1 /*-
2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /*-
21 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
22 * http://www.ralinktech.com/
23 */
24
25 #include "opt_wlan.h"
26
27 #include <sys/param.h>
28 #include <sys/eventhandler.h>
29 #include <sys/sockio.h>
30 #include <sys/sysctl.h>
31 #include <sys/lock.h>
32 #include <sys/mutex.h>
33 #include <sys/mbuf.h>
34 #include <sys/kernel.h>
35 #include <sys/socket.h>
36 #include <sys/systm.h>
37 #include <sys/malloc.h>
38 #include <sys/module.h>
39 #include <sys/bus.h>
40 #include <sys/endian.h>
41 #include <sys/linker.h>
42 #include <sys/firmware.h>
43 #include <sys/kdb.h>
44
45 #include <net/bpf.h>
46 #include <net/if.h>
47 #include <net/if_var.h>
48 #include <net/if_arp.h>
49 #include <net/ethernet.h>
50 #include <net/if_dl.h>
51 #include <net/if_media.h>
52 #include <net/if_types.h>
53
54 #include <netinet/in.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/in_var.h>
57 #include <netinet/if_ether.h>
58 #include <netinet/ip.h>
59
60 #include <net80211/ieee80211_var.h>
61 #include <net80211/ieee80211_regdomain.h>
62 #include <net80211/ieee80211_radiotap.h>
63 #include <net80211/ieee80211_ratectl.h>
64 #ifdef IEEE80211_SUPPORT_SUPERG
65 #include <net80211/ieee80211_superg.h>
66 #endif
67
68 #include <dev/usb/usb.h>
69 #include <dev/usb/usbdi.h>
70 #include "usbdevs.h"
71
72 #define USB_DEBUG_VAR run_debug
73 #include <dev/usb/usb_debug.h>
74 #include <dev/usb/usb_msctest.h>
75
76 #include <dev/usb/wlan/if_runreg.h>
77 #include <dev/usb/wlan/if_runvar.h>
78
79 #ifdef USB_DEBUG
80 #define RUN_DEBUG
81 #endif
82
83 #ifdef RUN_DEBUG
84 int run_debug = 0;
85 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
86 "USB run");
87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
88 "run debug level");
89
90 enum {
91 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
92 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
93 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */
94 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
95 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */
96 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */
97 RUN_DEBUG_USB = 0x00000040, /* usb requests */
98 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */
99 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */
100 RUN_DEBUG_INTR = 0x00000200, /* ISR */
101 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */
102 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */
103 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */
104 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */
105 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */
106 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */
107 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */
108 RUN_DEBUG_CMD = 0x00020000, /* command queue */
109 RUN_DEBUG_ANY = 0xffffffff
110 };
111
112 #define RUN_DPRINTF(_sc, _m, ...) do { \
113 if (run_debug & (_m)) \
114 device_printf((_sc)->sc_dev, __VA_ARGS__); \
115 } while(0)
116 #else
117 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0)
118 #endif
119
120 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
121
122 /*
123 * Because of LOR in run_key_delete(), use atomic instead.
124 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
125 */
126 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
127
128 static const STRUCT_USB_HOST_ID run_devs[] = {
129 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
130 #define RUN_DEV_EJECT(v,p) \
131 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
132 #define RUN_EJECT 1
133 RUN_DEV(ABOCOM, RT2770),
134 RUN_DEV(ABOCOM, RT2870),
135 RUN_DEV(ABOCOM, RT3070),
136 RUN_DEV(ABOCOM, RT3071),
137 RUN_DEV(ABOCOM, RT3072),
138 RUN_DEV(ABOCOM2, RT2870_1),
139 RUN_DEV(ACCTON, RT2770),
140 RUN_DEV(ACCTON, RT2870_1),
141 RUN_DEV(ACCTON, RT2870_2),
142 RUN_DEV(ACCTON, RT2870_3),
143 RUN_DEV(ACCTON, RT2870_4),
144 RUN_DEV(ACCTON, RT2870_5),
145 RUN_DEV(ACCTON, RT3070),
146 RUN_DEV(ACCTON, RT3070_1),
147 RUN_DEV(ACCTON, RT3070_2),
148 RUN_DEV(ACCTON, RT3070_3),
149 RUN_DEV(ACCTON, RT3070_4),
150 RUN_DEV(ACCTON, RT3070_5),
151 RUN_DEV(AIRTIES, RT3070),
152 RUN_DEV(ALLWIN, RT2070),
153 RUN_DEV(ALLWIN, RT2770),
154 RUN_DEV(ALLWIN, RT2870),
155 RUN_DEV(ALLWIN, RT3070),
156 RUN_DEV(ALLWIN, RT3071),
157 RUN_DEV(ALLWIN, RT3072),
158 RUN_DEV(ALLWIN, RT3572),
159 RUN_DEV(AMIGO, RT2870_1),
160 RUN_DEV(AMIGO, RT2870_2),
161 RUN_DEV(AMIT, CGWLUSB2GNR),
162 RUN_DEV(AMIT, RT2870_1),
163 RUN_DEV(AMIT2, RT2870),
164 RUN_DEV(ASUS, RT2870_1),
165 RUN_DEV(ASUS, RT2870_2),
166 RUN_DEV(ASUS, RT2870_3),
167 RUN_DEV(ASUS, RT2870_4),
168 RUN_DEV(ASUS, RT2870_5),
169 RUN_DEV(ASUS, USBN13),
170 RUN_DEV(ASUS, RT3070_1),
171 RUN_DEV(ASUS, USBN66),
172 RUN_DEV(ASUS, USB_N53),
173 RUN_DEV(ASUS, USBN14),
174 RUN_DEV(ASUS2, USBN11),
175 RUN_DEV(AZUREWAVE, RT2870_1),
176 RUN_DEV(AZUREWAVE, RT2870_2),
177 RUN_DEV(AZUREWAVE, RT3070_1),
178 RUN_DEV(AZUREWAVE, RT3070_2),
179 RUN_DEV(AZUREWAVE, RT3070_3),
180 RUN_DEV(BELKIN, F9L1103),
181 RUN_DEV(BELKIN, F5D8053V3),
182 RUN_DEV(BELKIN, F5D8055),
183 RUN_DEV(BELKIN, F5D8055V2),
184 RUN_DEV(BELKIN, F6D4050V1),
185 RUN_DEV(BELKIN, F6D4050V2),
186 RUN_DEV(BELKIN, RT2870_1),
187 RUN_DEV(BELKIN, RT2870_2),
188 RUN_DEV(CISCOLINKSYS, AE1000),
189 RUN_DEV(CISCOLINKSYS2, RT3070),
190 RUN_DEV(CISCOLINKSYS3, RT3070),
191 RUN_DEV(CONCEPTRONIC2, RT2870_1),
192 RUN_DEV(CONCEPTRONIC2, RT2870_2),
193 RUN_DEV(CONCEPTRONIC2, RT2870_3),
194 RUN_DEV(CONCEPTRONIC2, RT2870_4),
195 RUN_DEV(CONCEPTRONIC2, RT2870_5),
196 RUN_DEV(CONCEPTRONIC2, RT2870_6),
197 RUN_DEV(CONCEPTRONIC2, RT2870_7),
198 RUN_DEV(CONCEPTRONIC2, RT2870_8),
199 RUN_DEV(CONCEPTRONIC2, RT3070_1),
200 RUN_DEV(CONCEPTRONIC2, RT3070_2),
201 RUN_DEV(CONCEPTRONIC2, VIGORN61),
202 RUN_DEV(COREGA, CGWLUSB300GNM),
203 RUN_DEV(COREGA, RT2870_1),
204 RUN_DEV(COREGA, RT2870_2),
205 RUN_DEV(COREGA, RT2870_3),
206 RUN_DEV(COREGA, RT3070),
207 RUN_DEV(CYBERTAN, RT2870),
208 RUN_DEV(DLINK, RT2870),
209 RUN_DEV(DLINK, RT3072),
210 RUN_DEV(DLINK, DWA125A3),
211 RUN_DEV(DLINK, DWA127),
212 RUN_DEV(DLINK, DWA140B3),
213 RUN_DEV(DLINK, DWA160B2),
214 RUN_DEV(DLINK, DWA140D1),
215 RUN_DEV(DLINK, DWA130F1),
216 RUN_DEV(DLINK, DWA162),
217 RUN_DEV(DLINK2, DWA130),
218 RUN_DEV(DLINK2, RT2870_1),
219 RUN_DEV(DLINK2, RT2870_2),
220 RUN_DEV(DLINK2, RT3070_1),
221 RUN_DEV(DLINK2, RT3070_2),
222 RUN_DEV(DLINK2, RT3070_3),
223 RUN_DEV(DLINK2, RT3070_4),
224 RUN_DEV(DLINK2, RT3070_5),
225 RUN_DEV(DLINK2, RT3072),
226 RUN_DEV(DLINK2, RT3072_1),
227 RUN_DEV(EDIMAX, EW7717),
228 RUN_DEV(EDIMAX, EW7718),
229 RUN_DEV(EDIMAX, EW7733UND),
230 RUN_DEV(EDIMAX, RT2870_1),
231 RUN_DEV(ENCORE, RT3070_1),
232 RUN_DEV(ENCORE, RT3070_2),
233 RUN_DEV(ENCORE, RT3070_3),
234 RUN_DEV(GIGABYTE, GNWB31N),
235 RUN_DEV(GIGABYTE, GNWB32L),
236 RUN_DEV(GIGABYTE, RT2870_1),
237 RUN_DEV(GIGASET, RT3070_1),
238 RUN_DEV(GIGASET, RT3070_2),
239 RUN_DEV(GUILLEMOT, HWNU300),
240 RUN_DEV(HAWKING, HWUN2),
241 RUN_DEV(HAWKING, RT2870_1),
242 RUN_DEV(HAWKING, RT2870_2),
243 RUN_DEV(HAWKING, RT3070),
244 RUN_DEV(IODATA, RT3072_1),
245 RUN_DEV(IODATA, RT3072_2),
246 RUN_DEV(IODATA, RT3072_3),
247 RUN_DEV(IODATA, RT3072_4),
248 RUN_DEV(LINKSYS4, RT3070),
249 RUN_DEV(LINKSYS4, WUSB100),
250 RUN_DEV(LINKSYS4, WUSB54GCV3),
251 RUN_DEV(LINKSYS4, WUSB600N),
252 RUN_DEV(LINKSYS4, WUSB600NV2),
253 RUN_DEV(LOGITEC, RT2870_1),
254 RUN_DEV(LOGITEC, RT2870_2),
255 RUN_DEV(LOGITEC, RT2870_3),
256 RUN_DEV(LOGITEC, LANW300NU2),
257 RUN_DEV(LOGITEC, LANW150NU2),
258 RUN_DEV(LOGITEC, LANW300NU2S),
259 RUN_DEV(MELCO, WLIUCG300HP),
260 RUN_DEV(MELCO, RT2870_2),
261 RUN_DEV(MELCO, WLIUCAG300N),
262 RUN_DEV(MELCO, WLIUCG300N),
263 RUN_DEV(MELCO, WLIUCG301N),
264 RUN_DEV(MELCO, WLIUCGN),
265 RUN_DEV(MELCO, WLIUCGNM),
266 RUN_DEV(MELCO, WLIUCG300HPV1),
267 RUN_DEV(MELCO, WLIUCGNM2),
268 RUN_DEV(MOTOROLA4, RT2770),
269 RUN_DEV(MOTOROLA4, RT3070),
270 RUN_DEV(MSI, RT3070_1),
271 RUN_DEV(MSI, RT3070_2),
272 RUN_DEV(MSI, RT3070_3),
273 RUN_DEV(MSI, RT3070_4),
274 RUN_DEV(MSI, RT3070_5),
275 RUN_DEV(MSI, RT3070_6),
276 RUN_DEV(MSI, RT3070_7),
277 RUN_DEV(MSI, RT3070_8),
278 RUN_DEV(MSI, RT3070_9),
279 RUN_DEV(MSI, RT3070_10),
280 RUN_DEV(MSI, RT3070_11),
281 RUN_DEV(NETGEAR, WNDA4100),
282 RUN_DEV(OVISLINK, RT3072),
283 RUN_DEV(PARA, RT3070),
284 RUN_DEV(PEGATRON, RT2870),
285 RUN_DEV(PEGATRON, RT3070),
286 RUN_DEV(PEGATRON, RT3070_2),
287 RUN_DEV(PEGATRON, RT3070_3),
288 RUN_DEV(PHILIPS, RT2870),
289 RUN_DEV(PLANEX2, GWUS300MINIS),
290 RUN_DEV(PLANEX2, GWUSMICRON),
291 RUN_DEV(PLANEX2, RT2870),
292 RUN_DEV(PLANEX2, RT3070),
293 RUN_DEV(QCOM, RT2870),
294 RUN_DEV(QUANTA, RT3070),
295 RUN_DEV(RALINK, RT2070),
296 RUN_DEV(RALINK, RT2770),
297 RUN_DEV(RALINK, RT2870),
298 RUN_DEV(RALINK, RT3070),
299 RUN_DEV(RALINK, RT3071),
300 RUN_DEV(RALINK, RT3072),
301 RUN_DEV(RALINK, RT3370),
302 RUN_DEV(RALINK, RT3572),
303 RUN_DEV(RALINK, RT3573),
304 RUN_DEV(RALINK, RT5370),
305 RUN_DEV(RALINK, RT5372),
306 RUN_DEV(RALINK, RT5572),
307 RUN_DEV(RALINK, RT8070),
308 RUN_DEV(SAMSUNG, WIS09ABGN),
309 RUN_DEV(SAMSUNG2, RT2870_1),
310 RUN_DEV(SENAO, RT2870_1),
311 RUN_DEV(SENAO, RT2870_2),
312 RUN_DEV(SENAO, RT2870_3),
313 RUN_DEV(SENAO, RT2870_4),
314 RUN_DEV(SENAO, RT3070),
315 RUN_DEV(SENAO, RT3071),
316 RUN_DEV(SENAO, RT3072_1),
317 RUN_DEV(SENAO, RT3072_2),
318 RUN_DEV(SENAO, RT3072_3),
319 RUN_DEV(SENAO, RT3072_4),
320 RUN_DEV(SENAO, RT3072_5),
321 RUN_DEV(SITECOMEU, RT2770),
322 RUN_DEV(SITECOMEU, RT2870_1),
323 RUN_DEV(SITECOMEU, RT2870_2),
324 RUN_DEV(SITECOMEU, RT2870_3),
325 RUN_DEV(SITECOMEU, RT2870_4),
326 RUN_DEV(SITECOMEU, RT3070),
327 RUN_DEV(SITECOMEU, RT3070_2),
328 RUN_DEV(SITECOMEU, RT3070_3),
329 RUN_DEV(SITECOMEU, RT3070_4),
330 RUN_DEV(SITECOMEU, RT3071),
331 RUN_DEV(SITECOMEU, RT3072_1),
332 RUN_DEV(SITECOMEU, RT3072_2),
333 RUN_DEV(SITECOMEU, RT3072_3),
334 RUN_DEV(SITECOMEU, RT3072_4),
335 RUN_DEV(SITECOMEU, RT3072_5),
336 RUN_DEV(SITECOMEU, RT3072_6),
337 RUN_DEV(SITECOMEU, WL608),
338 RUN_DEV(SPARKLAN, RT2870_1),
339 RUN_DEV(SPARKLAN, RT3070),
340 RUN_DEV(SWEEX2, LW153),
341 RUN_DEV(SWEEX2, LW303),
342 RUN_DEV(SWEEX2, LW313),
343 RUN_DEV(TOSHIBA, RT3070),
344 RUN_DEV(UMEDIA, RT2870_1),
345 RUN_DEV(ZCOM, RT2870_1),
346 RUN_DEV(ZCOM, RT2870_2),
347 RUN_DEV(ZINWELL, RT2870_1),
348 RUN_DEV(ZINWELL, RT2870_2),
349 RUN_DEV(ZINWELL, RT3070),
350 RUN_DEV(ZINWELL, RT3072_1),
351 RUN_DEV(ZINWELL, RT3072_2),
352 RUN_DEV(ZYXEL, RT2870_1),
353 RUN_DEV(ZYXEL, RT2870_2),
354 RUN_DEV(ZYXEL, RT3070),
355 RUN_DEV_EJECT(ZYXEL, NWD2705),
356 RUN_DEV_EJECT(RALINK, RT_STOR),
357 #undef RUN_DEV_EJECT
358 #undef RUN_DEV
359 };
360
361 static device_probe_t run_match;
362 static device_attach_t run_attach;
363 static device_detach_t run_detach;
364
365 static usb_callback_t run_bulk_rx_callback;
366 static usb_callback_t run_bulk_tx_callback0;
367 static usb_callback_t run_bulk_tx_callback1;
368 static usb_callback_t run_bulk_tx_callback2;
369 static usb_callback_t run_bulk_tx_callback3;
370 static usb_callback_t run_bulk_tx_callback4;
371 static usb_callback_t run_bulk_tx_callback5;
372
373 static void run_autoinst(void *, struct usb_device *,
374 struct usb_attach_arg *);
375 static int run_driver_loaded(struct module *, int, void *);
376 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
377 usb_error_t error, u_int index);
378 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
379 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
380 const uint8_t [IEEE80211_ADDR_LEN],
381 const uint8_t [IEEE80211_ADDR_LEN]);
382 static void run_vap_delete(struct ieee80211vap *);
383 static void run_cmdq_cb(void *, int);
384 static void run_setup_tx_list(struct run_softc *,
385 struct run_endpoint_queue *);
386 static void run_unsetup_tx_list(struct run_softc *,
387 struct run_endpoint_queue *);
388 static int run_load_microcode(struct run_softc *);
389 static int run_reset(struct run_softc *);
390 static usb_error_t run_do_request(struct run_softc *,
391 struct usb_device_request *, void *);
392 static int run_read(struct run_softc *, uint16_t, uint32_t *);
393 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
394 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
395 static int run_write(struct run_softc *, uint16_t, uint32_t);
396 static int run_write_region_1(struct run_softc *, uint16_t,
397 const uint8_t *, int);
398 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
399 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
400 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
401 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
402 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
403 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
404 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
405 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
406 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
407 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
408 static const char *run_get_rf(uint16_t);
409 static void run_rt3593_get_txpower(struct run_softc *);
410 static void run_get_txpower(struct run_softc *);
411 static int run_read_eeprom(struct run_softc *);
412 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
413 const uint8_t mac[IEEE80211_ADDR_LEN]);
414 static int run_media_change(if_t);
415 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
416 static int run_wme_update(struct ieee80211com *);
417 static void run_key_set_cb(void *);
418 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
419 static void run_key_delete_cb(void *);
420 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
421 static void run_ratectl_to(void *);
422 static void run_ratectl_cb(void *, int);
423 static void run_drain_fifo(void *);
424 static void run_iter_func(void *, struct ieee80211_node *);
425 static void run_newassoc_cb(void *);
426 static void run_newassoc(struct ieee80211_node *, int);
427 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
428 const struct ieee80211_rx_stats *, int, int);
429 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
430 static void run_tx_free(struct run_endpoint_queue *pq,
431 struct run_tx_data *, int);
432 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
433 static int run_tx(struct run_softc *, struct mbuf *,
434 struct ieee80211_node *);
435 static int run_tx_mgt(struct run_softc *, struct mbuf *,
436 struct ieee80211_node *);
437 static int run_sendprot(struct run_softc *, const struct mbuf *,
438 struct ieee80211_node *, int, int);
439 static int run_tx_param(struct run_softc *, struct mbuf *,
440 struct ieee80211_node *,
441 const struct ieee80211_bpf_params *);
442 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
443 const struct ieee80211_bpf_params *);
444 static int run_transmit(struct ieee80211com *, struct mbuf *);
445 static void run_start(struct run_softc *);
446 static void run_parent(struct ieee80211com *);
447 static void run_iq_calib(struct run_softc *, u_int);
448 static void run_set_agc(struct run_softc *, uint8_t);
449 static void run_select_chan_group(struct run_softc *, int);
450 static void run_set_rx_antenna(struct run_softc *, int);
451 static void run_rt2870_set_chan(struct run_softc *, u_int);
452 static void run_rt3070_set_chan(struct run_softc *, u_int);
453 static void run_rt3572_set_chan(struct run_softc *, u_int);
454 static void run_rt3593_set_chan(struct run_softc *, u_int);
455 static void run_rt5390_set_chan(struct run_softc *, u_int);
456 static void run_rt5592_set_chan(struct run_softc *, u_int);
457 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
458 static void run_set_channel(struct ieee80211com *);
459 static void run_getradiocaps(struct ieee80211com *, int, int *,
460 struct ieee80211_channel[]);
461 static void run_scan_start(struct ieee80211com *);
462 static void run_scan_end(struct ieee80211com *);
463 static void run_update_beacon(struct ieee80211vap *, int);
464 static void run_update_beacon_cb(void *);
465 static void run_updateprot(struct ieee80211com *);
466 static void run_updateprot_cb(void *);
467 static void run_usb_timeout_cb(void *);
468 static void run_reset_livelock(struct run_softc *);
469 static void run_enable_tsf_sync(struct run_softc *);
470 static void run_enable_tsf(struct run_softc *);
471 static void run_disable_tsf(struct run_softc *);
472 static void run_get_tsf(struct run_softc *, uint64_t *);
473 static void run_enable_mrr(struct run_softc *);
474 static void run_set_txpreamble(struct run_softc *);
475 static void run_set_basicrates(struct run_softc *);
476 static void run_set_leds(struct run_softc *, uint16_t);
477 static void run_set_bssid(struct run_softc *, const uint8_t *);
478 static void run_set_macaddr(struct run_softc *, const uint8_t *);
479 static void run_updateslot(struct ieee80211com *);
480 static void run_updateslot_cb(void *);
481 static void run_update_mcast(struct ieee80211com *);
482 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
483 static void run_update_promisc_locked(struct run_softc *);
484 static void run_update_promisc(struct ieee80211com *);
485 static void run_rt5390_bbp_init(struct run_softc *);
486 static int run_bbp_init(struct run_softc *);
487 static int run_rt3070_rf_init(struct run_softc *);
488 static void run_rt3593_rf_init(struct run_softc *);
489 static void run_rt5390_rf_init(struct run_softc *);
490 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
491 uint8_t *);
492 static void run_rt3070_rf_setup(struct run_softc *);
493 static void run_rt3593_rf_setup(struct run_softc *);
494 static void run_rt5390_rf_setup(struct run_softc *);
495 static int run_txrx_enable(struct run_softc *);
496 static void run_adjust_freq_offset(struct run_softc *);
497 static void run_init_locked(struct run_softc *);
498 static void run_stop(void *);
499 static void run_delay(struct run_softc *, u_int);
500 static void run_update_chw(struct ieee80211com *ic);
501 static int run_ampdu_enable(struct ieee80211_node *ni,
502 struct ieee80211_tx_ampdu *tap);
503
504 static eventhandler_tag run_etag;
505
506 static const struct rt2860_rate {
507 uint8_t rate;
508 uint8_t mcs;
509 enum ieee80211_phytype phy;
510 uint8_t ctl_ridx;
511 uint16_t sp_ack_dur;
512 uint16_t lp_ack_dur;
513 } rt2860_rates[] = {
514 /* CCK rates (11b) */
515 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
516 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
517 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
518 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
519
520 /* OFDM rates (11a / 11g) */
521 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
522 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
523 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
524 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
525 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
526 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
527 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
528 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 },
529
530 /* MCS - single stream */
531 { 0x80, 0, IEEE80211_T_HT, 4, 60, 60 },
532 { 0x81, 1, IEEE80211_T_HT, 4, 60, 60 },
533 { 0x82, 2, IEEE80211_T_HT, 4, 60, 60 },
534 { 0x83, 3, IEEE80211_T_HT, 4, 60, 60 },
535 { 0x84, 4, IEEE80211_T_HT, 4, 60, 60 },
536 { 0x85, 5, IEEE80211_T_HT, 4, 60, 60 },
537 { 0x86, 6, IEEE80211_T_HT, 4, 60, 60 },
538 { 0x87, 7, IEEE80211_T_HT, 4, 60, 60 },
539
540 /* MCS - 2 streams */
541 { 0x88, 8, IEEE80211_T_HT, 4, 60, 60 },
542 { 0x89, 9, IEEE80211_T_HT, 4, 60, 60 },
543 { 0x8a, 10, IEEE80211_T_HT, 4, 60, 60 },
544 { 0x8b, 11, IEEE80211_T_HT, 4, 60, 60 },
545 { 0x8c, 12, IEEE80211_T_HT, 4, 60, 60 },
546 { 0x8d, 13, IEEE80211_T_HT, 4, 60, 60 },
547 { 0x8e, 14, IEEE80211_T_HT, 4, 60, 60 },
548 { 0x8f, 15, IEEE80211_T_HT, 4, 60, 60 },
549
550 /* MCS - 3 streams */
551 { 0x90, 16, IEEE80211_T_HT, 4, 60, 60 },
552 { 0x91, 17, IEEE80211_T_HT, 4, 60, 60 },
553 { 0x92, 18, IEEE80211_T_HT, 4, 60, 60 },
554 { 0x93, 19, IEEE80211_T_HT, 4, 60, 60 },
555 { 0x94, 20, IEEE80211_T_HT, 4, 60, 60 },
556 { 0x95, 21, IEEE80211_T_HT, 4, 60, 60 },
557 { 0x96, 22, IEEE80211_T_HT, 4, 60, 60 },
558 { 0x97, 23, IEEE80211_T_HT, 4, 60, 60 },
559 };
560
561 /* These are indexes into the above rt2860_rates[] array */
562 #define RT2860_RIDX_CCK1 0
563 #define RT2860_RIDX_CCK11 3
564 #define RT2860_RIDX_OFDM6 4
565 #define RT2860_RIDX_MCS0 12
566 #define RT2860_RIDX_MAX 36
567
568 static const struct {
569 uint16_t reg;
570 uint32_t val;
571 } rt2870_def_mac[] = {
572 RT2870_DEF_MAC
573 };
574
575 static const struct {
576 uint8_t reg;
577 uint8_t val;
578 } rt2860_def_bbp[] = {
579 RT2860_DEF_BBP
580 },rt5390_def_bbp[] = {
581 RT5390_DEF_BBP
582 },rt5592_def_bbp[] = {
583 RT5592_DEF_BBP
584 };
585
586 /*
587 * Default values for BBP register R196 for RT5592.
588 */
589 static const uint8_t rt5592_bbp_r196[] = {
590 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
591 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
592 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
593 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
594 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
595 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
596 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
597 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
598 0x2e, 0x36, 0x30, 0x6e
599 };
600
601 static const struct rfprog {
602 uint8_t chan;
603 uint32_t r1, r2, r3, r4;
604 } rt2860_rf2850[] = {
605 RT2860_RF2850
606 };
607
608 struct {
609 uint8_t n, r, k;
610 } rt3070_freqs[] = {
611 RT3070_RF3052
612 };
613
614 static const struct rt5592_freqs {
615 uint16_t n;
616 uint8_t k, m, r;
617 } rt5592_freqs_20mhz[] = {
618 RT5592_RF5592_20MHZ
619 },rt5592_freqs_40mhz[] = {
620 RT5592_RF5592_40MHZ
621 };
622
623 static const struct {
624 uint8_t reg;
625 uint8_t val;
626 } rt3070_def_rf[] = {
627 RT3070_DEF_RF
628 },rt3572_def_rf[] = {
629 RT3572_DEF_RF
630 },rt3593_def_rf[] = {
631 RT3593_DEF_RF
632 },rt5390_def_rf[] = {
633 RT5390_DEF_RF
634 },rt5392_def_rf[] = {
635 RT5392_DEF_RF
636 },rt5592_def_rf[] = {
637 RT5592_DEF_RF
638 },rt5592_2ghz_def_rf[] = {
639 RT5592_2GHZ_DEF_RF
640 },rt5592_5ghz_def_rf[] = {
641 RT5592_5GHZ_DEF_RF
642 };
643
644 static const struct {
645 u_int firstchan;
646 u_int lastchan;
647 uint8_t reg;
648 uint8_t val;
649 } rt5592_chan_5ghz[] = {
650 RT5592_CHAN_5GHZ
651 };
652
653 static const struct usb_config run_config[RUN_N_XFER] = {
654 [RUN_BULK_TX_BE] = {
655 .type = UE_BULK,
656 .endpoint = UE_ADDR_ANY,
657 .ep_index = 0,
658 .direction = UE_DIR_OUT,
659 .bufsize = RUN_MAX_TXSZ,
660 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
661 .callback = run_bulk_tx_callback0,
662 .timeout = 5000, /* ms */
663 },
664 [RUN_BULK_TX_BK] = {
665 .type = UE_BULK,
666 .endpoint = UE_ADDR_ANY,
667 .direction = UE_DIR_OUT,
668 .ep_index = 1,
669 .bufsize = RUN_MAX_TXSZ,
670 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
671 .callback = run_bulk_tx_callback1,
672 .timeout = 5000, /* ms */
673 },
674 [RUN_BULK_TX_VI] = {
675 .type = UE_BULK,
676 .endpoint = UE_ADDR_ANY,
677 .direction = UE_DIR_OUT,
678 .ep_index = 2,
679 .bufsize = RUN_MAX_TXSZ,
680 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
681 .callback = run_bulk_tx_callback2,
682 .timeout = 5000, /* ms */
683 },
684 [RUN_BULK_TX_VO] = {
685 .type = UE_BULK,
686 .endpoint = UE_ADDR_ANY,
687 .direction = UE_DIR_OUT,
688 .ep_index = 3,
689 .bufsize = RUN_MAX_TXSZ,
690 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
691 .callback = run_bulk_tx_callback3,
692 .timeout = 5000, /* ms */
693 },
694 [RUN_BULK_TX_HCCA] = {
695 .type = UE_BULK,
696 .endpoint = UE_ADDR_ANY,
697 .direction = UE_DIR_OUT,
698 .ep_index = 4,
699 .bufsize = RUN_MAX_TXSZ,
700 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
701 .callback = run_bulk_tx_callback4,
702 .timeout = 5000, /* ms */
703 },
704 [RUN_BULK_TX_PRIO] = {
705 .type = UE_BULK,
706 .endpoint = UE_ADDR_ANY,
707 .direction = UE_DIR_OUT,
708 .ep_index = 5,
709 .bufsize = RUN_MAX_TXSZ,
710 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
711 .callback = run_bulk_tx_callback5,
712 .timeout = 5000, /* ms */
713 },
714 [RUN_BULK_RX] = {
715 .type = UE_BULK,
716 .endpoint = UE_ADDR_ANY,
717 .direction = UE_DIR_IN,
718 .bufsize = RUN_MAX_RXSZ,
719 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
720 .callback = run_bulk_rx_callback,
721 }
722 };
723
724 static void
run_autoinst(void * arg,struct usb_device * udev,struct usb_attach_arg * uaa)725 run_autoinst(void *arg, struct usb_device *udev,
726 struct usb_attach_arg *uaa)
727 {
728 struct usb_interface *iface;
729 struct usb_interface_descriptor *id;
730
731 if (uaa->dev_state != UAA_DEV_READY)
732 return;
733
734 iface = usbd_get_iface(udev, 0);
735 if (iface == NULL)
736 return;
737 id = iface->idesc;
738 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
739 return;
740 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
741 return;
742
743 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
744 uaa->dev_state = UAA_DEV_EJECTING;
745 }
746
747 static int
run_driver_loaded(struct module * mod,int what,void * arg)748 run_driver_loaded(struct module *mod, int what, void *arg)
749 {
750 switch (what) {
751 case MOD_LOAD:
752 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
753 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
754 break;
755 case MOD_UNLOAD:
756 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
757 break;
758 default:
759 return (EOPNOTSUPP);
760 }
761 return (0);
762 }
763
764 static int
run_match(device_t self)765 run_match(device_t self)
766 {
767 struct usb_attach_arg *uaa = device_get_ivars(self);
768
769 if (uaa->usb_mode != USB_MODE_HOST)
770 return (ENXIO);
771 if (uaa->info.bConfigIndex != 0)
772 return (ENXIO);
773 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
774 return (ENXIO);
775
776 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
777 }
778
779 static int
run_attach(device_t self)780 run_attach(device_t self)
781 {
782 struct run_softc *sc = device_get_softc(self);
783 struct usb_attach_arg *uaa = device_get_ivars(self);
784 struct ieee80211com *ic = &sc->sc_ic;
785 uint32_t ver;
786 uint8_t iface_index;
787 int ntries, error;
788
789 device_set_usb_desc(self);
790 sc->sc_udev = uaa->device;
791 sc->sc_dev = self;
792 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
793 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
794
795 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
796 MTX_NETWORK_LOCK, MTX_DEF);
797 mbufq_init(&sc->sc_snd, ifqmaxlen);
798
799 iface_index = RT2860_IFACE_INDEX;
800
801 error = usbd_transfer_setup(uaa->device, &iface_index,
802 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
803 if (error) {
804 device_printf(self, "could not allocate USB transfers, "
805 "err=%s\n", usbd_errstr(error));
806 goto detach;
807 }
808
809 RUN_LOCK(sc);
810
811 /* wait for the chip to settle */
812 for (ntries = 0; ntries < 100; ntries++) {
813 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
814 RUN_UNLOCK(sc);
815 goto detach;
816 }
817 if (ver != 0 && ver != 0xffffffff)
818 break;
819 run_delay(sc, 10);
820 }
821 if (ntries == 100) {
822 device_printf(sc->sc_dev,
823 "timeout waiting for NIC to initialize\n");
824 RUN_UNLOCK(sc);
825 goto detach;
826 }
827 sc->mac_ver = ver >> 16;
828 sc->mac_rev = ver & 0xffff;
829
830 /* retrieve RF rev. no and various other things from EEPROM */
831 run_read_eeprom(sc);
832
833 device_printf(sc->sc_dev,
834 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
835 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
836 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
837
838 RUN_UNLOCK(sc);
839
840 ic->ic_softc = sc;
841 ic->ic_name = device_get_nameunit(self);
842 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
843 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
844
845 /* set device capabilities */
846 ic->ic_caps =
847 IEEE80211_C_STA | /* station mode supported */
848 IEEE80211_C_MONITOR | /* monitor mode supported */
849 IEEE80211_C_IBSS |
850 IEEE80211_C_HOSTAP |
851 IEEE80211_C_WDS | /* 4-address traffic works */
852 IEEE80211_C_MBSS |
853 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
854 IEEE80211_C_SHSLOT | /* short slot time supported */
855 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */
856 IEEE80211_C_FF | /* Atheros fast-frames */
857 IEEE80211_C_WME | /* WME */
858 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
859
860 /*
861 * RF2020 is not an 11n device.
862 */
863 if (sc->rf_rev != RT3070_RF_2020) {
864 device_printf(sc->sc_dev, "[HT] Enabling 802.11n\n");
865 ic->ic_htcaps =
866 IEEE80211_HTC_HT |
867 IEEE80211_HTC_AMPDU |
868 IEEE80211_HTC_AMSDU |
869 IEEE80211_HTCAP_MAXAMSDU_3839 |
870 IEEE80211_HTCAP_SMPS_OFF;
871
872 ic->ic_rxstream = sc->nrxchains;
873 ic->ic_txstream = sc->ntxchains;
874 }
875
876 ic->ic_cryptocaps =
877 IEEE80211_CRYPTO_WEP |
878 IEEE80211_CRYPTO_AES_CCM |
879 IEEE80211_CRYPTO_TKIPMIC |
880 IEEE80211_CRYPTO_TKIP;
881
882 ic->ic_flags |= IEEE80211_F_DATAPAD;
883 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
884
885 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
886 ic->ic_channels);
887
888 ieee80211_ifattach(ic);
889
890 ic->ic_scan_start = run_scan_start;
891 ic->ic_scan_end = run_scan_end;
892 ic->ic_set_channel = run_set_channel;
893 ic->ic_getradiocaps = run_getradiocaps;
894 ic->ic_node_alloc = run_node_alloc;
895 ic->ic_newassoc = run_newassoc;
896 ic->ic_updateslot = run_updateslot;
897 ic->ic_update_mcast = run_update_mcast;
898 ic->ic_wme.wme_update = run_wme_update;
899 ic->ic_raw_xmit = run_raw_xmit;
900 ic->ic_update_promisc = run_update_promisc;
901 ic->ic_vap_create = run_vap_create;
902 ic->ic_vap_delete = run_vap_delete;
903 ic->ic_transmit = run_transmit;
904 ic->ic_parent = run_parent;
905 ic->ic_update_chw = run_update_chw;
906 ic->ic_ampdu_enable = run_ampdu_enable;
907
908 ieee80211_radiotap_attach(ic,
909 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
910 RUN_TX_RADIOTAP_PRESENT,
911 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
912 RUN_RX_RADIOTAP_PRESENT);
913
914 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
915 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
916 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
917
918 if (bootverbose)
919 ieee80211_announce(ic);
920
921 return (0);
922
923 detach:
924 run_detach(self);
925 return (ENXIO);
926 }
927
928 static void
run_drain_mbufq(struct run_softc * sc)929 run_drain_mbufq(struct run_softc *sc)
930 {
931 struct mbuf *m;
932 struct ieee80211_node *ni;
933
934 RUN_LOCK_ASSERT(sc, MA_OWNED);
935 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
936 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
937 m->m_pkthdr.rcvif = NULL;
938 ieee80211_free_node(ni);
939 m_freem(m);
940 }
941 }
942
943 static int
run_detach(device_t self)944 run_detach(device_t self)
945 {
946 struct run_softc *sc = device_get_softc(self);
947 struct ieee80211com *ic = &sc->sc_ic;
948 int i;
949
950 RUN_LOCK(sc);
951 sc->sc_detached = 1;
952 RUN_UNLOCK(sc);
953
954 /* stop all USB transfers */
955 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
956
957 RUN_LOCK(sc);
958 sc->ratectl_run = RUN_RATECTL_OFF;
959 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
960
961 /* free TX list, if any */
962 for (i = 0; i != RUN_EP_QUEUES; i++)
963 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
964
965 /* Free TX queue */
966 run_drain_mbufq(sc);
967 RUN_UNLOCK(sc);
968
969 if (sc->sc_ic.ic_softc == sc) {
970 /* drain tasks */
971 usb_callout_drain(&sc->ratectl_ch);
972 ieee80211_draintask(ic, &sc->cmdq_task);
973 ieee80211_draintask(ic, &sc->ratectl_task);
974 ieee80211_ifdetach(ic);
975 }
976
977 mtx_destroy(&sc->sc_mtx);
978
979 return (0);
980 }
981
982 static struct ieee80211vap *
run_vap_create(struct ieee80211com * ic,const char name[IFNAMSIZ],int unit,enum ieee80211_opmode opmode,int flags,const uint8_t bssid[IEEE80211_ADDR_LEN],const uint8_t mac[IEEE80211_ADDR_LEN])983 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
984 enum ieee80211_opmode opmode, int flags,
985 const uint8_t bssid[IEEE80211_ADDR_LEN],
986 const uint8_t mac[IEEE80211_ADDR_LEN])
987 {
988 struct run_softc *sc = ic->ic_softc;
989 struct run_vap *rvp;
990 struct ieee80211vap *vap;
991 int i;
992
993 if (sc->rvp_cnt >= RUN_VAP_MAX) {
994 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
995 return (NULL);
996 }
997
998 switch (opmode) {
999 case IEEE80211_M_STA:
1000 /* enable s/w bmiss handling for sta mode */
1001 flags |= IEEE80211_CLONE_NOBEACONS;
1002 /* fall though */
1003 case IEEE80211_M_IBSS:
1004 case IEEE80211_M_MONITOR:
1005 case IEEE80211_M_HOSTAP:
1006 case IEEE80211_M_MBSS:
1007 /* other than WDS vaps, only one at a time */
1008 if (!TAILQ_EMPTY(&ic->ic_vaps))
1009 return (NULL);
1010 break;
1011 case IEEE80211_M_WDS:
1012 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
1013 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
1014 continue;
1015 /* WDS vap's always share the local mac address. */
1016 flags &= ~IEEE80211_CLONE_BSSID;
1017 break;
1018 }
1019 if (vap == NULL) {
1020 device_printf(sc->sc_dev,
1021 "wds only supported in ap mode\n");
1022 return (NULL);
1023 }
1024 break;
1025 default:
1026 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
1027 return (NULL);
1028 }
1029
1030 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
1031 vap = &rvp->vap;
1032
1033 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
1034 bssid) != 0) {
1035 /* out of memory */
1036 free(rvp, M_80211_VAP);
1037 return (NULL);
1038 }
1039
1040 vap->iv_update_beacon = run_update_beacon;
1041 vap->iv_max_aid = RT2870_WCID_MAX;
1042
1043 /*
1044 * The linux rt2800 driver limits 1 stream devices to a 32KB
1045 * RX AMPDU.
1046 */
1047 if (ic->ic_rxstream > 1)
1048 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K;
1049 else
1050 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K;
1051 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_2; /* 2uS */
1052
1053 /*
1054 * To delete the right key from h/w, we need wcid.
1055 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
1056 * and matching wcid will be written into there. So, cast
1057 * some spells to remove 'const' from ieee80211_key{}
1058 */
1059 vap->iv_key_delete = (void *)run_key_delete;
1060 vap->iv_key_set = (void *)run_key_set;
1061
1062 /* override state transition machine */
1063 rvp->newstate = vap->iv_newstate;
1064 vap->iv_newstate = run_newstate;
1065 if (opmode == IEEE80211_M_IBSS) {
1066 rvp->recv_mgmt = vap->iv_recv_mgmt;
1067 vap->iv_recv_mgmt = run_recv_mgmt;
1068 }
1069
1070 ieee80211_ratectl_init(vap);
1071 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
1072
1073 /* complete setup */
1074 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
1075 mac);
1076
1077 /* make sure id is always unique */
1078 for (i = 0; i < RUN_VAP_MAX; i++) {
1079 if((sc->rvp_bmap & 1 << i) == 0){
1080 sc->rvp_bmap |= 1 << i;
1081 rvp->rvp_id = i;
1082 break;
1083 }
1084 }
1085 if (sc->rvp_cnt++ == 0)
1086 ic->ic_opmode = opmode;
1087
1088 if (opmode == IEEE80211_M_HOSTAP)
1089 sc->cmdq_run = RUN_CMDQ_GO;
1090
1091 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n",
1092 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1093
1094 return (vap);
1095 }
1096
1097 static void
run_vap_delete(struct ieee80211vap * vap)1098 run_vap_delete(struct ieee80211vap *vap)
1099 {
1100 struct run_vap *rvp = RUN_VAP(vap);
1101 struct ieee80211com *ic;
1102 struct run_softc *sc;
1103 uint8_t rvp_id;
1104
1105 if (vap == NULL)
1106 return;
1107
1108 ic = vap->iv_ic;
1109 sc = ic->ic_softc;
1110
1111 RUN_LOCK(sc);
1112
1113 m_freem(rvp->beacon_mbuf);
1114 rvp->beacon_mbuf = NULL;
1115
1116 rvp_id = rvp->rvp_id;
1117 sc->ratectl_run &= ~(1 << rvp_id);
1118 sc->rvp_bmap &= ~(1 << rvp_id);
1119 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1120 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1121 --sc->rvp_cnt;
1122
1123 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
1124 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1125 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1126
1127 RUN_UNLOCK(sc);
1128
1129 ieee80211_ratectl_deinit(vap);
1130 ieee80211_vap_detach(vap);
1131 free(rvp, M_80211_VAP);
1132 }
1133
1134 /*
1135 * There are numbers of functions need to be called in context thread.
1136 * Rather than creating taskqueue event for each of those functions,
1137 * here is all-for-one taskqueue callback function. This function
1138 * guarantees deferred functions are executed in the same order they
1139 * were enqueued.
1140 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1141 */
1142 static void
run_cmdq_cb(void * arg,int pending)1143 run_cmdq_cb(void *arg, int pending)
1144 {
1145 struct run_softc *sc = arg;
1146 uint8_t i;
1147
1148 /* call cmdq[].func locked */
1149 RUN_LOCK(sc);
1150 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1151 i = sc->cmdq_exec, pending--) {
1152 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n",
1153 i, pending);
1154 if (sc->cmdq_run == RUN_CMDQ_GO) {
1155 /*
1156 * If arg0 is NULL, callback func needs more
1157 * than one arg. So, pass ptr to cmdq struct.
1158 */
1159 if (sc->cmdq[i].arg0)
1160 sc->cmdq[i].func(sc->cmdq[i].arg0);
1161 else
1162 sc->cmdq[i].func(&sc->cmdq[i]);
1163 }
1164 sc->cmdq[i].arg0 = NULL;
1165 sc->cmdq[i].func = NULL;
1166 sc->cmdq_exec++;
1167 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1168 }
1169 RUN_UNLOCK(sc);
1170 }
1171
1172 static void
run_setup_tx_list(struct run_softc * sc,struct run_endpoint_queue * pq)1173 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1174 {
1175 struct run_tx_data *data;
1176
1177 memset(pq, 0, sizeof(*pq));
1178
1179 STAILQ_INIT(&pq->tx_qh);
1180 STAILQ_INIT(&pq->tx_fh);
1181
1182 for (data = &pq->tx_data[0];
1183 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1184 data->sc = sc;
1185 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1186 }
1187 pq->tx_nfree = RUN_TX_RING_COUNT;
1188 }
1189
1190 static void
run_unsetup_tx_list(struct run_softc * sc,struct run_endpoint_queue * pq)1191 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1192 {
1193 struct run_tx_data *data;
1194
1195 /* make sure any subsequent use of the queues will fail */
1196 pq->tx_nfree = 0;
1197 STAILQ_INIT(&pq->tx_fh);
1198 STAILQ_INIT(&pq->tx_qh);
1199
1200 /* free up all node references and mbufs */
1201 for (data = &pq->tx_data[0];
1202 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1203 if (data->m != NULL) {
1204 m_freem(data->m);
1205 data->m = NULL;
1206 }
1207 if (data->ni != NULL) {
1208 ieee80211_free_node(data->ni);
1209 data->ni = NULL;
1210 }
1211 }
1212 }
1213
1214 static int
run_load_microcode(struct run_softc * sc)1215 run_load_microcode(struct run_softc *sc)
1216 {
1217 usb_device_request_t req;
1218 const struct firmware *fw;
1219 const u_char *base;
1220 uint32_t tmp;
1221 int ntries, error;
1222 const uint64_t *temp;
1223 uint64_t bytes;
1224
1225 RUN_UNLOCK(sc);
1226 fw = firmware_get("runfw");
1227 RUN_LOCK(sc);
1228 if (fw == NULL) {
1229 device_printf(sc->sc_dev,
1230 "failed loadfirmware of file %s\n", "runfw");
1231 return ENOENT;
1232 }
1233
1234 if (fw->datasize != 8192) {
1235 device_printf(sc->sc_dev,
1236 "invalid firmware size (should be 8KB)\n");
1237 error = EINVAL;
1238 goto fail;
1239 }
1240
1241 /*
1242 * RT3071/RT3072 use a different firmware
1243 * run-rt2870 (8KB) contains both,
1244 * first half (4KB) is for rt2870,
1245 * last half is for rt3071.
1246 */
1247 base = fw->data;
1248 if ((sc->mac_ver) != 0x2860 &&
1249 (sc->mac_ver) != 0x2872 &&
1250 (sc->mac_ver) != 0x3070) {
1251 base += 4096;
1252 }
1253
1254 /* cheap sanity check */
1255 temp = fw->data;
1256 bytes = *temp;
1257 if (bytes != be64toh(0xffffff0210280210ULL)) {
1258 device_printf(sc->sc_dev, "firmware checksum failed\n");
1259 error = EINVAL;
1260 goto fail;
1261 }
1262
1263 /* write microcode image */
1264 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1265 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1266 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1267 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1268 }
1269
1270 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1271 req.bRequest = RT2870_RESET;
1272 USETW(req.wValue, 8);
1273 USETW(req.wIndex, 0);
1274 USETW(req.wLength, 0);
1275 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1276 != 0) {
1277 device_printf(sc->sc_dev, "firmware reset failed\n");
1278 goto fail;
1279 }
1280
1281 run_delay(sc, 10);
1282
1283 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1284 run_write(sc, RT2860_H2M_MAILBOX, 0);
1285 run_write(sc, RT2860_H2M_INTSRC, 0);
1286 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1287 goto fail;
1288
1289 /* wait until microcontroller is ready */
1290 for (ntries = 0; ntries < 1000; ntries++) {
1291 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1292 goto fail;
1293 if (tmp & RT2860_MCU_READY)
1294 break;
1295 run_delay(sc, 10);
1296 }
1297 if (ntries == 1000) {
1298 device_printf(sc->sc_dev,
1299 "timeout waiting for MCU to initialize\n");
1300 error = ETIMEDOUT;
1301 goto fail;
1302 }
1303 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1304 (base == fw->data) ? "RT2870" : "RT3071",
1305 *(base + 4092), *(base + 4093));
1306
1307 fail:
1308 firmware_put(fw, FIRMWARE_UNLOAD);
1309 return (error);
1310 }
1311
1312 static int
run_reset(struct run_softc * sc)1313 run_reset(struct run_softc *sc)
1314 {
1315 usb_device_request_t req;
1316
1317 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1318 req.bRequest = RT2870_RESET;
1319 USETW(req.wValue, 1);
1320 USETW(req.wIndex, 0);
1321 USETW(req.wLength, 0);
1322 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1323 }
1324
1325 static usb_error_t
run_do_request(struct run_softc * sc,struct usb_device_request * req,void * data)1326 run_do_request(struct run_softc *sc,
1327 struct usb_device_request *req, void *data)
1328 {
1329 usb_error_t err;
1330 int ntries = 10;
1331
1332 RUN_LOCK_ASSERT(sc, MA_OWNED);
1333
1334 while (ntries--) {
1335 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1336 req, data, 0, NULL, 250 /* ms */);
1337 if (err == 0)
1338 break;
1339 RUN_DPRINTF(sc, RUN_DEBUG_USB,
1340 "Control request failed, %s (retrying)\n",
1341 usbd_errstr(err));
1342 run_delay(sc, 10);
1343 }
1344 return (err);
1345 }
1346
1347 static int
run_read(struct run_softc * sc,uint16_t reg,uint32_t * val)1348 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1349 {
1350 uint32_t tmp;
1351 int error;
1352
1353 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1354 if (error == 0)
1355 *val = le32toh(tmp);
1356 else
1357 *val = 0xffffffff;
1358 return (error);
1359 }
1360
1361 static int
run_read_region_1(struct run_softc * sc,uint16_t reg,uint8_t * buf,int len)1362 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1363 {
1364 usb_device_request_t req;
1365
1366 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1367 req.bRequest = RT2870_READ_REGION_1;
1368 USETW(req.wValue, 0);
1369 USETW(req.wIndex, reg);
1370 USETW(req.wLength, len);
1371
1372 return (run_do_request(sc, &req, buf));
1373 }
1374
1375 static int
run_write_2(struct run_softc * sc,uint16_t reg,uint16_t val)1376 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1377 {
1378 usb_device_request_t req;
1379
1380 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1381 req.bRequest = RT2870_WRITE_2;
1382 USETW(req.wValue, val);
1383 USETW(req.wIndex, reg);
1384 USETW(req.wLength, 0);
1385
1386 return (run_do_request(sc, &req, NULL));
1387 }
1388
1389 static int
run_write(struct run_softc * sc,uint16_t reg,uint32_t val)1390 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1391 {
1392 int error;
1393
1394 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1395 error = run_write_2(sc, reg + 2, val >> 16);
1396 return (error);
1397 }
1398
1399 static int
run_write_region_1(struct run_softc * sc,uint16_t reg,const uint8_t * buf,int len)1400 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1401 int len)
1402 {
1403 #if 1
1404 int i, error = 0;
1405 /*
1406 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1407 * We thus issue multiple WRITE_2 commands instead.
1408 */
1409 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1410 for (i = 0; i < len && error == 0; i += 2)
1411 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1412 return (error);
1413 #else
1414 usb_device_request_t req;
1415 int error = 0;
1416
1417 /*
1418 * NOTE: It appears the WRITE_REGION_1 command cannot be
1419 * passed a huge amount of data, which will crash the
1420 * firmware. Limit amount of data passed to 64-bytes at a
1421 * time.
1422 */
1423 while (len > 0) {
1424 int delta = 64;
1425 if (delta > len)
1426 delta = len;
1427
1428 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1429 req.bRequest = RT2870_WRITE_REGION_1;
1430 USETW(req.wValue, 0);
1431 USETW(req.wIndex, reg);
1432 USETW(req.wLength, delta);
1433 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1434 if (error != 0)
1435 break;
1436 reg += delta;
1437 buf += delta;
1438 len -= delta;
1439 }
1440 return (error);
1441 #endif
1442 }
1443
1444 static int
run_set_region_4(struct run_softc * sc,uint16_t reg,uint32_t val,int len)1445 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1446 {
1447 int i, error = 0;
1448
1449 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1450 for (i = 0; i < len && error == 0; i += 4)
1451 error = run_write(sc, reg + i, val);
1452 return (error);
1453 }
1454
1455 static int
run_efuse_read(struct run_softc * sc,uint16_t addr,uint16_t * val,int count)1456 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1457 {
1458 uint32_t tmp;
1459 uint16_t reg;
1460 int error, ntries;
1461
1462 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1463 return (error);
1464
1465 if (count == 2)
1466 addr *= 2;
1467 /*-
1468 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1469 * DATA0: F E D C
1470 * DATA1: B A 9 8
1471 * DATA2: 7 6 5 4
1472 * DATA3: 3 2 1 0
1473 */
1474 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1475 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1476 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1477 for (ntries = 0; ntries < 100; ntries++) {
1478 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1479 return (error);
1480 if (!(tmp & RT3070_EFSROM_KICK))
1481 break;
1482 run_delay(sc, 2);
1483 }
1484 if (ntries == 100)
1485 return (ETIMEDOUT);
1486
1487 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1488 *val = 0xffff; /* address not found */
1489 return (0);
1490 }
1491 /* determine to which 32-bit register our 16-bit word belongs */
1492 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1493 if ((error = run_read(sc, reg, &tmp)) != 0)
1494 return (error);
1495
1496 tmp >>= (8 * (addr & 0x3));
1497 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1498
1499 return (0);
1500 }
1501
1502 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1503 static int
run_efuse_read_2(struct run_softc * sc,uint16_t addr,uint16_t * val)1504 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1505 {
1506 return (run_efuse_read(sc, addr, val, 2));
1507 }
1508
1509 static int
run_eeprom_read_2(struct run_softc * sc,uint16_t addr,uint16_t * val)1510 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1511 {
1512 usb_device_request_t req;
1513 uint16_t tmp;
1514 int error;
1515
1516 addr *= 2;
1517 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1518 req.bRequest = RT2870_EEPROM_READ;
1519 USETW(req.wValue, 0);
1520 USETW(req.wIndex, addr);
1521 USETW(req.wLength, sizeof(tmp));
1522
1523 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1524 if (error == 0)
1525 *val = le16toh(tmp);
1526 else
1527 *val = 0xffff;
1528 return (error);
1529 }
1530
1531 static __inline int
run_srom_read(struct run_softc * sc,uint16_t addr,uint16_t * val)1532 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1533 {
1534 /* either eFUSE ROM or EEPROM */
1535 return sc->sc_srom_read(sc, addr, val);
1536 }
1537
1538 static int
run_rt2870_rf_write(struct run_softc * sc,uint32_t val)1539 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1540 {
1541 uint32_t tmp;
1542 int error, ntries;
1543
1544 for (ntries = 0; ntries < 10; ntries++) {
1545 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1546 return (error);
1547 if (!(tmp & RT2860_RF_REG_CTRL))
1548 break;
1549 }
1550 if (ntries == 10)
1551 return (ETIMEDOUT);
1552
1553 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1554 }
1555
1556 static int
run_rt3070_rf_read(struct run_softc * sc,uint8_t reg,uint8_t * val)1557 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1558 {
1559 uint32_t tmp;
1560 int error, ntries;
1561
1562 for (ntries = 0; ntries < 100; ntries++) {
1563 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1564 return (error);
1565 if (!(tmp & RT3070_RF_KICK))
1566 break;
1567 }
1568 if (ntries == 100)
1569 return (ETIMEDOUT);
1570
1571 tmp = RT3070_RF_KICK | reg << 8;
1572 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1573 return (error);
1574
1575 for (ntries = 0; ntries < 100; ntries++) {
1576 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1577 return (error);
1578 if (!(tmp & RT3070_RF_KICK))
1579 break;
1580 }
1581 if (ntries == 100)
1582 return (ETIMEDOUT);
1583
1584 *val = tmp & 0xff;
1585 return (0);
1586 }
1587
1588 static int
run_rt3070_rf_write(struct run_softc * sc,uint8_t reg,uint8_t val)1589 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1590 {
1591 uint32_t tmp;
1592 int error, ntries;
1593
1594 for (ntries = 0; ntries < 10; ntries++) {
1595 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1596 return (error);
1597 if (!(tmp & RT3070_RF_KICK))
1598 break;
1599 }
1600 if (ntries == 10)
1601 return (ETIMEDOUT);
1602
1603 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1604 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1605 }
1606
1607 static int
run_bbp_read(struct run_softc * sc,uint8_t reg,uint8_t * val)1608 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1609 {
1610 uint32_t tmp;
1611 int ntries, error;
1612
1613 for (ntries = 0; ntries < 10; ntries++) {
1614 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1615 return (error);
1616 if (!(tmp & RT2860_BBP_CSR_KICK))
1617 break;
1618 }
1619 if (ntries == 10)
1620 return (ETIMEDOUT);
1621
1622 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1623 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1624 return (error);
1625
1626 for (ntries = 0; ntries < 10; ntries++) {
1627 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1628 return (error);
1629 if (!(tmp & RT2860_BBP_CSR_KICK))
1630 break;
1631 }
1632 if (ntries == 10)
1633 return (ETIMEDOUT);
1634
1635 *val = tmp & 0xff;
1636 return (0);
1637 }
1638
1639 static int
run_bbp_write(struct run_softc * sc,uint8_t reg,uint8_t val)1640 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1641 {
1642 uint32_t tmp;
1643 int ntries, error;
1644
1645 for (ntries = 0; ntries < 10; ntries++) {
1646 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1647 return (error);
1648 if (!(tmp & RT2860_BBP_CSR_KICK))
1649 break;
1650 }
1651 if (ntries == 10)
1652 return (ETIMEDOUT);
1653
1654 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1655 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1656 }
1657
1658 /*
1659 * Send a command to the 8051 microcontroller unit.
1660 */
1661 static int
run_mcu_cmd(struct run_softc * sc,uint8_t cmd,uint16_t arg)1662 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1663 {
1664 uint32_t tmp;
1665 int error, ntries;
1666
1667 for (ntries = 0; ntries < 100; ntries++) {
1668 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1669 return error;
1670 if (!(tmp & RT2860_H2M_BUSY))
1671 break;
1672 }
1673 if (ntries == 100)
1674 return ETIMEDOUT;
1675
1676 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1677 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1678 error = run_write(sc, RT2860_HOST_CMD, cmd);
1679 return (error);
1680 }
1681
1682 /*
1683 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1684 * Used to adjust per-rate Tx power registers.
1685 */
1686 static __inline uint32_t
b4inc(uint32_t b32,int8_t delta)1687 b4inc(uint32_t b32, int8_t delta)
1688 {
1689 int8_t i, b4;
1690
1691 for (i = 0; i < 8; i++) {
1692 b4 = b32 & 0xf;
1693 b4 += delta;
1694 if (b4 < 0)
1695 b4 = 0;
1696 else if (b4 > 0xf)
1697 b4 = 0xf;
1698 b32 = b32 >> 4 | b4 << 28;
1699 }
1700 return (b32);
1701 }
1702
1703 static const char *
run_get_rf(uint16_t rev)1704 run_get_rf(uint16_t rev)
1705 {
1706 switch (rev) {
1707 case RT2860_RF_2820: return "RT2820";
1708 case RT2860_RF_2850: return "RT2850";
1709 case RT2860_RF_2720: return "RT2720";
1710 case RT2860_RF_2750: return "RT2750";
1711 case RT3070_RF_3020: return "RT3020";
1712 case RT3070_RF_2020: return "RT2020";
1713 case RT3070_RF_3021: return "RT3021";
1714 case RT3070_RF_3022: return "RT3022";
1715 case RT3070_RF_3052: return "RT3052";
1716 case RT3593_RF_3053: return "RT3053";
1717 case RT5592_RF_5592: return "RT5592";
1718 case RT5390_RF_5370: return "RT5370";
1719 case RT5390_RF_5372: return "RT5372";
1720 }
1721 return ("unknown");
1722 }
1723
1724 static void
run_rt3593_get_txpower(struct run_softc * sc)1725 run_rt3593_get_txpower(struct run_softc *sc)
1726 {
1727 uint16_t addr, val;
1728 int i;
1729
1730 /* Read power settings for 2GHz channels. */
1731 for (i = 0; i < 14; i += 2) {
1732 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1733 RT2860_EEPROM_PWR2GHZ_BASE1;
1734 run_srom_read(sc, addr + i / 2, &val);
1735 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1736 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1737
1738 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1739 RT2860_EEPROM_PWR2GHZ_BASE2;
1740 run_srom_read(sc, addr + i / 2, &val);
1741 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1742 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1743
1744 if (sc->ntxchains == 3) {
1745 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1746 &val);
1747 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1748 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1749 }
1750 }
1751 /* Fix broken Tx power entries. */
1752 for (i = 0; i < 14; i++) {
1753 if (sc->txpow1[i] > 31)
1754 sc->txpow1[i] = 5;
1755 if (sc->txpow2[i] > 31)
1756 sc->txpow2[i] = 5;
1757 if (sc->ntxchains == 3) {
1758 if (sc->txpow3[i] > 31)
1759 sc->txpow3[i] = 5;
1760 }
1761 }
1762 /* Read power settings for 5GHz channels. */
1763 for (i = 0; i < 40; i += 2) {
1764 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1765 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1766 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1767
1768 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1769 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1770 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1771
1772 if (sc->ntxchains == 3) {
1773 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1774 &val);
1775 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1776 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1777 }
1778 }
1779 }
1780
1781 static void
run_get_txpower(struct run_softc * sc)1782 run_get_txpower(struct run_softc *sc)
1783 {
1784 uint16_t val;
1785 int i;
1786
1787 /* Read power settings for 2GHz channels. */
1788 for (i = 0; i < 14; i += 2) {
1789 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1790 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1791 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1792
1793 if (sc->mac_ver != 0x5390) {
1794 run_srom_read(sc,
1795 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1796 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1797 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1798 }
1799 }
1800 /* Fix broken Tx power entries. */
1801 for (i = 0; i < 14; i++) {
1802 if (sc->mac_ver >= 0x5390) {
1803 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1804 sc->txpow1[i] = 5;
1805 } else {
1806 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1807 sc->txpow1[i] = 5;
1808 }
1809 if (sc->mac_ver > 0x5390) {
1810 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1811 sc->txpow2[i] = 5;
1812 } else if (sc->mac_ver < 0x5390) {
1813 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1814 sc->txpow2[i] = 5;
1815 }
1816 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1817 "chan %d: power1=%d, power2=%d\n",
1818 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1819 }
1820 /* Read power settings for 5GHz channels. */
1821 for (i = 0; i < 40; i += 2) {
1822 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1823 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1824 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1825
1826 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1827 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1828 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1829 }
1830 /* Fix broken Tx power entries. */
1831 for (i = 0; i < 40; i++ ) {
1832 if (sc->mac_ver != 0x5592) {
1833 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1834 sc->txpow1[14 + i] = 5;
1835 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1836 sc->txpow2[14 + i] = 5;
1837 }
1838 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1839 "chan %d: power1=%d, power2=%d\n",
1840 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1841 sc->txpow2[14 + i]);
1842 }
1843 }
1844
1845 static int
run_read_eeprom(struct run_softc * sc)1846 run_read_eeprom(struct run_softc *sc)
1847 {
1848 struct ieee80211com *ic = &sc->sc_ic;
1849 int8_t delta_2ghz, delta_5ghz;
1850 uint32_t tmp;
1851 uint16_t val;
1852 int ridx, ant, i;
1853
1854 /* check whether the ROM is eFUSE ROM or EEPROM */
1855 sc->sc_srom_read = run_eeprom_read_2;
1856 if (sc->mac_ver >= 0x3070) {
1857 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1858 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp);
1859 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1860 sc->sc_srom_read = run_efuse_read_2;
1861 }
1862
1863 /* read ROM version */
1864 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1865 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1866 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1867
1868 /* read MAC address */
1869 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1870 ic->ic_macaddr[0] = val & 0xff;
1871 ic->ic_macaddr[1] = val >> 8;
1872 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1873 ic->ic_macaddr[2] = val & 0xff;
1874 ic->ic_macaddr[3] = val >> 8;
1875 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1876 ic->ic_macaddr[4] = val & 0xff;
1877 ic->ic_macaddr[5] = val >> 8;
1878
1879 if (sc->mac_ver < 0x3593) {
1880 /* read vender BBP settings */
1881 for (i = 0; i < 10; i++) {
1882 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1883 sc->bbp[i].val = val & 0xff;
1884 sc->bbp[i].reg = val >> 8;
1885 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1886 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1887 }
1888 if (sc->mac_ver >= 0x3071) {
1889 /* read vendor RF settings */
1890 for (i = 0; i < 10; i++) {
1891 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1892 &val);
1893 sc->rf[i].val = val & 0xff;
1894 sc->rf[i].reg = val >> 8;
1895 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n",
1896 sc->rf[i].reg, sc->rf[i].val);
1897 }
1898 }
1899 }
1900
1901 /* read RF frequency offset from EEPROM */
1902 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1903 RT3593_EEPROM_FREQ, &val);
1904 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1905 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n",
1906 sc->freq & 0xff);
1907
1908 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1909 RT3593_EEPROM_FREQ_LEDS, &val);
1910 if (val >> 8 != 0xff) {
1911 /* read LEDs operating mode */
1912 sc->leds = val >> 8;
1913 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1914 RT3593_EEPROM_LED1, &sc->led[0]);
1915 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1916 RT3593_EEPROM_LED2, &sc->led[1]);
1917 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1918 RT3593_EEPROM_LED3, &sc->led[2]);
1919 } else {
1920 /* broken EEPROM, use default settings */
1921 sc->leds = 0x01;
1922 sc->led[0] = 0x5555;
1923 sc->led[1] = 0x2221;
1924 sc->led[2] = 0x5627; /* differs from RT2860 */
1925 }
1926 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1927 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1928 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1929
1930 /* read RF information */
1931 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1932 run_srom_read(sc, 0x00, &val);
1933 else
1934 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1935
1936 if (val == 0xffff) {
1937 device_printf(sc->sc_dev,
1938 "invalid EEPROM antenna info, using default\n");
1939 if (sc->mac_ver == 0x3572) {
1940 /* default to RF3052 2T2R */
1941 sc->rf_rev = RT3070_RF_3052;
1942 sc->ntxchains = 2;
1943 sc->nrxchains = 2;
1944 } else if (sc->mac_ver >= 0x3070) {
1945 /* default to RF3020 1T1R */
1946 sc->rf_rev = RT3070_RF_3020;
1947 sc->ntxchains = 1;
1948 sc->nrxchains = 1;
1949 } else {
1950 /* default to RF2820 1T2R */
1951 sc->rf_rev = RT2860_RF_2820;
1952 sc->ntxchains = 1;
1953 sc->nrxchains = 2;
1954 }
1955 } else {
1956 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1957 sc->rf_rev = val;
1958 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1959 } else
1960 sc->rf_rev = (val >> 8) & 0xf;
1961 sc->ntxchains = (val >> 4) & 0xf;
1962 sc->nrxchains = val & 0xf;
1963 }
1964 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n",
1965 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1966
1967 /* check if RF supports automatic Tx access gain control */
1968 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1969 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val);
1970 /* check if driver should patch the DAC issue */
1971 if ((val >> 8) != 0xff)
1972 sc->patch_dac = (val >> 15) & 1;
1973 if ((val & 0xff) != 0xff) {
1974 sc->ext_5ghz_lna = (val >> 3) & 1;
1975 sc->ext_2ghz_lna = (val >> 2) & 1;
1976 /* check if RF supports automatic Tx access gain control */
1977 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1978 /* check if we have a hardware radio switch */
1979 sc->rfswitch = val & 1;
1980 }
1981
1982 /* Read Tx power settings. */
1983 if (sc->mac_ver == 0x3593)
1984 run_rt3593_get_txpower(sc);
1985 else
1986 run_get_txpower(sc);
1987
1988 /* read Tx power compensation for each Tx rate */
1989 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1990 delta_2ghz = delta_5ghz = 0;
1991 if ((val & 0xff) != 0xff && (val & 0x80)) {
1992 delta_2ghz = val & 0xf;
1993 if (!(val & 0x40)) /* negative number */
1994 delta_2ghz = -delta_2ghz;
1995 }
1996 val >>= 8;
1997 if ((val & 0xff) != 0xff && (val & 0x80)) {
1998 delta_5ghz = val & 0xf;
1999 if (!(val & 0x40)) /* negative number */
2000 delta_5ghz = -delta_5ghz;
2001 }
2002 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
2003 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz);
2004
2005 for (ridx = 0; ridx < 5; ridx++) {
2006 uint32_t reg;
2007
2008 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
2009 reg = val;
2010 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
2011 reg |= (uint32_t)val << 16;
2012
2013 sc->txpow20mhz[ridx] = reg;
2014 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
2015 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
2016
2017 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
2018 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
2019 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
2020 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
2021 }
2022
2023 /* Read RSSI offsets and LNA gains from EEPROM. */
2024 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
2025 RT3593_EEPROM_RSSI1_2GHZ, &val);
2026 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
2027 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
2028 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
2029 RT3593_EEPROM_RSSI2_2GHZ, &val);
2030 if (sc->mac_ver >= 0x3070) {
2031 if (sc->mac_ver == 0x3593) {
2032 sc->txmixgain_2ghz = 0;
2033 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
2034 } else {
2035 /*
2036 * On RT3070 chips (limited to 2 Rx chains), this ROM
2037 * field contains the Tx mixer gain for the 2GHz band.
2038 */
2039 if ((val & 0xff) != 0xff)
2040 sc->txmixgain_2ghz = val & 0x7;
2041 }
2042 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n",
2043 sc->txmixgain_2ghz);
2044 } else
2045 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
2046 if (sc->mac_ver == 0x3593)
2047 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
2048 sc->lna[2] = val >> 8; /* channel group 2 */
2049
2050 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
2051 RT3593_EEPROM_RSSI1_5GHZ, &val);
2052 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
2053 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
2054 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
2055 RT3593_EEPROM_RSSI2_5GHZ, &val);
2056 if (sc->mac_ver == 0x3572) {
2057 /*
2058 * On RT3572 chips (limited to 2 Rx chains), this ROM
2059 * field contains the Tx mixer gain for the 5GHz band.
2060 */
2061 if ((val & 0xff) != 0xff)
2062 sc->txmixgain_5ghz = val & 0x7;
2063 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n",
2064 sc->txmixgain_5ghz);
2065 } else
2066 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
2067 if (sc->mac_ver == 0x3593) {
2068 sc->txmixgain_5ghz = 0;
2069 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
2070 }
2071 sc->lna[3] = val >> 8; /* channel group 3 */
2072
2073 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
2074 RT3593_EEPROM_LNA, &val);
2075 sc->lna[0] = val & 0xff; /* channel group 0 */
2076 sc->lna[1] = val >> 8; /* channel group 1 */
2077
2078 /* fix broken 5GHz LNA entries */
2079 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
2080 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2081 "invalid LNA for channel group %d\n", 2);
2082 sc->lna[2] = sc->lna[1];
2083 }
2084 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
2085 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2086 "invalid LNA for channel group %d\n", 3);
2087 sc->lna[3] = sc->lna[1];
2088 }
2089
2090 /* fix broken RSSI offset entries */
2091 for (ant = 0; ant < 3; ant++) {
2092 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
2093 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2094 "invalid RSSI%d offset: %d (2GHz)\n",
2095 ant + 1, sc->rssi_2ghz[ant]);
2096 sc->rssi_2ghz[ant] = 0;
2097 }
2098 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
2099 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2100 "invalid RSSI%d offset: %d (5GHz)\n",
2101 ant + 1, sc->rssi_5ghz[ant]);
2102 sc->rssi_5ghz[ant] = 0;
2103 }
2104 }
2105 return (0);
2106 }
2107
2108 static struct ieee80211_node *
run_node_alloc(struct ieee80211vap * vap,const uint8_t mac[IEEE80211_ADDR_LEN])2109 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2110 {
2111 return malloc(sizeof (struct run_node), M_80211_NODE,
2112 M_NOWAIT | M_ZERO);
2113 }
2114
2115 static int
run_media_change(if_t ifp)2116 run_media_change(if_t ifp)
2117 {
2118 struct ieee80211vap *vap = if_getsoftc(ifp);
2119 struct ieee80211com *ic = vap->iv_ic;
2120 const struct ieee80211_txparam *tp;
2121 struct run_softc *sc = ic->ic_softc;
2122 uint8_t rate, ridx;
2123 int error;
2124
2125 RUN_LOCK(sc);
2126
2127 error = ieee80211_media_change(ifp);
2128 if (error != 0) {
2129 RUN_UNLOCK(sc);
2130 return (error);
2131 }
2132
2133 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2134 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2135 struct ieee80211_node *ni;
2136 struct run_node *rn;
2137
2138 /* XXX TODO: methodize with MCS rates */
2139 rate = ic->ic_sup_rates[ic->ic_curmode].
2140 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2141 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2142 if (rt2860_rates[ridx].rate == rate)
2143 break;
2144
2145 ni = ieee80211_ref_node(vap->iv_bss);
2146 rn = RUN_NODE(ni);
2147 rn->fix_ridx = ridx;
2148 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n",
2149 rate, rn->fix_ridx);
2150 ieee80211_free_node(ni);
2151 }
2152
2153 #if 0
2154 if ((if_getflags(ifp) & IFF_UP) &&
2155 (if_getdrvflags(ifp) & RUN_RUNNING)){
2156 run_init_locked(sc);
2157 }
2158 #endif
2159
2160 RUN_UNLOCK(sc);
2161
2162 return (0);
2163 }
2164
2165 static int
run_newstate(struct ieee80211vap * vap,enum ieee80211_state nstate,int arg)2166 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2167 {
2168 const struct ieee80211_txparam *tp;
2169 struct ieee80211com *ic = vap->iv_ic;
2170 struct run_softc *sc = ic->ic_softc;
2171 struct run_vap *rvp = RUN_VAP(vap);
2172 enum ieee80211_state ostate;
2173 uint32_t sta[3];
2174 uint8_t ratectl;
2175 uint8_t restart_ratectl = 0;
2176 uint8_t bid = 1 << rvp->rvp_id;
2177
2178 ostate = vap->iv_state;
2179 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n",
2180 ieee80211_state_name[ostate],
2181 ieee80211_state_name[nstate]);
2182
2183 IEEE80211_UNLOCK(ic);
2184 RUN_LOCK(sc);
2185
2186 ratectl = sc->ratectl_run; /* remember current state */
2187 sc->ratectl_run = RUN_RATECTL_OFF;
2188 usb_callout_stop(&sc->ratectl_ch);
2189
2190 if (ostate == IEEE80211_S_RUN) {
2191 /* turn link LED off */
2192 run_set_leds(sc, RT2860_LED_RADIO);
2193 }
2194
2195 switch (nstate) {
2196 case IEEE80211_S_INIT:
2197 restart_ratectl = 1;
2198
2199 if (ostate != IEEE80211_S_RUN)
2200 break;
2201
2202 ratectl &= ~bid;
2203 sc->runbmap &= ~bid;
2204
2205 /* abort TSF synchronization if there is no vap running */
2206 if (--sc->running == 0)
2207 run_disable_tsf(sc);
2208 break;
2209
2210 case IEEE80211_S_RUN:
2211 if (!(sc->runbmap & bid)) {
2212 if(sc->running++)
2213 restart_ratectl = 1;
2214 sc->runbmap |= bid;
2215 }
2216
2217 m_freem(rvp->beacon_mbuf);
2218 rvp->beacon_mbuf = NULL;
2219
2220 switch (vap->iv_opmode) {
2221 case IEEE80211_M_HOSTAP:
2222 case IEEE80211_M_MBSS:
2223 sc->ap_running |= bid;
2224 ic->ic_opmode = vap->iv_opmode;
2225 run_update_beacon_cb(vap);
2226 break;
2227 case IEEE80211_M_IBSS:
2228 sc->adhoc_running |= bid;
2229 if (!sc->ap_running)
2230 ic->ic_opmode = vap->iv_opmode;
2231 run_update_beacon_cb(vap);
2232 break;
2233 case IEEE80211_M_STA:
2234 sc->sta_running |= bid;
2235 if (!sc->ap_running && !sc->adhoc_running)
2236 ic->ic_opmode = vap->iv_opmode;
2237
2238 /* read statistic counters (clear on read) */
2239 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2240 (uint8_t *)sta, sizeof sta);
2241
2242 break;
2243 default:
2244 ic->ic_opmode = vap->iv_opmode;
2245 break;
2246 }
2247
2248 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2249 struct ieee80211_node *ni;
2250
2251 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2252 RUN_UNLOCK(sc);
2253 IEEE80211_LOCK(ic);
2254 return (-1);
2255 }
2256 run_updateslot(ic);
2257 run_enable_mrr(sc);
2258 run_set_txpreamble(sc);
2259 run_set_basicrates(sc);
2260 ni = ieee80211_ref_node(vap->iv_bss);
2261 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2262 run_set_bssid(sc, sc->sc_bssid);
2263 ieee80211_free_node(ni);
2264 run_enable_tsf_sync(sc);
2265
2266 /* enable automatic rate adaptation */
2267 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2268 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2269 ratectl |= bid;
2270 } else
2271 run_enable_tsf(sc);
2272
2273 /* turn link LED on */
2274 run_set_leds(sc, RT2860_LED_RADIO |
2275 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2276 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2277
2278 break;
2279 default:
2280 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n");
2281 break;
2282 }
2283
2284 /* restart amrr for running VAPs */
2285 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2286 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2287
2288 RUN_UNLOCK(sc);
2289 IEEE80211_LOCK(ic);
2290
2291 return(rvp->newstate(vap, nstate, arg));
2292 }
2293
2294 static int
run_wme_update(struct ieee80211com * ic)2295 run_wme_update(struct ieee80211com *ic)
2296 {
2297 struct chanAccParams chp;
2298 struct run_softc *sc = ic->ic_softc;
2299 const struct wmeParams *ac;
2300 int aci, error = 0;
2301
2302 ieee80211_wme_ic_getparams(ic, &chp);
2303 ac = chp.cap_wmeParams;
2304
2305 /* update MAC TX configuration registers */
2306 RUN_LOCK(sc);
2307 for (aci = 0; aci < WME_NUM_AC; aci++) {
2308 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2309 ac[aci].wmep_logcwmax << 16 |
2310 ac[aci].wmep_logcwmin << 12 |
2311 ac[aci].wmep_aifsn << 8 |
2312 ac[aci].wmep_txopLimit);
2313 if (error) goto err;
2314 }
2315
2316 /* update SCH/DMA registers too */
2317 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2318 ac[WME_AC_VO].wmep_aifsn << 12 |
2319 ac[WME_AC_VI].wmep_aifsn << 8 |
2320 ac[WME_AC_BK].wmep_aifsn << 4 |
2321 ac[WME_AC_BE].wmep_aifsn);
2322 if (error) goto err;
2323 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2324 ac[WME_AC_VO].wmep_logcwmin << 12 |
2325 ac[WME_AC_VI].wmep_logcwmin << 8 |
2326 ac[WME_AC_BK].wmep_logcwmin << 4 |
2327 ac[WME_AC_BE].wmep_logcwmin);
2328 if (error) goto err;
2329 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2330 ac[WME_AC_VO].wmep_logcwmax << 12 |
2331 ac[WME_AC_VI].wmep_logcwmax << 8 |
2332 ac[WME_AC_BK].wmep_logcwmax << 4 |
2333 ac[WME_AC_BE].wmep_logcwmax);
2334 if (error) goto err;
2335 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2336 ac[WME_AC_BK].wmep_txopLimit << 16 |
2337 ac[WME_AC_BE].wmep_txopLimit);
2338 if (error) goto err;
2339 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2340 ac[WME_AC_VO].wmep_txopLimit << 16 |
2341 ac[WME_AC_VI].wmep_txopLimit);
2342
2343 err:
2344 RUN_UNLOCK(sc);
2345 if (error)
2346 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n");
2347
2348 return (error);
2349 }
2350
2351 static void
run_key_set_cb(void * arg)2352 run_key_set_cb(void *arg)
2353 {
2354 struct run_cmdq *cmdq = arg;
2355 struct ieee80211vap *vap = cmdq->arg1;
2356 struct ieee80211_key *k = cmdq->k;
2357 struct ieee80211com *ic = vap->iv_ic;
2358 struct run_softc *sc = ic->ic_softc;
2359 struct ieee80211_node *ni;
2360 u_int cipher = k->wk_cipher->ic_cipher;
2361 uint32_t attr;
2362 uint16_t base, associd;
2363 uint8_t mode, wcid, iv[8];
2364
2365 RUN_LOCK_ASSERT(sc, MA_OWNED);
2366
2367 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2368 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2369 else
2370 ni = vap->iv_bss;
2371 associd = (ni != NULL) ? ni->ni_associd : 0;
2372
2373 /* map net80211 cipher to RT2860 security mode */
2374 switch (cipher) {
2375 case IEEE80211_CIPHER_WEP:
2376 if(k->wk_keylen < 8)
2377 mode = RT2860_MODE_WEP40;
2378 else
2379 mode = RT2860_MODE_WEP104;
2380 break;
2381 case IEEE80211_CIPHER_TKIP:
2382 mode = RT2860_MODE_TKIP;
2383 break;
2384 case IEEE80211_CIPHER_AES_CCM:
2385 mode = RT2860_MODE_AES_CCMP;
2386 break;
2387 default:
2388 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n");
2389 return;
2390 }
2391
2392 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2393 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2394 associd, k->wk_keyix, mode,
2395 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2396 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2397 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2398
2399 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2400 wcid = 0; /* NB: update WCID0 for group keys */
2401 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2402 } else {
2403 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2404 1 : RUN_AID2WCID(associd);
2405 base = RT2860_PKEY(wcid);
2406 }
2407
2408 if (cipher == IEEE80211_CIPHER_TKIP) {
2409 if(run_write_region_1(sc, base, k->wk_key, 16))
2410 return;
2411 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2412 return;
2413 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2414 return;
2415 } else {
2416 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2417 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2418 return;
2419 }
2420
2421 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2422 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2423 /* set initial packet number in IV+EIV */
2424 if (cipher == IEEE80211_CIPHER_WEP) {
2425 memset(iv, 0, sizeof iv);
2426 iv[3] = vap->iv_def_txkey << 6;
2427 } else {
2428 if (cipher == IEEE80211_CIPHER_TKIP) {
2429 iv[0] = k->wk_keytsc >> 8;
2430 iv[1] = (iv[0] | 0x20) & 0x7f;
2431 iv[2] = k->wk_keytsc;
2432 } else /* CCMP */ {
2433 iv[0] = k->wk_keytsc;
2434 iv[1] = k->wk_keytsc >> 8;
2435 iv[2] = 0;
2436 }
2437 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2438 iv[4] = k->wk_keytsc >> 16;
2439 iv[5] = k->wk_keytsc >> 24;
2440 iv[6] = k->wk_keytsc >> 32;
2441 iv[7] = k->wk_keytsc >> 40;
2442 }
2443 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2444 return;
2445 }
2446
2447 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2448 /* install group key */
2449 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2450 return;
2451 attr &= ~(0xf << (k->wk_keyix * 4));
2452 attr |= mode << (k->wk_keyix * 4);
2453 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2454 return;
2455 } else {
2456 /* install pairwise key */
2457 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2458 return;
2459 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2460 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2461 return;
2462 }
2463
2464 /* TODO create a pass-thru key entry? */
2465
2466 /* need wcid to delete the right key later */
2467 k->wk_pad = wcid;
2468 }
2469
2470 /*
2471 * Don't have to be deferred, but in order to keep order of
2472 * execution, i.e. with run_key_delete(), defer this and let
2473 * run_cmdq_cb() maintain the order.
2474 *
2475 * return 0 on error
2476 */
2477 static int
run_key_set(struct ieee80211vap * vap,struct ieee80211_key * k)2478 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2479 {
2480 struct ieee80211com *ic = vap->iv_ic;
2481 struct run_softc *sc = ic->ic_softc;
2482 uint32_t i;
2483
2484 i = RUN_CMDQ_GET(&sc->cmdq_store);
2485 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2486 sc->cmdq[i].func = run_key_set_cb;
2487 sc->cmdq[i].arg0 = NULL;
2488 sc->cmdq[i].arg1 = vap;
2489 sc->cmdq[i].k = k;
2490 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2491 ieee80211_runtask(ic, &sc->cmdq_task);
2492
2493 /*
2494 * To make sure key will be set when hostapd
2495 * calls iv_key_set() before if_init().
2496 */
2497 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2498 RUN_LOCK(sc);
2499 sc->cmdq_key_set = RUN_CMDQ_GO;
2500 RUN_UNLOCK(sc);
2501 }
2502
2503 return (1);
2504 }
2505
2506 /*
2507 * If wlan is destroyed without being brought down i.e. without
2508 * wlan down or wpa_cli terminate, this function is called after
2509 * vap is gone. Don't refer it.
2510 */
2511 static void
run_key_delete_cb(void * arg)2512 run_key_delete_cb(void *arg)
2513 {
2514 struct run_cmdq *cmdq = arg;
2515 struct run_softc *sc = cmdq->arg1;
2516 struct ieee80211_key *k = &cmdq->key;
2517 uint32_t attr;
2518 uint8_t wcid;
2519
2520 RUN_LOCK_ASSERT(sc, MA_OWNED);
2521
2522 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2523 /* remove group key */
2524 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n");
2525 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2526 attr &= ~(0xf << (k->wk_keyix * 4));
2527 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2528 } else {
2529 /* remove pairwise key */
2530 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2531 "removing key for wcid %x\n", k->wk_pad);
2532 /* matching wcid was written to wk_pad in run_key_set() */
2533 wcid = k->wk_pad;
2534 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2535 attr &= ~0xf;
2536 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2537 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2538 }
2539
2540 k->wk_pad = 0;
2541 }
2542
2543 /*
2544 * return 0 on error
2545 */
2546 static int
run_key_delete(struct ieee80211vap * vap,struct ieee80211_key * k)2547 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2548 {
2549 struct ieee80211com *ic = vap->iv_ic;
2550 struct run_softc *sc = ic->ic_softc;
2551 struct ieee80211_key *k0;
2552 uint32_t i;
2553
2554 /*
2555 * When called back, key might be gone. So, make a copy
2556 * of some values need to delete keys before deferring.
2557 * But, because of LOR with node lock, cannot use lock here.
2558 * So, use atomic instead.
2559 */
2560 i = RUN_CMDQ_GET(&sc->cmdq_store);
2561 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2562 sc->cmdq[i].func = run_key_delete_cb;
2563 sc->cmdq[i].arg0 = NULL;
2564 sc->cmdq[i].arg1 = sc;
2565 k0 = &sc->cmdq[i].key;
2566 k0->wk_flags = k->wk_flags;
2567 k0->wk_keyix = k->wk_keyix;
2568 /* matching wcid was written to wk_pad in run_key_set() */
2569 k0->wk_pad = k->wk_pad;
2570 ieee80211_runtask(ic, &sc->cmdq_task);
2571 return (1); /* return fake success */
2572
2573 }
2574
2575 static void
run_ratectl_to(void * arg)2576 run_ratectl_to(void *arg)
2577 {
2578 struct run_softc *sc = arg;
2579
2580 /* do it in a process context, so it can go sleep */
2581 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2582 /* next timeout will be rescheduled in the callback task */
2583 }
2584
2585 /* ARGSUSED */
2586 static void
run_ratectl_cb(void * arg,int pending)2587 run_ratectl_cb(void *arg, int pending)
2588 {
2589 struct run_softc *sc = arg;
2590 struct ieee80211com *ic = &sc->sc_ic;
2591 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2592
2593 if (vap == NULL)
2594 return;
2595
2596 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2597 /*
2598 * run_reset_livelock() doesn't do anything with AMRR,
2599 * but Ralink wants us to call it every 1 sec. So, we
2600 * piggyback here rather than creating another callout.
2601 * Livelock may occur only in HOSTAP or IBSS mode
2602 * (when h/w is sending beacons).
2603 */
2604 RUN_LOCK(sc);
2605 run_reset_livelock(sc);
2606 /* just in case, there are some stats to drain */
2607 run_drain_fifo(sc);
2608 RUN_UNLOCK(sc);
2609 }
2610
2611 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2612
2613 RUN_LOCK(sc);
2614 if(sc->ratectl_run != RUN_RATECTL_OFF)
2615 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2616 RUN_UNLOCK(sc);
2617 }
2618
2619 static void
run_drain_fifo(void * arg)2620 run_drain_fifo(void *arg)
2621 {
2622 struct run_softc *sc = arg;
2623 uint32_t stat;
2624 uint16_t (*wstat)[3];
2625 uint8_t wcid, mcs, pid;
2626 int8_t retry;
2627
2628 RUN_LOCK_ASSERT(sc, MA_OWNED);
2629
2630 for (;;) {
2631 /* drain Tx status FIFO (maxsize = 16) */
2632 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2633 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat);
2634 if (!(stat & RT2860_TXQ_VLD))
2635 break;
2636
2637 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2638
2639 /* if no ACK was requested, no feedback is available */
2640 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2641 wcid == 0)
2642 continue;
2643
2644 /*
2645 * Even though each stat is Tx-complete-status like format,
2646 * the device can poll stats. Because there is no guarantee
2647 * that the referring node is still around when read the stats.
2648 * So that, if we use ieee80211_ratectl_tx_update(), we will
2649 * have hard time not to refer already freed node.
2650 *
2651 * To eliminate such page faults, we poll stats in softc.
2652 * Then, update the rates later with ieee80211_ratectl_tx_update().
2653 */
2654 wstat = &(sc->wcid_stats[wcid]);
2655 (*wstat)[RUN_TXCNT]++;
2656 if (stat & RT2860_TXQ_OK)
2657 (*wstat)[RUN_SUCCESS]++;
2658 else
2659 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2660 /*
2661 * Check if there were retries, ie if the Tx success rate is
2662 * different from the requested rate. Note that it works only
2663 * because we do not allow rate fallback from OFDM to CCK.
2664 */
2665 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2666 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2667 if ((retry = pid -1 - mcs) > 0) {
2668 (*wstat)[RUN_TXCNT] += retry;
2669 (*wstat)[RUN_RETRY] += retry;
2670 }
2671 }
2672 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt);
2673
2674 sc->fifo_cnt = 0;
2675 }
2676
2677 static void
run_iter_func(void * arg,struct ieee80211_node * ni)2678 run_iter_func(void *arg, struct ieee80211_node *ni)
2679 {
2680 struct run_softc *sc = arg;
2681 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2682 struct ieee80211vap *vap = ni->ni_vap;
2683 struct run_node *rn = RUN_NODE(ni);
2684 union run_stats sta[2];
2685 uint16_t (*wstat)[3];
2686 int error, ridx;
2687 uint8_t dot11rate;
2688
2689 RUN_LOCK(sc);
2690
2691 /* Check for special case */
2692 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2693 ni != vap->iv_bss)
2694 goto fail;
2695
2696 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2697 IEEE80211_RATECTL_TX_STATS_RETRIES;
2698 txs->ni = ni;
2699 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2700 vap->iv_opmode == IEEE80211_M_STA)) {
2701 /* read statistic counters (clear on read) and update AMRR state */
2702 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2703 sizeof sta);
2704 if (error != 0)
2705 goto fail;
2706
2707 /* count failed TX as errors */
2708 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2709 le16toh(sta[0].error.fail));
2710
2711 txs->nretries = le16toh(sta[1].tx.retry);
2712 txs->nsuccess = le16toh(sta[1].tx.success);
2713 /* nretries??? */
2714 txs->nframes = txs->nretries + txs->nsuccess +
2715 le16toh(sta[0].error.fail);
2716
2717 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2718 "retrycnt=%d success=%d failcnt=%d\n",
2719 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail));
2720 } else {
2721 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2722
2723 if (wstat == &(sc->wcid_stats[0]) ||
2724 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2725 goto fail;
2726
2727 txs->nretries = (*wstat)[RUN_RETRY];
2728 txs->nsuccess = (*wstat)[RUN_SUCCESS];
2729 txs->nframes = (*wstat)[RUN_TXCNT];
2730 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2731 "retrycnt=%d txcnt=%d success=%d\n",
2732 txs->nretries, txs->nframes, txs->nsuccess);
2733
2734 memset(wstat, 0, sizeof(*wstat));
2735 }
2736
2737 ieee80211_ratectl_tx_update(vap, txs);
2738 ieee80211_ratectl_rate(ni, NULL, 0);
2739 /* XXX TODO: methodize with MCS rates */
2740 dot11rate = ieee80211_node_get_txrate_dot11rate(ni);
2741 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2742 if (rt2860_rates[ridx].rate == dot11rate)
2743 break;
2744 rn->amrr_ridx = ridx;
2745
2746 fail:
2747 RUN_UNLOCK(sc);
2748
2749 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=0x%02x, ridx=%d\n",
2750 ieee80211_node_get_txrate_dot11rate(ni), rn->amrr_ridx);
2751 }
2752
2753 static void
run_newassoc_cb(void * arg)2754 run_newassoc_cb(void *arg)
2755 {
2756 struct run_cmdq *cmdq = arg;
2757 struct ieee80211_node *ni = cmdq->arg1;
2758 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2759 uint8_t wcid = cmdq->wcid;
2760
2761 RUN_LOCK_ASSERT(sc, MA_OWNED);
2762
2763 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2764 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2765
2766 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2767 }
2768
2769 static void
run_newassoc(struct ieee80211_node * ni,int isnew)2770 run_newassoc(struct ieee80211_node *ni, int isnew)
2771 {
2772 struct run_node *rn = RUN_NODE(ni);
2773 struct ieee80211vap *vap = ni->ni_vap;
2774 struct ieee80211com *ic = vap->iv_ic;
2775 struct run_softc *sc = ic->ic_softc;
2776 uint8_t rate;
2777 uint8_t ridx;
2778 uint8_t wcid;
2779
2780 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2781 1 : RUN_AID2WCID(ni->ni_associd);
2782
2783 if (wcid > RT2870_WCID_MAX) {
2784 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2785 return;
2786 }
2787
2788 /* only interested in true associations */
2789 if (isnew && ni->ni_associd != 0) {
2790 /*
2791 * This function could is called though timeout function.
2792 * Need to defer.
2793 */
2794 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2795 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt);
2796 sc->cmdq[cnt].func = run_newassoc_cb;
2797 sc->cmdq[cnt].arg0 = NULL;
2798 sc->cmdq[cnt].arg1 = ni;
2799 sc->cmdq[cnt].wcid = wcid;
2800 ieee80211_runtask(ic, &sc->cmdq_task);
2801 }
2802
2803 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
2804 "new assoc isnew=%d associd=%x addr=%s\n",
2805 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2806
2807 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2808 /* XXX TODO: methodize with MCS rates */
2809 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2810 if (rt2860_rates[ridx].rate == rate)
2811 break;
2812 rn->mgt_ridx = ridx;
2813 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2814 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2815
2816 RUN_LOCK(sc);
2817 if(sc->ratectl_run != RUN_RATECTL_OFF)
2818 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2819 RUN_UNLOCK(sc);
2820 }
2821
2822 /*
2823 * Return the Rx chain with the highest RSSI for a given frame.
2824 */
2825 static __inline uint8_t
run_maxrssi_chain(struct run_softc * sc,const struct rt2860_rxwi * rxwi)2826 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2827 {
2828 uint8_t rxchain = 0;
2829
2830 if (sc->nrxchains > 1) {
2831 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2832 rxchain = 1;
2833 if (sc->nrxchains > 2)
2834 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2835 rxchain = 2;
2836 }
2837 return (rxchain);
2838 }
2839
2840 static void
run_recv_mgmt(struct ieee80211_node * ni,struct mbuf * m,int subtype,const struct ieee80211_rx_stats * rxs,int rssi,int nf)2841 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2842 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2843 {
2844 struct ieee80211vap *vap = ni->ni_vap;
2845 struct run_softc *sc = vap->iv_ic->ic_softc;
2846 struct run_vap *rvp = RUN_VAP(vap);
2847 uint64_t ni_tstamp, rx_tstamp;
2848
2849 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2850
2851 if (vap->iv_state == IEEE80211_S_RUN &&
2852 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2853 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2854 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2855 RUN_LOCK(sc);
2856 run_get_tsf(sc, &rx_tstamp);
2857 RUN_UNLOCK(sc);
2858 rx_tstamp = le64toh(rx_tstamp);
2859
2860 if (ni_tstamp >= rx_tstamp) {
2861 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON,
2862 "ibss merge, tsf %ju tstamp %ju\n",
2863 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2864 (void) ieee80211_ibss_merge(ni);
2865 }
2866 }
2867 }
2868
2869 static void
run_rx_frame(struct run_softc * sc,struct mbuf * m,uint32_t dmalen)2870 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2871 {
2872 struct ieee80211com *ic = &sc->sc_ic;
2873 struct ieee80211_frame *wh;
2874 struct ieee80211_node *ni;
2875 struct rt2870_rxd *rxd;
2876 struct rt2860_rxwi *rxwi;
2877 uint32_t flags;
2878 uint16_t len, rxwisize;
2879 uint8_t ant, rssi;
2880 int8_t nf;
2881
2882 rxwisize = sizeof(struct rt2860_rxwi);
2883 if (sc->mac_ver == 0x5592)
2884 rxwisize += sizeof(uint64_t);
2885 else if (sc->mac_ver == 0x3593)
2886 rxwisize += sizeof(uint32_t);
2887
2888 if (__predict_false(dmalen <
2889 rxwisize + sizeof(struct ieee80211_frame_ack))) {
2890 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2891 "payload is too short: dma length %u < %zu\n",
2892 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack));
2893 goto fail;
2894 }
2895
2896 rxwi = mtod(m, struct rt2860_rxwi *);
2897 len = le16toh(rxwi->len) & 0xfff;
2898
2899 if (__predict_false(len > dmalen - rxwisize)) {
2900 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2901 "bad RXWI length %u > %u\n", len, dmalen);
2902 goto fail;
2903 }
2904
2905 /* Rx descriptor is located at the end */
2906 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2907 flags = le32toh(rxd->flags);
2908
2909 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2910 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n",
2911 (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2912 goto fail;
2913 }
2914
2915 if (flags & RT2860_RX_L2PAD) {
2916 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2917 "received RT2860_RX_L2PAD frame\n");
2918 len += 2;
2919 }
2920
2921 m->m_data += rxwisize;
2922 m->m_pkthdr.len = m->m_len = len;
2923
2924 wh = mtod(m, struct ieee80211_frame *);
2925
2926 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 &&
2927 (flags & RT2860_RX_DEC) != 0) {
2928 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2929 m->m_flags |= M_WEP;
2930 }
2931
2932 if (len >= sizeof(struct ieee80211_frame_min)) {
2933 ni = ieee80211_find_rxnode(ic,
2934 mtod(m, struct ieee80211_frame_min *));
2935 } else
2936 ni = NULL;
2937
2938 if(ni && ni->ni_flags & IEEE80211_NODE_HT) {
2939 m->m_flags |= M_AMPDU;
2940 }
2941
2942 if (__predict_false(flags & RT2860_RX_MICERR)) {
2943 /* report MIC failures to net80211 for TKIP */
2944 if (ni != NULL)
2945 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2946 rxwi->keyidx);
2947 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2948 "MIC error. Someone is lying.\n");
2949 goto fail;
2950 }
2951
2952 ant = run_maxrssi_chain(sc, rxwi);
2953 rssi = rxwi->rssi[ant];
2954 nf = run_rssi2dbm(sc, rssi, ant);
2955
2956 if (__predict_false(ieee80211_radiotap_active(ic))) {
2957 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2958 uint16_t phy;
2959
2960 tap->wr_flags = 0;
2961 if (flags & RT2860_RX_L2PAD)
2962 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
2963 tap->wr_antsignal = rssi;
2964 tap->wr_antenna = ant;
2965 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2966 tap->wr_rate = 2; /* in case it can't be found below */
2967 RUN_LOCK(sc);
2968 run_get_tsf(sc, &tap->wr_tsf);
2969 RUN_UNLOCK(sc);
2970 phy = le16toh(rxwi->phy);
2971 switch (phy & RT2860_PHY_MODE) {
2972 case RT2860_PHY_CCK:
2973 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2974 case 0: tap->wr_rate = 2; break;
2975 case 1: tap->wr_rate = 4; break;
2976 case 2: tap->wr_rate = 11; break;
2977 case 3: tap->wr_rate = 22; break;
2978 }
2979 if (phy & RT2860_PHY_SHPRE)
2980 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2981 break;
2982 case RT2860_PHY_OFDM:
2983 switch (phy & RT2860_PHY_MCS) {
2984 case 0: tap->wr_rate = 12; break;
2985 case 1: tap->wr_rate = 18; break;
2986 case 2: tap->wr_rate = 24; break;
2987 case 3: tap->wr_rate = 36; break;
2988 case 4: tap->wr_rate = 48; break;
2989 case 5: tap->wr_rate = 72; break;
2990 case 6: tap->wr_rate = 96; break;
2991 case 7: tap->wr_rate = 108; break;
2992 }
2993 break;
2994 }
2995 }
2996
2997 if (ni != NULL) {
2998 (void)ieee80211_input(ni, m, rssi, nf);
2999 ieee80211_free_node(ni);
3000 } else {
3001 (void)ieee80211_input_all(ic, m, rssi, nf);
3002 }
3003
3004 return;
3005
3006 fail:
3007 m_freem(m);
3008 counter_u64_add(ic->ic_ierrors, 1);
3009 }
3010
3011 static void
run_bulk_rx_callback(struct usb_xfer * xfer,usb_error_t error)3012 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
3013 {
3014 struct run_softc *sc = usbd_xfer_softc(xfer);
3015 struct ieee80211com *ic = &sc->sc_ic;
3016 struct mbuf *m = NULL;
3017 struct mbuf *m0;
3018 uint32_t dmalen, mbuf_len;
3019 uint16_t rxwisize;
3020 int xferlen;
3021
3022 rxwisize = sizeof(struct rt2860_rxwi);
3023 if (sc->mac_ver == 0x5592)
3024 rxwisize += sizeof(uint64_t);
3025 else if (sc->mac_ver == 0x3593)
3026 rxwisize += sizeof(uint32_t);
3027
3028 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
3029
3030 switch (USB_GET_STATE(xfer)) {
3031 case USB_ST_TRANSFERRED:
3032
3033 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
3034 "rx done, actlen=%d\n", xferlen);
3035
3036 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
3037 sizeof(struct rt2870_rxd))) {
3038 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3039 "xfer too short %d\n", xferlen);
3040 goto tr_setup;
3041 }
3042
3043 m = sc->rx_m;
3044 sc->rx_m = NULL;
3045
3046 /* FALLTHROUGH */
3047 case USB_ST_SETUP:
3048 tr_setup:
3049 if (sc->rx_m == NULL) {
3050 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
3051 RUN_MAX_RXSZ);
3052 }
3053 if (sc->rx_m == NULL) {
3054 RUN_DPRINTF(sc, RUN_DEBUG_RECV |
3055 RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3056 "could not allocate mbuf - idle with stall\n");
3057 counter_u64_add(ic->ic_ierrors, 1);
3058 usbd_xfer_set_stall(xfer);
3059 usbd_xfer_set_frames(xfer, 0);
3060 } else {
3061 /*
3062 * Directly loading a mbuf cluster into DMA to
3063 * save some data copying. This works because
3064 * there is only one cluster.
3065 */
3066 usbd_xfer_set_frame_data(xfer, 0,
3067 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
3068 usbd_xfer_set_frames(xfer, 1);
3069 }
3070 usbd_transfer_submit(xfer);
3071 break;
3072
3073 default: /* Error */
3074 if (error != USB_ERR_CANCELLED) {
3075 /* try to clear stall first */
3076 usbd_xfer_set_stall(xfer);
3077 if (error == USB_ERR_TIMEOUT)
3078 device_printf(sc->sc_dev, "device timeout\n");
3079 counter_u64_add(ic->ic_ierrors, 1);
3080 goto tr_setup;
3081 }
3082 if (sc->rx_m != NULL) {
3083 m_freem(sc->rx_m);
3084 sc->rx_m = NULL;
3085 }
3086 break;
3087 }
3088
3089 if (m == NULL)
3090 return;
3091
3092 /* inputting all the frames must be last */
3093
3094 RUN_UNLOCK(sc);
3095
3096 m->m_pkthdr.len = m->m_len = xferlen;
3097
3098 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
3099 for(;;) {
3100 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
3101
3102 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
3103 ((dmalen & 3) != 0)) {
3104 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3105 "bad DMA length %u\n", dmalen);
3106 break;
3107 }
3108 if ((dmalen + 8) > (uint32_t)xferlen) {
3109 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3110 "bad DMA length %u > %d\n",
3111 dmalen + 8, xferlen);
3112 break;
3113 }
3114
3115 /* If it is the last one or a single frame, we won't copy. */
3116 if ((xferlen -= dmalen + 8) <= 8) {
3117 /* trim 32-bit DMA-len header */
3118 m->m_data += 4;
3119 m->m_pkthdr.len = m->m_len -= 4;
3120 run_rx_frame(sc, m, dmalen);
3121 m = NULL; /* don't free source buffer */
3122 break;
3123 }
3124
3125 mbuf_len = dmalen + sizeof(struct rt2870_rxd);
3126 if (__predict_false(mbuf_len > MCLBYTES)) {
3127 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3128 "payload is too big: mbuf_len %u\n", mbuf_len);
3129 counter_u64_add(ic->ic_ierrors, 1);
3130 break;
3131 }
3132
3133 /* copy aggregated frames to another mbuf */
3134 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3135 if (__predict_false(m0 == NULL)) {
3136 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC,
3137 "could not allocate mbuf\n");
3138 counter_u64_add(ic->ic_ierrors, 1);
3139 break;
3140 }
3141 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3142 mbuf_len, mtod(m0, caddr_t));
3143 m0->m_pkthdr.len = m0->m_len = mbuf_len;
3144 run_rx_frame(sc, m0, dmalen);
3145
3146 /* update data ptr */
3147 m->m_data += mbuf_len + 4;
3148 m->m_pkthdr.len = m->m_len -= mbuf_len + 4;
3149 }
3150
3151 /* make sure we free the source buffer, if any */
3152 m_freem(m);
3153
3154 #ifdef IEEE80211_SUPPORT_SUPERG
3155 ieee80211_ff_age_all(ic, 100);
3156 #endif
3157 RUN_LOCK(sc);
3158 }
3159
3160 static void
run_tx_free(struct run_endpoint_queue * pq,struct run_tx_data * data,int txerr)3161 run_tx_free(struct run_endpoint_queue *pq,
3162 struct run_tx_data *data, int txerr)
3163 {
3164
3165 ieee80211_tx_complete(data->ni, data->m, txerr);
3166
3167 data->m = NULL;
3168 data->ni = NULL;
3169
3170 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3171 pq->tx_nfree++;
3172 }
3173
3174 static void
run_bulk_tx_callbackN(struct usb_xfer * xfer,usb_error_t error,u_int index)3175 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3176 {
3177 struct run_softc *sc = usbd_xfer_softc(xfer);
3178 struct ieee80211com *ic = &sc->sc_ic;
3179 struct run_tx_data *data;
3180 struct ieee80211vap *vap = NULL;
3181 struct usb_page_cache *pc;
3182 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3183 struct mbuf *m;
3184 usb_frlength_t size;
3185 int actlen;
3186 int sumlen;
3187
3188 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3189
3190 switch (USB_GET_STATE(xfer)) {
3191 case USB_ST_TRANSFERRED:
3192 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3193 "transfer complete: %d bytes @ index %d\n", actlen, index);
3194
3195 data = usbd_xfer_get_priv(xfer);
3196 run_tx_free(pq, data, 0);
3197 usbd_xfer_set_priv(xfer, NULL);
3198
3199 /* FALLTHROUGH */
3200 case USB_ST_SETUP:
3201 tr_setup:
3202 data = STAILQ_FIRST(&pq->tx_qh);
3203 if (data == NULL)
3204 break;
3205
3206 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3207
3208 m = data->m;
3209 size = (sc->mac_ver == 0x5592) ?
3210 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3211 if ((m->m_pkthdr.len +
3212 size + 3 + 8) > RUN_MAX_TXSZ) {
3213 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB,
3214 "data overflow, %u bytes\n", m->m_pkthdr.len);
3215 run_tx_free(pq, data, 1);
3216 goto tr_setup;
3217 }
3218
3219 pc = usbd_xfer_get_frame(xfer, 0);
3220 usbd_copy_in(pc, 0, &data->desc, size);
3221 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3222 size += m->m_pkthdr.len;
3223 /*
3224 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3225 * 4-byte padding), and be sure to zero those trailing
3226 * bytes:
3227 */
3228 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3229 size += ((-size) & 3) + 8;
3230
3231 vap = data->ni->ni_vap;
3232 if (ieee80211_radiotap_active_vap(vap)) {
3233 const struct ieee80211_frame *wh;
3234 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3235 struct rt2860_txwi *txwi =
3236 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3237 int has_l2pad;
3238
3239 wh = mtod(m, struct ieee80211_frame *);
3240 has_l2pad = IEEE80211_HAS_ADDR4(wh) !=
3241 IEEE80211_QOS_HAS_SEQ(wh);
3242
3243 tap->wt_flags = 0;
3244 tap->wt_rate = rt2860_rates[data->ridx].rate;
3245 tap->wt_hwqueue = index;
3246 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3247 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3248 if (has_l2pad)
3249 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
3250
3251 ieee80211_radiotap_tx(vap, m);
3252 }
3253
3254 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3255 "sending frame len=%u/%u @ index %d\n",
3256 m->m_pkthdr.len, size, index);
3257
3258 usbd_xfer_set_frame_len(xfer, 0, size);
3259 usbd_xfer_set_priv(xfer, data);
3260 usbd_transfer_submit(xfer);
3261 run_start(sc);
3262
3263 break;
3264
3265 default:
3266 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3267 "USB transfer error, %s\n", usbd_errstr(error));
3268
3269 data = usbd_xfer_get_priv(xfer);
3270
3271 if (data != NULL) {
3272 if(data->ni != NULL)
3273 vap = data->ni->ni_vap;
3274 run_tx_free(pq, data, error);
3275 usbd_xfer_set_priv(xfer, NULL);
3276 }
3277
3278 if (vap == NULL)
3279 vap = TAILQ_FIRST(&ic->ic_vaps);
3280
3281 if (error != USB_ERR_CANCELLED) {
3282 if (error == USB_ERR_TIMEOUT) {
3283 device_printf(sc->sc_dev, "device timeout\n");
3284 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3285 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3286 "cmdq_store=%d\n", i);
3287 sc->cmdq[i].func = run_usb_timeout_cb;
3288 sc->cmdq[i].arg0 = vap;
3289 ieee80211_runtask(ic, &sc->cmdq_task);
3290 }
3291
3292 /*
3293 * Try to clear stall first, also if other
3294 * errors occur, hence clearing stall
3295 * introduces a 50 ms delay:
3296 */
3297 usbd_xfer_set_stall(xfer);
3298 goto tr_setup;
3299 }
3300 break;
3301 }
3302 #ifdef IEEE80211_SUPPORT_SUPERG
3303 /* XXX TODO: make this deferred rather than unlock/relock */
3304 /* XXX TODO: should only do the QoS AC this belongs to */
3305 if (pq->tx_nfree >= RUN_TX_RING_COUNT) {
3306 RUN_UNLOCK(sc);
3307 ieee80211_ff_flush_all(ic);
3308 RUN_LOCK(sc);
3309 }
3310 #endif
3311 }
3312
3313 static void
run_bulk_tx_callback0(struct usb_xfer * xfer,usb_error_t error)3314 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3315 {
3316 run_bulk_tx_callbackN(xfer, error, 0);
3317 }
3318
3319 static void
run_bulk_tx_callback1(struct usb_xfer * xfer,usb_error_t error)3320 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3321 {
3322 run_bulk_tx_callbackN(xfer, error, 1);
3323 }
3324
3325 static void
run_bulk_tx_callback2(struct usb_xfer * xfer,usb_error_t error)3326 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3327 {
3328 run_bulk_tx_callbackN(xfer, error, 2);
3329 }
3330
3331 static void
run_bulk_tx_callback3(struct usb_xfer * xfer,usb_error_t error)3332 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3333 {
3334 run_bulk_tx_callbackN(xfer, error, 3);
3335 }
3336
3337 static void
run_bulk_tx_callback4(struct usb_xfer * xfer,usb_error_t error)3338 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3339 {
3340 run_bulk_tx_callbackN(xfer, error, 4);
3341 }
3342
3343 static void
run_bulk_tx_callback5(struct usb_xfer * xfer,usb_error_t error)3344 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3345 {
3346 run_bulk_tx_callbackN(xfer, error, 5);
3347 }
3348
3349 static void
run_set_tx_desc(struct run_softc * sc,struct run_tx_data * data)3350 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3351 {
3352 struct mbuf *m = data->m;
3353 struct ieee80211com *ic = &sc->sc_ic;
3354 struct ieee80211vap *vap = data->ni->ni_vap;
3355 struct ieee80211_frame *wh;
3356 struct rt2870_txd *txd;
3357 struct rt2860_txwi *txwi;
3358 uint16_t xferlen, txwisize;
3359 uint16_t mcs;
3360 uint8_t ridx = data->ridx;
3361 uint8_t pad;
3362
3363 /* get MCS code from rate index */
3364 mcs = rt2860_rates[ridx].mcs;
3365
3366 txwisize = (sc->mac_ver == 0x5592) ?
3367 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3368 xferlen = txwisize + m->m_pkthdr.len;
3369
3370 /* roundup to 32-bit alignment */
3371 xferlen = (xferlen + 3) & ~3;
3372
3373 txd = (struct rt2870_txd *)&data->desc;
3374 txd->len = htole16(xferlen);
3375
3376 wh = mtod(m, struct ieee80211_frame *);
3377
3378 /*
3379 * Ether both are true or both are false, the header
3380 * are nicely aligned to 32-bit. So, no L2 padding.
3381 */
3382 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3383 pad = 0;
3384 else
3385 pad = 2;
3386
3387 /* setup TX Wireless Information */
3388 txwi = (struct rt2860_txwi *)(txd + 1);
3389 txwi->len = htole16(m->m_pkthdr.len - pad);
3390 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3391 mcs |= RT2860_PHY_CCK;
3392 if (ridx != RT2860_RIDX_CCK1 &&
3393 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3394 mcs |= RT2860_PHY_SHPRE;
3395 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) {
3396 mcs |= RT2860_PHY_OFDM;
3397 } else if (rt2860_rates[ridx].phy == IEEE80211_T_HT) {
3398 /* XXX TODO: [adrian] set short preamble for MCS? */
3399 mcs |= RT2860_PHY_HT_MIX; /* Mixed, not greenfield */
3400 }
3401 txwi->phy = htole16(mcs);
3402
3403 /* check if RTS/CTS or CTS-to-self protection is required */
3404 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3405 ((m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) ||
3406 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3407 rt2860_rates[ridx].phy == IEEE80211_T_OFDM) ||
3408 ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) &&
3409 rt2860_rates[ridx].phy == IEEE80211_T_HT)))
3410 txwi->txop |= RT2860_TX_TXOP_HT;
3411 else
3412 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3413
3414 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3415 txwi->xflags |= RT2860_TX_NSEQ;
3416 }
3417
3418 /* This function must be called locked */
3419 static int
run_tx(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni)3420 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3421 {
3422 struct ieee80211com *ic = &sc->sc_ic;
3423 struct ieee80211vap *vap = ni->ni_vap;
3424 struct ieee80211_frame *wh;
3425 const struct ieee80211_txparam *tp = ni->ni_txparms;
3426 struct run_node *rn = RUN_NODE(ni);
3427 struct run_tx_data *data;
3428 struct rt2870_txd *txd;
3429 struct rt2860_txwi *txwi;
3430 uint16_t qos;
3431 uint16_t dur;
3432 uint16_t qid;
3433 uint8_t type;
3434 uint8_t tid;
3435 uint8_t ridx;
3436 uint8_t ctl_ridx;
3437 uint8_t qflags;
3438 uint8_t xflags = 0;
3439 int hasqos;
3440
3441 RUN_LOCK_ASSERT(sc, MA_OWNED);
3442
3443 wh = mtod(m, struct ieee80211_frame *);
3444
3445 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3446
3447 /*
3448 * There are 7 bulk endpoints: 1 for RX
3449 * and 6 for TX (4 EDCAs + HCCA + Prio).
3450 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3451 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3452 */
3453 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3454 uint8_t *frm;
3455
3456 frm = ieee80211_getqos(wh);
3457 qos = le16toh(*(const uint16_t *)frm);
3458 tid = qos & IEEE80211_QOS_TID;
3459 qid = TID_TO_WME_AC(tid);
3460 } else {
3461 qos = 0;
3462 tid = 0;
3463 qid = WME_AC_BE;
3464 }
3465 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3466
3467 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3468 qos, qid, tid, qflags);
3469
3470 /* pickup a rate index */
3471 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3472 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3473 /* XXX TODO: methodize for 11n; use MCS0 for 11NA/11NG */
3474 ridx = (ic->ic_curmode == IEEE80211_MODE_11A || ic->ic_curmode == IEEE80211_MODE_11NA) ?
3475 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3476 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3477 } else {
3478 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3479 ridx = rn->fix_ridx;
3480 else
3481 ridx = rn->amrr_ridx;
3482 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3483 }
3484
3485 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3486 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3487 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3488 xflags |= RT2860_TX_ACK;
3489 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3490 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3491 else
3492 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3493 USETW(wh->i_dur, dur);
3494 }
3495
3496 /* reserve slots for mgmt packets, just in case */
3497 if (sc->sc_epq[qid].tx_nfree < 3) {
3498 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid);
3499 return (-1);
3500 }
3501
3502 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3503 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3504 sc->sc_epq[qid].tx_nfree--;
3505
3506 txd = (struct rt2870_txd *)&data->desc;
3507 txd->flags = qflags;
3508 txwi = (struct rt2860_txwi *)(txd + 1);
3509 txwi->xflags = xflags;
3510 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3511 txwi->wcid = 0;
3512 else
3513 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3514 1 : RUN_AID2WCID(ni->ni_associd);
3515
3516 /* clear leftover garbage bits */
3517 txwi->flags = 0;
3518 txwi->txop = 0;
3519
3520 data->m = m;
3521 data->ni = ni;
3522 data->ridx = ridx;
3523
3524 run_set_tx_desc(sc, data);
3525
3526 /*
3527 * The chip keeps track of 2 kind of Tx stats,
3528 * * TX_STAT_FIFO, for per WCID stats, and
3529 * * TX_STA_CNT0 for all-TX-in-one stats.
3530 *
3531 * To use FIFO stats, we need to store MCS into the driver-private
3532 * PacketID field. So that, we can tell whose stats when we read them.
3533 * We add 1 to the MCS because setting the PacketID field to 0 means
3534 * that we don't want feedback in TX_STAT_FIFO.
3535 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3536 *
3537 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3538 */
3539 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3540 vap->iv_opmode == IEEE80211_M_MBSS) {
3541 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3542 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3543
3544 /*
3545 * Unlike PCI based devices, we don't get any interrupt from
3546 * USB devices, so we simulate FIFO-is-full interrupt here.
3547 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3548 * quickly get fulled. To prevent overflow, increment a counter on
3549 * every FIFO stat request, so we know how many slots are left.
3550 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3551 * are used only in those modes.
3552 * We just drain stats. AMRR gets updated every 1 sec by
3553 * run_ratectl_cb() via callout.
3554 * Call it early. Otherwise overflow.
3555 */
3556 if (sc->fifo_cnt++ == 10) {
3557 /*
3558 * With multiple vaps or if_bridge, if_start() is called
3559 * with a non-sleepable lock, tcpinp. So, need to defer.
3560 */
3561 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3562 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i);
3563 sc->cmdq[i].func = run_drain_fifo;
3564 sc->cmdq[i].arg0 = sc;
3565 ieee80211_runtask(ic, &sc->cmdq_task);
3566 }
3567 }
3568
3569 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3570
3571 usbd_transfer_start(sc->sc_xfer[qid]);
3572
3573 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3574 "sending data frame len=%d rate=%d qid=%d\n",
3575 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3576 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3577
3578 return (0);
3579 }
3580
3581 static int
run_tx_mgt(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni)3582 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3583 {
3584 struct ieee80211com *ic = &sc->sc_ic;
3585 struct run_node *rn = RUN_NODE(ni);
3586 struct run_tx_data *data;
3587 struct ieee80211_frame *wh;
3588 struct rt2870_txd *txd;
3589 struct rt2860_txwi *txwi;
3590 uint16_t dur;
3591 uint8_t ridx = rn->mgt_ridx;
3592 uint8_t xflags = 0;
3593 uint8_t wflags = 0;
3594
3595 RUN_LOCK_ASSERT(sc, MA_OWNED);
3596
3597 wh = mtod(m, struct ieee80211_frame *);
3598
3599 /* tell hardware to add timestamp for probe responses */
3600 if (IEEE80211_IS_MGMT_PROBE_RESP(wh))
3601 wflags |= RT2860_TX_TS;
3602 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3603 xflags |= RT2860_TX_ACK;
3604
3605 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3606 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3607 USETW(wh->i_dur, dur);
3608 }
3609
3610 if (sc->sc_epq[0].tx_nfree == 0)
3611 /* let caller free mbuf */
3612 return (EIO);
3613 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3614 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3615 sc->sc_epq[0].tx_nfree--;
3616
3617 txd = (struct rt2870_txd *)&data->desc;
3618 txd->flags = RT2860_TX_QSEL_EDCA;
3619 txwi = (struct rt2860_txwi *)(txd + 1);
3620 txwi->wcid = 0xff;
3621 txwi->flags = wflags;
3622 txwi->xflags = xflags;
3623 txwi->txop = 0; /* clear leftover garbage bits */
3624
3625 data->m = m;
3626 data->ni = ni;
3627 data->ridx = ridx;
3628
3629 run_set_tx_desc(sc, data);
3630
3631 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n",
3632 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3633 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate);
3634
3635 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3636
3637 usbd_transfer_start(sc->sc_xfer[0]);
3638
3639 return (0);
3640 }
3641
3642 static int
run_sendprot(struct run_softc * sc,const struct mbuf * m,struct ieee80211_node * ni,int prot,int rate)3643 run_sendprot(struct run_softc *sc,
3644 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3645 {
3646 struct ieee80211com *ic = ni->ni_ic;
3647 struct run_tx_data *data;
3648 struct rt2870_txd *txd;
3649 struct rt2860_txwi *txwi;
3650 struct mbuf *mprot;
3651 int ridx;
3652 int protrate;
3653 uint8_t wflags = 0;
3654 uint8_t xflags = 0;
3655
3656 RUN_LOCK_ASSERT(sc, MA_OWNED);
3657
3658 /* check that there are free slots before allocating the mbuf */
3659 if (sc->sc_epq[0].tx_nfree == 0)
3660 /* let caller free mbuf */
3661 return (ENOBUFS);
3662
3663 mprot = ieee80211_alloc_prot(ni, m, rate, prot);
3664 if (mprot == NULL) {
3665 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3666 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n");
3667 return (ENOBUFS);
3668 }
3669
3670 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3671 wflags = RT2860_TX_FRAG;
3672 xflags = 0;
3673 if (prot == IEEE80211_PROT_RTSCTS)
3674 xflags |= RT2860_TX_ACK;
3675
3676 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3677 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3678 sc->sc_epq[0].tx_nfree--;
3679
3680 txd = (struct rt2870_txd *)&data->desc;
3681 txd->flags = RT2860_TX_QSEL_EDCA;
3682 txwi = (struct rt2860_txwi *)(txd + 1);
3683 txwi->wcid = 0xff;
3684 txwi->flags = wflags;
3685 txwi->xflags = xflags;
3686 txwi->txop = 0; /* clear leftover garbage bits */
3687
3688 data->m = mprot;
3689 data->ni = ieee80211_ref_node(ni);
3690
3691 /* XXX TODO: methodize with MCS rates */
3692 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3693 if (rt2860_rates[ridx].rate == protrate)
3694 break;
3695 data->ridx = ridx;
3696
3697 run_set_tx_desc(sc, data);
3698
3699 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n",
3700 m->m_pkthdr.len, rate);
3701
3702 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3703
3704 usbd_transfer_start(sc->sc_xfer[0]);
3705
3706 return (0);
3707 }
3708
3709 static int
run_tx_param(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni,const struct ieee80211_bpf_params * params)3710 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3711 const struct ieee80211_bpf_params *params)
3712 {
3713 struct ieee80211com *ic = ni->ni_ic;
3714 struct run_tx_data *data;
3715 struct rt2870_txd *txd;
3716 struct rt2860_txwi *txwi;
3717 uint8_t ridx;
3718 uint8_t rate;
3719 uint8_t opflags = 0;
3720 uint8_t xflags = 0;
3721 int error;
3722
3723 RUN_LOCK_ASSERT(sc, MA_OWNED);
3724
3725 KASSERT(params != NULL, ("no raw xmit params"));
3726
3727 rate = params->ibp_rate0;
3728 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3729 /* let caller free mbuf */
3730 return (EINVAL);
3731 }
3732
3733 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3734 xflags |= RT2860_TX_ACK;
3735 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3736 error = run_sendprot(sc, m, ni,
3737 params->ibp_flags & IEEE80211_BPF_RTS ?
3738 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3739 rate);
3740 if (error) {
3741 /* let caller free mbuf */
3742 return error;
3743 }
3744 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3745 }
3746
3747 if (sc->sc_epq[0].tx_nfree == 0) {
3748 /* let caller free mbuf */
3749 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3750 "sending raw frame, but tx ring is full\n");
3751 return (EIO);
3752 }
3753 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3754 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3755 sc->sc_epq[0].tx_nfree--;
3756
3757 txd = (struct rt2870_txd *)&data->desc;
3758 txd->flags = RT2860_TX_QSEL_EDCA;
3759 txwi = (struct rt2860_txwi *)(txd + 1);
3760 txwi->wcid = 0xff;
3761 txwi->xflags = xflags;
3762 txwi->txop = opflags;
3763 txwi->flags = 0; /* clear leftover garbage bits */
3764
3765 data->m = m;
3766 data->ni = ni;
3767 /* XXX TODO: methodize with MCS rates */
3768 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3769 if (rt2860_rates[ridx].rate == rate)
3770 break;
3771 data->ridx = ridx;
3772
3773 run_set_tx_desc(sc, data);
3774
3775 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n",
3776 m->m_pkthdr.len, rate);
3777
3778 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3779
3780 usbd_transfer_start(sc->sc_xfer[0]);
3781
3782 return (0);
3783 }
3784
3785 static int
run_raw_xmit(struct ieee80211_node * ni,struct mbuf * m,const struct ieee80211_bpf_params * params)3786 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3787 const struct ieee80211_bpf_params *params)
3788 {
3789 struct run_softc *sc = ni->ni_ic->ic_softc;
3790 int error = 0;
3791
3792 RUN_LOCK(sc);
3793
3794 /* prevent management frames from being sent if we're not ready */
3795 if (!(sc->sc_flags & RUN_RUNNING)) {
3796 error = ENETDOWN;
3797 goto done;
3798 }
3799
3800 if (params == NULL) {
3801 /* tx mgt packet */
3802 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3803 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n");
3804 goto done;
3805 }
3806 } else {
3807 /* tx raw packet with param */
3808 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3809 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n");
3810 goto done;
3811 }
3812 }
3813
3814 done:
3815 RUN_UNLOCK(sc);
3816
3817 if (error != 0) {
3818 if(m != NULL)
3819 m_freem(m);
3820 }
3821
3822 return (error);
3823 }
3824
3825 static int
run_transmit(struct ieee80211com * ic,struct mbuf * m)3826 run_transmit(struct ieee80211com *ic, struct mbuf *m)
3827 {
3828 struct run_softc *sc = ic->ic_softc;
3829 int error;
3830
3831 RUN_LOCK(sc);
3832 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3833 RUN_UNLOCK(sc);
3834 return (ENXIO);
3835 }
3836 error = mbufq_enqueue(&sc->sc_snd, m);
3837 if (error) {
3838 RUN_UNLOCK(sc);
3839 return (error);
3840 }
3841 run_start(sc);
3842 RUN_UNLOCK(sc);
3843
3844 return (0);
3845 }
3846
3847 static void
run_start(struct run_softc * sc)3848 run_start(struct run_softc *sc)
3849 {
3850 struct ieee80211_node *ni;
3851 struct mbuf *m;
3852
3853 RUN_LOCK_ASSERT(sc, MA_OWNED);
3854
3855 if ((sc->sc_flags & RUN_RUNNING) == 0)
3856 return;
3857
3858 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3859 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3860 if (run_tx(sc, m, ni) != 0) {
3861 mbufq_prepend(&sc->sc_snd, m);
3862 break;
3863 }
3864 }
3865 }
3866
3867 static void
run_parent(struct ieee80211com * ic)3868 run_parent(struct ieee80211com *ic)
3869 {
3870 struct run_softc *sc = ic->ic_softc;
3871 int startall = 0;
3872
3873 RUN_LOCK(sc);
3874 if (sc->sc_detached) {
3875 RUN_UNLOCK(sc);
3876 return;
3877 }
3878
3879 if (ic->ic_nrunning > 0) {
3880 if (!(sc->sc_flags & RUN_RUNNING)) {
3881 startall = 1;
3882 run_init_locked(sc);
3883 } else
3884 run_update_promisc_locked(sc);
3885 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3886 run_stop(sc);
3887 RUN_UNLOCK(sc);
3888 if (startall)
3889 ieee80211_start_all(ic);
3890 }
3891
3892 static void
run_iq_calib(struct run_softc * sc,u_int chan)3893 run_iq_calib(struct run_softc *sc, u_int chan)
3894 {
3895 uint16_t val;
3896
3897 /* Tx0 IQ gain. */
3898 run_bbp_write(sc, 158, 0x2c);
3899 if (chan <= 14)
3900 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3901 else if (chan <= 64) {
3902 run_efuse_read(sc,
3903 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3904 &val, 1);
3905 } else if (chan <= 138) {
3906 run_efuse_read(sc,
3907 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3908 &val, 1);
3909 } else if (chan <= 165) {
3910 run_efuse_read(sc,
3911 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3912 &val, 1);
3913 } else
3914 val = 0;
3915 run_bbp_write(sc, 159, val);
3916
3917 /* Tx0 IQ phase. */
3918 run_bbp_write(sc, 158, 0x2d);
3919 if (chan <= 14) {
3920 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3921 &val, 1);
3922 } else if (chan <= 64) {
3923 run_efuse_read(sc,
3924 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3925 &val, 1);
3926 } else if (chan <= 138) {
3927 run_efuse_read(sc,
3928 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3929 &val, 1);
3930 } else if (chan <= 165) {
3931 run_efuse_read(sc,
3932 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3933 &val, 1);
3934 } else
3935 val = 0;
3936 run_bbp_write(sc, 159, val);
3937
3938 /* Tx1 IQ gain. */
3939 run_bbp_write(sc, 158, 0x4a);
3940 if (chan <= 14) {
3941 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3942 &val, 1);
3943 } else if (chan <= 64) {
3944 run_efuse_read(sc,
3945 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3946 &val, 1);
3947 } else if (chan <= 138) {
3948 run_efuse_read(sc,
3949 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3950 &val, 1);
3951 } else if (chan <= 165) {
3952 run_efuse_read(sc,
3953 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3954 &val, 1);
3955 } else
3956 val = 0;
3957 run_bbp_write(sc, 159, val);
3958
3959 /* Tx1 IQ phase. */
3960 run_bbp_write(sc, 158, 0x4b);
3961 if (chan <= 14) {
3962 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3963 &val, 1);
3964 } else if (chan <= 64) {
3965 run_efuse_read(sc,
3966 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3967 &val, 1);
3968 } else if (chan <= 138) {
3969 run_efuse_read(sc,
3970 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3971 &val, 1);
3972 } else if (chan <= 165) {
3973 run_efuse_read(sc,
3974 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3975 &val, 1);
3976 } else
3977 val = 0;
3978 run_bbp_write(sc, 159, val);
3979
3980 /* RF IQ compensation control. */
3981 run_bbp_write(sc, 158, 0x04);
3982 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3983 &val, 1);
3984 run_bbp_write(sc, 159, val);
3985
3986 /* RF IQ imbalance compensation control. */
3987 run_bbp_write(sc, 158, 0x03);
3988 run_efuse_read(sc,
3989 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3990 run_bbp_write(sc, 159, val);
3991 }
3992
3993 static void
run_set_agc(struct run_softc * sc,uint8_t agc)3994 run_set_agc(struct run_softc *sc, uint8_t agc)
3995 {
3996 uint8_t bbp;
3997
3998 if (sc->mac_ver == 0x3572) {
3999 run_bbp_read(sc, 27, &bbp);
4000 bbp &= ~(0x3 << 5);
4001 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
4002 run_bbp_write(sc, 66, agc);
4003 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
4004 run_bbp_write(sc, 66, agc);
4005 } else
4006 run_bbp_write(sc, 66, agc);
4007 }
4008
4009 static void
run_select_chan_group(struct run_softc * sc,int group)4010 run_select_chan_group(struct run_softc *sc, int group)
4011 {
4012 uint32_t tmp;
4013 uint8_t agc;
4014
4015 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
4016 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
4017 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
4018 if (sc->mac_ver < 0x3572)
4019 run_bbp_write(sc, 86, 0x00);
4020
4021 if (sc->mac_ver == 0x3593) {
4022 run_bbp_write(sc, 77, 0x98);
4023 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
4024 }
4025
4026 if (group == 0) {
4027 if (sc->ext_2ghz_lna) {
4028 if (sc->mac_ver >= 0x5390)
4029 run_bbp_write(sc, 75, 0x52);
4030 else {
4031 run_bbp_write(sc, 82, 0x62);
4032 run_bbp_write(sc, 75, 0x46);
4033 }
4034 } else {
4035 if (sc->mac_ver == 0x5592) {
4036 run_bbp_write(sc, 79, 0x1c);
4037 run_bbp_write(sc, 80, 0x0e);
4038 run_bbp_write(sc, 81, 0x3a);
4039 run_bbp_write(sc, 82, 0x62);
4040
4041 run_bbp_write(sc, 195, 0x80);
4042 run_bbp_write(sc, 196, 0xe0);
4043 run_bbp_write(sc, 195, 0x81);
4044 run_bbp_write(sc, 196, 0x1f);
4045 run_bbp_write(sc, 195, 0x82);
4046 run_bbp_write(sc, 196, 0x38);
4047 run_bbp_write(sc, 195, 0x83);
4048 run_bbp_write(sc, 196, 0x32);
4049 run_bbp_write(sc, 195, 0x85);
4050 run_bbp_write(sc, 196, 0x28);
4051 run_bbp_write(sc, 195, 0x86);
4052 run_bbp_write(sc, 196, 0x19);
4053 } else if (sc->mac_ver >= 0x5390)
4054 run_bbp_write(sc, 75, 0x50);
4055 else {
4056 run_bbp_write(sc, 82,
4057 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
4058 run_bbp_write(sc, 75, 0x50);
4059 }
4060 }
4061 } else {
4062 if (sc->mac_ver == 0x5592) {
4063 run_bbp_write(sc, 79, 0x18);
4064 run_bbp_write(sc, 80, 0x08);
4065 run_bbp_write(sc, 81, 0x38);
4066 run_bbp_write(sc, 82, 0x92);
4067
4068 run_bbp_write(sc, 195, 0x80);
4069 run_bbp_write(sc, 196, 0xf0);
4070 run_bbp_write(sc, 195, 0x81);
4071 run_bbp_write(sc, 196, 0x1e);
4072 run_bbp_write(sc, 195, 0x82);
4073 run_bbp_write(sc, 196, 0x28);
4074 run_bbp_write(sc, 195, 0x83);
4075 run_bbp_write(sc, 196, 0x20);
4076 run_bbp_write(sc, 195, 0x85);
4077 run_bbp_write(sc, 196, 0x7f);
4078 run_bbp_write(sc, 195, 0x86);
4079 run_bbp_write(sc, 196, 0x7f);
4080 } else if (sc->mac_ver == 0x3572)
4081 run_bbp_write(sc, 82, 0x94);
4082 else
4083 run_bbp_write(sc, 82,
4084 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4085 if (sc->ext_5ghz_lna)
4086 run_bbp_write(sc, 75, 0x46);
4087 else
4088 run_bbp_write(sc, 75, 0x50);
4089 }
4090
4091 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4092 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4093 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4094 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4095
4096 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4097 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4098 if (sc->mac_ver == 0x3593)
4099 tmp |= 1 << 29 | 1 << 28;
4100 if (sc->nrxchains > 1)
4101 tmp |= RT2860_LNA_PE1_EN;
4102 if (group == 0) { /* 2GHz */
4103 tmp |= RT2860_PA_PE_G0_EN;
4104 if (sc->ntxchains > 1)
4105 tmp |= RT2860_PA_PE_G1_EN;
4106 if (sc->mac_ver == 0x3593) {
4107 if (sc->ntxchains > 2)
4108 tmp |= 1 << 25;
4109 }
4110 } else { /* 5GHz */
4111 tmp |= RT2860_PA_PE_A0_EN;
4112 if (sc->ntxchains > 1)
4113 tmp |= RT2860_PA_PE_A1_EN;
4114 }
4115 if (sc->mac_ver == 0x3572) {
4116 run_rt3070_rf_write(sc, 8, 0x00);
4117 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4118 run_rt3070_rf_write(sc, 8, 0x80);
4119 } else
4120 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4121
4122 if (sc->mac_ver == 0x5592) {
4123 run_bbp_write(sc, 195, 0x8d);
4124 run_bbp_write(sc, 196, 0x1a);
4125 }
4126
4127 if (sc->mac_ver == 0x3593) {
4128 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4129 tmp &= ~0x01010000;
4130 if (group == 0)
4131 tmp |= 0x00010000;
4132 tmp = (tmp & ~0x00009090) | 0x00000090;
4133 run_write(sc, RT2860_GPIO_CTRL, tmp);
4134 }
4135
4136 /* set initial AGC value */
4137 if (group == 0) { /* 2GHz band */
4138 if (sc->mac_ver >= 0x3070)
4139 agc = 0x1c + sc->lna[0] * 2;
4140 else
4141 agc = 0x2e + sc->lna[0];
4142 } else { /* 5GHz band */
4143 if (sc->mac_ver == 0x5592)
4144 agc = 0x24 + sc->lna[group] * 2;
4145 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4146 agc = 0x22 + (sc->lna[group] * 5) / 3;
4147 else
4148 agc = 0x32 + (sc->lna[group] * 5) / 3;
4149 }
4150 run_set_agc(sc, agc);
4151 }
4152
4153 static void
run_rt2870_set_chan(struct run_softc * sc,u_int chan)4154 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4155 {
4156 const struct rfprog *rfprog = rt2860_rf2850;
4157 uint32_t r2, r3, r4;
4158 int8_t txpow1, txpow2;
4159 int i;
4160
4161 /* find the settings for this channel (we know it exists) */
4162 for (i = 0; rfprog[i].chan != chan; i++);
4163
4164 r2 = rfprog[i].r2;
4165 if (sc->ntxchains == 1)
4166 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4167 if (sc->nrxchains == 1)
4168 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4169 else if (sc->nrxchains == 2)
4170 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4171
4172 /* use Tx power values from EEPROM */
4173 txpow1 = sc->txpow1[i];
4174 txpow2 = sc->txpow2[i];
4175
4176 /* Initialize RF R3 and R4. */
4177 r3 = rfprog[i].r3 & 0xffffc1ff;
4178 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4179 if (chan > 14) {
4180 if (txpow1 >= 0) {
4181 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4182 r3 |= (txpow1 << 10) | (1 << 9);
4183 } else {
4184 txpow1 += 7;
4185
4186 /* txpow1 is not possible larger than 15. */
4187 r3 |= (txpow1 << 10);
4188 }
4189 if (txpow2 >= 0) {
4190 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4191 r4 |= (txpow2 << 7) | (1 << 6);
4192 } else {
4193 txpow2 += 7;
4194 r4 |= (txpow2 << 7);
4195 }
4196 } else {
4197 /* Set Tx0 power. */
4198 r3 |= (txpow1 << 9);
4199
4200 /* Set frequency offset and Tx1 power. */
4201 r4 |= (txpow2 << 6);
4202 }
4203
4204 run_rt2870_rf_write(sc, rfprog[i].r1);
4205 run_rt2870_rf_write(sc, r2);
4206 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4207 run_rt2870_rf_write(sc, r4);
4208
4209 run_delay(sc, 10);
4210
4211 run_rt2870_rf_write(sc, rfprog[i].r1);
4212 run_rt2870_rf_write(sc, r2);
4213 run_rt2870_rf_write(sc, r3 | (1 << 2));
4214 run_rt2870_rf_write(sc, r4);
4215
4216 run_delay(sc, 10);
4217
4218 run_rt2870_rf_write(sc, rfprog[i].r1);
4219 run_rt2870_rf_write(sc, r2);
4220 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4221 run_rt2870_rf_write(sc, r4);
4222 }
4223
4224 static void
run_rt3070_set_chan(struct run_softc * sc,u_int chan)4225 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4226 {
4227 int8_t txpow1, txpow2;
4228 uint8_t rf;
4229 int i;
4230
4231 /* find the settings for this channel (we know it exists) */
4232 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4233
4234 /* use Tx power values from EEPROM */
4235 txpow1 = sc->txpow1[i];
4236 txpow2 = sc->txpow2[i];
4237
4238 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4239
4240 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4241 run_rt3070_rf_read(sc, 3, &rf);
4242 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4243 run_rt3070_rf_write(sc, 3, rf);
4244
4245 run_rt3070_rf_read(sc, 6, &rf);
4246 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4247 run_rt3070_rf_write(sc, 6, rf);
4248
4249 /* set Tx0 power */
4250 run_rt3070_rf_read(sc, 12, &rf);
4251 rf = (rf & ~0x1f) | txpow1;
4252 run_rt3070_rf_write(sc, 12, rf);
4253
4254 /* set Tx1 power */
4255 run_rt3070_rf_read(sc, 13, &rf);
4256 rf = (rf & ~0x1f) | txpow2;
4257 run_rt3070_rf_write(sc, 13, rf);
4258
4259 run_rt3070_rf_read(sc, 1, &rf);
4260 rf &= ~0xfc;
4261 if (sc->ntxchains == 1)
4262 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4263 else if (sc->ntxchains == 2)
4264 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4265 if (sc->nrxchains == 1)
4266 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4267 else if (sc->nrxchains == 2)
4268 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4269 run_rt3070_rf_write(sc, 1, rf);
4270
4271 /* set RF offset */
4272 run_rt3070_rf_read(sc, 23, &rf);
4273 rf = (rf & ~0x7f) | sc->freq;
4274 run_rt3070_rf_write(sc, 23, rf);
4275
4276 /* program RF filter */
4277 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4278 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4279 run_rt3070_rf_write(sc, 24, rf);
4280 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4281 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4282 run_rt3070_rf_write(sc, 31, rf);
4283
4284 /* enable RF tuning */
4285 run_rt3070_rf_read(sc, 7, &rf);
4286 run_rt3070_rf_write(sc, 7, rf | 0x01);
4287 }
4288
4289 static void
run_rt3572_set_chan(struct run_softc * sc,u_int chan)4290 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4291 {
4292 int8_t txpow1, txpow2;
4293 uint32_t tmp;
4294 uint8_t rf;
4295 int i;
4296
4297 /* find the settings for this channel (we know it exists) */
4298 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4299
4300 /* use Tx power values from EEPROM */
4301 txpow1 = sc->txpow1[i];
4302 txpow2 = sc->txpow2[i];
4303
4304 if (chan <= 14) {
4305 run_bbp_write(sc, 25, sc->bbp25);
4306 run_bbp_write(sc, 26, sc->bbp26);
4307 } else {
4308 /* enable IQ phase correction */
4309 run_bbp_write(sc, 25, 0x09);
4310 run_bbp_write(sc, 26, 0xff);
4311 }
4312
4313 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4314 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4315 run_rt3070_rf_read(sc, 6, &rf);
4316 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4317 rf |= (chan <= 14) ? 0x08 : 0x04;
4318 run_rt3070_rf_write(sc, 6, rf);
4319
4320 /* set PLL mode */
4321 run_rt3070_rf_read(sc, 5, &rf);
4322 rf &= ~(0x08 | 0x04);
4323 rf |= (chan <= 14) ? 0x04 : 0x08;
4324 run_rt3070_rf_write(sc, 5, rf);
4325
4326 /* set Tx power for chain 0 */
4327 if (chan <= 14)
4328 rf = 0x60 | txpow1;
4329 else
4330 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4331 run_rt3070_rf_write(sc, 12, rf);
4332
4333 /* set Tx power for chain 1 */
4334 if (chan <= 14)
4335 rf = 0x60 | txpow2;
4336 else
4337 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4338 run_rt3070_rf_write(sc, 13, rf);
4339
4340 /* set Tx/Rx streams */
4341 run_rt3070_rf_read(sc, 1, &rf);
4342 rf &= ~0xfc;
4343 if (sc->ntxchains == 1)
4344 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4345 else if (sc->ntxchains == 2)
4346 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4347 if (sc->nrxchains == 1)
4348 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4349 else if (sc->nrxchains == 2)
4350 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4351 run_rt3070_rf_write(sc, 1, rf);
4352
4353 /* set RF offset */
4354 run_rt3070_rf_read(sc, 23, &rf);
4355 rf = (rf & ~0x7f) | sc->freq;
4356 run_rt3070_rf_write(sc, 23, rf);
4357
4358 /* program RF filter */
4359 rf = sc->rf24_20mhz;
4360 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4361 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4362
4363 /* enable RF tuning */
4364 run_rt3070_rf_read(sc, 7, &rf);
4365 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4366 run_rt3070_rf_write(sc, 7, rf);
4367
4368 /* TSSI */
4369 rf = (chan <= 14) ? 0xc3 : 0xc0;
4370 run_rt3070_rf_write(sc, 9, rf);
4371
4372 /* set loop filter 1 */
4373 run_rt3070_rf_write(sc, 10, 0xf1);
4374 /* set loop filter 2 */
4375 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4376
4377 /* set tx_mx2_ic */
4378 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4379 /* set tx_mx1_ic */
4380 if (chan <= 14)
4381 rf = 0x48 | sc->txmixgain_2ghz;
4382 else
4383 rf = 0x78 | sc->txmixgain_5ghz;
4384 run_rt3070_rf_write(sc, 16, rf);
4385
4386 /* set tx_lo1 */
4387 run_rt3070_rf_write(sc, 17, 0x23);
4388 /* set tx_lo2 */
4389 if (chan <= 14)
4390 rf = 0x93;
4391 else if (chan <= 64)
4392 rf = 0xb7;
4393 else if (chan <= 128)
4394 rf = 0x74;
4395 else
4396 rf = 0x72;
4397 run_rt3070_rf_write(sc, 19, rf);
4398
4399 /* set rx_lo1 */
4400 if (chan <= 14)
4401 rf = 0xb3;
4402 else if (chan <= 64)
4403 rf = 0xf6;
4404 else if (chan <= 128)
4405 rf = 0xf4;
4406 else
4407 rf = 0xf3;
4408 run_rt3070_rf_write(sc, 20, rf);
4409
4410 /* set pfd_delay */
4411 if (chan <= 14)
4412 rf = 0x15;
4413 else if (chan <= 64)
4414 rf = 0x3d;
4415 else
4416 rf = 0x01;
4417 run_rt3070_rf_write(sc, 25, rf);
4418
4419 /* set rx_lo2 */
4420 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4421 /* set ldo_rf_vc */
4422 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4423 /* set drv_cc */
4424 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4425
4426 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4427 tmp &= ~0x8080;
4428 if (chan <= 14)
4429 tmp |= 0x80;
4430 run_write(sc, RT2860_GPIO_CTRL, tmp);
4431
4432 /* enable RF tuning */
4433 run_rt3070_rf_read(sc, 7, &rf);
4434 run_rt3070_rf_write(sc, 7, rf | 0x01);
4435
4436 run_delay(sc, 2);
4437 }
4438
4439 static void
run_rt3593_set_chan(struct run_softc * sc,u_int chan)4440 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4441 {
4442 int8_t txpow1, txpow2, txpow3;
4443 uint8_t h20mhz, rf;
4444 int i;
4445
4446 /* find the settings for this channel (we know it exists) */
4447 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4448
4449 /* use Tx power values from EEPROM */
4450 txpow1 = sc->txpow1[i];
4451 txpow2 = sc->txpow2[i];
4452 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4453
4454 if (chan <= 14) {
4455 run_bbp_write(sc, 25, sc->bbp25);
4456 run_bbp_write(sc, 26, sc->bbp26);
4457 } else {
4458 /* Enable IQ phase correction. */
4459 run_bbp_write(sc, 25, 0x09);
4460 run_bbp_write(sc, 26, 0xff);
4461 }
4462
4463 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4464 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4465 run_rt3070_rf_read(sc, 11, &rf);
4466 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4467 run_rt3070_rf_write(sc, 11, rf);
4468
4469 /* Set pll_idoh. */
4470 run_rt3070_rf_read(sc, 11, &rf);
4471 rf &= ~0x4c;
4472 rf |= (chan <= 14) ? 0x44 : 0x48;
4473 run_rt3070_rf_write(sc, 11, rf);
4474
4475 if (chan <= 14)
4476 rf = txpow1 & 0x1f;
4477 else
4478 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4479 run_rt3070_rf_write(sc, 53, rf);
4480
4481 if (chan <= 14)
4482 rf = txpow2 & 0x1f;
4483 else
4484 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4485 run_rt3070_rf_write(sc, 55, rf);
4486
4487 if (chan <= 14)
4488 rf = txpow3 & 0x1f;
4489 else
4490 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4491 run_rt3070_rf_write(sc, 54, rf);
4492
4493 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4494 if (sc->ntxchains == 3)
4495 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4496 else
4497 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4498 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4499 run_rt3070_rf_write(sc, 1, rf);
4500
4501 run_adjust_freq_offset(sc);
4502
4503 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4504
4505 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4506 run_rt3070_rf_read(sc, 30, &rf);
4507 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4508 run_rt3070_rf_write(sc, 30, rf);
4509
4510 run_rt3070_rf_read(sc, 36, &rf);
4511 if (chan <= 14)
4512 rf |= 0x80;
4513 else
4514 rf &= ~0x80;
4515 run_rt3070_rf_write(sc, 36, rf);
4516
4517 /* Set vcolo_bs. */
4518 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4519 /* Set pfd_delay. */
4520 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4521
4522 /* Set vco bias current control. */
4523 run_rt3070_rf_read(sc, 6, &rf);
4524 rf &= ~0xc0;
4525 if (chan <= 14)
4526 rf |= 0x40;
4527 else if (chan <= 128)
4528 rf |= 0x80;
4529 else
4530 rf |= 0x40;
4531 run_rt3070_rf_write(sc, 6, rf);
4532
4533 run_rt3070_rf_read(sc, 30, &rf);
4534 rf = (rf & ~0x18) | 0x10;
4535 run_rt3070_rf_write(sc, 30, rf);
4536
4537 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4538 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4539
4540 run_rt3070_rf_read(sc, 51, &rf);
4541 rf = (rf & ~0x03) | 0x01;
4542 run_rt3070_rf_write(sc, 51, rf);
4543 /* Set tx_mx1_cc. */
4544 run_rt3070_rf_read(sc, 51, &rf);
4545 rf &= ~0x1c;
4546 rf |= (chan <= 14) ? 0x14 : 0x10;
4547 run_rt3070_rf_write(sc, 51, rf);
4548 /* Set tx_mx1_ic. */
4549 run_rt3070_rf_read(sc, 51, &rf);
4550 rf &= ~0xe0;
4551 rf |= (chan <= 14) ? 0x60 : 0x40;
4552 run_rt3070_rf_write(sc, 51, rf);
4553 /* Set tx_lo1_ic. */
4554 run_rt3070_rf_read(sc, 49, &rf);
4555 rf &= ~0x1c;
4556 rf |= (chan <= 14) ? 0x0c : 0x08;
4557 run_rt3070_rf_write(sc, 49, rf);
4558 /* Set tx_lo1_en. */
4559 run_rt3070_rf_read(sc, 50, &rf);
4560 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4561 /* Set drv_cc. */
4562 run_rt3070_rf_read(sc, 57, &rf);
4563 rf &= ~0xfc;
4564 rf |= (chan <= 14) ? 0x6c : 0x3c;
4565 run_rt3070_rf_write(sc, 57, rf);
4566 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4567 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4568 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4569 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4570 /* Enable VCO calibration. */
4571 run_rt3070_rf_read(sc, 3, &rf);
4572 rf &= ~RT5390_VCOCAL;
4573 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4574 run_rt3070_rf_write(sc, 3, rf);
4575
4576 if (chan <= 14)
4577 rf = 0x23;
4578 else if (chan <= 64)
4579 rf = 0x36;
4580 else if (chan <= 128)
4581 rf = 0x32;
4582 else
4583 rf = 0x30;
4584 run_rt3070_rf_write(sc, 39, rf);
4585 if (chan <= 14)
4586 rf = 0xbb;
4587 else if (chan <= 64)
4588 rf = 0xeb;
4589 else if (chan <= 128)
4590 rf = 0xb3;
4591 else
4592 rf = 0x9b;
4593 run_rt3070_rf_write(sc, 45, rf);
4594
4595 /* Set FEQ/AEQ control. */
4596 run_bbp_write(sc, 105, 0x34);
4597 }
4598
4599 static void
run_rt5390_set_chan(struct run_softc * sc,u_int chan)4600 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4601 {
4602 int8_t txpow1, txpow2;
4603 uint8_t rf;
4604 int i;
4605
4606 /* find the settings for this channel (we know it exists) */
4607 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4608
4609 /* use Tx power values from EEPROM */
4610 txpow1 = sc->txpow1[i];
4611 txpow2 = sc->txpow2[i];
4612
4613 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4614 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4615 run_rt3070_rf_read(sc, 11, &rf);
4616 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4617 run_rt3070_rf_write(sc, 11, rf);
4618
4619 run_rt3070_rf_read(sc, 49, &rf);
4620 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4621 /* The valid range of the RF R49 is 0x00 to 0x27. */
4622 if ((rf & 0x3f) > 0x27)
4623 rf = (rf & ~0x3f) | 0x27;
4624 run_rt3070_rf_write(sc, 49, rf);
4625
4626 if (sc->mac_ver == 0x5392) {
4627 run_rt3070_rf_read(sc, 50, &rf);
4628 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4629 /* The valid range of the RF R50 is 0x00 to 0x27. */
4630 if ((rf & 0x3f) > 0x27)
4631 rf = (rf & ~0x3f) | 0x27;
4632 run_rt3070_rf_write(sc, 50, rf);
4633 }
4634
4635 run_rt3070_rf_read(sc, 1, &rf);
4636 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4637 if (sc->mac_ver == 0x5392)
4638 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4639 run_rt3070_rf_write(sc, 1, rf);
4640
4641 if (sc->mac_ver != 0x5392) {
4642 run_rt3070_rf_read(sc, 2, &rf);
4643 rf |= 0x80;
4644 run_rt3070_rf_write(sc, 2, rf);
4645 run_delay(sc, 10);
4646 rf &= 0x7f;
4647 run_rt3070_rf_write(sc, 2, rf);
4648 }
4649
4650 run_adjust_freq_offset(sc);
4651
4652 if (sc->mac_ver == 0x5392) {
4653 /* Fix for RT5392C. */
4654 if (sc->mac_rev >= 0x0223) {
4655 if (chan <= 4)
4656 rf = 0x0f;
4657 else if (chan >= 5 && chan <= 7)
4658 rf = 0x0e;
4659 else
4660 rf = 0x0d;
4661 run_rt3070_rf_write(sc, 23, rf);
4662
4663 if (chan <= 4)
4664 rf = 0x0c;
4665 else if (chan == 5)
4666 rf = 0x0b;
4667 else if (chan >= 6 && chan <= 7)
4668 rf = 0x0a;
4669 else if (chan >= 8 && chan <= 10)
4670 rf = 0x09;
4671 else
4672 rf = 0x08;
4673 run_rt3070_rf_write(sc, 59, rf);
4674 } else {
4675 if (chan <= 11)
4676 rf = 0x0f;
4677 else
4678 rf = 0x0b;
4679 run_rt3070_rf_write(sc, 59, rf);
4680 }
4681 } else {
4682 /* Fix for RT5390F. */
4683 if (sc->mac_rev >= 0x0502) {
4684 if (chan <= 11)
4685 rf = 0x43;
4686 else
4687 rf = 0x23;
4688 run_rt3070_rf_write(sc, 55, rf);
4689
4690 if (chan <= 11)
4691 rf = 0x0f;
4692 else if (chan == 12)
4693 rf = 0x0d;
4694 else
4695 rf = 0x0b;
4696 run_rt3070_rf_write(sc, 59, rf);
4697 } else {
4698 run_rt3070_rf_write(sc, 55, 0x44);
4699 run_rt3070_rf_write(sc, 59, 0x8f);
4700 }
4701 }
4702
4703 /* Enable VCO calibration. */
4704 run_rt3070_rf_read(sc, 3, &rf);
4705 rf |= RT5390_VCOCAL;
4706 run_rt3070_rf_write(sc, 3, rf);
4707 }
4708
4709 static void
run_rt5592_set_chan(struct run_softc * sc,u_int chan)4710 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4711 {
4712 const struct rt5592_freqs *freqs;
4713 uint32_t tmp;
4714 uint8_t reg, rf, txpow_bound;
4715 int8_t txpow1, txpow2;
4716 int i;
4717
4718 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4719 freqs = (tmp & RT5592_SEL_XTAL) ?
4720 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4721
4722 /* find the settings for this channel (we know it exists) */
4723 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4724
4725 /* use Tx power values from EEPROM */
4726 txpow1 = sc->txpow1[i];
4727 txpow2 = sc->txpow2[i];
4728
4729 run_read(sc, RT3070_LDO_CFG0, &tmp);
4730 tmp &= ~0x1c000000;
4731 if (chan > 14)
4732 tmp |= 0x14000000;
4733 run_write(sc, RT3070_LDO_CFG0, tmp);
4734
4735 /* N setting. */
4736 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4737 run_rt3070_rf_read(sc, 9, &rf);
4738 rf &= ~(1 << 4);
4739 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4740 run_rt3070_rf_write(sc, 9, rf);
4741
4742 /* K setting. */
4743 run_rt3070_rf_read(sc, 9, &rf);
4744 rf &= ~0x0f;
4745 rf |= (freqs->k & 0x0f);
4746 run_rt3070_rf_write(sc, 9, rf);
4747
4748 /* Mode setting. */
4749 run_rt3070_rf_read(sc, 11, &rf);
4750 rf &= ~0x0c;
4751 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4752 run_rt3070_rf_write(sc, 11, rf);
4753 run_rt3070_rf_read(sc, 9, &rf);
4754 rf &= ~(1 << 7);
4755 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4756 run_rt3070_rf_write(sc, 9, rf);
4757
4758 /* R setting. */
4759 run_rt3070_rf_read(sc, 11, &rf);
4760 rf &= ~0x03;
4761 rf |= (freqs->r - 0x1);
4762 run_rt3070_rf_write(sc, 11, rf);
4763
4764 if (chan <= 14) {
4765 /* Initialize RF registers for 2GHZ. */
4766 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4767 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4768 rt5592_2ghz_def_rf[i].val);
4769 }
4770
4771 rf = (chan <= 10) ? 0x07 : 0x06;
4772 run_rt3070_rf_write(sc, 23, rf);
4773 run_rt3070_rf_write(sc, 59, rf);
4774
4775 run_rt3070_rf_write(sc, 55, 0x43);
4776
4777 /*
4778 * RF R49/R50 Tx power ALC code.
4779 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4780 */
4781 reg = 2;
4782 txpow_bound = 0x27;
4783 } else {
4784 /* Initialize RF registers for 5GHZ. */
4785 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4786 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4787 rt5592_5ghz_def_rf[i].val);
4788 }
4789 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4790 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4791 chan <= rt5592_chan_5ghz[i].lastchan) {
4792 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4793 rt5592_chan_5ghz[i].val);
4794 }
4795 }
4796
4797 /*
4798 * RF R49/R50 Tx power ALC code.
4799 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4800 */
4801 reg = 3;
4802 txpow_bound = 0x2b;
4803 }
4804
4805 /* RF R49 ch0 Tx power ALC code. */
4806 run_rt3070_rf_read(sc, 49, &rf);
4807 rf &= ~0xc0;
4808 rf |= (reg << 6);
4809 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4810 if ((rf & 0x3f) > txpow_bound)
4811 rf = (rf & ~0x3f) | txpow_bound;
4812 run_rt3070_rf_write(sc, 49, rf);
4813
4814 /* RF R50 ch1 Tx power ALC code. */
4815 run_rt3070_rf_read(sc, 50, &rf);
4816 rf &= ~(1 << 7 | 1 << 6);
4817 rf |= (reg << 6);
4818 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4819 if ((rf & 0x3f) > txpow_bound)
4820 rf = (rf & ~0x3f) | txpow_bound;
4821 run_rt3070_rf_write(sc, 50, rf);
4822
4823 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4824 run_rt3070_rf_read(sc, 1, &rf);
4825 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4826 if (sc->ntxchains > 1)
4827 rf |= RT3070_TX1_PD;
4828 if (sc->nrxchains > 1)
4829 rf |= RT3070_RX1_PD;
4830 run_rt3070_rf_write(sc, 1, rf);
4831
4832 run_rt3070_rf_write(sc, 6, 0xe4);
4833
4834 run_rt3070_rf_write(sc, 30, 0x10);
4835 run_rt3070_rf_write(sc, 31, 0x80);
4836 run_rt3070_rf_write(sc, 32, 0x80);
4837
4838 run_adjust_freq_offset(sc);
4839
4840 /* Enable VCO calibration. */
4841 run_rt3070_rf_read(sc, 3, &rf);
4842 rf |= RT5390_VCOCAL;
4843 run_rt3070_rf_write(sc, 3, rf);
4844 }
4845
4846 static void
run_set_rx_antenna(struct run_softc * sc,int aux)4847 run_set_rx_antenna(struct run_softc *sc, int aux)
4848 {
4849 uint32_t tmp;
4850 uint8_t bbp152;
4851
4852 if (aux) {
4853 if (sc->rf_rev == RT5390_RF_5370) {
4854 run_bbp_read(sc, 152, &bbp152);
4855 run_bbp_write(sc, 152, bbp152 & ~0x80);
4856 } else {
4857 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4858 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4859 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4860 }
4861 } else {
4862 if (sc->rf_rev == RT5390_RF_5370) {
4863 run_bbp_read(sc, 152, &bbp152);
4864 run_bbp_write(sc, 152, bbp152 | 0x80);
4865 } else {
4866 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4867 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4868 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4869 }
4870 }
4871 }
4872
4873 static int
run_set_chan(struct run_softc * sc,struct ieee80211_channel * c)4874 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4875 {
4876 struct ieee80211com *ic = &sc->sc_ic;
4877 u_int chan, group;
4878
4879 chan = ieee80211_chan2ieee(ic, c);
4880 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4881 return (EINVAL);
4882
4883 if (sc->mac_ver == 0x5592)
4884 run_rt5592_set_chan(sc, chan);
4885 else if (sc->mac_ver >= 0x5390)
4886 run_rt5390_set_chan(sc, chan);
4887 else if (sc->mac_ver == 0x3593)
4888 run_rt3593_set_chan(sc, chan);
4889 else if (sc->mac_ver == 0x3572)
4890 run_rt3572_set_chan(sc, chan);
4891 else if (sc->mac_ver >= 0x3070)
4892 run_rt3070_set_chan(sc, chan);
4893 else
4894 run_rt2870_set_chan(sc, chan);
4895
4896 /* determine channel group */
4897 if (chan <= 14)
4898 group = 0;
4899 else if (chan <= 64)
4900 group = 1;
4901 else if (chan <= 128)
4902 group = 2;
4903 else
4904 group = 3;
4905
4906 /* XXX necessary only when group has changed! */
4907 run_select_chan_group(sc, group);
4908
4909 run_delay(sc, 10);
4910
4911 /* Perform IQ calibration. */
4912 if (sc->mac_ver >= 0x5392)
4913 run_iq_calib(sc, chan);
4914
4915 return (0);
4916 }
4917
4918 static void
run_set_channel(struct ieee80211com * ic)4919 run_set_channel(struct ieee80211com *ic)
4920 {
4921 struct run_softc *sc = ic->ic_softc;
4922
4923 RUN_LOCK(sc);
4924 run_set_chan(sc, ic->ic_curchan);
4925 RUN_UNLOCK(sc);
4926
4927 return;
4928 }
4929
4930 static void
run_getradiocaps(struct ieee80211com * ic,int maxchans,int * nchans,struct ieee80211_channel chans[])4931 run_getradiocaps(struct ieee80211com *ic,
4932 int maxchans, int *nchans, struct ieee80211_channel chans[])
4933 {
4934 struct run_softc *sc = ic->ic_softc;
4935 uint8_t bands[IEEE80211_MODE_BYTES];
4936
4937 memset(bands, 0, sizeof(bands));
4938 setbit(bands, IEEE80211_MODE_11B);
4939 setbit(bands, IEEE80211_MODE_11G);
4940 if (sc->rf_rev != RT3070_RF_2020)
4941 setbit(bands, IEEE80211_MODE_11NG);
4942
4943 /* Note: for now, only support HT20 channels */
4944 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0);
4945
4946 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4947 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4948 sc->rf_rev == RT5592_RF_5592) {
4949 setbit(bands, IEEE80211_MODE_11A);
4950 if (sc->rf_rev != RT3070_RF_2020)
4951 setbit(bands, IEEE80211_MODE_11NA);
4952 /* Note: for now, only support HT20 channels */
4953 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4954 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4955 }
4956 }
4957
4958 static void
run_scan_start(struct ieee80211com * ic)4959 run_scan_start(struct ieee80211com *ic)
4960 {
4961 struct run_softc *sc = ic->ic_softc;
4962
4963 RUN_LOCK(sc);
4964
4965 /* abort TSF synchronization */
4966 run_disable_tsf(sc);
4967 run_set_bssid(sc, ieee80211broadcastaddr);
4968
4969 RUN_UNLOCK(sc);
4970
4971 return;
4972 }
4973
4974 static void
run_scan_end(struct ieee80211com * ic)4975 run_scan_end(struct ieee80211com *ic)
4976 {
4977 struct run_softc *sc = ic->ic_softc;
4978
4979 RUN_LOCK(sc);
4980
4981 run_enable_tsf_sync(sc);
4982 run_set_bssid(sc, sc->sc_bssid);
4983
4984 RUN_UNLOCK(sc);
4985
4986 return;
4987 }
4988
4989 /*
4990 * Could be called from ieee80211_node_timeout()
4991 * (non-sleepable thread)
4992 */
4993 static void
run_update_beacon(struct ieee80211vap * vap,int item)4994 run_update_beacon(struct ieee80211vap *vap, int item)
4995 {
4996 struct ieee80211com *ic = vap->iv_ic;
4997 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4998 struct ieee80211_node *ni = vap->iv_bss;
4999 struct run_softc *sc = ic->ic_softc;
5000 struct run_vap *rvp = RUN_VAP(vap);
5001 int mcast = 0;
5002 uint32_t i;
5003
5004 switch (item) {
5005 case IEEE80211_BEACON_ERP:
5006 run_updateslot(ic);
5007 break;
5008 case IEEE80211_BEACON_HTINFO:
5009 run_updateprot(ic);
5010 break;
5011 case IEEE80211_BEACON_TIM:
5012 mcast = 1; /*TODO*/
5013 break;
5014 default:
5015 break;
5016 }
5017
5018 setbit(bo->bo_flags, item);
5019 if (rvp->beacon_mbuf == NULL) {
5020 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
5021 if (rvp->beacon_mbuf == NULL)
5022 return;
5023 }
5024 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
5025
5026 i = RUN_CMDQ_GET(&sc->cmdq_store);
5027 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5028 sc->cmdq[i].func = run_update_beacon_cb;
5029 sc->cmdq[i].arg0 = vap;
5030 ieee80211_runtask(ic, &sc->cmdq_task);
5031
5032 return;
5033 }
5034
5035 static void
run_update_beacon_cb(void * arg)5036 run_update_beacon_cb(void *arg)
5037 {
5038 struct ieee80211vap *vap = arg;
5039 struct ieee80211_node *ni = vap->iv_bss;
5040 struct run_vap *rvp = RUN_VAP(vap);
5041 struct ieee80211com *ic = vap->iv_ic;
5042 struct run_softc *sc = ic->ic_softc;
5043 struct rt2860_txwi txwi;
5044 struct mbuf *m;
5045 uint16_t txwisize;
5046 uint8_t ridx;
5047
5048 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
5049 return;
5050 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
5051 return;
5052
5053 /*
5054 * No need to call ieee80211_beacon_update(), run_update_beacon()
5055 * is taking care of appropriate calls.
5056 */
5057 if (rvp->beacon_mbuf == NULL) {
5058 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
5059 if (rvp->beacon_mbuf == NULL)
5060 return;
5061 }
5062 m = rvp->beacon_mbuf;
5063
5064 memset(&txwi, 0, sizeof(txwi));
5065 txwi.wcid = 0xff;
5066 txwi.len = htole16(m->m_pkthdr.len);
5067
5068 /* send beacons at the lowest available rate */
5069 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
5070 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
5071 txwi.phy = htole16(rt2860_rates[ridx].mcs);
5072 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
5073 txwi.phy |= htole16(RT2860_PHY_OFDM);
5074 txwi.txop = RT2860_TX_TXOP_HT;
5075 txwi.flags = RT2860_TX_TS;
5076 txwi.xflags = RT2860_TX_NSEQ;
5077
5078 txwisize = (sc->mac_ver == 0x5592) ?
5079 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
5080 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
5081 txwisize);
5082 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
5083 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
5084 }
5085
5086 static void
run_updateprot(struct ieee80211com * ic)5087 run_updateprot(struct ieee80211com *ic)
5088 {
5089 struct run_softc *sc = ic->ic_softc;
5090 uint32_t i;
5091
5092 i = RUN_CMDQ_GET(&sc->cmdq_store);
5093 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5094 sc->cmdq[i].func = run_updateprot_cb;
5095 sc->cmdq[i].arg0 = ic;
5096 ieee80211_runtask(ic, &sc->cmdq_task);
5097 }
5098
5099 static void
run_updateprot_cb(void * arg)5100 run_updateprot_cb(void *arg)
5101 {
5102 struct ieee80211com *ic = arg;
5103 struct run_softc *sc = ic->ic_softc;
5104 uint32_t tmp;
5105
5106 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5107 /* setup protection frame rate (MCS code) */
5108 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5109 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5110 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5111
5112 /* CCK frames don't require protection */
5113 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5114 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5115 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5116 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5117 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5118 tmp |= RT2860_PROT_CTRL_CTS;
5119 }
5120 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5121 }
5122
5123 static void
run_usb_timeout_cb(void * arg)5124 run_usb_timeout_cb(void *arg)
5125 {
5126 struct ieee80211vap *vap = arg;
5127 struct run_softc *sc = vap->iv_ic->ic_softc;
5128
5129 RUN_LOCK_ASSERT(sc, MA_OWNED);
5130
5131 if(vap->iv_state == IEEE80211_S_RUN &&
5132 vap->iv_opmode != IEEE80211_M_STA)
5133 run_reset_livelock(sc);
5134 else if (vap->iv_state == IEEE80211_S_SCAN) {
5135 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5136 "timeout caused by scan\n");
5137 /* cancel bgscan */
5138 ieee80211_cancel_scan(vap);
5139 } else
5140 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5141 "timeout by unknown cause\n");
5142 }
5143
5144 static void
run_reset_livelock(struct run_softc * sc)5145 run_reset_livelock(struct run_softc *sc)
5146 {
5147 uint32_t tmp;
5148
5149 RUN_LOCK_ASSERT(sc, MA_OWNED);
5150
5151 /*
5152 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5153 * can run into a livelock and start sending CTS-to-self frames like
5154 * crazy if protection is enabled. Reset MAC/BBP for a while
5155 */
5156 run_read(sc, RT2860_DEBUG, &tmp);
5157 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp);
5158 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5159 RUN_DPRINTF(sc, RUN_DEBUG_RESET,
5160 "CTS-to-self livelock detected\n");
5161 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5162 run_delay(sc, 1);
5163 run_write(sc, RT2860_MAC_SYS_CTRL,
5164 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5165 }
5166 }
5167
5168 static void
run_update_promisc_locked(struct run_softc * sc)5169 run_update_promisc_locked(struct run_softc *sc)
5170 {
5171 uint32_t tmp;
5172
5173 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5174
5175 tmp |= RT2860_DROP_UC_NOME;
5176 if (sc->sc_ic.ic_promisc > 0)
5177 tmp &= ~RT2860_DROP_UC_NOME;
5178
5179 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5180
5181 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n",
5182 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving");
5183 }
5184
5185 static void
run_update_promisc(struct ieee80211com * ic)5186 run_update_promisc(struct ieee80211com *ic)
5187 {
5188 struct run_softc *sc = ic->ic_softc;
5189
5190 if ((sc->sc_flags & RUN_RUNNING) == 0)
5191 return;
5192
5193 RUN_LOCK(sc);
5194 run_update_promisc_locked(sc);
5195 RUN_UNLOCK(sc);
5196 }
5197
5198 static void
run_enable_tsf_sync(struct run_softc * sc)5199 run_enable_tsf_sync(struct run_softc *sc)
5200 {
5201 struct ieee80211com *ic = &sc->sc_ic;
5202 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5203 uint32_t tmp;
5204
5205 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n",
5206 RUN_VAP(vap)->rvp_id, ic->ic_opmode);
5207
5208 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5209 tmp &= ~0x1fffff;
5210 tmp |= vap->iv_bss->ni_intval * 16;
5211 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5212
5213 if (ic->ic_opmode == IEEE80211_M_STA) {
5214 /*
5215 * Local TSF is always updated with remote TSF on beacon
5216 * reception.
5217 */
5218 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5219 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5220 tmp |= RT2860_BCN_TX_EN;
5221 /*
5222 * Local TSF is updated with remote TSF on beacon reception
5223 * only if the remote TSF is greater than local TSF.
5224 */
5225 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5226 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5227 ic->ic_opmode == IEEE80211_M_MBSS) {
5228 tmp |= RT2860_BCN_TX_EN;
5229 /* SYNC with nobody */
5230 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5231 } else {
5232 RUN_DPRINTF(sc, RUN_DEBUG_BEACON,
5233 "Enabling TSF failed. undefined opmode\n");
5234 return;
5235 }
5236
5237 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5238 }
5239
5240 static void
run_enable_tsf(struct run_softc * sc)5241 run_enable_tsf(struct run_softc *sc)
5242 {
5243 uint32_t tmp;
5244
5245 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5246 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5247 tmp |= RT2860_TSF_TIMER_EN;
5248 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5249 }
5250 }
5251
5252 static void
run_disable_tsf(struct run_softc * sc)5253 run_disable_tsf(struct run_softc *sc)
5254 {
5255 uint32_t tmp;
5256
5257 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5258 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
5259 RT2860_TBTT_TIMER_EN);
5260 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5261 }
5262 }
5263
5264 static void
run_get_tsf(struct run_softc * sc,uint64_t * buf)5265 run_get_tsf(struct run_softc *sc, uint64_t *buf)
5266 {
5267 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5268 sizeof(*buf));
5269 }
5270
5271 static void
run_enable_mrr(struct run_softc * sc)5272 run_enable_mrr(struct run_softc *sc)
5273 {
5274 #define CCK(mcs) (mcs)
5275 #define OFDM(mcs) (1 << 3 | (mcs))
5276 run_write(sc, RT2860_LG_FBK_CFG0,
5277 OFDM(6) << 28 | /* 54->48 */
5278 OFDM(5) << 24 | /* 48->36 */
5279 OFDM(4) << 20 | /* 36->24 */
5280 OFDM(3) << 16 | /* 24->18 */
5281 OFDM(2) << 12 | /* 18->12 */
5282 OFDM(1) << 8 | /* 12-> 9 */
5283 OFDM(0) << 4 | /* 9-> 6 */
5284 OFDM(0)); /* 6-> 6 */
5285
5286 run_write(sc, RT2860_LG_FBK_CFG1,
5287 CCK(2) << 12 | /* 11->5.5 */
5288 CCK(1) << 8 | /* 5.5-> 2 */
5289 CCK(0) << 4 | /* 2-> 1 */
5290 CCK(0)); /* 1-> 1 */
5291 #undef OFDM
5292 #undef CCK
5293 }
5294
5295 static void
run_set_txpreamble(struct run_softc * sc)5296 run_set_txpreamble(struct run_softc *sc)
5297 {
5298 struct ieee80211com *ic = &sc->sc_ic;
5299 uint32_t tmp;
5300
5301 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5302 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5303 tmp |= RT2860_CCK_SHORT_EN;
5304 else
5305 tmp &= ~RT2860_CCK_SHORT_EN;
5306 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5307 }
5308
5309 static void
run_set_basicrates(struct run_softc * sc)5310 run_set_basicrates(struct run_softc *sc)
5311 {
5312 struct ieee80211com *ic = &sc->sc_ic;
5313
5314 /* set basic rates mask */
5315 if (ic->ic_curmode == IEEE80211_MODE_11B)
5316 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5317 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5318 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5319 else /* 11g */
5320 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5321 }
5322
5323 static void
run_set_leds(struct run_softc * sc,uint16_t which)5324 run_set_leds(struct run_softc *sc, uint16_t which)
5325 {
5326 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5327 which | (sc->leds & 0x7f));
5328 }
5329
5330 static void
run_set_bssid(struct run_softc * sc,const uint8_t * bssid)5331 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5332 {
5333 run_write(sc, RT2860_MAC_BSSID_DW0,
5334 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5335 run_write(sc, RT2860_MAC_BSSID_DW1,
5336 bssid[4] | bssid[5] << 8);
5337 }
5338
5339 static void
run_set_macaddr(struct run_softc * sc,const uint8_t * addr)5340 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5341 {
5342 run_write(sc, RT2860_MAC_ADDR_DW0,
5343 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5344 run_write(sc, RT2860_MAC_ADDR_DW1,
5345 addr[4] | addr[5] << 8 | 0xff << 16);
5346 }
5347
5348 static void
run_updateslot(struct ieee80211com * ic)5349 run_updateslot(struct ieee80211com *ic)
5350 {
5351 struct run_softc *sc = ic->ic_softc;
5352 uint32_t i;
5353
5354 i = RUN_CMDQ_GET(&sc->cmdq_store);
5355 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5356 sc->cmdq[i].func = run_updateslot_cb;
5357 sc->cmdq[i].arg0 = ic;
5358 ieee80211_runtask(ic, &sc->cmdq_task);
5359
5360 return;
5361 }
5362
5363 /* ARGSUSED */
5364 static void
run_updateslot_cb(void * arg)5365 run_updateslot_cb(void *arg)
5366 {
5367 struct ieee80211com *ic = arg;
5368 struct run_softc *sc = ic->ic_softc;
5369 uint32_t tmp;
5370
5371 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5372 tmp &= ~0xff;
5373 tmp |= IEEE80211_GET_SLOTTIME(ic);
5374 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5375 }
5376
5377 static void
run_update_mcast(struct ieee80211com * ic)5378 run_update_mcast(struct ieee80211com *ic)
5379 {
5380 }
5381
5382 static int8_t
run_rssi2dbm(struct run_softc * sc,uint8_t rssi,uint8_t rxchain)5383 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5384 {
5385 struct ieee80211com *ic = &sc->sc_ic;
5386 struct ieee80211_channel *c = ic->ic_curchan;
5387 int delta;
5388
5389 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5390 u_int chan = ieee80211_chan2ieee(ic, c);
5391 delta = sc->rssi_5ghz[rxchain];
5392
5393 /* determine channel group */
5394 if (chan <= 64)
5395 delta -= sc->lna[1];
5396 else if (chan <= 128)
5397 delta -= sc->lna[2];
5398 else
5399 delta -= sc->lna[3];
5400 } else
5401 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5402
5403 return (-12 - delta - rssi);
5404 }
5405
5406 static void
run_rt5390_bbp_init(struct run_softc * sc)5407 run_rt5390_bbp_init(struct run_softc *sc)
5408 {
5409 u_int i;
5410 uint8_t bbp;
5411
5412 /* Apply maximum likelihood detection for 2 stream case. */
5413 run_bbp_read(sc, 105, &bbp);
5414 if (sc->nrxchains > 1)
5415 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5416
5417 /* Avoid data lost and CRC error. */
5418 run_bbp_read(sc, 4, &bbp);
5419 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5420
5421 if (sc->mac_ver == 0x5592) {
5422 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5423 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5424 rt5592_def_bbp[i].val);
5425 }
5426 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5427 run_bbp_write(sc, 195, i + 0x80);
5428 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5429 }
5430 } else {
5431 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5432 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5433 rt5390_def_bbp[i].val);
5434 }
5435 }
5436 if (sc->mac_ver == 0x5392) {
5437 run_bbp_write(sc, 88, 0x90);
5438 run_bbp_write(sc, 95, 0x9a);
5439 run_bbp_write(sc, 98, 0x12);
5440 run_bbp_write(sc, 106, 0x12);
5441 run_bbp_write(sc, 134, 0xd0);
5442 run_bbp_write(sc, 135, 0xf6);
5443 run_bbp_write(sc, 148, 0x84);
5444 }
5445
5446 run_bbp_read(sc, 152, &bbp);
5447 run_bbp_write(sc, 152, bbp | 0x80);
5448
5449 /* Fix BBP254 for RT5592C. */
5450 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5451 run_bbp_read(sc, 254, &bbp);
5452 run_bbp_write(sc, 254, bbp | 0x80);
5453 }
5454
5455 /* Disable hardware antenna diversity. */
5456 if (sc->mac_ver == 0x5390)
5457 run_bbp_write(sc, 154, 0);
5458
5459 /* Initialize Rx CCK/OFDM frequency offset report. */
5460 run_bbp_write(sc, 142, 1);
5461 run_bbp_write(sc, 143, 57);
5462 }
5463
5464 static int
run_bbp_init(struct run_softc * sc)5465 run_bbp_init(struct run_softc *sc)
5466 {
5467 int i, error, ntries;
5468 uint8_t bbp0;
5469
5470 /* wait for BBP to wake up */
5471 for (ntries = 0; ntries < 20; ntries++) {
5472 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5473 return error;
5474 if (bbp0 != 0 && bbp0 != 0xff)
5475 break;
5476 }
5477 if (ntries == 20)
5478 return (ETIMEDOUT);
5479
5480 /* initialize BBP registers to default values */
5481 if (sc->mac_ver >= 0x5390)
5482 run_rt5390_bbp_init(sc);
5483 else {
5484 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5485 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5486 rt2860_def_bbp[i].val);
5487 }
5488 }
5489
5490 if (sc->mac_ver == 0x3593) {
5491 run_bbp_write(sc, 79, 0x13);
5492 run_bbp_write(sc, 80, 0x05);
5493 run_bbp_write(sc, 81, 0x33);
5494 run_bbp_write(sc, 86, 0x46);
5495 run_bbp_write(sc, 137, 0x0f);
5496 }
5497
5498 /* fix BBP84 for RT2860E */
5499 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5500 run_bbp_write(sc, 84, 0x19);
5501
5502 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5503 sc->mac_ver != 0x5592)) {
5504 run_bbp_write(sc, 79, 0x13);
5505 run_bbp_write(sc, 80, 0x05);
5506 run_bbp_write(sc, 81, 0x33);
5507 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5508 run_bbp_write(sc, 69, 0x16);
5509 run_bbp_write(sc, 73, 0x12);
5510 }
5511 return (0);
5512 }
5513
5514 static int
run_rt3070_rf_init(struct run_softc * sc)5515 run_rt3070_rf_init(struct run_softc *sc)
5516 {
5517 uint32_t tmp;
5518 uint8_t bbp4, mingain, rf, target;
5519 u_int i;
5520
5521 run_rt3070_rf_read(sc, 30, &rf);
5522 /* toggle RF R30 bit 7 */
5523 run_rt3070_rf_write(sc, 30, rf | 0x80);
5524 run_delay(sc, 10);
5525 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5526
5527 /* initialize RF registers to default value */
5528 if (sc->mac_ver == 0x3572) {
5529 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5530 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5531 rt3572_def_rf[i].val);
5532 }
5533 } else {
5534 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5535 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5536 rt3070_def_rf[i].val);
5537 }
5538 }
5539
5540 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5541 /*
5542 * Change voltage from 1.2V to 1.35V for RT3070.
5543 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5544 * in RT3070(F).
5545 */
5546 run_read(sc, RT3070_LDO_CFG0, &tmp);
5547 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5548 run_write(sc, RT3070_LDO_CFG0, tmp);
5549
5550 } else if (sc->mac_ver == 0x3071) {
5551 run_rt3070_rf_read(sc, 6, &rf);
5552 run_rt3070_rf_write(sc, 6, rf | 0x40);
5553 run_rt3070_rf_write(sc, 31, 0x14);
5554
5555 run_read(sc, RT3070_LDO_CFG0, &tmp);
5556 tmp &= ~0x1f000000;
5557 if (sc->mac_rev < 0x0211)
5558 tmp |= 0x0d000000; /* 1.3V */
5559 else
5560 tmp |= 0x01000000; /* 1.2V */
5561 run_write(sc, RT3070_LDO_CFG0, tmp);
5562
5563 /* patch LNA_PE_G1 */
5564 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5565 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5566
5567 } else if (sc->mac_ver == 0x3572) {
5568 run_rt3070_rf_read(sc, 6, &rf);
5569 run_rt3070_rf_write(sc, 6, rf | 0x40);
5570
5571 /* increase voltage from 1.2V to 1.35V */
5572 run_read(sc, RT3070_LDO_CFG0, &tmp);
5573 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5574 run_write(sc, RT3070_LDO_CFG0, tmp);
5575
5576 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5577 run_delay(sc, 1); /* wait for 1msec */
5578 /* decrease voltage back to 1.2V */
5579 tmp = (tmp & ~0x1f000000) | 0x01000000;
5580 run_write(sc, RT3070_LDO_CFG0, tmp);
5581 }
5582 }
5583
5584 /* select 20MHz bandwidth */
5585 run_rt3070_rf_read(sc, 31, &rf);
5586 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5587
5588 /* calibrate filter for 20MHz bandwidth */
5589 sc->rf24_20mhz = 0x1f; /* default value */
5590 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5591 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5592
5593 /* select 40MHz bandwidth */
5594 run_bbp_read(sc, 4, &bbp4);
5595 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5596 run_rt3070_rf_read(sc, 31, &rf);
5597 run_rt3070_rf_write(sc, 31, rf | 0x20);
5598
5599 /* calibrate filter for 40MHz bandwidth */
5600 sc->rf24_40mhz = 0x2f; /* default value */
5601 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5602 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5603
5604 /* go back to 20MHz bandwidth */
5605 run_bbp_read(sc, 4, &bbp4);
5606 run_bbp_write(sc, 4, bbp4 & ~0x18);
5607
5608 if (sc->mac_ver == 0x3572) {
5609 /* save default BBP registers 25 and 26 values */
5610 run_bbp_read(sc, 25, &sc->bbp25);
5611 run_bbp_read(sc, 26, &sc->bbp26);
5612 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5613 run_rt3070_rf_write(sc, 27, 0x03);
5614
5615 run_read(sc, RT3070_OPT_14, &tmp);
5616 run_write(sc, RT3070_OPT_14, tmp | 1);
5617
5618 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5619 run_rt3070_rf_read(sc, 17, &rf);
5620 rf &= ~RT3070_TX_LO1;
5621 if ((sc->mac_ver == 0x3070 ||
5622 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5623 !sc->ext_2ghz_lna)
5624 rf |= 0x20; /* fix for long range Rx issue */
5625 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5626 if (sc->txmixgain_2ghz >= mingain)
5627 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5628 run_rt3070_rf_write(sc, 17, rf);
5629 }
5630
5631 if (sc->mac_ver == 0x3071) {
5632 run_rt3070_rf_read(sc, 1, &rf);
5633 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5634 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5635 run_rt3070_rf_write(sc, 1, rf);
5636
5637 run_rt3070_rf_read(sc, 15, &rf);
5638 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5639
5640 run_rt3070_rf_read(sc, 20, &rf);
5641 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5642
5643 run_rt3070_rf_read(sc, 21, &rf);
5644 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5645 }
5646
5647 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5648 /* fix Tx to Rx IQ glitch by raising RF voltage */
5649 run_rt3070_rf_read(sc, 27, &rf);
5650 rf &= ~0x77;
5651 if (sc->mac_rev < 0x0211)
5652 rf |= 0x03;
5653 run_rt3070_rf_write(sc, 27, rf);
5654 }
5655 return (0);
5656 }
5657
5658 static void
run_rt3593_rf_init(struct run_softc * sc)5659 run_rt3593_rf_init(struct run_softc *sc)
5660 {
5661 uint32_t tmp;
5662 uint8_t rf;
5663 u_int i;
5664
5665 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5666 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5667 tmp &= ~(1 << 4 | 1 << 7);
5668 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5669
5670 /* Initialize RF registers to default value. */
5671 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5672 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5673 rt3593_def_rf[i].val);
5674 }
5675
5676 /* Toggle RF R2 to initiate calibration. */
5677 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5678
5679 /* Initialize RF frequency offset. */
5680 run_adjust_freq_offset(sc);
5681
5682 run_rt3070_rf_read(sc, 18, &rf);
5683 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5684
5685 /*
5686 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5687 * decrease voltage back to 1.2V.
5688 */
5689 run_read(sc, RT3070_LDO_CFG0, &tmp);
5690 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5691 run_write(sc, RT3070_LDO_CFG0, tmp);
5692 run_delay(sc, 1);
5693 tmp = (tmp & ~0x1f000000) | 0x01000000;
5694 run_write(sc, RT3070_LDO_CFG0, tmp);
5695
5696 sc->rf24_20mhz = 0x1f;
5697 sc->rf24_40mhz = 0x2f;
5698
5699 /* Save default BBP registers 25 and 26 values. */
5700 run_bbp_read(sc, 25, &sc->bbp25);
5701 run_bbp_read(sc, 26, &sc->bbp26);
5702
5703 run_read(sc, RT3070_OPT_14, &tmp);
5704 run_write(sc, RT3070_OPT_14, tmp | 1);
5705 }
5706
5707 static void
run_rt5390_rf_init(struct run_softc * sc)5708 run_rt5390_rf_init(struct run_softc *sc)
5709 {
5710 uint32_t tmp;
5711 uint8_t rf;
5712 u_int i;
5713
5714 /* Toggle RF R2 to initiate calibration. */
5715 if (sc->mac_ver == 0x5390) {
5716 run_rt3070_rf_read(sc, 2, &rf);
5717 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5718 run_delay(sc, 10);
5719 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5720 } else {
5721 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5722 run_delay(sc, 10);
5723 }
5724
5725 /* Initialize RF registers to default value. */
5726 if (sc->mac_ver == 0x5592) {
5727 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5728 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5729 rt5592_def_rf[i].val);
5730 }
5731 /* Initialize RF frequency offset. */
5732 run_adjust_freq_offset(sc);
5733 } else if (sc->mac_ver == 0x5392) {
5734 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5735 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5736 rt5392_def_rf[i].val);
5737 }
5738 if (sc->mac_rev >= 0x0223) {
5739 run_rt3070_rf_write(sc, 23, 0x0f);
5740 run_rt3070_rf_write(sc, 24, 0x3e);
5741 run_rt3070_rf_write(sc, 51, 0x32);
5742 run_rt3070_rf_write(sc, 53, 0x22);
5743 run_rt3070_rf_write(sc, 56, 0xc1);
5744 run_rt3070_rf_write(sc, 59, 0x0f);
5745 }
5746 } else {
5747 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5748 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5749 rt5390_def_rf[i].val);
5750 }
5751 if (sc->mac_rev >= 0x0502) {
5752 run_rt3070_rf_write(sc, 6, 0xe0);
5753 run_rt3070_rf_write(sc, 25, 0x80);
5754 run_rt3070_rf_write(sc, 46, 0x73);
5755 run_rt3070_rf_write(sc, 53, 0x00);
5756 run_rt3070_rf_write(sc, 56, 0x42);
5757 run_rt3070_rf_write(sc, 61, 0xd1);
5758 }
5759 }
5760
5761 sc->rf24_20mhz = 0x1f; /* default value */
5762 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5763
5764 if (sc->mac_rev < 0x0211)
5765 run_rt3070_rf_write(sc, 27, 0x3);
5766
5767 run_read(sc, RT3070_OPT_14, &tmp);
5768 run_write(sc, RT3070_OPT_14, tmp | 1);
5769 }
5770
5771 static int
run_rt3070_filter_calib(struct run_softc * sc,uint8_t init,uint8_t target,uint8_t * val)5772 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5773 uint8_t *val)
5774 {
5775 uint8_t rf22, rf24;
5776 uint8_t bbp55_pb, bbp55_sb, delta;
5777 int ntries;
5778
5779 /* program filter */
5780 run_rt3070_rf_read(sc, 24, &rf24);
5781 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5782 run_rt3070_rf_write(sc, 24, rf24);
5783
5784 /* enable baseband loopback mode */
5785 run_rt3070_rf_read(sc, 22, &rf22);
5786 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5787
5788 /* set power and frequency of passband test tone */
5789 run_bbp_write(sc, 24, 0x00);
5790 for (ntries = 0; ntries < 100; ntries++) {
5791 /* transmit test tone */
5792 run_bbp_write(sc, 25, 0x90);
5793 run_delay(sc, 10);
5794 /* read received power */
5795 run_bbp_read(sc, 55, &bbp55_pb);
5796 if (bbp55_pb != 0)
5797 break;
5798 }
5799 if (ntries == 100)
5800 return (ETIMEDOUT);
5801
5802 /* set power and frequency of stopband test tone */
5803 run_bbp_write(sc, 24, 0x06);
5804 for (ntries = 0; ntries < 100; ntries++) {
5805 /* transmit test tone */
5806 run_bbp_write(sc, 25, 0x90);
5807 run_delay(sc, 10);
5808 /* read received power */
5809 run_bbp_read(sc, 55, &bbp55_sb);
5810
5811 delta = bbp55_pb - bbp55_sb;
5812 if (delta > target)
5813 break;
5814
5815 /* reprogram filter */
5816 rf24++;
5817 run_rt3070_rf_write(sc, 24, rf24);
5818 }
5819 if (ntries < 100) {
5820 if (rf24 != init)
5821 rf24--; /* backtrack */
5822 *val = rf24;
5823 run_rt3070_rf_write(sc, 24, rf24);
5824 }
5825
5826 /* restore initial state */
5827 run_bbp_write(sc, 24, 0x00);
5828
5829 /* disable baseband loopback mode */
5830 run_rt3070_rf_read(sc, 22, &rf22);
5831 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5832
5833 return (0);
5834 }
5835
5836 static void
run_rt3070_rf_setup(struct run_softc * sc)5837 run_rt3070_rf_setup(struct run_softc *sc)
5838 {
5839 uint8_t bbp, rf;
5840 int i;
5841
5842 if (sc->mac_ver == 0x3572) {
5843 /* enable DC filter */
5844 if (sc->mac_rev >= 0x0201)
5845 run_bbp_write(sc, 103, 0xc0);
5846
5847 run_bbp_read(sc, 138, &bbp);
5848 if (sc->ntxchains == 1)
5849 bbp |= 0x20; /* turn off DAC1 */
5850 if (sc->nrxchains == 1)
5851 bbp &= ~0x02; /* turn off ADC1 */
5852 run_bbp_write(sc, 138, bbp);
5853
5854 if (sc->mac_rev >= 0x0211) {
5855 /* improve power consumption */
5856 run_bbp_read(sc, 31, &bbp);
5857 run_bbp_write(sc, 31, bbp & ~0x03);
5858 }
5859
5860 run_rt3070_rf_read(sc, 16, &rf);
5861 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5862 run_rt3070_rf_write(sc, 16, rf);
5863
5864 } else if (sc->mac_ver == 0x3071) {
5865 if (sc->mac_rev >= 0x0211) {
5866 /* enable DC filter */
5867 run_bbp_write(sc, 103, 0xc0);
5868
5869 /* improve power consumption */
5870 run_bbp_read(sc, 31, &bbp);
5871 run_bbp_write(sc, 31, bbp & ~0x03);
5872 }
5873
5874 run_bbp_read(sc, 138, &bbp);
5875 if (sc->ntxchains == 1)
5876 bbp |= 0x20; /* turn off DAC1 */
5877 if (sc->nrxchains == 1)
5878 bbp &= ~0x02; /* turn off ADC1 */
5879 run_bbp_write(sc, 138, bbp);
5880
5881 run_write(sc, RT2860_TX_SW_CFG1, 0);
5882 if (sc->mac_rev < 0x0211) {
5883 run_write(sc, RT2860_TX_SW_CFG2,
5884 sc->patch_dac ? 0x2c : 0x0f);
5885 } else
5886 run_write(sc, RT2860_TX_SW_CFG2, 0);
5887
5888 } else if (sc->mac_ver == 0x3070) {
5889 if (sc->mac_rev >= 0x0201) {
5890 /* enable DC filter */
5891 run_bbp_write(sc, 103, 0xc0);
5892
5893 /* improve power consumption */
5894 run_bbp_read(sc, 31, &bbp);
5895 run_bbp_write(sc, 31, bbp & ~0x03);
5896 }
5897
5898 if (sc->mac_rev < 0x0201) {
5899 run_write(sc, RT2860_TX_SW_CFG1, 0);
5900 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5901 } else
5902 run_write(sc, RT2860_TX_SW_CFG2, 0);
5903 }
5904
5905 /* initialize RF registers from ROM for >=RT3071*/
5906 if (sc->mac_ver >= 0x3071) {
5907 for (i = 0; i < 10; i++) {
5908 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5909 continue;
5910 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5911 }
5912 }
5913 }
5914
5915 static void
run_rt3593_rf_setup(struct run_softc * sc)5916 run_rt3593_rf_setup(struct run_softc *sc)
5917 {
5918 uint8_t bbp, rf;
5919
5920 if (sc->mac_rev >= 0x0211) {
5921 /* Enable DC filter. */
5922 run_bbp_write(sc, 103, 0xc0);
5923 }
5924 run_write(sc, RT2860_TX_SW_CFG1, 0);
5925 if (sc->mac_rev < 0x0211) {
5926 run_write(sc, RT2860_TX_SW_CFG2,
5927 sc->patch_dac ? 0x2c : 0x0f);
5928 } else
5929 run_write(sc, RT2860_TX_SW_CFG2, 0);
5930
5931 run_rt3070_rf_read(sc, 50, &rf);
5932 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5933
5934 run_rt3070_rf_read(sc, 51, &rf);
5935 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5936 ((sc->txmixgain_2ghz & 0x07) << 2);
5937 run_rt3070_rf_write(sc, 51, rf);
5938
5939 run_rt3070_rf_read(sc, 38, &rf);
5940 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5941
5942 run_rt3070_rf_read(sc, 39, &rf);
5943 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5944
5945 run_rt3070_rf_read(sc, 1, &rf);
5946 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5947
5948 run_rt3070_rf_read(sc, 30, &rf);
5949 rf = (rf & ~0x18) | 0x10;
5950 run_rt3070_rf_write(sc, 30, rf);
5951
5952 /* Apply maximum likelihood detection for 2 stream case. */
5953 run_bbp_read(sc, 105, &bbp);
5954 if (sc->nrxchains > 1)
5955 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5956
5957 /* Avoid data lost and CRC error. */
5958 run_bbp_read(sc, 4, &bbp);
5959 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5960
5961 run_bbp_write(sc, 92, 0x02);
5962 run_bbp_write(sc, 82, 0x82);
5963 run_bbp_write(sc, 106, 0x05);
5964 run_bbp_write(sc, 104, 0x92);
5965 run_bbp_write(sc, 88, 0x90);
5966 run_bbp_write(sc, 148, 0xc8);
5967 run_bbp_write(sc, 47, 0x48);
5968 run_bbp_write(sc, 120, 0x50);
5969
5970 run_bbp_write(sc, 163, 0x9d);
5971
5972 /* SNR mapping. */
5973 run_bbp_write(sc, 142, 0x06);
5974 run_bbp_write(sc, 143, 0xa0);
5975 run_bbp_write(sc, 142, 0x07);
5976 run_bbp_write(sc, 143, 0xa1);
5977 run_bbp_write(sc, 142, 0x08);
5978 run_bbp_write(sc, 143, 0xa2);
5979
5980 run_bbp_write(sc, 31, 0x08);
5981 run_bbp_write(sc, 68, 0x0b);
5982 run_bbp_write(sc, 105, 0x04);
5983 }
5984
5985 static void
run_rt5390_rf_setup(struct run_softc * sc)5986 run_rt5390_rf_setup(struct run_softc *sc)
5987 {
5988 uint8_t bbp, rf;
5989
5990 if (sc->mac_rev >= 0x0211) {
5991 /* Enable DC filter. */
5992 run_bbp_write(sc, 103, 0xc0);
5993
5994 if (sc->mac_ver != 0x5592) {
5995 /* Improve power consumption. */
5996 run_bbp_read(sc, 31, &bbp);
5997 run_bbp_write(sc, 31, bbp & ~0x03);
5998 }
5999 }
6000
6001 run_bbp_read(sc, 138, &bbp);
6002 if (sc->ntxchains == 1)
6003 bbp |= 0x20; /* turn off DAC1 */
6004 if (sc->nrxchains == 1)
6005 bbp &= ~0x02; /* turn off ADC1 */
6006 run_bbp_write(sc, 138, bbp);
6007
6008 run_rt3070_rf_read(sc, 38, &rf);
6009 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
6010
6011 run_rt3070_rf_read(sc, 39, &rf);
6012 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
6013
6014 /* Avoid data lost and CRC error. */
6015 run_bbp_read(sc, 4, &bbp);
6016 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
6017
6018 run_rt3070_rf_read(sc, 30, &rf);
6019 rf = (rf & ~0x18) | 0x10;
6020 run_rt3070_rf_write(sc, 30, rf);
6021
6022 if (sc->mac_ver != 0x5592) {
6023 run_write(sc, RT2860_TX_SW_CFG1, 0);
6024 if (sc->mac_rev < 0x0211) {
6025 run_write(sc, RT2860_TX_SW_CFG2,
6026 sc->patch_dac ? 0x2c : 0x0f);
6027 } else
6028 run_write(sc, RT2860_TX_SW_CFG2, 0);
6029 }
6030 }
6031
6032 static int
run_txrx_enable(struct run_softc * sc)6033 run_txrx_enable(struct run_softc *sc)
6034 {
6035 struct ieee80211com *ic = &sc->sc_ic;
6036 uint32_t tmp;
6037 int error, ntries;
6038
6039 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
6040 for (ntries = 0; ntries < 200; ntries++) {
6041 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
6042 return (error);
6043 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6044 break;
6045 run_delay(sc, 50);
6046 }
6047 if (ntries == 200)
6048 return (ETIMEDOUT);
6049
6050 run_delay(sc, 50);
6051
6052 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
6053 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6054
6055 /* enable Rx bulk aggregation (set timeout and limit) */
6056 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
6057 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
6058 run_write(sc, RT2860_USB_DMA_CFG, tmp);
6059
6060 /* set Rx filter */
6061 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
6062 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
6063 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
6064 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
6065 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
6066 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
6067 if (ic->ic_opmode == IEEE80211_M_STA)
6068 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
6069 }
6070 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
6071
6072 run_write(sc, RT2860_MAC_SYS_CTRL,
6073 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6074
6075 return (0);
6076 }
6077
6078 static void
run_adjust_freq_offset(struct run_softc * sc)6079 run_adjust_freq_offset(struct run_softc *sc)
6080 {
6081 uint8_t rf, tmp;
6082
6083 run_rt3070_rf_read(sc, 17, &rf);
6084 tmp = rf;
6085 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
6086 rf = MIN(rf, 0x5f);
6087
6088 if (tmp != rf)
6089 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
6090 }
6091
6092 static void
run_init_locked(struct run_softc * sc)6093 run_init_locked(struct run_softc *sc)
6094 {
6095 struct ieee80211com *ic = &sc->sc_ic;
6096 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6097 uint32_t tmp;
6098 uint8_t bbp1, bbp3;
6099 int i;
6100 int ridx;
6101 int ntries;
6102
6103 if (ic->ic_nrunning > 1)
6104 return;
6105
6106 run_stop(sc);
6107
6108 if (run_load_microcode(sc) != 0) {
6109 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
6110 goto fail;
6111 }
6112
6113 for (ntries = 0; ntries < 100; ntries++) {
6114 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
6115 goto fail;
6116 if (tmp != 0 && tmp != 0xffffffff)
6117 break;
6118 run_delay(sc, 10);
6119 }
6120 if (ntries == 100)
6121 goto fail;
6122
6123 for (i = 0; i != RUN_EP_QUEUES; i++)
6124 run_setup_tx_list(sc, &sc->sc_epq[i]);
6125
6126 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
6127
6128 for (ntries = 0; ntries < 100; ntries++) {
6129 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6130 goto fail;
6131 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6132 break;
6133 run_delay(sc, 10);
6134 }
6135 if (ntries == 100) {
6136 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6137 goto fail;
6138 }
6139 tmp &= 0xff0;
6140 tmp |= RT2860_TX_WB_DDONE;
6141 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6142
6143 /* turn off PME_OEN to solve high-current issue */
6144 run_read(sc, RT2860_SYS_CTRL, &tmp);
6145 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6146
6147 run_write(sc, RT2860_MAC_SYS_CTRL,
6148 RT2860_BBP_HRST | RT2860_MAC_SRST);
6149 run_write(sc, RT2860_USB_DMA_CFG, 0);
6150
6151 if (run_reset(sc) != 0) {
6152 device_printf(sc->sc_dev, "could not reset chipset\n");
6153 goto fail;
6154 }
6155
6156 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6157
6158 /* init Tx power for all Tx rates (from EEPROM) */
6159 for (ridx = 0; ridx < 5; ridx++) {
6160 if (sc->txpow20mhz[ridx] == 0xffffffff)
6161 continue;
6162 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6163 }
6164
6165 for (i = 0; i < nitems(rt2870_def_mac); i++)
6166 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6167 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6168 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6169 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6170
6171 if (sc->mac_ver >= 0x5390) {
6172 run_write(sc, RT2860_TX_SW_CFG0,
6173 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6174 if (sc->mac_ver >= 0x5392) {
6175 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6176 if (sc->mac_ver == 0x5592) {
6177 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6178 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6179 } else {
6180 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6181 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6182 }
6183 }
6184 } else if (sc->mac_ver == 0x3593) {
6185 run_write(sc, RT2860_TX_SW_CFG0,
6186 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6187 } else if (sc->mac_ver >= 0x3070) {
6188 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6189 run_write(sc, RT2860_TX_SW_CFG0,
6190 4 << RT2860_DLY_PAPE_EN_SHIFT);
6191 }
6192
6193 /* wait while MAC is busy */
6194 for (ntries = 0; ntries < 100; ntries++) {
6195 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6196 goto fail;
6197 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6198 break;
6199 run_delay(sc, 10);
6200 }
6201 if (ntries == 100)
6202 goto fail;
6203
6204 /* clear Host to MCU mailbox */
6205 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6206 run_write(sc, RT2860_H2M_MAILBOX, 0);
6207 run_delay(sc, 10);
6208
6209 if (run_bbp_init(sc) != 0) {
6210 device_printf(sc->sc_dev, "could not initialize BBP\n");
6211 goto fail;
6212 }
6213
6214 /* abort TSF synchronization */
6215 run_disable_tsf(sc);
6216
6217 /* clear RX WCID search table */
6218 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6219 /* clear WCID attribute table */
6220 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6221
6222 /* hostapd sets a key before init. So, don't clear it. */
6223 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6224 /* clear shared key table */
6225 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6226 /* clear shared key mode */
6227 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6228 }
6229
6230 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6231 tmp = (tmp & ~0xff) | 0x1e;
6232 run_write(sc, RT2860_US_CYC_CNT, tmp);
6233
6234 if (sc->mac_rev != 0x0101)
6235 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6236
6237 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6238 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6239
6240 /* write vendor-specific BBP values (from EEPROM) */
6241 if (sc->mac_ver < 0x3593) {
6242 for (i = 0; i < 10; i++) {
6243 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6244 continue;
6245 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6246 }
6247 }
6248
6249 /* select Main antenna for 1T1R devices */
6250 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6251 run_set_rx_antenna(sc, 0);
6252
6253 /* send LEDs operating mode to microcontroller */
6254 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6255 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6256 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6257
6258 if (sc->mac_ver >= 0x5390)
6259 run_rt5390_rf_init(sc);
6260 else if (sc->mac_ver == 0x3593)
6261 run_rt3593_rf_init(sc);
6262 else if (sc->mac_ver >= 0x3070)
6263 run_rt3070_rf_init(sc);
6264
6265 /* disable non-existing Rx chains */
6266 run_bbp_read(sc, 3, &bbp3);
6267 bbp3 &= ~(1 << 3 | 1 << 4);
6268 if (sc->nrxchains == 2)
6269 bbp3 |= 1 << 3;
6270 else if (sc->nrxchains == 3)
6271 bbp3 |= 1 << 4;
6272 run_bbp_write(sc, 3, bbp3);
6273
6274 /* disable non-existing Tx chains */
6275 run_bbp_read(sc, 1, &bbp1);
6276 if (sc->ntxchains == 1)
6277 bbp1 &= ~(1 << 3 | 1 << 4);
6278 run_bbp_write(sc, 1, bbp1);
6279
6280 if (sc->mac_ver >= 0x5390)
6281 run_rt5390_rf_setup(sc);
6282 else if (sc->mac_ver == 0x3593)
6283 run_rt3593_rf_setup(sc);
6284 else if (sc->mac_ver >= 0x3070)
6285 run_rt3070_rf_setup(sc);
6286
6287 /* select default channel */
6288 run_set_chan(sc, ic->ic_curchan);
6289
6290 /* setup initial protection mode */
6291 run_updateprot_cb(ic);
6292
6293 /* turn radio LED on */
6294 run_set_leds(sc, RT2860_LED_RADIO);
6295
6296 /* Set up AUTO_RSP_CFG register for auto response */
6297 run_write(sc, RT2860_AUTO_RSP_CFG, RT2860_AUTO_RSP_EN |
6298 RT2860_BAC_ACKPOLICY_EN | RT2860_CTS_40M_MODE_EN);
6299
6300 sc->sc_flags |= RUN_RUNNING;
6301 sc->cmdq_run = RUN_CMDQ_GO;
6302
6303 for (i = 0; i != RUN_N_XFER; i++)
6304 usbd_xfer_set_stall(sc->sc_xfer[i]);
6305
6306 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6307
6308 if (run_txrx_enable(sc) != 0)
6309 goto fail;
6310
6311 return;
6312
6313 fail:
6314 run_stop(sc);
6315 }
6316
6317 static void
run_stop(void * arg)6318 run_stop(void *arg)
6319 {
6320 struct run_softc *sc = (struct run_softc *)arg;
6321 uint32_t tmp;
6322 int i;
6323 int ntries;
6324
6325 RUN_LOCK_ASSERT(sc, MA_OWNED);
6326
6327 if (sc->sc_flags & RUN_RUNNING)
6328 run_set_leds(sc, 0); /* turn all LEDs off */
6329
6330 sc->sc_flags &= ~RUN_RUNNING;
6331
6332 sc->ratectl_run = RUN_RATECTL_OFF;
6333 sc->cmdq_run = sc->cmdq_key_set;
6334
6335 RUN_UNLOCK(sc);
6336
6337 for(i = 0; i < RUN_N_XFER; i++)
6338 usbd_transfer_drain(sc->sc_xfer[i]);
6339
6340 RUN_LOCK(sc);
6341
6342 run_drain_mbufq(sc);
6343
6344 if (sc->rx_m != NULL) {
6345 m_free(sc->rx_m);
6346 sc->rx_m = NULL;
6347 }
6348
6349 /* Disable Tx/Rx DMA. */
6350 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6351 return;
6352 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6353 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6354
6355 for (ntries = 0; ntries < 100; ntries++) {
6356 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6357 return;
6358 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6359 break;
6360 run_delay(sc, 10);
6361 }
6362 if (ntries == 100) {
6363 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6364 return;
6365 }
6366
6367 /* disable Tx/Rx */
6368 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6369 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6370 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6371
6372 /* wait for pending Tx to complete */
6373 for (ntries = 0; ntries < 100; ntries++) {
6374 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6375 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6376 "Cannot read Tx queue count\n");
6377 break;
6378 }
6379 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6380 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6381 "All Tx cleared\n");
6382 break;
6383 }
6384 run_delay(sc, 10);
6385 }
6386 if (ntries >= 100)
6387 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6388 "There are still pending Tx\n");
6389 run_delay(sc, 10);
6390 run_write(sc, RT2860_USB_DMA_CFG, 0);
6391
6392 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6393 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6394
6395 for (i = 0; i != RUN_EP_QUEUES; i++)
6396 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6397 }
6398
6399 static void
run_delay(struct run_softc * sc,u_int ms)6400 run_delay(struct run_softc *sc, u_int ms)
6401 {
6402 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6403 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6404 }
6405
6406 static void
run_update_chw(struct ieee80211com * ic)6407 run_update_chw(struct ieee80211com *ic)
6408 {
6409
6410 printf("%s: TODO\n", __func__);
6411 }
6412
6413 static int
run_ampdu_enable(struct ieee80211_node * ni,struct ieee80211_tx_ampdu * tap)6414 run_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6415 {
6416
6417 /* For now, no A-MPDU TX support in the driver */
6418 return (0);
6419 }
6420
6421 static device_method_t run_methods[] = {
6422 /* Device interface */
6423 DEVMETHOD(device_probe, run_match),
6424 DEVMETHOD(device_attach, run_attach),
6425 DEVMETHOD(device_detach, run_detach),
6426 DEVMETHOD_END
6427 };
6428
6429 static driver_t run_driver = {
6430 .name = "run",
6431 .methods = run_methods,
6432 .size = sizeof(struct run_softc)
6433 };
6434
6435 DRIVER_MODULE(run, uhub, run_driver, run_driver_loaded, NULL);
6436 MODULE_DEPEND(run, wlan, 1, 1, 1);
6437 MODULE_DEPEND(run, usb, 1, 1, 1);
6438 MODULE_DEPEND(run, firmware, 1, 1, 1);
6439 MODULE_VERSION(run, 1);
6440 USB_PNP_HOST_INFO(run_devs);
6441