xref: /freebsd/sys/dev/rtwn/if_rtwn.c (revision 792bbaba989533a1fc93823df1720c8c4aaf0442)
1 /*	$OpenBSD: if_urtwn.c,v 1.16 2011/02/10 17:26:40 jakemsr Exp $	*/
2 
3 /*-
4  * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr>
5  * Copyright (c) 2014 Kevin Lo <kevlo@FreeBSD.org>
6  * Copyright (c) 2015-2016 Andriy Voskoboinyk <avos@FreeBSD.org>
7  *
8  * Permission to use, copy, modify, and distribute this software for any
9  * purpose with or without fee is hereby granted, provided that the above
10  * copyright notice and this permission notice appear in all copies.
11  *
12  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19  */
20 
21 #include <sys/cdefs.h>
22 __FBSDID("$FreeBSD$");
23 
24 /*
25  * Driver for Realtek RTL8188CE-VAU/RTL8188CUS/RTL8188EU/RTL8188RU/RTL8192CU/RTL8812AU/RTL8821AU.
26  */
27 #include "opt_wlan.h"
28 
29 #include <sys/param.h>
30 #include <sys/sockio.h>
31 #include <sys/sysctl.h>
32 #include <sys/lock.h>
33 #include <sys/mutex.h>
34 #include <sys/mbuf.h>
35 #include <sys/kernel.h>
36 #include <sys/socket.h>
37 #include <sys/systm.h>
38 #include <sys/malloc.h>
39 #include <sys/module.h>
40 #include <sys/bus.h>
41 #include <sys/endian.h>
42 #include <sys/linker.h>
43 #include <sys/firmware.h>
44 #include <sys/kdb.h>
45 
46 #include <net/bpf.h>
47 #include <net/if.h>
48 #include <net/if_var.h>
49 #include <net/if_arp.h>
50 #include <net/ethernet.h>
51 #include <net/if_dl.h>
52 #include <net/if_media.h>
53 #include <net/if_types.h>
54 
55 #include <netinet/in.h>
56 #include <netinet/in_systm.h>
57 #include <netinet/in_var.h>
58 #include <netinet/if_ether.h>
59 #include <netinet/ip.h>
60 
61 #include <net80211/ieee80211_var.h>
62 #include <net80211/ieee80211_regdomain.h>
63 #include <net80211/ieee80211_radiotap.h>
64 #include <net80211/ieee80211_ratectl.h>
65 
66 #include <dev/rtwn/if_rtwnreg.h>
67 #include <dev/rtwn/if_rtwnvar.h>
68 
69 #include <dev/rtwn/if_rtwn_beacon.h>
70 #include <dev/rtwn/if_rtwn_calib.h>
71 #include <dev/rtwn/if_rtwn_cam.h>
72 #include <dev/rtwn/if_rtwn_debug.h>
73 #include <dev/rtwn/if_rtwn_efuse.h>
74 #include <dev/rtwn/if_rtwn_fw.h>
75 #include <dev/rtwn/if_rtwn_ridx.h>
76 #include <dev/rtwn/if_rtwn_rx.h>
77 #include <dev/rtwn/if_rtwn_task.h>
78 #include <dev/rtwn/if_rtwn_tx.h>
79 
80 #include <dev/rtwn/rtl8192c/r92c_reg.h>
81 
82 
83 static void		rtwn_radiotap_attach(struct rtwn_softc *);
84 static void		rtwn_vap_decrement_counters(struct rtwn_softc *,
85 			    enum ieee80211_opmode, int);
86 static void		rtwn_set_ic_opmode(struct rtwn_softc *);
87 static struct ieee80211vap *rtwn_vap_create(struct ieee80211com *,
88 			    const char [IFNAMSIZ], int, enum ieee80211_opmode,
89 			    int, const uint8_t [IEEE80211_ADDR_LEN],
90 			    const uint8_t [IEEE80211_ADDR_LEN]);
91 static void		rtwn_vap_delete(struct ieee80211vap *);
92 static int		rtwn_read_chipid(struct rtwn_softc *);
93 static int		rtwn_ioctl_reset(struct ieee80211vap *, u_long);
94 #ifndef RTWN_WITHOUT_UCODE
95 static void		rtwn_set_media_status(struct rtwn_softc *,
96 			    union sec_param *);
97 static int		rtwn_tx_fwpkt_check(struct rtwn_softc *,
98 			    struct ieee80211vap *);
99 static int		rtwn_construct_nulldata(struct rtwn_softc *,
100 			    struct ieee80211vap *, uint8_t *, int);
101 static int		rtwn_push_nulldata(struct rtwn_softc *,
102 			    struct ieee80211vap *);
103 static void		rtwn_pwrmode_init(void *);
104 static void		rtwn_set_pwrmode_cb(struct rtwn_softc *,
105 			    union sec_param *);
106 #endif
107 static void		rtwn_tsf_sync_adhoc(void *);
108 static void		rtwn_tsf_sync_adhoc_task(void *, int);
109 static void		rtwn_tsf_sync_enable(struct rtwn_softc *,
110 			    struct ieee80211vap *);
111 static void		rtwn_set_ack_preamble(struct rtwn_softc *);
112 static void		rtwn_set_mode(struct rtwn_softc *, uint8_t, int);
113 static int		rtwn_monitor_newstate(struct ieee80211vap *,
114 			    enum ieee80211_state, int);
115 static int		rtwn_newstate(struct ieee80211vap *,
116 			    enum ieee80211_state, int);
117 static void		rtwn_calc_basicrates(struct rtwn_softc *);
118 static int		rtwn_run(struct rtwn_softc *,
119 			    struct ieee80211vap *);
120 #ifndef D4054
121 static void		rtwn_watchdog(void *);
122 #endif
123 static void		rtwn_parent(struct ieee80211com *);
124 static int		rtwn_llt_write(struct rtwn_softc *, uint32_t,
125 			    uint32_t);
126 static int		rtwn_llt_init(struct rtwn_softc *);
127 static int		rtwn_dma_init(struct rtwn_softc *);
128 static int		rtwn_mac_init(struct rtwn_softc *);
129 static void		rtwn_mrr_init(struct rtwn_softc *);
130 static void		rtwn_scan_start(struct ieee80211com *);
131 static void		rtwn_scan_curchan(struct ieee80211_scan_state *,
132 			    unsigned long);
133 static void		rtwn_scan_end(struct ieee80211com *);
134 static void		rtwn_getradiocaps(struct ieee80211com *, int, int *,
135 			    struct ieee80211_channel[]);
136 static void		rtwn_update_chw(struct ieee80211com *);
137 static void		rtwn_set_channel(struct ieee80211com *);
138 static int		rtwn_wme_update(struct ieee80211com *);
139 static void		rtwn_update_slot(struct ieee80211com *);
140 static void		rtwn_update_slot_cb(struct rtwn_softc *,
141 			    union sec_param *);
142 static void		rtwn_update_aifs(struct rtwn_softc *, uint8_t);
143 static void		rtwn_update_promisc(struct ieee80211com *);
144 static void		rtwn_update_mcast(struct ieee80211com *);
145 static int		rtwn_set_bssid(struct rtwn_softc *,
146 			    const uint8_t *, int);
147 static int		rtwn_set_macaddr(struct rtwn_softc *,
148 			    const uint8_t *, int);
149 static struct ieee80211_node *rtwn_node_alloc(struct ieee80211vap *,
150 			    const uint8_t mac[IEEE80211_ADDR_LEN]);
151 static void		rtwn_newassoc(struct ieee80211_node *, int);
152 static void		rtwn_node_free(struct ieee80211_node *);
153 static void		rtwn_init_beacon_reg(struct rtwn_softc *);
154 static int		rtwn_init(struct rtwn_softc *);
155 static void		rtwn_stop(struct rtwn_softc *);
156 
157 MALLOC_DEFINE(M_RTWN_PRIV, "rtwn_priv", "rtwn driver private state");
158 
159 static const uint8_t rtwn_chan_2ghz[] =
160 	{ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 };
161 
162 static const uint16_t wme2reg[] =
163 	{ R92C_EDCA_BE_PARAM, R92C_EDCA_BK_PARAM,
164 	  R92C_EDCA_VI_PARAM, R92C_EDCA_VO_PARAM };
165 
166 int
167 rtwn_attach(struct rtwn_softc *sc)
168 {
169 	struct ieee80211com *ic = &sc->sc_ic;
170 	int error;
171 
172 	sc->cur_bcnq_id = RTWN_VAP_ID_INVALID;
173 
174 	RTWN_NT_LOCK_INIT(sc);
175 	rtwn_cmdq_init(sc);
176 #ifndef D4054
177 	callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
178 #endif
179 	callout_init(&sc->sc_calib_to, 0);
180 	callout_init(&sc->sc_pwrmode_init, 0);
181 	mbufq_init(&sc->sc_snd, ifqmaxlen);
182 
183 	RTWN_LOCK(sc);
184 	error = rtwn_read_chipid(sc);
185 	RTWN_UNLOCK(sc);
186 	if (error != 0) {
187 		device_printf(sc->sc_dev, "unsupported test chip\n");
188 		goto detach;
189 	}
190 
191 	error = rtwn_read_rom(sc);
192 	if (error != 0) {
193 		device_printf(sc->sc_dev, "%s: cannot read rom, error %d\n",
194 		    __func__, error);
195 		goto detach;
196 	}
197 
198 	if (sc->macid_limit > RTWN_MACID_LIMIT) {
199 		device_printf(sc->sc_dev,
200 		    "macid limit will be reduced from %d to %d\n",
201 		    sc->macid_limit, RTWN_MACID_LIMIT);
202 		sc->macid_limit = RTWN_MACID_LIMIT;
203 	}
204 	if (sc->cam_entry_limit > RTWN_CAM_ENTRY_LIMIT) {
205 		device_printf(sc->sc_dev,
206 		    "cam entry limit will be reduced from %d to %d\n",
207 		    sc->cam_entry_limit, RTWN_CAM_ENTRY_LIMIT);
208 		sc->cam_entry_limit = RTWN_CAM_ENTRY_LIMIT;
209 	}
210 	if (sc->txdesc_len > RTWN_TX_DESC_SIZE) {
211 		device_printf(sc->sc_dev,
212 		    "adjust size for Tx descriptor (current %d, needed %d)\n",
213 		    RTWN_TX_DESC_SIZE, sc->txdesc_len);
214 		goto detach;
215 	}
216 
217 	device_printf(sc->sc_dev, "MAC/BB %s, RF 6052 %dT%dR\n",
218 	    sc->name, sc->ntxchains, sc->nrxchains);
219 
220 	ic->ic_softc = sc;
221 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
222 	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
223 
224 	/* set device capabilities */
225 	ic->ic_caps =
226 		  IEEE80211_C_STA		/* station mode */
227 		| IEEE80211_C_MONITOR		/* monitor mode */
228 		| IEEE80211_C_IBSS		/* adhoc mode */
229 		| IEEE80211_C_HOSTAP		/* hostap mode */
230 #if 0	/* TODO: HRPWM register setup */
231 #ifndef RTWN_WITHOUT_UCODE
232 		| IEEE80211_C_PMGT		/* Station-side power mgmt */
233 #endif
234 #endif
235 		| IEEE80211_C_SHPREAMBLE	/* short preamble supported */
236 		| IEEE80211_C_SHSLOT		/* short slot time supported */
237 #if 0
238 		| IEEE80211_C_BGSCAN		/* capable of bg scanning */
239 #endif
240 		| IEEE80211_C_WPA		/* 802.11i */
241 		| IEEE80211_C_WME		/* 802.11e */
242 		| IEEE80211_C_SWAMSDUTX		/* Do software A-MSDU TX */
243 		| IEEE80211_C_FF		/* Atheros fast-frames */
244 		;
245 
246 	if (sc->sc_hwcrypto != RTWN_CRYPTO_SW) {
247 		ic->ic_cryptocaps =
248 		    IEEE80211_CRYPTO_WEP |
249 		    IEEE80211_CRYPTO_TKIP |
250 		    IEEE80211_CRYPTO_AES_CCM;
251 	}
252 
253 	ic->ic_htcaps =
254 	      IEEE80211_HTCAP_SHORTGI20		/* short GI in 20MHz */
255 	    | IEEE80211_HTCAP_MAXAMSDU_3839	/* max A-MSDU length */
256 	    | IEEE80211_HTCAP_SMPS_OFF		/* SM PS mode disabled */
257 	    /* s/w capabilities */
258 	    | IEEE80211_HTC_HT			/* HT operation */
259 	    | IEEE80211_HTC_AMPDU		/* A-MPDU tx */
260 	    | IEEE80211_HTC_AMSDU		/* A-MSDU tx */
261 	    ;
262 
263 	if (sc->sc_ht40) {
264 		ic->ic_htcaps |=
265 		      IEEE80211_HTCAP_CHWIDTH40	/* 40 MHz channel width */
266 		    | IEEE80211_HTCAP_SHORTGI40	/* short GI in 40MHz */
267 		    ;
268 	}
269 
270 	ic->ic_txstream = sc->ntxchains;
271 	ic->ic_rxstream = sc->nrxchains;
272 
273 	/* Enable TX watchdog */
274 #ifdef D4054
275 	ic->ic_flags_ext |= IEEE80211_FEXT_WATCHDOG;
276 #endif
277 
278 	/* Adjust capabilities. */
279 	rtwn_adj_devcaps(sc);
280 
281 	rtwn_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
282 	    ic->ic_channels);
283 
284 	/* XXX TODO: setup regdomain if R92C_CHANNEL_PLAN_BY_HW bit is set. */
285 
286 	ieee80211_ifattach(ic);
287 	ic->ic_raw_xmit = rtwn_raw_xmit;
288 	ic->ic_scan_start = rtwn_scan_start;
289 	sc->sc_scan_curchan = ic->ic_scan_curchan;
290 	ic->ic_scan_curchan = rtwn_scan_curchan;
291 	ic->ic_scan_end = rtwn_scan_end;
292 	ic->ic_getradiocaps = rtwn_getradiocaps;
293 	ic->ic_update_chw = rtwn_update_chw;
294 	ic->ic_set_channel = rtwn_set_channel;
295 	ic->ic_transmit = rtwn_transmit;
296 	ic->ic_parent = rtwn_parent;
297 	ic->ic_vap_create = rtwn_vap_create;
298 	ic->ic_vap_delete = rtwn_vap_delete;
299 	ic->ic_wme.wme_update = rtwn_wme_update;
300 	ic->ic_updateslot = rtwn_update_slot;
301 	ic->ic_update_promisc = rtwn_update_promisc;
302 	ic->ic_update_mcast = rtwn_update_mcast;
303 	ic->ic_node_alloc = rtwn_node_alloc;
304 	ic->ic_newassoc = rtwn_newassoc;
305 	sc->sc_node_free = ic->ic_node_free;
306 	ic->ic_node_free = rtwn_node_free;
307 
308 	rtwn_postattach(sc);
309 	rtwn_radiotap_attach(sc);
310 
311 	if (bootverbose)
312 		ieee80211_announce(ic);
313 
314 	return (0);
315 
316 detach:
317 	return (ENXIO);			/* failure */
318 }
319 
320 static void
321 rtwn_radiotap_attach(struct rtwn_softc *sc)
322 {
323 	struct rtwn_rx_radiotap_header *rxtap = &sc->sc_rxtap;
324 	struct rtwn_tx_radiotap_header *txtap = &sc->sc_txtap;
325 
326 	ieee80211_radiotap_attach(&sc->sc_ic,
327 	    &txtap->wt_ihdr, sizeof(*txtap), RTWN_TX_RADIOTAP_PRESENT,
328 	    &rxtap->wr_ihdr, sizeof(*rxtap), RTWN_RX_RADIOTAP_PRESENT);
329 }
330 
331 void
332 rtwn_sysctlattach(struct rtwn_softc *sc)
333 {
334 	struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev);
335 	struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev);
336 
337 #if 1
338 	sc->sc_ht40 = 0;
339 	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
340 	    "ht40", CTLFLAG_RDTUN, &sc->sc_ht40,
341 	    sc->sc_ht40, "Enable 40 MHz mode support");
342 #endif
343 
344 #ifdef RTWN_DEBUG
345 	SYSCTL_ADD_U32(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
346 	    "debug", CTLFLAG_RWTUN, &sc->sc_debug, sc->sc_debug,
347 	    "Control debugging printfs");
348 #endif
349 
350 	sc->sc_hwcrypto = RTWN_CRYPTO_PAIR;
351 	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
352 	    "hwcrypto", CTLFLAG_RDTUN, &sc->sc_hwcrypto,
353 	    sc->sc_hwcrypto, "Enable h/w crypto: "
354 	    "0 - disable, 1 - pairwise keys, 2 - all keys");
355 	if (sc->sc_hwcrypto >= RTWN_CRYPTO_MAX)
356 		sc->sc_hwcrypto = RTWN_CRYPTO_FULL;
357 
358 	sc->sc_ratectl_sysctl = RTWN_RATECTL_NET80211;
359 	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
360 	    "ratectl", CTLFLAG_RDTUN, &sc->sc_ratectl_sysctl,
361 	    sc->sc_ratectl_sysctl, "Select rate control mechanism: "
362 	    "0 - disabled, 1 - via net80211, 2 - via firmware");
363 	if (sc->sc_ratectl_sysctl >= RTWN_RATECTL_MAX)
364 		sc->sc_ratectl_sysctl = RTWN_RATECTL_FW;
365 
366 	sc->sc_ratectl = sc->sc_ratectl_sysctl;
367 	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
368 	    "ratectl_selected", CTLFLAG_RD, &sc->sc_ratectl,
369 	    sc->sc_ratectl,
370 	    "Currently selected rate control mechanism (by the driver)");
371 }
372 
373 void
374 rtwn_detach(struct rtwn_softc *sc)
375 {
376 	struct ieee80211com *ic = &sc->sc_ic;
377 
378 	if (ic->ic_softc == sc) {
379 		/* Stop command queue. */
380 		RTWN_CMDQ_LOCK(sc);
381 		sc->sc_detached = 1;
382 		RTWN_CMDQ_UNLOCK(sc);
383 
384 		ieee80211_draintask(ic, &sc->cmdq_task);
385 		ieee80211_ifdetach(ic);
386 	}
387 
388 	rtwn_cmdq_destroy(sc);
389 	if (RTWN_NT_LOCK_INITIALIZED(sc))
390 		RTWN_NT_LOCK_DESTROY(sc);
391 }
392 
393 void
394 rtwn_suspend(struct rtwn_softc *sc)
395 {
396 	struct ieee80211com *ic = &sc->sc_ic;
397 
398 	ieee80211_suspend_all(ic);
399 }
400 
401 void
402 rtwn_resume(struct rtwn_softc *sc)
403 {
404 	struct ieee80211com *ic = &sc->sc_ic;
405 
406 	ieee80211_resume_all(ic);
407 }
408 
409 static void
410 rtwn_vap_decrement_counters(struct rtwn_softc *sc,
411     enum ieee80211_opmode opmode, int id)
412 {
413 
414 	RTWN_ASSERT_LOCKED(sc);
415 
416 	if (id != RTWN_VAP_ID_INVALID) {
417 		KASSERT(id == 0 || id == 1, ("wrong vap id %d!\n", id));
418 		KASSERT(sc->vaps[id] != NULL, ("vap pointer is NULL\n"));
419 		sc->vaps[id] = NULL;
420 	}
421 
422 	switch (opmode) {
423 	case IEEE80211_M_HOSTAP:
424 		sc->ap_vaps--;
425 		/* FALLTHROUGH */
426 	case IEEE80211_M_IBSS:
427 		sc->bcn_vaps--;
428 		/* FALLTHROUGH */
429 	case IEEE80211_M_STA:
430 		sc->nvaps--;
431 		break;
432 	case IEEE80211_M_MONITOR:
433 		sc->mon_vaps--;
434 		break;
435 	default:
436 		KASSERT(0, ("wrong opmode %d\n", opmode));
437 		break;
438 	}
439 
440 	KASSERT(sc->vaps_running >= 0 && sc->monvaps_running >= 0,
441 	    ("number of running vaps is negative (vaps %d, monvaps %d)\n",
442 	    sc->vaps_running, sc->monvaps_running));
443 	KASSERT(sc->vaps_running - sc->monvaps_running <= RTWN_PORT_COUNT,
444 	    ("number of running vaps is too big (vaps %d, monvaps %d)\n",
445 	    sc->vaps_running, sc->monvaps_running));
446 
447 	KASSERT(sc->nvaps >= 0 && sc->nvaps <= RTWN_PORT_COUNT,
448 	    ("wrong value %d for nvaps\n", sc->nvaps));
449 	KASSERT(sc->mon_vaps >= 0, ("mon_vaps is negative (%d)\n",
450 	    sc->mon_vaps));
451 	KASSERT(sc->bcn_vaps >= 0 && ((RTWN_CHIP_HAS_BCNQ1(sc) &&
452 	    sc->bcn_vaps <= RTWN_PORT_COUNT) || sc->bcn_vaps <= 1),
453 	    ("bcn_vaps value %d is wrong\n", sc->bcn_vaps));
454 	KASSERT(sc->ap_vaps >= 0 && ((RTWN_CHIP_HAS_BCNQ1(sc) &&
455 	    sc->ap_vaps <= RTWN_PORT_COUNT) || sc->ap_vaps <= 1),
456 	    ("ap_vaps value %d is wrong\n", sc->ap_vaps));
457 }
458 
459 static void
460 rtwn_set_ic_opmode(struct rtwn_softc *sc)
461 {
462 	struct ieee80211com *ic = &sc->sc_ic;
463 
464 	RTWN_ASSERT_LOCKED(sc);
465 
466 	/* for ieee80211_reset_erp() */
467 	if (sc->bcn_vaps - sc->ap_vaps > 0)
468 		ic->ic_opmode = IEEE80211_M_IBSS;
469 	else if (sc->ap_vaps > 0)
470 		ic->ic_opmode = IEEE80211_M_HOSTAP;
471 	else if (sc->nvaps > 0)
472 		ic->ic_opmode = IEEE80211_M_STA;
473 	else
474 		ic->ic_opmode = IEEE80211_M_MONITOR;
475 }
476 
477 static struct ieee80211vap *
478 rtwn_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
479     enum ieee80211_opmode opmode, int flags,
480     const uint8_t bssid[IEEE80211_ADDR_LEN],
481     const uint8_t mac[IEEE80211_ADDR_LEN])
482 {
483 	struct rtwn_softc *sc = ic->ic_softc;
484 	struct rtwn_vap *uvp;
485 	struct ieee80211vap *vap;
486 	int id = RTWN_VAP_ID_INVALID;
487 
488 	RTWN_LOCK(sc);
489 	KASSERT(sc->nvaps <= RTWN_PORT_COUNT,
490 	    ("nvaps overflow (%d > %d)\n", sc->nvaps, RTWN_PORT_COUNT));
491 	KASSERT(sc->ap_vaps <= RTWN_PORT_COUNT,
492 	    ("ap_vaps overflow (%d > %d)\n", sc->ap_vaps, RTWN_PORT_COUNT));
493 	KASSERT(sc->bcn_vaps <= RTWN_PORT_COUNT,
494 	    ("bcn_vaps overflow (%d > %d)\n", sc->bcn_vaps, RTWN_PORT_COUNT));
495 
496 	if (opmode != IEEE80211_M_MONITOR) {
497 		switch (sc->nvaps) {
498 		case 0:
499 			id = 0;
500 			break;
501 		case 1:
502 			if (sc->vaps[1] == NULL)
503 				id = 1;
504 			else if (sc->vaps[0] == NULL)
505 				id = 0;
506 			KASSERT(id != RTWN_VAP_ID_INVALID,
507 			    ("no free ports left\n"));
508 			break;
509 		case 2:
510 		default:
511 			goto fail;
512 		}
513 
514 		if (opmode == IEEE80211_M_IBSS ||
515 		    opmode == IEEE80211_M_HOSTAP) {
516 			if ((sc->bcn_vaps == 1 && !RTWN_CHIP_HAS_BCNQ1(sc)) ||
517 			    sc->bcn_vaps == RTWN_PORT_COUNT)
518 				goto fail;
519 		}
520 	}
521 
522 	switch (opmode) {
523 	case IEEE80211_M_HOSTAP:
524 		sc->ap_vaps++;
525 		/* FALLTHROUGH */
526 	case IEEE80211_M_IBSS:
527 		sc->bcn_vaps++;
528 		/* FALLTHROUGH */
529 	case IEEE80211_M_STA:
530 		sc->nvaps++;
531 		break;
532 	case IEEE80211_M_MONITOR:
533 		sc->mon_vaps++;
534 		break;
535 	default:
536 		KASSERT(0, ("unknown opmode %d\n", opmode));
537 		goto fail;
538 	}
539 	RTWN_UNLOCK(sc);
540 
541 	uvp = malloc(sizeof(struct rtwn_vap), M_80211_VAP, M_WAITOK | M_ZERO);
542 	uvp->id = id;
543 	if (id != RTWN_VAP_ID_INVALID) {
544 		RTWN_LOCK(sc);
545 		sc->vaps[id] = uvp;
546 		RTWN_UNLOCK(sc);
547 	}
548 	vap = &uvp->vap;
549 	/* enable s/w bmiss handling for sta mode */
550 
551 	if (ieee80211_vap_setup(ic, vap, name, unit, opmode,
552 	    flags | IEEE80211_CLONE_NOBEACONS, bssid) != 0) {
553 		/* out of memory */
554 		free(uvp, M_80211_VAP);
555 
556 		RTWN_LOCK(sc);
557 		rtwn_vap_decrement_counters(sc, opmode, id);
558 		RTWN_UNLOCK(sc);
559 
560 		return (NULL);
561 	}
562 
563 	rtwn_beacon_init(sc, &uvp->bcn_desc.txd[0], uvp->id);
564 	rtwn_vap_preattach(sc, vap);
565 
566 	/* override state transition machine */
567 	uvp->newstate = vap->iv_newstate;
568 	if (opmode == IEEE80211_M_MONITOR)
569 		vap->iv_newstate = rtwn_monitor_newstate;
570 	else
571 		vap->iv_newstate = rtwn_newstate;
572 	vap->iv_update_beacon = rtwn_update_beacon;
573 	vap->iv_reset = rtwn_ioctl_reset;
574 	vap->iv_key_alloc = rtwn_key_alloc;
575 	vap->iv_key_set = rtwn_key_set;
576 	vap->iv_key_delete = rtwn_key_delete;
577 	vap->iv_max_aid = sc->macid_limit;
578 
579 	/* 802.11n parameters */
580 	vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_16;
581 	vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K;
582 
583 	TIMEOUT_TASK_INIT(taskqueue_thread, &uvp->tx_beacon_csa, 0,
584 	    rtwn_tx_beacon_csa, vap);
585 	if (opmode == IEEE80211_M_IBSS) {
586 		uvp->recv_mgmt = vap->iv_recv_mgmt;
587 		vap->iv_recv_mgmt = rtwn_adhoc_recv_mgmt;
588 		TASK_INIT(&uvp->tsf_sync_adhoc_task, 0,
589 		    rtwn_tsf_sync_adhoc_task, vap);
590 		callout_init(&uvp->tsf_sync_adhoc, 0);
591 	}
592 
593 	/*
594 	 * NB: driver can select net80211 RA even when user requests
595 	 * another mechanism.
596 	 */
597 	ieee80211_ratectl_init(vap);
598 
599 	/* complete setup */
600 	ieee80211_vap_attach(vap, ieee80211_media_change,
601 	    ieee80211_media_status, mac);
602 
603 	RTWN_LOCK(sc);
604 	rtwn_set_ic_opmode(sc);
605 	if (sc->sc_flags & RTWN_RUNNING) {
606 		if (uvp->id != RTWN_VAP_ID_INVALID)
607 			rtwn_set_macaddr(sc, vap->iv_myaddr, uvp->id);
608 
609 		rtwn_rxfilter_update(sc);
610 	}
611 	RTWN_UNLOCK(sc);
612 
613 	return (vap);
614 
615 fail:
616 	RTWN_UNLOCK(sc);
617 	return (NULL);
618 }
619 
620 static void
621 rtwn_vap_delete(struct ieee80211vap *vap)
622 {
623 	struct ieee80211com *ic = vap->iv_ic;
624 	struct rtwn_softc *sc = ic->ic_softc;
625 	struct rtwn_vap *uvp = RTWN_VAP(vap);
626 
627 	/* Put vap into INIT state + stop device if needed. */
628 	ieee80211_stop(vap);
629 	ieee80211_draintask(ic, &vap->iv_nstate_task);
630 	ieee80211_draintask(ic, &ic->ic_parent_task);
631 
632 	RTWN_LOCK(sc);
633 	/* Cancel any unfinished Tx. */
634 	rtwn_reset_lists(sc, vap);
635 	if (uvp->bcn_mbuf != NULL)
636 		m_freem(uvp->bcn_mbuf);
637 	rtwn_vap_decrement_counters(sc, vap->iv_opmode, uvp->id);
638 	rtwn_set_ic_opmode(sc);
639 	if (sc->sc_flags & RTWN_RUNNING)
640 		rtwn_rxfilter_update(sc);
641 	RTWN_UNLOCK(sc);
642 
643 	if (vap->iv_opmode == IEEE80211_M_IBSS) {
644 		ieee80211_draintask(ic, &uvp->tsf_sync_adhoc_task);
645 		callout_drain(&uvp->tsf_sync_adhoc);
646 	}
647 
648 	ieee80211_ratectl_deinit(vap);
649 	ieee80211_vap_detach(vap);
650 	free(uvp, M_80211_VAP);
651 }
652 
653 static int
654 rtwn_read_chipid(struct rtwn_softc *sc)
655 {
656 	uint32_t reg;
657 
658 	reg = rtwn_read_4(sc, R92C_SYS_CFG);
659 	if (reg & R92C_SYS_CFG_TRP_VAUX_EN)	/* test chip */
660 		return (EOPNOTSUPP);
661 
662 	rtwn_read_chipid_vendor(sc, reg);
663 
664 	return (0);
665 }
666 
667 static int
668 rtwn_ioctl_reset(struct ieee80211vap *vap, u_long cmd)
669 {
670 	int error;
671 
672 	switch (cmd) {
673 #ifndef RTWN_WITHOUT_UCODE
674 	case IEEE80211_IOC_POWERSAVE:
675 	case IEEE80211_IOC_POWERSAVESLEEP:
676 	{
677 		struct rtwn_softc *sc = vap->iv_ic->ic_softc;
678 		struct rtwn_vap *uvp = RTWN_VAP(vap);
679 
680 		if (vap->iv_opmode == IEEE80211_M_STA && uvp->id == 0) {
681 			RTWN_LOCK(sc);
682 			if (sc->sc_flags & RTWN_RUNNING)
683 				error = rtwn_set_pwrmode(sc, vap, 1);
684 			else
685 				error = 0;
686 			RTWN_UNLOCK(sc);
687 			if (error != 0)
688 				error = ENETRESET;
689 		} else
690 			error = EOPNOTSUPP;
691 		break;
692 	}
693 #endif
694 	case IEEE80211_IOC_SHORTGI:
695 	case IEEE80211_IOC_RTSTHRESHOLD:
696 	case IEEE80211_IOC_PROTMODE:
697 	case IEEE80211_IOC_HTPROTMODE:
698 		error = 0;
699 		break;
700 	default:
701 		error = ENETRESET;
702 		break;
703 	}
704 
705 	return (error);
706 }
707 
708 #ifndef RTWN_WITHOUT_UCODE
709 static void
710 rtwn_set_media_status(struct rtwn_softc *sc, union sec_param *data)
711 {
712 	sc->sc_set_media_status(sc, data->macid);
713 }
714 
715 static int
716 rtwn_tx_fwpkt_check(struct rtwn_softc *sc, struct ieee80211vap *vap)
717 {
718 	int ntries, error;
719 
720 	for (ntries = 0; ntries < 5; ntries++) {
721 		error = rtwn_push_nulldata(sc, vap);
722 		if (error == 0)
723 			break;
724 	}
725 	if (ntries == 5) {
726 		device_printf(sc->sc_dev,
727 		    "%s: cannot push f/w frames into chip, error %d!\n",
728 		    __func__, error);
729 		return (error);
730 	}
731 
732 	return (0);
733 }
734 
735 static int
736 rtwn_construct_nulldata(struct rtwn_softc *sc, struct ieee80211vap *vap,
737     uint8_t *ptr, int qos)
738 {
739 	struct rtwn_vap *uvp = RTWN_VAP(vap);
740 	struct ieee80211com *ic = &sc->sc_ic;
741 	struct rtwn_tx_desc_common *txd;
742 	struct ieee80211_frame *wh;
743 	int pktlen;
744 
745 	/* XXX obtain from net80211 */
746 	wh = (struct ieee80211_frame *)(ptr + sc->txdesc_len);
747 	wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
748 	wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
749 	IEEE80211_ADDR_COPY(wh->i_addr1, vap->iv_bss->ni_bssid);
750 	IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
751 	IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_macaddr);
752 
753 	txd = (struct rtwn_tx_desc_common *)ptr;
754 	txd->offset = sc->txdesc_len;
755 	pktlen = sc->txdesc_len;
756 	if (qos) {
757 		struct ieee80211_qosframe *qwh;
758 		const int tid = WME_AC_TO_TID(WME_AC_BE);
759 
760 		qwh = (struct ieee80211_qosframe *)wh;
761 		qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS_NULL;
762 		qwh->i_qos[0] = tid & IEEE80211_QOS_TID;
763 
764 		txd->pktlen = htole16(sizeof(struct ieee80211_qosframe));
765 		pktlen += sizeof(struct ieee80211_qosframe);
766 	} else {
767 		wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_NODATA;
768 
769 		txd->pktlen = htole16(sizeof(struct ieee80211_frame));
770 		pktlen += sizeof(struct ieee80211_frame);
771 	}
772 
773 	rtwn_fill_tx_desc_null(sc, ptr,
774 	    ic->ic_curmode == IEEE80211_MODE_11B, qos, uvp->id);
775 
776 	return (pktlen);
777 }
778 
779 static int
780 rtwn_push_nulldata(struct rtwn_softc *sc, struct ieee80211vap *vap)
781 {
782 	struct rtwn_vap *uvp = RTWN_VAP(vap);
783 	struct ieee80211com *ic = vap->iv_ic;
784 	struct ieee80211_channel *c = ic->ic_curchan;
785 	struct mbuf *m;
786 	uint8_t *ptr;
787 	int required_size, bcn_size, null_size, null_data, error;
788 
789 	if (!(sc->sc_flags & RTWN_FW_LOADED))
790 		return (0);	/* requires firmware */
791 
792 	KASSERT(sc->page_size > 0, ("page size was not set!\n"));
793 
794 	/* Leave some space for beacon (multi-vap) */
795 	bcn_size = roundup(RTWN_BCN_MAX_SIZE, sc->page_size);
796 	/* 1 page for Null Data + 1 page for Qos Null Data frames. */
797 	required_size = bcn_size + sc->page_size * 2;
798 
799 	m = m_get2(required_size, M_NOWAIT, MT_DATA, M_PKTHDR);
800 	if (m == NULL)
801 		return (ENOMEM);
802 
803 	/* Setup beacon descriptor. */
804 	rtwn_beacon_set_rate(sc, &uvp->bcn_desc.txd[0],
805 	    IEEE80211_IS_CHAN_5GHZ(c));
806 
807 	ptr = mtod(m, uint8_t *);
808 	memset(ptr, 0, required_size - sc->txdesc_len);
809 
810 	/* Construct Null Data frame. */
811 	ptr += bcn_size - sc->txdesc_len;
812 	null_size = rtwn_construct_nulldata(sc, vap, ptr, 0);
813 	KASSERT(null_size < sc->page_size,
814 	    ("recalculate size for Null Data frame\n"));
815 
816 	/* Construct Qos Null Data frame. */
817 	ptr += roundup(null_size, sc->page_size);
818 	null_size = rtwn_construct_nulldata(sc, vap, ptr, 1);
819 	KASSERT(null_size < sc->page_size,
820 	    ("recalculate size for Qos Null Data frame\n"));
821 
822 	/* Do not try to detect a beacon here. */
823 	rtwn_setbits_1_shift(sc, R92C_CR, 0, R92C_CR_ENSWBCN, 1);
824 	rtwn_setbits_1_shift(sc, R92C_FWHW_TXQ_CTRL,
825 	    R92C_FWHW_TXQ_CTRL_REAL_BEACON, 0, 2);
826 
827 	if (uvp->bcn_mbuf != NULL) {
828 		rtwn_beacon_unload(sc, uvp->id);
829 		m_freem(uvp->bcn_mbuf);
830 	}
831 
832 	m->m_pkthdr.len = m->m_len = required_size - sc->txdesc_len;
833 	uvp->bcn_mbuf = m;
834 
835 	error = rtwn_tx_beacon_check(sc, uvp);
836 	if (error != 0) {
837 		RTWN_DPRINTF(sc, RTWN_DEBUG_BEACON,
838 		    "%s: frame was not recognized!\n", __func__);
839 		goto fail;
840 	}
841 
842 	/* Setup addresses in firmware. */
843 	null_data = howmany(bcn_size, sc->page_size);
844 	error = rtwn_set_rsvd_page(sc, 0, null_data, null_data + 1);
845 	if (error != 0) {
846 		device_printf(sc->sc_dev,
847 		    "%s: CMD_RSVD_PAGE was not sent, error %d\n",
848 		    __func__, error);
849 		goto fail;
850 	}
851 
852 fail:
853 	/* Re-enable beacon detection. */
854 	rtwn_setbits_1_shift(sc, R92C_FWHW_TXQ_CTRL,
855 	    0, R92C_FWHW_TXQ_CTRL_REAL_BEACON, 2);
856 	rtwn_setbits_1_shift(sc, R92C_CR, R92C_CR_ENSWBCN, 0, 1);
857 
858 	/* Restore beacon (if present). */
859 	if (sc->bcn_vaps > 0 && sc->vaps[!uvp->id] != NULL) {
860 		struct rtwn_vap *uvp2 = sc->vaps[!uvp->id];
861 
862 		if (uvp2->curr_mode != R92C_MSR_NOLINK)
863 			error = rtwn_tx_beacon_check(sc, uvp2);
864 	}
865 
866 	return (error);
867 }
868 
869 static void
870 rtwn_pwrmode_init(void *arg)
871 {
872 	struct rtwn_softc *sc = arg;
873 
874 	rtwn_cmd_sleepable(sc, NULL, 0, rtwn_set_pwrmode_cb);
875 }
876 
877 static void
878 rtwn_set_pwrmode_cb(struct rtwn_softc *sc, union sec_param *data)
879 {
880 	struct ieee80211vap *vap = &sc->vaps[0]->vap;
881 
882 	if (vap != NULL)
883 		rtwn_set_pwrmode(sc, vap, 1);
884 }
885 #endif
886 
887 static void
888 rtwn_tsf_sync_adhoc(void *arg)
889 {
890 	struct ieee80211vap *vap = arg;
891 	struct ieee80211com *ic = vap->iv_ic;
892 	struct rtwn_vap *uvp = RTWN_VAP(vap);
893 
894 	if (uvp->curr_mode != R92C_MSR_NOLINK) {
895 		/* Do it in process context. */
896 		ieee80211_runtask(ic, &uvp->tsf_sync_adhoc_task);
897 	}
898 }
899 
900 /*
901  * Workaround for TSF synchronization:
902  * when BSSID filter in IBSS mode is not set
903  * (and TSF synchronization is enabled), then any beacon may update it.
904  * This routine synchronizes it when BSSID matching is enabled (IBSS merge
905  * is not possible during this period).
906  *
907  * NOTE: there is no race with rtwn_newstate(), since it uses the same
908  * taskqueue.
909  */
910 static void
911 rtwn_tsf_sync_adhoc_task(void *arg, int pending)
912 {
913 	struct ieee80211vap *vap = arg;
914 	struct rtwn_vap *uvp = RTWN_VAP(vap);
915 	struct rtwn_softc *sc = vap->iv_ic->ic_softc;
916 	struct ieee80211_node *ni;
917 
918 	RTWN_LOCK(sc);
919 	ni = ieee80211_ref_node(vap->iv_bss);
920 
921 	/* Accept beacons with the same BSSID. */
922 	rtwn_set_rx_bssid_all(sc, 0);
923 
924 	/* Deny RCR updates. */
925 	sc->sc_flags |= RTWN_RCR_LOCKED;
926 
927 	/* Enable synchronization. */
928 	rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id),
929 	    R92C_BCN_CTRL_DIS_TSF_UDT0, 0);
930 
931 	/* Synchronize. */
932 	rtwn_delay(sc, ni->ni_intval * 5 * 1000);
933 
934 	/* Disable synchronization. */
935 	rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id),
936 	    0, R92C_BCN_CTRL_DIS_TSF_UDT0);
937 
938 	/* Accept all beacons. */
939 	sc->sc_flags &= ~RTWN_RCR_LOCKED;
940 	rtwn_set_rx_bssid_all(sc, 1);
941 
942 	/* Schedule next TSF synchronization. */
943 	callout_reset(&uvp->tsf_sync_adhoc, 60*hz, rtwn_tsf_sync_adhoc, vap);
944 
945 	ieee80211_free_node(ni);
946 	RTWN_UNLOCK(sc);
947 }
948 
949 static void
950 rtwn_tsf_sync_enable(struct rtwn_softc *sc, struct ieee80211vap *vap)
951 {
952 	struct ieee80211com *ic = &sc->sc_ic;
953 	struct rtwn_vap *uvp = RTWN_VAP(vap);
954 
955 	/* Reset TSF. */
956 	rtwn_write_1(sc, R92C_DUAL_TSF_RST, R92C_DUAL_TSF_RESET(uvp->id));
957 
958 	switch (vap->iv_opmode) {
959 	case IEEE80211_M_STA:
960 		/* Enable TSF synchronization. */
961 		rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id),
962 		    R92C_BCN_CTRL_DIS_TSF_UDT0, 0);
963 		break;
964 	case IEEE80211_M_IBSS:
965 		ieee80211_runtask(ic, &uvp->tsf_sync_adhoc_task);
966 		/* FALLTHROUGH */
967 	case IEEE80211_M_HOSTAP:
968 		/* Enable beaconing. */
969 		rtwn_beacon_enable(sc, uvp->id, 1);
970 		break;
971 	default:
972 		device_printf(sc->sc_dev, "undefined opmode %d\n",
973 		    vap->iv_opmode);
974 		return;
975 	}
976 }
977 
978 static void
979 rtwn_set_ack_preamble(struct rtwn_softc *sc)
980 {
981 	struct ieee80211com *ic = &sc->sc_ic;
982 	uint32_t reg;
983 
984 	reg = rtwn_read_4(sc, R92C_WMAC_TRXPTCL_CTL);
985 	if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
986 		reg |= R92C_WMAC_TRXPTCL_SHPRE;
987 	else
988 		reg &= ~R92C_WMAC_TRXPTCL_SHPRE;
989 	rtwn_write_4(sc, R92C_WMAC_TRXPTCL_CTL, reg);
990 }
991 
992 static void
993 rtwn_set_mode(struct rtwn_softc *sc, uint8_t mode, int id)
994 {
995 
996 	rtwn_setbits_1(sc, R92C_MSR, R92C_MSR_MASK << id * 2, mode << id * 2);
997 	if (sc->vaps[id] != NULL)
998 		sc->vaps[id]->curr_mode = mode;
999 }
1000 
1001 static int
1002 rtwn_monitor_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate,
1003     int arg)
1004 {
1005 	struct ieee80211com *ic = vap->iv_ic;
1006 	struct rtwn_softc *sc = ic->ic_softc;
1007 	struct rtwn_vap *uvp = RTWN_VAP(vap);
1008 
1009 	RTWN_DPRINTF(sc, RTWN_DEBUG_STATE, "%s -> %s\n",
1010 	    ieee80211_state_name[vap->iv_state],
1011 	    ieee80211_state_name[nstate]);
1012 
1013 	if (vap->iv_state != nstate) {
1014 		IEEE80211_UNLOCK(ic);
1015 		RTWN_LOCK(sc);
1016 
1017 		switch (nstate) {
1018 		case IEEE80211_S_INIT:
1019 			sc->vaps_running--;
1020 			sc->monvaps_running--;
1021 
1022 			if (sc->vaps_running == 0) {
1023 				/* Turn link LED off. */
1024 				rtwn_set_led(sc, RTWN_LED_LINK, 0);
1025 			}
1026 			break;
1027 		case IEEE80211_S_RUN:
1028 			sc->vaps_running++;
1029 			sc->monvaps_running++;
1030 
1031 			if (sc->vaps_running == 1) {
1032 				/* Turn link LED on. */
1033 				rtwn_set_led(sc, RTWN_LED_LINK, 1);
1034 			}
1035 			break;
1036 		default:
1037 			/* NOTREACHED */
1038 			break;
1039 		}
1040 
1041 		RTWN_UNLOCK(sc);
1042 		IEEE80211_LOCK(ic);
1043 	}
1044 
1045 	return (uvp->newstate(vap, nstate, arg));
1046 }
1047 
1048 static int
1049 rtwn_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
1050 {
1051 	struct rtwn_vap *uvp = RTWN_VAP(vap);
1052 	struct ieee80211com *ic = vap->iv_ic;
1053 	struct rtwn_softc *sc = ic->ic_softc;
1054 	enum ieee80211_state ostate;
1055 	int error, early_newstate;
1056 
1057 	ostate = vap->iv_state;
1058 	RTWN_DPRINTF(sc, RTWN_DEBUG_STATE, "%s -> %s\n",
1059 	    ieee80211_state_name[ostate], ieee80211_state_name[nstate]);
1060 
1061 	if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC &&
1062 	    ostate == IEEE80211_S_INIT && nstate == IEEE80211_S_RUN) {
1063 		/* need to call iv_newstate() firstly */
1064 		error = uvp->newstate(vap, nstate, arg);
1065 		if (error != 0)
1066 			return (error);
1067 
1068 		early_newstate = 1;
1069 	} else
1070 		early_newstate = 0;
1071 
1072 	if (ostate == IEEE80211_S_CSA) {
1073 		taskqueue_cancel_timeout(taskqueue_thread,
1074 		    &uvp->tx_beacon_csa, NULL);
1075 
1076 		/*
1077 		 * In multi-vap case second counter may not be cleared
1078 		 * properly.
1079 		 */
1080 		vap->iv_csa_count = 0;
1081 	}
1082 	IEEE80211_UNLOCK(ic);
1083 	RTWN_LOCK(sc);
1084 
1085 	if (ostate == IEEE80211_S_CSA) {
1086 		/* Unblock all queues (multi-vap case). */
1087 		rtwn_write_1(sc, R92C_TXPAUSE, 0);
1088 	}
1089 
1090 	if ((ostate == IEEE80211_S_RUN && nstate != IEEE80211_S_CSA) ||
1091 	    ostate == IEEE80211_S_CSA) {
1092 		sc->vaps_running--;
1093 
1094 		/* Set media status to 'No Link'. */
1095 		rtwn_set_mode(sc, R92C_MSR_NOLINK, uvp->id);
1096 
1097 		if (vap->iv_opmode == IEEE80211_M_IBSS) {
1098 			/* Stop periodical TSF synchronization. */
1099 			callout_stop(&uvp->tsf_sync_adhoc);
1100 		}
1101 
1102 		/* Disable TSF synchronization / beaconing. */
1103 		rtwn_beacon_enable(sc, uvp->id, 0);
1104 		rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id),
1105 		    0, R92C_BCN_CTRL_DIS_TSF_UDT0);
1106 
1107 		/* NB: monitor mode vaps are using port 0. */
1108 		if (uvp->id != 0 || sc->monvaps_running == 0) {
1109 			/* Reset TSF. */
1110 			rtwn_write_1(sc, R92C_DUAL_TSF_RST,
1111 			    R92C_DUAL_TSF_RESET(uvp->id));
1112 		}
1113 
1114 #ifndef RTWN_WITHOUT_UCODE
1115 		if ((ic->ic_caps & IEEE80211_C_PMGT) != 0 && uvp->id == 0) {
1116 			/* Disable power management. */
1117 			callout_stop(&sc->sc_pwrmode_init);
1118 			rtwn_set_pwrmode(sc, vap, 0);
1119 		}
1120 #endif
1121 		if (sc->vaps_running - sc->monvaps_running > 0) {
1122 			/* Recalculate basic rates bitmap. */
1123 			rtwn_calc_basicrates(sc);
1124 		}
1125 
1126 		if (sc->vaps_running == sc->monvaps_running) {
1127 			/* Stop calibration. */
1128 			callout_stop(&sc->sc_calib_to);
1129 
1130 			/* Stop Rx of data frames. */
1131 			rtwn_write_2(sc, R92C_RXFLTMAP2, 0);
1132 
1133 			/* Reset EDCA parameters. */
1134 			rtwn_write_4(sc, R92C_EDCA_VO_PARAM, 0x002f3217);
1135 			rtwn_write_4(sc, R92C_EDCA_VI_PARAM, 0x005e4317);
1136 			rtwn_write_4(sc, R92C_EDCA_BE_PARAM, 0x00105320);
1137 			rtwn_write_4(sc, R92C_EDCA_BK_PARAM, 0x0000a444);
1138 
1139 			if (sc->vaps_running == 0) {
1140 				/* Turn link LED off. */
1141 				rtwn_set_led(sc, RTWN_LED_LINK, 0);
1142 			}
1143 		}
1144 	}
1145 
1146 	error = 0;
1147 	switch (nstate) {
1148 	case IEEE80211_S_SCAN:
1149 		/* Pause AC Tx queues. */
1150 		if (sc->vaps_running == 0)
1151 			rtwn_setbits_1(sc, R92C_TXPAUSE, 0, R92C_TX_QUEUE_AC);
1152 		break;
1153 	case IEEE80211_S_RUN:
1154 		error = rtwn_run(sc, vap);
1155 		if (error != 0) {
1156 			device_printf(sc->sc_dev,
1157 			    "%s: could not move to RUN state\n", __func__);
1158 			break;
1159 		}
1160 
1161 		sc->vaps_running++;
1162 		break;
1163 	case IEEE80211_S_CSA:
1164 		/* Block all Tx queues (except beacon queue). */
1165 		rtwn_setbits_1(sc, R92C_TXPAUSE, 0,
1166 		    R92C_TX_QUEUE_AC | R92C_TX_QUEUE_MGT | R92C_TX_QUEUE_HIGH);
1167 		break;
1168 	default:
1169 		break;
1170 	}
1171 
1172 	RTWN_UNLOCK(sc);
1173 	IEEE80211_LOCK(ic);
1174 	if (error != 0)
1175 		return (error);
1176 
1177 	return (early_newstate ? 0 : uvp->newstate(vap, nstate, arg));
1178 }
1179 
1180 static void
1181 rtwn_calc_basicrates(struct rtwn_softc *sc)
1182 {
1183 	struct ieee80211com *ic = &sc->sc_ic;
1184 	uint32_t basicrates;
1185 	int i;
1186 
1187 	RTWN_ASSERT_LOCKED(sc);
1188 
1189 	if (ic->ic_flags & IEEE80211_F_SCAN)
1190 		return;		/* will be done by rtwn_scan_end(). */
1191 
1192 	basicrates = 0;
1193 	for (i = 0; i < nitems(sc->vaps); i++) {
1194 		struct rtwn_vap *rvp;
1195 		struct ieee80211vap *vap;
1196 		struct ieee80211_node *ni;
1197 		uint32_t rates;
1198 
1199 		rvp = sc->vaps[i];
1200 		if (rvp == NULL || rvp->curr_mode == R92C_MSR_NOLINK)
1201 			continue;
1202 
1203 		vap = &rvp->vap;
1204 		if (vap->iv_bss == NULL)
1205 			continue;
1206 
1207 		ni = ieee80211_ref_node(vap->iv_bss);
1208 		rtwn_get_rates(sc, &ni->ni_rates, NULL, &rates, NULL, 1);
1209 		basicrates |= rates;
1210 		ieee80211_free_node(ni);
1211 	}
1212 
1213 	if (basicrates == 0)
1214 		return;
1215 
1216 	/* XXX initial RTS rate? */
1217 	rtwn_set_basicrates(sc, basicrates);
1218 }
1219 
1220 static int
1221 rtwn_run(struct rtwn_softc *sc, struct ieee80211vap *vap)
1222 {
1223 	struct ieee80211com *ic = vap->iv_ic;
1224 	struct rtwn_vap *uvp = RTWN_VAP(vap);
1225 	struct ieee80211_node *ni;
1226 	uint8_t mode;
1227 	int error;
1228 
1229 	RTWN_ASSERT_LOCKED(sc);
1230 
1231 	error = 0;
1232 	ni = ieee80211_ref_node(vap->iv_bss);
1233 
1234 	if (ic->ic_bsschan == IEEE80211_CHAN_ANYC ||
1235 	    ni->ni_chan == IEEE80211_CHAN_ANYC) {
1236 		error = EINVAL;
1237 		goto fail;
1238 	}
1239 
1240 	switch (vap->iv_opmode) {
1241 	case IEEE80211_M_STA:
1242 		mode = R92C_MSR_INFRA;
1243 		break;
1244 	case IEEE80211_M_IBSS:
1245 		mode = R92C_MSR_ADHOC;
1246 		break;
1247 	case IEEE80211_M_HOSTAP:
1248 		mode = R92C_MSR_AP;
1249 		break;
1250 	default:
1251 		KASSERT(0, ("undefined opmode %d\n", vap->iv_opmode));
1252 		error = EINVAL;
1253 		goto fail;
1254 	}
1255 
1256 	/* Set media status to 'Associated'. */
1257 	rtwn_set_mode(sc, mode, uvp->id);
1258 
1259 	/* Set AssocID. */
1260 	/* XXX multi-vap? */
1261 	rtwn_write_2(sc, R92C_BCN_PSR_RPT,
1262 	    0xc000 | IEEE80211_NODE_AID(ni));
1263 
1264 	/* Set BSSID. */
1265 	rtwn_set_bssid(sc, ni->ni_bssid, uvp->id);
1266 
1267 	/* Set beacon interval. */
1268 	rtwn_write_2(sc, R92C_BCN_INTERVAL(uvp->id), ni->ni_intval);
1269 
1270 	if (sc->vaps_running == sc->monvaps_running) {
1271 		/* Enable Rx of data frames. */
1272 		rtwn_write_2(sc, R92C_RXFLTMAP2, 0xffff);
1273 
1274 		/* Flush all AC queues. */
1275 		rtwn_write_1(sc, R92C_TXPAUSE, 0);
1276 	}
1277 
1278 #ifndef RTWN_WITHOUT_UCODE
1279 	/* Upload (QoS) Null Data frame to firmware. */
1280 	/* Note: do this for port 0 only. */
1281 	if ((ic->ic_caps & IEEE80211_C_PMGT) != 0 &&
1282 	    vap->iv_opmode == IEEE80211_M_STA && uvp->id == 0) {
1283 		error = rtwn_tx_fwpkt_check(sc, vap);
1284 		if (error != 0)
1285 			goto fail;
1286 
1287 		/* Setup power management. */
1288 		/*
1289 		 * NB: it will be enabled immediately - delay it,
1290 		 * so 4-Way handshake will not be interrupted.
1291 		 */
1292 		callout_reset(&sc->sc_pwrmode_init, 5*hz,
1293 		    rtwn_pwrmode_init, sc);
1294 	}
1295 #endif
1296 
1297 	/* Enable TSF synchronization. */
1298 	rtwn_tsf_sync_enable(sc, vap);
1299 
1300 	if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
1301 	    vap->iv_opmode == IEEE80211_M_IBSS) {
1302 		error = rtwn_setup_beacon(sc, ni);
1303 		if (error != 0) {
1304 			device_printf(sc->sc_dev,
1305 			    "unable to push beacon into the chip, "
1306 			    "error %d\n", error);
1307 			goto fail;
1308 		}
1309 	}
1310 
1311 	/* Set ACK preamble type. */
1312 	rtwn_set_ack_preamble(sc);
1313 
1314 	/* Set basic rates mask. */
1315 	rtwn_calc_basicrates(sc);
1316 
1317 #ifdef RTWN_TODO
1318 	rtwn_write_1(sc, R92C_SIFS_CCK + 1, 10);
1319 	rtwn_write_1(sc, R92C_SIFS_OFDM + 1, 10);
1320 	rtwn_write_1(sc, R92C_SPEC_SIFS + 1, 10);
1321 	rtwn_write_1(sc, R92C_MAC_SPEC_SIFS + 1, 10);
1322 	rtwn_write_1(sc, R92C_R2T_SIFS + 1, 10);
1323 	rtwn_write_1(sc, R92C_T2T_SIFS + 1, 10);
1324 #endif
1325 
1326 	if (sc->vaps_running == sc->monvaps_running) {
1327 		/* Reset temperature calibration state machine. */
1328 		sc->sc_flags &= ~RTWN_TEMP_MEASURED;
1329 		sc->thcal_temp = sc->thermal_meter;
1330 
1331 		/* Start periodic calibration. */
1332 		callout_reset(&sc->sc_calib_to, 2*hz, rtwn_calib_to,
1333 		    sc);
1334 
1335 		if (sc->vaps_running == 0) {
1336 			/* Turn link LED on. */
1337 			rtwn_set_led(sc, RTWN_LED_LINK, 1);
1338 		}
1339 	}
1340 
1341 fail:
1342 	ieee80211_free_node(ni);
1343 
1344 	return (error);
1345 }
1346 
1347 #ifndef D4054
1348 static void
1349 rtwn_watchdog(void *arg)
1350 {
1351 	struct rtwn_softc *sc = arg;
1352 	struct ieee80211com *ic = &sc->sc_ic;
1353 
1354 	RTWN_ASSERT_LOCKED(sc);
1355 
1356 	KASSERT(sc->sc_flags & RTWN_RUNNING, ("not running"));
1357 
1358 	if (sc->sc_tx_timer != 0 && --sc->sc_tx_timer == 0) {
1359 		ic_printf(ic, "device timeout\n");
1360 		ieee80211_restart_all(ic);
1361 		return;
1362 	}
1363 	callout_reset(&sc->sc_watchdog_to, hz, rtwn_watchdog, sc);
1364 }
1365 #endif
1366 
1367 static void
1368 rtwn_parent(struct ieee80211com *ic)
1369 {
1370 	struct rtwn_softc *sc = ic->ic_softc;
1371 	struct ieee80211vap *vap;
1372 
1373 	if (ic->ic_nrunning > 0) {
1374 		if (rtwn_init(sc) != 0) {
1375 			IEEE80211_LOCK(ic);
1376 			TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
1377 				ieee80211_stop_locked(vap);
1378 			IEEE80211_UNLOCK(ic);
1379 		} else
1380 			ieee80211_start_all(ic);
1381 	} else
1382 		rtwn_stop(sc);
1383 }
1384 
1385 
1386 static int
1387 rtwn_llt_write(struct rtwn_softc *sc, uint32_t addr, uint32_t data)
1388 {
1389 	int ntries, error;
1390 
1391 	error = rtwn_write_4(sc, R92C_LLT_INIT,
1392 	    SM(R92C_LLT_INIT_OP, R92C_LLT_INIT_OP_WRITE) |
1393 	    SM(R92C_LLT_INIT_ADDR, addr) |
1394 	    SM(R92C_LLT_INIT_DATA, data));
1395 	if (error != 0)
1396 		return (error);
1397 	/* Wait for write operation to complete. */
1398 	for (ntries = 0; ntries < 20; ntries++) {
1399 		if (MS(rtwn_read_4(sc, R92C_LLT_INIT), R92C_LLT_INIT_OP) ==
1400 		    R92C_LLT_INIT_OP_NO_ACTIVE)
1401 			return (0);
1402 		rtwn_delay(sc, 10);
1403 	}
1404 	return (ETIMEDOUT);
1405 }
1406 
1407 static int
1408 rtwn_llt_init(struct rtwn_softc *sc)
1409 {
1410 	int i, error;
1411 
1412 	/* Reserve pages [0; page_count]. */
1413 	for (i = 0; i < sc->page_count; i++) {
1414 		if ((error = rtwn_llt_write(sc, i, i + 1)) != 0)
1415 			return (error);
1416 	}
1417 	/* NB: 0xff indicates end-of-list. */
1418 	if ((error = rtwn_llt_write(sc, i, 0xff)) != 0)
1419 		return (error);
1420 	/*
1421 	 * Use pages [page_count + 1; pktbuf_count - 1]
1422 	 * as ring buffer.
1423 	 */
1424 	for (++i; i < sc->pktbuf_count - 1; i++) {
1425 		if ((error = rtwn_llt_write(sc, i, i + 1)) != 0)
1426 			return (error);
1427 	}
1428 	/* Make the last page point to the beginning of the ring buffer. */
1429 	error = rtwn_llt_write(sc, i, sc->page_count + 1);
1430 	return (error);
1431 }
1432 
1433 static int
1434 rtwn_dma_init(struct rtwn_softc *sc)
1435 {
1436 #define RTWN_CHK(res) do {	\
1437 	if (res != 0)		\
1438 		return (EIO);	\
1439 } while(0)
1440 	uint16_t reg;
1441 	uint8_t tx_boundary;
1442 	int error;
1443 
1444 	/* Initialize LLT table. */
1445 	error = rtwn_llt_init(sc);
1446 	if (error != 0)
1447 		return (error);
1448 
1449 	/* Set the number of pages for each queue. */
1450 	RTWN_DPRINTF(sc, RTWN_DEBUG_RESET,
1451 	    "%s: pages per queue: high %d, normal %d, low %d, public %d\n",
1452 	    __func__, sc->nhqpages, sc->nnqpages, sc->nlqpages,
1453 	    sc->npubqpages);
1454 
1455 	RTWN_CHK(rtwn_write_1(sc, R92C_RQPN_NPQ, sc->nnqpages));
1456 	RTWN_CHK(rtwn_write_4(sc, R92C_RQPN,
1457 	    /* Set number of pages for public queue. */
1458 	    SM(R92C_RQPN_PUBQ, sc->npubqpages) |
1459 	    /* Set number of pages for high priority queue. */
1460 	    SM(R92C_RQPN_HPQ, sc->nhqpages) |
1461 	    /* Set number of pages for low priority queue. */
1462 	    SM(R92C_RQPN_LPQ, sc->nlqpages) |
1463 	    /* Load values. */
1464 	    R92C_RQPN_LD));
1465 
1466 	/* Initialize TX buffer boundary. */
1467 	KASSERT(sc->page_count < 255 && sc->page_count > 0,
1468 	    ("page_count is %d\n", sc->page_count));
1469 	tx_boundary = sc->page_count + 1;
1470 	RTWN_CHK(rtwn_write_1(sc, R92C_TXPKTBUF_BCNQ_BDNY, tx_boundary));
1471 	RTWN_CHK(rtwn_write_1(sc, R92C_TXPKTBUF_MGQ_BDNY, tx_boundary));
1472 	RTWN_CHK(rtwn_write_1(sc, R92C_TXPKTBUF_WMAC_LBK_BF_HD, tx_boundary));
1473 	RTWN_CHK(rtwn_write_1(sc, R92C_TRXFF_BNDY, tx_boundary));
1474 	RTWN_CHK(rtwn_write_1(sc, R92C_TDECTRL + 1, tx_boundary));
1475 
1476 	error = rtwn_init_bcnq1_boundary(sc);
1477 	if (error != 0)
1478 		return (error);
1479 
1480 	/* Set queue to USB pipe mapping. */
1481 	/* Note: PCIe devices are using some magic number here. */
1482 	reg = rtwn_get_qmap(sc);
1483 	RTWN_CHK(rtwn_setbits_2(sc, R92C_TRXDMA_CTRL,
1484 	    R92C_TRXDMA_CTRL_QMAP_M, reg));
1485 
1486 	/* Configure Tx/Rx DMA (PCIe). */
1487 	rtwn_set_desc_addr(sc);
1488 
1489 	/* Set Tx/Rx transfer page boundary. */
1490 	RTWN_CHK(rtwn_write_2(sc, R92C_TRXFF_BNDY + 2,
1491 	    sc->rx_dma_size - 1));
1492 
1493 	/* Set Tx/Rx transfer page size. */
1494 	rtwn_set_page_size(sc);
1495 
1496 	return (0);
1497 }
1498 
1499 static int
1500 rtwn_mac_init(struct rtwn_softc *sc)
1501 {
1502 	int i, error;
1503 
1504 	/* Write MAC initialization values. */
1505 	for (i = 0; i < sc->mac_size; i++) {
1506 		error = rtwn_write_1(sc, sc->mac_prog[i].reg,
1507 		    sc->mac_prog[i].val);
1508 		if (error != 0)
1509 			return (error);
1510 	}
1511 
1512 	return (0);
1513 }
1514 
1515 static void
1516 rtwn_mrr_init(struct rtwn_softc *sc)
1517 {
1518 	int i;
1519 
1520 	/* Drop rate index by 1 per retry. */
1521 	for (i = 0; i < R92C_DARFRC_SIZE; i++) {
1522 		rtwn_write_1(sc, R92C_DARFRC + i, i + 1);
1523 		rtwn_write_1(sc, R92C_RARFRC + i, i + 1);
1524 	}
1525 }
1526 
1527 static void
1528 rtwn_scan_start(struct ieee80211com *ic)
1529 {
1530 	struct rtwn_softc *sc = ic->ic_softc;
1531 
1532 	RTWN_LOCK(sc);
1533 	/* Pause beaconing. */
1534 	rtwn_setbits_1(sc, R92C_TXPAUSE, 0, R92C_TX_QUEUE_BCN);
1535 	/* Receive beacons / probe responses from any BSSID. */
1536 	if (sc->bcn_vaps == 0)
1537 		rtwn_set_rx_bssid_all(sc, 1);
1538 	RTWN_UNLOCK(sc);
1539 }
1540 
1541 static void
1542 rtwn_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
1543 {
1544 	struct rtwn_softc *sc = ss->ss_ic->ic_softc;
1545 
1546 	/* Make link LED blink during scan. */
1547 	RTWN_LOCK(sc);
1548 	rtwn_set_led(sc, RTWN_LED_LINK, !sc->ledlink);
1549 	RTWN_UNLOCK(sc);
1550 
1551 	sc->sc_scan_curchan(ss, maxdwell);
1552 }
1553 
1554 static void
1555 rtwn_scan_end(struct ieee80211com *ic)
1556 {
1557 	struct rtwn_softc *sc = ic->ic_softc;
1558 
1559 	RTWN_LOCK(sc);
1560 	/* Restore limitations. */
1561 	if (ic->ic_promisc == 0 && sc->bcn_vaps == 0)
1562 		rtwn_set_rx_bssid_all(sc, 0);
1563 
1564 	/* Restore LED state. */
1565 	rtwn_set_led(sc, RTWN_LED_LINK, (sc->vaps_running != 0));
1566 
1567 	/* Restore basic rates mask. */
1568 	rtwn_calc_basicrates(sc);
1569 
1570 	/* Resume beaconing. */
1571 	rtwn_setbits_1(sc, R92C_TXPAUSE, R92C_TX_QUEUE_BCN, 0);
1572 	RTWN_UNLOCK(sc);
1573 }
1574 
1575 static void
1576 rtwn_getradiocaps(struct ieee80211com *ic,
1577     int maxchans, int *nchans, struct ieee80211_channel chans[])
1578 {
1579 	struct rtwn_softc *sc = ic->ic_softc;
1580 	uint8_t bands[IEEE80211_MODE_BYTES];
1581 	int i;
1582 
1583 	memset(bands, 0, sizeof(bands));
1584 	setbit(bands, IEEE80211_MODE_11B);
1585 	setbit(bands, IEEE80211_MODE_11G);
1586 	setbit(bands, IEEE80211_MODE_11NG);
1587 	ieee80211_add_channel_list_2ghz(chans, maxchans, nchans,
1588 	    rtwn_chan_2ghz, nitems(rtwn_chan_2ghz), bands,
1589 	    !!(ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40));
1590 
1591 	/* XXX workaround add_channel_list() limitations */
1592 	setbit(bands, IEEE80211_MODE_11A);
1593 	setbit(bands, IEEE80211_MODE_11NA);
1594 	for (i = 0; i < nitems(sc->chan_num_5ghz); i++) {
1595 		if (sc->chan_num_5ghz[i] == 0)
1596 			continue;
1597 
1598 		ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
1599 		    sc->chan_list_5ghz[i], sc->chan_num_5ghz[i], bands,
1600 		    !!(ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40));
1601 	}
1602 }
1603 
1604 static void
1605 rtwn_update_chw(struct ieee80211com *ic)
1606 {
1607 }
1608 
1609 static void
1610 rtwn_set_channel(struct ieee80211com *ic)
1611 {
1612 	struct rtwn_softc *sc = ic->ic_softc;
1613 	struct ieee80211_channel *c = ic->ic_curchan;
1614 
1615 	RTWN_LOCK(sc);
1616 	rtwn_set_chan(sc, c);
1617 	sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq);
1618 	sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags);
1619 	sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq);
1620 	sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags);
1621 	RTWN_UNLOCK(sc);
1622 }
1623 
1624 static int
1625 rtwn_wme_update(struct ieee80211com *ic)
1626 {
1627 	struct ieee80211_channel *c = ic->ic_curchan;
1628 	struct rtwn_softc *sc = ic->ic_softc;
1629 	struct wmeParams *wmep = sc->cap_wmeParams;
1630 	uint8_t aifs, acm, slottime;
1631 	int ac;
1632 
1633 	/* Prevent possible races. */
1634 	IEEE80211_LOCK(ic);	/* XXX */
1635 	RTWN_LOCK(sc);
1636 	memcpy(wmep, ic->ic_wme.wme_chanParams.cap_wmeParams,
1637 	    sizeof(sc->cap_wmeParams));
1638 	RTWN_UNLOCK(sc);
1639 	IEEE80211_UNLOCK(ic);
1640 
1641 	acm = 0;
1642 	slottime = IEEE80211_GET_SLOTTIME(ic);
1643 
1644 	RTWN_LOCK(sc);
1645 	for (ac = WME_AC_BE; ac < WME_NUM_AC; ac++) {
1646 		/* AIFS[AC] = AIFSN[AC] * aSlotTime + aSIFSTime. */
1647 		aifs = wmep[ac].wmep_aifsn * slottime +
1648 		    (IEEE80211_IS_CHAN_5GHZ(c) ?
1649 			IEEE80211_DUR_OFDM_SIFS : IEEE80211_DUR_SIFS);
1650 		rtwn_write_4(sc, wme2reg[ac],
1651 		    SM(R92C_EDCA_PARAM_TXOP, wmep[ac].wmep_txopLimit) |
1652 		    SM(R92C_EDCA_PARAM_ECWMIN, wmep[ac].wmep_logcwmin) |
1653 		    SM(R92C_EDCA_PARAM_ECWMAX, wmep[ac].wmep_logcwmax) |
1654 		    SM(R92C_EDCA_PARAM_AIFS, aifs));
1655 		if (ac != WME_AC_BE)
1656 			acm |= wmep[ac].wmep_acm << ac;
1657 	}
1658 
1659 	if (acm != 0)
1660 		acm |= R92C_ACMHWCTRL_EN;
1661 	rtwn_setbits_1(sc, R92C_ACMHWCTRL, R92C_ACMHWCTRL_ACM_MASK, acm);
1662 	RTWN_UNLOCK(sc);
1663 
1664 	return 0;
1665 }
1666 
1667 static void
1668 rtwn_update_slot(struct ieee80211com *ic)
1669 {
1670 	rtwn_cmd_sleepable(ic->ic_softc, NULL, 0, rtwn_update_slot_cb);
1671 }
1672 
1673 static void
1674 rtwn_update_slot_cb(struct rtwn_softc *sc, union sec_param *data)
1675 {
1676 	struct ieee80211com *ic = &sc->sc_ic;
1677 	uint8_t slottime;
1678 
1679 	slottime = IEEE80211_GET_SLOTTIME(ic);
1680 
1681 	RTWN_DPRINTF(sc, RTWN_DEBUG_STATE, "%s: setting slot time to %uus\n",
1682 	    __func__, slottime);
1683 
1684 	rtwn_write_1(sc, R92C_SLOT, slottime);
1685 	rtwn_update_aifs(sc, slottime);
1686 }
1687 
1688 static void
1689 rtwn_update_aifs(struct rtwn_softc *sc, uint8_t slottime)
1690 {
1691 	struct ieee80211_channel *c = sc->sc_ic.ic_curchan;
1692 	const struct wmeParams *wmep = sc->cap_wmeParams;
1693 	uint8_t aifs, ac;
1694 
1695 	for (ac = WME_AC_BE; ac < WME_NUM_AC; ac++) {
1696 		/* AIFS[AC] = AIFSN[AC] * aSlotTime + aSIFSTime. */
1697 		aifs = wmep[ac].wmep_aifsn * slottime +
1698 		    (IEEE80211_IS_CHAN_5GHZ(c) ?
1699 			IEEE80211_DUR_OFDM_SIFS : IEEE80211_DUR_SIFS);
1700 		rtwn_write_1(sc, wme2reg[ac], aifs);
1701 	}
1702 }
1703 
1704 static void
1705 rtwn_update_promisc(struct ieee80211com *ic)
1706 {
1707 	struct rtwn_softc *sc = ic->ic_softc;
1708 
1709 	RTWN_LOCK(sc);
1710 	if (sc->sc_flags & RTWN_RUNNING)
1711 		rtwn_set_promisc(sc);
1712 	RTWN_UNLOCK(sc);
1713 }
1714 
1715 static void
1716 rtwn_update_mcast(struct ieee80211com *ic)
1717 {
1718 	struct rtwn_softc *sc = ic->ic_softc;
1719 
1720 	RTWN_LOCK(sc);
1721 	if (sc->sc_flags & RTWN_RUNNING)
1722 		rtwn_set_multi(sc);
1723 	RTWN_UNLOCK(sc);
1724 }
1725 
1726 static int
1727 rtwn_set_bssid(struct rtwn_softc *sc, const uint8_t *bssid, int id)
1728 {
1729 	int error;
1730 
1731 	error = rtwn_write_4(sc, R92C_BSSID(id), le32dec(&bssid[0]));
1732 	if (error != 0)
1733 		return (error);
1734 	error = rtwn_write_2(sc, R92C_BSSID(id) + 4, le16dec(&bssid[4]));
1735 
1736 	return (error);
1737 }
1738 
1739 static int
1740 rtwn_set_macaddr(struct rtwn_softc *sc, const uint8_t *addr, int id)
1741 {
1742 	int error;
1743 
1744 	error = rtwn_write_4(sc, R92C_MACID(id), le32dec(&addr[0]));
1745 	if (error != 0)
1746 		return (error);
1747 	error = rtwn_write_2(sc, R92C_MACID(id) + 4, le16dec(&addr[4]));
1748 
1749 	return (error);
1750 }
1751 
1752 static struct ieee80211_node *
1753 rtwn_node_alloc(struct ieee80211vap *vap,
1754     const uint8_t mac[IEEE80211_ADDR_LEN])
1755 {
1756 	struct rtwn_node *un;
1757 
1758 	un = malloc(sizeof (struct rtwn_node), M_80211_NODE,
1759 	    M_NOWAIT | M_ZERO);
1760 
1761 	if (un == NULL)
1762 		return NULL;
1763 
1764 	un->id = RTWN_MACID_UNDEFINED;
1765 	un->avg_pwdb = -1;
1766 
1767 	return &un->ni;
1768 }
1769 
1770 static void
1771 rtwn_newassoc(struct ieee80211_node *ni, int isnew)
1772 {
1773 	struct rtwn_softc *sc = ni->ni_ic->ic_softc;
1774 	struct rtwn_node *un = RTWN_NODE(ni);
1775 	int id;
1776 
1777 	if (!isnew)
1778 		return;
1779 
1780 	RTWN_NT_LOCK(sc);
1781 	for (id = 0; id <= sc->macid_limit; id++) {
1782 		if (id != RTWN_MACID_BC && sc->node_list[id] == NULL) {
1783 			un->id = id;
1784 			sc->node_list[id] = ni;
1785 			break;
1786 		}
1787 	}
1788 	RTWN_NT_UNLOCK(sc);
1789 
1790 	if (id > sc->macid_limit) {
1791 		device_printf(sc->sc_dev, "%s: node table is full\n",
1792 		    __func__);
1793 		return;
1794 	}
1795 
1796 #ifndef RTWN_WITHOUT_UCODE
1797 	/* Notify firmware. */
1798 	id |= RTWN_MACID_VALID;
1799 	rtwn_cmd_sleepable(sc, &id, sizeof(id), rtwn_set_media_status);
1800 #endif
1801 }
1802 
1803 static void
1804 rtwn_node_free(struct ieee80211_node *ni)
1805 {
1806 	struct rtwn_softc *sc = ni->ni_ic->ic_softc;
1807 	struct rtwn_node *un = RTWN_NODE(ni);
1808 
1809 	RTWN_NT_LOCK(sc);
1810 	if (un->id != RTWN_MACID_UNDEFINED) {
1811 		sc->node_list[un->id] = NULL;
1812 #ifndef RTWN_WITHOUT_UCODE
1813 		rtwn_cmd_sleepable(sc, &un->id, sizeof(un->id),
1814 		    rtwn_set_media_status);
1815 #endif
1816 	}
1817 	RTWN_NT_UNLOCK(sc);
1818 
1819 	sc->sc_node_free(ni);
1820 }
1821 
1822 static void
1823 rtwn_init_beacon_reg(struct rtwn_softc *sc)
1824 {
1825 	rtwn_write_1(sc, R92C_BCN_CTRL(0), R92C_BCN_CTRL_DIS_TSF_UDT0);
1826 	rtwn_write_1(sc, R92C_BCN_CTRL(1), R92C_BCN_CTRL_DIS_TSF_UDT0);
1827 	rtwn_write_2(sc, R92C_TBTT_PROHIBIT, 0x6404);
1828 	rtwn_write_1(sc, R92C_DRVERLYINT, 0x05);
1829 	rtwn_write_1(sc, R92C_BCNDMATIM, 0x02);
1830 	rtwn_write_2(sc, R92C_BCNTCFG, 0x660f);
1831 }
1832 
1833 static int
1834 rtwn_init(struct rtwn_softc *sc)
1835 {
1836 	struct ieee80211com *ic = &sc->sc_ic;
1837 	int i, error;
1838 
1839 	RTWN_LOCK(sc);
1840 	if (sc->sc_flags & RTWN_RUNNING) {
1841 		RTWN_UNLOCK(sc);
1842 		return (0);
1843 	}
1844 	sc->sc_flags |= RTWN_STARTED;
1845 
1846 	/* Power on adapter. */
1847 	error = rtwn_power_on(sc);
1848 	if (error != 0)
1849 		goto fail;
1850 
1851 #ifndef RTWN_WITHOUT_UCODE
1852 	/* Load 8051 microcode. */
1853 	error = rtwn_load_firmware(sc);
1854 	if (error == 0)
1855 		sc->sc_flags |= RTWN_FW_LOADED;
1856 
1857 	/* Init firmware commands ring. */
1858 	sc->fwcur = 0;
1859 #endif
1860 
1861 	/* Initialize MAC block. */
1862 	error = rtwn_mac_init(sc);
1863 	if (error != 0) {
1864 		device_printf(sc->sc_dev,
1865 		    "%s: error while initializing MAC block\n", __func__);
1866 		goto fail;
1867 	}
1868 
1869 	/* Initialize DMA. */
1870 	error = rtwn_dma_init(sc);
1871 	if (error != 0)
1872 		goto fail;
1873 
1874 	/* Drop incorrect TX (USB). */
1875 	rtwn_drop_incorrect_tx(sc);
1876 
1877 	/* Set info size in Rx descriptors (in 64-bit words). */
1878 	rtwn_write_1(sc, R92C_RX_DRVINFO_SZ, R92C_RX_DRVINFO_SZ_DEF);
1879 
1880 	/* Init interrupts. */
1881 	rtwn_init_intr(sc);
1882 
1883 	for (i = 0; i < nitems(sc->vaps); i++) {
1884 		struct rtwn_vap *uvp = sc->vaps[i];
1885 
1886 		/* Set initial network type. */
1887 		rtwn_set_mode(sc, R92C_MSR_NOLINK, i);
1888 
1889 		if (uvp == NULL)
1890 			continue;
1891 
1892 		/* Set MAC address. */
1893 		error = rtwn_set_macaddr(sc, uvp->vap.iv_myaddr, uvp->id);
1894 		if (error != 0)
1895 			goto fail;
1896 	}
1897 
1898 	/* Initialize Rx filter. */
1899 	rtwn_rxfilter_init(sc);
1900 
1901 	/* Set short/long retry limits. */
1902 	rtwn_write_2(sc, R92C_RL,
1903 	    SM(R92C_RL_SRL, 0x30) | SM(R92C_RL_LRL, 0x30));
1904 
1905 	/* Initialize EDCA parameters. */
1906 	rtwn_init_edca(sc);
1907 
1908 	rtwn_setbits_1(sc, R92C_FWHW_TXQ_CTRL, 0,
1909 	    R92C_FWHW_TXQ_CTRL_AMPDU_RTY_NEW);
1910 	/* Set ACK timeout. */
1911 	rtwn_write_1(sc, R92C_ACKTO, sc->ackto);
1912 
1913 	/* Setup aggregation. */
1914 	/* Tx aggregation. */
1915 	rtwn_init_tx_agg(sc);
1916 	rtwn_init_rx_agg(sc);
1917 
1918 	/* Initialize beacon parameters. */
1919 	rtwn_init_beacon_reg(sc);
1920 
1921 	/* Init A-MPDU parameters. */
1922 	rtwn_init_ampdu(sc);
1923 
1924 	/* Init MACTXEN / MACRXEN after setting RxFF boundary. */
1925 	rtwn_setbits_1(sc, R92C_CR, 0, R92C_CR_MACTXEN | R92C_CR_MACRXEN);
1926 
1927 	/* Initialize BB/RF blocks. */
1928 	rtwn_init_bb(sc);
1929 	rtwn_init_rf(sc);
1930 
1931 	/* Initialize wireless band. */
1932 	rtwn_set_chan(sc, ic->ic_curchan);
1933 
1934 	/* Clear per-station keys table. */
1935 	rtwn_init_cam(sc);
1936 
1937 	/* Enable decryption / encryption. */
1938 	rtwn_init_seccfg(sc);
1939 
1940 	/* Install static keys (if any). */
1941 	for (i = 0; i < nitems(sc->vaps); i++) {
1942 		if (sc->vaps[i] != NULL) {
1943 			error = rtwn_init_static_keys(sc, sc->vaps[i]);
1944 			if (error != 0)
1945 				goto fail;
1946 		}
1947 	}
1948 
1949 	/* Initialize antenna selection. */
1950 	rtwn_init_antsel(sc);
1951 
1952 	/* Enable hardware sequence numbering. */
1953 	rtwn_write_1(sc, R92C_HWSEQ_CTRL, R92C_TX_QUEUE_ALL);
1954 
1955 	/* Disable BAR. */
1956 	rtwn_write_4(sc, R92C_BAR_MODE_CTRL, 0x0201ffff);
1957 
1958 	/* NAV limit. */
1959 	rtwn_write_1(sc, R92C_NAV_UPPER, 0);
1960 
1961 	/* Initialize GPIO setting. */
1962 	rtwn_setbits_1(sc, R92C_GPIO_MUXCFG, R92C_GPIO_MUXCFG_ENBT, 0);
1963 
1964 	/* Initialize MRR. */
1965 	rtwn_mrr_init(sc);
1966 
1967 	/* Device-specific post initialization. */
1968 	rtwn_post_init(sc);
1969 
1970 	rtwn_start_xfers(sc);
1971 
1972 #ifndef D4054
1973 	callout_reset(&sc->sc_watchdog_to, hz, rtwn_watchdog, sc);
1974 #endif
1975 
1976 	sc->sc_flags |= RTWN_RUNNING;
1977 fail:
1978 	RTWN_UNLOCK(sc);
1979 
1980 	return (error);
1981 }
1982 
1983 static void
1984 rtwn_stop(struct rtwn_softc *sc)
1985 {
1986 
1987 	RTWN_LOCK(sc);
1988 	if (!(sc->sc_flags & RTWN_STARTED)) {
1989 		RTWN_UNLOCK(sc);
1990 		return;
1991 	}
1992 
1993 #ifndef D4054
1994 	callout_stop(&sc->sc_watchdog_to);
1995 	sc->sc_tx_timer = 0;
1996 #endif
1997 	sc->sc_flags &= ~(RTWN_STARTED | RTWN_RUNNING | RTWN_FW_LOADED);
1998 	sc->sc_flags &= ~RTWN_TEMP_MEASURED;
1999 	sc->fwver = 0;
2000 	sc->thcal_temp = 0;
2001 	sc->cur_bcnq_id = RTWN_VAP_ID_INVALID;
2002 
2003 #ifdef D4054
2004 	ieee80211_tx_watchdog_stop(&sc->sc_ic);
2005 #endif
2006 
2007 	rtwn_abort_xfers(sc);
2008 	rtwn_drain_mbufq(sc);
2009 	rtwn_power_off(sc);
2010 	rtwn_reset_lists(sc, NULL);
2011 	RTWN_UNLOCK(sc);
2012 }
2013 
2014 MODULE_VERSION(rtwn, 2);
2015 MODULE_DEPEND(rtwn, wlan, 1, 1, 1);
2016 #ifndef RTWN_WITHOUT_UCODE
2017 MODULE_DEPEND(rtwn, firmware, 1, 1, 1);
2018 #endif
2019