Starring at MMIO dumps around PHY channel switching has led to finding
serie of 3 similar ops this patch implements.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
After calibrating radio you can find few PHY writes in MMIO dumps:
phy_read(0x0009) -> 0x0000
phy_write(0x01ce) <- 0x03dd
phy_write(0x01cf) <- 0x03d9
phy_write(0x01d0) <- 0x03d5
phy_write(0x01d1) <- 0x0424
phy_write(0x01d2) <- 0x0429
phy_write(0x01d3) <- 0x042d
By comparing to N-PHY code we found out that they are PHY tables for
channel switching plus band info read at the beginning.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
After uploading radio values calibration goes in. In MMIO dump it is:
radio_read(0x002b) -> 0x0008
radio_write(0x002b) <- 0x0008
radio_read(0x002e) -> 0x0004
radio_write(0x002e) <- 0x0000
radio_read(0x002e) -> 0x0000
radio_write(0x002e) <- 0x0004
radio_read(0x002b) -> 0x0008
radio_write(0x002b) <- 0x0009
To find masks and sets, MMIO hacks were used to fool closed driver.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Switching channel happens after specific SHM write to B43_SHM_SH_CHAN.
This is the way we found it in BCM4331 MMIO dumps. By comparing with
N-PHY code we noticed there is routing used for SYN and TX/RX.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The trick was to find 0x810 PHY reg ops close to analog enabling code.
To find out proper masks and sets, MMIO hacks were used.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Closed drivers kill radio right after reading radio version and MACCTL,
so it was easy to find related PHY ops:
phy_read(0x0810) -> 0x0000
phy_write(0x0810) <- 0x0000
To find out the mask of above OP, MMIO hack was used to fake read val:
phy_read(0x0810) -> 0xffff
phy_write(0x0810) <- 0x0000
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Turning it on is always done between reading PHY version and radio
version, so it was easy to find it in MMIO dumps from ndiswrapper.
Turning off is done by writing different values to the same registers.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Every PHY has some specific bit used for reading radio regs. Analyze of
MMIO dumps from BCM4331 and ndiswrapper has shown it is 0x200 for HT.
radio_read(0x037f) -> 0x0073
radio_write(0x017f) <- 0x0072
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This is totally broken plus we do not have specs for HT PHY yet. Just
introduce place for writing driver if we discover anything.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki