xref: /freebsd/sys/dev/rtwn/if_rtwn.c (revision 81aef988acc7b48e7943831cb4b4087895e108bc)
1 /*	$OpenBSD: if_urtwn.c,v 1.16 2011/02/10 17:26:40 jakemsr Exp $	*/
2 
3 /*-
4  * Copyright (c) 2010 Damien Bergamini <damien.bergamini@free.fr>
5  * Copyright (c) 2014 Kevin Lo <kevlo@FreeBSD.org>
6  * Copyright (c) 2015-2016 Andriy Voskoboinyk <avos@FreeBSD.org>
7  *
8  * Permission to use, copy, modify, and distribute this software for any
9  * purpose with or without fee is hereby granted, provided that the above
10  * copyright notice and this permission notice appear in all copies.
11  *
12  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19  */
20 
21 #include <sys/cdefs.h>
22 /*
23  * Driver for Realtek RTL8188CE-VAU/RTL8188CUS/RTL8188EU/RTL8188RU/RTL8192CU/RTL8812AU/RTL8821AU.
24  */
25 #include "opt_wlan.h"
26 
27 #include <sys/param.h>
28 #include <sys/sockio.h>
29 #include <sys/sysctl.h>
30 #include <sys/lock.h>
31 #include <sys/mutex.h>
32 #include <sys/mbuf.h>
33 #include <sys/kernel.h>
34 #include <sys/socket.h>
35 #include <sys/systm.h>
36 #include <sys/malloc.h>
37 #include <sys/module.h>
38 #include <sys/bus.h>
39 #include <sys/endian.h>
40 #include <sys/linker.h>
41 #include <sys/firmware.h>
42 #include <sys/kdb.h>
43 
44 #include <net/bpf.h>
45 #include <net/if.h>
46 #include <net/if_var.h>
47 #include <net/if_arp.h>
48 #include <net/ethernet.h>
49 #include <net/if_dl.h>
50 #include <net/if_media.h>
51 #include <net/if_types.h>
52 
53 #include <netinet/in.h>
54 #include <netinet/in_systm.h>
55 #include <netinet/in_var.h>
56 #include <netinet/if_ether.h>
57 #include <netinet/ip.h>
58 
59 #include <net80211/ieee80211_var.h>
60 #include <net80211/ieee80211_regdomain.h>
61 #include <net80211/ieee80211_radiotap.h>
62 #include <net80211/ieee80211_ratectl.h>
63 
64 #include <dev/rtwn/if_rtwnreg.h>
65 #include <dev/rtwn/if_rtwnvar.h>
66 
67 #include <dev/rtwn/if_rtwn_beacon.h>
68 #include <dev/rtwn/if_rtwn_calib.h>
69 #include <dev/rtwn/if_rtwn_cam.h>
70 #include <dev/rtwn/if_rtwn_debug.h>
71 #include <dev/rtwn/if_rtwn_efuse.h>
72 #include <dev/rtwn/if_rtwn_fw.h>
73 #include <dev/rtwn/if_rtwn_ridx.h>
74 #include <dev/rtwn/if_rtwn_rx.h>
75 #include <dev/rtwn/if_rtwn_task.h>
76 #include <dev/rtwn/if_rtwn_tx.h>
77 
78 #include <dev/rtwn/rtl8192c/r92c_reg.h>
79 
80 static void		rtwn_radiotap_attach(struct rtwn_softc *);
81 static void		rtwn_vap_decrement_counters(struct rtwn_softc *,
82 			    enum ieee80211_opmode, int);
83 static void		rtwn_set_ic_opmode(struct rtwn_softc *);
84 static struct ieee80211vap *rtwn_vap_create(struct ieee80211com *,
85 			    const char [IFNAMSIZ], int, enum ieee80211_opmode,
86 			    int, const uint8_t [IEEE80211_ADDR_LEN],
87 			    const uint8_t [IEEE80211_ADDR_LEN]);
88 static void		rtwn_vap_delete(struct ieee80211vap *);
89 static int		rtwn_read_chipid(struct rtwn_softc *);
90 static int		rtwn_ioctl_reset(struct ieee80211vap *, u_long);
91 static void		rtwn_set_media_status(struct rtwn_softc *,
92 			    union sec_param *);
93 #ifndef RTWN_WITHOUT_UCODE
94 static int		rtwn_tx_fwpkt_check(struct rtwn_softc *,
95 			    struct ieee80211vap *);
96 static int		rtwn_construct_nulldata(struct rtwn_softc *,
97 			    struct ieee80211vap *, uint8_t *, int);
98 static int		rtwn_push_nulldata(struct rtwn_softc *,
99 			    struct ieee80211vap *);
100 static void		rtwn_pwrmode_init(void *);
101 static void		rtwn_set_pwrmode_cb(struct rtwn_softc *,
102 			    union sec_param *);
103 #endif
104 static void		rtwn_tsf_sync_adhoc(void *);
105 static void		rtwn_tsf_sync_adhoc_task(void *, int);
106 static void		rtwn_tsf_sync_enable(struct rtwn_softc *,
107 			    struct ieee80211vap *);
108 static void		rtwn_set_ack_preamble(struct rtwn_softc *);
109 static void		rtwn_set_mode(struct rtwn_softc *, uint8_t, int);
110 static int		rtwn_monitor_newstate(struct ieee80211vap *,
111 			    enum ieee80211_state, int);
112 static int		rtwn_newstate(struct ieee80211vap *,
113 			    enum ieee80211_state, int);
114 static void		rtwn_calc_basicrates(struct rtwn_softc *);
115 static int		rtwn_run(struct rtwn_softc *,
116 			    struct ieee80211vap *);
117 #ifndef D4054
118 static void		rtwn_watchdog(void *);
119 #endif
120 static void		rtwn_parent(struct ieee80211com *);
121 static int		rtwn_dma_init(struct rtwn_softc *);
122 static int		rtwn_mac_init(struct rtwn_softc *);
123 static void		rtwn_mrr_init(struct rtwn_softc *);
124 static void		rtwn_scan_start(struct ieee80211com *);
125 static void		rtwn_scan_curchan(struct ieee80211_scan_state *,
126 			    unsigned long);
127 static void		rtwn_scan_end(struct ieee80211com *);
128 static void		rtwn_getradiocaps(struct ieee80211com *, int, int *,
129 			    struct ieee80211_channel[]);
130 static void		rtwn_update_chw(struct ieee80211com *);
131 static void		rtwn_set_channel(struct ieee80211com *);
132 static int		rtwn_wme_update(struct ieee80211com *);
133 static void		rtwn_update_slot(struct ieee80211com *);
134 static void		rtwn_update_slot_cb(struct rtwn_softc *,
135 			    union sec_param *);
136 static void		rtwn_update_aifs(struct rtwn_softc *, uint8_t);
137 static void		rtwn_update_promisc(struct ieee80211com *);
138 static void		rtwn_update_mcast(struct ieee80211com *);
139 static int		rtwn_set_bssid(struct rtwn_softc *,
140 			    const uint8_t *, int);
141 static int		rtwn_set_macaddr(struct rtwn_softc *,
142 			    const uint8_t *, int);
143 static struct ieee80211_node *rtwn_node_alloc(struct ieee80211vap *,
144 			    const uint8_t mac[IEEE80211_ADDR_LEN]);
145 static void		rtwn_newassoc(struct ieee80211_node *, int);
146 static void		rtwn_node_free(struct ieee80211_node *);
147 static void		rtwn_init_beacon_reg(struct rtwn_softc *);
148 static int		rtwn_init(struct rtwn_softc *);
149 static void		rtwn_stop(struct rtwn_softc *);
150 
151 MALLOC_DEFINE(M_RTWN_PRIV, "rtwn_priv", "rtwn driver private state");
152 
153 static const uint16_t wme2reg[] =
154 	{ R92C_EDCA_BE_PARAM, R92C_EDCA_BK_PARAM,
155 	  R92C_EDCA_VI_PARAM, R92C_EDCA_VO_PARAM };
156 
157 int
158 rtwn_attach(struct rtwn_softc *sc)
159 {
160 	struct ieee80211com *ic = &sc->sc_ic;
161 	int error;
162 
163 	sc->cur_bcnq_id = RTWN_VAP_ID_INVALID;
164 
165 	RTWN_NT_LOCK_INIT(sc);
166 	rtwn_cmdq_init(sc);
167 #ifndef D4054
168 	callout_init_mtx(&sc->sc_watchdog_to, &sc->sc_mtx, 0);
169 #endif
170 	callout_init(&sc->sc_calib_to, 0);
171 	callout_init(&sc->sc_pwrmode_init, 0);
172 	mbufq_init(&sc->sc_snd, ifqmaxlen);
173 
174 	RTWN_LOCK(sc);
175 	error = rtwn_read_chipid(sc);
176 	RTWN_UNLOCK(sc);
177 	if (error != 0) {
178 		device_printf(sc->sc_dev, "unsupported test chip\n");
179 		goto detach;
180 	}
181 
182 	error = rtwn_read_rom(sc);
183 	if (error != 0) {
184 		device_printf(sc->sc_dev, "%s: cannot read rom, error %d\n",
185 		    __func__, error);
186 		goto detach;
187 	}
188 
189 	if (sc->macid_limit > RTWN_MACID_LIMIT) {
190 		device_printf(sc->sc_dev,
191 		    "macid limit will be reduced from %d to %d\n",
192 		    sc->macid_limit, RTWN_MACID_LIMIT);
193 		sc->macid_limit = RTWN_MACID_LIMIT;
194 	}
195 	if (sc->cam_entry_limit > RTWN_CAM_ENTRY_LIMIT) {
196 		device_printf(sc->sc_dev,
197 		    "cam entry limit will be reduced from %d to %d\n",
198 		    sc->cam_entry_limit, RTWN_CAM_ENTRY_LIMIT);
199 		sc->cam_entry_limit = RTWN_CAM_ENTRY_LIMIT;
200 	}
201 	if (sc->txdesc_len > RTWN_TX_DESC_SIZE) {
202 		device_printf(sc->sc_dev,
203 		    "adjust size for Tx descriptor (current %d, needed %d)\n",
204 		    RTWN_TX_DESC_SIZE, sc->txdesc_len);
205 		goto detach;
206 	}
207 
208 	device_printf(sc->sc_dev, "MAC/BB %s, RF 6052 %dT%dR\n",
209 	    sc->name, sc->ntxchains, sc->nrxchains);
210 
211 	ic->ic_softc = sc;
212 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
213 	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
214 
215 	/* set device capabilities */
216 	ic->ic_caps =
217 		  IEEE80211_C_STA		/* station mode */
218 		| IEEE80211_C_MONITOR		/* monitor mode */
219 		| IEEE80211_C_IBSS		/* adhoc mode */
220 		| IEEE80211_C_HOSTAP		/* hostap mode */
221 #if 0	/* TODO: HRPWM register setup */
222 #ifndef RTWN_WITHOUT_UCODE
223 		| IEEE80211_C_PMGT		/* Station-side power mgmt */
224 #endif
225 #endif
226 		| IEEE80211_C_SHPREAMBLE	/* short preamble supported */
227 		| IEEE80211_C_SHSLOT		/* short slot time supported */
228 #if 0
229 		| IEEE80211_C_BGSCAN		/* capable of bg scanning */
230 #endif
231 		| IEEE80211_C_WPA		/* 802.11i */
232 		| IEEE80211_C_WME		/* 802.11e */
233 		| IEEE80211_C_SWAMSDUTX		/* Do software A-MSDU TX */
234 		| IEEE80211_C_FF		/* Atheros fast-frames */
235 		;
236 
237 	if (sc->sc_hwcrypto != RTWN_CRYPTO_SW) {
238 		ic->ic_cryptocaps =
239 		    IEEE80211_CRYPTO_WEP |
240 		    IEEE80211_CRYPTO_TKIP |
241 		    IEEE80211_CRYPTO_AES_CCM;
242 	}
243 
244 	ic->ic_htcaps =
245 	      IEEE80211_HTCAP_SHORTGI20		/* short GI in 20MHz */
246 	    | IEEE80211_HTCAP_MAXAMSDU_3839	/* max A-MSDU length */
247 	    | IEEE80211_HTCAP_SMPS_OFF		/* SM PS mode disabled */
248 	    /* s/w capabilities */
249 	    | IEEE80211_HTC_HT			/* HT operation */
250 	    | IEEE80211_HTC_RX_AMSDU_AMPDU	/* A-MSDU in A-MPDU */
251 	    | IEEE80211_HTC_AMPDU		/* A-MPDU tx */
252 	    | IEEE80211_HTC_AMSDU		/* A-MSDU tx */
253 	    ;
254 
255 	if (sc->sc_ht40) {
256 		ic->ic_htcaps |=
257 		      IEEE80211_HTCAP_CHWIDTH40	/* 40 MHz channel width */
258 		    | IEEE80211_HTCAP_SHORTGI40	/* short GI in 40MHz */
259 		    ;
260 	}
261 
262 	ic->ic_txstream = sc->ntxchains;
263 	ic->ic_rxstream = sc->nrxchains;
264 
265 	/* Enable TX watchdog */
266 #ifdef D4054
267 	ic->ic_flags_ext |= IEEE80211_FEXT_WATCHDOG;
268 #endif
269 
270 	/* Adjust capabilities. */
271 	rtwn_adj_devcaps(sc);
272 
273 	rtwn_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
274 	    ic->ic_channels);
275 
276 	/* XXX TODO: setup regdomain if R92C_CHANNEL_PLAN_BY_HW bit is set. */
277 
278 	ieee80211_ifattach(ic);
279 	ic->ic_raw_xmit = rtwn_raw_xmit;
280 	ic->ic_scan_start = rtwn_scan_start;
281 	sc->sc_scan_curchan = ic->ic_scan_curchan;
282 	ic->ic_scan_curchan = rtwn_scan_curchan;
283 	ic->ic_scan_end = rtwn_scan_end;
284 	ic->ic_getradiocaps = rtwn_getradiocaps;
285 	ic->ic_update_chw = rtwn_update_chw;
286 	ic->ic_set_channel = rtwn_set_channel;
287 	ic->ic_transmit = rtwn_transmit;
288 	ic->ic_parent = rtwn_parent;
289 	ic->ic_vap_create = rtwn_vap_create;
290 	ic->ic_vap_delete = rtwn_vap_delete;
291 	ic->ic_wme.wme_update = rtwn_wme_update;
292 	ic->ic_updateslot = rtwn_update_slot;
293 	ic->ic_update_promisc = rtwn_update_promisc;
294 	ic->ic_update_mcast = rtwn_update_mcast;
295 	ic->ic_node_alloc = rtwn_node_alloc;
296 	ic->ic_newassoc = rtwn_newassoc;
297 	sc->sc_node_free = ic->ic_node_free;
298 	ic->ic_node_free = rtwn_node_free;
299 
300 	rtwn_postattach(sc);
301 	rtwn_radiotap_attach(sc);
302 
303 	if (bootverbose)
304 		ieee80211_announce(ic);
305 
306 	return (0);
307 
308 detach:
309 	return (ENXIO);			/* failure */
310 }
311 
312 static void
313 rtwn_radiotap_attach(struct rtwn_softc *sc)
314 {
315 	struct rtwn_rx_radiotap_header *rxtap = &sc->sc_rxtap;
316 	struct rtwn_tx_radiotap_header *txtap = &sc->sc_txtap;
317 
318 	ieee80211_radiotap_attach(&sc->sc_ic,
319 	    &txtap->wt_ihdr, sizeof(*txtap), RTWN_TX_RADIOTAP_PRESENT,
320 	    &rxtap->wr_ihdr, sizeof(*rxtap), RTWN_RX_RADIOTAP_PRESENT);
321 }
322 
323 void
324 rtwn_sysctlattach(struct rtwn_softc *sc)
325 {
326 	struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev);
327 	struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev);
328 
329 	sc->sc_ht40 = 0;
330 	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
331 	    "ht40", CTLFLAG_RDTUN, &sc->sc_ht40,
332 	    sc->sc_ht40, "Enable 40 MHz mode support");
333 
334 #ifdef RTWN_DEBUG
335 	SYSCTL_ADD_U32(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
336 	    "debug", CTLFLAG_RWTUN, &sc->sc_debug, sc->sc_debug,
337 	    "Control debugging printfs");
338 #endif
339 
340 	sc->sc_hwcrypto = RTWN_CRYPTO_PAIR;
341 	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
342 	    "hwcrypto", CTLFLAG_RDTUN, &sc->sc_hwcrypto,
343 	    sc->sc_hwcrypto, "Enable h/w crypto: "
344 	    "0 - disable, 1 - pairwise keys, 2 - all keys");
345 	if (sc->sc_hwcrypto >= RTWN_CRYPTO_MAX)
346 		sc->sc_hwcrypto = RTWN_CRYPTO_FULL;
347 
348 	sc->sc_ratectl_sysctl = RTWN_RATECTL_NET80211;
349 	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
350 	    "ratectl", CTLFLAG_RDTUN, &sc->sc_ratectl_sysctl,
351 	    sc->sc_ratectl_sysctl, "Select rate control mechanism: "
352 	    "0 - disabled, 1 - via net80211, 2 - via firmware");
353 	if (sc->sc_ratectl_sysctl >= RTWN_RATECTL_MAX)
354 		sc->sc_ratectl_sysctl = RTWN_RATECTL_FW;
355 
356 	sc->sc_ratectl = sc->sc_ratectl_sysctl;
357 	SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
358 	    "ratectl_selected", CTLFLAG_RD, &sc->sc_ratectl,
359 	    sc->sc_ratectl,
360 	    "Currently selected rate control mechanism (by the driver)");
361 }
362 
363 void
364 rtwn_detach(struct rtwn_softc *sc)
365 {
366 	struct ieee80211com *ic = &sc->sc_ic;
367 
368 	if (ic->ic_softc == sc) {
369 		/* Stop command queue. */
370 		RTWN_CMDQ_LOCK(sc);
371 		sc->sc_detached = 1;
372 		RTWN_CMDQ_UNLOCK(sc);
373 
374 		ieee80211_draintask(ic, &sc->cmdq_task);
375 		ieee80211_ifdetach(ic);
376 	}
377 
378 	rtwn_cmdq_destroy(sc);
379 	if (RTWN_NT_LOCK_INITIALIZED(sc))
380 		RTWN_NT_LOCK_DESTROY(sc);
381 }
382 
383 void
384 rtwn_suspend(struct rtwn_softc *sc)
385 {
386 	struct ieee80211com *ic = &sc->sc_ic;
387 
388 	ieee80211_suspend_all(ic);
389 }
390 
391 void
392 rtwn_resume(struct rtwn_softc *sc)
393 {
394 	struct ieee80211com *ic = &sc->sc_ic;
395 
396 	ieee80211_resume_all(ic);
397 }
398 
399 static void
400 rtwn_vap_decrement_counters(struct rtwn_softc *sc,
401     enum ieee80211_opmode opmode, int id)
402 {
403 
404 	RTWN_ASSERT_LOCKED(sc);
405 
406 	if (id != RTWN_VAP_ID_INVALID) {
407 		KASSERT(id == 0 || id == 1, ("wrong vap id %d!\n", id));
408 		KASSERT(sc->vaps[id] != NULL, ("vap pointer is NULL\n"));
409 		sc->vaps[id] = NULL;
410 	}
411 
412 	switch (opmode) {
413 	case IEEE80211_M_HOSTAP:
414 		sc->ap_vaps--;
415 		/* FALLTHROUGH */
416 	case IEEE80211_M_IBSS:
417 		sc->bcn_vaps--;
418 		/* FALLTHROUGH */
419 	case IEEE80211_M_STA:
420 		sc->nvaps--;
421 		break;
422 	case IEEE80211_M_MONITOR:
423 		sc->mon_vaps--;
424 		break;
425 	default:
426 		KASSERT(0, ("wrong opmode %d\n", opmode));
427 		break;
428 	}
429 
430 	KASSERT(sc->vaps_running >= 0 && sc->monvaps_running >= 0,
431 	    ("number of running vaps is negative (vaps %d, monvaps %d)\n",
432 	    sc->vaps_running, sc->monvaps_running));
433 	KASSERT(sc->vaps_running - sc->monvaps_running <= RTWN_PORT_COUNT,
434 	    ("number of running vaps is too big (vaps %d, monvaps %d)\n",
435 	    sc->vaps_running, sc->monvaps_running));
436 
437 	KASSERT(sc->nvaps >= 0 && sc->nvaps <= RTWN_PORT_COUNT,
438 	    ("wrong value %d for nvaps\n", sc->nvaps));
439 	KASSERT(sc->mon_vaps >= 0, ("mon_vaps is negative (%d)\n",
440 	    sc->mon_vaps));
441 	KASSERT(sc->bcn_vaps >= 0 && ((RTWN_CHIP_HAS_BCNQ1(sc) &&
442 	    sc->bcn_vaps <= RTWN_PORT_COUNT) || sc->bcn_vaps <= 1),
443 	    ("bcn_vaps value %d is wrong\n", sc->bcn_vaps));
444 	KASSERT(sc->ap_vaps >= 0 && ((RTWN_CHIP_HAS_BCNQ1(sc) &&
445 	    sc->ap_vaps <= RTWN_PORT_COUNT) || sc->ap_vaps <= 1),
446 	    ("ap_vaps value %d is wrong\n", sc->ap_vaps));
447 }
448 
449 static void
450 rtwn_set_ic_opmode(struct rtwn_softc *sc)
451 {
452 	struct ieee80211com *ic = &sc->sc_ic;
453 
454 	RTWN_ASSERT_LOCKED(sc);
455 
456 	/* for ieee80211_reset_erp() */
457 	if (sc->bcn_vaps - sc->ap_vaps > 0)
458 		ic->ic_opmode = IEEE80211_M_IBSS;
459 	else if (sc->ap_vaps > 0)
460 		ic->ic_opmode = IEEE80211_M_HOSTAP;
461 	else if (sc->nvaps > 0)
462 		ic->ic_opmode = IEEE80211_M_STA;
463 	else
464 		ic->ic_opmode = IEEE80211_M_MONITOR;
465 }
466 
467 static struct ieee80211vap *
468 rtwn_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
469     enum ieee80211_opmode opmode, int flags,
470     const uint8_t bssid[IEEE80211_ADDR_LEN],
471     const uint8_t mac[IEEE80211_ADDR_LEN])
472 {
473 	struct rtwn_softc *sc = ic->ic_softc;
474 	struct rtwn_vap *uvp;
475 	struct ieee80211vap *vap;
476 	int id = RTWN_VAP_ID_INVALID;
477 
478 	RTWN_LOCK(sc);
479 	KASSERT(sc->nvaps <= RTWN_PORT_COUNT,
480 	    ("nvaps overflow (%d > %d)\n", sc->nvaps, RTWN_PORT_COUNT));
481 	KASSERT(sc->ap_vaps <= RTWN_PORT_COUNT,
482 	    ("ap_vaps overflow (%d > %d)\n", sc->ap_vaps, RTWN_PORT_COUNT));
483 	KASSERT(sc->bcn_vaps <= RTWN_PORT_COUNT,
484 	    ("bcn_vaps overflow (%d > %d)\n", sc->bcn_vaps, RTWN_PORT_COUNT));
485 
486 	if (opmode != IEEE80211_M_MONITOR) {
487 		switch (sc->nvaps) {
488 		case 0:
489 			id = 0;
490 			break;
491 		case 1:
492 			if (sc->vaps[1] == NULL)
493 				id = 1;
494 			else if (sc->vaps[0] == NULL)
495 				id = 0;
496 			KASSERT(id != RTWN_VAP_ID_INVALID,
497 			    ("no free ports left\n"));
498 			break;
499 		case 2:
500 		default:
501 			goto fail;
502 		}
503 
504 		if (opmode == IEEE80211_M_IBSS ||
505 		    opmode == IEEE80211_M_HOSTAP) {
506 			if ((sc->bcn_vaps == 1 && !RTWN_CHIP_HAS_BCNQ1(sc)) ||
507 			    sc->bcn_vaps == RTWN_PORT_COUNT)
508 				goto fail;
509 		}
510 	}
511 
512 	switch (opmode) {
513 	case IEEE80211_M_HOSTAP:
514 		sc->ap_vaps++;
515 		/* FALLTHROUGH */
516 	case IEEE80211_M_IBSS:
517 		sc->bcn_vaps++;
518 		/* FALLTHROUGH */
519 	case IEEE80211_M_STA:
520 		sc->nvaps++;
521 		break;
522 	case IEEE80211_M_MONITOR:
523 		sc->mon_vaps++;
524 		break;
525 	default:
526 		KASSERT(0, ("unknown opmode %d\n", opmode));
527 		goto fail;
528 	}
529 	RTWN_UNLOCK(sc);
530 
531 	uvp = malloc(sizeof(struct rtwn_vap), M_80211_VAP, M_WAITOK | M_ZERO);
532 	uvp->id = id;
533 	if (id != RTWN_VAP_ID_INVALID) {
534 		RTWN_LOCK(sc);
535 		sc->vaps[id] = uvp;
536 		RTWN_UNLOCK(sc);
537 	}
538 	vap = &uvp->vap;
539 	/* enable s/w bmiss handling for sta mode */
540 
541 	if (ieee80211_vap_setup(ic, vap, name, unit, opmode,
542 	    flags | IEEE80211_CLONE_NOBEACONS, bssid) != 0) {
543 		/* out of memory */
544 		free(uvp, M_80211_VAP);
545 
546 		RTWN_LOCK(sc);
547 		rtwn_vap_decrement_counters(sc, opmode, id);
548 		RTWN_UNLOCK(sc);
549 
550 		return (NULL);
551 	}
552 
553 	rtwn_beacon_init(sc, &uvp->bcn_desc.txd[0], uvp->id);
554 	rtwn_vap_preattach(sc, vap);
555 
556 	/* override state transition machine */
557 	uvp->newstate = vap->iv_newstate;
558 	if (opmode == IEEE80211_M_MONITOR)
559 		vap->iv_newstate = rtwn_monitor_newstate;
560 	else
561 		vap->iv_newstate = rtwn_newstate;
562 	vap->iv_update_beacon = rtwn_update_beacon;
563 	vap->iv_reset = rtwn_ioctl_reset;
564 	vap->iv_key_alloc = rtwn_key_alloc;
565 	vap->iv_key_set = rtwn_key_set;
566 	vap->iv_key_delete = rtwn_key_delete;
567 	vap->iv_max_aid = sc->macid_limit;
568 
569 	/* 802.11n parameters */
570 	vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_16;
571 	vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K;
572 
573 	TIMEOUT_TASK_INIT(taskqueue_thread, &uvp->tx_beacon_csa, 0,
574 	    rtwn_tx_beacon_csa, vap);
575 	if (opmode == IEEE80211_M_IBSS) {
576 		uvp->recv_mgmt = vap->iv_recv_mgmt;
577 		vap->iv_recv_mgmt = rtwn_adhoc_recv_mgmt;
578 		TASK_INIT(&uvp->tsf_sync_adhoc_task, 0,
579 		    rtwn_tsf_sync_adhoc_task, vap);
580 		callout_init(&uvp->tsf_sync_adhoc, 0);
581 	}
582 
583 	/*
584 	 * NB: driver can select net80211 RA even when user requests
585 	 * another mechanism.
586 	 */
587 	ieee80211_ratectl_init(vap);
588 
589 	/* complete setup */
590 	ieee80211_vap_attach(vap, ieee80211_media_change,
591 	    ieee80211_media_status, mac);
592 
593 	RTWN_LOCK(sc);
594 	rtwn_set_ic_opmode(sc);
595 	if (sc->sc_flags & RTWN_RUNNING) {
596 		if (uvp->id != RTWN_VAP_ID_INVALID)
597 			rtwn_set_macaddr(sc, vap->iv_myaddr, uvp->id);
598 
599 		rtwn_rxfilter_update(sc);
600 	}
601 	RTWN_UNLOCK(sc);
602 
603 	return (vap);
604 
605 fail:
606 	RTWN_UNLOCK(sc);
607 	return (NULL);
608 }
609 
610 static void
611 rtwn_vap_delete(struct ieee80211vap *vap)
612 {
613 	struct ieee80211com *ic = vap->iv_ic;
614 	struct rtwn_softc *sc = ic->ic_softc;
615 	struct rtwn_vap *uvp = RTWN_VAP(vap);
616 	int i;
617 
618 	/* Put vap into INIT state + stop device if needed. */
619 	ieee80211_stop(vap);
620 	for (i = 0; i < NET80211_IV_NSTATE_NUM; i++)
621 		ieee80211_draintask(ic, &vap->iv_nstate_task[i]);
622 	ieee80211_draintask(ic, &ic->ic_parent_task);
623 
624 	RTWN_LOCK(sc);
625 	/* Cancel any unfinished Tx. */
626 	rtwn_reset_lists(sc, vap);
627 	if (uvp->bcn_mbuf != NULL)
628 		m_freem(uvp->bcn_mbuf);
629 	rtwn_vap_decrement_counters(sc, vap->iv_opmode, uvp->id);
630 	rtwn_set_ic_opmode(sc);
631 	if (sc->sc_flags & RTWN_RUNNING)
632 		rtwn_rxfilter_update(sc);
633 	RTWN_UNLOCK(sc);
634 
635 	if (vap->iv_opmode == IEEE80211_M_IBSS) {
636 		ieee80211_draintask(ic, &uvp->tsf_sync_adhoc_task);
637 		callout_drain(&uvp->tsf_sync_adhoc);
638 	}
639 
640 	ieee80211_ratectl_deinit(vap);
641 	ieee80211_vap_detach(vap);
642 	free(uvp, M_80211_VAP);
643 }
644 
645 static int
646 rtwn_read_chipid(struct rtwn_softc *sc)
647 {
648 	uint32_t reg;
649 
650 	reg = rtwn_read_4(sc, R92C_SYS_CFG);
651 	if (reg & R92C_SYS_CFG_TRP_VAUX_EN)	/* test chip */
652 		return (EOPNOTSUPP);
653 
654 	rtwn_read_chipid_vendor(sc, reg);
655 
656 	return (0);
657 }
658 
659 static int
660 rtwn_ioctl_reset(struct ieee80211vap *vap, u_long cmd)
661 {
662 	int error;
663 
664 	switch (cmd) {
665 #ifndef RTWN_WITHOUT_UCODE
666 	case IEEE80211_IOC_POWERSAVE:
667 	case IEEE80211_IOC_POWERSAVESLEEP:
668 	{
669 		struct rtwn_softc *sc = vap->iv_ic->ic_softc;
670 		struct rtwn_vap *uvp = RTWN_VAP(vap);
671 
672 		if (vap->iv_opmode == IEEE80211_M_STA && uvp->id == 0) {
673 			RTWN_LOCK(sc);
674 			if (sc->sc_flags & RTWN_RUNNING)
675 				error = rtwn_set_pwrmode(sc, vap, 1);
676 			else
677 				error = 0;
678 			RTWN_UNLOCK(sc);
679 			if (error != 0)
680 				error = ENETRESET;
681 		} else
682 			error = EOPNOTSUPP;
683 		break;
684 	}
685 #endif
686 	case IEEE80211_IOC_SHORTGI:
687 	case IEEE80211_IOC_RTSTHRESHOLD:
688 	case IEEE80211_IOC_PROTMODE:
689 	case IEEE80211_IOC_HTPROTMODE:
690 	case IEEE80211_IOC_LDPC:
691 		error = 0;
692 		break;
693 	default:
694 		error = ENETRESET;
695 		break;
696 	}
697 
698 	return (error);
699 }
700 
701 static void
702 rtwn_set_media_status(struct rtwn_softc *sc, union sec_param *data)
703 {
704 	sc->sc_set_media_status(sc, data->macid);
705 }
706 
707 #ifndef RTWN_WITHOUT_UCODE
708 static int
709 rtwn_tx_fwpkt_check(struct rtwn_softc *sc, struct ieee80211vap *vap)
710 {
711 	int ntries, error;
712 
713 	for (ntries = 0; ntries < 5; ntries++) {
714 		error = rtwn_push_nulldata(sc, vap);
715 		if (error == 0)
716 			break;
717 	}
718 	if (ntries == 5) {
719 		device_printf(sc->sc_dev,
720 		    "%s: cannot push f/w frames into chip, error %d!\n",
721 		    __func__, error);
722 		return (error);
723 	}
724 
725 	return (0);
726 }
727 
728 static int
729 rtwn_construct_nulldata(struct rtwn_softc *sc, struct ieee80211vap *vap,
730     uint8_t *ptr, int qos)
731 {
732 	struct rtwn_vap *uvp = RTWN_VAP(vap);
733 	struct ieee80211com *ic = &sc->sc_ic;
734 	struct rtwn_tx_desc_common *txd;
735 	struct ieee80211_frame *wh;
736 	int pktlen;
737 
738 	/* XXX obtain from net80211 */
739 	wh = (struct ieee80211_frame *)(ptr + sc->txdesc_len);
740 	wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
741 	wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
742 	IEEE80211_ADDR_COPY(wh->i_addr1, vap->iv_bss->ni_bssid);
743 	IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
744 	IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_macaddr);
745 
746 	txd = (struct rtwn_tx_desc_common *)ptr;
747 	txd->offset = sc->txdesc_len;
748 	pktlen = sc->txdesc_len;
749 	if (qos) {
750 		struct ieee80211_qosframe *qwh;
751 		const int tid = WME_AC_TO_TID(WME_AC_BE);
752 
753 		qwh = (struct ieee80211_qosframe *)wh;
754 		qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS_NULL;
755 		qwh->i_qos[0] = tid & IEEE80211_QOS_TID;
756 
757 		txd->pktlen = htole16(sizeof(struct ieee80211_qosframe));
758 		pktlen += sizeof(struct ieee80211_qosframe);
759 	} else {
760 		wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_NODATA;
761 
762 		txd->pktlen = htole16(sizeof(struct ieee80211_frame));
763 		pktlen += sizeof(struct ieee80211_frame);
764 	}
765 
766 	rtwn_fill_tx_desc_null(sc, ptr,
767 	    ic->ic_curmode == IEEE80211_MODE_11B, qos, uvp->id);
768 
769 	return (pktlen);
770 }
771 
772 static int
773 rtwn_push_nulldata(struct rtwn_softc *sc, struct ieee80211vap *vap)
774 {
775 	struct rtwn_vap *uvp = RTWN_VAP(vap);
776 	struct ieee80211com *ic = vap->iv_ic;
777 	struct ieee80211_channel *c = ic->ic_curchan;
778 	struct mbuf *m;
779 	uint8_t *ptr;
780 	int required_size, bcn_size, null_size, null_data, error;
781 
782 	if (!(sc->sc_flags & RTWN_FW_LOADED))
783 		return (0);	/* requires firmware */
784 
785 	KASSERT(sc->page_size > 0, ("page size was not set!\n"));
786 
787 	/* Leave some space for beacon (multi-vap) */
788 	bcn_size = roundup(RTWN_BCN_MAX_SIZE, sc->page_size);
789 	/* 1 page for Null Data + 1 page for Qos Null Data frames. */
790 	required_size = bcn_size + sc->page_size * 2;
791 
792 	m = m_get2(required_size, M_NOWAIT, MT_DATA, M_PKTHDR);
793 	if (m == NULL)
794 		return (ENOMEM);
795 
796 	/* Setup beacon descriptor. */
797 	rtwn_beacon_set_rate(sc, &uvp->bcn_desc.txd[0],
798 	    IEEE80211_IS_CHAN_5GHZ(c));
799 
800 	ptr = mtod(m, uint8_t *);
801 	memset(ptr, 0, required_size - sc->txdesc_len);
802 
803 	/* Construct Null Data frame. */
804 	ptr += bcn_size - sc->txdesc_len;
805 	null_size = rtwn_construct_nulldata(sc, vap, ptr, 0);
806 	KASSERT(null_size < sc->page_size,
807 	    ("recalculate size for Null Data frame\n"));
808 
809 	/* Construct Qos Null Data frame. */
810 	ptr += roundup(null_size, sc->page_size);
811 	null_size = rtwn_construct_nulldata(sc, vap, ptr, 1);
812 	KASSERT(null_size < sc->page_size,
813 	    ("recalculate size for Qos Null Data frame\n"));
814 
815 	/* Do not try to detect a beacon here. */
816 	rtwn_setbits_1_shift(sc, R92C_CR, 0, R92C_CR_ENSWBCN, 1);
817 	rtwn_setbits_1_shift(sc, R92C_FWHW_TXQ_CTRL,
818 	    R92C_FWHW_TXQ_CTRL_REAL_BEACON, 0, 2);
819 
820 	if (uvp->bcn_mbuf != NULL) {
821 		rtwn_beacon_unload(sc, uvp->id);
822 		m_freem(uvp->bcn_mbuf);
823 	}
824 
825 	m->m_pkthdr.len = m->m_len = required_size - sc->txdesc_len;
826 	uvp->bcn_mbuf = m;
827 
828 	error = rtwn_tx_beacon_check(sc, uvp);
829 	if (error != 0) {
830 		RTWN_DPRINTF(sc, RTWN_DEBUG_BEACON,
831 		    "%s: frame was not recognized!\n", __func__);
832 		goto fail;
833 	}
834 
835 	/* Setup addresses in firmware. */
836 	null_data = howmany(bcn_size, sc->page_size);
837 	error = rtwn_set_rsvd_page(sc, 0, null_data, null_data + 1);
838 	if (error != 0) {
839 		device_printf(sc->sc_dev,
840 		    "%s: CMD_RSVD_PAGE was not sent, error %d\n",
841 		    __func__, error);
842 		goto fail;
843 	}
844 
845 fail:
846 	/* Re-enable beacon detection. */
847 	rtwn_setbits_1_shift(sc, R92C_FWHW_TXQ_CTRL,
848 	    0, R92C_FWHW_TXQ_CTRL_REAL_BEACON, 2);
849 	rtwn_setbits_1_shift(sc, R92C_CR, R92C_CR_ENSWBCN, 0, 1);
850 
851 	/* Restore beacon (if present). */
852 	if (sc->bcn_vaps > 0 && sc->vaps[!uvp->id] != NULL) {
853 		struct rtwn_vap *uvp2 = sc->vaps[!uvp->id];
854 
855 		if (uvp2->curr_mode != R92C_MSR_NOLINK)
856 			error = rtwn_tx_beacon_check(sc, uvp2);
857 	}
858 
859 	return (error);
860 }
861 
862 static void
863 rtwn_pwrmode_init(void *arg)
864 {
865 	struct rtwn_softc *sc = arg;
866 
867 	rtwn_cmd_sleepable(sc, NULL, 0, rtwn_set_pwrmode_cb);
868 }
869 
870 static void
871 rtwn_set_pwrmode_cb(struct rtwn_softc *sc, union sec_param *data)
872 {
873 	struct ieee80211vap *vap = &sc->vaps[0]->vap;
874 
875 	if (vap != NULL)
876 		rtwn_set_pwrmode(sc, vap, 1);
877 }
878 #endif
879 
880 static void
881 rtwn_tsf_sync_adhoc(void *arg)
882 {
883 	struct ieee80211vap *vap = arg;
884 	struct ieee80211com *ic = vap->iv_ic;
885 	struct rtwn_vap *uvp = RTWN_VAP(vap);
886 
887 	if (uvp->curr_mode != R92C_MSR_NOLINK) {
888 		/* Do it in process context. */
889 		ieee80211_runtask(ic, &uvp->tsf_sync_adhoc_task);
890 	}
891 }
892 
893 /*
894  * Workaround for TSF synchronization:
895  * when BSSID filter in IBSS mode is not set
896  * (and TSF synchronization is enabled), then any beacon may update it.
897  * This routine synchronizes it when BSSID matching is enabled (IBSS merge
898  * is not possible during this period).
899  *
900  * NOTE: there is no race with rtwn_newstate(), since it uses the same
901  * taskqueue.
902  */
903 static void
904 rtwn_tsf_sync_adhoc_task(void *arg, int pending)
905 {
906 	struct ieee80211vap *vap = arg;
907 	struct rtwn_vap *uvp = RTWN_VAP(vap);
908 	struct rtwn_softc *sc = vap->iv_ic->ic_softc;
909 	struct ieee80211_node *ni;
910 
911 	RTWN_LOCK(sc);
912 	ni = ieee80211_ref_node(vap->iv_bss);
913 
914 	/* Accept beacons with the same BSSID. */
915 	rtwn_set_rx_bssid_all(sc, 0);
916 
917 	/* Deny RCR updates. */
918 	sc->sc_flags |= RTWN_RCR_LOCKED;
919 
920 	/* Enable synchronization. */
921 	rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id),
922 	    R92C_BCN_CTRL_DIS_TSF_UDT0, 0);
923 
924 	/* Synchronize. */
925 	rtwn_delay(sc, ni->ni_intval * 5 * 1000);
926 
927 	/* Disable synchronization. */
928 	rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id),
929 	    0, R92C_BCN_CTRL_DIS_TSF_UDT0);
930 
931 	/* Accept all beacons. */
932 	sc->sc_flags &= ~RTWN_RCR_LOCKED;
933 	rtwn_set_rx_bssid_all(sc, 1);
934 
935 	/* Schedule next TSF synchronization. */
936 	callout_reset(&uvp->tsf_sync_adhoc, 60*hz, rtwn_tsf_sync_adhoc, vap);
937 
938 	ieee80211_free_node(ni);
939 	RTWN_UNLOCK(sc);
940 }
941 
942 static void
943 rtwn_tsf_sync_enable(struct rtwn_softc *sc, struct ieee80211vap *vap)
944 {
945 	struct ieee80211com *ic = &sc->sc_ic;
946 	struct rtwn_vap *uvp = RTWN_VAP(vap);
947 
948 	/* Reset TSF. */
949 	rtwn_write_1(sc, R92C_DUAL_TSF_RST, R92C_DUAL_TSF_RESET(uvp->id));
950 
951 	switch (vap->iv_opmode) {
952 	case IEEE80211_M_STA:
953 		/* Enable TSF synchronization. */
954 		rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id),
955 		    R92C_BCN_CTRL_DIS_TSF_UDT0, 0);
956 		break;
957 	case IEEE80211_M_IBSS:
958 		ieee80211_runtask(ic, &uvp->tsf_sync_adhoc_task);
959 		/* FALLTHROUGH */
960 	case IEEE80211_M_HOSTAP:
961 		/* Enable beaconing. */
962 		rtwn_beacon_enable(sc, uvp->id, 1);
963 		break;
964 	default:
965 		device_printf(sc->sc_dev, "undefined opmode %d\n",
966 		    vap->iv_opmode);
967 		return;
968 	}
969 }
970 
971 static void
972 rtwn_set_ack_preamble(struct rtwn_softc *sc)
973 {
974 	struct ieee80211com *ic = &sc->sc_ic;
975 	uint32_t reg;
976 
977 	reg = rtwn_read_4(sc, R92C_WMAC_TRXPTCL_CTL);
978 	if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
979 		reg |= R92C_WMAC_TRXPTCL_SHPRE;
980 	else
981 		reg &= ~R92C_WMAC_TRXPTCL_SHPRE;
982 	rtwn_write_4(sc, R92C_WMAC_TRXPTCL_CTL, reg);
983 }
984 
985 static void
986 rtwn_set_mode(struct rtwn_softc *sc, uint8_t mode, int id)
987 {
988 
989 	rtwn_setbits_1(sc, R92C_MSR, R92C_MSR_MASK << id * 2, mode << id * 2);
990 	if (sc->vaps[id] != NULL)
991 		sc->vaps[id]->curr_mode = mode;
992 }
993 
994 static int
995 rtwn_monitor_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate,
996     int arg)
997 {
998 	struct ieee80211com *ic = vap->iv_ic;
999 	struct rtwn_softc *sc = ic->ic_softc;
1000 	struct rtwn_vap *uvp = RTWN_VAP(vap);
1001 
1002 	RTWN_DPRINTF(sc, RTWN_DEBUG_STATE, "%s -> %s\n",
1003 	    ieee80211_state_name[vap->iv_state],
1004 	    ieee80211_state_name[nstate]);
1005 
1006 	if (vap->iv_state != nstate) {
1007 		IEEE80211_UNLOCK(ic);
1008 		RTWN_LOCK(sc);
1009 
1010 		switch (nstate) {
1011 		case IEEE80211_S_INIT:
1012 			sc->vaps_running--;
1013 			sc->monvaps_running--;
1014 
1015 			if (sc->vaps_running == 0) {
1016 				/* Turn link LED off. */
1017 				rtwn_set_led(sc, RTWN_LED_LINK, 0);
1018 			}
1019 			break;
1020 		case IEEE80211_S_RUN:
1021 			sc->vaps_running++;
1022 			sc->monvaps_running++;
1023 
1024 			if (sc->vaps_running == 1) {
1025 				/* Turn link LED on. */
1026 				rtwn_set_led(sc, RTWN_LED_LINK, 1);
1027 			}
1028 			break;
1029 		default:
1030 			/* NOTREACHED */
1031 			break;
1032 		}
1033 
1034 		RTWN_UNLOCK(sc);
1035 		IEEE80211_LOCK(ic);
1036 	}
1037 
1038 	return (uvp->newstate(vap, nstate, arg));
1039 }
1040 
1041 static int
1042 rtwn_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
1043 {
1044 	struct rtwn_vap *uvp = RTWN_VAP(vap);
1045 	struct ieee80211com *ic = vap->iv_ic;
1046 	struct rtwn_softc *sc = ic->ic_softc;
1047 	enum ieee80211_state ostate;
1048 	int error, early_newstate;
1049 
1050 	ostate = vap->iv_state;
1051 	RTWN_DPRINTF(sc, RTWN_DEBUG_STATE, "%s -> %s\n",
1052 	    ieee80211_state_name[ostate], ieee80211_state_name[nstate]);
1053 
1054 	if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC &&
1055 	    ostate == IEEE80211_S_INIT && nstate == IEEE80211_S_RUN) {
1056 		/* need to call iv_newstate() firstly */
1057 		error = uvp->newstate(vap, nstate, arg);
1058 		if (error != 0)
1059 			return (error);
1060 
1061 		early_newstate = 1;
1062 	} else
1063 		early_newstate = 0;
1064 
1065 	if (ostate == IEEE80211_S_CSA) {
1066 		taskqueue_cancel_timeout(taskqueue_thread,
1067 		    &uvp->tx_beacon_csa, NULL);
1068 
1069 		/*
1070 		 * In multi-vap case second counter may not be cleared
1071 		 * properly.
1072 		 */
1073 		vap->iv_csa_count = 0;
1074 	}
1075 	IEEE80211_UNLOCK(ic);
1076 	RTWN_LOCK(sc);
1077 
1078 	if (ostate == IEEE80211_S_CSA) {
1079 		/* Unblock all queues (multi-vap case). */
1080 		rtwn_write_1(sc, R92C_TXPAUSE, 0);
1081 	}
1082 
1083 	if ((ostate == IEEE80211_S_RUN && nstate != IEEE80211_S_CSA) ||
1084 	    ostate == IEEE80211_S_CSA) {
1085 		sc->vaps_running--;
1086 
1087 		/* Set media status to 'No Link'. */
1088 		rtwn_set_mode(sc, R92C_MSR_NOLINK, uvp->id);
1089 
1090 		if (vap->iv_opmode == IEEE80211_M_IBSS) {
1091 			/* Stop periodical TSF synchronization. */
1092 			callout_stop(&uvp->tsf_sync_adhoc);
1093 		}
1094 
1095 		/* Disable TSF synchronization / beaconing. */
1096 		rtwn_beacon_enable(sc, uvp->id, 0);
1097 		rtwn_setbits_1(sc, R92C_BCN_CTRL(uvp->id),
1098 		    0, R92C_BCN_CTRL_DIS_TSF_UDT0);
1099 
1100 		/* NB: monitor mode vaps are using port 0. */
1101 		if (uvp->id != 0 || sc->monvaps_running == 0) {
1102 			/* Reset TSF. */
1103 			rtwn_write_1(sc, R92C_DUAL_TSF_RST,
1104 			    R92C_DUAL_TSF_RESET(uvp->id));
1105 		}
1106 
1107 #ifndef RTWN_WITHOUT_UCODE
1108 		if ((ic->ic_caps & IEEE80211_C_PMGT) != 0 && uvp->id == 0) {
1109 			/* Disable power management. */
1110 			callout_stop(&sc->sc_pwrmode_init);
1111 			rtwn_set_pwrmode(sc, vap, 0);
1112 		}
1113 #endif
1114 		if (sc->vaps_running - sc->monvaps_running > 0) {
1115 			/* Recalculate basic rates bitmap. */
1116 			rtwn_calc_basicrates(sc);
1117 		}
1118 
1119 		if (sc->vaps_running == sc->monvaps_running) {
1120 			/* Stop calibration. */
1121 			callout_stop(&sc->sc_calib_to);
1122 
1123 			/* Stop Rx of data frames. */
1124 			rtwn_write_2(sc, R92C_RXFLTMAP2, 0);
1125 
1126 			/* Reset EDCA parameters. */
1127 			rtwn_write_4(sc, R92C_EDCA_VO_PARAM, 0x002f3217);
1128 			rtwn_write_4(sc, R92C_EDCA_VI_PARAM, 0x005e4317);
1129 			rtwn_write_4(sc, R92C_EDCA_BE_PARAM, 0x00105320);
1130 			rtwn_write_4(sc, R92C_EDCA_BK_PARAM, 0x0000a444);
1131 
1132 			if (sc->vaps_running == 0) {
1133 				/* Turn link LED off. */
1134 				rtwn_set_led(sc, RTWN_LED_LINK, 0);
1135 			}
1136 		}
1137 	}
1138 
1139 	error = 0;
1140 	switch (nstate) {
1141 	case IEEE80211_S_SCAN:
1142 		/* Pause AC Tx queues. */
1143 		if (sc->vaps_running == 0)
1144 			rtwn_setbits_1(sc, R92C_TXPAUSE, 0, R92C_TX_QUEUE_AC);
1145 		break;
1146 	case IEEE80211_S_RUN:
1147 		error = rtwn_run(sc, vap);
1148 		if (error != 0) {
1149 			device_printf(sc->sc_dev,
1150 			    "%s: could not move to RUN state\n", __func__);
1151 			break;
1152 		}
1153 
1154 		sc->vaps_running++;
1155 		break;
1156 	case IEEE80211_S_CSA:
1157 		/* Block all Tx queues (except beacon queue). */
1158 		rtwn_setbits_1(sc, R92C_TXPAUSE, 0,
1159 		    R92C_TX_QUEUE_AC | R92C_TX_QUEUE_MGT | R92C_TX_QUEUE_HIGH);
1160 		break;
1161 	default:
1162 		break;
1163 	}
1164 
1165 	RTWN_UNLOCK(sc);
1166 	IEEE80211_LOCK(ic);
1167 	if (error != 0)
1168 		return (error);
1169 
1170 	return (early_newstate ? 0 : uvp->newstate(vap, nstate, arg));
1171 }
1172 
1173 static void
1174 rtwn_calc_basicrates(struct rtwn_softc *sc)
1175 {
1176 	struct ieee80211com *ic = &sc->sc_ic;
1177 	uint32_t basicrates;
1178 	int i;
1179 
1180 	RTWN_ASSERT_LOCKED(sc);
1181 
1182 	if (ic->ic_flags & IEEE80211_F_SCAN)
1183 		return;		/* will be done by rtwn_scan_end(). */
1184 
1185 	basicrates = 0;
1186 	for (i = 0; i < nitems(sc->vaps); i++) {
1187 		struct rtwn_vap *rvp;
1188 		struct ieee80211vap *vap;
1189 		struct ieee80211_node *ni;
1190 		uint32_t rates;
1191 
1192 		rvp = sc->vaps[i];
1193 		if (rvp == NULL || rvp->curr_mode == R92C_MSR_NOLINK)
1194 			continue;
1195 
1196 		vap = &rvp->vap;
1197 		if (vap->iv_bss == NULL)
1198 			continue;
1199 
1200 		ni = ieee80211_ref_node(vap->iv_bss);
1201 		rtwn_get_rates(sc, &ni->ni_rates, NULL, &rates, NULL, 1);
1202 		basicrates |= rates;
1203 		ieee80211_free_node(ni);
1204 	}
1205 
1206 	if (basicrates == 0)
1207 		return;
1208 
1209 	/* XXX initial RTS rate? */
1210 	rtwn_set_basicrates(sc, basicrates);
1211 }
1212 
1213 static int
1214 rtwn_run(struct rtwn_softc *sc, struct ieee80211vap *vap)
1215 {
1216 	struct ieee80211com *ic = vap->iv_ic;
1217 	struct rtwn_vap *uvp = RTWN_VAP(vap);
1218 	struct ieee80211_node *ni;
1219 	uint8_t mode;
1220 	int error;
1221 
1222 	RTWN_ASSERT_LOCKED(sc);
1223 
1224 	error = 0;
1225 	ni = ieee80211_ref_node(vap->iv_bss);
1226 
1227 	if (ic->ic_bsschan == IEEE80211_CHAN_ANYC ||
1228 	    ni->ni_chan == IEEE80211_CHAN_ANYC) {
1229 		error = EINVAL;
1230 		goto fail;
1231 	}
1232 
1233 	switch (vap->iv_opmode) {
1234 	case IEEE80211_M_STA:
1235 		mode = R92C_MSR_INFRA;
1236 		break;
1237 	case IEEE80211_M_IBSS:
1238 		mode = R92C_MSR_ADHOC;
1239 		break;
1240 	case IEEE80211_M_HOSTAP:
1241 		mode = R92C_MSR_AP;
1242 		break;
1243 	default:
1244 		KASSERT(0, ("undefined opmode %d\n", vap->iv_opmode));
1245 		error = EINVAL;
1246 		goto fail;
1247 	}
1248 
1249 	/* Set media status to 'Associated'. */
1250 	rtwn_set_mode(sc, mode, uvp->id);
1251 
1252 	/* Set AssocID. */
1253 	/* XXX multi-vap? */
1254 	rtwn_write_2(sc, R92C_BCN_PSR_RPT,
1255 	    0xc000 | IEEE80211_NODE_AID(ni));
1256 
1257 	/* Set BSSID. */
1258 	rtwn_set_bssid(sc, ni->ni_bssid, uvp->id);
1259 
1260 	/* Set beacon interval. */
1261 	rtwn_write_2(sc, R92C_BCN_INTERVAL(uvp->id), ni->ni_intval);
1262 
1263 	if (sc->vaps_running == sc->monvaps_running) {
1264 		/* Enable Rx of data frames. */
1265 		rtwn_write_2(sc, R92C_RXFLTMAP2, 0xffff);
1266 
1267 		/* Flush all AC queues. */
1268 		rtwn_write_1(sc, R92C_TXPAUSE, 0);
1269 	}
1270 
1271 #ifndef RTWN_WITHOUT_UCODE
1272 	/* Upload (QoS) Null Data frame to firmware. */
1273 	/* Note: do this for port 0 only. */
1274 	if ((ic->ic_caps & IEEE80211_C_PMGT) != 0 &&
1275 	    vap->iv_opmode == IEEE80211_M_STA && uvp->id == 0) {
1276 		error = rtwn_tx_fwpkt_check(sc, vap);
1277 		if (error != 0)
1278 			goto fail;
1279 
1280 		/* Setup power management. */
1281 		/*
1282 		 * NB: it will be enabled immediately - delay it,
1283 		 * so 4-Way handshake will not be interrupted.
1284 		 */
1285 		callout_reset(&sc->sc_pwrmode_init, 5*hz,
1286 		    rtwn_pwrmode_init, sc);
1287 	}
1288 #endif
1289 
1290 	/* Enable TSF synchronization. */
1291 	rtwn_tsf_sync_enable(sc, vap);
1292 
1293 	if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
1294 	    vap->iv_opmode == IEEE80211_M_IBSS) {
1295 		error = rtwn_setup_beacon(sc, ni);
1296 		if (error != 0) {
1297 			device_printf(sc->sc_dev,
1298 			    "unable to push beacon into the chip, "
1299 			    "error %d\n", error);
1300 			goto fail;
1301 		}
1302 	}
1303 
1304 	/* Set ACK preamble type. */
1305 	rtwn_set_ack_preamble(sc);
1306 
1307 	/* Set basic rates mask. */
1308 	rtwn_calc_basicrates(sc);
1309 
1310 #ifdef RTWN_TODO
1311 	rtwn_write_1(sc, R92C_SIFS_CCK + 1, 10);
1312 	rtwn_write_1(sc, R92C_SIFS_OFDM + 1, 10);
1313 	rtwn_write_1(sc, R92C_SPEC_SIFS + 1, 10);
1314 	rtwn_write_1(sc, R92C_MAC_SPEC_SIFS + 1, 10);
1315 	rtwn_write_1(sc, R92C_R2T_SIFS + 1, 10);
1316 	rtwn_write_1(sc, R92C_T2T_SIFS + 1, 10);
1317 #endif
1318 
1319 	if (sc->vaps_running == sc->monvaps_running) {
1320 		/* Reset temperature calibration state machine. */
1321 		sc->sc_flags &= ~RTWN_TEMP_MEASURED;
1322 		sc->thcal_temp = sc->thermal_meter;
1323 
1324 		/* Start periodic calibration. */
1325 		callout_reset(&sc->sc_calib_to, 2*hz, rtwn_calib_to,
1326 		    sc);
1327 
1328 		if (sc->vaps_running == 0) {
1329 			/* Turn link LED on. */
1330 			rtwn_set_led(sc, RTWN_LED_LINK, 1);
1331 		}
1332 	}
1333 
1334 fail:
1335 	ieee80211_free_node(ni);
1336 
1337 	return (error);
1338 }
1339 
1340 #ifndef D4054
1341 static void
1342 rtwn_watchdog(void *arg)
1343 {
1344 	struct rtwn_softc *sc = arg;
1345 	struct ieee80211com *ic = &sc->sc_ic;
1346 
1347 	RTWN_ASSERT_LOCKED(sc);
1348 
1349 	KASSERT(sc->sc_flags & RTWN_RUNNING, ("not running"));
1350 
1351 	if (sc->sc_tx_timer != 0 && --sc->sc_tx_timer == 0) {
1352 		ic_printf(ic, "device timeout\n");
1353 		ieee80211_restart_all(ic);
1354 		return;
1355 	}
1356 	callout_reset(&sc->sc_watchdog_to, hz, rtwn_watchdog, sc);
1357 }
1358 #endif
1359 
1360 static void
1361 rtwn_parent(struct ieee80211com *ic)
1362 {
1363 	struct rtwn_softc *sc = ic->ic_softc;
1364 	struct ieee80211vap *vap;
1365 
1366 	if (ic->ic_nrunning > 0) {
1367 		if (rtwn_init(sc) != 0) {
1368 			IEEE80211_LOCK(ic);
1369 			TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
1370 				ieee80211_stop_locked(vap);
1371 			IEEE80211_UNLOCK(ic);
1372 		} else
1373 			ieee80211_start_all(ic);
1374 	} else
1375 		rtwn_stop(sc);
1376 }
1377 
1378 static int
1379 rtwn_dma_init(struct rtwn_softc *sc)
1380 {
1381 #define RTWN_CHK(res) do {	\
1382 	if (res != 0)		\
1383 		return (EIO);	\
1384 } while(0)
1385 	uint16_t reg;
1386 	uint8_t tx_boundary;
1387 	int error;
1388 
1389 	/* Initialize LLT table. */
1390 	error = rtwn_llt_init(sc);
1391 	if (error != 0)
1392 		return (error);
1393 
1394 	/* Set the number of pages for each queue. */
1395 	RTWN_DPRINTF(sc, RTWN_DEBUG_RESET,
1396 	    "%s: pages per queue: high %d, normal %d, low %d, public %d\n",
1397 	    __func__, sc->nhqpages, sc->nnqpages, sc->nlqpages,
1398 	    sc->npubqpages);
1399 
1400 	RTWN_CHK(rtwn_write_1(sc, R92C_RQPN_NPQ, sc->nnqpages));
1401 	RTWN_CHK(rtwn_write_4(sc, R92C_RQPN,
1402 	    /* Set number of pages for public queue. */
1403 	    SM(R92C_RQPN_PUBQ, sc->npubqpages) |
1404 	    /* Set number of pages for high priority queue. */
1405 	    SM(R92C_RQPN_HPQ, sc->nhqpages) |
1406 	    /* Set number of pages for low priority queue. */
1407 	    SM(R92C_RQPN_LPQ, sc->nlqpages) |
1408 	    /* Load values. */
1409 	    R92C_RQPN_LD));
1410 
1411 	/* Initialize TX buffer boundary. */
1412 	KASSERT(sc->page_count < 255 && sc->page_count > 0,
1413 	    ("page_count is %d\n", sc->page_count));
1414 	tx_boundary = sc->page_count + 1;
1415 	RTWN_CHK(rtwn_write_1(sc, R92C_TXPKTBUF_BCNQ_BDNY, tx_boundary));
1416 	RTWN_CHK(rtwn_write_1(sc, R92C_TXPKTBUF_MGQ_BDNY, tx_boundary));
1417 	RTWN_CHK(rtwn_write_1(sc, R92C_TXPKTBUF_WMAC_LBK_BF_HD, tx_boundary));
1418 	RTWN_CHK(rtwn_write_1(sc, R92C_TRXFF_BNDY, tx_boundary));
1419 	RTWN_CHK(rtwn_write_1(sc, R92C_TDECTRL + 1, tx_boundary));
1420 
1421 	error = rtwn_init_bcnq1_boundary(sc);
1422 	if (error != 0)
1423 		return (error);
1424 
1425 	/* Set queue to USB pipe mapping. */
1426 	/* Note: PCIe devices are using some magic number here. */
1427 	reg = rtwn_get_qmap(sc);
1428 	RTWN_CHK(rtwn_setbits_2(sc, R92C_TRXDMA_CTRL,
1429 	    R92C_TRXDMA_CTRL_QMAP_M, reg));
1430 
1431 	/* Configure Tx/Rx DMA (PCIe). */
1432 	rtwn_set_desc_addr(sc);
1433 
1434 	/* Set Tx/Rx transfer page boundary. */
1435 	RTWN_CHK(rtwn_write_2(sc, R92C_TRXFF_BNDY + 2,
1436 	    sc->rx_dma_size - 1));
1437 
1438 	/* Set Tx/Rx transfer page size. */
1439 	rtwn_set_page_size(sc);
1440 
1441 	return (0);
1442 }
1443 
1444 static int
1445 rtwn_mac_init(struct rtwn_softc *sc)
1446 {
1447 	int i, error;
1448 
1449 	/* Write MAC initialization values. */
1450 	for (i = 0; i < sc->mac_size; i++) {
1451 		error = rtwn_write_1(sc, sc->mac_prog[i].reg,
1452 		    sc->mac_prog[i].val);
1453 		if (error != 0)
1454 			return (error);
1455 	}
1456 
1457 	return (0);
1458 }
1459 
1460 static void
1461 rtwn_mrr_init(struct rtwn_softc *sc)
1462 {
1463 	int i;
1464 
1465 	/* Drop rate index by 1 per retry. */
1466 	for (i = 0; i < R92C_DARFRC_SIZE; i++) {
1467 		rtwn_write_1(sc, R92C_DARFRC + i, i + 1);
1468 		rtwn_write_1(sc, R92C_RARFRC + i, i + 1);
1469 	}
1470 }
1471 
1472 static void
1473 rtwn_scan_start(struct ieee80211com *ic)
1474 {
1475 	struct rtwn_softc *sc = ic->ic_softc;
1476 
1477 	RTWN_LOCK(sc);
1478 	/* Pause beaconing. */
1479 	rtwn_setbits_1(sc, R92C_TXPAUSE, 0, R92C_TX_QUEUE_BCN);
1480 	/* Receive beacons / probe responses from any BSSID. */
1481 	if (sc->bcn_vaps == 0)
1482 		rtwn_set_rx_bssid_all(sc, 1);
1483 	RTWN_UNLOCK(sc);
1484 }
1485 
1486 static void
1487 rtwn_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
1488 {
1489 	struct rtwn_softc *sc = ss->ss_ic->ic_softc;
1490 
1491 	/* Make link LED blink during scan. */
1492 	RTWN_LOCK(sc);
1493 	rtwn_set_led(sc, RTWN_LED_LINK, !sc->ledlink);
1494 	RTWN_UNLOCK(sc);
1495 
1496 	sc->sc_scan_curchan(ss, maxdwell);
1497 }
1498 
1499 static void
1500 rtwn_scan_end(struct ieee80211com *ic)
1501 {
1502 	struct rtwn_softc *sc = ic->ic_softc;
1503 
1504 	RTWN_LOCK(sc);
1505 	/* Restore limitations. */
1506 	if (ic->ic_promisc == 0 && sc->bcn_vaps == 0)
1507 		rtwn_set_rx_bssid_all(sc, 0);
1508 
1509 	/* Restore LED state. */
1510 	rtwn_set_led(sc, RTWN_LED_LINK, (sc->vaps_running != 0));
1511 
1512 	/* Restore basic rates mask. */
1513 	rtwn_calc_basicrates(sc);
1514 
1515 	/* Resume beaconing. */
1516 	rtwn_setbits_1(sc, R92C_TXPAUSE, R92C_TX_QUEUE_BCN, 0);
1517 	RTWN_UNLOCK(sc);
1518 }
1519 
1520 static void
1521 rtwn_getradiocaps(struct ieee80211com *ic,
1522     int maxchans, int *nchans, struct ieee80211_channel chans[])
1523 {
1524 	struct rtwn_softc *sc = ic->ic_softc;
1525 	uint8_t bands[IEEE80211_MODE_BYTES];
1526 	int cbw_flags, i;
1527 
1528 	cbw_flags = (ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40) ?
1529 	    NET80211_CBW_FLAG_HT40 : 0;
1530 
1531 	memset(bands, 0, sizeof(bands));
1532 	setbit(bands, IEEE80211_MODE_11B);
1533 	setbit(bands, IEEE80211_MODE_11G);
1534 	setbit(bands, IEEE80211_MODE_11NG);
1535 	ieee80211_add_channels_default_2ghz(chans, maxchans, nchans,
1536 	    bands, cbw_flags);
1537 
1538 	/* XXX workaround add_channel_list() limitations */
1539 	setbit(bands, IEEE80211_MODE_11A);
1540 	setbit(bands, IEEE80211_MODE_11NA);
1541 	for (i = 0; i < nitems(sc->chan_num_5ghz); i++) {
1542 		if (sc->chan_num_5ghz[i] == 0)
1543 			continue;
1544 
1545 		ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
1546 		    sc->chan_list_5ghz[i], sc->chan_num_5ghz[i], bands,
1547 		    cbw_flags);
1548 	}
1549 }
1550 
1551 static void
1552 rtwn_update_chw(struct ieee80211com *ic)
1553 {
1554 }
1555 
1556 static void
1557 rtwn_set_channel(struct ieee80211com *ic)
1558 {
1559 	struct rtwn_softc *sc = ic->ic_softc;
1560 	struct ieee80211_channel *c = ic->ic_curchan;
1561 
1562 	RTWN_LOCK(sc);
1563 	rtwn_set_chan(sc, c);
1564 	RTWN_UNLOCK(sc);
1565 }
1566 
1567 static int
1568 rtwn_wme_update(struct ieee80211com *ic)
1569 {
1570 	struct chanAccParams chp;
1571 	struct ieee80211_channel *c = ic->ic_curchan;
1572 	struct rtwn_softc *sc = ic->ic_softc;
1573 	struct wmeParams *wmep = sc->cap_wmeParams;
1574 	uint8_t aifs, acm, slottime;
1575 	int ac;
1576 
1577 	ieee80211_wme_ic_getparams(ic, &chp);
1578 
1579 	/* Prevent possible races. */
1580 	IEEE80211_LOCK(ic);	/* XXX */
1581 	RTWN_LOCK(sc);
1582 	memcpy(wmep, chp.cap_wmeParams, sizeof(sc->cap_wmeParams));
1583 	RTWN_UNLOCK(sc);
1584 	IEEE80211_UNLOCK(ic);
1585 
1586 	acm = 0;
1587 	slottime = IEEE80211_GET_SLOTTIME(ic);
1588 
1589 	RTWN_LOCK(sc);
1590 	for (ac = WME_AC_BE; ac < WME_NUM_AC; ac++) {
1591 		/* AIFS[AC] = AIFSN[AC] * aSlotTime + aSIFSTime. */
1592 		aifs = wmep[ac].wmep_aifsn * slottime +
1593 		    (IEEE80211_IS_CHAN_5GHZ(c) ?
1594 			IEEE80211_DUR_OFDM_SIFS : IEEE80211_DUR_SIFS);
1595 		rtwn_write_4(sc, wme2reg[ac],
1596 		    SM(R92C_EDCA_PARAM_TXOP, wmep[ac].wmep_txopLimit) |
1597 		    SM(R92C_EDCA_PARAM_ECWMIN, wmep[ac].wmep_logcwmin) |
1598 		    SM(R92C_EDCA_PARAM_ECWMAX, wmep[ac].wmep_logcwmax) |
1599 		    SM(R92C_EDCA_PARAM_AIFS, aifs));
1600 		if (ac != WME_AC_BE)
1601 			acm |= wmep[ac].wmep_acm << ac;
1602 	}
1603 
1604 	if (acm != 0)
1605 		acm |= R92C_ACMHWCTRL_EN;
1606 	rtwn_setbits_1(sc, R92C_ACMHWCTRL, R92C_ACMHWCTRL_ACM_MASK, acm);
1607 	RTWN_UNLOCK(sc);
1608 
1609 	return 0;
1610 }
1611 
1612 static void
1613 rtwn_update_slot(struct ieee80211com *ic)
1614 {
1615 	rtwn_cmd_sleepable(ic->ic_softc, NULL, 0, rtwn_update_slot_cb);
1616 }
1617 
1618 static void
1619 rtwn_update_slot_cb(struct rtwn_softc *sc, union sec_param *data)
1620 {
1621 	struct ieee80211com *ic = &sc->sc_ic;
1622 	uint8_t slottime;
1623 
1624 	slottime = IEEE80211_GET_SLOTTIME(ic);
1625 
1626 	RTWN_DPRINTF(sc, RTWN_DEBUG_STATE, "%s: setting slot time to %uus\n",
1627 	    __func__, slottime);
1628 
1629 	rtwn_write_1(sc, R92C_SLOT, slottime);
1630 	rtwn_update_aifs(sc, slottime);
1631 }
1632 
1633 static void
1634 rtwn_update_aifs(struct rtwn_softc *sc, uint8_t slottime)
1635 {
1636 	struct ieee80211_channel *c = sc->sc_ic.ic_curchan;
1637 	const struct wmeParams *wmep = sc->cap_wmeParams;
1638 	uint8_t aifs, ac;
1639 
1640 	for (ac = WME_AC_BE; ac < WME_NUM_AC; ac++) {
1641 		/* AIFS[AC] = AIFSN[AC] * aSlotTime + aSIFSTime. */
1642 		aifs = wmep[ac].wmep_aifsn * slottime +
1643 		    (IEEE80211_IS_CHAN_5GHZ(c) ?
1644 			IEEE80211_DUR_OFDM_SIFS : IEEE80211_DUR_SIFS);
1645 		rtwn_write_1(sc, wme2reg[ac], aifs);
1646 	}
1647 }
1648 
1649 static void
1650 rtwn_update_promisc(struct ieee80211com *ic)
1651 {
1652 	struct rtwn_softc *sc = ic->ic_softc;
1653 
1654 	RTWN_LOCK(sc);
1655 	if (sc->sc_flags & RTWN_RUNNING)
1656 		rtwn_set_promisc(sc);
1657 	RTWN_UNLOCK(sc);
1658 }
1659 
1660 static void
1661 rtwn_update_mcast(struct ieee80211com *ic)
1662 {
1663 	struct rtwn_softc *sc = ic->ic_softc;
1664 
1665 	RTWN_LOCK(sc);
1666 	if (sc->sc_flags & RTWN_RUNNING)
1667 		rtwn_set_multi(sc);
1668 	RTWN_UNLOCK(sc);
1669 }
1670 
1671 static int
1672 rtwn_set_bssid(struct rtwn_softc *sc, const uint8_t *bssid, int id)
1673 {
1674 	int error;
1675 
1676 	error = rtwn_write_4(sc, R92C_BSSID(id), le32dec(&bssid[0]));
1677 	if (error != 0)
1678 		return (error);
1679 	error = rtwn_write_2(sc, R92C_BSSID(id) + 4, le16dec(&bssid[4]));
1680 
1681 	return (error);
1682 }
1683 
1684 static int
1685 rtwn_set_macaddr(struct rtwn_softc *sc, const uint8_t *addr, int id)
1686 {
1687 	int error;
1688 
1689 	error = rtwn_write_4(sc, R92C_MACID(id), le32dec(&addr[0]));
1690 	if (error != 0)
1691 		return (error);
1692 	error = rtwn_write_2(sc, R92C_MACID(id) + 4, le16dec(&addr[4]));
1693 
1694 	return (error);
1695 }
1696 
1697 static struct ieee80211_node *
1698 rtwn_node_alloc(struct ieee80211vap *vap,
1699     const uint8_t mac[IEEE80211_ADDR_LEN])
1700 {
1701 	struct rtwn_node *un;
1702 
1703 	un = malloc(sizeof (struct rtwn_node), M_80211_NODE,
1704 	    M_NOWAIT | M_ZERO);
1705 
1706 	if (un == NULL)
1707 		return NULL;
1708 
1709 	un->id = RTWN_MACID_UNDEFINED;
1710 	un->avg_pwdb = -1;
1711 
1712 	return &un->ni;
1713 }
1714 
1715 static void
1716 rtwn_newassoc(struct ieee80211_node *ni, int isnew __unused)
1717 {
1718 	struct rtwn_softc *sc = ni->ni_ic->ic_softc;
1719 	struct rtwn_node *un = RTWN_NODE(ni);
1720 	int id;
1721 
1722 	if (un->id != RTWN_MACID_UNDEFINED)
1723 		return;
1724 
1725 	RTWN_NT_LOCK(sc);
1726 	for (id = 0; id <= sc->macid_limit; id++) {
1727 		if (id != RTWN_MACID_BC && sc->node_list[id] == NULL) {
1728 			un->id = id;
1729 			sc->node_list[id] = ni;
1730 			break;
1731 		}
1732 	}
1733 	RTWN_NT_UNLOCK(sc);
1734 
1735 	if (id > sc->macid_limit) {
1736 		device_printf(sc->sc_dev, "%s: node table is full\n",
1737 		    __func__);
1738 		return;
1739 	}
1740 
1741 	/* Notify firmware. */
1742 	id |= RTWN_MACID_VALID;
1743 	rtwn_cmd_sleepable(sc, &id, sizeof(id), rtwn_set_media_status);
1744 }
1745 
1746 static void
1747 rtwn_node_free(struct ieee80211_node *ni)
1748 {
1749 	struct rtwn_softc *sc = ni->ni_ic->ic_softc;
1750 	struct rtwn_node *un = RTWN_NODE(ni);
1751 
1752 	RTWN_NT_LOCK(sc);
1753 	if (un->id != RTWN_MACID_UNDEFINED) {
1754 		sc->node_list[un->id] = NULL;
1755 		rtwn_cmd_sleepable(sc, &un->id, sizeof(un->id),
1756 		    rtwn_set_media_status);
1757 	}
1758 	RTWN_NT_UNLOCK(sc);
1759 
1760 	sc->sc_node_free(ni);
1761 }
1762 
1763 static void
1764 rtwn_init_beacon_reg(struct rtwn_softc *sc)
1765 {
1766 	rtwn_write_1(sc, R92C_BCN_CTRL(0), R92C_BCN_CTRL_DIS_TSF_UDT0);
1767 	rtwn_write_1(sc, R92C_BCN_CTRL(1), R92C_BCN_CTRL_DIS_TSF_UDT0);
1768 	rtwn_write_2(sc, R92C_TBTT_PROHIBIT, 0x6404);
1769 	rtwn_write_1(sc, R92C_DRVERLYINT, 0x05);
1770 	rtwn_write_1(sc, R92C_BCNDMATIM, 0x02);
1771 	rtwn_write_2(sc, R92C_BCNTCFG, 0x660f);
1772 }
1773 
1774 static int
1775 rtwn_init(struct rtwn_softc *sc)
1776 {
1777 	struct ieee80211com *ic = &sc->sc_ic;
1778 	int i, error;
1779 
1780 	RTWN_LOCK(sc);
1781 	if (sc->sc_flags & RTWN_RUNNING) {
1782 		RTWN_UNLOCK(sc);
1783 		return (0);
1784 	}
1785 	sc->sc_flags |= RTWN_STARTED;
1786 
1787 	/* Power on adapter. */
1788 	error = rtwn_power_on(sc);
1789 	if (error != 0)
1790 		goto fail;
1791 
1792 #ifndef RTWN_WITHOUT_UCODE
1793 	/* Load 8051 microcode. */
1794 	error = rtwn_load_firmware(sc);
1795 	if (error == 0)
1796 		sc->sc_flags |= RTWN_FW_LOADED;
1797 
1798 	/* Init firmware commands ring. */
1799 	sc->fwcur = 0;
1800 #endif
1801 
1802 	/* Initialize MAC block. */
1803 	error = rtwn_mac_init(sc);
1804 	if (error != 0) {
1805 		device_printf(sc->sc_dev,
1806 		    "%s: error while initializing MAC block\n", __func__);
1807 		goto fail;
1808 	}
1809 
1810 	/* Initialize DMA. */
1811 	error = rtwn_dma_init(sc);
1812 	if (error != 0)
1813 		goto fail;
1814 
1815 	/* Drop incorrect TX (USB). */
1816 	rtwn_drop_incorrect_tx(sc);
1817 
1818 	/* Set info size in Rx descriptors (in 64-bit words). */
1819 	rtwn_write_1(sc, R92C_RX_DRVINFO_SZ, R92C_RX_DRVINFO_SZ_DEF);
1820 
1821 	/* Init interrupts. */
1822 	rtwn_init_intr(sc);
1823 
1824 	for (i = 0; i < nitems(sc->vaps); i++) {
1825 		struct rtwn_vap *uvp = sc->vaps[i];
1826 
1827 		/* Set initial network type. */
1828 		rtwn_set_mode(sc, R92C_MSR_NOLINK, i);
1829 
1830 		if (uvp == NULL)
1831 			continue;
1832 
1833 		/* Set MAC address. */
1834 		error = rtwn_set_macaddr(sc, uvp->vap.iv_myaddr, uvp->id);
1835 		if (error != 0)
1836 			goto fail;
1837 	}
1838 
1839 	/* Initialize Rx filter. */
1840 	rtwn_rxfilter_init(sc);
1841 
1842 	/* Set short/long retry limits. */
1843 	rtwn_write_2(sc, R92C_RL,
1844 	    SM(R92C_RL_SRL, 0x30) | SM(R92C_RL_LRL, 0x30));
1845 
1846 	/* Initialize EDCA parameters. */
1847 	rtwn_init_edca(sc);
1848 
1849 	rtwn_setbits_1(sc, R92C_FWHW_TXQ_CTRL, 0,
1850 	    R92C_FWHW_TXQ_CTRL_AMPDU_RTY_NEW);
1851 	/* Set ACK timeout. */
1852 	rtwn_write_1(sc, R92C_ACKTO, sc->ackto);
1853 
1854 	/* Setup aggregation. */
1855 	/* Tx aggregation. */
1856 	rtwn_init_tx_agg(sc);
1857 	rtwn_init_rx_agg(sc);
1858 
1859 	/* Initialize beacon parameters. */
1860 	rtwn_init_beacon_reg(sc);
1861 
1862 	/* Init A-MPDU parameters. */
1863 	rtwn_init_ampdu(sc);
1864 
1865 	/* Init MACTXEN / MACRXEN after setting RxFF boundary. */
1866 	rtwn_setbits_1(sc, R92C_CR, 0, R92C_CR_MACTXEN | R92C_CR_MACRXEN);
1867 
1868 	/* Initialize BB/RF blocks. */
1869 	rtwn_init_bb(sc);
1870 	rtwn_init_rf(sc);
1871 
1872 	/* Initialize wireless band. */
1873 	rtwn_set_chan(sc, ic->ic_curchan);
1874 
1875 	/* Clear per-station keys table. */
1876 	rtwn_init_cam(sc);
1877 
1878 	/* Enable decryption / encryption. */
1879 	rtwn_init_seccfg(sc);
1880 
1881 	/* Install static keys (if any). */
1882 	for (i = 0; i < nitems(sc->vaps); i++) {
1883 		if (sc->vaps[i] != NULL) {
1884 			error = rtwn_init_static_keys(sc, sc->vaps[i]);
1885 			if (error != 0)
1886 				goto fail;
1887 		}
1888 	}
1889 
1890 	/* Initialize antenna selection. */
1891 	rtwn_init_antsel(sc);
1892 
1893 	/* Enable hardware sequence numbering. */
1894 	rtwn_write_1(sc, R92C_HWSEQ_CTRL, R92C_TX_QUEUE_ALL);
1895 
1896 	/* Disable BAR. */
1897 	rtwn_write_4(sc, R92C_BAR_MODE_CTRL, 0x0201ffff);
1898 
1899 	/* NAV limit. */
1900 	rtwn_write_1(sc, R92C_NAV_UPPER, 0);
1901 
1902 	/* Initialize GPIO setting. */
1903 	rtwn_setbits_1(sc, R92C_GPIO_MUXCFG, R92C_GPIO_MUXCFG_ENBT, 0);
1904 
1905 	/* Initialize MRR. */
1906 	rtwn_mrr_init(sc);
1907 
1908 	/* Device-specific post initialization. */
1909 	rtwn_post_init(sc);
1910 
1911 	rtwn_start_xfers(sc);
1912 
1913 #ifndef D4054
1914 	callout_reset(&sc->sc_watchdog_to, hz, rtwn_watchdog, sc);
1915 #endif
1916 
1917 	sc->sc_flags |= RTWN_RUNNING;
1918 fail:
1919 	RTWN_UNLOCK(sc);
1920 
1921 	return (error);
1922 }
1923 
1924 static void
1925 rtwn_stop(struct rtwn_softc *sc)
1926 {
1927 
1928 	RTWN_LOCK(sc);
1929 	if (!(sc->sc_flags & RTWN_STARTED)) {
1930 		RTWN_UNLOCK(sc);
1931 		return;
1932 	}
1933 
1934 #ifndef D4054
1935 	callout_stop(&sc->sc_watchdog_to);
1936 	sc->sc_tx_timer = 0;
1937 #endif
1938 	sc->sc_flags &= ~(RTWN_STARTED | RTWN_RUNNING | RTWN_FW_LOADED);
1939 	sc->sc_flags &= ~RTWN_TEMP_MEASURED;
1940 	sc->fwver = 0;
1941 	sc->thcal_temp = 0;
1942 	sc->cur_bcnq_id = RTWN_VAP_ID_INVALID;
1943 	bzero(&sc->last_physt, sizeof(sc->last_physt));
1944 
1945 #ifdef D4054
1946 	ieee80211_tx_watchdog_stop(&sc->sc_ic);
1947 #endif
1948 
1949 	rtwn_abort_xfers(sc);
1950 	rtwn_drain_mbufq(sc);
1951 	rtwn_power_off(sc);
1952 	rtwn_reset_lists(sc, NULL);
1953 	RTWN_UNLOCK(sc);
1954 }
1955 
1956 MODULE_VERSION(rtwn, 2);
1957 MODULE_DEPEND(rtwn, wlan, 1, 1, 1);
1958 #ifndef RTWN_WITHOUT_UCODE
1959 MODULE_DEPEND(rtwn, firmware, 1, 1, 1);
1960 #endif
1961