mira/rtl8710bx-re
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: wifi??git add .?

Browse Source
This commit is contained in:
Mira
2024-12-07 17:15:25 +06:00
parent 57e6815a2f
commit 535abe4b13
3 changed files with 588 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
docs/wifi.md
View File

@@ -128,6 +128,152 @@ $ find . -type f -name "*.o" -exec bash -c '
./lib_wlan/rtl8711b_phycfg.o: U ROM_odm_SetCrystalCap
```
### DMA
```c
// 0x40080000
typedef struct {
// 0x000-0x1FF: MAC/BB control registers
uint32_t reserved1[...]; // 0x000-0x0FC
__IO uint32_t NET_TYPE; // 0x100 - bits [17:16] = network type
__IO uint8_t TRANSFER_PAGE_SIZE; // 0x104 - Transfer page size
uint8_t reserved[...]; // Fill to 0x108
__IO uint16_t REG_PRIORITY; // 0x10C - Priority configuration
uint32_t reserved[...];
__IO uint16_t PAGE_BOUNDARY; // 0x116 - Page Boundary config, set to 0x3F7F
uint32_t reserved[...]; // Continue to 0x200
// 0x200-0x2FF: System control/status
uint32_t reserved[...]; // 0x200-0x207
__IO uint8_t TX_BUFFER_BOUNDARY2; // 0x209
uint8_t reserved[...]; // 0x20A-0x20B
__IO uint32_t REG_20C; // 0x20C - DMA Global Enable (bit 28)
uint8_t reserved[...]; // 0x210-0x223
__IO uint32_t REG_224; // 0x224 - LLT Status (bit 16 = busy)
uint8_t reserved[...]; // 0x225-0x228
__IO uint8_t TX_BUFFER_BOUNDARY3; // 0x229
__IO uint8_t REG_22A; // 0x22A - sets bit 1 if a2 true
uint32_t reserved[52]; // -> 0x2FF
// 0x300-0x3FF: DMA & Queue
__IO uint32_t DMA_CTRL; // 0x300
__IO uint32_t reserved3;
__IO uint32_t QUEUE4; // 0x308
__IO uint32_t reserved4;
__IO uint32_t QUEUE5; // 0x310
__IO uint32_t reserved5;
__IO uint32_t TX_BASE; // 0x318
__IO uint32_t reserved6;
__IO uint32_t QUEUE1; // 0x320
__IO uint32_t reserved7;
__IO uint32_t QUEUE2; // 0x328
__IO uint32_t reserved8;
__IO uint32_t QUEUE3; // 0x330
__IO uint32_t reserved9;
__IO uint32_t RX_QUEUE; // 0x338
__IO uint32_t QUEUE6; // 0x340
uint32_t reserved[...];
__IO uint16_t Q_CFG[14]; // 0x380-0x39A
uint16_t reserved11;
uint32_t reserved[...];
__IO uint32_t DMA_MASK; // 0x3E8
uint32_t reserved[...];
// 0x400-0x4FF region
uint32_t reserved[...]; // 0x400-0x420
__IO uint8_t TX_BUFFER_BOUNDARY4; // 0x424
__IO uint8_t TX_BUFFER_BOUNDARY5; // 0x425
__IO uint16_t ADAPT_CTRL1; // 0x428 - a2 in both bytes or first SIFS timing? 4106
__IO uint16_t ADAPT_CTRL2; // 0x42A - (a3 & 0x3F) in both bytes
uint32_t reserved[4]; // 0x42C-0x43C
__IO uint32_t ADAPT_CTRL3; // 0x440 - a1 | (old[31:20] << 20)
uint32_t reserved[...]; // 0x444-0x456
__IO uint8_t TX_BUFFER_BOUNDARY6; // 0x457
uint32_t reserved4_2; // 0x458-0x45B
__IO uint8_t MODE_CTRL2; // 0x45C - Controlled by a2 parameter (80 or 0)
__IO uint8_t TX_BUFFER_BOUNDARY7; // 0x45D (same as BOUND7), InitTxBufferBoundary
uint8_t reserved[...];
__IO uint16_t SIFS3; // 0x514 - Third SIFS timing
__IO uint16_t SIFS4; // 0x516 - Fourth SIFS timing
// 0x600-0x6FF region
uint8_t reserved[...]; // 0x600-0x60E
__IO uint8_t DRIVER_INFO_SIZE; // 0x60F - Driver info size
__IO uint16_t SIFS2; // 0x63A - Second SIFS timing
} WIFI_TypeDef;
// TX Ring
typedef struct {
uint32_t base_addr; // TX_BASE
uint32_t reserved1[7]; // 28b
uint32_t queue1; // QUEUE1
uint32_t reserved2[7];
uint32_t queue2; // QUEUE2
uint32_t reserved3[7];
uint32_t queue3; // QUEUE3
uint32_t reserved4[7];
uint32_t queue4; // QUEUE4
uint32_t reserved5[7];
uint32_t queue5; // QUEUE5
uint32_t reserved6[7];
uint32_t queue6; // QUEUE6
uint32_t reserved7[7];
} TX_RING_TypeDef;
// RX Ring
typedef struct {
uint32_t base_addr; // RX_QUEUE
uint32_t reserved[7]; // ?
} RX_RING_TypeDef;
```
```c
// wireless modes from cur_wireless_mode mapping
typedef enum {
WIRELESS_MODE_2 = 2, // First valid value (v2 starts from 0)
// ... up to WIRELESS_MODE_16, v2 > 0xE check
} WIRELESS_MODE;
// HalData[60] seems to be some hardware capability/mode that affects a2
typedef struct _ADAPTER {
uint8_t *HalData; // HalData[60] determines MODE_CTRL2 value
struct {
uint8_t cur_wireless_mode; // current wireless mode
} mlmeextpriv;
// ... other fields
} ADAPTER, *PADAPTER;
```
```c
// Network type values (2-bit field)
#define NET_TYPE_MASK (3 << 16) // 0x00030000
#define NET_TYPE_SHIFT 16
// REG_PRIORITY bit fields
#define PRIO_1_MASK (0x3 << 8) // a1 & 3
#define PRIO_2_MASK (0x3 << 10) // a2 & 3
#define PRIO_3_MASK (0x3 << 12) // a5 & 3
#define PRIO_4_MASK (0x3 << 4) // a4 & 3
#define PRIO_5_MASK (0x3 << 6) // a3 << 6
#define PRIO_6_MASK (0x3 << 14) // a6 << 14
#define PRIO_BASE_MASK 0x7 // preserved bits
// Called with (1,1,2,3,3,3)
// Would set bits:
// [15:14] = 3 (a6)
// [13:12] = 3 (a5)
// [11:10] = 1 (a2)
// [9:8] = 1 (a1)
// [7:6] = 2 (a3)
// [5:4] = 3 (a4)
// [2:0] = preserved
// ADAPT_CTRL
// Called with (1048561, 16, 48)
// ADAPT_CTRL1 = 0x1010 (16 | (16 << 8))
// ADAPT_CTRL2 = 0x3030 ((48 & 0x3F) | ((48 & 0x3F) << 8))
// ADAPT_CTRL3 preserves top 12 bits, lower 20 from 1048561
```
```mermaid
sequenceDiagram
participant Device

29
docs/wifi_mem_map.py Normal file
View File

@@ -0,0 +1,29 @@
from ida_segment import *
from ida_bytes import *
from idc import *
def setup_wifi_regions():
WIFI_BASE = 0x40080000
SIE_BASE = 0x400C0000
WIFI_SIZE = SIE_BASE - WIFI_BASE
SIE_SIZE = 0x1000
print("Setting up WiFi memory regions...")
if not add_segm(0, WIFI_BASE, SIE_BASE, "WIFI", "DATA"):
print("Failed to create WIFI segment")
return
if not add_segm(0, SIE_BASE, SIE_BASE + SIE_SIZE, "SIE", "DATA"):
print("Failed to create SIE segment")
return
print(f"Memory regions created:")
print(f"WIFI: {hex(WIFI_BASE)} - {hex(SIE_BASE-1)}")
print(f"SIE: {hex(SIE_BASE)} - {hex(SIE_BASE + SIE_SIZE-1)}")
if __name__ == "__main__":
setup_wifi_regions()