1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /*- 21 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 22 * http://www.ralinktech.com/ 23 */ 24 25 #include "opt_wlan.h" 26 27 #include <sys/param.h> 28 #include <sys/eventhandler.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <net/bpf.h> 46 #include <net/if.h> 47 #include <net/if_var.h> 48 #include <net/if_arp.h> 49 #include <net/ethernet.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 #include <net/if_types.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/in_var.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip.h> 59 60 #include <net80211/ieee80211_var.h> 61 #include <net80211/ieee80211_regdomain.h> 62 #include <net80211/ieee80211_radiotap.h> 63 #include <net80211/ieee80211_ratectl.h> 64 #ifdef IEEE80211_SUPPORT_SUPERG 65 #include <net80211/ieee80211_superg.h> 66 #endif 67 68 #include <dev/usb/usb.h> 69 #include <dev/usb/usbdi.h> 70 #include "usbdevs.h" 71 72 #define USB_DEBUG_VAR run_debug 73 #include <dev/usb/usb_debug.h> 74 #include <dev/usb/usb_msctest.h> 75 76 #include <dev/usb/wlan/if_runreg.h> 77 #include <dev/usb/wlan/if_runvar.h> 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 86 "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 90 enum { 91 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 92 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 93 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 94 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 95 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 96 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 97 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 98 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 99 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 100 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 101 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 102 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 103 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 104 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 105 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 106 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 107 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 108 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 109 RUN_DEBUG_ANY = 0xffffffff 110 }; 111 112 #define RUN_DPRINTF(_sc, _m, ...) do { \ 113 if (run_debug & (_m)) \ 114 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 115 } while(0) 116 #else 117 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 118 #endif 119 120 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 121 122 /* 123 * Because of LOR in run_key_delete(), use atomic instead. 124 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 125 */ 126 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 127 128 static const STRUCT_USB_HOST_ID run_devs[] = { 129 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 130 #define RUN_DEV_EJECT(v,p) \ 131 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 132 #define RUN_EJECT 1 133 RUN_DEV(ABOCOM, RT2770), 134 RUN_DEV(ABOCOM, RT2870), 135 RUN_DEV(ABOCOM, RT3070), 136 RUN_DEV(ABOCOM, RT3071), 137 RUN_DEV(ABOCOM, RT3072), 138 RUN_DEV(ABOCOM2, RT2870_1), 139 RUN_DEV(ACCTON, RT2770), 140 RUN_DEV(ACCTON, RT2870_1), 141 RUN_DEV(ACCTON, RT2870_2), 142 RUN_DEV(ACCTON, RT2870_3), 143 RUN_DEV(ACCTON, RT2870_4), 144 RUN_DEV(ACCTON, RT2870_5), 145 RUN_DEV(ACCTON, RT3070), 146 RUN_DEV(ACCTON, RT3070_1), 147 RUN_DEV(ACCTON, RT3070_2), 148 RUN_DEV(ACCTON, RT3070_3), 149 RUN_DEV(ACCTON, RT3070_4), 150 RUN_DEV(ACCTON, RT3070_5), 151 RUN_DEV(AIRTIES, RT3070), 152 RUN_DEV(ALLWIN, RT2070), 153 RUN_DEV(ALLWIN, RT2770), 154 RUN_DEV(ALLWIN, RT2870), 155 RUN_DEV(ALLWIN, RT3070), 156 RUN_DEV(ALLWIN, RT3071), 157 RUN_DEV(ALLWIN, RT3072), 158 RUN_DEV(ALLWIN, RT3572), 159 RUN_DEV(AMIGO, RT2870_1), 160 RUN_DEV(AMIGO, RT2870_2), 161 RUN_DEV(AMIT, CGWLUSB2GNR), 162 RUN_DEV(AMIT, RT2870_1), 163 RUN_DEV(AMIT2, RT2870), 164 RUN_DEV(ASUS, RT2870_1), 165 RUN_DEV(ASUS, RT2870_2), 166 RUN_DEV(ASUS, RT2870_3), 167 RUN_DEV(ASUS, RT2870_4), 168 RUN_DEV(ASUS, RT2870_5), 169 RUN_DEV(ASUS, USBN13), 170 RUN_DEV(ASUS, RT3070_1), 171 RUN_DEV(ASUS, USBN66), 172 RUN_DEV(ASUS, USB_N53), 173 RUN_DEV(ASUS, USBN14), 174 RUN_DEV(ASUS2, USBN11), 175 RUN_DEV(AZUREWAVE, RT2870_1), 176 RUN_DEV(AZUREWAVE, RT2870_2), 177 RUN_DEV(AZUREWAVE, RT3070_1), 178 RUN_DEV(AZUREWAVE, RT3070_2), 179 RUN_DEV(AZUREWAVE, RT3070_3), 180 RUN_DEV(BELKIN, F9L1103), 181 RUN_DEV(BELKIN, F5D8053V3), 182 RUN_DEV(BELKIN, F5D8055), 183 RUN_DEV(BELKIN, F5D8055V2), 184 RUN_DEV(BELKIN, F6D4050V1), 185 RUN_DEV(BELKIN, F6D4050V2), 186 RUN_DEV(BELKIN, RT2870_1), 187 RUN_DEV(BELKIN, RT2870_2), 188 RUN_DEV(CISCOLINKSYS, AE1000), 189 RUN_DEV(CISCOLINKSYS2, RT3070), 190 RUN_DEV(CISCOLINKSYS3, RT3070), 191 RUN_DEV(CONCEPTRONIC2, RT2870_1), 192 RUN_DEV(CONCEPTRONIC2, RT2870_2), 193 RUN_DEV(CONCEPTRONIC2, RT2870_3), 194 RUN_DEV(CONCEPTRONIC2, RT2870_4), 195 RUN_DEV(CONCEPTRONIC2, RT2870_5), 196 RUN_DEV(CONCEPTRONIC2, RT2870_6), 197 RUN_DEV(CONCEPTRONIC2, RT2870_7), 198 RUN_DEV(CONCEPTRONIC2, RT2870_8), 199 RUN_DEV(CONCEPTRONIC2, RT3070_1), 200 RUN_DEV(CONCEPTRONIC2, RT3070_2), 201 RUN_DEV(CONCEPTRONIC2, VIGORN61), 202 RUN_DEV(COREGA, CGWLUSB300GNM), 203 RUN_DEV(COREGA, RT2870_1), 204 RUN_DEV(COREGA, RT2870_2), 205 RUN_DEV(COREGA, RT2870_3), 206 RUN_DEV(COREGA, RT3070), 207 RUN_DEV(CYBERTAN, RT2870), 208 RUN_DEV(DLINK, RT2870), 209 RUN_DEV(DLINK, RT3072), 210 RUN_DEV(DLINK, DWA125A3), 211 RUN_DEV(DLINK, DWA127), 212 RUN_DEV(DLINK, DWA140B3), 213 RUN_DEV(DLINK, DWA160B2), 214 RUN_DEV(DLINK, DWA140D1), 215 RUN_DEV(DLINK, DWA130F1), 216 RUN_DEV(DLINK, DWA162), 217 RUN_DEV(DLINK2, DWA130), 218 RUN_DEV(DLINK2, RT2870_1), 219 RUN_DEV(DLINK2, RT2870_2), 220 RUN_DEV(DLINK2, RT3070_1), 221 RUN_DEV(DLINK2, RT3070_2), 222 RUN_DEV(DLINK2, RT3070_3), 223 RUN_DEV(DLINK2, RT3070_4), 224 RUN_DEV(DLINK2, RT3070_5), 225 RUN_DEV(DLINK2, RT3072), 226 RUN_DEV(DLINK2, RT3072_1), 227 RUN_DEV(EDIMAX, EW7717), 228 RUN_DEV(EDIMAX, EW7718), 229 RUN_DEV(EDIMAX, EW7733UND), 230 RUN_DEV(EDIMAX, RT2870_1), 231 RUN_DEV(ENCORE, RT3070_1), 232 RUN_DEV(ENCORE, RT3070_2), 233 RUN_DEV(ENCORE, RT3070_3), 234 RUN_DEV(GIGABYTE, GNWB31N), 235 RUN_DEV(GIGABYTE, GNWB32L), 236 RUN_DEV(GIGABYTE, RT2870_1), 237 RUN_DEV(GIGASET, RT3070_1), 238 RUN_DEV(GIGASET, RT3070_2), 239 RUN_DEV(GUILLEMOT, HWNU300), 240 RUN_DEV(HAWKING, HWUN2), 241 RUN_DEV(HAWKING, RT2870_1), 242 RUN_DEV(HAWKING, RT2870_2), 243 RUN_DEV(HAWKING, RT3070), 244 RUN_DEV(IODATA, RT3072_1), 245 RUN_DEV(IODATA, RT3072_2), 246 RUN_DEV(IODATA, RT3072_3), 247 RUN_DEV(IODATA, RT3072_4), 248 RUN_DEV(LINKSYS4, RT3070), 249 RUN_DEV(LINKSYS4, WUSB100), 250 RUN_DEV(LINKSYS4, WUSB54GCV3), 251 RUN_DEV(LINKSYS4, WUSB600N), 252 RUN_DEV(LINKSYS4, WUSB600NV2), 253 RUN_DEV(LOGITEC, RT2870_1), 254 RUN_DEV(LOGITEC, RT2870_2), 255 RUN_DEV(LOGITEC, RT2870_3), 256 RUN_DEV(LOGITEC, LANW300NU2), 257 RUN_DEV(LOGITEC, LANW150NU2), 258 RUN_DEV(LOGITEC, LANW300NU2S), 259 RUN_DEV(MELCO, WLIUCG300HP), 260 RUN_DEV(MELCO, RT2870_2), 261 RUN_DEV(MELCO, WLIUCAG300N), 262 RUN_DEV(MELCO, WLIUCG300N), 263 RUN_DEV(MELCO, WLIUCG301N), 264 RUN_DEV(MELCO, WLIUCGN), 265 RUN_DEV(MELCO, WLIUCGNM), 266 RUN_DEV(MELCO, WLIUCG300HPV1), 267 RUN_DEV(MELCO, WLIUCGNM2), 268 RUN_DEV(MOTOROLA4, RT2770), 269 RUN_DEV(MOTOROLA4, RT3070), 270 RUN_DEV(MSI, RT3070_1), 271 RUN_DEV(MSI, RT3070_2), 272 RUN_DEV(MSI, RT3070_3), 273 RUN_DEV(MSI, RT3070_4), 274 RUN_DEV(MSI, RT3070_5), 275 RUN_DEV(MSI, RT3070_6), 276 RUN_DEV(MSI, RT3070_7), 277 RUN_DEV(MSI, RT3070_8), 278 RUN_DEV(MSI, RT3070_9), 279 RUN_DEV(MSI, RT3070_10), 280 RUN_DEV(MSI, RT3070_11), 281 RUN_DEV(NETGEAR, WNDA4100), 282 RUN_DEV(OVISLINK, RT3072), 283 RUN_DEV(PARA, RT3070), 284 RUN_DEV(PEGATRON, RT2870), 285 RUN_DEV(PEGATRON, RT3070), 286 RUN_DEV(PEGATRON, RT3070_2), 287 RUN_DEV(PEGATRON, RT3070_3), 288 RUN_DEV(PHILIPS, RT2870), 289 RUN_DEV(PLANEX2, GWUS300MINIS), 290 RUN_DEV(PLANEX2, GWUSMICRON), 291 RUN_DEV(PLANEX2, RT2870), 292 RUN_DEV(PLANEX2, RT3070), 293 RUN_DEV(QCOM, RT2870), 294 RUN_DEV(QUANTA, RT3070), 295 RUN_DEV(RALINK, RT2070), 296 RUN_DEV(RALINK, RT2770), 297 RUN_DEV(RALINK, RT2870), 298 RUN_DEV(RALINK, RT3070), 299 RUN_DEV(RALINK, RT3071), 300 RUN_DEV(RALINK, RT3072), 301 RUN_DEV(RALINK, RT3370), 302 RUN_DEV(RALINK, RT3572), 303 RUN_DEV(RALINK, RT3573), 304 RUN_DEV(RALINK, RT5370), 305 RUN_DEV(RALINK, RT5372), 306 RUN_DEV(RALINK, RT5572), 307 RUN_DEV(RALINK, RT8070), 308 RUN_DEV(SAMSUNG, WIS09ABGN), 309 RUN_DEV(SAMSUNG2, RT2870_1), 310 RUN_DEV(SENAO, RT2870_1), 311 RUN_DEV(SENAO, RT2870_2), 312 RUN_DEV(SENAO, RT2870_3), 313 RUN_DEV(SENAO, RT2870_4), 314 RUN_DEV(SENAO, RT3070), 315 RUN_DEV(SENAO, RT3071), 316 RUN_DEV(SENAO, RT3072_1), 317 RUN_DEV(SENAO, RT3072_2), 318 RUN_DEV(SENAO, RT3072_3), 319 RUN_DEV(SENAO, RT3072_4), 320 RUN_DEV(SENAO, RT3072_5), 321 RUN_DEV(SITECOMEU, RT2770), 322 RUN_DEV(SITECOMEU, RT2870_1), 323 RUN_DEV(SITECOMEU, RT2870_2), 324 RUN_DEV(SITECOMEU, RT2870_3), 325 RUN_DEV(SITECOMEU, RT2870_4), 326 RUN_DEV(SITECOMEU, RT3070), 327 RUN_DEV(SITECOMEU, RT3070_1), 328 RUN_DEV(SITECOMEU, RT3070_2), 329 RUN_DEV(SITECOMEU, RT3070_3), 330 RUN_DEV(SITECOMEU, RT3070_4), 331 RUN_DEV(SITECOMEU, RT3071), 332 RUN_DEV(SITECOMEU, RT3072_1), 333 RUN_DEV(SITECOMEU, RT3072_2), 334 RUN_DEV(SITECOMEU, RT3072_3), 335 RUN_DEV(SITECOMEU, RT3072_4), 336 RUN_DEV(SITECOMEU, RT3072_5), 337 RUN_DEV(SITECOMEU, RT3072_6), 338 RUN_DEV(SITECOMEU, WL608), 339 RUN_DEV(SPARKLAN, RT2870_1), 340 RUN_DEV(SPARKLAN, RT3070), 341 RUN_DEV(SWEEX2, LW153), 342 RUN_DEV(SWEEX2, LW303), 343 RUN_DEV(SWEEX2, LW313), 344 RUN_DEV(TOSHIBA, RT3070), 345 RUN_DEV(UMEDIA, RT2870_1), 346 RUN_DEV(ZCOM, RT2870_1), 347 RUN_DEV(ZCOM, RT2870_2), 348 RUN_DEV(ZINWELL, RT2870_1), 349 RUN_DEV(ZINWELL, RT2870_2), 350 RUN_DEV(ZINWELL, RT3070), 351 RUN_DEV(ZINWELL, RT3072_1), 352 RUN_DEV(ZINWELL, RT3072_2), 353 RUN_DEV(ZYXEL, RT2870_1), 354 RUN_DEV(ZYXEL, RT2870_2), 355 RUN_DEV(ZYXEL, RT3070), 356 RUN_DEV_EJECT(ZYXEL, NWD2705), 357 RUN_DEV_EJECT(RALINK, RT_STOR), 358 #undef RUN_DEV_EJECT 359 #undef RUN_DEV 360 }; 361 362 static device_probe_t run_match; 363 static device_attach_t run_attach; 364 static device_detach_t run_detach; 365 366 static usb_callback_t run_bulk_rx_callback; 367 static usb_callback_t run_bulk_tx_callback0; 368 static usb_callback_t run_bulk_tx_callback1; 369 static usb_callback_t run_bulk_tx_callback2; 370 static usb_callback_t run_bulk_tx_callback3; 371 static usb_callback_t run_bulk_tx_callback4; 372 static usb_callback_t run_bulk_tx_callback5; 373 374 static void run_autoinst(void *, struct usb_device *, 375 struct usb_attach_arg *); 376 static int run_driver_loaded(struct module *, int, void *); 377 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 378 usb_error_t error, u_int index); 379 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 380 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 381 const uint8_t [IEEE80211_ADDR_LEN], 382 const uint8_t [IEEE80211_ADDR_LEN]); 383 static void run_vap_delete(struct ieee80211vap *); 384 static void run_cmdq_cb(void *, int); 385 static void run_setup_tx_list(struct run_softc *, 386 struct run_endpoint_queue *); 387 static void run_unsetup_tx_list(struct run_softc *, 388 struct run_endpoint_queue *); 389 static int run_load_microcode(struct run_softc *); 390 static int run_reset(struct run_softc *); 391 static usb_error_t run_do_request(struct run_softc *, 392 struct usb_device_request *, void *); 393 static int run_read(struct run_softc *, uint16_t, uint32_t *); 394 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 395 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 396 static int run_write(struct run_softc *, uint16_t, uint32_t); 397 static int run_write_region_1(struct run_softc *, uint16_t, 398 const uint8_t *, int); 399 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 400 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 401 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 402 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 403 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 404 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 405 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 406 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 407 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 408 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 409 static const char *run_get_rf(uint16_t); 410 static void run_rt3593_get_txpower(struct run_softc *); 411 static void run_get_txpower(struct run_softc *); 412 static int run_read_eeprom(struct run_softc *); 413 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 414 const uint8_t mac[IEEE80211_ADDR_LEN]); 415 static int run_media_change(if_t); 416 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 417 static int run_wme_update(struct ieee80211com *); 418 static void run_key_set_cb(void *); 419 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 420 static void run_key_delete_cb(void *); 421 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 422 static void run_ratectl_to(void *); 423 static void run_ratectl_cb(void *, int); 424 static void run_drain_fifo(void *); 425 static void run_iter_func(void *, struct ieee80211_node *); 426 static void run_newassoc_cb(void *); 427 static void run_newassoc(struct ieee80211_node *, int); 428 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 429 const struct ieee80211_rx_stats *, int, int); 430 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 431 static void run_tx_free(struct run_endpoint_queue *pq, 432 struct run_tx_data *, int); 433 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 434 static int run_tx(struct run_softc *, struct mbuf *, 435 struct ieee80211_node *); 436 static int run_tx_mgt(struct run_softc *, struct mbuf *, 437 struct ieee80211_node *); 438 static int run_sendprot(struct run_softc *, const struct mbuf *, 439 struct ieee80211_node *, int, int); 440 static int run_tx_param(struct run_softc *, struct mbuf *, 441 struct ieee80211_node *, 442 const struct ieee80211_bpf_params *); 443 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 444 const struct ieee80211_bpf_params *); 445 static int run_transmit(struct ieee80211com *, struct mbuf *); 446 static void run_start(struct run_softc *); 447 static void run_parent(struct ieee80211com *); 448 static void run_iq_calib(struct run_softc *, u_int); 449 static void run_set_agc(struct run_softc *, uint8_t); 450 static void run_select_chan_group(struct run_softc *, int); 451 static void run_set_rx_antenna(struct run_softc *, int); 452 static void run_rt2870_set_chan(struct run_softc *, u_int); 453 static void run_rt3070_set_chan(struct run_softc *, u_int); 454 static void run_rt3572_set_chan(struct run_softc *, u_int); 455 static void run_rt3593_set_chan(struct run_softc *, u_int); 456 static void run_rt5390_set_chan(struct run_softc *, u_int); 457 static void run_rt5592_set_chan(struct run_softc *, u_int); 458 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 459 static void run_set_channel(struct ieee80211com *); 460 static void run_getradiocaps(struct ieee80211com *, int, int *, 461 struct ieee80211_channel[]); 462 static void run_scan_start(struct ieee80211com *); 463 static void run_scan_end(struct ieee80211com *); 464 static void run_update_beacon(struct ieee80211vap *, int); 465 static void run_update_beacon_cb(void *); 466 static void run_updateprot(struct ieee80211com *); 467 static void run_updateprot_cb(void *); 468 static void run_usb_timeout_cb(void *); 469 static void run_reset_livelock(struct run_softc *); 470 static void run_enable_tsf_sync(struct run_softc *); 471 static void run_enable_tsf(struct run_softc *); 472 static void run_disable_tsf(struct run_softc *); 473 static void run_get_tsf(struct run_softc *, uint64_t *); 474 static void run_enable_mrr(struct run_softc *); 475 static void run_set_txpreamble(struct run_softc *); 476 static void run_set_basicrates(struct run_softc *); 477 static void run_set_leds(struct run_softc *, uint16_t); 478 static void run_set_bssid(struct run_softc *, const uint8_t *); 479 static void run_set_macaddr(struct run_softc *, const uint8_t *); 480 static void run_updateslot(struct ieee80211com *); 481 static void run_updateslot_cb(void *); 482 static void run_update_mcast(struct ieee80211com *); 483 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 484 static void run_update_promisc_locked(struct run_softc *); 485 static void run_update_promisc(struct ieee80211com *); 486 static void run_rt5390_bbp_init(struct run_softc *); 487 static int run_bbp_init(struct run_softc *); 488 static int run_rt3070_rf_init(struct run_softc *); 489 static void run_rt3593_rf_init(struct run_softc *); 490 static void run_rt5390_rf_init(struct run_softc *); 491 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 492 uint8_t *); 493 static void run_rt3070_rf_setup(struct run_softc *); 494 static void run_rt3593_rf_setup(struct run_softc *); 495 static void run_rt5390_rf_setup(struct run_softc *); 496 static int run_txrx_enable(struct run_softc *); 497 static void run_adjust_freq_offset(struct run_softc *); 498 static void run_init_locked(struct run_softc *); 499 static void run_stop(void *); 500 static void run_delay(struct run_softc *, u_int); 501 static void run_update_chw(struct ieee80211com *ic); 502 static int run_ampdu_enable(struct ieee80211_node *ni, 503 struct ieee80211_tx_ampdu *tap); 504 505 static eventhandler_tag run_etag; 506 507 static const struct rt2860_rate { 508 uint8_t rate; 509 uint8_t mcs; 510 enum ieee80211_phytype phy; 511 uint8_t ctl_ridx; 512 uint16_t sp_ack_dur; 513 uint16_t lp_ack_dur; 514 } rt2860_rates[] = { 515 /* CCK rates (11b) */ 516 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 517 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 518 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 519 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 520 521 /* OFDM rates (11a / 11g) */ 522 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 523 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 524 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 525 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 526 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 527 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 528 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 529 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }, 530 531 /* MCS - single stream */ 532 { 0x80, 0, IEEE80211_T_HT, 4, 60, 60 }, 533 { 0x81, 1, IEEE80211_T_HT, 4, 60, 60 }, 534 { 0x82, 2, IEEE80211_T_HT, 4, 60, 60 }, 535 { 0x83, 3, IEEE80211_T_HT, 4, 60, 60 }, 536 { 0x84, 4, IEEE80211_T_HT, 4, 60, 60 }, 537 { 0x85, 5, IEEE80211_T_HT, 4, 60, 60 }, 538 { 0x86, 6, IEEE80211_T_HT, 4, 60, 60 }, 539 { 0x87, 7, IEEE80211_T_HT, 4, 60, 60 }, 540 541 /* MCS - 2 streams */ 542 { 0x88, 8, IEEE80211_T_HT, 4, 60, 60 }, 543 { 0x89, 9, IEEE80211_T_HT, 4, 60, 60 }, 544 { 0x8a, 10, IEEE80211_T_HT, 4, 60, 60 }, 545 { 0x8b, 11, IEEE80211_T_HT, 4, 60, 60 }, 546 { 0x8c, 12, IEEE80211_T_HT, 4, 60, 60 }, 547 { 0x8d, 13, IEEE80211_T_HT, 4, 60, 60 }, 548 { 0x8e, 14, IEEE80211_T_HT, 4, 60, 60 }, 549 { 0x8f, 15, IEEE80211_T_HT, 4, 60, 60 }, 550 551 /* MCS - 3 streams */ 552 { 0x90, 16, IEEE80211_T_HT, 4, 60, 60 }, 553 { 0x91, 17, IEEE80211_T_HT, 4, 60, 60 }, 554 { 0x92, 18, IEEE80211_T_HT, 4, 60, 60 }, 555 { 0x93, 19, IEEE80211_T_HT, 4, 60, 60 }, 556 { 0x94, 20, IEEE80211_T_HT, 4, 60, 60 }, 557 { 0x95, 21, IEEE80211_T_HT, 4, 60, 60 }, 558 { 0x96, 22, IEEE80211_T_HT, 4, 60, 60 }, 559 { 0x97, 23, IEEE80211_T_HT, 4, 60, 60 }, 560 }; 561 562 /* These are indexes into the above rt2860_rates[] array */ 563 #define RT2860_RIDX_CCK1 0 564 #define RT2860_RIDX_CCK11 3 565 #define RT2860_RIDX_OFDM6 4 566 #define RT2860_RIDX_MCS0 12 567 #define RT2860_RIDX_MAX 36 568 569 static const struct { 570 uint16_t reg; 571 uint32_t val; 572 } rt2870_def_mac[] = { 573 RT2870_DEF_MAC 574 }; 575 576 static const struct { 577 uint8_t reg; 578 uint8_t val; 579 } rt2860_def_bbp[] = { 580 RT2860_DEF_BBP 581 },rt5390_def_bbp[] = { 582 RT5390_DEF_BBP 583 },rt5592_def_bbp[] = { 584 RT5592_DEF_BBP 585 }; 586 587 /* 588 * Default values for BBP register R196 for RT5592. 589 */ 590 static const uint8_t rt5592_bbp_r196[] = { 591 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 592 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 593 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 594 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 595 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 596 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 597 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 598 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 599 0x2e, 0x36, 0x30, 0x6e 600 }; 601 602 static const struct rfprog { 603 uint8_t chan; 604 uint32_t r1, r2, r3, r4; 605 } rt2860_rf2850[] = { 606 RT2860_RF2850 607 }; 608 609 struct { 610 uint8_t n, r, k; 611 } rt3070_freqs[] = { 612 RT3070_RF3052 613 }; 614 615 static const struct rt5592_freqs { 616 uint16_t n; 617 uint8_t k, m, r; 618 } rt5592_freqs_20mhz[] = { 619 RT5592_RF5592_20MHZ 620 },rt5592_freqs_40mhz[] = { 621 RT5592_RF5592_40MHZ 622 }; 623 624 static const struct { 625 uint8_t reg; 626 uint8_t val; 627 } rt3070_def_rf[] = { 628 RT3070_DEF_RF 629 },rt3572_def_rf[] = { 630 RT3572_DEF_RF 631 },rt3593_def_rf[] = { 632 RT3593_DEF_RF 633 },rt5390_def_rf[] = { 634 RT5390_DEF_RF 635 },rt5392_def_rf[] = { 636 RT5392_DEF_RF 637 },rt5592_def_rf[] = { 638 RT5592_DEF_RF 639 },rt5592_2ghz_def_rf[] = { 640 RT5592_2GHZ_DEF_RF 641 },rt5592_5ghz_def_rf[] = { 642 RT5592_5GHZ_DEF_RF 643 }; 644 645 static const struct { 646 u_int firstchan; 647 u_int lastchan; 648 uint8_t reg; 649 uint8_t val; 650 } rt5592_chan_5ghz[] = { 651 RT5592_CHAN_5GHZ 652 }; 653 654 static const struct usb_config run_config[RUN_N_XFER] = { 655 [RUN_BULK_TX_BE] = { 656 .type = UE_BULK, 657 .endpoint = UE_ADDR_ANY, 658 .ep_index = 0, 659 .direction = UE_DIR_OUT, 660 .bufsize = RUN_MAX_TXSZ, 661 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 662 .callback = run_bulk_tx_callback0, 663 .timeout = 5000, /* ms */ 664 }, 665 [RUN_BULK_TX_BK] = { 666 .type = UE_BULK, 667 .endpoint = UE_ADDR_ANY, 668 .direction = UE_DIR_OUT, 669 .ep_index = 1, 670 .bufsize = RUN_MAX_TXSZ, 671 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 672 .callback = run_bulk_tx_callback1, 673 .timeout = 5000, /* ms */ 674 }, 675 [RUN_BULK_TX_VI] = { 676 .type = UE_BULK, 677 .endpoint = UE_ADDR_ANY, 678 .direction = UE_DIR_OUT, 679 .ep_index = 2, 680 .bufsize = RUN_MAX_TXSZ, 681 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 682 .callback = run_bulk_tx_callback2, 683 .timeout = 5000, /* ms */ 684 }, 685 [RUN_BULK_TX_VO] = { 686 .type = UE_BULK, 687 .endpoint = UE_ADDR_ANY, 688 .direction = UE_DIR_OUT, 689 .ep_index = 3, 690 .bufsize = RUN_MAX_TXSZ, 691 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 692 .callback = run_bulk_tx_callback3, 693 .timeout = 5000, /* ms */ 694 }, 695 [RUN_BULK_TX_HCCA] = { 696 .type = UE_BULK, 697 .endpoint = UE_ADDR_ANY, 698 .direction = UE_DIR_OUT, 699 .ep_index = 4, 700 .bufsize = RUN_MAX_TXSZ, 701 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 702 .callback = run_bulk_tx_callback4, 703 .timeout = 5000, /* ms */ 704 }, 705 [RUN_BULK_TX_PRIO] = { 706 .type = UE_BULK, 707 .endpoint = UE_ADDR_ANY, 708 .direction = UE_DIR_OUT, 709 .ep_index = 5, 710 .bufsize = RUN_MAX_TXSZ, 711 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 712 .callback = run_bulk_tx_callback5, 713 .timeout = 5000, /* ms */ 714 }, 715 [RUN_BULK_RX] = { 716 .type = UE_BULK, 717 .endpoint = UE_ADDR_ANY, 718 .direction = UE_DIR_IN, 719 .bufsize = RUN_MAX_RXSZ, 720 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 721 .callback = run_bulk_rx_callback, 722 } 723 }; 724 725 static void 726 run_autoinst(void *arg, struct usb_device *udev, 727 struct usb_attach_arg *uaa) 728 { 729 struct usb_interface *iface; 730 struct usb_interface_descriptor *id; 731 732 if (uaa->dev_state != UAA_DEV_READY) 733 return; 734 735 iface = usbd_get_iface(udev, 0); 736 if (iface == NULL) 737 return; 738 id = iface->idesc; 739 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 740 return; 741 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 742 return; 743 744 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 745 uaa->dev_state = UAA_DEV_EJECTING; 746 } 747 748 static int 749 run_driver_loaded(struct module *mod, int what, void *arg) 750 { 751 switch (what) { 752 case MOD_LOAD: 753 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 754 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 755 break; 756 case MOD_UNLOAD: 757 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 758 break; 759 default: 760 return (EOPNOTSUPP); 761 } 762 return (0); 763 } 764 765 static int 766 run_match(device_t self) 767 { 768 struct usb_attach_arg *uaa = device_get_ivars(self); 769 770 if (uaa->usb_mode != USB_MODE_HOST) 771 return (ENXIO); 772 if (uaa->info.bConfigIndex != 0) 773 return (ENXIO); 774 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 775 return (ENXIO); 776 777 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 778 } 779 780 static int 781 run_attach(device_t self) 782 { 783 struct run_softc *sc = device_get_softc(self); 784 struct usb_attach_arg *uaa = device_get_ivars(self); 785 struct ieee80211com *ic = &sc->sc_ic; 786 uint32_t ver; 787 uint8_t iface_index; 788 int ntries, error; 789 790 device_set_usb_desc(self); 791 sc->sc_udev = uaa->device; 792 sc->sc_dev = self; 793 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 794 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 795 796 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 797 MTX_NETWORK_LOCK, MTX_DEF); 798 mbufq_init(&sc->sc_snd, ifqmaxlen); 799 800 iface_index = RT2860_IFACE_INDEX; 801 802 error = usbd_transfer_setup(uaa->device, &iface_index, 803 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 804 if (error) { 805 device_printf(self, "could not allocate USB transfers, " 806 "err=%s\n", usbd_errstr(error)); 807 goto detach; 808 } 809 810 RUN_LOCK(sc); 811 812 /* wait for the chip to settle */ 813 for (ntries = 0; ntries < 100; ntries++) { 814 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 815 RUN_UNLOCK(sc); 816 goto detach; 817 } 818 if (ver != 0 && ver != 0xffffffff) 819 break; 820 run_delay(sc, 10); 821 } 822 if (ntries == 100) { 823 device_printf(sc->sc_dev, 824 "timeout waiting for NIC to initialize\n"); 825 RUN_UNLOCK(sc); 826 goto detach; 827 } 828 sc->mac_ver = ver >> 16; 829 sc->mac_rev = ver & 0xffff; 830 831 /* retrieve RF rev. no and various other things from EEPROM */ 832 run_read_eeprom(sc); 833 834 device_printf(sc->sc_dev, 835 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 836 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 837 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 838 839 RUN_UNLOCK(sc); 840 841 ic->ic_softc = sc; 842 ic->ic_name = device_get_nameunit(self); 843 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 844 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 845 846 /* set device capabilities */ 847 ic->ic_caps = 848 IEEE80211_C_STA | /* station mode supported */ 849 IEEE80211_C_MONITOR | /* monitor mode supported */ 850 IEEE80211_C_IBSS | 851 IEEE80211_C_HOSTAP | 852 IEEE80211_C_WDS | /* 4-address traffic works */ 853 IEEE80211_C_MBSS | 854 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 855 IEEE80211_C_SHSLOT | /* short slot time supported */ 856 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */ 857 IEEE80211_C_FF | /* Atheros fast-frames */ 858 IEEE80211_C_WME | /* WME */ 859 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 860 861 /* 862 * RF2020 is not an 11n device. 863 */ 864 if (sc->rf_rev != RT3070_RF_2020) { 865 device_printf(sc->sc_dev, "[HT] Enabling 802.11n\n"); 866 ic->ic_htcaps = 867 IEEE80211_HTC_HT | 868 IEEE80211_HTC_AMPDU | 869 IEEE80211_HTC_AMSDU | 870 IEEE80211_HTCAP_MAXAMSDU_3839 | 871 IEEE80211_HTCAP_SMPS_OFF; 872 873 ic->ic_rxstream = sc->nrxchains; 874 ic->ic_txstream = sc->ntxchains; 875 } 876 877 ic->ic_cryptocaps = 878 IEEE80211_CRYPTO_WEP | 879 IEEE80211_CRYPTO_AES_CCM | 880 IEEE80211_CRYPTO_TKIPMIC | 881 IEEE80211_CRYPTO_TKIP; 882 883 ic->ic_flags |= IEEE80211_F_DATAPAD; 884 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 885 886 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 887 ic->ic_channels); 888 889 ieee80211_ifattach(ic); 890 891 ic->ic_scan_start = run_scan_start; 892 ic->ic_scan_end = run_scan_end; 893 ic->ic_set_channel = run_set_channel; 894 ic->ic_getradiocaps = run_getradiocaps; 895 ic->ic_node_alloc = run_node_alloc; 896 ic->ic_newassoc = run_newassoc; 897 ic->ic_updateslot = run_updateslot; 898 ic->ic_update_mcast = run_update_mcast; 899 ic->ic_wme.wme_update = run_wme_update; 900 ic->ic_raw_xmit = run_raw_xmit; 901 ic->ic_update_promisc = run_update_promisc; 902 ic->ic_vap_create = run_vap_create; 903 ic->ic_vap_delete = run_vap_delete; 904 ic->ic_transmit = run_transmit; 905 ic->ic_parent = run_parent; 906 ic->ic_update_chw = run_update_chw; 907 ic->ic_ampdu_enable = run_ampdu_enable; 908 909 ieee80211_radiotap_attach(ic, 910 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 911 RUN_TX_RADIOTAP_PRESENT, 912 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 913 RUN_RX_RADIOTAP_PRESENT); 914 915 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 916 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 917 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 918 919 if (bootverbose) 920 ieee80211_announce(ic); 921 922 return (0); 923 924 detach: 925 run_detach(self); 926 return (ENXIO); 927 } 928 929 static void 930 run_drain_mbufq(struct run_softc *sc) 931 { 932 struct mbuf *m; 933 struct ieee80211_node *ni; 934 935 RUN_LOCK_ASSERT(sc, MA_OWNED); 936 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 937 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 938 m->m_pkthdr.rcvif = NULL; 939 ieee80211_free_node(ni); 940 m_freem(m); 941 } 942 } 943 944 static int 945 run_detach(device_t self) 946 { 947 struct run_softc *sc = device_get_softc(self); 948 struct ieee80211com *ic = &sc->sc_ic; 949 int i; 950 951 RUN_LOCK(sc); 952 sc->sc_detached = 1; 953 RUN_UNLOCK(sc); 954 955 /* stop all USB transfers */ 956 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 957 958 RUN_LOCK(sc); 959 sc->ratectl_run = RUN_RATECTL_OFF; 960 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 961 962 /* free TX list, if any */ 963 for (i = 0; i != RUN_EP_QUEUES; i++) 964 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 965 966 /* Free TX queue */ 967 run_drain_mbufq(sc); 968 RUN_UNLOCK(sc); 969 970 if (sc->sc_ic.ic_softc == sc) { 971 /* drain tasks */ 972 usb_callout_drain(&sc->ratectl_ch); 973 ieee80211_draintask(ic, &sc->cmdq_task); 974 ieee80211_draintask(ic, &sc->ratectl_task); 975 ieee80211_ifdetach(ic); 976 } 977 978 mtx_destroy(&sc->sc_mtx); 979 980 return (0); 981 } 982 983 static struct ieee80211vap * 984 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 985 enum ieee80211_opmode opmode, int flags, 986 const uint8_t bssid[IEEE80211_ADDR_LEN], 987 const uint8_t mac[IEEE80211_ADDR_LEN]) 988 { 989 struct run_softc *sc = ic->ic_softc; 990 struct run_vap *rvp; 991 struct ieee80211vap *vap; 992 int i; 993 994 if (sc->rvp_cnt >= RUN_VAP_MAX) { 995 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 996 return (NULL); 997 } 998 999 switch (opmode) { 1000 case IEEE80211_M_STA: 1001 /* enable s/w bmiss handling for sta mode */ 1002 flags |= IEEE80211_CLONE_NOBEACONS; 1003 /* fall though */ 1004 case IEEE80211_M_IBSS: 1005 case IEEE80211_M_MONITOR: 1006 case IEEE80211_M_HOSTAP: 1007 case IEEE80211_M_MBSS: 1008 /* other than WDS vaps, only one at a time */ 1009 if (!TAILQ_EMPTY(&ic->ic_vaps)) 1010 return (NULL); 1011 break; 1012 case IEEE80211_M_WDS: 1013 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 1014 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 1015 continue; 1016 /* WDS vap's always share the local mac address. */ 1017 flags &= ~IEEE80211_CLONE_BSSID; 1018 break; 1019 } 1020 if (vap == NULL) { 1021 device_printf(sc->sc_dev, 1022 "wds only supported in ap mode\n"); 1023 return (NULL); 1024 } 1025 break; 1026 default: 1027 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 1028 return (NULL); 1029 } 1030 1031 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 1032 vap = &rvp->vap; 1033 1034 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 1035 bssid) != 0) { 1036 /* out of memory */ 1037 free(rvp, M_80211_VAP); 1038 return (NULL); 1039 } 1040 1041 vap->iv_update_beacon = run_update_beacon; 1042 vap->iv_max_aid = RT2870_WCID_MAX; 1043 1044 /* 1045 * The linux rt2800 driver limits 1 stream devices to a 32KB 1046 * RX AMPDU. 1047 */ 1048 if (ic->ic_rxstream > 1) 1049 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K; 1050 else 1051 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K; 1052 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_2; /* 2uS */ 1053 1054 /* 1055 * To delete the right key from h/w, we need wcid. 1056 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 1057 * and matching wcid will be written into there. So, cast 1058 * some spells to remove 'const' from ieee80211_key{} 1059 */ 1060 vap->iv_key_delete = (void *)run_key_delete; 1061 vap->iv_key_set = (void *)run_key_set; 1062 1063 /* override state transition machine */ 1064 rvp->newstate = vap->iv_newstate; 1065 vap->iv_newstate = run_newstate; 1066 if (opmode == IEEE80211_M_IBSS) { 1067 rvp->recv_mgmt = vap->iv_recv_mgmt; 1068 vap->iv_recv_mgmt = run_recv_mgmt; 1069 } 1070 1071 ieee80211_ratectl_init(vap); 1072 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 1073 1074 /* complete setup */ 1075 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 1076 mac); 1077 1078 /* make sure id is always unique */ 1079 for (i = 0; i < RUN_VAP_MAX; i++) { 1080 if((sc->rvp_bmap & 1 << i) == 0){ 1081 sc->rvp_bmap |= 1 << i; 1082 rvp->rvp_id = i; 1083 break; 1084 } 1085 } 1086 if (sc->rvp_cnt++ == 0) 1087 ic->ic_opmode = opmode; 1088 1089 if (opmode == IEEE80211_M_HOSTAP) 1090 sc->cmdq_run = RUN_CMDQ_GO; 1091 1092 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1093 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1094 1095 return (vap); 1096 } 1097 1098 static void 1099 run_vap_delete(struct ieee80211vap *vap) 1100 { 1101 struct run_vap *rvp = RUN_VAP(vap); 1102 struct ieee80211com *ic; 1103 struct run_softc *sc; 1104 uint8_t rvp_id; 1105 1106 if (vap == NULL) 1107 return; 1108 1109 ic = vap->iv_ic; 1110 sc = ic->ic_softc; 1111 1112 RUN_LOCK(sc); 1113 1114 m_freem(rvp->beacon_mbuf); 1115 rvp->beacon_mbuf = NULL; 1116 1117 rvp_id = rvp->rvp_id; 1118 sc->ratectl_run &= ~(1 << rvp_id); 1119 sc->rvp_bmap &= ~(1 << rvp_id); 1120 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1121 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1122 --sc->rvp_cnt; 1123 1124 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1125 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1126 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1127 1128 RUN_UNLOCK(sc); 1129 1130 ieee80211_ratectl_deinit(vap); 1131 ieee80211_vap_detach(vap); 1132 free(rvp, M_80211_VAP); 1133 } 1134 1135 /* 1136 * There are numbers of functions need to be called in context thread. 1137 * Rather than creating taskqueue event for each of those functions, 1138 * here is all-for-one taskqueue callback function. This function 1139 * guarantees deferred functions are executed in the same order they 1140 * were enqueued. 1141 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1142 */ 1143 static void 1144 run_cmdq_cb(void *arg, int pending) 1145 { 1146 struct run_softc *sc = arg; 1147 uint8_t i; 1148 1149 /* call cmdq[].func locked */ 1150 RUN_LOCK(sc); 1151 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1152 i = sc->cmdq_exec, pending--) { 1153 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1154 i, pending); 1155 if (sc->cmdq_run == RUN_CMDQ_GO) { 1156 /* 1157 * If arg0 is NULL, callback func needs more 1158 * than one arg. So, pass ptr to cmdq struct. 1159 */ 1160 if (sc->cmdq[i].arg0) 1161 sc->cmdq[i].func(sc->cmdq[i].arg0); 1162 else 1163 sc->cmdq[i].func(&sc->cmdq[i]); 1164 } 1165 sc->cmdq[i].arg0 = NULL; 1166 sc->cmdq[i].func = NULL; 1167 sc->cmdq_exec++; 1168 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1169 } 1170 RUN_UNLOCK(sc); 1171 } 1172 1173 static void 1174 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1175 { 1176 struct run_tx_data *data; 1177 1178 memset(pq, 0, sizeof(*pq)); 1179 1180 STAILQ_INIT(&pq->tx_qh); 1181 STAILQ_INIT(&pq->tx_fh); 1182 1183 for (data = &pq->tx_data[0]; 1184 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1185 data->sc = sc; 1186 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1187 } 1188 pq->tx_nfree = RUN_TX_RING_COUNT; 1189 } 1190 1191 static void 1192 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1193 { 1194 struct run_tx_data *data; 1195 1196 /* make sure any subsequent use of the queues will fail */ 1197 pq->tx_nfree = 0; 1198 STAILQ_INIT(&pq->tx_fh); 1199 STAILQ_INIT(&pq->tx_qh); 1200 1201 /* free up all node references and mbufs */ 1202 for (data = &pq->tx_data[0]; 1203 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1204 if (data->m != NULL) { 1205 m_freem(data->m); 1206 data->m = NULL; 1207 } 1208 if (data->ni != NULL) { 1209 ieee80211_free_node(data->ni); 1210 data->ni = NULL; 1211 } 1212 } 1213 } 1214 1215 static int 1216 run_load_microcode(struct run_softc *sc) 1217 { 1218 usb_device_request_t req; 1219 const struct firmware *fw; 1220 const u_char *base; 1221 uint32_t tmp; 1222 int ntries, error; 1223 const uint64_t *temp; 1224 uint64_t bytes; 1225 1226 RUN_UNLOCK(sc); 1227 fw = firmware_get("runfw"); 1228 RUN_LOCK(sc); 1229 if (fw == NULL) { 1230 device_printf(sc->sc_dev, 1231 "failed loadfirmware of file %s\n", "runfw"); 1232 return ENOENT; 1233 } 1234 1235 if (fw->datasize != 8192) { 1236 device_printf(sc->sc_dev, 1237 "invalid firmware size (should be 8KB)\n"); 1238 error = EINVAL; 1239 goto fail; 1240 } 1241 1242 /* 1243 * RT3071/RT3072 use a different firmware 1244 * run-rt2870 (8KB) contains both, 1245 * first half (4KB) is for rt2870, 1246 * last half is for rt3071. 1247 */ 1248 base = fw->data; 1249 if ((sc->mac_ver) != 0x2860 && 1250 (sc->mac_ver) != 0x2872 && 1251 (sc->mac_ver) != 0x3070) { 1252 base += 4096; 1253 } 1254 1255 /* cheap sanity check */ 1256 temp = fw->data; 1257 bytes = *temp; 1258 if (bytes != be64toh(0xffffff0210280210ULL)) { 1259 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1260 error = EINVAL; 1261 goto fail; 1262 } 1263 1264 /* write microcode image */ 1265 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1266 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1267 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1268 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1269 } 1270 1271 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1272 req.bRequest = RT2870_RESET; 1273 USETW(req.wValue, 8); 1274 USETW(req.wIndex, 0); 1275 USETW(req.wLength, 0); 1276 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1277 != 0) { 1278 device_printf(sc->sc_dev, "firmware reset failed\n"); 1279 goto fail; 1280 } 1281 1282 run_delay(sc, 10); 1283 1284 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1285 run_write(sc, RT2860_H2M_MAILBOX, 0); 1286 run_write(sc, RT2860_H2M_INTSRC, 0); 1287 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1288 goto fail; 1289 1290 /* wait until microcontroller is ready */ 1291 for (ntries = 0; ntries < 1000; ntries++) { 1292 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1293 goto fail; 1294 if (tmp & RT2860_MCU_READY) 1295 break; 1296 run_delay(sc, 10); 1297 } 1298 if (ntries == 1000) { 1299 device_printf(sc->sc_dev, 1300 "timeout waiting for MCU to initialize\n"); 1301 error = ETIMEDOUT; 1302 goto fail; 1303 } 1304 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1305 (base == fw->data) ? "RT2870" : "RT3071", 1306 *(base + 4092), *(base + 4093)); 1307 1308 fail: 1309 firmware_put(fw, FIRMWARE_UNLOAD); 1310 return (error); 1311 } 1312 1313 static int 1314 run_reset(struct run_softc *sc) 1315 { 1316 usb_device_request_t req; 1317 1318 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1319 req.bRequest = RT2870_RESET; 1320 USETW(req.wValue, 1); 1321 USETW(req.wIndex, 0); 1322 USETW(req.wLength, 0); 1323 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1324 } 1325 1326 static usb_error_t 1327 run_do_request(struct run_softc *sc, 1328 struct usb_device_request *req, void *data) 1329 { 1330 usb_error_t err; 1331 int ntries = 10; 1332 1333 RUN_LOCK_ASSERT(sc, MA_OWNED); 1334 1335 while (ntries--) { 1336 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1337 req, data, 0, NULL, 250 /* ms */); 1338 if (err == 0) 1339 break; 1340 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1341 "Control request failed, %s (retrying)\n", 1342 usbd_errstr(err)); 1343 run_delay(sc, 10); 1344 } 1345 return (err); 1346 } 1347 1348 static int 1349 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1350 { 1351 uint32_t tmp; 1352 int error; 1353 1354 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1355 if (error == 0) 1356 *val = le32toh(tmp); 1357 else 1358 *val = 0xffffffff; 1359 return (error); 1360 } 1361 1362 static int 1363 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1364 { 1365 usb_device_request_t req; 1366 1367 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1368 req.bRequest = RT2870_READ_REGION_1; 1369 USETW(req.wValue, 0); 1370 USETW(req.wIndex, reg); 1371 USETW(req.wLength, len); 1372 1373 return (run_do_request(sc, &req, buf)); 1374 } 1375 1376 static int 1377 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1378 { 1379 usb_device_request_t req; 1380 1381 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1382 req.bRequest = RT2870_WRITE_2; 1383 USETW(req.wValue, val); 1384 USETW(req.wIndex, reg); 1385 USETW(req.wLength, 0); 1386 1387 return (run_do_request(sc, &req, NULL)); 1388 } 1389 1390 static int 1391 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1392 { 1393 int error; 1394 1395 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1396 error = run_write_2(sc, reg + 2, val >> 16); 1397 return (error); 1398 } 1399 1400 static int 1401 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1402 int len) 1403 { 1404 #if 1 1405 int i, error = 0; 1406 /* 1407 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1408 * We thus issue multiple WRITE_2 commands instead. 1409 */ 1410 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1411 for (i = 0; i < len && error == 0; i += 2) 1412 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1413 return (error); 1414 #else 1415 usb_device_request_t req; 1416 int error = 0; 1417 1418 /* 1419 * NOTE: It appears the WRITE_REGION_1 command cannot be 1420 * passed a huge amount of data, which will crash the 1421 * firmware. Limit amount of data passed to 64-bytes at a 1422 * time. 1423 */ 1424 while (len > 0) { 1425 int delta = 64; 1426 if (delta > len) 1427 delta = len; 1428 1429 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1430 req.bRequest = RT2870_WRITE_REGION_1; 1431 USETW(req.wValue, 0); 1432 USETW(req.wIndex, reg); 1433 USETW(req.wLength, delta); 1434 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1435 if (error != 0) 1436 break; 1437 reg += delta; 1438 buf += delta; 1439 len -= delta; 1440 } 1441 return (error); 1442 #endif 1443 } 1444 1445 static int 1446 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1447 { 1448 int i, error = 0; 1449 1450 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1451 for (i = 0; i < len && error == 0; i += 4) 1452 error = run_write(sc, reg + i, val); 1453 return (error); 1454 } 1455 1456 static int 1457 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1458 { 1459 uint32_t tmp; 1460 uint16_t reg; 1461 int error, ntries; 1462 1463 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1464 return (error); 1465 1466 if (count == 2) 1467 addr *= 2; 1468 /*- 1469 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1470 * DATA0: F E D C 1471 * DATA1: B A 9 8 1472 * DATA2: 7 6 5 4 1473 * DATA3: 3 2 1 0 1474 */ 1475 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1476 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1477 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1478 for (ntries = 0; ntries < 100; ntries++) { 1479 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1480 return (error); 1481 if (!(tmp & RT3070_EFSROM_KICK)) 1482 break; 1483 run_delay(sc, 2); 1484 } 1485 if (ntries == 100) 1486 return (ETIMEDOUT); 1487 1488 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1489 *val = 0xffff; /* address not found */ 1490 return (0); 1491 } 1492 /* determine to which 32-bit register our 16-bit word belongs */ 1493 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1494 if ((error = run_read(sc, reg, &tmp)) != 0) 1495 return (error); 1496 1497 tmp >>= (8 * (addr & 0x3)); 1498 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1499 1500 return (0); 1501 } 1502 1503 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1504 static int 1505 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1506 { 1507 return (run_efuse_read(sc, addr, val, 2)); 1508 } 1509 1510 static int 1511 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1512 { 1513 usb_device_request_t req; 1514 uint16_t tmp; 1515 int error; 1516 1517 addr *= 2; 1518 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1519 req.bRequest = RT2870_EEPROM_READ; 1520 USETW(req.wValue, 0); 1521 USETW(req.wIndex, addr); 1522 USETW(req.wLength, sizeof(tmp)); 1523 1524 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1525 if (error == 0) 1526 *val = le16toh(tmp); 1527 else 1528 *val = 0xffff; 1529 return (error); 1530 } 1531 1532 static __inline int 1533 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1534 { 1535 /* either eFUSE ROM or EEPROM */ 1536 return sc->sc_srom_read(sc, addr, val); 1537 } 1538 1539 static int 1540 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1541 { 1542 uint32_t tmp; 1543 int error, ntries; 1544 1545 for (ntries = 0; ntries < 10; ntries++) { 1546 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1547 return (error); 1548 if (!(tmp & RT2860_RF_REG_CTRL)) 1549 break; 1550 } 1551 if (ntries == 10) 1552 return (ETIMEDOUT); 1553 1554 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1555 } 1556 1557 static int 1558 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1559 { 1560 uint32_t tmp; 1561 int error, ntries; 1562 1563 for (ntries = 0; ntries < 100; ntries++) { 1564 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1565 return (error); 1566 if (!(tmp & RT3070_RF_KICK)) 1567 break; 1568 } 1569 if (ntries == 100) 1570 return (ETIMEDOUT); 1571 1572 tmp = RT3070_RF_KICK | reg << 8; 1573 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1574 return (error); 1575 1576 for (ntries = 0; ntries < 100; ntries++) { 1577 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1578 return (error); 1579 if (!(tmp & RT3070_RF_KICK)) 1580 break; 1581 } 1582 if (ntries == 100) 1583 return (ETIMEDOUT); 1584 1585 *val = tmp & 0xff; 1586 return (0); 1587 } 1588 1589 static int 1590 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1591 { 1592 uint32_t tmp; 1593 int error, ntries; 1594 1595 for (ntries = 0; ntries < 10; ntries++) { 1596 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1597 return (error); 1598 if (!(tmp & RT3070_RF_KICK)) 1599 break; 1600 } 1601 if (ntries == 10) 1602 return (ETIMEDOUT); 1603 1604 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1605 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1606 } 1607 1608 static int 1609 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1610 { 1611 uint32_t tmp; 1612 int ntries, error; 1613 1614 for (ntries = 0; ntries < 10; ntries++) { 1615 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1616 return (error); 1617 if (!(tmp & RT2860_BBP_CSR_KICK)) 1618 break; 1619 } 1620 if (ntries == 10) 1621 return (ETIMEDOUT); 1622 1623 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1624 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1625 return (error); 1626 1627 for (ntries = 0; ntries < 10; ntries++) { 1628 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1629 return (error); 1630 if (!(tmp & RT2860_BBP_CSR_KICK)) 1631 break; 1632 } 1633 if (ntries == 10) 1634 return (ETIMEDOUT); 1635 1636 *val = tmp & 0xff; 1637 return (0); 1638 } 1639 1640 static int 1641 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1642 { 1643 uint32_t tmp; 1644 int ntries, error; 1645 1646 for (ntries = 0; ntries < 10; ntries++) { 1647 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1648 return (error); 1649 if (!(tmp & RT2860_BBP_CSR_KICK)) 1650 break; 1651 } 1652 if (ntries == 10) 1653 return (ETIMEDOUT); 1654 1655 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1656 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1657 } 1658 1659 /* 1660 * Send a command to the 8051 microcontroller unit. 1661 */ 1662 static int 1663 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1664 { 1665 uint32_t tmp; 1666 int error, ntries; 1667 1668 for (ntries = 0; ntries < 100; ntries++) { 1669 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1670 return error; 1671 if (!(tmp & RT2860_H2M_BUSY)) 1672 break; 1673 } 1674 if (ntries == 100) 1675 return ETIMEDOUT; 1676 1677 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1678 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1679 error = run_write(sc, RT2860_HOST_CMD, cmd); 1680 return (error); 1681 } 1682 1683 /* 1684 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1685 * Used to adjust per-rate Tx power registers. 1686 */ 1687 static __inline uint32_t 1688 b4inc(uint32_t b32, int8_t delta) 1689 { 1690 int8_t i, b4; 1691 1692 for (i = 0; i < 8; i++) { 1693 b4 = b32 & 0xf; 1694 b4 += delta; 1695 if (b4 < 0) 1696 b4 = 0; 1697 else if (b4 > 0xf) 1698 b4 = 0xf; 1699 b32 = b32 >> 4 | b4 << 28; 1700 } 1701 return (b32); 1702 } 1703 1704 static const char * 1705 run_get_rf(uint16_t rev) 1706 { 1707 switch (rev) { 1708 case RT2860_RF_2820: return "RT2820"; 1709 case RT2860_RF_2850: return "RT2850"; 1710 case RT2860_RF_2720: return "RT2720"; 1711 case RT2860_RF_2750: return "RT2750"; 1712 case RT3070_RF_3020: return "RT3020"; 1713 case RT3070_RF_2020: return "RT2020"; 1714 case RT3070_RF_3021: return "RT3021"; 1715 case RT3070_RF_3022: return "RT3022"; 1716 case RT3070_RF_3052: return "RT3052"; 1717 case RT3593_RF_3053: return "RT3053"; 1718 case RT5592_RF_5592: return "RT5592"; 1719 case RT5390_RF_5370: return "RT5370"; 1720 case RT5390_RF_5372: return "RT5372"; 1721 } 1722 return ("unknown"); 1723 } 1724 1725 static void 1726 run_rt3593_get_txpower(struct run_softc *sc) 1727 { 1728 uint16_t addr, val; 1729 int i; 1730 1731 /* Read power settings for 2GHz channels. */ 1732 for (i = 0; i < 14; i += 2) { 1733 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1734 RT2860_EEPROM_PWR2GHZ_BASE1; 1735 run_srom_read(sc, addr + i / 2, &val); 1736 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1737 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1738 1739 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1740 RT2860_EEPROM_PWR2GHZ_BASE2; 1741 run_srom_read(sc, addr + i / 2, &val); 1742 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1743 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1744 1745 if (sc->ntxchains == 3) { 1746 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1747 &val); 1748 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1749 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1750 } 1751 } 1752 /* Fix broken Tx power entries. */ 1753 for (i = 0; i < 14; i++) { 1754 if (sc->txpow1[i] > 31) 1755 sc->txpow1[i] = 5; 1756 if (sc->txpow2[i] > 31) 1757 sc->txpow2[i] = 5; 1758 if (sc->ntxchains == 3) { 1759 if (sc->txpow3[i] > 31) 1760 sc->txpow3[i] = 5; 1761 } 1762 } 1763 /* Read power settings for 5GHz channels. */ 1764 for (i = 0; i < 40; i += 2) { 1765 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1766 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1767 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1768 1769 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1770 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1771 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1772 1773 if (sc->ntxchains == 3) { 1774 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1775 &val); 1776 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1777 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1778 } 1779 } 1780 } 1781 1782 static void 1783 run_get_txpower(struct run_softc *sc) 1784 { 1785 uint16_t val; 1786 int i; 1787 1788 /* Read power settings for 2GHz channels. */ 1789 for (i = 0; i < 14; i += 2) { 1790 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1791 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1792 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1793 1794 if (sc->mac_ver != 0x5390) { 1795 run_srom_read(sc, 1796 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1797 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1798 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1799 } 1800 } 1801 /* Fix broken Tx power entries. */ 1802 for (i = 0; i < 14; i++) { 1803 if (sc->mac_ver >= 0x5390) { 1804 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1805 sc->txpow1[i] = 5; 1806 } else { 1807 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1808 sc->txpow1[i] = 5; 1809 } 1810 if (sc->mac_ver > 0x5390) { 1811 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1812 sc->txpow2[i] = 5; 1813 } else if (sc->mac_ver < 0x5390) { 1814 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1815 sc->txpow2[i] = 5; 1816 } 1817 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1818 "chan %d: power1=%d, power2=%d\n", 1819 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1820 } 1821 /* Read power settings for 5GHz channels. */ 1822 for (i = 0; i < 40; i += 2) { 1823 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1824 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1825 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1826 1827 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1828 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1829 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1830 } 1831 /* Fix broken Tx power entries. */ 1832 for (i = 0; i < 40; i++ ) { 1833 if (sc->mac_ver != 0x5592) { 1834 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1835 sc->txpow1[14 + i] = 5; 1836 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1837 sc->txpow2[14 + i] = 5; 1838 } 1839 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1840 "chan %d: power1=%d, power2=%d\n", 1841 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1842 sc->txpow2[14 + i]); 1843 } 1844 } 1845 1846 static int 1847 run_read_eeprom(struct run_softc *sc) 1848 { 1849 struct ieee80211com *ic = &sc->sc_ic; 1850 int8_t delta_2ghz, delta_5ghz; 1851 uint32_t tmp; 1852 uint16_t val; 1853 int ridx, ant, i; 1854 1855 /* check whether the ROM is eFUSE ROM or EEPROM */ 1856 sc->sc_srom_read = run_eeprom_read_2; 1857 if (sc->mac_ver >= 0x3070) { 1858 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1859 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1860 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1861 sc->sc_srom_read = run_efuse_read_2; 1862 } 1863 1864 /* read ROM version */ 1865 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1866 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1867 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1868 1869 /* read MAC address */ 1870 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1871 ic->ic_macaddr[0] = val & 0xff; 1872 ic->ic_macaddr[1] = val >> 8; 1873 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1874 ic->ic_macaddr[2] = val & 0xff; 1875 ic->ic_macaddr[3] = val >> 8; 1876 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1877 ic->ic_macaddr[4] = val & 0xff; 1878 ic->ic_macaddr[5] = val >> 8; 1879 1880 if (sc->mac_ver < 0x3593) { 1881 /* read vender BBP settings */ 1882 for (i = 0; i < 10; i++) { 1883 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1884 sc->bbp[i].val = val & 0xff; 1885 sc->bbp[i].reg = val >> 8; 1886 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1887 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1888 } 1889 if (sc->mac_ver >= 0x3071) { 1890 /* read vendor RF settings */ 1891 for (i = 0; i < 10; i++) { 1892 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1893 &val); 1894 sc->rf[i].val = val & 0xff; 1895 sc->rf[i].reg = val >> 8; 1896 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1897 sc->rf[i].reg, sc->rf[i].val); 1898 } 1899 } 1900 } 1901 1902 /* read RF frequency offset from EEPROM */ 1903 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1904 RT3593_EEPROM_FREQ, &val); 1905 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1906 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1907 sc->freq & 0xff); 1908 1909 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1910 RT3593_EEPROM_FREQ_LEDS, &val); 1911 if (val >> 8 != 0xff) { 1912 /* read LEDs operating mode */ 1913 sc->leds = val >> 8; 1914 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1915 RT3593_EEPROM_LED1, &sc->led[0]); 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1917 RT3593_EEPROM_LED2, &sc->led[1]); 1918 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1919 RT3593_EEPROM_LED3, &sc->led[2]); 1920 } else { 1921 /* broken EEPROM, use default settings */ 1922 sc->leds = 0x01; 1923 sc->led[0] = 0x5555; 1924 sc->led[1] = 0x2221; 1925 sc->led[2] = 0x5627; /* differs from RT2860 */ 1926 } 1927 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1928 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1929 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1930 1931 /* read RF information */ 1932 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1933 run_srom_read(sc, 0x00, &val); 1934 else 1935 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1936 1937 if (val == 0xffff) { 1938 device_printf(sc->sc_dev, 1939 "invalid EEPROM antenna info, using default\n"); 1940 if (sc->mac_ver == 0x3572) { 1941 /* default to RF3052 2T2R */ 1942 sc->rf_rev = RT3070_RF_3052; 1943 sc->ntxchains = 2; 1944 sc->nrxchains = 2; 1945 } else if (sc->mac_ver >= 0x3070) { 1946 /* default to RF3020 1T1R */ 1947 sc->rf_rev = RT3070_RF_3020; 1948 sc->ntxchains = 1; 1949 sc->nrxchains = 1; 1950 } else { 1951 /* default to RF2820 1T2R */ 1952 sc->rf_rev = RT2860_RF_2820; 1953 sc->ntxchains = 1; 1954 sc->nrxchains = 2; 1955 } 1956 } else { 1957 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1958 sc->rf_rev = val; 1959 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1960 } else 1961 sc->rf_rev = (val >> 8) & 0xf; 1962 sc->ntxchains = (val >> 4) & 0xf; 1963 sc->nrxchains = val & 0xf; 1964 } 1965 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1966 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1967 1968 /* check if RF supports automatic Tx access gain control */ 1969 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1970 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1971 /* check if driver should patch the DAC issue */ 1972 if ((val >> 8) != 0xff) 1973 sc->patch_dac = (val >> 15) & 1; 1974 if ((val & 0xff) != 0xff) { 1975 sc->ext_5ghz_lna = (val >> 3) & 1; 1976 sc->ext_2ghz_lna = (val >> 2) & 1; 1977 /* check if RF supports automatic Tx access gain control */ 1978 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1979 /* check if we have a hardware radio switch */ 1980 sc->rfswitch = val & 1; 1981 } 1982 1983 /* Read Tx power settings. */ 1984 if (sc->mac_ver == 0x3593) 1985 run_rt3593_get_txpower(sc); 1986 else 1987 run_get_txpower(sc); 1988 1989 /* read Tx power compensation for each Tx rate */ 1990 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1991 delta_2ghz = delta_5ghz = 0; 1992 if ((val & 0xff) != 0xff && (val & 0x80)) { 1993 delta_2ghz = val & 0xf; 1994 if (!(val & 0x40)) /* negative number */ 1995 delta_2ghz = -delta_2ghz; 1996 } 1997 val >>= 8; 1998 if ((val & 0xff) != 0xff && (val & 0x80)) { 1999 delta_5ghz = val & 0xf; 2000 if (!(val & 0x40)) /* negative number */ 2001 delta_5ghz = -delta_5ghz; 2002 } 2003 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2004 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 2005 2006 for (ridx = 0; ridx < 5; ridx++) { 2007 uint32_t reg; 2008 2009 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 2010 reg = val; 2011 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 2012 reg |= (uint32_t)val << 16; 2013 2014 sc->txpow20mhz[ridx] = reg; 2015 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 2016 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 2017 2018 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2019 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 2020 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 2021 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 2022 } 2023 2024 /* Read RSSI offsets and LNA gains from EEPROM. */ 2025 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 2026 RT3593_EEPROM_RSSI1_2GHZ, &val); 2027 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 2028 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 2029 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 2030 RT3593_EEPROM_RSSI2_2GHZ, &val); 2031 if (sc->mac_ver >= 0x3070) { 2032 if (sc->mac_ver == 0x3593) { 2033 sc->txmixgain_2ghz = 0; 2034 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2035 } else { 2036 /* 2037 * On RT3070 chips (limited to 2 Rx chains), this ROM 2038 * field contains the Tx mixer gain for the 2GHz band. 2039 */ 2040 if ((val & 0xff) != 0xff) 2041 sc->txmixgain_2ghz = val & 0x7; 2042 } 2043 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 2044 sc->txmixgain_2ghz); 2045 } else 2046 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2047 if (sc->mac_ver == 0x3593) 2048 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2049 sc->lna[2] = val >> 8; /* channel group 2 */ 2050 2051 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 2052 RT3593_EEPROM_RSSI1_5GHZ, &val); 2053 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 2054 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 2055 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 2056 RT3593_EEPROM_RSSI2_5GHZ, &val); 2057 if (sc->mac_ver == 0x3572) { 2058 /* 2059 * On RT3572 chips (limited to 2 Rx chains), this ROM 2060 * field contains the Tx mixer gain for the 5GHz band. 2061 */ 2062 if ((val & 0xff) != 0xff) 2063 sc->txmixgain_5ghz = val & 0x7; 2064 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 2065 sc->txmixgain_5ghz); 2066 } else 2067 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 2068 if (sc->mac_ver == 0x3593) { 2069 sc->txmixgain_5ghz = 0; 2070 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2071 } 2072 sc->lna[3] = val >> 8; /* channel group 3 */ 2073 2074 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 2075 RT3593_EEPROM_LNA, &val); 2076 sc->lna[0] = val & 0xff; /* channel group 0 */ 2077 sc->lna[1] = val >> 8; /* channel group 1 */ 2078 2079 /* fix broken 5GHz LNA entries */ 2080 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2081 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2082 "invalid LNA for channel group %d\n", 2); 2083 sc->lna[2] = sc->lna[1]; 2084 } 2085 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2086 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2087 "invalid LNA for channel group %d\n", 3); 2088 sc->lna[3] = sc->lna[1]; 2089 } 2090 2091 /* fix broken RSSI offset entries */ 2092 for (ant = 0; ant < 3; ant++) { 2093 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2094 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2095 "invalid RSSI%d offset: %d (2GHz)\n", 2096 ant + 1, sc->rssi_2ghz[ant]); 2097 sc->rssi_2ghz[ant] = 0; 2098 } 2099 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2100 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2101 "invalid RSSI%d offset: %d (5GHz)\n", 2102 ant + 1, sc->rssi_5ghz[ant]); 2103 sc->rssi_5ghz[ant] = 0; 2104 } 2105 } 2106 return (0); 2107 } 2108 2109 static struct ieee80211_node * 2110 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2111 { 2112 return malloc(sizeof (struct run_node), M_80211_NODE, 2113 M_NOWAIT | M_ZERO); 2114 } 2115 2116 static int 2117 run_media_change(if_t ifp) 2118 { 2119 struct ieee80211vap *vap = if_getsoftc(ifp); 2120 struct ieee80211com *ic = vap->iv_ic; 2121 const struct ieee80211_txparam *tp; 2122 struct run_softc *sc = ic->ic_softc; 2123 uint8_t rate, ridx; 2124 int error; 2125 2126 RUN_LOCK(sc); 2127 2128 error = ieee80211_media_change(ifp); 2129 if (error != 0) { 2130 RUN_UNLOCK(sc); 2131 return (error); 2132 } 2133 2134 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2135 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2136 struct ieee80211_node *ni; 2137 struct run_node *rn; 2138 2139 /* XXX TODO: methodize with MCS rates */ 2140 rate = ic->ic_sup_rates[ic->ic_curmode]. 2141 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2142 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2143 if (rt2860_rates[ridx].rate == rate) 2144 break; 2145 2146 ni = ieee80211_ref_node(vap->iv_bss); 2147 rn = RUN_NODE(ni); 2148 rn->fix_ridx = ridx; 2149 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2150 rate, rn->fix_ridx); 2151 ieee80211_free_node(ni); 2152 } 2153 2154 #if 0 2155 if ((if_getflags(ifp) & IFF_UP) && 2156 (if_getdrvflags(ifp) & RUN_RUNNING)){ 2157 run_init_locked(sc); 2158 } 2159 #endif 2160 2161 RUN_UNLOCK(sc); 2162 2163 return (0); 2164 } 2165 2166 static int 2167 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2168 { 2169 const struct ieee80211_txparam *tp; 2170 struct ieee80211com *ic = vap->iv_ic; 2171 struct run_softc *sc = ic->ic_softc; 2172 struct run_vap *rvp = RUN_VAP(vap); 2173 enum ieee80211_state ostate; 2174 uint32_t sta[3]; 2175 uint8_t ratectl; 2176 uint8_t restart_ratectl = 0; 2177 uint8_t bid = 1 << rvp->rvp_id; 2178 2179 ostate = vap->iv_state; 2180 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2181 ieee80211_state_name[ostate], 2182 ieee80211_state_name[nstate]); 2183 2184 IEEE80211_UNLOCK(ic); 2185 RUN_LOCK(sc); 2186 2187 ratectl = sc->ratectl_run; /* remember current state */ 2188 sc->ratectl_run = RUN_RATECTL_OFF; 2189 usb_callout_stop(&sc->ratectl_ch); 2190 2191 if (ostate == IEEE80211_S_RUN) { 2192 /* turn link LED off */ 2193 run_set_leds(sc, RT2860_LED_RADIO); 2194 } 2195 2196 switch (nstate) { 2197 case IEEE80211_S_INIT: 2198 restart_ratectl = 1; 2199 2200 if (ostate != IEEE80211_S_RUN) 2201 break; 2202 2203 ratectl &= ~bid; 2204 sc->runbmap &= ~bid; 2205 2206 /* abort TSF synchronization if there is no vap running */ 2207 if (--sc->running == 0) 2208 run_disable_tsf(sc); 2209 break; 2210 2211 case IEEE80211_S_RUN: 2212 if (!(sc->runbmap & bid)) { 2213 if(sc->running++) 2214 restart_ratectl = 1; 2215 sc->runbmap |= bid; 2216 } 2217 2218 m_freem(rvp->beacon_mbuf); 2219 rvp->beacon_mbuf = NULL; 2220 2221 switch (vap->iv_opmode) { 2222 case IEEE80211_M_HOSTAP: 2223 case IEEE80211_M_MBSS: 2224 sc->ap_running |= bid; 2225 ic->ic_opmode = vap->iv_opmode; 2226 run_update_beacon_cb(vap); 2227 break; 2228 case IEEE80211_M_IBSS: 2229 sc->adhoc_running |= bid; 2230 if (!sc->ap_running) 2231 ic->ic_opmode = vap->iv_opmode; 2232 run_update_beacon_cb(vap); 2233 break; 2234 case IEEE80211_M_STA: 2235 sc->sta_running |= bid; 2236 if (!sc->ap_running && !sc->adhoc_running) 2237 ic->ic_opmode = vap->iv_opmode; 2238 2239 /* read statistic counters (clear on read) */ 2240 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2241 (uint8_t *)sta, sizeof sta); 2242 2243 break; 2244 default: 2245 ic->ic_opmode = vap->iv_opmode; 2246 break; 2247 } 2248 2249 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2250 struct ieee80211_node *ni; 2251 2252 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2253 RUN_UNLOCK(sc); 2254 IEEE80211_LOCK(ic); 2255 return (-1); 2256 } 2257 run_updateslot(ic); 2258 run_enable_mrr(sc); 2259 run_set_txpreamble(sc); 2260 run_set_basicrates(sc); 2261 ni = ieee80211_ref_node(vap->iv_bss); 2262 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2263 run_set_bssid(sc, sc->sc_bssid); 2264 ieee80211_free_node(ni); 2265 run_enable_tsf_sync(sc); 2266 2267 /* enable automatic rate adaptation */ 2268 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2269 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2270 ratectl |= bid; 2271 } else 2272 run_enable_tsf(sc); 2273 2274 /* turn link LED on */ 2275 run_set_leds(sc, RT2860_LED_RADIO | 2276 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2277 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2278 2279 break; 2280 default: 2281 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2282 break; 2283 } 2284 2285 /* restart amrr for running VAPs */ 2286 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2287 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2288 2289 RUN_UNLOCK(sc); 2290 IEEE80211_LOCK(ic); 2291 2292 return(rvp->newstate(vap, nstate, arg)); 2293 } 2294 2295 static int 2296 run_wme_update(struct ieee80211com *ic) 2297 { 2298 struct chanAccParams chp; 2299 struct run_softc *sc = ic->ic_softc; 2300 const struct wmeParams *ac; 2301 int aci, error = 0; 2302 2303 ieee80211_wme_ic_getparams(ic, &chp); 2304 ac = chp.cap_wmeParams; 2305 2306 /* update MAC TX configuration registers */ 2307 RUN_LOCK(sc); 2308 for (aci = 0; aci < WME_NUM_AC; aci++) { 2309 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2310 ac[aci].wmep_logcwmax << 16 | 2311 ac[aci].wmep_logcwmin << 12 | 2312 ac[aci].wmep_aifsn << 8 | 2313 ac[aci].wmep_txopLimit); 2314 if (error) goto err; 2315 } 2316 2317 /* update SCH/DMA registers too */ 2318 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2319 ac[WME_AC_VO].wmep_aifsn << 12 | 2320 ac[WME_AC_VI].wmep_aifsn << 8 | 2321 ac[WME_AC_BK].wmep_aifsn << 4 | 2322 ac[WME_AC_BE].wmep_aifsn); 2323 if (error) goto err; 2324 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2325 ac[WME_AC_VO].wmep_logcwmin << 12 | 2326 ac[WME_AC_VI].wmep_logcwmin << 8 | 2327 ac[WME_AC_BK].wmep_logcwmin << 4 | 2328 ac[WME_AC_BE].wmep_logcwmin); 2329 if (error) goto err; 2330 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2331 ac[WME_AC_VO].wmep_logcwmax << 12 | 2332 ac[WME_AC_VI].wmep_logcwmax << 8 | 2333 ac[WME_AC_BK].wmep_logcwmax << 4 | 2334 ac[WME_AC_BE].wmep_logcwmax); 2335 if (error) goto err; 2336 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2337 ac[WME_AC_BK].wmep_txopLimit << 16 | 2338 ac[WME_AC_BE].wmep_txopLimit); 2339 if (error) goto err; 2340 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2341 ac[WME_AC_VO].wmep_txopLimit << 16 | 2342 ac[WME_AC_VI].wmep_txopLimit); 2343 2344 err: 2345 RUN_UNLOCK(sc); 2346 if (error) 2347 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2348 2349 return (error); 2350 } 2351 2352 static void 2353 run_key_set_cb(void *arg) 2354 { 2355 struct run_cmdq *cmdq = arg; 2356 struct ieee80211vap *vap = cmdq->arg1; 2357 struct ieee80211_key *k = cmdq->k; 2358 struct ieee80211com *ic = vap->iv_ic; 2359 struct run_softc *sc = ic->ic_softc; 2360 struct ieee80211_node *ni; 2361 u_int cipher = k->wk_cipher->ic_cipher; 2362 uint32_t attr; 2363 uint16_t base, associd; 2364 uint8_t mode, wcid, iv[8]; 2365 2366 RUN_LOCK_ASSERT(sc, MA_OWNED); 2367 2368 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2369 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2370 else 2371 ni = vap->iv_bss; 2372 associd = (ni != NULL) ? ni->ni_associd : 0; 2373 2374 /* map net80211 cipher to RT2860 security mode */ 2375 switch (cipher) { 2376 case IEEE80211_CIPHER_WEP: 2377 if(k->wk_keylen < 8) 2378 mode = RT2860_MODE_WEP40; 2379 else 2380 mode = RT2860_MODE_WEP104; 2381 break; 2382 case IEEE80211_CIPHER_TKIP: 2383 mode = RT2860_MODE_TKIP; 2384 break; 2385 case IEEE80211_CIPHER_AES_CCM: 2386 mode = RT2860_MODE_AES_CCMP; 2387 break; 2388 default: 2389 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2390 return; 2391 } 2392 2393 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2394 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2395 associd, k->wk_keyix, mode, 2396 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2397 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2398 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2399 2400 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2401 wcid = 0; /* NB: update WCID0 for group keys */ 2402 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2403 } else { 2404 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2405 1 : RUN_AID2WCID(associd); 2406 base = RT2860_PKEY(wcid); 2407 } 2408 2409 if (cipher == IEEE80211_CIPHER_TKIP) { 2410 if(run_write_region_1(sc, base, k->wk_key, 16)) 2411 return; 2412 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2413 return; 2414 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2415 return; 2416 } else { 2417 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2418 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2419 return; 2420 } 2421 2422 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2423 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2424 /* set initial packet number in IV+EIV */ 2425 if (cipher == IEEE80211_CIPHER_WEP) { 2426 memset(iv, 0, sizeof iv); 2427 iv[3] = vap->iv_def_txkey << 6; 2428 } else { 2429 if (cipher == IEEE80211_CIPHER_TKIP) { 2430 iv[0] = k->wk_keytsc >> 8; 2431 iv[1] = (iv[0] | 0x20) & 0x7f; 2432 iv[2] = k->wk_keytsc; 2433 } else /* CCMP */ { 2434 iv[0] = k->wk_keytsc; 2435 iv[1] = k->wk_keytsc >> 8; 2436 iv[2] = 0; 2437 } 2438 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2439 iv[4] = k->wk_keytsc >> 16; 2440 iv[5] = k->wk_keytsc >> 24; 2441 iv[6] = k->wk_keytsc >> 32; 2442 iv[7] = k->wk_keytsc >> 40; 2443 } 2444 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2445 return; 2446 } 2447 2448 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2449 /* install group key */ 2450 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2451 return; 2452 attr &= ~(0xf << (k->wk_keyix * 4)); 2453 attr |= mode << (k->wk_keyix * 4); 2454 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2455 return; 2456 } else { 2457 /* install pairwise key */ 2458 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2459 return; 2460 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2461 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2462 return; 2463 } 2464 2465 /* TODO create a pass-thru key entry? */ 2466 2467 /* need wcid to delete the right key later */ 2468 k->wk_pad = wcid; 2469 } 2470 2471 /* 2472 * Don't have to be deferred, but in order to keep order of 2473 * execution, i.e. with run_key_delete(), defer this and let 2474 * run_cmdq_cb() maintain the order. 2475 * 2476 * return 0 on error 2477 */ 2478 static int 2479 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2480 { 2481 struct ieee80211com *ic = vap->iv_ic; 2482 struct run_softc *sc = ic->ic_softc; 2483 uint32_t i; 2484 2485 i = RUN_CMDQ_GET(&sc->cmdq_store); 2486 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2487 sc->cmdq[i].func = run_key_set_cb; 2488 sc->cmdq[i].arg0 = NULL; 2489 sc->cmdq[i].arg1 = vap; 2490 sc->cmdq[i].k = k; 2491 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2492 ieee80211_runtask(ic, &sc->cmdq_task); 2493 2494 /* 2495 * To make sure key will be set when hostapd 2496 * calls iv_key_set() before if_init(). 2497 */ 2498 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2499 RUN_LOCK(sc); 2500 sc->cmdq_key_set = RUN_CMDQ_GO; 2501 RUN_UNLOCK(sc); 2502 } 2503 2504 return (1); 2505 } 2506 2507 /* 2508 * If wlan is destroyed without being brought down i.e. without 2509 * wlan down or wpa_cli terminate, this function is called after 2510 * vap is gone. Don't refer it. 2511 */ 2512 static void 2513 run_key_delete_cb(void *arg) 2514 { 2515 struct run_cmdq *cmdq = arg; 2516 struct run_softc *sc = cmdq->arg1; 2517 struct ieee80211_key *k = &cmdq->key; 2518 uint32_t attr; 2519 uint8_t wcid; 2520 2521 RUN_LOCK_ASSERT(sc, MA_OWNED); 2522 2523 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2524 /* remove group key */ 2525 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2526 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2527 attr &= ~(0xf << (k->wk_keyix * 4)); 2528 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2529 } else { 2530 /* remove pairwise key */ 2531 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2532 "removing key for wcid %x\n", k->wk_pad); 2533 /* matching wcid was written to wk_pad in run_key_set() */ 2534 wcid = k->wk_pad; 2535 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2536 attr &= ~0xf; 2537 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2538 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2539 } 2540 2541 k->wk_pad = 0; 2542 } 2543 2544 /* 2545 * return 0 on error 2546 */ 2547 static int 2548 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2549 { 2550 struct ieee80211com *ic = vap->iv_ic; 2551 struct run_softc *sc = ic->ic_softc; 2552 struct ieee80211_key *k0; 2553 uint32_t i; 2554 2555 /* 2556 * When called back, key might be gone. So, make a copy 2557 * of some values need to delete keys before deferring. 2558 * But, because of LOR with node lock, cannot use lock here. 2559 * So, use atomic instead. 2560 */ 2561 i = RUN_CMDQ_GET(&sc->cmdq_store); 2562 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2563 sc->cmdq[i].func = run_key_delete_cb; 2564 sc->cmdq[i].arg0 = NULL; 2565 sc->cmdq[i].arg1 = sc; 2566 k0 = &sc->cmdq[i].key; 2567 k0->wk_flags = k->wk_flags; 2568 k0->wk_keyix = k->wk_keyix; 2569 /* matching wcid was written to wk_pad in run_key_set() */ 2570 k0->wk_pad = k->wk_pad; 2571 ieee80211_runtask(ic, &sc->cmdq_task); 2572 return (1); /* return fake success */ 2573 2574 } 2575 2576 static void 2577 run_ratectl_to(void *arg) 2578 { 2579 struct run_softc *sc = arg; 2580 2581 /* do it in a process context, so it can go sleep */ 2582 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2583 /* next timeout will be rescheduled in the callback task */ 2584 } 2585 2586 /* ARGSUSED */ 2587 static void 2588 run_ratectl_cb(void *arg, int pending) 2589 { 2590 struct run_softc *sc = arg; 2591 struct ieee80211com *ic = &sc->sc_ic; 2592 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2593 2594 if (vap == NULL) 2595 return; 2596 2597 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2598 /* 2599 * run_reset_livelock() doesn't do anything with AMRR, 2600 * but Ralink wants us to call it every 1 sec. So, we 2601 * piggyback here rather than creating another callout. 2602 * Livelock may occur only in HOSTAP or IBSS mode 2603 * (when h/w is sending beacons). 2604 */ 2605 RUN_LOCK(sc); 2606 run_reset_livelock(sc); 2607 /* just in case, there are some stats to drain */ 2608 run_drain_fifo(sc); 2609 RUN_UNLOCK(sc); 2610 } 2611 2612 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2613 2614 RUN_LOCK(sc); 2615 if(sc->ratectl_run != RUN_RATECTL_OFF) 2616 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2617 RUN_UNLOCK(sc); 2618 } 2619 2620 static void 2621 run_drain_fifo(void *arg) 2622 { 2623 struct run_softc *sc = arg; 2624 uint32_t stat; 2625 uint16_t (*wstat)[3]; 2626 uint8_t wcid, mcs, pid; 2627 int8_t retry; 2628 2629 RUN_LOCK_ASSERT(sc, MA_OWNED); 2630 2631 for (;;) { 2632 /* drain Tx status FIFO (maxsize = 16) */ 2633 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2634 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2635 if (!(stat & RT2860_TXQ_VLD)) 2636 break; 2637 2638 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2639 2640 /* if no ACK was requested, no feedback is available */ 2641 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2642 wcid == 0) 2643 continue; 2644 2645 /* 2646 * Even though each stat is Tx-complete-status like format, 2647 * the device can poll stats. Because there is no guarantee 2648 * that the referring node is still around when read the stats. 2649 * So that, if we use ieee80211_ratectl_tx_update(), we will 2650 * have hard time not to refer already freed node. 2651 * 2652 * To eliminate such page faults, we poll stats in softc. 2653 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2654 */ 2655 wstat = &(sc->wcid_stats[wcid]); 2656 (*wstat)[RUN_TXCNT]++; 2657 if (stat & RT2860_TXQ_OK) 2658 (*wstat)[RUN_SUCCESS]++; 2659 else 2660 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2661 /* 2662 * Check if there were retries, ie if the Tx success rate is 2663 * different from the requested rate. Note that it works only 2664 * because we do not allow rate fallback from OFDM to CCK. 2665 */ 2666 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2667 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2668 if ((retry = pid -1 - mcs) > 0) { 2669 (*wstat)[RUN_TXCNT] += retry; 2670 (*wstat)[RUN_RETRY] += retry; 2671 } 2672 } 2673 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2674 2675 sc->fifo_cnt = 0; 2676 } 2677 2678 static void 2679 run_iter_func(void *arg, struct ieee80211_node *ni) 2680 { 2681 struct run_softc *sc = arg; 2682 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2683 struct ieee80211vap *vap = ni->ni_vap; 2684 struct run_node *rn = RUN_NODE(ni); 2685 union run_stats sta[2]; 2686 uint16_t (*wstat)[3]; 2687 int error, ridx; 2688 uint8_t dot11rate; 2689 2690 RUN_LOCK(sc); 2691 2692 /* Check for special case */ 2693 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2694 ni != vap->iv_bss) 2695 goto fail; 2696 2697 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2698 IEEE80211_RATECTL_TX_STATS_RETRIES; 2699 txs->ni = ni; 2700 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2701 vap->iv_opmode == IEEE80211_M_STA)) { 2702 /* read statistic counters (clear on read) and update AMRR state */ 2703 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2704 sizeof sta); 2705 if (error != 0) 2706 goto fail; 2707 2708 /* count failed TX as errors */ 2709 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2710 le16toh(sta[0].error.fail)); 2711 2712 txs->nretries = le16toh(sta[1].tx.retry); 2713 txs->nsuccess = le16toh(sta[1].tx.success); 2714 /* nretries??? */ 2715 txs->nframes = txs->nretries + txs->nsuccess + 2716 le16toh(sta[0].error.fail); 2717 2718 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2719 "retrycnt=%d success=%d failcnt=%d\n", 2720 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2721 } else { 2722 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2723 2724 if (wstat == &(sc->wcid_stats[0]) || 2725 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2726 goto fail; 2727 2728 txs->nretries = (*wstat)[RUN_RETRY]; 2729 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2730 txs->nframes = (*wstat)[RUN_TXCNT]; 2731 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2732 "retrycnt=%d txcnt=%d success=%d\n", 2733 txs->nretries, txs->nframes, txs->nsuccess); 2734 2735 memset(wstat, 0, sizeof(*wstat)); 2736 } 2737 2738 ieee80211_ratectl_tx_update(vap, txs); 2739 ieee80211_ratectl_rate(ni, NULL, 0); 2740 /* XXX TODO: methodize with MCS rates */ 2741 dot11rate = ieee80211_node_get_txrate_dot11rate(ni); 2742 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2743 if (rt2860_rates[ridx].rate == dot11rate) 2744 break; 2745 rn->amrr_ridx = ridx; 2746 2747 fail: 2748 RUN_UNLOCK(sc); 2749 2750 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=0x%02x, ridx=%d\n", 2751 ieee80211_node_get_txrate_dot11rate(ni), rn->amrr_ridx); 2752 } 2753 2754 static void 2755 run_newassoc_cb(void *arg) 2756 { 2757 struct run_cmdq *cmdq = arg; 2758 struct ieee80211_node *ni = cmdq->arg1; 2759 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2760 uint8_t wcid = cmdq->wcid; 2761 2762 RUN_LOCK_ASSERT(sc, MA_OWNED); 2763 2764 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2765 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2766 2767 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2768 } 2769 2770 static void 2771 run_newassoc(struct ieee80211_node *ni, int isnew) 2772 { 2773 struct run_node *rn = RUN_NODE(ni); 2774 struct ieee80211vap *vap = ni->ni_vap; 2775 struct ieee80211com *ic = vap->iv_ic; 2776 struct run_softc *sc = ic->ic_softc; 2777 uint8_t rate; 2778 uint8_t ridx; 2779 uint8_t wcid; 2780 2781 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2782 1 : RUN_AID2WCID(ni->ni_associd); 2783 2784 if (wcid > RT2870_WCID_MAX) { 2785 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2786 return; 2787 } 2788 2789 /* only interested in true associations */ 2790 if (isnew && ni->ni_associd != 0) { 2791 /* 2792 * This function could is called though timeout function. 2793 * Need to defer. 2794 */ 2795 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2796 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2797 sc->cmdq[cnt].func = run_newassoc_cb; 2798 sc->cmdq[cnt].arg0 = NULL; 2799 sc->cmdq[cnt].arg1 = ni; 2800 sc->cmdq[cnt].wcid = wcid; 2801 ieee80211_runtask(ic, &sc->cmdq_task); 2802 } 2803 2804 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2805 "new assoc isnew=%d associd=%x addr=%s\n", 2806 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2807 2808 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2809 /* XXX TODO: methodize with MCS rates */ 2810 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2811 if (rt2860_rates[ridx].rate == rate) 2812 break; 2813 rn->mgt_ridx = ridx; 2814 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2815 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2816 2817 RUN_LOCK(sc); 2818 if(sc->ratectl_run != RUN_RATECTL_OFF) 2819 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2820 RUN_UNLOCK(sc); 2821 } 2822 2823 /* 2824 * Return the Rx chain with the highest RSSI for a given frame. 2825 */ 2826 static __inline uint8_t 2827 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2828 { 2829 uint8_t rxchain = 0; 2830 2831 if (sc->nrxchains > 1) { 2832 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2833 rxchain = 1; 2834 if (sc->nrxchains > 2) 2835 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2836 rxchain = 2; 2837 } 2838 return (rxchain); 2839 } 2840 2841 static void 2842 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2843 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2844 { 2845 struct ieee80211vap *vap = ni->ni_vap; 2846 struct run_softc *sc = vap->iv_ic->ic_softc; 2847 struct run_vap *rvp = RUN_VAP(vap); 2848 uint64_t ni_tstamp, rx_tstamp; 2849 2850 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2851 2852 if (vap->iv_state == IEEE80211_S_RUN && 2853 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2854 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2855 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2856 RUN_LOCK(sc); 2857 run_get_tsf(sc, &rx_tstamp); 2858 RUN_UNLOCK(sc); 2859 rx_tstamp = le64toh(rx_tstamp); 2860 2861 if (ni_tstamp >= rx_tstamp) { 2862 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2863 "ibss merge, tsf %ju tstamp %ju\n", 2864 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2865 (void) ieee80211_ibss_merge(ni); 2866 } 2867 } 2868 } 2869 2870 static void 2871 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2872 { 2873 struct ieee80211com *ic = &sc->sc_ic; 2874 struct ieee80211_frame *wh; 2875 struct ieee80211_node *ni; 2876 struct rt2870_rxd *rxd; 2877 struct rt2860_rxwi *rxwi; 2878 uint32_t flags; 2879 uint16_t len, rxwisize; 2880 uint8_t ant, rssi; 2881 int8_t nf; 2882 2883 rxwisize = sizeof(struct rt2860_rxwi); 2884 if (sc->mac_ver == 0x5592) 2885 rxwisize += sizeof(uint64_t); 2886 else if (sc->mac_ver == 0x3593) 2887 rxwisize += sizeof(uint32_t); 2888 2889 if (__predict_false(dmalen < 2890 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2891 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2892 "payload is too short: dma length %u < %zu\n", 2893 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2894 goto fail; 2895 } 2896 2897 rxwi = mtod(m, struct rt2860_rxwi *); 2898 len = le16toh(rxwi->len) & 0xfff; 2899 2900 if (__predict_false(len > dmalen - rxwisize)) { 2901 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2902 "bad RXWI length %u > %u\n", len, dmalen); 2903 goto fail; 2904 } 2905 2906 /* Rx descriptor is located at the end */ 2907 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2908 flags = le32toh(rxd->flags); 2909 2910 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2911 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2912 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2913 goto fail; 2914 } 2915 2916 if (flags & RT2860_RX_L2PAD) { 2917 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2918 "received RT2860_RX_L2PAD frame\n"); 2919 len += 2; 2920 } 2921 2922 m->m_data += rxwisize; 2923 m->m_pkthdr.len = m->m_len = len; 2924 2925 wh = mtod(m, struct ieee80211_frame *); 2926 2927 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2928 (flags & RT2860_RX_DEC) != 0) { 2929 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2930 m->m_flags |= M_WEP; 2931 } 2932 2933 if (len >= sizeof(struct ieee80211_frame_min)) { 2934 ni = ieee80211_find_rxnode(ic, 2935 mtod(m, struct ieee80211_frame_min *)); 2936 } else 2937 ni = NULL; 2938 2939 if(ni && ni->ni_flags & IEEE80211_NODE_HT) { 2940 m->m_flags |= M_AMPDU; 2941 } 2942 2943 if (__predict_false(flags & RT2860_RX_MICERR)) { 2944 /* report MIC failures to net80211 for TKIP */ 2945 if (ni != NULL) 2946 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2947 rxwi->keyidx); 2948 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2949 "MIC error. Someone is lying.\n"); 2950 goto fail; 2951 } 2952 2953 ant = run_maxrssi_chain(sc, rxwi); 2954 rssi = rxwi->rssi[ant]; 2955 nf = run_rssi2dbm(sc, rssi, ant); 2956 2957 if (__predict_false(ieee80211_radiotap_active(ic))) { 2958 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2959 uint16_t phy; 2960 2961 tap->wr_flags = 0; 2962 if (flags & RT2860_RX_L2PAD) 2963 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2964 tap->wr_antsignal = rssi; 2965 tap->wr_antenna = ant; 2966 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2967 tap->wr_rate = 2; /* in case it can't be found below */ 2968 RUN_LOCK(sc); 2969 run_get_tsf(sc, &tap->wr_tsf); 2970 RUN_UNLOCK(sc); 2971 phy = le16toh(rxwi->phy); 2972 switch (phy & RT2860_PHY_MODE) { 2973 case RT2860_PHY_CCK: 2974 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2975 case 0: tap->wr_rate = 2; break; 2976 case 1: tap->wr_rate = 4; break; 2977 case 2: tap->wr_rate = 11; break; 2978 case 3: tap->wr_rate = 22; break; 2979 } 2980 if (phy & RT2860_PHY_SHPRE) 2981 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2982 break; 2983 case RT2860_PHY_OFDM: 2984 switch (phy & RT2860_PHY_MCS) { 2985 case 0: tap->wr_rate = 12; break; 2986 case 1: tap->wr_rate = 18; break; 2987 case 2: tap->wr_rate = 24; break; 2988 case 3: tap->wr_rate = 36; break; 2989 case 4: tap->wr_rate = 48; break; 2990 case 5: tap->wr_rate = 72; break; 2991 case 6: tap->wr_rate = 96; break; 2992 case 7: tap->wr_rate = 108; break; 2993 } 2994 break; 2995 } 2996 } 2997 2998 if (ni != NULL) { 2999 (void)ieee80211_input(ni, m, rssi, nf); 3000 ieee80211_free_node(ni); 3001 } else { 3002 (void)ieee80211_input_all(ic, m, rssi, nf); 3003 } 3004 3005 return; 3006 3007 fail: 3008 m_freem(m); 3009 counter_u64_add(ic->ic_ierrors, 1); 3010 } 3011 3012 static void 3013 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 3014 { 3015 struct run_softc *sc = usbd_xfer_softc(xfer); 3016 struct ieee80211com *ic = &sc->sc_ic; 3017 struct mbuf *m = NULL; 3018 struct mbuf *m0; 3019 uint32_t dmalen, mbuf_len; 3020 uint16_t rxwisize; 3021 int xferlen; 3022 3023 rxwisize = sizeof(struct rt2860_rxwi); 3024 if (sc->mac_ver == 0x5592) 3025 rxwisize += sizeof(uint64_t); 3026 else if (sc->mac_ver == 0x3593) 3027 rxwisize += sizeof(uint32_t); 3028 3029 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 3030 3031 switch (USB_GET_STATE(xfer)) { 3032 case USB_ST_TRANSFERRED: 3033 3034 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 3035 "rx done, actlen=%d\n", xferlen); 3036 3037 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 3038 sizeof(struct rt2870_rxd))) { 3039 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3040 "xfer too short %d\n", xferlen); 3041 goto tr_setup; 3042 } 3043 3044 m = sc->rx_m; 3045 sc->rx_m = NULL; 3046 3047 /* FALLTHROUGH */ 3048 case USB_ST_SETUP: 3049 tr_setup: 3050 if (sc->rx_m == NULL) { 3051 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 3052 RUN_MAX_RXSZ); 3053 } 3054 if (sc->rx_m == NULL) { 3055 RUN_DPRINTF(sc, RUN_DEBUG_RECV | 3056 RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3057 "could not allocate mbuf - idle with stall\n"); 3058 counter_u64_add(ic->ic_ierrors, 1); 3059 usbd_xfer_set_stall(xfer); 3060 usbd_xfer_set_frames(xfer, 0); 3061 } else { 3062 /* 3063 * Directly loading a mbuf cluster into DMA to 3064 * save some data copying. This works because 3065 * there is only one cluster. 3066 */ 3067 usbd_xfer_set_frame_data(xfer, 0, 3068 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3069 usbd_xfer_set_frames(xfer, 1); 3070 } 3071 usbd_transfer_submit(xfer); 3072 break; 3073 3074 default: /* Error */ 3075 if (error != USB_ERR_CANCELLED) { 3076 /* try to clear stall first */ 3077 usbd_xfer_set_stall(xfer); 3078 if (error == USB_ERR_TIMEOUT) 3079 device_printf(sc->sc_dev, "device timeout\n"); 3080 counter_u64_add(ic->ic_ierrors, 1); 3081 goto tr_setup; 3082 } 3083 if (sc->rx_m != NULL) { 3084 m_freem(sc->rx_m); 3085 sc->rx_m = NULL; 3086 } 3087 break; 3088 } 3089 3090 if (m == NULL) 3091 return; 3092 3093 /* inputting all the frames must be last */ 3094 3095 RUN_UNLOCK(sc); 3096 3097 m->m_pkthdr.len = m->m_len = xferlen; 3098 3099 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3100 for(;;) { 3101 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3102 3103 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3104 ((dmalen & 3) != 0)) { 3105 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3106 "bad DMA length %u\n", dmalen); 3107 break; 3108 } 3109 if ((dmalen + 8) > (uint32_t)xferlen) { 3110 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3111 "bad DMA length %u > %d\n", 3112 dmalen + 8, xferlen); 3113 break; 3114 } 3115 3116 /* If it is the last one or a single frame, we won't copy. */ 3117 if ((xferlen -= dmalen + 8) <= 8) { 3118 /* trim 32-bit DMA-len header */ 3119 m->m_data += 4; 3120 m->m_pkthdr.len = m->m_len -= 4; 3121 run_rx_frame(sc, m, dmalen); 3122 m = NULL; /* don't free source buffer */ 3123 break; 3124 } 3125 3126 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3127 if (__predict_false(mbuf_len > MCLBYTES)) { 3128 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3129 "payload is too big: mbuf_len %u\n", mbuf_len); 3130 counter_u64_add(ic->ic_ierrors, 1); 3131 break; 3132 } 3133 3134 /* copy aggregated frames to another mbuf */ 3135 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3136 if (__predict_false(m0 == NULL)) { 3137 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3138 "could not allocate mbuf\n"); 3139 counter_u64_add(ic->ic_ierrors, 1); 3140 break; 3141 } 3142 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3143 mbuf_len, mtod(m0, caddr_t)); 3144 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3145 run_rx_frame(sc, m0, dmalen); 3146 3147 /* update data ptr */ 3148 m->m_data += mbuf_len + 4; 3149 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3150 } 3151 3152 /* make sure we free the source buffer, if any */ 3153 m_freem(m); 3154 3155 #ifdef IEEE80211_SUPPORT_SUPERG 3156 ieee80211_ff_age_all(ic, 100); 3157 #endif 3158 RUN_LOCK(sc); 3159 } 3160 3161 static void 3162 run_tx_free(struct run_endpoint_queue *pq, 3163 struct run_tx_data *data, int txerr) 3164 { 3165 3166 ieee80211_tx_complete(data->ni, data->m, txerr); 3167 3168 data->m = NULL; 3169 data->ni = NULL; 3170 3171 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3172 pq->tx_nfree++; 3173 } 3174 3175 static void 3176 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3177 { 3178 struct run_softc *sc = usbd_xfer_softc(xfer); 3179 struct ieee80211com *ic = &sc->sc_ic; 3180 struct run_tx_data *data; 3181 struct ieee80211vap *vap = NULL; 3182 struct usb_page_cache *pc; 3183 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3184 struct mbuf *m; 3185 usb_frlength_t size; 3186 int actlen; 3187 int sumlen; 3188 3189 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3190 3191 switch (USB_GET_STATE(xfer)) { 3192 case USB_ST_TRANSFERRED: 3193 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3194 "transfer complete: %d bytes @ index %d\n", actlen, index); 3195 3196 data = usbd_xfer_get_priv(xfer); 3197 run_tx_free(pq, data, 0); 3198 usbd_xfer_set_priv(xfer, NULL); 3199 3200 /* FALLTHROUGH */ 3201 case USB_ST_SETUP: 3202 tr_setup: 3203 data = STAILQ_FIRST(&pq->tx_qh); 3204 if (data == NULL) 3205 break; 3206 3207 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3208 3209 m = data->m; 3210 size = (sc->mac_ver == 0x5592) ? 3211 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3212 if ((m->m_pkthdr.len + 3213 size + 3 + 8) > RUN_MAX_TXSZ) { 3214 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3215 "data overflow, %u bytes\n", m->m_pkthdr.len); 3216 run_tx_free(pq, data, 1); 3217 goto tr_setup; 3218 } 3219 3220 pc = usbd_xfer_get_frame(xfer, 0); 3221 usbd_copy_in(pc, 0, &data->desc, size); 3222 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3223 size += m->m_pkthdr.len; 3224 /* 3225 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3226 * 4-byte padding), and be sure to zero those trailing 3227 * bytes: 3228 */ 3229 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3230 size += ((-size) & 3) + 8; 3231 3232 vap = data->ni->ni_vap; 3233 if (ieee80211_radiotap_active_vap(vap)) { 3234 const struct ieee80211_frame *wh; 3235 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3236 struct rt2860_txwi *txwi = 3237 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3238 int has_l2pad; 3239 3240 wh = mtod(m, struct ieee80211_frame *); 3241 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3242 IEEE80211_QOS_HAS_SEQ(wh); 3243 3244 tap->wt_flags = 0; 3245 tap->wt_rate = rt2860_rates[data->ridx].rate; 3246 tap->wt_hwqueue = index; 3247 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3248 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3249 if (has_l2pad) 3250 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3251 3252 ieee80211_radiotap_tx(vap, m); 3253 } 3254 3255 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3256 "sending frame len=%u/%u @ index %d\n", 3257 m->m_pkthdr.len, size, index); 3258 3259 usbd_xfer_set_frame_len(xfer, 0, size); 3260 usbd_xfer_set_priv(xfer, data); 3261 usbd_transfer_submit(xfer); 3262 run_start(sc); 3263 3264 break; 3265 3266 default: 3267 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3268 "USB transfer error, %s\n", usbd_errstr(error)); 3269 3270 data = usbd_xfer_get_priv(xfer); 3271 3272 if (data != NULL) { 3273 if(data->ni != NULL) 3274 vap = data->ni->ni_vap; 3275 run_tx_free(pq, data, error); 3276 usbd_xfer_set_priv(xfer, NULL); 3277 } 3278 3279 if (vap == NULL) 3280 vap = TAILQ_FIRST(&ic->ic_vaps); 3281 3282 if (error != USB_ERR_CANCELLED) { 3283 if (error == USB_ERR_TIMEOUT) { 3284 device_printf(sc->sc_dev, "device timeout\n"); 3285 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3286 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3287 "cmdq_store=%d\n", i); 3288 sc->cmdq[i].func = run_usb_timeout_cb; 3289 sc->cmdq[i].arg0 = vap; 3290 ieee80211_runtask(ic, &sc->cmdq_task); 3291 } 3292 3293 /* 3294 * Try to clear stall first, also if other 3295 * errors occur, hence clearing stall 3296 * introduces a 50 ms delay: 3297 */ 3298 usbd_xfer_set_stall(xfer); 3299 goto tr_setup; 3300 } 3301 break; 3302 } 3303 #ifdef IEEE80211_SUPPORT_SUPERG 3304 /* XXX TODO: make this deferred rather than unlock/relock */ 3305 /* XXX TODO: should only do the QoS AC this belongs to */ 3306 if (pq->tx_nfree >= RUN_TX_RING_COUNT) { 3307 RUN_UNLOCK(sc); 3308 ieee80211_ff_flush_all(ic); 3309 RUN_LOCK(sc); 3310 } 3311 #endif 3312 } 3313 3314 static void 3315 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3316 { 3317 run_bulk_tx_callbackN(xfer, error, 0); 3318 } 3319 3320 static void 3321 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3322 { 3323 run_bulk_tx_callbackN(xfer, error, 1); 3324 } 3325 3326 static void 3327 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3328 { 3329 run_bulk_tx_callbackN(xfer, error, 2); 3330 } 3331 3332 static void 3333 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3334 { 3335 run_bulk_tx_callbackN(xfer, error, 3); 3336 } 3337 3338 static void 3339 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3340 { 3341 run_bulk_tx_callbackN(xfer, error, 4); 3342 } 3343 3344 static void 3345 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3346 { 3347 run_bulk_tx_callbackN(xfer, error, 5); 3348 } 3349 3350 static void 3351 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3352 { 3353 struct mbuf *m = data->m; 3354 struct ieee80211com *ic = &sc->sc_ic; 3355 struct ieee80211vap *vap = data->ni->ni_vap; 3356 struct ieee80211_frame *wh; 3357 struct rt2870_txd *txd; 3358 struct rt2860_txwi *txwi; 3359 uint16_t xferlen, txwisize; 3360 uint16_t mcs; 3361 uint8_t ridx = data->ridx; 3362 uint8_t pad; 3363 3364 /* get MCS code from rate index */ 3365 mcs = rt2860_rates[ridx].mcs; 3366 3367 txwisize = (sc->mac_ver == 0x5592) ? 3368 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3369 xferlen = txwisize + m->m_pkthdr.len; 3370 3371 /* roundup to 32-bit alignment */ 3372 xferlen = (xferlen + 3) & ~3; 3373 3374 txd = (struct rt2870_txd *)&data->desc; 3375 txd->len = htole16(xferlen); 3376 3377 wh = mtod(m, struct ieee80211_frame *); 3378 3379 /* 3380 * Ether both are true or both are false, the header 3381 * are nicely aligned to 32-bit. So, no L2 padding. 3382 */ 3383 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3384 pad = 0; 3385 else 3386 pad = 2; 3387 3388 /* setup TX Wireless Information */ 3389 txwi = (struct rt2860_txwi *)(txd + 1); 3390 txwi->len = htole16(m->m_pkthdr.len - pad); 3391 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3392 mcs |= RT2860_PHY_CCK; 3393 if (ridx != RT2860_RIDX_CCK1 && 3394 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3395 mcs |= RT2860_PHY_SHPRE; 3396 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) { 3397 mcs |= RT2860_PHY_OFDM; 3398 } else if (rt2860_rates[ridx].phy == IEEE80211_T_HT) { 3399 /* XXX TODO: [adrian] set short preamble for MCS? */ 3400 mcs |= RT2860_PHY_HT_MIX; /* Mixed, not greenfield */ 3401 } 3402 txwi->phy = htole16(mcs); 3403 3404 /* check if RTS/CTS or CTS-to-self protection is required */ 3405 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3406 ((m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) || 3407 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3408 rt2860_rates[ridx].phy == IEEE80211_T_OFDM) || 3409 ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) && 3410 rt2860_rates[ridx].phy == IEEE80211_T_HT))) 3411 txwi->txop |= RT2860_TX_TXOP_HT; 3412 else 3413 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3414 3415 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3416 txwi->xflags |= RT2860_TX_NSEQ; 3417 } 3418 3419 /* This function must be called locked */ 3420 static int 3421 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3422 { 3423 struct ieee80211com *ic = &sc->sc_ic; 3424 struct ieee80211vap *vap = ni->ni_vap; 3425 struct ieee80211_frame *wh; 3426 const struct ieee80211_txparam *tp = ni->ni_txparms; 3427 struct run_node *rn = RUN_NODE(ni); 3428 struct run_tx_data *data; 3429 struct rt2870_txd *txd; 3430 struct rt2860_txwi *txwi; 3431 uint16_t qos; 3432 uint16_t dur; 3433 uint16_t qid; 3434 uint8_t type; 3435 uint8_t tid; 3436 uint8_t ridx; 3437 uint8_t ctl_ridx; 3438 uint8_t qflags; 3439 uint8_t xflags = 0; 3440 int hasqos; 3441 3442 RUN_LOCK_ASSERT(sc, MA_OWNED); 3443 3444 wh = mtod(m, struct ieee80211_frame *); 3445 3446 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3447 3448 /* 3449 * There are 7 bulk endpoints: 1 for RX 3450 * and 6 for TX (4 EDCAs + HCCA + Prio). 3451 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3452 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3453 */ 3454 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3455 uint8_t *frm; 3456 3457 frm = ieee80211_getqos(wh); 3458 qos = le16toh(*(const uint16_t *)frm); 3459 tid = qos & IEEE80211_QOS_TID; 3460 qid = TID_TO_WME_AC(tid); 3461 } else { 3462 qos = 0; 3463 tid = 0; 3464 qid = WME_AC_BE; 3465 } 3466 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3467 3468 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3469 qos, qid, tid, qflags); 3470 3471 /* pickup a rate index */ 3472 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3473 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3474 /* XXX TODO: methodize for 11n; use MCS0 for 11NA/11NG */ 3475 ridx = (ic->ic_curmode == IEEE80211_MODE_11A || ic->ic_curmode == IEEE80211_MODE_11NA) ? 3476 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3477 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3478 } else { 3479 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3480 ridx = rn->fix_ridx; 3481 else 3482 ridx = rn->amrr_ridx; 3483 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3484 } 3485 3486 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3487 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3488 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3489 xflags |= RT2860_TX_ACK; 3490 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3491 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3492 else 3493 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3494 USETW(wh->i_dur, dur); 3495 } 3496 3497 /* reserve slots for mgmt packets, just in case */ 3498 if (sc->sc_epq[qid].tx_nfree < 3) { 3499 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3500 return (-1); 3501 } 3502 3503 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3504 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3505 sc->sc_epq[qid].tx_nfree--; 3506 3507 txd = (struct rt2870_txd *)&data->desc; 3508 txd->flags = qflags; 3509 txwi = (struct rt2860_txwi *)(txd + 1); 3510 txwi->xflags = xflags; 3511 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3512 txwi->wcid = 0; 3513 else 3514 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3515 1 : RUN_AID2WCID(ni->ni_associd); 3516 3517 /* clear leftover garbage bits */ 3518 txwi->flags = 0; 3519 txwi->txop = 0; 3520 3521 data->m = m; 3522 data->ni = ni; 3523 data->ridx = ridx; 3524 3525 run_set_tx_desc(sc, data); 3526 3527 /* 3528 * The chip keeps track of 2 kind of Tx stats, 3529 * * TX_STAT_FIFO, for per WCID stats, and 3530 * * TX_STA_CNT0 for all-TX-in-one stats. 3531 * 3532 * To use FIFO stats, we need to store MCS into the driver-private 3533 * PacketID field. So that, we can tell whose stats when we read them. 3534 * We add 1 to the MCS because setting the PacketID field to 0 means 3535 * that we don't want feedback in TX_STAT_FIFO. 3536 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3537 * 3538 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3539 */ 3540 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3541 vap->iv_opmode == IEEE80211_M_MBSS) { 3542 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3543 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3544 3545 /* 3546 * Unlike PCI based devices, we don't get any interrupt from 3547 * USB devices, so we simulate FIFO-is-full interrupt here. 3548 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3549 * quickly get fulled. To prevent overflow, increment a counter on 3550 * every FIFO stat request, so we know how many slots are left. 3551 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3552 * are used only in those modes. 3553 * We just drain stats. AMRR gets updated every 1 sec by 3554 * run_ratectl_cb() via callout. 3555 * Call it early. Otherwise overflow. 3556 */ 3557 if (sc->fifo_cnt++ == 10) { 3558 /* 3559 * With multiple vaps or if_bridge, if_start() is called 3560 * with a non-sleepable lock, tcpinp. So, need to defer. 3561 */ 3562 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3563 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3564 sc->cmdq[i].func = run_drain_fifo; 3565 sc->cmdq[i].arg0 = sc; 3566 ieee80211_runtask(ic, &sc->cmdq_task); 3567 } 3568 } 3569 3570 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3571 3572 usbd_transfer_start(sc->sc_xfer[qid]); 3573 3574 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3575 "sending data frame len=%d rate=%d qid=%d\n", 3576 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3577 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3578 3579 return (0); 3580 } 3581 3582 static int 3583 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3584 { 3585 struct ieee80211com *ic = &sc->sc_ic; 3586 struct run_node *rn = RUN_NODE(ni); 3587 struct run_tx_data *data; 3588 struct ieee80211_frame *wh; 3589 struct rt2870_txd *txd; 3590 struct rt2860_txwi *txwi; 3591 uint16_t dur; 3592 uint8_t ridx = rn->mgt_ridx; 3593 uint8_t xflags = 0; 3594 uint8_t wflags = 0; 3595 3596 RUN_LOCK_ASSERT(sc, MA_OWNED); 3597 3598 wh = mtod(m, struct ieee80211_frame *); 3599 3600 /* tell hardware to add timestamp for probe responses */ 3601 if (IEEE80211_IS_MGMT_PROBE_RESP(wh)) 3602 wflags |= RT2860_TX_TS; 3603 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3604 xflags |= RT2860_TX_ACK; 3605 3606 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3607 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3608 USETW(wh->i_dur, dur); 3609 } 3610 3611 if (sc->sc_epq[0].tx_nfree == 0) 3612 /* let caller free mbuf */ 3613 return (EIO); 3614 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3615 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3616 sc->sc_epq[0].tx_nfree--; 3617 3618 txd = (struct rt2870_txd *)&data->desc; 3619 txd->flags = RT2860_TX_QSEL_EDCA; 3620 txwi = (struct rt2860_txwi *)(txd + 1); 3621 txwi->wcid = 0xff; 3622 txwi->flags = wflags; 3623 txwi->xflags = xflags; 3624 txwi->txop = 0; /* clear leftover garbage bits */ 3625 3626 data->m = m; 3627 data->ni = ni; 3628 data->ridx = ridx; 3629 3630 run_set_tx_desc(sc, data); 3631 3632 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3633 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3634 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3635 3636 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3637 3638 usbd_transfer_start(sc->sc_xfer[0]); 3639 3640 return (0); 3641 } 3642 3643 static int 3644 run_sendprot(struct run_softc *sc, 3645 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3646 { 3647 struct ieee80211com *ic = ni->ni_ic; 3648 struct run_tx_data *data; 3649 struct rt2870_txd *txd; 3650 struct rt2860_txwi *txwi; 3651 struct mbuf *mprot; 3652 int ridx; 3653 int protrate; 3654 uint8_t wflags = 0; 3655 uint8_t xflags = 0; 3656 3657 RUN_LOCK_ASSERT(sc, MA_OWNED); 3658 3659 /* check that there are free slots before allocating the mbuf */ 3660 if (sc->sc_epq[0].tx_nfree == 0) 3661 /* let caller free mbuf */ 3662 return (ENOBUFS); 3663 3664 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3665 if (mprot == NULL) { 3666 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3667 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3668 return (ENOBUFS); 3669 } 3670 3671 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3672 wflags = RT2860_TX_FRAG; 3673 xflags = 0; 3674 if (prot == IEEE80211_PROT_RTSCTS) 3675 xflags |= RT2860_TX_ACK; 3676 3677 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3678 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3679 sc->sc_epq[0].tx_nfree--; 3680 3681 txd = (struct rt2870_txd *)&data->desc; 3682 txd->flags = RT2860_TX_QSEL_EDCA; 3683 txwi = (struct rt2860_txwi *)(txd + 1); 3684 txwi->wcid = 0xff; 3685 txwi->flags = wflags; 3686 txwi->xflags = xflags; 3687 txwi->txop = 0; /* clear leftover garbage bits */ 3688 3689 data->m = mprot; 3690 data->ni = ieee80211_ref_node(ni); 3691 3692 /* XXX TODO: methodize with MCS rates */ 3693 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3694 if (rt2860_rates[ridx].rate == protrate) 3695 break; 3696 data->ridx = ridx; 3697 3698 run_set_tx_desc(sc, data); 3699 3700 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3701 m->m_pkthdr.len, rate); 3702 3703 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3704 3705 usbd_transfer_start(sc->sc_xfer[0]); 3706 3707 return (0); 3708 } 3709 3710 static int 3711 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3712 const struct ieee80211_bpf_params *params) 3713 { 3714 struct ieee80211com *ic = ni->ni_ic; 3715 struct run_tx_data *data; 3716 struct rt2870_txd *txd; 3717 struct rt2860_txwi *txwi; 3718 uint8_t ridx; 3719 uint8_t rate; 3720 uint8_t opflags = 0; 3721 uint8_t xflags = 0; 3722 int error; 3723 3724 RUN_LOCK_ASSERT(sc, MA_OWNED); 3725 3726 KASSERT(params != NULL, ("no raw xmit params")); 3727 3728 rate = params->ibp_rate0; 3729 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3730 /* let caller free mbuf */ 3731 return (EINVAL); 3732 } 3733 3734 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3735 xflags |= RT2860_TX_ACK; 3736 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3737 error = run_sendprot(sc, m, ni, 3738 params->ibp_flags & IEEE80211_BPF_RTS ? 3739 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3740 rate); 3741 if (error) { 3742 /* let caller free mbuf */ 3743 return error; 3744 } 3745 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3746 } 3747 3748 if (sc->sc_epq[0].tx_nfree == 0) { 3749 /* let caller free mbuf */ 3750 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3751 "sending raw frame, but tx ring is full\n"); 3752 return (EIO); 3753 } 3754 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3755 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3756 sc->sc_epq[0].tx_nfree--; 3757 3758 txd = (struct rt2870_txd *)&data->desc; 3759 txd->flags = RT2860_TX_QSEL_EDCA; 3760 txwi = (struct rt2860_txwi *)(txd + 1); 3761 txwi->wcid = 0xff; 3762 txwi->xflags = xflags; 3763 txwi->txop = opflags; 3764 txwi->flags = 0; /* clear leftover garbage bits */ 3765 3766 data->m = m; 3767 data->ni = ni; 3768 /* XXX TODO: methodize with MCS rates */ 3769 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3770 if (rt2860_rates[ridx].rate == rate) 3771 break; 3772 data->ridx = ridx; 3773 3774 run_set_tx_desc(sc, data); 3775 3776 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3777 m->m_pkthdr.len, rate); 3778 3779 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3780 3781 usbd_transfer_start(sc->sc_xfer[0]); 3782 3783 return (0); 3784 } 3785 3786 static int 3787 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3788 const struct ieee80211_bpf_params *params) 3789 { 3790 struct run_softc *sc = ni->ni_ic->ic_softc; 3791 int error = 0; 3792 3793 RUN_LOCK(sc); 3794 3795 /* prevent management frames from being sent if we're not ready */ 3796 if (!(sc->sc_flags & RUN_RUNNING)) { 3797 error = ENETDOWN; 3798 goto done; 3799 } 3800 3801 if (params == NULL) { 3802 /* tx mgt packet */ 3803 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3804 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3805 goto done; 3806 } 3807 } else { 3808 /* tx raw packet with param */ 3809 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3810 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3811 goto done; 3812 } 3813 } 3814 3815 done: 3816 RUN_UNLOCK(sc); 3817 3818 if (error != 0) { 3819 if(m != NULL) 3820 m_freem(m); 3821 } 3822 3823 return (error); 3824 } 3825 3826 static int 3827 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3828 { 3829 struct run_softc *sc = ic->ic_softc; 3830 int error; 3831 3832 RUN_LOCK(sc); 3833 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3834 RUN_UNLOCK(sc); 3835 return (ENXIO); 3836 } 3837 error = mbufq_enqueue(&sc->sc_snd, m); 3838 if (error) { 3839 RUN_UNLOCK(sc); 3840 return (error); 3841 } 3842 run_start(sc); 3843 RUN_UNLOCK(sc); 3844 3845 return (0); 3846 } 3847 3848 static void 3849 run_start(struct run_softc *sc) 3850 { 3851 struct ieee80211_node *ni; 3852 struct mbuf *m; 3853 3854 RUN_LOCK_ASSERT(sc, MA_OWNED); 3855 3856 if ((sc->sc_flags & RUN_RUNNING) == 0) 3857 return; 3858 3859 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3860 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3861 if (run_tx(sc, m, ni) != 0) { 3862 mbufq_prepend(&sc->sc_snd, m); 3863 break; 3864 } 3865 } 3866 } 3867 3868 static void 3869 run_parent(struct ieee80211com *ic) 3870 { 3871 struct run_softc *sc = ic->ic_softc; 3872 int startall = 0; 3873 3874 RUN_LOCK(sc); 3875 if (sc->sc_detached) { 3876 RUN_UNLOCK(sc); 3877 return; 3878 } 3879 3880 if (ic->ic_nrunning > 0) { 3881 if (!(sc->sc_flags & RUN_RUNNING)) { 3882 startall = 1; 3883 run_init_locked(sc); 3884 } else 3885 run_update_promisc_locked(sc); 3886 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3887 run_stop(sc); 3888 RUN_UNLOCK(sc); 3889 if (startall) 3890 ieee80211_start_all(ic); 3891 } 3892 3893 static void 3894 run_iq_calib(struct run_softc *sc, u_int chan) 3895 { 3896 uint16_t val; 3897 3898 /* Tx0 IQ gain. */ 3899 run_bbp_write(sc, 158, 0x2c); 3900 if (chan <= 14) 3901 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3902 else if (chan <= 64) { 3903 run_efuse_read(sc, 3904 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3905 &val, 1); 3906 } else if (chan <= 138) { 3907 run_efuse_read(sc, 3908 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3909 &val, 1); 3910 } else if (chan <= 165) { 3911 run_efuse_read(sc, 3912 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3913 &val, 1); 3914 } else 3915 val = 0; 3916 run_bbp_write(sc, 159, val); 3917 3918 /* Tx0 IQ phase. */ 3919 run_bbp_write(sc, 158, 0x2d); 3920 if (chan <= 14) { 3921 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3922 &val, 1); 3923 } else if (chan <= 64) { 3924 run_efuse_read(sc, 3925 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3926 &val, 1); 3927 } else if (chan <= 138) { 3928 run_efuse_read(sc, 3929 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3930 &val, 1); 3931 } else if (chan <= 165) { 3932 run_efuse_read(sc, 3933 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3934 &val, 1); 3935 } else 3936 val = 0; 3937 run_bbp_write(sc, 159, val); 3938 3939 /* Tx1 IQ gain. */ 3940 run_bbp_write(sc, 158, 0x4a); 3941 if (chan <= 14) { 3942 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3943 &val, 1); 3944 } else if (chan <= 64) { 3945 run_efuse_read(sc, 3946 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3947 &val, 1); 3948 } else if (chan <= 138) { 3949 run_efuse_read(sc, 3950 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3951 &val, 1); 3952 } else if (chan <= 165) { 3953 run_efuse_read(sc, 3954 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3955 &val, 1); 3956 } else 3957 val = 0; 3958 run_bbp_write(sc, 159, val); 3959 3960 /* Tx1 IQ phase. */ 3961 run_bbp_write(sc, 158, 0x4b); 3962 if (chan <= 14) { 3963 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3964 &val, 1); 3965 } else if (chan <= 64) { 3966 run_efuse_read(sc, 3967 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3968 &val, 1); 3969 } else if (chan <= 138) { 3970 run_efuse_read(sc, 3971 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3972 &val, 1); 3973 } else if (chan <= 165) { 3974 run_efuse_read(sc, 3975 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3976 &val, 1); 3977 } else 3978 val = 0; 3979 run_bbp_write(sc, 159, val); 3980 3981 /* RF IQ compensation control. */ 3982 run_bbp_write(sc, 158, 0x04); 3983 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3984 &val, 1); 3985 run_bbp_write(sc, 159, val); 3986 3987 /* RF IQ imbalance compensation control. */ 3988 run_bbp_write(sc, 158, 0x03); 3989 run_efuse_read(sc, 3990 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3991 run_bbp_write(sc, 159, val); 3992 } 3993 3994 static void 3995 run_set_agc(struct run_softc *sc, uint8_t agc) 3996 { 3997 uint8_t bbp; 3998 3999 if (sc->mac_ver == 0x3572) { 4000 run_bbp_read(sc, 27, &bbp); 4001 bbp &= ~(0x3 << 5); 4002 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 4003 run_bbp_write(sc, 66, agc); 4004 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 4005 run_bbp_write(sc, 66, agc); 4006 } else 4007 run_bbp_write(sc, 66, agc); 4008 } 4009 4010 static void 4011 run_select_chan_group(struct run_softc *sc, int group) 4012 { 4013 uint32_t tmp; 4014 uint8_t agc; 4015 4016 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 4017 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 4018 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 4019 if (sc->mac_ver < 0x3572) 4020 run_bbp_write(sc, 86, 0x00); 4021 4022 if (sc->mac_ver == 0x3593) { 4023 run_bbp_write(sc, 77, 0x98); 4024 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 4025 } 4026 4027 if (group == 0) { 4028 if (sc->ext_2ghz_lna) { 4029 if (sc->mac_ver >= 0x5390) 4030 run_bbp_write(sc, 75, 0x52); 4031 else { 4032 run_bbp_write(sc, 82, 0x62); 4033 run_bbp_write(sc, 75, 0x46); 4034 } 4035 } else { 4036 if (sc->mac_ver == 0x5592) { 4037 run_bbp_write(sc, 79, 0x1c); 4038 run_bbp_write(sc, 80, 0x0e); 4039 run_bbp_write(sc, 81, 0x3a); 4040 run_bbp_write(sc, 82, 0x62); 4041 4042 run_bbp_write(sc, 195, 0x80); 4043 run_bbp_write(sc, 196, 0xe0); 4044 run_bbp_write(sc, 195, 0x81); 4045 run_bbp_write(sc, 196, 0x1f); 4046 run_bbp_write(sc, 195, 0x82); 4047 run_bbp_write(sc, 196, 0x38); 4048 run_bbp_write(sc, 195, 0x83); 4049 run_bbp_write(sc, 196, 0x32); 4050 run_bbp_write(sc, 195, 0x85); 4051 run_bbp_write(sc, 196, 0x28); 4052 run_bbp_write(sc, 195, 0x86); 4053 run_bbp_write(sc, 196, 0x19); 4054 } else if (sc->mac_ver >= 0x5390) 4055 run_bbp_write(sc, 75, 0x50); 4056 else { 4057 run_bbp_write(sc, 82, 4058 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 4059 run_bbp_write(sc, 75, 0x50); 4060 } 4061 } 4062 } else { 4063 if (sc->mac_ver == 0x5592) { 4064 run_bbp_write(sc, 79, 0x18); 4065 run_bbp_write(sc, 80, 0x08); 4066 run_bbp_write(sc, 81, 0x38); 4067 run_bbp_write(sc, 82, 0x92); 4068 4069 run_bbp_write(sc, 195, 0x80); 4070 run_bbp_write(sc, 196, 0xf0); 4071 run_bbp_write(sc, 195, 0x81); 4072 run_bbp_write(sc, 196, 0x1e); 4073 run_bbp_write(sc, 195, 0x82); 4074 run_bbp_write(sc, 196, 0x28); 4075 run_bbp_write(sc, 195, 0x83); 4076 run_bbp_write(sc, 196, 0x20); 4077 run_bbp_write(sc, 195, 0x85); 4078 run_bbp_write(sc, 196, 0x7f); 4079 run_bbp_write(sc, 195, 0x86); 4080 run_bbp_write(sc, 196, 0x7f); 4081 } else if (sc->mac_ver == 0x3572) 4082 run_bbp_write(sc, 82, 0x94); 4083 else 4084 run_bbp_write(sc, 82, 4085 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4086 if (sc->ext_5ghz_lna) 4087 run_bbp_write(sc, 75, 0x46); 4088 else 4089 run_bbp_write(sc, 75, 0x50); 4090 } 4091 4092 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4093 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4094 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4095 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4096 4097 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4098 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4099 if (sc->mac_ver == 0x3593) 4100 tmp |= 1 << 29 | 1 << 28; 4101 if (sc->nrxchains > 1) 4102 tmp |= RT2860_LNA_PE1_EN; 4103 if (group == 0) { /* 2GHz */ 4104 tmp |= RT2860_PA_PE_G0_EN; 4105 if (sc->ntxchains > 1) 4106 tmp |= RT2860_PA_PE_G1_EN; 4107 if (sc->mac_ver == 0x3593) { 4108 if (sc->ntxchains > 2) 4109 tmp |= 1 << 25; 4110 } 4111 } else { /* 5GHz */ 4112 tmp |= RT2860_PA_PE_A0_EN; 4113 if (sc->ntxchains > 1) 4114 tmp |= RT2860_PA_PE_A1_EN; 4115 } 4116 if (sc->mac_ver == 0x3572) { 4117 run_rt3070_rf_write(sc, 8, 0x00); 4118 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4119 run_rt3070_rf_write(sc, 8, 0x80); 4120 } else 4121 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4122 4123 if (sc->mac_ver == 0x5592) { 4124 run_bbp_write(sc, 195, 0x8d); 4125 run_bbp_write(sc, 196, 0x1a); 4126 } 4127 4128 if (sc->mac_ver == 0x3593) { 4129 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4130 tmp &= ~0x01010000; 4131 if (group == 0) 4132 tmp |= 0x00010000; 4133 tmp = (tmp & ~0x00009090) | 0x00000090; 4134 run_write(sc, RT2860_GPIO_CTRL, tmp); 4135 } 4136 4137 /* set initial AGC value */ 4138 if (group == 0) { /* 2GHz band */ 4139 if (sc->mac_ver >= 0x3070) 4140 agc = 0x1c + sc->lna[0] * 2; 4141 else 4142 agc = 0x2e + sc->lna[0]; 4143 } else { /* 5GHz band */ 4144 if (sc->mac_ver == 0x5592) 4145 agc = 0x24 + sc->lna[group] * 2; 4146 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4147 agc = 0x22 + (sc->lna[group] * 5) / 3; 4148 else 4149 agc = 0x32 + (sc->lna[group] * 5) / 3; 4150 } 4151 run_set_agc(sc, agc); 4152 } 4153 4154 static void 4155 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4156 { 4157 const struct rfprog *rfprog = rt2860_rf2850; 4158 uint32_t r2, r3, r4; 4159 int8_t txpow1, txpow2; 4160 int i; 4161 4162 /* find the settings for this channel (we know it exists) */ 4163 for (i = 0; rfprog[i].chan != chan; i++); 4164 4165 r2 = rfprog[i].r2; 4166 if (sc->ntxchains == 1) 4167 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4168 if (sc->nrxchains == 1) 4169 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4170 else if (sc->nrxchains == 2) 4171 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4172 4173 /* use Tx power values from EEPROM */ 4174 txpow1 = sc->txpow1[i]; 4175 txpow2 = sc->txpow2[i]; 4176 4177 /* Initialize RF R3 and R4. */ 4178 r3 = rfprog[i].r3 & 0xffffc1ff; 4179 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4180 if (chan > 14) { 4181 if (txpow1 >= 0) { 4182 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4183 r3 |= (txpow1 << 10) | (1 << 9); 4184 } else { 4185 txpow1 += 7; 4186 4187 /* txpow1 is not possible larger than 15. */ 4188 r3 |= (txpow1 << 10); 4189 } 4190 if (txpow2 >= 0) { 4191 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4192 r4 |= (txpow2 << 7) | (1 << 6); 4193 } else { 4194 txpow2 += 7; 4195 r4 |= (txpow2 << 7); 4196 } 4197 } else { 4198 /* Set Tx0 power. */ 4199 r3 |= (txpow1 << 9); 4200 4201 /* Set frequency offset and Tx1 power. */ 4202 r4 |= (txpow2 << 6); 4203 } 4204 4205 run_rt2870_rf_write(sc, rfprog[i].r1); 4206 run_rt2870_rf_write(sc, r2); 4207 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4208 run_rt2870_rf_write(sc, r4); 4209 4210 run_delay(sc, 10); 4211 4212 run_rt2870_rf_write(sc, rfprog[i].r1); 4213 run_rt2870_rf_write(sc, r2); 4214 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4215 run_rt2870_rf_write(sc, r4); 4216 4217 run_delay(sc, 10); 4218 4219 run_rt2870_rf_write(sc, rfprog[i].r1); 4220 run_rt2870_rf_write(sc, r2); 4221 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4222 run_rt2870_rf_write(sc, r4); 4223 } 4224 4225 static void 4226 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4227 { 4228 int8_t txpow1, txpow2; 4229 uint8_t rf; 4230 int i; 4231 4232 /* find the settings for this channel (we know it exists) */ 4233 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4234 4235 /* use Tx power values from EEPROM */ 4236 txpow1 = sc->txpow1[i]; 4237 txpow2 = sc->txpow2[i]; 4238 4239 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4240 4241 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4242 run_rt3070_rf_read(sc, 3, &rf); 4243 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4244 run_rt3070_rf_write(sc, 3, rf); 4245 4246 run_rt3070_rf_read(sc, 6, &rf); 4247 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4248 run_rt3070_rf_write(sc, 6, rf); 4249 4250 /* set Tx0 power */ 4251 run_rt3070_rf_read(sc, 12, &rf); 4252 rf = (rf & ~0x1f) | txpow1; 4253 run_rt3070_rf_write(sc, 12, rf); 4254 4255 /* set Tx1 power */ 4256 run_rt3070_rf_read(sc, 13, &rf); 4257 rf = (rf & ~0x1f) | txpow2; 4258 run_rt3070_rf_write(sc, 13, rf); 4259 4260 run_rt3070_rf_read(sc, 1, &rf); 4261 rf &= ~0xfc; 4262 if (sc->ntxchains == 1) 4263 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4264 else if (sc->ntxchains == 2) 4265 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4266 if (sc->nrxchains == 1) 4267 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4268 else if (sc->nrxchains == 2) 4269 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4270 run_rt3070_rf_write(sc, 1, rf); 4271 4272 /* set RF offset */ 4273 run_rt3070_rf_read(sc, 23, &rf); 4274 rf = (rf & ~0x7f) | sc->freq; 4275 run_rt3070_rf_write(sc, 23, rf); 4276 4277 /* program RF filter */ 4278 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4279 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4280 run_rt3070_rf_write(sc, 24, rf); 4281 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4282 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4283 run_rt3070_rf_write(sc, 31, rf); 4284 4285 /* enable RF tuning */ 4286 run_rt3070_rf_read(sc, 7, &rf); 4287 run_rt3070_rf_write(sc, 7, rf | 0x01); 4288 } 4289 4290 static void 4291 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4292 { 4293 int8_t txpow1, txpow2; 4294 uint32_t tmp; 4295 uint8_t rf; 4296 int i; 4297 4298 /* find the settings for this channel (we know it exists) */ 4299 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4300 4301 /* use Tx power values from EEPROM */ 4302 txpow1 = sc->txpow1[i]; 4303 txpow2 = sc->txpow2[i]; 4304 4305 if (chan <= 14) { 4306 run_bbp_write(sc, 25, sc->bbp25); 4307 run_bbp_write(sc, 26, sc->bbp26); 4308 } else { 4309 /* enable IQ phase correction */ 4310 run_bbp_write(sc, 25, 0x09); 4311 run_bbp_write(sc, 26, 0xff); 4312 } 4313 4314 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4315 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4316 run_rt3070_rf_read(sc, 6, &rf); 4317 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4318 rf |= (chan <= 14) ? 0x08 : 0x04; 4319 run_rt3070_rf_write(sc, 6, rf); 4320 4321 /* set PLL mode */ 4322 run_rt3070_rf_read(sc, 5, &rf); 4323 rf &= ~(0x08 | 0x04); 4324 rf |= (chan <= 14) ? 0x04 : 0x08; 4325 run_rt3070_rf_write(sc, 5, rf); 4326 4327 /* set Tx power for chain 0 */ 4328 if (chan <= 14) 4329 rf = 0x60 | txpow1; 4330 else 4331 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4332 run_rt3070_rf_write(sc, 12, rf); 4333 4334 /* set Tx power for chain 1 */ 4335 if (chan <= 14) 4336 rf = 0x60 | txpow2; 4337 else 4338 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4339 run_rt3070_rf_write(sc, 13, rf); 4340 4341 /* set Tx/Rx streams */ 4342 run_rt3070_rf_read(sc, 1, &rf); 4343 rf &= ~0xfc; 4344 if (sc->ntxchains == 1) 4345 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4346 else if (sc->ntxchains == 2) 4347 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4348 if (sc->nrxchains == 1) 4349 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4350 else if (sc->nrxchains == 2) 4351 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4352 run_rt3070_rf_write(sc, 1, rf); 4353 4354 /* set RF offset */ 4355 run_rt3070_rf_read(sc, 23, &rf); 4356 rf = (rf & ~0x7f) | sc->freq; 4357 run_rt3070_rf_write(sc, 23, rf); 4358 4359 /* program RF filter */ 4360 rf = sc->rf24_20mhz; 4361 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4362 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4363 4364 /* enable RF tuning */ 4365 run_rt3070_rf_read(sc, 7, &rf); 4366 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4367 run_rt3070_rf_write(sc, 7, rf); 4368 4369 /* TSSI */ 4370 rf = (chan <= 14) ? 0xc3 : 0xc0; 4371 run_rt3070_rf_write(sc, 9, rf); 4372 4373 /* set loop filter 1 */ 4374 run_rt3070_rf_write(sc, 10, 0xf1); 4375 /* set loop filter 2 */ 4376 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4377 4378 /* set tx_mx2_ic */ 4379 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4380 /* set tx_mx1_ic */ 4381 if (chan <= 14) 4382 rf = 0x48 | sc->txmixgain_2ghz; 4383 else 4384 rf = 0x78 | sc->txmixgain_5ghz; 4385 run_rt3070_rf_write(sc, 16, rf); 4386 4387 /* set tx_lo1 */ 4388 run_rt3070_rf_write(sc, 17, 0x23); 4389 /* set tx_lo2 */ 4390 if (chan <= 14) 4391 rf = 0x93; 4392 else if (chan <= 64) 4393 rf = 0xb7; 4394 else if (chan <= 128) 4395 rf = 0x74; 4396 else 4397 rf = 0x72; 4398 run_rt3070_rf_write(sc, 19, rf); 4399 4400 /* set rx_lo1 */ 4401 if (chan <= 14) 4402 rf = 0xb3; 4403 else if (chan <= 64) 4404 rf = 0xf6; 4405 else if (chan <= 128) 4406 rf = 0xf4; 4407 else 4408 rf = 0xf3; 4409 run_rt3070_rf_write(sc, 20, rf); 4410 4411 /* set pfd_delay */ 4412 if (chan <= 14) 4413 rf = 0x15; 4414 else if (chan <= 64) 4415 rf = 0x3d; 4416 else 4417 rf = 0x01; 4418 run_rt3070_rf_write(sc, 25, rf); 4419 4420 /* set rx_lo2 */ 4421 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4422 /* set ldo_rf_vc */ 4423 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4424 /* set drv_cc */ 4425 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4426 4427 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4428 tmp &= ~0x8080; 4429 if (chan <= 14) 4430 tmp |= 0x80; 4431 run_write(sc, RT2860_GPIO_CTRL, tmp); 4432 4433 /* enable RF tuning */ 4434 run_rt3070_rf_read(sc, 7, &rf); 4435 run_rt3070_rf_write(sc, 7, rf | 0x01); 4436 4437 run_delay(sc, 2); 4438 } 4439 4440 static void 4441 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4442 { 4443 int8_t txpow1, txpow2, txpow3; 4444 uint8_t h20mhz, rf; 4445 int i; 4446 4447 /* find the settings for this channel (we know it exists) */ 4448 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4449 4450 /* use Tx power values from EEPROM */ 4451 txpow1 = sc->txpow1[i]; 4452 txpow2 = sc->txpow2[i]; 4453 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4454 4455 if (chan <= 14) { 4456 run_bbp_write(sc, 25, sc->bbp25); 4457 run_bbp_write(sc, 26, sc->bbp26); 4458 } else { 4459 /* Enable IQ phase correction. */ 4460 run_bbp_write(sc, 25, 0x09); 4461 run_bbp_write(sc, 26, 0xff); 4462 } 4463 4464 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4465 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4466 run_rt3070_rf_read(sc, 11, &rf); 4467 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4468 run_rt3070_rf_write(sc, 11, rf); 4469 4470 /* Set pll_idoh. */ 4471 run_rt3070_rf_read(sc, 11, &rf); 4472 rf &= ~0x4c; 4473 rf |= (chan <= 14) ? 0x44 : 0x48; 4474 run_rt3070_rf_write(sc, 11, rf); 4475 4476 if (chan <= 14) 4477 rf = txpow1 & 0x1f; 4478 else 4479 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4480 run_rt3070_rf_write(sc, 53, rf); 4481 4482 if (chan <= 14) 4483 rf = txpow2 & 0x1f; 4484 else 4485 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4486 run_rt3070_rf_write(sc, 55, rf); 4487 4488 if (chan <= 14) 4489 rf = txpow3 & 0x1f; 4490 else 4491 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4492 run_rt3070_rf_write(sc, 54, rf); 4493 4494 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4495 if (sc->ntxchains == 3) 4496 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4497 else 4498 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4499 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4500 run_rt3070_rf_write(sc, 1, rf); 4501 4502 run_adjust_freq_offset(sc); 4503 4504 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4505 4506 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4507 run_rt3070_rf_read(sc, 30, &rf); 4508 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4509 run_rt3070_rf_write(sc, 30, rf); 4510 4511 run_rt3070_rf_read(sc, 36, &rf); 4512 if (chan <= 14) 4513 rf |= 0x80; 4514 else 4515 rf &= ~0x80; 4516 run_rt3070_rf_write(sc, 36, rf); 4517 4518 /* Set vcolo_bs. */ 4519 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4520 /* Set pfd_delay. */ 4521 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4522 4523 /* Set vco bias current control. */ 4524 run_rt3070_rf_read(sc, 6, &rf); 4525 rf &= ~0xc0; 4526 if (chan <= 14) 4527 rf |= 0x40; 4528 else if (chan <= 128) 4529 rf |= 0x80; 4530 else 4531 rf |= 0x40; 4532 run_rt3070_rf_write(sc, 6, rf); 4533 4534 run_rt3070_rf_read(sc, 30, &rf); 4535 rf = (rf & ~0x18) | 0x10; 4536 run_rt3070_rf_write(sc, 30, rf); 4537 4538 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4539 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4540 4541 run_rt3070_rf_read(sc, 51, &rf); 4542 rf = (rf & ~0x03) | 0x01; 4543 run_rt3070_rf_write(sc, 51, rf); 4544 /* Set tx_mx1_cc. */ 4545 run_rt3070_rf_read(sc, 51, &rf); 4546 rf &= ~0x1c; 4547 rf |= (chan <= 14) ? 0x14 : 0x10; 4548 run_rt3070_rf_write(sc, 51, rf); 4549 /* Set tx_mx1_ic. */ 4550 run_rt3070_rf_read(sc, 51, &rf); 4551 rf &= ~0xe0; 4552 rf |= (chan <= 14) ? 0x60 : 0x40; 4553 run_rt3070_rf_write(sc, 51, rf); 4554 /* Set tx_lo1_ic. */ 4555 run_rt3070_rf_read(sc, 49, &rf); 4556 rf &= ~0x1c; 4557 rf |= (chan <= 14) ? 0x0c : 0x08; 4558 run_rt3070_rf_write(sc, 49, rf); 4559 /* Set tx_lo1_en. */ 4560 run_rt3070_rf_read(sc, 50, &rf); 4561 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4562 /* Set drv_cc. */ 4563 run_rt3070_rf_read(sc, 57, &rf); 4564 rf &= ~0xfc; 4565 rf |= (chan <= 14) ? 0x6c : 0x3c; 4566 run_rt3070_rf_write(sc, 57, rf); 4567 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4568 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4569 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4570 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4571 /* Enable VCO calibration. */ 4572 run_rt3070_rf_read(sc, 3, &rf); 4573 rf &= ~RT5390_VCOCAL; 4574 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4575 run_rt3070_rf_write(sc, 3, rf); 4576 4577 if (chan <= 14) 4578 rf = 0x23; 4579 else if (chan <= 64) 4580 rf = 0x36; 4581 else if (chan <= 128) 4582 rf = 0x32; 4583 else 4584 rf = 0x30; 4585 run_rt3070_rf_write(sc, 39, rf); 4586 if (chan <= 14) 4587 rf = 0xbb; 4588 else if (chan <= 64) 4589 rf = 0xeb; 4590 else if (chan <= 128) 4591 rf = 0xb3; 4592 else 4593 rf = 0x9b; 4594 run_rt3070_rf_write(sc, 45, rf); 4595 4596 /* Set FEQ/AEQ control. */ 4597 run_bbp_write(sc, 105, 0x34); 4598 } 4599 4600 static void 4601 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4602 { 4603 int8_t txpow1, txpow2; 4604 uint8_t rf; 4605 int i; 4606 4607 /* find the settings for this channel (we know it exists) */ 4608 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4609 4610 /* use Tx power values from EEPROM */ 4611 txpow1 = sc->txpow1[i]; 4612 txpow2 = sc->txpow2[i]; 4613 4614 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4615 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4616 run_rt3070_rf_read(sc, 11, &rf); 4617 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4618 run_rt3070_rf_write(sc, 11, rf); 4619 4620 run_rt3070_rf_read(sc, 49, &rf); 4621 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4622 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4623 if ((rf & 0x3f) > 0x27) 4624 rf = (rf & ~0x3f) | 0x27; 4625 run_rt3070_rf_write(sc, 49, rf); 4626 4627 if (sc->mac_ver == 0x5392) { 4628 run_rt3070_rf_read(sc, 50, &rf); 4629 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4630 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4631 if ((rf & 0x3f) > 0x27) 4632 rf = (rf & ~0x3f) | 0x27; 4633 run_rt3070_rf_write(sc, 50, rf); 4634 } 4635 4636 run_rt3070_rf_read(sc, 1, &rf); 4637 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4638 if (sc->mac_ver == 0x5392) 4639 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4640 run_rt3070_rf_write(sc, 1, rf); 4641 4642 if (sc->mac_ver != 0x5392) { 4643 run_rt3070_rf_read(sc, 2, &rf); 4644 rf |= 0x80; 4645 run_rt3070_rf_write(sc, 2, rf); 4646 run_delay(sc, 10); 4647 rf &= 0x7f; 4648 run_rt3070_rf_write(sc, 2, rf); 4649 } 4650 4651 run_adjust_freq_offset(sc); 4652 4653 if (sc->mac_ver == 0x5392) { 4654 /* Fix for RT5392C. */ 4655 if (sc->mac_rev >= 0x0223) { 4656 if (chan <= 4) 4657 rf = 0x0f; 4658 else if (chan >= 5 && chan <= 7) 4659 rf = 0x0e; 4660 else 4661 rf = 0x0d; 4662 run_rt3070_rf_write(sc, 23, rf); 4663 4664 if (chan <= 4) 4665 rf = 0x0c; 4666 else if (chan == 5) 4667 rf = 0x0b; 4668 else if (chan >= 6 && chan <= 7) 4669 rf = 0x0a; 4670 else if (chan >= 8 && chan <= 10) 4671 rf = 0x09; 4672 else 4673 rf = 0x08; 4674 run_rt3070_rf_write(sc, 59, rf); 4675 } else { 4676 if (chan <= 11) 4677 rf = 0x0f; 4678 else 4679 rf = 0x0b; 4680 run_rt3070_rf_write(sc, 59, rf); 4681 } 4682 } else { 4683 /* Fix for RT5390F. */ 4684 if (sc->mac_rev >= 0x0502) { 4685 if (chan <= 11) 4686 rf = 0x43; 4687 else 4688 rf = 0x23; 4689 run_rt3070_rf_write(sc, 55, rf); 4690 4691 if (chan <= 11) 4692 rf = 0x0f; 4693 else if (chan == 12) 4694 rf = 0x0d; 4695 else 4696 rf = 0x0b; 4697 run_rt3070_rf_write(sc, 59, rf); 4698 } else { 4699 run_rt3070_rf_write(sc, 55, 0x44); 4700 run_rt3070_rf_write(sc, 59, 0x8f); 4701 } 4702 } 4703 4704 /* Enable VCO calibration. */ 4705 run_rt3070_rf_read(sc, 3, &rf); 4706 rf |= RT5390_VCOCAL; 4707 run_rt3070_rf_write(sc, 3, rf); 4708 } 4709 4710 static void 4711 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4712 { 4713 const struct rt5592_freqs *freqs; 4714 uint32_t tmp; 4715 uint8_t reg, rf, txpow_bound; 4716 int8_t txpow1, txpow2; 4717 int i; 4718 4719 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4720 freqs = (tmp & RT5592_SEL_XTAL) ? 4721 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4722 4723 /* find the settings for this channel (we know it exists) */ 4724 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4725 4726 /* use Tx power values from EEPROM */ 4727 txpow1 = sc->txpow1[i]; 4728 txpow2 = sc->txpow2[i]; 4729 4730 run_read(sc, RT3070_LDO_CFG0, &tmp); 4731 tmp &= ~0x1c000000; 4732 if (chan > 14) 4733 tmp |= 0x14000000; 4734 run_write(sc, RT3070_LDO_CFG0, tmp); 4735 4736 /* N setting. */ 4737 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4738 run_rt3070_rf_read(sc, 9, &rf); 4739 rf &= ~(1 << 4); 4740 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4741 run_rt3070_rf_write(sc, 9, rf); 4742 4743 /* K setting. */ 4744 run_rt3070_rf_read(sc, 9, &rf); 4745 rf &= ~0x0f; 4746 rf |= (freqs->k & 0x0f); 4747 run_rt3070_rf_write(sc, 9, rf); 4748 4749 /* Mode setting. */ 4750 run_rt3070_rf_read(sc, 11, &rf); 4751 rf &= ~0x0c; 4752 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4753 run_rt3070_rf_write(sc, 11, rf); 4754 run_rt3070_rf_read(sc, 9, &rf); 4755 rf &= ~(1 << 7); 4756 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4757 run_rt3070_rf_write(sc, 9, rf); 4758 4759 /* R setting. */ 4760 run_rt3070_rf_read(sc, 11, &rf); 4761 rf &= ~0x03; 4762 rf |= (freqs->r - 0x1); 4763 run_rt3070_rf_write(sc, 11, rf); 4764 4765 if (chan <= 14) { 4766 /* Initialize RF registers for 2GHZ. */ 4767 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4768 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4769 rt5592_2ghz_def_rf[i].val); 4770 } 4771 4772 rf = (chan <= 10) ? 0x07 : 0x06; 4773 run_rt3070_rf_write(sc, 23, rf); 4774 run_rt3070_rf_write(sc, 59, rf); 4775 4776 run_rt3070_rf_write(sc, 55, 0x43); 4777 4778 /* 4779 * RF R49/R50 Tx power ALC code. 4780 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4781 */ 4782 reg = 2; 4783 txpow_bound = 0x27; 4784 } else { 4785 /* Initialize RF registers for 5GHZ. */ 4786 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4787 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4788 rt5592_5ghz_def_rf[i].val); 4789 } 4790 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4791 if (chan >= rt5592_chan_5ghz[i].firstchan && 4792 chan <= rt5592_chan_5ghz[i].lastchan) { 4793 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4794 rt5592_chan_5ghz[i].val); 4795 } 4796 } 4797 4798 /* 4799 * RF R49/R50 Tx power ALC code. 4800 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4801 */ 4802 reg = 3; 4803 txpow_bound = 0x2b; 4804 } 4805 4806 /* RF R49 ch0 Tx power ALC code. */ 4807 run_rt3070_rf_read(sc, 49, &rf); 4808 rf &= ~0xc0; 4809 rf |= (reg << 6); 4810 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4811 if ((rf & 0x3f) > txpow_bound) 4812 rf = (rf & ~0x3f) | txpow_bound; 4813 run_rt3070_rf_write(sc, 49, rf); 4814 4815 /* RF R50 ch1 Tx power ALC code. */ 4816 run_rt3070_rf_read(sc, 50, &rf); 4817 rf &= ~(1 << 7 | 1 << 6); 4818 rf |= (reg << 6); 4819 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4820 if ((rf & 0x3f) > txpow_bound) 4821 rf = (rf & ~0x3f) | txpow_bound; 4822 run_rt3070_rf_write(sc, 50, rf); 4823 4824 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4825 run_rt3070_rf_read(sc, 1, &rf); 4826 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4827 if (sc->ntxchains > 1) 4828 rf |= RT3070_TX1_PD; 4829 if (sc->nrxchains > 1) 4830 rf |= RT3070_RX1_PD; 4831 run_rt3070_rf_write(sc, 1, rf); 4832 4833 run_rt3070_rf_write(sc, 6, 0xe4); 4834 4835 run_rt3070_rf_write(sc, 30, 0x10); 4836 run_rt3070_rf_write(sc, 31, 0x80); 4837 run_rt3070_rf_write(sc, 32, 0x80); 4838 4839 run_adjust_freq_offset(sc); 4840 4841 /* Enable VCO calibration. */ 4842 run_rt3070_rf_read(sc, 3, &rf); 4843 rf |= RT5390_VCOCAL; 4844 run_rt3070_rf_write(sc, 3, rf); 4845 } 4846 4847 static void 4848 run_set_rx_antenna(struct run_softc *sc, int aux) 4849 { 4850 uint32_t tmp; 4851 uint8_t bbp152; 4852 4853 if (aux) { 4854 if (sc->rf_rev == RT5390_RF_5370) { 4855 run_bbp_read(sc, 152, &bbp152); 4856 run_bbp_write(sc, 152, bbp152 & ~0x80); 4857 } else { 4858 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4859 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4860 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4861 } 4862 } else { 4863 if (sc->rf_rev == RT5390_RF_5370) { 4864 run_bbp_read(sc, 152, &bbp152); 4865 run_bbp_write(sc, 152, bbp152 | 0x80); 4866 } else { 4867 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4868 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4869 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4870 } 4871 } 4872 } 4873 4874 static int 4875 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4876 { 4877 struct ieee80211com *ic = &sc->sc_ic; 4878 u_int chan, group; 4879 4880 chan = ieee80211_chan2ieee(ic, c); 4881 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4882 return (EINVAL); 4883 4884 if (sc->mac_ver == 0x5592) 4885 run_rt5592_set_chan(sc, chan); 4886 else if (sc->mac_ver >= 0x5390) 4887 run_rt5390_set_chan(sc, chan); 4888 else if (sc->mac_ver == 0x3593) 4889 run_rt3593_set_chan(sc, chan); 4890 else if (sc->mac_ver == 0x3572) 4891 run_rt3572_set_chan(sc, chan); 4892 else if (sc->mac_ver >= 0x3070) 4893 run_rt3070_set_chan(sc, chan); 4894 else 4895 run_rt2870_set_chan(sc, chan); 4896 4897 /* determine channel group */ 4898 if (chan <= 14) 4899 group = 0; 4900 else if (chan <= 64) 4901 group = 1; 4902 else if (chan <= 128) 4903 group = 2; 4904 else 4905 group = 3; 4906 4907 /* XXX necessary only when group has changed! */ 4908 run_select_chan_group(sc, group); 4909 4910 run_delay(sc, 10); 4911 4912 /* Perform IQ calibration. */ 4913 if (sc->mac_ver >= 0x5392) 4914 run_iq_calib(sc, chan); 4915 4916 return (0); 4917 } 4918 4919 static void 4920 run_set_channel(struct ieee80211com *ic) 4921 { 4922 struct run_softc *sc = ic->ic_softc; 4923 4924 RUN_LOCK(sc); 4925 run_set_chan(sc, ic->ic_curchan); 4926 RUN_UNLOCK(sc); 4927 4928 return; 4929 } 4930 4931 static void 4932 run_getradiocaps(struct ieee80211com *ic, 4933 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4934 { 4935 struct run_softc *sc = ic->ic_softc; 4936 uint8_t bands[IEEE80211_MODE_BYTES]; 4937 4938 memset(bands, 0, sizeof(bands)); 4939 setbit(bands, IEEE80211_MODE_11B); 4940 setbit(bands, IEEE80211_MODE_11G); 4941 if (sc->rf_rev != RT3070_RF_2020) 4942 setbit(bands, IEEE80211_MODE_11NG); 4943 4944 /* Note: for now, only support HT20 channels */ 4945 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4946 4947 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4948 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4949 sc->rf_rev == RT5592_RF_5592) { 4950 setbit(bands, IEEE80211_MODE_11A); 4951 if (sc->rf_rev != RT3070_RF_2020) 4952 setbit(bands, IEEE80211_MODE_11NA); 4953 /* Note: for now, only support HT20 channels */ 4954 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4955 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4956 } 4957 } 4958 4959 static void 4960 run_scan_start(struct ieee80211com *ic) 4961 { 4962 struct run_softc *sc = ic->ic_softc; 4963 4964 RUN_LOCK(sc); 4965 4966 /* abort TSF synchronization */ 4967 run_disable_tsf(sc); 4968 run_set_bssid(sc, ieee80211broadcastaddr); 4969 4970 RUN_UNLOCK(sc); 4971 4972 return; 4973 } 4974 4975 static void 4976 run_scan_end(struct ieee80211com *ic) 4977 { 4978 struct run_softc *sc = ic->ic_softc; 4979 4980 RUN_LOCK(sc); 4981 4982 run_enable_tsf_sync(sc); 4983 run_set_bssid(sc, sc->sc_bssid); 4984 4985 RUN_UNLOCK(sc); 4986 4987 return; 4988 } 4989 4990 /* 4991 * Could be called from ieee80211_node_timeout() 4992 * (non-sleepable thread) 4993 */ 4994 static void 4995 run_update_beacon(struct ieee80211vap *vap, int item) 4996 { 4997 struct ieee80211com *ic = vap->iv_ic; 4998 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4999 struct ieee80211_node *ni = vap->iv_bss; 5000 struct run_softc *sc = ic->ic_softc; 5001 struct run_vap *rvp = RUN_VAP(vap); 5002 int mcast = 0; 5003 uint32_t i; 5004 5005 switch (item) { 5006 case IEEE80211_BEACON_ERP: 5007 run_updateslot(ic); 5008 break; 5009 case IEEE80211_BEACON_HTINFO: 5010 run_updateprot(ic); 5011 break; 5012 case IEEE80211_BEACON_TIM: 5013 mcast = 1; /*TODO*/ 5014 break; 5015 default: 5016 break; 5017 } 5018 5019 setbit(bo->bo_flags, item); 5020 if (rvp->beacon_mbuf == NULL) { 5021 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5022 if (rvp->beacon_mbuf == NULL) 5023 return; 5024 } 5025 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 5026 5027 i = RUN_CMDQ_GET(&sc->cmdq_store); 5028 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5029 sc->cmdq[i].func = run_update_beacon_cb; 5030 sc->cmdq[i].arg0 = vap; 5031 ieee80211_runtask(ic, &sc->cmdq_task); 5032 5033 return; 5034 } 5035 5036 static void 5037 run_update_beacon_cb(void *arg) 5038 { 5039 struct ieee80211vap *vap = arg; 5040 struct ieee80211_node *ni = vap->iv_bss; 5041 struct run_vap *rvp = RUN_VAP(vap); 5042 struct ieee80211com *ic = vap->iv_ic; 5043 struct run_softc *sc = ic->ic_softc; 5044 struct rt2860_txwi txwi; 5045 struct mbuf *m; 5046 uint16_t txwisize; 5047 uint8_t ridx; 5048 5049 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 5050 return; 5051 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 5052 return; 5053 5054 /* 5055 * No need to call ieee80211_beacon_update(), run_update_beacon() 5056 * is taking care of appropriate calls. 5057 */ 5058 if (rvp->beacon_mbuf == NULL) { 5059 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5060 if (rvp->beacon_mbuf == NULL) 5061 return; 5062 } 5063 m = rvp->beacon_mbuf; 5064 5065 memset(&txwi, 0, sizeof(txwi)); 5066 txwi.wcid = 0xff; 5067 txwi.len = htole16(m->m_pkthdr.len); 5068 5069 /* send beacons at the lowest available rate */ 5070 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 5071 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 5072 txwi.phy = htole16(rt2860_rates[ridx].mcs); 5073 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 5074 txwi.phy |= htole16(RT2860_PHY_OFDM); 5075 txwi.txop = RT2860_TX_TXOP_HT; 5076 txwi.flags = RT2860_TX_TS; 5077 txwi.xflags = RT2860_TX_NSEQ; 5078 5079 txwisize = (sc->mac_ver == 0x5592) ? 5080 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 5081 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 5082 txwisize); 5083 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 5084 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5085 } 5086 5087 static void 5088 run_updateprot(struct ieee80211com *ic) 5089 { 5090 struct run_softc *sc = ic->ic_softc; 5091 uint32_t i; 5092 5093 i = RUN_CMDQ_GET(&sc->cmdq_store); 5094 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5095 sc->cmdq[i].func = run_updateprot_cb; 5096 sc->cmdq[i].arg0 = ic; 5097 ieee80211_runtask(ic, &sc->cmdq_task); 5098 } 5099 5100 static void 5101 run_updateprot_cb(void *arg) 5102 { 5103 struct ieee80211com *ic = arg; 5104 struct run_softc *sc = ic->ic_softc; 5105 uint32_t tmp; 5106 5107 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5108 /* setup protection frame rate (MCS code) */ 5109 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5110 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5111 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5112 5113 /* CCK frames don't require protection */ 5114 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5115 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5116 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5117 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5118 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5119 tmp |= RT2860_PROT_CTRL_CTS; 5120 } 5121 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5122 } 5123 5124 static void 5125 run_usb_timeout_cb(void *arg) 5126 { 5127 struct ieee80211vap *vap = arg; 5128 struct run_softc *sc = vap->iv_ic->ic_softc; 5129 5130 RUN_LOCK_ASSERT(sc, MA_OWNED); 5131 5132 if(vap->iv_state == IEEE80211_S_RUN && 5133 vap->iv_opmode != IEEE80211_M_STA) 5134 run_reset_livelock(sc); 5135 else if (vap->iv_state == IEEE80211_S_SCAN) { 5136 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5137 "timeout caused by scan\n"); 5138 /* cancel bgscan */ 5139 ieee80211_cancel_scan(vap); 5140 } else 5141 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5142 "timeout by unknown cause\n"); 5143 } 5144 5145 static void 5146 run_reset_livelock(struct run_softc *sc) 5147 { 5148 uint32_t tmp; 5149 5150 RUN_LOCK_ASSERT(sc, MA_OWNED); 5151 5152 /* 5153 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5154 * can run into a livelock and start sending CTS-to-self frames like 5155 * crazy if protection is enabled. Reset MAC/BBP for a while 5156 */ 5157 run_read(sc, RT2860_DEBUG, &tmp); 5158 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5159 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5160 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5161 "CTS-to-self livelock detected\n"); 5162 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5163 run_delay(sc, 1); 5164 run_write(sc, RT2860_MAC_SYS_CTRL, 5165 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5166 } 5167 } 5168 5169 static void 5170 run_update_promisc_locked(struct run_softc *sc) 5171 { 5172 uint32_t tmp; 5173 5174 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5175 5176 tmp |= RT2860_DROP_UC_NOME; 5177 if (sc->sc_ic.ic_promisc > 0) 5178 tmp &= ~RT2860_DROP_UC_NOME; 5179 5180 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5181 5182 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5183 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5184 } 5185 5186 static void 5187 run_update_promisc(struct ieee80211com *ic) 5188 { 5189 struct run_softc *sc = ic->ic_softc; 5190 5191 if ((sc->sc_flags & RUN_RUNNING) == 0) 5192 return; 5193 5194 RUN_LOCK(sc); 5195 run_update_promisc_locked(sc); 5196 RUN_UNLOCK(sc); 5197 } 5198 5199 static void 5200 run_enable_tsf_sync(struct run_softc *sc) 5201 { 5202 struct ieee80211com *ic = &sc->sc_ic; 5203 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5204 uint32_t tmp; 5205 5206 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5207 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5208 5209 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5210 tmp &= ~0x1fffff; 5211 tmp |= vap->iv_bss->ni_intval * 16; 5212 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5213 5214 if (ic->ic_opmode == IEEE80211_M_STA) { 5215 /* 5216 * Local TSF is always updated with remote TSF on beacon 5217 * reception. 5218 */ 5219 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5220 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5221 tmp |= RT2860_BCN_TX_EN; 5222 /* 5223 * Local TSF is updated with remote TSF on beacon reception 5224 * only if the remote TSF is greater than local TSF. 5225 */ 5226 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5227 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5228 ic->ic_opmode == IEEE80211_M_MBSS) { 5229 tmp |= RT2860_BCN_TX_EN; 5230 /* SYNC with nobody */ 5231 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5232 } else { 5233 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5234 "Enabling TSF failed. undefined opmode\n"); 5235 return; 5236 } 5237 5238 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5239 } 5240 5241 static void 5242 run_enable_tsf(struct run_softc *sc) 5243 { 5244 uint32_t tmp; 5245 5246 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5247 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5248 tmp |= RT2860_TSF_TIMER_EN; 5249 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5250 } 5251 } 5252 5253 static void 5254 run_disable_tsf(struct run_softc *sc) 5255 { 5256 uint32_t tmp; 5257 5258 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5259 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5260 RT2860_TBTT_TIMER_EN); 5261 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5262 } 5263 } 5264 5265 static void 5266 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5267 { 5268 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5269 sizeof(*buf)); 5270 } 5271 5272 static void 5273 run_enable_mrr(struct run_softc *sc) 5274 { 5275 #define CCK(mcs) (mcs) 5276 #define OFDM(mcs) (1 << 3 | (mcs)) 5277 run_write(sc, RT2860_LG_FBK_CFG0, 5278 OFDM(6) << 28 | /* 54->48 */ 5279 OFDM(5) << 24 | /* 48->36 */ 5280 OFDM(4) << 20 | /* 36->24 */ 5281 OFDM(3) << 16 | /* 24->18 */ 5282 OFDM(2) << 12 | /* 18->12 */ 5283 OFDM(1) << 8 | /* 12-> 9 */ 5284 OFDM(0) << 4 | /* 9-> 6 */ 5285 OFDM(0)); /* 6-> 6 */ 5286 5287 run_write(sc, RT2860_LG_FBK_CFG1, 5288 CCK(2) << 12 | /* 11->5.5 */ 5289 CCK(1) << 8 | /* 5.5-> 2 */ 5290 CCK(0) << 4 | /* 2-> 1 */ 5291 CCK(0)); /* 1-> 1 */ 5292 #undef OFDM 5293 #undef CCK 5294 } 5295 5296 static void 5297 run_set_txpreamble(struct run_softc *sc) 5298 { 5299 struct ieee80211com *ic = &sc->sc_ic; 5300 uint32_t tmp; 5301 5302 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5303 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5304 tmp |= RT2860_CCK_SHORT_EN; 5305 else 5306 tmp &= ~RT2860_CCK_SHORT_EN; 5307 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5308 } 5309 5310 static void 5311 run_set_basicrates(struct run_softc *sc) 5312 { 5313 struct ieee80211com *ic = &sc->sc_ic; 5314 5315 /* set basic rates mask */ 5316 if (ic->ic_curmode == IEEE80211_MODE_11B) 5317 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5318 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5319 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5320 else /* 11g */ 5321 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5322 } 5323 5324 static void 5325 run_set_leds(struct run_softc *sc, uint16_t which) 5326 { 5327 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5328 which | (sc->leds & 0x7f)); 5329 } 5330 5331 static void 5332 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5333 { 5334 run_write(sc, RT2860_MAC_BSSID_DW0, 5335 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5336 run_write(sc, RT2860_MAC_BSSID_DW1, 5337 bssid[4] | bssid[5] << 8); 5338 } 5339 5340 static void 5341 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5342 { 5343 run_write(sc, RT2860_MAC_ADDR_DW0, 5344 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5345 run_write(sc, RT2860_MAC_ADDR_DW1, 5346 addr[4] | addr[5] << 8 | 0xff << 16); 5347 } 5348 5349 static void 5350 run_updateslot(struct ieee80211com *ic) 5351 { 5352 struct run_softc *sc = ic->ic_softc; 5353 uint32_t i; 5354 5355 i = RUN_CMDQ_GET(&sc->cmdq_store); 5356 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5357 sc->cmdq[i].func = run_updateslot_cb; 5358 sc->cmdq[i].arg0 = ic; 5359 ieee80211_runtask(ic, &sc->cmdq_task); 5360 5361 return; 5362 } 5363 5364 /* ARGSUSED */ 5365 static void 5366 run_updateslot_cb(void *arg) 5367 { 5368 struct ieee80211com *ic = arg; 5369 struct run_softc *sc = ic->ic_softc; 5370 uint32_t tmp; 5371 5372 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5373 tmp &= ~0xff; 5374 tmp |= IEEE80211_GET_SLOTTIME(ic); 5375 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5376 } 5377 5378 static void 5379 run_update_mcast(struct ieee80211com *ic) 5380 { 5381 } 5382 5383 static int8_t 5384 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5385 { 5386 struct ieee80211com *ic = &sc->sc_ic; 5387 struct ieee80211_channel *c = ic->ic_curchan; 5388 int delta; 5389 5390 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5391 u_int chan = ieee80211_chan2ieee(ic, c); 5392 delta = sc->rssi_5ghz[rxchain]; 5393 5394 /* determine channel group */ 5395 if (chan <= 64) 5396 delta -= sc->lna[1]; 5397 else if (chan <= 128) 5398 delta -= sc->lna[2]; 5399 else 5400 delta -= sc->lna[3]; 5401 } else 5402 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5403 5404 return (-12 - delta - rssi); 5405 } 5406 5407 static void 5408 run_rt5390_bbp_init(struct run_softc *sc) 5409 { 5410 u_int i; 5411 uint8_t bbp; 5412 5413 /* Apply maximum likelihood detection for 2 stream case. */ 5414 run_bbp_read(sc, 105, &bbp); 5415 if (sc->nrxchains > 1) 5416 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5417 5418 /* Avoid data lost and CRC error. */ 5419 run_bbp_read(sc, 4, &bbp); 5420 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5421 5422 if (sc->mac_ver == 0x5592) { 5423 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5424 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5425 rt5592_def_bbp[i].val); 5426 } 5427 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5428 run_bbp_write(sc, 195, i + 0x80); 5429 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5430 } 5431 } else { 5432 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5433 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5434 rt5390_def_bbp[i].val); 5435 } 5436 } 5437 if (sc->mac_ver == 0x5392) { 5438 run_bbp_write(sc, 88, 0x90); 5439 run_bbp_write(sc, 95, 0x9a); 5440 run_bbp_write(sc, 98, 0x12); 5441 run_bbp_write(sc, 106, 0x12); 5442 run_bbp_write(sc, 134, 0xd0); 5443 run_bbp_write(sc, 135, 0xf6); 5444 run_bbp_write(sc, 148, 0x84); 5445 } 5446 5447 run_bbp_read(sc, 152, &bbp); 5448 run_bbp_write(sc, 152, bbp | 0x80); 5449 5450 /* Fix BBP254 for RT5592C. */ 5451 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5452 run_bbp_read(sc, 254, &bbp); 5453 run_bbp_write(sc, 254, bbp | 0x80); 5454 } 5455 5456 /* Disable hardware antenna diversity. */ 5457 if (sc->mac_ver == 0x5390) 5458 run_bbp_write(sc, 154, 0); 5459 5460 /* Initialize Rx CCK/OFDM frequency offset report. */ 5461 run_bbp_write(sc, 142, 1); 5462 run_bbp_write(sc, 143, 57); 5463 } 5464 5465 static int 5466 run_bbp_init(struct run_softc *sc) 5467 { 5468 int i, error, ntries; 5469 uint8_t bbp0; 5470 5471 /* wait for BBP to wake up */ 5472 for (ntries = 0; ntries < 20; ntries++) { 5473 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5474 return error; 5475 if (bbp0 != 0 && bbp0 != 0xff) 5476 break; 5477 } 5478 if (ntries == 20) 5479 return (ETIMEDOUT); 5480 5481 /* initialize BBP registers to default values */ 5482 if (sc->mac_ver >= 0x5390) 5483 run_rt5390_bbp_init(sc); 5484 else { 5485 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5486 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5487 rt2860_def_bbp[i].val); 5488 } 5489 } 5490 5491 if (sc->mac_ver == 0x3593) { 5492 run_bbp_write(sc, 79, 0x13); 5493 run_bbp_write(sc, 80, 0x05); 5494 run_bbp_write(sc, 81, 0x33); 5495 run_bbp_write(sc, 86, 0x46); 5496 run_bbp_write(sc, 137, 0x0f); 5497 } 5498 5499 /* fix BBP84 for RT2860E */ 5500 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5501 run_bbp_write(sc, 84, 0x19); 5502 5503 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5504 sc->mac_ver != 0x5592)) { 5505 run_bbp_write(sc, 79, 0x13); 5506 run_bbp_write(sc, 80, 0x05); 5507 run_bbp_write(sc, 81, 0x33); 5508 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5509 run_bbp_write(sc, 69, 0x16); 5510 run_bbp_write(sc, 73, 0x12); 5511 } 5512 return (0); 5513 } 5514 5515 static int 5516 run_rt3070_rf_init(struct run_softc *sc) 5517 { 5518 uint32_t tmp; 5519 uint8_t bbp4, mingain, rf, target; 5520 u_int i; 5521 5522 run_rt3070_rf_read(sc, 30, &rf); 5523 /* toggle RF R30 bit 7 */ 5524 run_rt3070_rf_write(sc, 30, rf | 0x80); 5525 run_delay(sc, 10); 5526 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5527 5528 /* initialize RF registers to default value */ 5529 if (sc->mac_ver == 0x3572) { 5530 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5531 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5532 rt3572_def_rf[i].val); 5533 } 5534 } else { 5535 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5536 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5537 rt3070_def_rf[i].val); 5538 } 5539 } 5540 5541 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5542 /* 5543 * Change voltage from 1.2V to 1.35V for RT3070. 5544 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5545 * in RT3070(F). 5546 */ 5547 run_read(sc, RT3070_LDO_CFG0, &tmp); 5548 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5549 run_write(sc, RT3070_LDO_CFG0, tmp); 5550 5551 } else if (sc->mac_ver == 0x3071) { 5552 run_rt3070_rf_read(sc, 6, &rf); 5553 run_rt3070_rf_write(sc, 6, rf | 0x40); 5554 run_rt3070_rf_write(sc, 31, 0x14); 5555 5556 run_read(sc, RT3070_LDO_CFG0, &tmp); 5557 tmp &= ~0x1f000000; 5558 if (sc->mac_rev < 0x0211) 5559 tmp |= 0x0d000000; /* 1.3V */ 5560 else 5561 tmp |= 0x01000000; /* 1.2V */ 5562 run_write(sc, RT3070_LDO_CFG0, tmp); 5563 5564 /* patch LNA_PE_G1 */ 5565 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5566 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5567 5568 } else if (sc->mac_ver == 0x3572) { 5569 run_rt3070_rf_read(sc, 6, &rf); 5570 run_rt3070_rf_write(sc, 6, rf | 0x40); 5571 5572 /* increase voltage from 1.2V to 1.35V */ 5573 run_read(sc, RT3070_LDO_CFG0, &tmp); 5574 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5575 run_write(sc, RT3070_LDO_CFG0, tmp); 5576 5577 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5578 run_delay(sc, 1); /* wait for 1msec */ 5579 /* decrease voltage back to 1.2V */ 5580 tmp = (tmp & ~0x1f000000) | 0x01000000; 5581 run_write(sc, RT3070_LDO_CFG0, tmp); 5582 } 5583 } 5584 5585 /* select 20MHz bandwidth */ 5586 run_rt3070_rf_read(sc, 31, &rf); 5587 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5588 5589 /* calibrate filter for 20MHz bandwidth */ 5590 sc->rf24_20mhz = 0x1f; /* default value */ 5591 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5592 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5593 5594 /* select 40MHz bandwidth */ 5595 run_bbp_read(sc, 4, &bbp4); 5596 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5597 run_rt3070_rf_read(sc, 31, &rf); 5598 run_rt3070_rf_write(sc, 31, rf | 0x20); 5599 5600 /* calibrate filter for 40MHz bandwidth */ 5601 sc->rf24_40mhz = 0x2f; /* default value */ 5602 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5603 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5604 5605 /* go back to 20MHz bandwidth */ 5606 run_bbp_read(sc, 4, &bbp4); 5607 run_bbp_write(sc, 4, bbp4 & ~0x18); 5608 5609 if (sc->mac_ver == 0x3572) { 5610 /* save default BBP registers 25 and 26 values */ 5611 run_bbp_read(sc, 25, &sc->bbp25); 5612 run_bbp_read(sc, 26, &sc->bbp26); 5613 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5614 run_rt3070_rf_write(sc, 27, 0x03); 5615 5616 run_read(sc, RT3070_OPT_14, &tmp); 5617 run_write(sc, RT3070_OPT_14, tmp | 1); 5618 5619 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5620 run_rt3070_rf_read(sc, 17, &rf); 5621 rf &= ~RT3070_TX_LO1; 5622 if ((sc->mac_ver == 0x3070 || 5623 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5624 !sc->ext_2ghz_lna) 5625 rf |= 0x20; /* fix for long range Rx issue */ 5626 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5627 if (sc->txmixgain_2ghz >= mingain) 5628 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5629 run_rt3070_rf_write(sc, 17, rf); 5630 } 5631 5632 if (sc->mac_ver == 0x3071) { 5633 run_rt3070_rf_read(sc, 1, &rf); 5634 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5635 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5636 run_rt3070_rf_write(sc, 1, rf); 5637 5638 run_rt3070_rf_read(sc, 15, &rf); 5639 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5640 5641 run_rt3070_rf_read(sc, 20, &rf); 5642 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5643 5644 run_rt3070_rf_read(sc, 21, &rf); 5645 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5646 } 5647 5648 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5649 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5650 run_rt3070_rf_read(sc, 27, &rf); 5651 rf &= ~0x77; 5652 if (sc->mac_rev < 0x0211) 5653 rf |= 0x03; 5654 run_rt3070_rf_write(sc, 27, rf); 5655 } 5656 return (0); 5657 } 5658 5659 static void 5660 run_rt3593_rf_init(struct run_softc *sc) 5661 { 5662 uint32_t tmp; 5663 uint8_t rf; 5664 u_int i; 5665 5666 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5667 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5668 tmp &= ~(1 << 4 | 1 << 7); 5669 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5670 5671 /* Initialize RF registers to default value. */ 5672 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5673 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5674 rt3593_def_rf[i].val); 5675 } 5676 5677 /* Toggle RF R2 to initiate calibration. */ 5678 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5679 5680 /* Initialize RF frequency offset. */ 5681 run_adjust_freq_offset(sc); 5682 5683 run_rt3070_rf_read(sc, 18, &rf); 5684 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5685 5686 /* 5687 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5688 * decrease voltage back to 1.2V. 5689 */ 5690 run_read(sc, RT3070_LDO_CFG0, &tmp); 5691 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5692 run_write(sc, RT3070_LDO_CFG0, tmp); 5693 run_delay(sc, 1); 5694 tmp = (tmp & ~0x1f000000) | 0x01000000; 5695 run_write(sc, RT3070_LDO_CFG0, tmp); 5696 5697 sc->rf24_20mhz = 0x1f; 5698 sc->rf24_40mhz = 0x2f; 5699 5700 /* Save default BBP registers 25 and 26 values. */ 5701 run_bbp_read(sc, 25, &sc->bbp25); 5702 run_bbp_read(sc, 26, &sc->bbp26); 5703 5704 run_read(sc, RT3070_OPT_14, &tmp); 5705 run_write(sc, RT3070_OPT_14, tmp | 1); 5706 } 5707 5708 static void 5709 run_rt5390_rf_init(struct run_softc *sc) 5710 { 5711 uint32_t tmp; 5712 uint8_t rf; 5713 u_int i; 5714 5715 /* Toggle RF R2 to initiate calibration. */ 5716 if (sc->mac_ver == 0x5390) { 5717 run_rt3070_rf_read(sc, 2, &rf); 5718 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5719 run_delay(sc, 10); 5720 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5721 } else { 5722 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5723 run_delay(sc, 10); 5724 } 5725 5726 /* Initialize RF registers to default value. */ 5727 if (sc->mac_ver == 0x5592) { 5728 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5729 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5730 rt5592_def_rf[i].val); 5731 } 5732 /* Initialize RF frequency offset. */ 5733 run_adjust_freq_offset(sc); 5734 } else if (sc->mac_ver == 0x5392) { 5735 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5736 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5737 rt5392_def_rf[i].val); 5738 } 5739 if (sc->mac_rev >= 0x0223) { 5740 run_rt3070_rf_write(sc, 23, 0x0f); 5741 run_rt3070_rf_write(sc, 24, 0x3e); 5742 run_rt3070_rf_write(sc, 51, 0x32); 5743 run_rt3070_rf_write(sc, 53, 0x22); 5744 run_rt3070_rf_write(sc, 56, 0xc1); 5745 run_rt3070_rf_write(sc, 59, 0x0f); 5746 } 5747 } else { 5748 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5749 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5750 rt5390_def_rf[i].val); 5751 } 5752 if (sc->mac_rev >= 0x0502) { 5753 run_rt3070_rf_write(sc, 6, 0xe0); 5754 run_rt3070_rf_write(sc, 25, 0x80); 5755 run_rt3070_rf_write(sc, 46, 0x73); 5756 run_rt3070_rf_write(sc, 53, 0x00); 5757 run_rt3070_rf_write(sc, 56, 0x42); 5758 run_rt3070_rf_write(sc, 61, 0xd1); 5759 } 5760 } 5761 5762 sc->rf24_20mhz = 0x1f; /* default value */ 5763 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5764 5765 if (sc->mac_rev < 0x0211) 5766 run_rt3070_rf_write(sc, 27, 0x3); 5767 5768 run_read(sc, RT3070_OPT_14, &tmp); 5769 run_write(sc, RT3070_OPT_14, tmp | 1); 5770 } 5771 5772 static int 5773 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5774 uint8_t *val) 5775 { 5776 uint8_t rf22, rf24; 5777 uint8_t bbp55_pb, bbp55_sb, delta; 5778 int ntries; 5779 5780 /* program filter */ 5781 run_rt3070_rf_read(sc, 24, &rf24); 5782 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5783 run_rt3070_rf_write(sc, 24, rf24); 5784 5785 /* enable baseband loopback mode */ 5786 run_rt3070_rf_read(sc, 22, &rf22); 5787 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5788 5789 /* set power and frequency of passband test tone */ 5790 run_bbp_write(sc, 24, 0x00); 5791 for (ntries = 0; ntries < 100; ntries++) { 5792 /* transmit test tone */ 5793 run_bbp_write(sc, 25, 0x90); 5794 run_delay(sc, 10); 5795 /* read received power */ 5796 run_bbp_read(sc, 55, &bbp55_pb); 5797 if (bbp55_pb != 0) 5798 break; 5799 } 5800 if (ntries == 100) 5801 return (ETIMEDOUT); 5802 5803 /* set power and frequency of stopband test tone */ 5804 run_bbp_write(sc, 24, 0x06); 5805 for (ntries = 0; ntries < 100; ntries++) { 5806 /* transmit test tone */ 5807 run_bbp_write(sc, 25, 0x90); 5808 run_delay(sc, 10); 5809 /* read received power */ 5810 run_bbp_read(sc, 55, &bbp55_sb); 5811 5812 delta = bbp55_pb - bbp55_sb; 5813 if (delta > target) 5814 break; 5815 5816 /* reprogram filter */ 5817 rf24++; 5818 run_rt3070_rf_write(sc, 24, rf24); 5819 } 5820 if (ntries < 100) { 5821 if (rf24 != init) 5822 rf24--; /* backtrack */ 5823 *val = rf24; 5824 run_rt3070_rf_write(sc, 24, rf24); 5825 } 5826 5827 /* restore initial state */ 5828 run_bbp_write(sc, 24, 0x00); 5829 5830 /* disable baseband loopback mode */ 5831 run_rt3070_rf_read(sc, 22, &rf22); 5832 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5833 5834 return (0); 5835 } 5836 5837 static void 5838 run_rt3070_rf_setup(struct run_softc *sc) 5839 { 5840 uint8_t bbp, rf; 5841 int i; 5842 5843 if (sc->mac_ver == 0x3572) { 5844 /* enable DC filter */ 5845 if (sc->mac_rev >= 0x0201) 5846 run_bbp_write(sc, 103, 0xc0); 5847 5848 run_bbp_read(sc, 138, &bbp); 5849 if (sc->ntxchains == 1) 5850 bbp |= 0x20; /* turn off DAC1 */ 5851 if (sc->nrxchains == 1) 5852 bbp &= ~0x02; /* turn off ADC1 */ 5853 run_bbp_write(sc, 138, bbp); 5854 5855 if (sc->mac_rev >= 0x0211) { 5856 /* improve power consumption */ 5857 run_bbp_read(sc, 31, &bbp); 5858 run_bbp_write(sc, 31, bbp & ~0x03); 5859 } 5860 5861 run_rt3070_rf_read(sc, 16, &rf); 5862 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5863 run_rt3070_rf_write(sc, 16, rf); 5864 5865 } else if (sc->mac_ver == 0x3071) { 5866 if (sc->mac_rev >= 0x0211) { 5867 /* enable DC filter */ 5868 run_bbp_write(sc, 103, 0xc0); 5869 5870 /* improve power consumption */ 5871 run_bbp_read(sc, 31, &bbp); 5872 run_bbp_write(sc, 31, bbp & ~0x03); 5873 } 5874 5875 run_bbp_read(sc, 138, &bbp); 5876 if (sc->ntxchains == 1) 5877 bbp |= 0x20; /* turn off DAC1 */ 5878 if (sc->nrxchains == 1) 5879 bbp &= ~0x02; /* turn off ADC1 */ 5880 run_bbp_write(sc, 138, bbp); 5881 5882 run_write(sc, RT2860_TX_SW_CFG1, 0); 5883 if (sc->mac_rev < 0x0211) { 5884 run_write(sc, RT2860_TX_SW_CFG2, 5885 sc->patch_dac ? 0x2c : 0x0f); 5886 } else 5887 run_write(sc, RT2860_TX_SW_CFG2, 0); 5888 5889 } else if (sc->mac_ver == 0x3070) { 5890 if (sc->mac_rev >= 0x0201) { 5891 /* enable DC filter */ 5892 run_bbp_write(sc, 103, 0xc0); 5893 5894 /* improve power consumption */ 5895 run_bbp_read(sc, 31, &bbp); 5896 run_bbp_write(sc, 31, bbp & ~0x03); 5897 } 5898 5899 if (sc->mac_rev < 0x0201) { 5900 run_write(sc, RT2860_TX_SW_CFG1, 0); 5901 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5902 } else 5903 run_write(sc, RT2860_TX_SW_CFG2, 0); 5904 } 5905 5906 /* initialize RF registers from ROM for >=RT3071*/ 5907 if (sc->mac_ver >= 0x3071) { 5908 for (i = 0; i < 10; i++) { 5909 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5910 continue; 5911 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5912 } 5913 } 5914 } 5915 5916 static void 5917 run_rt3593_rf_setup(struct run_softc *sc) 5918 { 5919 uint8_t bbp, rf; 5920 5921 if (sc->mac_rev >= 0x0211) { 5922 /* Enable DC filter. */ 5923 run_bbp_write(sc, 103, 0xc0); 5924 } 5925 run_write(sc, RT2860_TX_SW_CFG1, 0); 5926 if (sc->mac_rev < 0x0211) { 5927 run_write(sc, RT2860_TX_SW_CFG2, 5928 sc->patch_dac ? 0x2c : 0x0f); 5929 } else 5930 run_write(sc, RT2860_TX_SW_CFG2, 0); 5931 5932 run_rt3070_rf_read(sc, 50, &rf); 5933 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5934 5935 run_rt3070_rf_read(sc, 51, &rf); 5936 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5937 ((sc->txmixgain_2ghz & 0x07) << 2); 5938 run_rt3070_rf_write(sc, 51, rf); 5939 5940 run_rt3070_rf_read(sc, 38, &rf); 5941 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5942 5943 run_rt3070_rf_read(sc, 39, &rf); 5944 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5945 5946 run_rt3070_rf_read(sc, 1, &rf); 5947 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5948 5949 run_rt3070_rf_read(sc, 30, &rf); 5950 rf = (rf & ~0x18) | 0x10; 5951 run_rt3070_rf_write(sc, 30, rf); 5952 5953 /* Apply maximum likelihood detection for 2 stream case. */ 5954 run_bbp_read(sc, 105, &bbp); 5955 if (sc->nrxchains > 1) 5956 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5957 5958 /* Avoid data lost and CRC error. */ 5959 run_bbp_read(sc, 4, &bbp); 5960 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5961 5962 run_bbp_write(sc, 92, 0x02); 5963 run_bbp_write(sc, 82, 0x82); 5964 run_bbp_write(sc, 106, 0x05); 5965 run_bbp_write(sc, 104, 0x92); 5966 run_bbp_write(sc, 88, 0x90); 5967 run_bbp_write(sc, 148, 0xc8); 5968 run_bbp_write(sc, 47, 0x48); 5969 run_bbp_write(sc, 120, 0x50); 5970 5971 run_bbp_write(sc, 163, 0x9d); 5972 5973 /* SNR mapping. */ 5974 run_bbp_write(sc, 142, 0x06); 5975 run_bbp_write(sc, 143, 0xa0); 5976 run_bbp_write(sc, 142, 0x07); 5977 run_bbp_write(sc, 143, 0xa1); 5978 run_bbp_write(sc, 142, 0x08); 5979 run_bbp_write(sc, 143, 0xa2); 5980 5981 run_bbp_write(sc, 31, 0x08); 5982 run_bbp_write(sc, 68, 0x0b); 5983 run_bbp_write(sc, 105, 0x04); 5984 } 5985 5986 static void 5987 run_rt5390_rf_setup(struct run_softc *sc) 5988 { 5989 uint8_t bbp, rf; 5990 5991 if (sc->mac_rev >= 0x0211) { 5992 /* Enable DC filter. */ 5993 run_bbp_write(sc, 103, 0xc0); 5994 5995 if (sc->mac_ver != 0x5592) { 5996 /* Improve power consumption. */ 5997 run_bbp_read(sc, 31, &bbp); 5998 run_bbp_write(sc, 31, bbp & ~0x03); 5999 } 6000 } 6001 6002 run_bbp_read(sc, 138, &bbp); 6003 if (sc->ntxchains == 1) 6004 bbp |= 0x20; /* turn off DAC1 */ 6005 if (sc->nrxchains == 1) 6006 bbp &= ~0x02; /* turn off ADC1 */ 6007 run_bbp_write(sc, 138, bbp); 6008 6009 run_rt3070_rf_read(sc, 38, &rf); 6010 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 6011 6012 run_rt3070_rf_read(sc, 39, &rf); 6013 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 6014 6015 /* Avoid data lost and CRC error. */ 6016 run_bbp_read(sc, 4, &bbp); 6017 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 6018 6019 run_rt3070_rf_read(sc, 30, &rf); 6020 rf = (rf & ~0x18) | 0x10; 6021 run_rt3070_rf_write(sc, 30, rf); 6022 6023 if (sc->mac_ver != 0x5592) { 6024 run_write(sc, RT2860_TX_SW_CFG1, 0); 6025 if (sc->mac_rev < 0x0211) { 6026 run_write(sc, RT2860_TX_SW_CFG2, 6027 sc->patch_dac ? 0x2c : 0x0f); 6028 } else 6029 run_write(sc, RT2860_TX_SW_CFG2, 0); 6030 } 6031 } 6032 6033 static int 6034 run_txrx_enable(struct run_softc *sc) 6035 { 6036 struct ieee80211com *ic = &sc->sc_ic; 6037 uint32_t tmp; 6038 int error, ntries; 6039 6040 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 6041 for (ntries = 0; ntries < 200; ntries++) { 6042 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 6043 return (error); 6044 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6045 break; 6046 run_delay(sc, 50); 6047 } 6048 if (ntries == 200) 6049 return (ETIMEDOUT); 6050 6051 run_delay(sc, 50); 6052 6053 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 6054 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6055 6056 /* enable Rx bulk aggregation (set timeout and limit) */ 6057 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 6058 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 6059 run_write(sc, RT2860_USB_DMA_CFG, tmp); 6060 6061 /* set Rx filter */ 6062 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 6063 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 6064 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 6065 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 6066 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 6067 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 6068 if (ic->ic_opmode == IEEE80211_M_STA) 6069 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 6070 } 6071 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 6072 6073 run_write(sc, RT2860_MAC_SYS_CTRL, 6074 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6075 6076 return (0); 6077 } 6078 6079 static void 6080 run_adjust_freq_offset(struct run_softc *sc) 6081 { 6082 uint8_t rf, tmp; 6083 6084 run_rt3070_rf_read(sc, 17, &rf); 6085 tmp = rf; 6086 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 6087 rf = MIN(rf, 0x5f); 6088 6089 if (tmp != rf) 6090 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6091 } 6092 6093 static void 6094 run_init_locked(struct run_softc *sc) 6095 { 6096 struct ieee80211com *ic = &sc->sc_ic; 6097 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6098 uint32_t tmp; 6099 uint8_t bbp1, bbp3; 6100 int i; 6101 int ridx; 6102 int ntries; 6103 6104 if (ic->ic_nrunning > 1) 6105 return; 6106 6107 run_stop(sc); 6108 6109 if (run_load_microcode(sc) != 0) { 6110 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6111 goto fail; 6112 } 6113 6114 for (ntries = 0; ntries < 100; ntries++) { 6115 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6116 goto fail; 6117 if (tmp != 0 && tmp != 0xffffffff) 6118 break; 6119 run_delay(sc, 10); 6120 } 6121 if (ntries == 100) 6122 goto fail; 6123 6124 for (i = 0; i != RUN_EP_QUEUES; i++) 6125 run_setup_tx_list(sc, &sc->sc_epq[i]); 6126 6127 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6128 6129 for (ntries = 0; ntries < 100; ntries++) { 6130 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6131 goto fail; 6132 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6133 break; 6134 run_delay(sc, 10); 6135 } 6136 if (ntries == 100) { 6137 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6138 goto fail; 6139 } 6140 tmp &= 0xff0; 6141 tmp |= RT2860_TX_WB_DDONE; 6142 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6143 6144 /* turn off PME_OEN to solve high-current issue */ 6145 run_read(sc, RT2860_SYS_CTRL, &tmp); 6146 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6147 6148 run_write(sc, RT2860_MAC_SYS_CTRL, 6149 RT2860_BBP_HRST | RT2860_MAC_SRST); 6150 run_write(sc, RT2860_USB_DMA_CFG, 0); 6151 6152 if (run_reset(sc) != 0) { 6153 device_printf(sc->sc_dev, "could not reset chipset\n"); 6154 goto fail; 6155 } 6156 6157 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6158 6159 /* init Tx power for all Tx rates (from EEPROM) */ 6160 for (ridx = 0; ridx < 5; ridx++) { 6161 if (sc->txpow20mhz[ridx] == 0xffffffff) 6162 continue; 6163 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6164 } 6165 6166 for (i = 0; i < nitems(rt2870_def_mac); i++) 6167 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6168 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6169 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6170 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6171 6172 if (sc->mac_ver >= 0x5390) { 6173 run_write(sc, RT2860_TX_SW_CFG0, 6174 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6175 if (sc->mac_ver >= 0x5392) { 6176 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6177 if (sc->mac_ver == 0x5592) { 6178 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6179 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6180 } else { 6181 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6182 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6183 } 6184 } 6185 } else if (sc->mac_ver == 0x3593) { 6186 run_write(sc, RT2860_TX_SW_CFG0, 6187 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6188 } else if (sc->mac_ver >= 0x3070) { 6189 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6190 run_write(sc, RT2860_TX_SW_CFG0, 6191 4 << RT2860_DLY_PAPE_EN_SHIFT); 6192 } 6193 6194 /* wait while MAC is busy */ 6195 for (ntries = 0; ntries < 100; ntries++) { 6196 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6197 goto fail; 6198 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6199 break; 6200 run_delay(sc, 10); 6201 } 6202 if (ntries == 100) 6203 goto fail; 6204 6205 /* clear Host to MCU mailbox */ 6206 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6207 run_write(sc, RT2860_H2M_MAILBOX, 0); 6208 run_delay(sc, 10); 6209 6210 if (run_bbp_init(sc) != 0) { 6211 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6212 goto fail; 6213 } 6214 6215 /* abort TSF synchronization */ 6216 run_disable_tsf(sc); 6217 6218 /* clear RX WCID search table */ 6219 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6220 /* clear WCID attribute table */ 6221 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6222 6223 /* hostapd sets a key before init. So, don't clear it. */ 6224 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6225 /* clear shared key table */ 6226 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6227 /* clear shared key mode */ 6228 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6229 } 6230 6231 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6232 tmp = (tmp & ~0xff) | 0x1e; 6233 run_write(sc, RT2860_US_CYC_CNT, tmp); 6234 6235 if (sc->mac_rev != 0x0101) 6236 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6237 6238 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6239 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6240 6241 /* write vendor-specific BBP values (from EEPROM) */ 6242 if (sc->mac_ver < 0x3593) { 6243 for (i = 0; i < 10; i++) { 6244 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6245 continue; 6246 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6247 } 6248 } 6249 6250 /* select Main antenna for 1T1R devices */ 6251 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6252 run_set_rx_antenna(sc, 0); 6253 6254 /* send LEDs operating mode to microcontroller */ 6255 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6256 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6257 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6258 6259 if (sc->mac_ver >= 0x5390) 6260 run_rt5390_rf_init(sc); 6261 else if (sc->mac_ver == 0x3593) 6262 run_rt3593_rf_init(sc); 6263 else if (sc->mac_ver >= 0x3070) 6264 run_rt3070_rf_init(sc); 6265 6266 /* disable non-existing Rx chains */ 6267 run_bbp_read(sc, 3, &bbp3); 6268 bbp3 &= ~(1 << 3 | 1 << 4); 6269 if (sc->nrxchains == 2) 6270 bbp3 |= 1 << 3; 6271 else if (sc->nrxchains == 3) 6272 bbp3 |= 1 << 4; 6273 run_bbp_write(sc, 3, bbp3); 6274 6275 /* disable non-existing Tx chains */ 6276 run_bbp_read(sc, 1, &bbp1); 6277 if (sc->ntxchains == 1) 6278 bbp1 &= ~(1 << 3 | 1 << 4); 6279 run_bbp_write(sc, 1, bbp1); 6280 6281 if (sc->mac_ver >= 0x5390) 6282 run_rt5390_rf_setup(sc); 6283 else if (sc->mac_ver == 0x3593) 6284 run_rt3593_rf_setup(sc); 6285 else if (sc->mac_ver >= 0x3070) 6286 run_rt3070_rf_setup(sc); 6287 6288 /* select default channel */ 6289 run_set_chan(sc, ic->ic_curchan); 6290 6291 /* setup initial protection mode */ 6292 run_updateprot_cb(ic); 6293 6294 /* turn radio LED on */ 6295 run_set_leds(sc, RT2860_LED_RADIO); 6296 6297 /* Set up AUTO_RSP_CFG register for auto response */ 6298 run_write(sc, RT2860_AUTO_RSP_CFG, RT2860_AUTO_RSP_EN | 6299 RT2860_BAC_ACKPOLICY_EN | RT2860_CTS_40M_MODE_EN); 6300 6301 sc->sc_flags |= RUN_RUNNING; 6302 sc->cmdq_run = RUN_CMDQ_GO; 6303 6304 for (i = 0; i != RUN_N_XFER; i++) 6305 usbd_xfer_set_stall(sc->sc_xfer[i]); 6306 6307 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6308 6309 if (run_txrx_enable(sc) != 0) 6310 goto fail; 6311 6312 return; 6313 6314 fail: 6315 run_stop(sc); 6316 } 6317 6318 static void 6319 run_stop(void *arg) 6320 { 6321 struct run_softc *sc = (struct run_softc *)arg; 6322 uint32_t tmp; 6323 int i; 6324 int ntries; 6325 6326 RUN_LOCK_ASSERT(sc, MA_OWNED); 6327 6328 if (sc->sc_flags & RUN_RUNNING) 6329 run_set_leds(sc, 0); /* turn all LEDs off */ 6330 6331 sc->sc_flags &= ~RUN_RUNNING; 6332 6333 sc->ratectl_run = RUN_RATECTL_OFF; 6334 sc->cmdq_run = sc->cmdq_key_set; 6335 6336 RUN_UNLOCK(sc); 6337 6338 for(i = 0; i < RUN_N_XFER; i++) 6339 usbd_transfer_drain(sc->sc_xfer[i]); 6340 6341 RUN_LOCK(sc); 6342 6343 run_drain_mbufq(sc); 6344 6345 if (sc->rx_m != NULL) { 6346 m_free(sc->rx_m); 6347 sc->rx_m = NULL; 6348 } 6349 6350 /* Disable Tx/Rx DMA. */ 6351 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6352 return; 6353 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6354 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6355 6356 for (ntries = 0; ntries < 100; ntries++) { 6357 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6358 return; 6359 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6360 break; 6361 run_delay(sc, 10); 6362 } 6363 if (ntries == 100) { 6364 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6365 return; 6366 } 6367 6368 /* disable Tx/Rx */ 6369 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6370 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6371 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6372 6373 /* wait for pending Tx to complete */ 6374 for (ntries = 0; ntries < 100; ntries++) { 6375 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6376 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6377 "Cannot read Tx queue count\n"); 6378 break; 6379 } 6380 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6381 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6382 "All Tx cleared\n"); 6383 break; 6384 } 6385 run_delay(sc, 10); 6386 } 6387 if (ntries >= 100) 6388 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6389 "There are still pending Tx\n"); 6390 run_delay(sc, 10); 6391 run_write(sc, RT2860_USB_DMA_CFG, 0); 6392 6393 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6394 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6395 6396 for (i = 0; i != RUN_EP_QUEUES; i++) 6397 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6398 } 6399 6400 static void 6401 run_delay(struct run_softc *sc, u_int ms) 6402 { 6403 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6404 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6405 } 6406 6407 static void 6408 run_update_chw(struct ieee80211com *ic) 6409 { 6410 6411 printf("%s: TODO\n", __func__); 6412 } 6413 6414 static int 6415 run_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 6416 { 6417 6418 /* For now, no A-MPDU TX support in the driver */ 6419 return (0); 6420 } 6421 6422 static device_method_t run_methods[] = { 6423 /* Device interface */ 6424 DEVMETHOD(device_probe, run_match), 6425 DEVMETHOD(device_attach, run_attach), 6426 DEVMETHOD(device_detach, run_detach), 6427 DEVMETHOD_END 6428 }; 6429 6430 static driver_t run_driver = { 6431 .name = "run", 6432 .methods = run_methods, 6433 .size = sizeof(struct run_softc) 6434 }; 6435 6436 DRIVER_MODULE(run, uhub, run_driver, run_driver_loaded, NULL); 6437 MODULE_DEPEND(run, wlan, 1, 1, 1); 6438 MODULE_DEPEND(run, usb, 1, 1, 1); 6439 MODULE_DEPEND(run, firmware, 1, 1, 1); 6440 MODULE_VERSION(run, 1); 6441 USB_PNP_HOST_INFO(run_devs); 6442