta_5ghz = -delta_5ghz;
+ }
+ DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n",
+ delta_2ghz, delta_5ghz));
+
+ for (ridx = 0; ridx < 5; ridx++) {
+ uint32_t reg;
+
+ mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2, &val);
+ reg = val;
+ mtw_srom_read(sc, MTW_EEPROM_RPWR + ridx * 2 + 1, &val);
+ reg |= (uint32_t)val << 16;
+
+ sc->txpow20mhz[ridx] = reg;
+ sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
+ sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
+
+ DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
+ "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
+ sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]));
+ }
+
+ /* read RSSI offsets and LNA gains from EEPROM */
+ val = 0;
+ mtw_srom_read(sc, MTW_EEPROM_RSSI1_2GHZ, &val);
+ sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
+ sc->rssi_2ghz[1] = val >> 8; /* Ant B */
+ mtw_srom_read(sc, MTW_EEPROM_RSSI2_2GHZ, &val);
+ /*
+ * On RT3070 chips (limited to 2 Rx chains), this ROM
+ * field contains the Tx mixer gain for the 2GHz band.
+ */
+ if ((val & 0xff) != 0xff)
+ sc->txmixgain_2ghz = val & 0x7;
+ DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz));
+ sc->lna[2] = val >> 8; /* channel group 2 */
+ mtw_srom_read(sc, MTW_EEPROM_RSSI1_5GHZ, &val);
+ sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
+ sc->rssi_5ghz[1] = val >> 8; /* Ant B */
+ mtw_srom_read(sc, MTW_EEPROM_RSSI2_5GHZ, &val);
+ sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
+
+ sc->lna[3] = val >> 8; /* channel group 3 */
+
+ mtw_srom_read(sc, MTW_EEPROM_LNA, &val);
+ sc->lna[0] = val & 0xff; /* channel group 0 */
+ sc->lna[1] = val >> 8; /* channel group 1 */
+ DPRINTF(("LNA0 0x%x\n", sc->lna[0]));
+
+ /* fix broken 5GHz LNA entries */
+ if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
+ DPRINTF(("invalid LNA for channel group %d\n", 2));
+ sc->lna[2] = sc->lna[1];
+ }
+ if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
+ DPRINTF(("invalid LNA for channel group %d\n", 3));
+ sc->lna[3] = sc->lna[1];
+ }
+
+ /* fix broken RSSI offset entries */
+ for (ant = 0; ant < 3; ant++) {
+ if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
+ DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n",
+ ant + 1, sc->rssi_2ghz[ant]));
+ sc->rssi_2ghz[ant] = 0;
+ }
+ if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
+ DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n",
+ ant + 1, sc->rssi_5ghz[ant]));
+ sc->rssi_5ghz[ant] = 0;
+ }
+ }
+ return 0;
+}
+
+struct ieee80211_node *
+mtw_node_alloc(struct ieee80211com *ic)
+{
+ struct mtw_node *mn;
+
+ mn = malloc(sizeof (struct mtw_node), M_USBDEV, M_NOWAIT | M_ZERO);
+ return (struct ieee80211_node *)mn;
+}
+
+int
+mtw_media_change(struct ifnet *ifp)
+{
+ struct mtw_softc *sc = ifp->if_softc;
+ struct ieee80211com *ic = &sc->sc_ic;
+ uint8_t rate, ridx;
+ int error;
+
+ error = ieee80211_media_change(ifp);
+ if (error != ENETRESET)
+ return error;
+
+ if (ic->ic_fixed_rate != -1) {
+ rate = ic->ic_sup_rates[ic->ic_curmode].
+ rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL;
+ for (ridx = 0; ridx <= MTW_RIDX_MAX; ridx++)
+ if (rt2860_rates[ridx].rate == rate)
+ break;
+ sc->fixed_ridx = ridx;
+ }
+
+ if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
+ (IFF_UP | IFF_RUNNING)) {
+ mtw_stop(ifp, 0);
+ error = mtw_init(ifp);
+ }
+ return error;
+}
+
+void
+mtw_next_scan(void *arg)
+{
+ struct mtw_softc *sc = arg;
+ int s;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return;
+
+ usbd_ref_incr(sc->sc_udev);
+
+ s = splnet();
+ if (sc->sc_ic.ic_state == IEEE80211_S_SCAN)
+ ieee80211_next_scan(&sc->sc_ic.ic_if);
+ splx(s);
+
+ usbd_ref_decr(sc->sc_udev);
+}
+
+void
+mtw_task(void *arg)
+{
+ struct mtw_softc *sc = arg;
+ struct mtw_host_cmd_ring *ring = &sc->cmdq;
+ struct mtw_host_cmd *cmd;
+ int s;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return;
+
+ /* process host commands */
+ s = splusb();
+ while (ring->next != ring->cur) {
+ cmd = &ring->cmd[ring->next];
+ splx(s);
+ /* callback */
+ cmd->cb(sc, cmd->data);
+ s = splusb();
+ ring->queued--;
+ ring->next = (ring->next + 1) % MTW_HOST_CMD_RING_COUNT;
+ }
+ splx(s);
+}
+
+void
+mtw_do_async(struct mtw_softc *sc, void (*cb)(struct mtw_softc *, void *),
+ void *arg, int len)
+{
+ struct mtw_host_cmd_ring *ring = &sc->cmdq;
+ struct mtw_host_cmd *cmd;
+ int s;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return;
+
+ s = splusb();
+ cmd = &ring->cmd[ring->cur];
+ cmd->cb = cb;
+ KASSERT(len <= sizeof (cmd->data));
+ memcpy(cmd->data, arg, len);
+ ring->cur = (ring->cur + 1) % MTW_HOST_CMD_RING_COUNT;
+
+ /* if there is no pending command already, schedule a task */
+ if (++ring->queued == 1)
+ usb_add_task(sc->sc_udev, &sc->sc_task);
+ splx(s);
+}
+
+int
+mtw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
+{
+ struct mtw_softc *sc = ic->ic_softc;
+ struct mtw_cmd_newstate cmd;
+
+ /* do it in a process context */
+ cmd.state = nstate;
+ cmd.arg = arg;
+ mtw_do_async(sc, mtw_newstate_cb, &cmd, sizeof cmd);
+ return 0;
+}
+
+void
+mtw_newstate_cb(struct mtw_softc *sc, void *arg)
+{
+ struct mtw_cmd_newstate *cmd = arg;
+ struct ieee80211com *ic = &sc->sc_ic;
+ enum ieee80211_state ostate;
+ struct ieee80211_node *ni;
+ uint32_t sta[3];
+ uint8_t wcid;
+ int s;
+
+ s = splnet();
+ ostate = ic->ic_state;
+
+ if (ostate == IEEE80211_S_RUN) {
+ /* turn link LED on */
+ mtw_set_leds(sc, MTW_LED_MODE_ON);
+ }
+
+ switch (cmd->state) {
+ case IEEE80211_S_INIT:
+ if (ostate == IEEE80211_S_RUN) {
+ /* abort TSF synchronization */
+ mtw_abort_tsf_sync(sc);
+ }
+ break;
+
+ case IEEE80211_S_SCAN:
+ mtw_set_chan(sc, ic->ic_bss->ni_chan);
+ if (!usbd_is_dying(sc->sc_udev))
+ timeout_add_msec(&sc->scan_to, 200);
+ break;
+
+ case IEEE80211_S_AUTH:
+ case IEEE80211_S_ASSOC:
+ mtw_set_chan(sc, ic->ic_bss->ni_chan);
+ break;
+
+ case IEEE80211_S_RUN:
+ mtw_set_chan(sc, ic->ic_bss->ni_chan);
+
+ ni = ic->ic_bss;
+
+ if (ic->ic_opmode != IEEE80211_M_MONITOR) {
+ mtw_updateslot(ic);
+ mtw_enable_mrr(sc);
+ mtw_set_txpreamble(sc);
+ mtw_set_basicrates(sc);
+ mtw_set_bssid(sc, ni->ni_bssid);
+ }
+ if (ic->ic_opmode == IEEE80211_M_STA) {
+ /* add BSS entry to the WCID table */
+ wcid = MTW_AID2WCID(ni->ni_associd);
+ mtw_write_region_1(sc, MTW_WCID_ENTRY(wcid),
+ ni->ni_macaddr, IEEE80211_ADDR_LEN);
+
+ /* fake a join to init the tx rate */
+ mtw_newassoc(ic, ni, 1);
+ }
+ if (ic->ic_opmode != IEEE80211_M_MONITOR) {
+ mtw_enable_tsf_sync(sc);
+
+ /* clear statistic registers used by AMRR */
+ mtw_read_region_1(sc, MTW_TX_STA_CNT0,
+ (uint8_t *)sta, sizeof sta);
+ /* start calibration timer */
+ if (!usbd_is_dying(sc->sc_udev))
+ timeout_add_sec(&sc->calib_to, 1);
+ }
+
+ /* turn link LED on */
+ mtw_set_leds(sc, MTW_LED_MODE_BLINK_TX);
+ break;
+ }
+ (void)sc->sc_newstate(ic, cmd->state, cmd->arg);
+ splx(s);
+}
+
+void
+mtw_updateedca(struct ieee80211com *ic)
+{
+ /* do it in a process context */
+ mtw_do_async(ic->ic_softc, mtw_updateedca_cb, NULL, 0);
+}
+
+/* ARGSUSED */
+void
+mtw_updateedca_cb(struct mtw_softc *sc, void *arg)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ int s, aci;
+
+ s = splnet();
+ /* update MAC TX configuration registers */
+ for (aci = 0; aci < EDCA_NUM_AC; aci++) {
+ mtw_write(sc, MTW_EDCA_AC_CFG(aci),
+ ic->ic_edca_ac[aci].ac_ecwmax << 16 |
+ ic->ic_edca_ac[aci].ac_ecwmin << 12 |
+ ic->ic_edca_ac[aci].ac_aifsn << 8 |
+ ic->ic_edca_ac[aci].ac_txoplimit);
+ }
+
+ /* update SCH/DMA registers too */
+ mtw_write(sc, MTW_WMM_AIFSN_CFG,
+ ic->ic_edca_ac[EDCA_AC_VO].ac_aifsn << 12 |
+ ic->ic_edca_ac[EDCA_AC_VI].ac_aifsn << 8 |
+ ic->ic_edca_ac[EDCA_AC_BK].ac_aifsn << 4 |
+ ic->ic_edca_ac[EDCA_AC_BE].ac_aifsn);
+ mtw_write(sc, MTW_WMM_CWMIN_CFG,
+ ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmin << 12 |
+ ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmin << 8 |
+ ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmin << 4 |
+ ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmin);
+ mtw_write(sc, MTW_WMM_CWMAX_CFG,
+ ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmax << 12 |
+ ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmax << 8 |
+ ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmax << 4 |
+ ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmax);
+ mtw_write(sc, MTW_WMM_TXOP0_CFG,
+ ic->ic_edca_ac[EDCA_AC_BK].ac_txoplimit << 16 |
+ ic->ic_edca_ac[EDCA_AC_BE].ac_txoplimit);
+ mtw_write(sc, MTW_WMM_TXOP1_CFG,
+ ic->ic_edca_ac[EDCA_AC_VO].ac_txoplimit << 16 |
+ ic->ic_edca_ac[EDCA_AC_VI].ac_txoplimit);
+ splx(s);
+}
+
+void
+mtw_updateslot(struct ieee80211com *ic)
+{
+ /* do it in a process context */
+ mtw_do_async(ic->ic_softc, mtw_updateslot_cb, NULL, 0);
+}
+
+/* ARGSUSED */
+void
+mtw_updateslot_cb(struct mtw_softc *sc, void *arg)
+{
+ uint32_t tmp;
+
+ mtw_read(sc, MTW_BKOFF_SLOT_CFG, &tmp);
+ tmp &= ~0xff;
+ tmp |= (sc->sc_ic.ic_flags & IEEE80211_F_SHSLOT) ?
+ IEEE80211_DUR_DS_SHSLOT : IEEE80211_DUR_DS_SLOT;
+ mtw_write(sc, MTW_BKOFF_SLOT_CFG, tmp);
+}
+
+int
+mtw_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
+ struct ieee80211_key *k)
+{
+ struct mtw_softc *sc = ic->ic_softc;
+ struct mtw_cmd_key cmd;
+
+ /* defer setting of WEP keys until interface is brought up */
+ if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) !=
+ (IFF_UP | IFF_RUNNING))
+ return 0;
+
+ /* do it in a process context */
+ cmd.key = *k;
+ cmd.ni = ni;
+ mtw_do_async(sc, mtw_set_key_cb, &cmd, sizeof cmd);
+ sc->sc_key_tasks++;
+ return EBUSY;
+}
+
+void
+mtw_set_key_cb(struct mtw_softc *sc, void *arg)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ struct mtw_cmd_key *cmd = arg;
+ struct ieee80211_key *k = &cmd->key;
+ uint32_t attr;
+ uint16_t base;
+ uint8_t mode, wcid, iv[8];
+
+ sc->sc_key_tasks--;
+
+ /* map net80211 cipher to RT2860 security mode */
+ switch (k->k_cipher) {
+ case IEEE80211_CIPHER_WEP40:
+ mode = MTW_MODE_WEP40;
+ break;
+ case IEEE80211_CIPHER_WEP104:
+ mode = MTW_MODE_WEP104;
+ break;
+ case IEEE80211_CIPHER_TKIP:
+ mode = MTW_MODE_TKIP;
+ break;
+ case IEEE80211_CIPHER_CCMP:
+ mode = MTW_MODE_AES_CCMP;
+ break;
+ default:
+ if (cmd->ni != NULL) {
+ IEEE80211_SEND_MGMT(ic, cmd->ni,
+ IEEE80211_FC0_SUBTYPE_DEAUTH,
+ IEEE80211_REASON_AUTH_LEAVE);
+ }
+ ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
+ return;
+ }
+
+ if (k->k_flags & IEEE80211_KEY_GROUP) {
+ wcid = 0; /* NB: update WCID0 for group keys */
+ base = MTW_SKEY(0, k->k_id);
+ } else {
+ wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0;
+ base = MTW_PKEY(wcid);
+ }
+
+ if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
+ mtw_write_region_1(sc, base, k->k_key, 16);
+ mtw_write_region_1(sc, base + 16, &k->k_key[24], 8);
+ mtw_write_region_1(sc, base + 24, &k->k_key[16], 8);
+ } else {
+ /* roundup len to 16-bit: XXX fix write_region_1() instead */
+ mtw_write_region_1(sc, base, k->k_key, (k->k_len + 1) & ~1);
+ }
+
+ if (!(k->k_flags & IEEE80211_KEY_GROUP) ||
+ (k->k_flags & IEEE80211_KEY_TX)) {
+ /* set initial packet number in IV+EIV */
+ if (k->k_cipher == IEEE80211_CIPHER_WEP40 ||
+ k->k_cipher == IEEE80211_CIPHER_WEP104) {
+ memset(iv, 0, sizeof iv);
+ iv[3] = sc->sc_ic.ic_def_txkey << 6;
+ } else {
+ if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
+ iv[0] = k->k_tsc >> 8;
+ iv[1] = (iv[0] | 0x20) & 0x7f;
+ iv[2] = k->k_tsc;
+ } else /* CCMP */ {
+ iv[0] = k->k_tsc;
+ iv[1] = k->k_tsc >> 8;
+ iv[2] = 0;
+ }
+ iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV;
+ iv[4] = k->k_tsc >> 16;
+ iv[5] = k->k_tsc >> 24;
+ iv[6] = k->k_tsc >> 32;
+ iv[7] = k->k_tsc >> 40;
+ }
+ mtw_write_region_1(sc, MTW_IVEIV(wcid), iv, 8);
+ }
+
+ if (k->k_flags & IEEE80211_KEY_GROUP) {
+ /* install group key */
+ mtw_read(sc, MTW_SKEY_MODE_0_7, &attr);
+ attr &= ~(0xf << (k->k_id * 4));
+ attr |= mode << (k->k_id * 4);
+ mtw_write(sc, MTW_SKEY_MODE_0_7, attr);
+
+ if (k->k_cipher & (IEEE80211_CIPHER_WEP104 |
+ IEEE80211_CIPHER_WEP40)) {
+ mtw_read(sc, MTW_WCID_ATTR(wcid + 1), &attr);
+ attr = (attr & ~0xf) | (mode << 1);
+ mtw_write(sc, MTW_WCID_ATTR(wcid + 1), attr);
+
+ mtw_set_region_4(sc, MTW_IVEIV(0), 0, 4);
+
+ mtw_read(sc, MTW_WCID_ATTR(wcid), &attr);
+ attr = (attr & ~0xf) | (mode << 1);
+ mtw_write(sc, MTW_WCID_ATTR(wcid), attr);
+ }
+ } else {
+ /* install pairwise key */
+ mtw_read(sc, MTW_WCID_ATTR(wcid), &attr);
+ attr = (attr & ~0xf) | (mode << 1) | MTW_RX_PKEY_EN;
+ mtw_write(sc, MTW_WCID_ATTR(wcid), attr);
+ }
+
+ if (sc->sc_key_tasks == 0) {
+ if (cmd->ni != NULL)
+ cmd->ni->ni_port_valid = 1;
+ ieee80211_set_link_state(ic, LINK_STATE_UP);
+ }
+}
+
+void
+mtw_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
+ struct ieee80211_key *k)
+{
+ struct mtw_softc *sc = ic->ic_softc;
+ struct mtw_cmd_key cmd;
+
+ if (!(ic->ic_if.if_flags & IFF_RUNNING) ||
+ ic->ic_state != IEEE80211_S_RUN)
+ return; /* nothing to do */
+
+ /* do it in a process context */
+ cmd.key = *k;
+ cmd.ni = ni;
+ mtw_do_async(sc, mtw_delete_key_cb, &cmd, sizeof cmd);
+}
+
+void
+mtw_delete_key_cb(struct mtw_softc *sc, void *arg)
+{
+ struct mtw_cmd_key *cmd = arg;
+ struct ieee80211_key *k = &cmd->key;
+ uint32_t attr;
+ uint8_t wcid;
+
+ if (k->k_flags & IEEE80211_KEY_GROUP) {
+ /* remove group key */
+ mtw_read(sc, MTW_SKEY_MODE_0_7, &attr);
+ attr &= ~(0xf << (k->k_id * 4));
+ mtw_write(sc, MTW_SKEY_MODE_0_7, attr);
+
+ } else {
+ /* remove pairwise key */
+ wcid = (cmd->ni != NULL) ? MTW_AID2WCID(cmd->ni->ni_associd) : 0;
+ mtw_read(sc, MTW_WCID_ATTR(wcid), &attr);
+ attr &= ~0xf;
+ mtw_write(sc, MTW_WCID_ATTR(wcid), attr);
+ }
+}
+
+void
+mtw_calibrate_to(void *arg)
+{
+ /* do it in a process context */
+ mtw_do_async(arg, mtw_calibrate_cb, NULL, 0);
+ /* next timeout will be rescheduled in the calibration task */
+}
+
+/* ARGSUSED */
+void
+mtw_calibrate_cb(struct mtw_softc *sc, void *arg)
+{
+ struct ifnet *ifp = &sc->sc_ic.ic_if;
+ uint32_t sta[3];
+ int s, error;
+
+ /* read statistic counters (clear on read) and update AMRR state */
+ error = mtw_read_region_1(sc, MTW_TX_STA_CNT0, (uint8_t *)sta,
+ sizeof sta);
+ if (error != 0)
+ goto skip;
+
+ DPRINTF(("retrycnt=%d txcnt=%d failcnt=%d\n",
+ letoh32(sta[1]) >> 16, letoh32(sta[1]) & 0xffff,
+ letoh32(sta[0]) & 0xffff));
+
+ s = splnet();
+ /* count failed TX as errors */
+ ifp->if_oerrors += letoh32(sta[0]) & 0xffff;
+
+ sc->amn.amn_retrycnt =
+ (letoh32(sta[0]) & 0xffff) + /* failed TX count */
+ (letoh32(sta[1]) >> 16); /* TX retransmission count */
+
+ sc->amn.amn_txcnt =
+ sc->amn.amn_retrycnt +
+ (letoh32(sta[1]) & 0xffff); /* successful TX count */
+
+ ieee80211_amrr_choose(&sc->amrr, sc->sc_ic.ic_bss, &sc->amn);
+
+ splx(s);
+skip:
+ if (!usbd_is_dying(sc->sc_udev))
+ timeout_add_sec(&sc->calib_to, 1);
+}
+
+void
+mtw_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew)
+{
+ struct mtw_softc *sc = ic->ic_softc;
+ struct mtw_node *mn = (void *)ni;
+ struct ieee80211_rateset *rs = &ni->ni_rates;
+ uint8_t rate;
+ int ridx, i, j;
+
+ DPRINTF(("new assoc isnew=%d addr=%s\n",
+ isnew, ether_sprintf(ni->ni_macaddr)));
+
+ ieee80211_amrr_node_init(&sc->amrr, &sc->amn);
+
+ /* start at lowest available bit-rate, AMRR will raise */
+ ni->ni_txrate = 0;
+
+ for (i = 0; i < rs->rs_nrates; i++) {
+ rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
+ /* convert 802.11 rate to hardware rate index */
+ for (ridx = 0; ridx < MTW_RIDX_MAX; ridx++)
+ if (rt2860_rates[ridx].rate == rate)
+ break;
+ mn->ridx[i] = ridx;
+ /* determine rate of control response frames */
+ for (j = i; j >= 0; j--) {
+ if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
+ rt2860_rates[mn->ridx[i]].phy ==
+ rt2860_rates[mn->ridx[j]].phy)
+ break;
+ }
+ if (j >= 0) {
+ mn->ctl_ridx[i] = mn->ridx[j];
+ } else {
+ /* no basic rate found, use mandatory one */
+ mn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
+ }
+ DPRINTF(("rate=0x%02x ridx=%d ctl_ridx=%d\n",
+ rs->rs_rates[i], mn->ridx[i], mn->ctl_ridx[i]));
+ }
+}
+
+/*
+ * Return the Rx chain with the highest RSSI for a given frame.
+ */
+static __inline uint8_t
+mtw_maxrssi_chain(struct mtw_softc *sc, const struct mtw_rxwi *rxwi)
+{
+ uint8_t rxchain = 0;
+
+ if (sc->nrxchains > 1) {
+ if (rxwi->rssi[1] > rxwi->rssi[rxchain])
+ rxchain = 1;
+ }
+ return rxchain;
+}
+
+void
+mtw_rx_frame(struct mtw_softc *sc, uint8_t *buf, int dmalen,
+ struct mbuf_list *ml)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ struct ifnet *ifp = &ic->ic_if;
+ struct ieee80211_frame *wh;
+ struct ieee80211_rxinfo rxi;
+ struct ieee80211_node *ni;
+ struct mtw_rxwi *rxwi;
+ struct mbuf *m;
+ uint32_t flags;
+ uint16_t len;
+#if NBPFILTER > 0
+ uint16_t phy;
+#endif
+ uint16_t rxwisize;
+ uint8_t ant, rssi;
+ int s;
+
+ /* Rx Wireless Information */
+ rxwi = (struct mtw_rxwi *)(buf);
+ rxwisize = sizeof(struct mtw_rxwi);
+ len = letoh16(rxwi->len) & 0xfff;
+
+ if (__predict_false(len > dmalen)) {
+ DPRINTF(("bad RXWI length %u > %u\n", len, dmalen));
+ return;
+ }
+ if (len > MCLBYTES) {
+ DPRINTF(("frame too large (length=%d)\n", len));
+ ifp->if_ierrors++;
+ return;
+ }
+
+ flags = letoh32(rxwi->flags);
+ if (__predict_false(flags & (MTW_RX_CRCERR | MTW_RX_ICVERR))) {
+ ifp->if_ierrors++;
+ return;
+ }
+ if (__predict_false((flags & MTW_RX_MICERR))) {
+ /* report MIC failures to net80211 for TKIP */
+ ic->ic_stats.is_rx_locmicfail++;
+ ieee80211_michael_mic_failure(ic, 0/* XXX */);
+ ifp->if_ierrors++;
+ return;
+ }
+
+ wh = (struct ieee80211_frame *)(buf + rxwisize);
+ rxi.rxi_flags = 0;
+ if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
+ wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
+ rxi.rxi_flags |= IEEE80211_RXI_HWDEC;
+ }
+
+ if (flags & MTW_RX_L2PAD) {
+ u_int hdrlen = ieee80211_get_hdrlen(wh);
+ memmove((caddr_t)wh + 2, wh, hdrlen);
+ wh = (struct ieee80211_frame *)((caddr_t)wh + 2);
+ }
+
+ /* could use m_devget but net80211 wants contig mgmt frames */
+ MGETHDR(m, M_DONTWAIT, MT_DATA);
+ if (__predict_false(m == NULL)) {
+ ifp->if_ierrors++;
+ return;
+ }
+ if (len > MHLEN) {
+ MCLGET(m, M_DONTWAIT);
+ if (__predict_false(!(m->m_flags & M_EXT))) {
+ ifp->if_ierrors++;
+ m_freem(m);
+ return;
+ }
+ }
+ /* finalize mbuf */
+ memcpy(mtod(m, caddr_t), wh, len);
+ m->m_pkthdr.len = m->m_len = len;
+
+ ant = mtw_maxrssi_chain(sc, rxwi);
+ rssi = rxwi->rssi[ant];
+
+#if NBPFILTER > 0
+ if (__predict_false(sc->sc_drvbpf != NULL)) {
+ struct mtw_rx_radiotap_header *tap = &sc->sc_rxtap;
+ struct mbuf mb;
+
+ tap->wr_flags = 0;
+ tap->wr_chan_freq = htole16(ic->ic_ibss_chan->ic_freq);
+ tap->wr_chan_flags = htole16(ic->ic_ibss_chan->ic_flags);
+ tap->wr_antsignal = rssi;
+ tap->wr_antenna = ant;
+ tap->wr_dbm_antsignal = mtw_rssi2dbm(sc, rssi, ant);
+ tap->wr_rate = 2; /* in case it can't be found below */
+ phy = letoh16(rxwi->phy);
+ switch (phy & MTW_PHY_MODE) {
+ case MTW_PHY_CCK:
+ switch ((phy & MTW_PHY_MCS) & ~MTW_PHY_SHPRE) {
+ case 0: tap->wr_rate = 2; break;
+ case 1: tap->wr_rate = 4; break;
+ case 2: tap->wr_rate = 11; break;
+ case 3: tap->wr_rate = 22; break;
+ }
+ if (phy & MTW_PHY_SHPRE)
+ tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
+ break;
+ case MTW_PHY_OFDM:
+ switch (phy & MTW_PHY_MCS) {
+ case 0: tap->wr_rate = 12; break;
+ case 1: tap->wr_rate = 18; break;
+ case 2: tap->wr_rate = 24; break;
+ case 3: tap->wr_rate = 36; break;
+ case 4: tap->wr_rate = 48; break;
+ case 5: tap->wr_rate = 72; break;
+ case 6: tap->wr_rate = 96; break;
+ case 7: tap->wr_rate = 108; break;
+ }
+ break;
+ }
+ mb.m_data = (caddr_t)tap;
+ mb.m_len = sc->sc_rxtap_len;
+ mb.m_next = m;
+ mb.m_nextpkt = NULL;
+ mb.m_type = 0;
+ mb.m_flags = 0;
+ bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN);
+ }
+#endif
+
+ s = splnet();
+ ni = ieee80211_find_rxnode(ic, wh);
+ rxi.rxi_rssi = rssi;
+ rxi.rxi_tstamp = 0; /* unused */
+ ieee80211_inputm(ifp, m, ni, &rxi, ml);
+
+ /* node is no longer needed */
+ ieee80211_release_node(ic, ni);
+ splx(s);
+}
+
+void
+mtw_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
+{
+ struct mbuf_list ml = MBUF_LIST_INITIALIZER();
+ struct mtw_rx_data *data = priv;
+ struct mtw_softc *sc = data->sc;
+ uint8_t *buf;
+ uint32_t dmalen;
+ int xferlen;
+
+ if (__predict_false(status != USBD_NORMAL_COMPLETION)) {
+ DPRINTF(("RX status=%d\n", status));
+ if (status == USBD_STALLED)
+ usbd_clear_endpoint_stall_async(sc->rxq[0].pipeh);
+ if (status != USBD_CANCELLED)
+ goto skip;
+ return;
+ }
+
+ usbd_get_xfer_status(xfer, NULL, NULL, &xferlen, NULL);
+
+ if (__predict_false(xferlen < sizeof(uint32_t) +
+ sizeof (struct mtw_rxwi) + sizeof(struct mtw_rxd))) {
+ DPRINTF(("RX xfer too short %d\n", xferlen));
+ goto skip;
+ }
+
+ /* HW can aggregate multiple 802.11 frames in a single USB xfer */
+ buf = data->buf;
+ while (xferlen > 8) {
+ dmalen = letoh32(*(uint32_t *)buf) & MTW_RXD_LEN;
+ if (__predict_false(dmalen == 0 || (dmalen & 3) != 0)) {
+ DPRINTF(("bad DMA length %u\n", dmalen));
+ break;
+ }
+ if (__predict_false(dmalen + 8 > xferlen)) {
+ DPRINTF(("bad DMA length %u > %d\n",
+ dmalen + 8, xferlen));
+ break;
+ }
+ mtw_rx_frame(sc, buf + sizeof(struct mtw_rxd), dmalen, &ml);
+ buf += dmalen + 8;
+ xferlen -= dmalen + 8;
+ }
+ if_input(&sc->sc_ic.ic_if, &ml);
+
+skip: /* setup a new transfer */
+ usbd_setup_xfer(xfer, sc->rxq[0].pipeh, data, data->buf, MTW_MAX_RXSZ,
+ USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, mtw_rxeof);
+ (void)usbd_transfer(data->xfer);
+}
+
+void
+mtw_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
+{
+ struct mtw_tx_data *data = priv;
+ struct mtw_softc *sc = data->sc;
+ struct mtw_tx_ring *txq = &sc->txq[data->qid];
+ struct ifnet *ifp = &sc->sc_ic.ic_if;
+ int s;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return;
+
+ s = splnet();
+ txq->queued--;
+ sc->qfullmsk &= ~(1 << data->qid);
+
+ if (__predict_false(status != USBD_NORMAL_COMPLETION)) {
+ DPRINTF(("TX status=%d\n", status));
+ if (status == USBD_STALLED)
+ usbd_clear_endpoint_stall_async(txq->pipeh);
+ ifp->if_oerrors++;
+ splx(s);
+ return;
+ }
+
+ sc->sc_tx_timer = 0;
+
+ if (ifq_is_oactive(&ifp->if_snd)) {
+ ifq_clr_oactive(&ifp->if_snd);
+ mtw_start(ifp);
+ }
+
+ splx(s);
+}
+
+int
+mtw_tx(struct mtw_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ struct mtw_node *mn = (void *)ni;
+ struct ieee80211_frame *wh;
+ struct mtw_tx_ring *ring;
+ struct mtw_tx_data *data;
+ struct mtw_txd *txd;
+ struct mtw_txwi *txwi;
+ uint16_t qos, dur;
+ uint16_t txwisize;
+ uint8_t type, mcs, tid, qid;
+ int error, hasqos, ridx, ctl_ridx, xferlen;
+
+ wh = mtod(m, struct ieee80211_frame *);
+ type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
+
+ /* select queue */
+ if ((hasqos = ieee80211_has_qos(wh))) {
+ qos = ieee80211_get_qos(wh);
+ tid = qos & IEEE80211_QOS_TID;
+ qid = ieee80211_up_to_ac(ic, tid);
+ } else {
+ qos = 0;
+ tid = 0;
+ qid = EDCA_AC_BE;
+ }
+
+ /* management frames go to MCU queue */
+ if (type == IEEE80211_FC0_TYPE_MGT)
+ qid = MTW_TXQ_MCU;
+
+ ring = &sc->txq[qid];
+ data = &ring->data[ring->cur];
+
+ /* pickup a rate index */
+ if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
+ type != IEEE80211_FC0_TYPE_DATA) {
+ ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
+ MTW_RIDX_OFDM6 : MTW_RIDX_CCK1;
+ ctl_ridx = rt2860_rates[ridx].ctl_ridx;
+ } else if (ic->ic_fixed_rate != -1) {
+ ridx = sc->fixed_ridx;
+ ctl_ridx = rt2860_rates[ridx].ctl_ridx;
+ } else {
+ ridx = mn->ridx[ni->ni_txrate];
+ ctl_ridx = mn->ctl_ridx[ni->ni_txrate];
+ }
+
+ txwisize = sizeof(struct mtw_txwi);
+ xferlen = txwisize + m->m_pkthdr.len;
+
+ /* roundup to 32-bit alignment */
+ xferlen = (xferlen + 3) & ~3;
+
+ /* setup TX descriptor */
+ txd = (struct mtw_txd *)data->buf;
+ txd->flags = htole16(MTW_TXD_DATA | MTW_TXD_80211 |
+ MTW_TXD_WLAN | MTW_TXD_QSEL_EDCA);
+
+ if (type != IEEE80211_FC0_TYPE_DATA)
+ txd->flags |= htole16(MTW_TXD_WIV);
+ txd->len = htole16(xferlen);
+ xferlen += sizeof(struct mtw_txd);
+
+ /* get MCS code from rate index */
+ mcs = rt2860_rates[ridx].mcs;
+
+ /* setup TX Wireless Information */
+ txwi = (struct mtw_txwi *)(txd + 1);
+ txwi->flags = 0;
+ txwi->xflags = hasqos ? 0 : MTW_TX_NSEQ;
+ txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ?
+ MTW_AID2WCID(ni->ni_associd) : 0xff;
+ txwi->len = htole16(m->m_pkthdr.len);
+ txwi->txop = MTW_TX_TXOP_BACKOFF;
+
+ if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
+ txwi->phy = htole16(MTW_PHY_CCK);
+ if (ridx != MTW_RIDX_CCK1 &&
+ (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
+ mcs |= MTW_PHY_SHPRE;
+ } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
+ txwi->phy = htole16(MTW_PHY_OFDM);
+ txwi->phy |= htole16(mcs);
+
+ if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
+ (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) !=
+ IEEE80211_QOS_ACK_POLICY_NOACK)) {
+ txwi->xflags |= MTW_TX_ACK;
+ if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
+ dur = rt2860_rates[ctl_ridx].sp_ack_dur;
+ else
+ dur = rt2860_rates[ctl_ridx].lp_ack_dur;
+ *(uint16_t *)wh->i_dur = htole16(dur);
+ }
+
+#if NBPFILTER > 0
+ if (__predict_false(sc->sc_drvbpf != NULL)) {
+ struct mtw_tx_radiotap_header *tap = &sc->sc_txtap;
+ struct mbuf mb;
+
+ tap->wt_flags = 0;
+ tap->wt_rate = rt2860_rates[ridx].rate;
+ tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq);
+ tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags);
+ if (mcs & MTW_PHY_SHPRE)
+ tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
+
+ mb.m_data = (caddr_t)tap;
+ mb.m_len = sc->sc_txtap_len;
+ mb.m_next = m;
+ mb.m_nextpkt = NULL;
+ mb.m_type = 0;
+ mb.m_flags = 0;
+ bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT);
+ }
+#endif
+ /* copy payload */
+ m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)txwi + txwisize);
+ m_freem(m);
+
+ /* 4-byte pad */
+ memset(data->buf + xferlen, 0, MTW_DMA_PAD);
+ xferlen += MTW_DMA_PAD;
+
+ usbd_setup_xfer(data->xfer, ring->pipeh, data, data->buf,
+ xferlen, USBD_FORCE_SHORT_XFER | USBD_NO_COPY,
+ MTW_TX_TIMEOUT, mtw_txeof);
+ error = usbd_transfer(data->xfer);
+ if (__predict_false(error != USBD_IN_PROGRESS && error != 0))
+ return error;
+
+ ieee80211_release_node(ic, ni);
+
+ ring->cur = (ring->cur + 1) % MTW_TX_RING_COUNT;
+ if (++ring->queued >= MTW_TX_RING_COUNT)
+ sc->qfullmsk |= 1 << qid;
+ return 0;
+}
+
+void
+mtw_start(struct ifnet *ifp)
+{
+ struct mtw_softc *sc = ifp->if_softc;
+ struct ieee80211com *ic = &sc->sc_ic;
+ struct ieee80211_node *ni;
+ struct mbuf *m;
+
+ if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd))
+ return;
+
+ for (;;) {
+ if (sc->qfullmsk != 0) {
+ ifq_set_oactive(&ifp->if_snd);
+ break;
+ }
+
+ /* send pending management frames first */
+ m = mq_dequeue(&ic->ic_mgtq);
+ if (m != NULL) {
+ ni = m->m_pkthdr.ph_cookie;
+ goto sendit;
+ }
+ if (ic->ic_state != IEEE80211_S_RUN)
+ break;
+
+ /* encapsulate and send data frames */
+ m = ifq_dequeue(&ifp->if_snd);
+ if (m == NULL)
+ break;
+#if NBPFILTER > 0
+ if (ifp->if_bpf != NULL)
+ bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT);
+#endif
+ if ((m = ieee80211_encap(ifp, m, &ni)) == NULL)
+ continue;
+sendit:
+#if NBPFILTER > 0
+ if (ic->ic_rawbpf != NULL)
+ bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT);
+#endif
+ if (mtw_tx(sc, m, ni) != 0) {
+ ieee80211_release_node(ic, ni);
+ ifp->if_oerrors++;
+ continue;
+ }
+
+ sc->sc_tx_timer = 5;
+ ifp->if_timer = 1;
+ }
+}
+
+void
+mtw_watchdog(struct ifnet *ifp)
+{
+ struct mtw_softc *sc = ifp->if_softc;
+
+ ifp->if_timer = 0;
+
+ if (sc->sc_tx_timer > 0) {
+ if (--sc->sc_tx_timer == 0) {
+ printf("%s: device timeout\n", sc->sc_dev.dv_xname);
+ /* mtw_init(ifp); XXX needs a process context! */
+ ifp->if_oerrors++;
+ return;
+ }
+ ifp->if_timer = 1;
+ }
+
+ ieee80211_watchdog(ifp);
+}
+
+int
+mtw_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ struct mtw_softc *sc = ifp->if_softc;
+ struct ieee80211com *ic = &sc->sc_ic;
+ int s, error = 0;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return ENXIO;
+
+ usbd_ref_incr(sc->sc_udev);
+
+ s = splnet();
+
+ switch (cmd) {
+ case SIOCSIFADDR:
+ ifp->if_flags |= IFF_UP;
+ /* FALLTHROUGH */
+ case SIOCSIFFLAGS:
+ if (ifp->if_flags & IFF_UP) {
+ if (!(ifp->if_flags & IFF_RUNNING))
+ mtw_init(ifp);
+ } else {
+ if (ifp->if_flags & IFF_RUNNING)
+ mtw_stop(ifp, 1);
+ }
+ break;
+
+ case SIOCS80211CHANNEL:
+ /*
+ * This allows for fast channel switching in monitor mode
+ * (used by kismet).
+ */
+ error = ieee80211_ioctl(ifp, cmd, data);
+ if (error == ENETRESET &&
+ ic->ic_opmode == IEEE80211_M_MONITOR) {
+ if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
+ (IFF_UP | IFF_RUNNING))
+ mtw_set_chan(sc, ic->ic_ibss_chan);
+ error = 0;
+ }
+ break;
+
+ default:
+ error = ieee80211_ioctl(ifp, cmd, data);
+ }
+
+ if (error == ENETRESET) {
+ if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
+ (IFF_UP | IFF_RUNNING)) {
+ mtw_stop(ifp, 0);
+ error = mtw_init(ifp);
+ } else
+ error = 0;
+ }
+ splx(s);
+
+ usbd_ref_decr(sc->sc_udev);
+
+ return error;
+}
+
+void
+mtw_select_chan_group(struct mtw_softc *sc, int group)
+{
+ uint32_t tmp;
+ uint8_t bbp;
+
+ /* Tx band 20MHz 2G */
+ mtw_read(sc, MTW_TX_BAND_CFG, &tmp);
+ tmp &= ~(MTW_TX_BAND_SEL_2G | MTW_TX_BAND_SEL_5G |
+ MTW_TX_BAND_UPPER_40M);
+ tmp |= (group == 0) ? MTW_TX_BAND_SEL_2G : MTW_TX_BAND_SEL_5G;
+ mtw_write(sc, MTW_TX_BAND_CFG, tmp);
+
+ /* select 20 MHz bandwidth */
+ mtw_bbp_read(sc, 4, &bbp);
+ bbp &= ~0x18;
+ bbp |= 0x40;
+ mtw_bbp_write(sc, 4, bbp);
+
+ /* calibrate BBP */
+ mtw_bbp_write(sc, 69, 0x12);
+ mtw_bbp_write(sc, 91, 0x07);
+ mtw_bbp_write(sc, 195, 0x23);
+ mtw_bbp_write(sc, 196, 0x17);
+ mtw_bbp_write(sc, 195, 0x24);
+ mtw_bbp_write(sc, 196, 0x06);
+ mtw_bbp_write(sc, 195, 0x81);
+ mtw_bbp_write(sc, 196, 0x12);
+ mtw_bbp_write(sc, 195, 0x83);
+ mtw_bbp_write(sc, 196, 0x17);
+ mtw_rf_write(sc, 5, 8, 0x00);
+ mtw_mcu_calibrate(sc, 0x6, 0x10001);
+
+ /* set initial AGC value */
+ mt7601_set_agc(sc, 0x14);
+}
+
+void
+mt7601_set_agc(struct mtw_softc *sc, uint8_t agc)
+{
+ uint8_t bbp;
+
+ mtw_bbp_write(sc, 66, agc);
+ mtw_bbp_write(sc, 195, 0x87);
+ bbp = (agc & 0xf0) | 0x08;
+ mtw_bbp_write(sc, 196, bbp);
+}
+
+void
+mt7601_set_chan(struct mtw_softc *sc, u_int chan)
+{
+ uint32_t tmp;
+ uint8_t bbp, rf, txpow1;
+ int i;
+
+ /* find the settings for this channel */
+ for (i = 0; mt7601_rf_chan[i].chan != chan; i++)
+
+ mtw_rf_write(sc, 0, 17, mt7601_rf_chan[i].r17);
+ mtw_rf_write(sc, 0, 18, mt7601_rf_chan[i].r18);
+ mtw_rf_write(sc, 0, 19, mt7601_rf_chan[i].r19);
+ mtw_rf_write(sc, 0, 20, mt7601_rf_chan[i].r20);
+
+ /* use Tx power values from EEPROM */
+ txpow1 = sc->txpow1[i];
+
+ /* Tx automatic level control */
+ mtw_read(sc, MTW_TX_ALC_CFG0, &tmp);
+ tmp &= ~0x3f3f;
+ tmp |= (txpow1 & 0x3f);
+ mtw_write(sc, MTW_TX_ALC_CFG0, tmp);
+
+ /* LNA */
+ mtw_bbp_write(sc, 62, 0x37 - sc->lna[0]);
+ mtw_bbp_write(sc, 63, 0x37 - sc->lna[0]);
+ mtw_bbp_write(sc, 64, 0x37 - sc->lna[0]);
+
+ /* VCO calibration */
+ mtw_rf_write(sc, 0, 4, 0x0a);
+ mtw_rf_write(sc, 0, 5, 0x20);
+ mtw_rf_read(sc, 0, 4, &rf);
+ mtw_rf_write(sc, 0, 4, rf | 0x80);
+
+ /* select 20 MHz bandwidth */
+ mtw_bbp_read(sc, 4, &bbp);
+ bbp &= ~0x18;
+ bbp |= 0x40;
+ mtw_bbp_write(sc, 4, bbp);
+ mtw_bbp_write(sc, 178, 0xff);
+}
+
+int
+mtw_set_chan(struct mtw_softc *sc, struct ieee80211_channel *c)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ u_int chan, group;
+
+ chan = ieee80211_chan2ieee(ic, c);
+ if (chan == 0 || chan == IEEE80211_CHAN_ANY)
+ return EINVAL;
+
+ /* determine channel group */
+ if (chan <= 14)
+ group = 0;
+ else if (chan <= 64)
+ group = 1;
+ else if (chan <= 128)
+ group = 2;
+ else
+ group = 3;
+
+ if (group != sc->sc_chan_group || !sc->sc_bw_calibrated)
+ mtw_select_chan_group(sc, group);
+
+ sc->sc_chan_group = group;
+
+ /* chipset specific */
+ if (sc->mac_ver == 0x7601)
+ mt7601_set_chan(sc, chan);
+
+ DELAY(1000);
+ return 0;
+}
+
+void
+mtw_enable_tsf_sync(struct mtw_softc *sc)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ uint32_t tmp;
+
+ mtw_read(sc, MTW_BCN_TIME_CFG, &tmp);
+ tmp &= ~0x1fffff;
+ tmp |= ic->ic_bss->ni_intval * 16;
+ tmp |= MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN;
+
+ /* local TSF is always updated with remote TSF on beacon reception */
+ tmp |= 1 << MTW_TSF_SYNC_MODE_SHIFT;
+ mtw_write(sc, MTW_BCN_TIME_CFG, tmp);
+}
+
+void
+mtw_abort_tsf_sync(struct mtw_softc *sc)
+{
+ uint32_t tmp;
+
+ mtw_read(sc, MTW_BCN_TIME_CFG, &tmp);
+ tmp &= ~(MTW_BCN_TX_EN | MTW_TSF_TIMER_EN | MTW_TBTT_TIMER_EN);
+ mtw_write(sc, MTW_BCN_TIME_CFG, tmp);
+}
+
+void
+mtw_enable_mrr(struct mtw_softc *sc)
+{
+#define CCK(mcs) (mcs)
+#define OFDM(mcs) (1 << 3 | (mcs))
+ mtw_write(sc, MTW_LG_FBK_CFG0,
+ OFDM(6) << 28 | /* 54->48 */
+ OFDM(5) << 24 | /* 48->36 */
+ OFDM(4) << 20 | /* 36->24 */
+ OFDM(3) << 16 | /* 24->18 */
+ OFDM(2) << 12 | /* 18->12 */
+ OFDM(1) << 8 | /* 12-> 9 */
+ OFDM(0) << 4 | /* 9-> 6 */
+ OFDM(0)); /* 6-> 6 */
+
+ mtw_write(sc, MTW_LG_FBK_CFG1,
+ CCK(2) << 12 | /* 11->5.5 */
+ CCK(1) << 8 | /* 5.5-> 2 */
+ CCK(0) << 4 | /* 2-> 1 */
+ CCK(0)); /* 1-> 1 */
+#undef OFDM
+#undef CCK
+}
+
+void
+mtw_set_txrts(struct mtw_softc *sc)
+{
+ uint32_t tmp;
+
+ /* set RTS threshold */
+ mtw_read(sc, MTW_TX_RTS_CFG, &tmp);
+ tmp &= ~0xffff00;
+ tmp |= 0x1000 << MTW_RTS_THRES_SHIFT;
+ mtw_write(sc, MTW_TX_RTS_CFG, tmp);
+}
+
+void
+mtw_set_txpreamble(struct mtw_softc *sc)
+{
+ uint32_t tmp;
+
+ mtw_read(sc, MTW_AUTO_RSP_CFG, &tmp);
+ if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
+ tmp |= MTW_CCK_SHORT_EN;
+ else
+ tmp &= ~MTW_CCK_SHORT_EN;
+ mtw_write(sc, MTW_AUTO_RSP_CFG, tmp);
+}
+
+void
+mtw_set_basicrates(struct mtw_softc *sc)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+
+ /* set basic rates mask */
+ if (ic->ic_curmode == IEEE80211_MODE_11B)
+ mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x003);
+ else if (ic->ic_curmode == IEEE80211_MODE_11A)
+ mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x150);
+ else /* 11g */
+ mtw_write(sc, MTW_LEGACY_BASIC_RATE, 0x17f);
+}
+
+void
+mtw_set_leds(struct mtw_softc *sc, uint16_t which)
+{
+ struct mtw_mcu_cmd_8 cmd;
+
+ cmd.func = htole32(0x1);
+ cmd.val = htole32(which);
+ mtw_mcu_cmd(sc, 16, &cmd, sizeof(struct mtw_mcu_cmd_8));
+}
+
+void
+mtw_set_bssid(struct mtw_softc *sc, const uint8_t *bssid)
+{
+ mtw_write(sc, MTW_MAC_BSSID_DW0,
+ bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
+ mtw_write(sc, MTW_MAC_BSSID_DW1,
+ bssid[4] | bssid[5] << 8);
+}
+
+void
+mtw_set_macaddr(struct mtw_softc *sc, const uint8_t *addr)
+{
+ mtw_write(sc, MTW_MAC_ADDR_DW0,
+ addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
+ mtw_write(sc, MTW_MAC_ADDR_DW1,
+ addr[4] | addr[5] << 8 | 0xff << 16);
+}
+
+#if NBPFILTER > 0
+int8_t
+mtw_rssi2dbm(struct mtw_softc *sc, uint8_t rssi, uint8_t rxchain)
+{
+ struct ieee80211com *ic = &sc->sc_ic;
+ struct ieee80211_channel *c = ic->ic_ibss_chan;
+ int delta;
+
+ if (IEEE80211_IS_CHAN_5GHZ(c)) {
+ u_int chan = ieee80211_chan2ieee(ic, c);
+ delta = sc->rssi_5ghz[rxchain];
+
+ /* determine channel group */
+ if (chan <= 64)
+ delta -= sc->lna[1];
+ else if (chan <= 128)
+ delta -= sc->lna[2];
+ else
+ delta -= sc->lna[3];
+ } else
+ delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
+
+ return -12 - delta - rssi;
+}
+#endif
+
+int
+mt7601_bbp_init(struct mtw_softc *sc)
+{
+ uint8_t bbp;
+ int i, error, ntries;
+
+ /* wait for BBP to wake up */
+ for (ntries = 0; ntries < 20; ntries++) {
+ if ((error = mtw_bbp_read(sc, 0, &bbp)) != 0)
+ return error;
+ if (bbp != 0 && bbp != 0xff)
+ break;
+ }
+
+ if (ntries == 20)
+ return ETIMEDOUT;
+
+ mtw_bbp_read(sc, 3, &bbp);
+ mtw_bbp_write(sc, 3, 0);
+ mtw_bbp_read(sc, 105, &bbp);
+ mtw_bbp_write(sc, 105, 0);
+
+ /* initialize BBP registers to default values */
+ for (i = 0; i < nitems(mt7601_def_bbp); i++) {
+ if ((error = mtw_bbp_write(sc, mt7601_def_bbp[i].reg,
+ mt7601_def_bbp[i].val)) != 0)
+ return error;
+ }
+
+ sc->sc_bw_calibrated = 0;
+
+ return 0;
+}
+
+int
+mt7601_rf_init(struct mtw_softc *sc)
+{
+ int i, error;
+
+ /* RF bank 0 */
+ for (i = 0; i < nitems(mt7601_rf_bank0); i++) {
+ error = mtw_rf_write(sc, 0, mt7601_rf_bank0[i].reg,
+ mt7601_rf_bank0[i].val);
+ if (error != 0)
+ return error;
+ }
+ /* RF bank 4 */
+ for (i = 0; i < nitems(mt7601_rf_bank4); i++) {
+ error = mtw_rf_write(sc, 4, mt7601_rf_bank4[i].reg,
+ mt7601_rf_bank4[i].val);
+ if (error != 0)
+ return error;
+ }
+ /* RF bank 5 */
+ for (i = 0; i < nitems(mt7601_rf_bank5); i++) {
+ error = mtw_rf_write(sc, 5, mt7601_rf_bank5[i].reg,
+ mt7601_rf_bank5[i].val);
+ if (error != 0)
+ return error;
+ }
+ return 0;
+}
+
+int
+mt7601_rf_setup(struct mtw_softc *sc)
+{
+ uint32_t tmp;
+ uint8_t rf;
+ int error;
+
+ if (sc->sc_rf_calibrated)
+ return 0;
+
+ /* init RF registers */
+ if ((error = mt7601_rf_init(sc)) != 0)
+ return error;
+
+ /* init frequency offset */
+ mtw_rf_write(sc, 0, 12, sc->rf_freq_offset);
+ mtw_rf_read(sc, 0, 12, &rf);
+
+ /* read temperature */
+ mt7601_rf_temperature(sc, &rf);
+ sc->bbp_temp = rf;
+ DPRINTF(("BBP temp 0x%x ", rf));
+
+ mtw_rf_read(sc, 0, 7, &rf);
+ if ((error = mtw_mcu_calibrate(sc, 0x1, 0)) != 0)
+ return error;
+ usbd_delay_ms(sc->sc_udev, 100);
+ mtw_rf_read(sc, 0, 7, &rf);
+
+ /* Calibrate VCO RF 0/4 */
+ mtw_rf_write(sc, 0, 4, 0x0a);
+ mtw_rf_write(sc, 0, 4, 0x20);
+ mtw_rf_read(sc, 0, 4, &rf);
+ mtw_rf_write(sc, 0, 4, rf | 0x80);
+
+ if ((error = mtw_mcu_calibrate(sc, 0x9, 0)) != 0)
+ return error;
+ if ((error = mt7601_rxdc_cal(sc)) != 0)
+ return error;
+ if ((error = mtw_mcu_calibrate(sc, 0x6, 1)) != 0)
+ return error;
+ if ((error = mtw_mcu_calibrate(sc, 0x6, 0)) != 0)
+ return error;
+ if ((error = mtw_mcu_calibrate(sc, 0x4, 0)) != 0)
+ return error;
+ if ((error = mtw_mcu_calibrate(sc, 0x5, 0)) != 0)
+ return error;
+
+ mtw_read(sc, MTW_LDO_CFG0, &tmp);
+ tmp &= ~(1 << 4);
+ tmp |= (1 << 2);
+ mtw_write(sc, MTW_LDO_CFG0, tmp);
+
+ if ((error = mtw_mcu_calibrate(sc, 0x8, 0)) != 0)
+ return error;
+ if ((error = mt7601_rxdc_cal(sc)) != 0)
+ return error;
+
+ sc->sc_rf_calibrated = 1;
+ return 0;
+}
+
+int
+mt7601_rf_temperature(struct mtw_softc *sc, int8_t *val)
+{
+ uint32_t rfb, rfs;
+ uint8_t bbp;
+ int ntries;
+
+ mtw_read(sc, MTW_RF_BYPASS0, &rfb);
+ mtw_read(sc, MTW_RF_SETTING0, &rfs);
+ mtw_write(sc, MTW_RF_BYPASS0, 0);
+ mtw_write(sc, MTW_RF_SETTING0, 0x10);
+ mtw_write(sc, MTW_RF_BYPASS0, 0x10);
+
+ mtw_bbp_read(sc, 47, &bbp);
+ bbp &= ~0x7f;
+ bbp |= 0x10;
+ mtw_bbp_write(sc, 47, bbp);
+
+ mtw_bbp_write(sc, 22, 0x40);
+
+ for (ntries = 0; ntries < 10; ntries++) {
+ mtw_bbp_read(sc, 47, &bbp);
+ if ((bbp & 0x10) == 0)
+ break;
+ }
+ if (ntries == 10)
+ return ETIMEDOUT;
+
+ mt7601_r49_read(sc, MT7601_R47_TEMP, val);
+
+ mtw_bbp_write(sc, 22, 0);
+
+ mtw_bbp_read(sc, 21, &bbp);
+ bbp |= 0x02;
+ mtw_bbp_write(sc, 21, bbp);
+ bbp &= ~0x02;
+ mtw_bbp_write(sc, 21, bbp);
+
+ mtw_write(sc, MTW_RF_BYPASS0, 0);
+ mtw_write(sc, MTW_RF_SETTING0, rfs);
+ mtw_write(sc, MTW_RF_BYPASS0, rfb);
+ return 0;
+}
+
+int
+mt7601_r49_read(struct mtw_softc *sc, uint8_t flag, int8_t *val)
+{
+ uint8_t bbp;
+
+ mtw_bbp_read(sc, 47, &bbp);
+ bbp = 0x90;
+ mtw_bbp_write(sc, 47, bbp);
+ bbp &= ~0x0f;
+ bbp |= flag;
+ mtw_bbp_write(sc, 47, bbp);
+ return mtw_bbp_read(sc, 49, val);
+}
+
+int
+mt7601_rxdc_cal(struct mtw_softc *sc)
+{
+ uint32_t tmp;
+ uint8_t bbp;
+ int ntries;
+
+ mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp);
+ mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_RX_EN);
+ mtw_bbp_write(sc, 158, 0x8d);
+ mtw_bbp_write(sc, 159, 0xfc);
+ mtw_bbp_write(sc, 158, 0x8c);
+ mtw_bbp_write(sc, 159, 0x4c);
+
+ for (ntries = 0; ntries < 20; ntries++) {
+ DELAY(300);
+ mtw_bbp_write(sc, 158, 0x8c);
+ mtw_bbp_read(sc, 159, &bbp);
+ if (bbp == 0x0c)
+ break;
+ }
+
+ if (ntries == 20)
+ return ETIMEDOUT;
+
+ mtw_write(sc, MTW_MAC_SYS_CTRL, 0);
+ mtw_bbp_write(sc, 158, 0x8d);
+ mtw_bbp_write(sc, 159, 0xe0);
+ mtw_write(sc, MTW_MAC_SYS_CTRL, tmp);
+ return 0;
+}
+
+int
+mtw_wlan_enable(struct mtw_softc *sc, int enable)
+{
+ uint32_t tmp;
+ int error = 0;
+
+ if (enable) {
+ mtw_read(sc, MTW_WLAN_CTRL, &tmp);
+ if (sc->asic_ver == 0x7612)
+ tmp &= ~0xfffff000;
+
+ tmp &= ~MTW_WLAN_CLK_EN;
+ tmp |= MTW_WLAN_EN;
+ mtw_write(sc, MTW_WLAN_CTRL, tmp);
+ usbd_delay_ms(sc->sc_udev, 2);
+
+ tmp |= MTW_WLAN_CLK_EN;
+ if (sc->asic_ver == 0x7612) {
+ tmp |= (MTW_WLAN_RESET | MTW_WLAN_RESET_RF);
+ }
+ mtw_write(sc, MTW_WLAN_CTRL, tmp);
+ usbd_delay_ms(sc->sc_udev, 2);
+
+ mtw_read(sc, MTW_OSC_CTRL, &tmp);
+ tmp |= MTW_OSC_EN;
+ mtw_write(sc, MTW_OSC_CTRL, tmp);
+ tmp |= MTW_OSC_CAL_REQ;
+ mtw_write(sc, MTW_OSC_CTRL, tmp);
+ } else {
+ mtw_read(sc, MTW_WLAN_CTRL, &tmp);
+ tmp &= ~(MTW_WLAN_CLK_EN | MTW_WLAN_EN);
+ mtw_write(sc, MTW_WLAN_CTRL, tmp);
+
+ mtw_read(sc, MTW_OSC_CTRL, &tmp);
+ tmp &= ~MTW_OSC_EN;
+ mtw_write(sc, MTW_OSC_CTRL, tmp);
+ }
+ return error;
+}
+
+int
+mtw_txrx_enable(struct mtw_softc *sc)
+{
+ uint32_t tmp;
+ int error, ntries;
+
+ mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_MAC_TX_EN);
+ for (ntries = 0; ntries < 200; ntries++) {
+ if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0)
+ return error;
+ if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0)
+ break;
+ DELAY(1000);
+ }
+ if (ntries == 200)
+ return ETIMEDOUT;
+
+ DELAY(50);
+
+ tmp |= MTW_RX_DMA_EN | MTW_TX_DMA_EN | MTW_TX_WB_DDONE;
+ mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp);
+
+ /* enable Rx bulk aggregation (set timeout and limit) */
+ tmp = MTW_USB_TX_EN | MTW_USB_RX_EN | MTW_USB_RX_AGG_EN |
+ MTW_USB_RX_AGG_TO(128) | MTW_USB_RX_AGG_LMT(2);
+ mtw_write(sc, MTW_USB_DMA_CFG, tmp);
+
+ /* set Rx filter */
+ tmp = MTW_DROP_CRC_ERR | MTW_DROP_PHY_ERR;
+ if (sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR) {
+ tmp |= MTW_DROP_UC_NOME | MTW_DROP_DUPL |
+ MTW_DROP_CTS | MTW_DROP_BA | MTW_DROP_ACK |
+ MTW_DROP_VER_ERR | MTW_DROP_CTRL_RSV |
+ MTW_DROP_CFACK | MTW_DROP_CFEND;
+ if (sc->sc_ic.ic_opmode == IEEE80211_M_STA)
+ tmp |= MTW_DROP_RTS | MTW_DROP_PSPOLL;
+ }
+ mtw_write(sc, MTW_RX_FILTR_CFG, tmp);
+
+ mtw_write(sc, MTW_MAC_SYS_CTRL,
+ MTW_MAC_RX_EN | MTW_MAC_TX_EN);
+ return 0;
+}
+
+int
+mtw_init(struct ifnet *ifp)
+{
+ struct mtw_softc *sc = ifp->if_softc;
+ struct ieee80211com *ic = &sc->sc_ic;
+ uint32_t tmp;
+ int i, error, ridx, ntries, qid;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return ENXIO;
+
+ /* init Tx rings (4 EDCAs, 1 HCCA, 1 MGMT) */
+ for (qid = 0; qid < MTW_TXQ_COUNT; qid++) {
+ if ((error = mtw_alloc_tx_ring(sc, qid)) != 0)
+ goto fail;
+ }
+
+ /* init Rx ring */
+ if ((error = mtw_alloc_rx_ring(sc, 0)) != 0)
+ goto fail;
+
+ /* init MCU Tx ring */
+ if ((error = mtw_alloc_mcu_ring(sc)) != 0)
+ goto fail;
+
+ /* init host command ring */
+ sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0;
+
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp)) != 0)
+ goto fail;
+ if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0)
+ break;
+ DELAY(1000);
+ }
+ if (ntries == 100) {
+ printf("%s: timeout waiting for DMA engine\n",
+ sc->sc_dev.dv_xname);
+ error = ETIMEDOUT;
+ goto fail;
+ }
+ tmp &= 0xff0;
+ tmp |= MTW_TX_WB_DDONE;
+ mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp);
+
+ /* reset MAC and baseband */
+ mtw_write(sc, MTW_MAC_SYS_CTRL, MTW_BBP_HRST | MTW_MAC_SRST);
+ mtw_write(sc, MTW_USB_DMA_CFG, 0);
+ mtw_write(sc, MTW_MAC_SYS_CTRL, 0);
+
+ /* init MAC values */
+ if (sc->mac_ver == 0x7601) {
+ for (i = 0; i < nitems(mt7601_def_mac); i++)
+ mtw_write(sc, mt7601_def_mac[i].reg,
+ mt7601_def_mac[i].val);
+ }
+
+ /* wait while MAC is busy */
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read(sc, MTW_MAC_STATUS_REG, &tmp)) != 0)
+ goto fail;
+ if (!(tmp & (MTW_RX_STATUS_BUSY | MTW_TX_STATUS_BUSY)))
+ break;
+ DELAY(1000);
+ }
+ if (ntries == 100) {
+ error = ETIMEDOUT;
+ goto fail;
+ }
+
+ /* set MAC address */
+ IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl));
+ mtw_set_macaddr(sc, ic->ic_myaddr);
+
+ /* clear WCID attribute table */
+ mtw_set_region_4(sc, MTW_WCID_ATTR(0), 1, 8 * 32);
+
+ mtw_write(sc, 0x1648, 0x00830083);
+ mtw_read(sc, MTW_FCE_L2_STUFF, &tmp);
+ tmp &= ~MTW_L2S_WR_MPDU_LEN_EN;
+ mtw_write(sc, MTW_FCE_L2_STUFF, tmp);
+
+ /* RTS config */
+ mtw_set_txrts(sc);
+
+ /* clear Host to MCU mailbox */
+ mtw_write(sc, MTW_BBP_CSR, 0);
+ mtw_write(sc, MTW_H2M_MAILBOX, 0);
+
+ /* clear RX WCID search table */
+ mtw_set_region_4(sc, MTW_WCID_ENTRY(0), 0xffffffff, 512);
+
+ /* abort TSF synchronization */
+ mtw_abort_tsf_sync(sc);
+
+ mtw_read(sc, MTW_US_CYC_CNT, &tmp);
+ tmp = (tmp & ~0xff);
+ if (sc->mac_ver == 0x7601)
+ tmp |= 0x1e;
+ mtw_write(sc, MTW_US_CYC_CNT, tmp);
+
+ /* clear shared key table */
+ mtw_set_region_4(sc, MTW_SKEY(0, 0), 0, 8 * 32);
+
+ /* clear IV/EIV table */
+ mtw_set_region_4(sc, MTW_IVEIV(0), 0, 8 * 32);
+
+ /* clear shared key mode */
+ mtw_write(sc, MTW_SKEY_MODE_0_7, 0);
+ mtw_write(sc, MTW_SKEY_MODE_8_15, 0);
+
+ /* txop truncation */
+ mtw_write(sc, MTW_TXOP_CTRL_CFG, 0x0000583f);
+
+ /* init Tx power for all Tx rates */
+ for (ridx = 0; ridx < 5; ridx++) {
+ if (sc->txpow20mhz[ridx] == 0xffffffff)
+ continue;
+ mtw_write(sc, MTW_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
+ }
+ mtw_write(sc, MTW_TX_PWR_CFG7, 0);
+ mtw_write(sc, MTW_TX_PWR_CFG9, 0);
+
+ mtw_read(sc, MTW_CMB_CTRL, &tmp);
+ tmp &= ~(1 << 18 | 1 << 14);
+ mtw_write(sc, MTW_CMB_CTRL, tmp);
+
+ /* clear USB DMA */
+ mtw_write(sc, MTW_USB_DMA_CFG, MTW_USB_TX_EN | MTW_USB_RX_EN |
+ MTW_USB_RX_AGG_EN | MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT |
+ MTW_USB_RX_WL_DROP);
+ usbd_delay_ms(sc->sc_udev, 50);
+ mtw_read(sc, MTW_USB_DMA_CFG, &tmp);
+ tmp &= ~(MTW_USB_TX_CLEAR | MTW_USB_TXOP_HALT |
+ MTW_USB_RX_WL_DROP);
+ mtw_write(sc, MTW_USB_DMA_CFG, tmp);
+
+ /* enable radio */
+ mtw_mcu_radio(sc, 0x31, 0);
+
+ /* init RF registers */
+ if (sc->mac_ver == 0x7601)
+ mt7601_rf_init(sc);
+
+ /* init baseband registers */
+ if (sc->mac_ver == 0x7601)
+ error = mt7601_bbp_init(sc);
+
+ if (error != 0) {
+ printf("%s: could not initialize BBP\n", sc->sc_dev.dv_xname);
+ goto fail;
+ }
+
+ /* setup and calibrate RF */
+ if (sc->mac_ver == 0x7601)
+ error = mt7601_rf_setup(sc);
+
+ if (error != 0) {
+ printf("%s: could not initialize RF\n", sc->sc_dev.dv_xname);
+ goto fail;
+ }
+
+ /* select default channel */
+ ic->ic_bss->ni_chan = ic->ic_ibss_chan;
+ mtw_set_chan(sc, ic->ic_ibss_chan);
+
+ for (i = 0; i < MTW_RX_RING_COUNT; i++) {
+ struct mtw_rx_data *data = &sc->rxq[MTW_RXQ_WLAN].data[i];
+
+ usbd_setup_xfer(data->xfer, sc->rxq[MTW_RXQ_WLAN].pipeh,
+ data, data->buf,
+ MTW_MAX_RXSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY,
+ USBD_NO_TIMEOUT, mtw_rxeof);
+ error = usbd_transfer(data->xfer);
+ if (error != 0 && error != USBD_IN_PROGRESS)
+ goto fail;
+ }
+
+ if ((error = mtw_txrx_enable(sc)) != 0)
+ goto fail;
+
+ /* init LEDs */
+ mtw_set_leds(sc, MTW_LED_MODE_ON);
+
+ ifp->if_flags |= IFF_RUNNING;
+ ifq_clr_oactive(&ifp->if_snd);
+
+ if (ic->ic_flags & IEEE80211_F_WEPON) {
+ /* install WEP keys */
+ for (i = 0; i < IEEE80211_WEP_NKID; i++) {
+ if (ic->ic_nw_keys[i].k_cipher != IEEE80211_CIPHER_NONE)
+ (void)mtw_set_key(ic, NULL, &ic->ic_nw_keys[i]);
+ }
+ }
+
+ if (ic->ic_opmode == IEEE80211_M_MONITOR)
+ ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
+ else
+ ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
+
+ if (error != 0)
+fail: mtw_stop(ifp, 1);
+ return error;
+}
+
+void
+mtw_stop(struct ifnet *ifp, int disable)
+{
+ struct mtw_softc *sc = ifp->if_softc;
+ struct ieee80211com *ic = &sc->sc_ic;
+ uint32_t tmp;
+ int s, ntries, error, qid;
+
+ if (ifp->if_flags & IFF_RUNNING)
+ mtw_set_leds(sc, MTW_LED_MODE_ON);
+
+ sc->sc_tx_timer = 0;
+ ifp->if_timer = 0;
+ ifp->if_flags &= ~IFF_RUNNING;
+ ifq_clr_oactive(&ifp->if_snd);
+
+ timeout_del(&sc->scan_to);
+ timeout_del(&sc->calib_to);
+
+ s = splusb();
+ ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
+ /* wait for all queued asynchronous commands to complete */
+ usb_wait_task(sc->sc_udev, &sc->sc_task);
+ splx(s);
+
+ /* Disable Tx/Rx DMA. */
+ mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp);
+ tmp &= ~(MTW_RX_DMA_EN | MTW_TX_DMA_EN);
+ mtw_write(sc, MTW_WPDMA_GLO_CFG, tmp);
+ mtw_usb_dma_write(sc, 0);
+
+ for (ntries = 0; ntries < 100; ntries++) {
+ if (mtw_read(sc, MTW_WPDMA_GLO_CFG, &tmp) != 0)
+ break;
+ if ((tmp & (MTW_TX_DMA_BUSY | MTW_RX_DMA_BUSY)) == 0)
+ break;
+ DELAY(10);
+ }
+ if (ntries == 100) {
+ printf("%s: timeout waiting for DMA engine\n",
+ sc->sc_dev.dv_xname);
+ }
+
+ /* stop MAC Tx/Rx */
+ mtw_read(sc, MTW_MAC_SYS_CTRL, &tmp);
+ tmp &= ~(MTW_MAC_RX_EN | MTW_MAC_TX_EN);
+ mtw_write(sc, MTW_MAC_SYS_CTRL, tmp);
+
+ /* disable RTS retry */
+ mtw_read(sc, MTW_TX_RTS_CFG, &tmp);
+ tmp &= ~0xff;
+ mtw_write(sc, MTW_TX_RTS_CFG, tmp);
+
+ /* US_CYC_CFG */
+ mtw_read(sc, MTW_US_CYC_CNT, &tmp);
+ tmp = (tmp & ~0xff);
+ mtw_write(sc, MTW_US_CYC_CNT, tmp);
+
+ /* stop PBF */
+ mtw_read(sc, MTW_PBF_CFG, &tmp);
+ tmp &= ~0x3;
+ mtw_write(sc, MTW_PBF_CFG, tmp);
+
+ /* wait for pending Tx to complete */
+ for (ntries = 0; ntries < 100; ntries++) {
+ if ((error = mtw_read(sc, MTW_TXRXQ_PCNT, &tmp)) != 0)
+ break;
+ if ((tmp & MTW_TX2Q_PCNT_MASK) == 0)
+ break;
+ }
+ DELAY(1000);
+
+ /* delete keys */
+ for (qid = 0; qid < 4; qid++) {
+ mtw_read(sc, MTW_SKEY_MODE_0_7, &tmp);
+ tmp &= ~(0xf << qid * 4);
+ mtw_write(sc, MTW_SKEY_MODE_0_7, tmp);
+ }
+
+ if (disable) {
+ /* disable radio */
+ error = mtw_mcu_radio(sc, 0x30, 0x1);
+ usbd_delay_ms(sc->sc_udev, 10);
+ }
+
+ /* free Tx and Rx rings */
+ sc->qfullmsk = 0;
+ mtw_free_mcu_ring(sc);
+ for (qid = 0; qid < MTW_TXQ_COUNT; qid++)
+ mtw_free_tx_ring(sc, qid);
+ mtw_free_rx_ring(sc, 0);
+}
projects / openbsd / commitdiff