1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /*- 21 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 22 * http://www.ralinktech.com/ 23 */ 24 25 #include "opt_wlan.h" 26 27 #include <sys/param.h> 28 #include <sys/eventhandler.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <net/bpf.h> 46 #include <net/if.h> 47 #include <net/if_var.h> 48 #include <net/if_arp.h> 49 #include <net/ethernet.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 #include <net/if_types.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/in_var.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip.h> 59 60 #include <net80211/ieee80211_var.h> 61 #include <net80211/ieee80211_regdomain.h> 62 #include <net80211/ieee80211_radiotap.h> 63 #include <net80211/ieee80211_ratectl.h> 64 #ifdef IEEE80211_SUPPORT_SUPERG 65 #include <net80211/ieee80211_superg.h> 66 #endif 67 68 #include <dev/usb/usb.h> 69 #include <dev/usb/usbdi.h> 70 #include "usbdevs.h" 71 72 #define USB_DEBUG_VAR run_debug 73 #include <dev/usb/usb_debug.h> 74 #include <dev/usb/usb_msctest.h> 75 76 #include <dev/usb/wlan/if_runreg.h> 77 #include <dev/usb/wlan/if_runvar.h> 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 86 "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 90 enum { 91 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 92 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 93 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 94 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 95 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 96 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 97 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 98 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 99 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 100 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 101 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 102 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 103 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 104 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 105 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 106 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 107 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 108 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 109 RUN_DEBUG_ANY = 0xffffffff 110 }; 111 112 #define RUN_DPRINTF(_sc, _m, ...) do { \ 113 if (run_debug & (_m)) \ 114 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 115 } while(0) 116 #else 117 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 118 #endif 119 120 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 121 122 /* 123 * Because of LOR in run_key_delete(), use atomic instead. 124 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 125 */ 126 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 127 128 static const STRUCT_USB_HOST_ID run_devs[] = { 129 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 130 #define RUN_DEV_EJECT(v,p) \ 131 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 132 #define RUN_EJECT 1 133 RUN_DEV(ABOCOM, RT2770), 134 RUN_DEV(ABOCOM, RT2870), 135 RUN_DEV(ABOCOM, RT3070), 136 RUN_DEV(ABOCOM, RT3071), 137 RUN_DEV(ABOCOM, RT3072), 138 RUN_DEV(ABOCOM2, RT2870_1), 139 RUN_DEV(ACCTON, RT2770), 140 RUN_DEV(ACCTON, RT2870_1), 141 RUN_DEV(ACCTON, RT2870_2), 142 RUN_DEV(ACCTON, RT2870_3), 143 RUN_DEV(ACCTON, RT2870_4), 144 RUN_DEV(ACCTON, RT2870_5), 145 RUN_DEV(ACCTON, RT3070), 146 RUN_DEV(ACCTON, RT3070_1), 147 RUN_DEV(ACCTON, RT3070_2), 148 RUN_DEV(ACCTON, RT3070_3), 149 RUN_DEV(ACCTON, RT3070_4), 150 RUN_DEV(ACCTON, RT3070_5), 151 RUN_DEV(AIRTIES, RT3070), 152 RUN_DEV(ALLWIN, RT2070), 153 RUN_DEV(ALLWIN, RT2770), 154 RUN_DEV(ALLWIN, RT2870), 155 RUN_DEV(ALLWIN, RT3070), 156 RUN_DEV(ALLWIN, RT3071), 157 RUN_DEV(ALLWIN, RT3072), 158 RUN_DEV(ALLWIN, RT3572), 159 RUN_DEV(AMIGO, RT2870_1), 160 RUN_DEV(AMIGO, RT2870_2), 161 RUN_DEV(AMIT, CGWLUSB2GNR), 162 RUN_DEV(AMIT, RT2870_1), 163 RUN_DEV(AMIT2, RT2870), 164 RUN_DEV(ASUS, RT2870_1), 165 RUN_DEV(ASUS, RT2870_2), 166 RUN_DEV(ASUS, RT2870_3), 167 RUN_DEV(ASUS, RT2870_4), 168 RUN_DEV(ASUS, RT2870_5), 169 RUN_DEV(ASUS, USBN13), 170 RUN_DEV(ASUS, RT3070_1), 171 RUN_DEV(ASUS, USBN66), 172 RUN_DEV(ASUS, USB_N53), 173 RUN_DEV(ASUS, USBN14), 174 RUN_DEV(ASUS2, USBN11), 175 RUN_DEV(AZUREWAVE, RT2870_1), 176 RUN_DEV(AZUREWAVE, RT2870_2), 177 RUN_DEV(AZUREWAVE, RT3070_1), 178 RUN_DEV(AZUREWAVE, RT3070_2), 179 RUN_DEV(AZUREWAVE, RT3070_3), 180 RUN_DEV(BELKIN, F9L1103), 181 RUN_DEV(BELKIN, F5D8053V3), 182 RUN_DEV(BELKIN, F5D8055), 183 RUN_DEV(BELKIN, F5D8055V2), 184 RUN_DEV(BELKIN, F6D4050V1), 185 RUN_DEV(BELKIN, F6D4050V2), 186 RUN_DEV(BELKIN, RT2870_1), 187 RUN_DEV(BELKIN, RT2870_2), 188 RUN_DEV(CISCOLINKSYS, AE1000), 189 RUN_DEV(CISCOLINKSYS2, RT3070), 190 RUN_DEV(CISCOLINKSYS3, RT3070), 191 RUN_DEV(CONCEPTRONIC2, RT2870_1), 192 RUN_DEV(CONCEPTRONIC2, RT2870_2), 193 RUN_DEV(CONCEPTRONIC2, RT2870_3), 194 RUN_DEV(CONCEPTRONIC2, RT2870_4), 195 RUN_DEV(CONCEPTRONIC2, RT2870_5), 196 RUN_DEV(CONCEPTRONIC2, RT2870_6), 197 RUN_DEV(CONCEPTRONIC2, RT2870_7), 198 RUN_DEV(CONCEPTRONIC2, RT2870_8), 199 RUN_DEV(CONCEPTRONIC2, RT3070_1), 200 RUN_DEV(CONCEPTRONIC2, RT3070_2), 201 RUN_DEV(CONCEPTRONIC2, VIGORN61), 202 RUN_DEV(COREGA, CGWLUSB300GNM), 203 RUN_DEV(COREGA, RT2870_1), 204 RUN_DEV(COREGA, RT2870_2), 205 RUN_DEV(COREGA, RT2870_3), 206 RUN_DEV(COREGA, RT3070), 207 RUN_DEV(CYBERTAN, RT2870), 208 RUN_DEV(DLINK, RT2870), 209 RUN_DEV(DLINK, RT3072), 210 RUN_DEV(DLINK, DWA125A3), 211 RUN_DEV(DLINK, DWA127), 212 RUN_DEV(DLINK, DWA140B3), 213 RUN_DEV(DLINK, DWA160B2), 214 RUN_DEV(DLINK, DWA140D1), 215 RUN_DEV(DLINK, DWA130F1), 216 RUN_DEV(DLINK, DWA162), 217 RUN_DEV(DLINK2, DWA130), 218 RUN_DEV(DLINK2, RT2870_1), 219 RUN_DEV(DLINK2, RT2870_2), 220 RUN_DEV(DLINK2, RT3070_1), 221 RUN_DEV(DLINK2, RT3070_2), 222 RUN_DEV(DLINK2, RT3070_3), 223 RUN_DEV(DLINK2, RT3070_4), 224 RUN_DEV(DLINK2, RT3070_5), 225 RUN_DEV(DLINK2, RT3072), 226 RUN_DEV(DLINK2, RT3072_1), 227 RUN_DEV(EDIMAX, EW7717), 228 RUN_DEV(EDIMAX, EW7718), 229 RUN_DEV(EDIMAX, EW7733UND), 230 RUN_DEV(EDIMAX, RT2870_1), 231 RUN_DEV(ENCORE, RT3070_1), 232 RUN_DEV(ENCORE, RT3070_2), 233 RUN_DEV(ENCORE, RT3070_3), 234 RUN_DEV(GIGABYTE, GNWB31N), 235 RUN_DEV(GIGABYTE, GNWB32L), 236 RUN_DEV(GIGABYTE, RT2870_1), 237 RUN_DEV(GIGASET, RT3070_1), 238 RUN_DEV(GIGASET, RT3070_2), 239 RUN_DEV(GUILLEMOT, HWNU300), 240 RUN_DEV(HAWKING, HWUN2), 241 RUN_DEV(HAWKING, RT2870_1), 242 RUN_DEV(HAWKING, RT2870_2), 243 RUN_DEV(HAWKING, RT3070), 244 RUN_DEV(IODATA, RT3072_1), 245 RUN_DEV(IODATA, RT3072_2), 246 RUN_DEV(IODATA, RT3072_3), 247 RUN_DEV(IODATA, RT3072_4), 248 RUN_DEV(LINKSYS4, RT3070), 249 RUN_DEV(LINKSYS4, WUSB100), 250 RUN_DEV(LINKSYS4, WUSB54GCV3), 251 RUN_DEV(LINKSYS4, WUSB600N), 252 RUN_DEV(LINKSYS4, WUSB600NV2), 253 RUN_DEV(LOGITEC, RT2870_1), 254 RUN_DEV(LOGITEC, RT2870_2), 255 RUN_DEV(LOGITEC, RT2870_3), 256 RUN_DEV(LOGITEC, LANW300NU2), 257 RUN_DEV(LOGITEC, LANW150NU2), 258 RUN_DEV(LOGITEC, LANW300NU2S), 259 RUN_DEV(MELCO, WLIUCG300HP), 260 RUN_DEV(MELCO, RT2870_2), 261 RUN_DEV(MELCO, WLIUCAG300N), 262 RUN_DEV(MELCO, WLIUCG300N), 263 RUN_DEV(MELCO, WLIUCG301N), 264 RUN_DEV(MELCO, WLIUCGN), 265 RUN_DEV(MELCO, WLIUCGNM), 266 RUN_DEV(MELCO, WLIUCG300HPV1), 267 RUN_DEV(MELCO, WLIUCGNM2), 268 RUN_DEV(MOTOROLA4, RT2770), 269 RUN_DEV(MOTOROLA4, RT3070), 270 RUN_DEV(MSI, RT3070_1), 271 RUN_DEV(MSI, RT3070_2), 272 RUN_DEV(MSI, RT3070_3), 273 RUN_DEV(MSI, RT3070_4), 274 RUN_DEV(MSI, RT3070_5), 275 RUN_DEV(MSI, RT3070_6), 276 RUN_DEV(MSI, RT3070_7), 277 RUN_DEV(MSI, RT3070_8), 278 RUN_DEV(MSI, RT3070_9), 279 RUN_DEV(MSI, RT3070_10), 280 RUN_DEV(MSI, RT3070_11), 281 RUN_DEV(NETGEAR, WNDA4100), 282 RUN_DEV(OVISLINK, RT3072), 283 RUN_DEV(PARA, RT3070), 284 RUN_DEV(PEGATRON, RT2870), 285 RUN_DEV(PEGATRON, RT3070), 286 RUN_DEV(PEGATRON, RT3070_2), 287 RUN_DEV(PEGATRON, RT3070_3), 288 RUN_DEV(PHILIPS, RT2870), 289 RUN_DEV(PLANEX2, GWUS300MINIS), 290 RUN_DEV(PLANEX2, GWUSMICRON), 291 RUN_DEV(PLANEX2, RT2870), 292 RUN_DEV(PLANEX2, RT3070), 293 RUN_DEV(QCOM, RT2870), 294 RUN_DEV(QUANTA, RT3070), 295 RUN_DEV(RALINK, RT2070), 296 RUN_DEV(RALINK, RT2770), 297 RUN_DEV(RALINK, RT2870), 298 RUN_DEV(RALINK, RT3070), 299 RUN_DEV(RALINK, RT3071), 300 RUN_DEV(RALINK, RT3072), 301 RUN_DEV(RALINK, RT3370), 302 RUN_DEV(RALINK, RT3572), 303 RUN_DEV(RALINK, RT3573), 304 RUN_DEV(RALINK, RT5370), 305 RUN_DEV(RALINK, RT5372), 306 RUN_DEV(RALINK, RT5572), 307 RUN_DEV(RALINK, RT8070), 308 RUN_DEV(SAMSUNG, WIS09ABGN), 309 RUN_DEV(SAMSUNG2, RT2870_1), 310 RUN_DEV(SENAO, RT2870_1), 311 RUN_DEV(SENAO, RT2870_2), 312 RUN_DEV(SENAO, RT2870_3), 313 RUN_DEV(SENAO, RT2870_4), 314 RUN_DEV(SENAO, RT3070), 315 RUN_DEV(SENAO, RT3071), 316 RUN_DEV(SENAO, RT3072_1), 317 RUN_DEV(SENAO, RT3072_2), 318 RUN_DEV(SENAO, RT3072_3), 319 RUN_DEV(SENAO, RT3072_4), 320 RUN_DEV(SENAO, RT3072_5), 321 RUN_DEV(SITECOMEU, RT2770), 322 RUN_DEV(SITECOMEU, RT2870_1), 323 RUN_DEV(SITECOMEU, RT2870_2), 324 RUN_DEV(SITECOMEU, RT2870_3), 325 RUN_DEV(SITECOMEU, RT2870_4), 326 RUN_DEV(SITECOMEU, RT3070), 327 RUN_DEV(SITECOMEU, RT3070_2), 328 RUN_DEV(SITECOMEU, RT3070_3), 329 RUN_DEV(SITECOMEU, RT3070_4), 330 RUN_DEV(SITECOMEU, RT3071), 331 RUN_DEV(SITECOMEU, RT3072_1), 332 RUN_DEV(SITECOMEU, RT3072_2), 333 RUN_DEV(SITECOMEU, RT3072_3), 334 RUN_DEV(SITECOMEU, RT3072_4), 335 RUN_DEV(SITECOMEU, RT3072_5), 336 RUN_DEV(SITECOMEU, RT3072_6), 337 RUN_DEV(SITECOMEU, WL608), 338 RUN_DEV(SPARKLAN, RT2870_1), 339 RUN_DEV(SPARKLAN, RT3070), 340 RUN_DEV(SWEEX2, LW153), 341 RUN_DEV(SWEEX2, LW303), 342 RUN_DEV(SWEEX2, LW313), 343 RUN_DEV(TOSHIBA, RT3070), 344 RUN_DEV(UMEDIA, RT2870_1), 345 RUN_DEV(ZCOM, RT2870_1), 346 RUN_DEV(ZCOM, RT2870_2), 347 RUN_DEV(ZINWELL, RT2870_1), 348 RUN_DEV(ZINWELL, RT2870_2), 349 RUN_DEV(ZINWELL, RT3070), 350 RUN_DEV(ZINWELL, RT3072_1), 351 RUN_DEV(ZINWELL, RT3072_2), 352 RUN_DEV(ZYXEL, RT2870_1), 353 RUN_DEV(ZYXEL, RT2870_2), 354 RUN_DEV(ZYXEL, RT3070), 355 RUN_DEV_EJECT(ZYXEL, NWD2705), 356 RUN_DEV_EJECT(RALINK, RT_STOR), 357 #undef RUN_DEV_EJECT 358 #undef RUN_DEV 359 }; 360 361 static device_probe_t run_match; 362 static device_attach_t run_attach; 363 static device_detach_t run_detach; 364 365 static usb_callback_t run_bulk_rx_callback; 366 static usb_callback_t run_bulk_tx_callback0; 367 static usb_callback_t run_bulk_tx_callback1; 368 static usb_callback_t run_bulk_tx_callback2; 369 static usb_callback_t run_bulk_tx_callback3; 370 static usb_callback_t run_bulk_tx_callback4; 371 static usb_callback_t run_bulk_tx_callback5; 372 373 static void run_autoinst(void *, struct usb_device *, 374 struct usb_attach_arg *); 375 static int run_driver_loaded(struct module *, int, void *); 376 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 377 usb_error_t error, u_int index); 378 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 379 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 380 const uint8_t [IEEE80211_ADDR_LEN], 381 const uint8_t [IEEE80211_ADDR_LEN]); 382 static void run_vap_delete(struct ieee80211vap *); 383 static void run_cmdq_cb(void *, int); 384 static void run_setup_tx_list(struct run_softc *, 385 struct run_endpoint_queue *); 386 static void run_unsetup_tx_list(struct run_softc *, 387 struct run_endpoint_queue *); 388 static int run_load_microcode(struct run_softc *); 389 static int run_reset(struct run_softc *); 390 static usb_error_t run_do_request(struct run_softc *, 391 struct usb_device_request *, void *); 392 static int run_read(struct run_softc *, uint16_t, uint32_t *); 393 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 394 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 395 static int run_write(struct run_softc *, uint16_t, uint32_t); 396 static int run_write_region_1(struct run_softc *, uint16_t, 397 const uint8_t *, int); 398 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 399 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 400 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 401 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 402 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 403 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 404 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 405 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 406 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 407 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 408 static const char *run_get_rf(uint16_t); 409 static void run_rt3593_get_txpower(struct run_softc *); 410 static void run_get_txpower(struct run_softc *); 411 static int run_read_eeprom(struct run_softc *); 412 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 413 const uint8_t mac[IEEE80211_ADDR_LEN]); 414 static int run_media_change(if_t); 415 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 416 static int run_wme_update(struct ieee80211com *); 417 static void run_key_set_cb(void *); 418 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 419 static void run_key_delete_cb(void *); 420 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 421 static void run_ratectl_to(void *); 422 static void run_ratectl_cb(void *, int); 423 static void run_drain_fifo(void *); 424 static void run_iter_func(void *, struct ieee80211_node *); 425 static void run_newassoc_cb(void *); 426 static void run_newassoc(struct ieee80211_node *, int); 427 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 428 const struct ieee80211_rx_stats *, int, int); 429 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 430 static void run_tx_free(struct run_endpoint_queue *pq, 431 struct run_tx_data *, int); 432 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 433 static int run_tx(struct run_softc *, struct mbuf *, 434 struct ieee80211_node *); 435 static int run_tx_mgt(struct run_softc *, struct mbuf *, 436 struct ieee80211_node *); 437 static int run_sendprot(struct run_softc *, const struct mbuf *, 438 struct ieee80211_node *, int, int); 439 static int run_tx_param(struct run_softc *, struct mbuf *, 440 struct ieee80211_node *, 441 const struct ieee80211_bpf_params *); 442 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 443 const struct ieee80211_bpf_params *); 444 static int run_transmit(struct ieee80211com *, struct mbuf *); 445 static void run_start(struct run_softc *); 446 static void run_parent(struct ieee80211com *); 447 static void run_iq_calib(struct run_softc *, u_int); 448 static void run_set_agc(struct run_softc *, uint8_t); 449 static void run_select_chan_group(struct run_softc *, int); 450 static void run_set_rx_antenna(struct run_softc *, int); 451 static void run_rt2870_set_chan(struct run_softc *, u_int); 452 static void run_rt3070_set_chan(struct run_softc *, u_int); 453 static void run_rt3572_set_chan(struct run_softc *, u_int); 454 static void run_rt3593_set_chan(struct run_softc *, u_int); 455 static void run_rt5390_set_chan(struct run_softc *, u_int); 456 static void run_rt5592_set_chan(struct run_softc *, u_int); 457 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 458 static void run_set_channel(struct ieee80211com *); 459 static void run_getradiocaps(struct ieee80211com *, int, int *, 460 struct ieee80211_channel[]); 461 static void run_scan_start(struct ieee80211com *); 462 static void run_scan_end(struct ieee80211com *); 463 static void run_update_beacon(struct ieee80211vap *, int); 464 static void run_update_beacon_cb(void *); 465 static void run_updateprot(struct ieee80211com *); 466 static void run_updateprot_cb(void *); 467 static void run_usb_timeout_cb(void *); 468 static void run_reset_livelock(struct run_softc *); 469 static void run_enable_tsf_sync(struct run_softc *); 470 static void run_enable_tsf(struct run_softc *); 471 static void run_disable_tsf(struct run_softc *); 472 static void run_get_tsf(struct run_softc *, uint64_t *); 473 static void run_enable_mrr(struct run_softc *); 474 static void run_set_txpreamble(struct run_softc *); 475 static void run_set_basicrates(struct run_softc *); 476 static void run_set_leds(struct run_softc *, uint16_t); 477 static void run_set_bssid(struct run_softc *, const uint8_t *); 478 static void run_set_macaddr(struct run_softc *, const uint8_t *); 479 static void run_updateslot(struct ieee80211com *); 480 static void run_updateslot_cb(void *); 481 static void run_update_mcast(struct ieee80211com *); 482 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 483 static void run_update_promisc_locked(struct run_softc *); 484 static void run_update_promisc(struct ieee80211com *); 485 static void run_rt5390_bbp_init(struct run_softc *); 486 static int run_bbp_init(struct run_softc *); 487 static int run_rt3070_rf_init(struct run_softc *); 488 static void run_rt3593_rf_init(struct run_softc *); 489 static void run_rt5390_rf_init(struct run_softc *); 490 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 491 uint8_t *); 492 static void run_rt3070_rf_setup(struct run_softc *); 493 static void run_rt3593_rf_setup(struct run_softc *); 494 static void run_rt5390_rf_setup(struct run_softc *); 495 static int run_txrx_enable(struct run_softc *); 496 static void run_adjust_freq_offset(struct run_softc *); 497 static void run_init_locked(struct run_softc *); 498 static void run_stop(void *); 499 static void run_delay(struct run_softc *, u_int); 500 static void run_update_chw(struct ieee80211com *ic); 501 static int run_ampdu_enable(struct ieee80211_node *ni, 502 struct ieee80211_tx_ampdu *tap); 503 504 static eventhandler_tag run_etag; 505 506 static const struct rt2860_rate { 507 uint8_t rate; 508 uint8_t mcs; 509 enum ieee80211_phytype phy; 510 uint8_t ctl_ridx; 511 uint16_t sp_ack_dur; 512 uint16_t lp_ack_dur; 513 } rt2860_rates[] = { 514 /* CCK rates (11b) */ 515 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 516 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 517 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 518 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 519 520 /* OFDM rates (11a / 11g) */ 521 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 522 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 523 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 524 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 525 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 526 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 527 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 528 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }, 529 530 /* MCS - single stream */ 531 { 0x80, 0, IEEE80211_T_HT, 4, 60, 60 }, 532 { 0x81, 1, IEEE80211_T_HT, 4, 60, 60 }, 533 { 0x82, 2, IEEE80211_T_HT, 4, 60, 60 }, 534 { 0x83, 3, IEEE80211_T_HT, 4, 60, 60 }, 535 { 0x84, 4, IEEE80211_T_HT, 4, 60, 60 }, 536 { 0x85, 5, IEEE80211_T_HT, 4, 60, 60 }, 537 { 0x86, 6, IEEE80211_T_HT, 4, 60, 60 }, 538 { 0x87, 7, IEEE80211_T_HT, 4, 60, 60 }, 539 540 /* MCS - 2 streams */ 541 { 0x88, 8, IEEE80211_T_HT, 4, 60, 60 }, 542 { 0x89, 9, IEEE80211_T_HT, 4, 60, 60 }, 543 { 0x8a, 10, IEEE80211_T_HT, 4, 60, 60 }, 544 { 0x8b, 11, IEEE80211_T_HT, 4, 60, 60 }, 545 { 0x8c, 12, IEEE80211_T_HT, 4, 60, 60 }, 546 { 0x8d, 13, IEEE80211_T_HT, 4, 60, 60 }, 547 { 0x8e, 14, IEEE80211_T_HT, 4, 60, 60 }, 548 { 0x8f, 15, IEEE80211_T_HT, 4, 60, 60 }, 549 550 /* MCS - 3 streams */ 551 { 0x90, 16, IEEE80211_T_HT, 4, 60, 60 }, 552 { 0x91, 17, IEEE80211_T_HT, 4, 60, 60 }, 553 { 0x92, 18, IEEE80211_T_HT, 4, 60, 60 }, 554 { 0x93, 19, IEEE80211_T_HT, 4, 60, 60 }, 555 { 0x94, 20, IEEE80211_T_HT, 4, 60, 60 }, 556 { 0x95, 21, IEEE80211_T_HT, 4, 60, 60 }, 557 { 0x96, 22, IEEE80211_T_HT, 4, 60, 60 }, 558 { 0x97, 23, IEEE80211_T_HT, 4, 60, 60 }, 559 }; 560 561 /* These are indexes into the above rt2860_rates[] array */ 562 #define RT2860_RIDX_CCK1 0 563 #define RT2860_RIDX_CCK11 3 564 #define RT2860_RIDX_OFDM6 4 565 #define RT2860_RIDX_MCS0 12 566 #define RT2860_RIDX_MAX 36 567 568 static const struct { 569 uint16_t reg; 570 uint32_t val; 571 } rt2870_def_mac[] = { 572 RT2870_DEF_MAC 573 }; 574 575 static const struct { 576 uint8_t reg; 577 uint8_t val; 578 } rt2860_def_bbp[] = { 579 RT2860_DEF_BBP 580 },rt5390_def_bbp[] = { 581 RT5390_DEF_BBP 582 },rt5592_def_bbp[] = { 583 RT5592_DEF_BBP 584 }; 585 586 /* 587 * Default values for BBP register R196 for RT5592. 588 */ 589 static const uint8_t rt5592_bbp_r196[] = { 590 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 591 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 592 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 593 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 594 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 595 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 596 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 597 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 598 0x2e, 0x36, 0x30, 0x6e 599 }; 600 601 static const struct rfprog { 602 uint8_t chan; 603 uint32_t r1, r2, r3, r4; 604 } rt2860_rf2850[] = { 605 RT2860_RF2850 606 }; 607 608 struct { 609 uint8_t n, r, k; 610 } rt3070_freqs[] = { 611 RT3070_RF3052 612 }; 613 614 static const struct rt5592_freqs { 615 uint16_t n; 616 uint8_t k, m, r; 617 } rt5592_freqs_20mhz[] = { 618 RT5592_RF5592_20MHZ 619 },rt5592_freqs_40mhz[] = { 620 RT5592_RF5592_40MHZ 621 }; 622 623 static const struct { 624 uint8_t reg; 625 uint8_t val; 626 } rt3070_def_rf[] = { 627 RT3070_DEF_RF 628 },rt3572_def_rf[] = { 629 RT3572_DEF_RF 630 },rt3593_def_rf[] = { 631 RT3593_DEF_RF 632 },rt5390_def_rf[] = { 633 RT5390_DEF_RF 634 },rt5392_def_rf[] = { 635 RT5392_DEF_RF 636 },rt5592_def_rf[] = { 637 RT5592_DEF_RF 638 },rt5592_2ghz_def_rf[] = { 639 RT5592_2GHZ_DEF_RF 640 },rt5592_5ghz_def_rf[] = { 641 RT5592_5GHZ_DEF_RF 642 }; 643 644 static const struct { 645 u_int firstchan; 646 u_int lastchan; 647 uint8_t reg; 648 uint8_t val; 649 } rt5592_chan_5ghz[] = { 650 RT5592_CHAN_5GHZ 651 }; 652 653 static const struct usb_config run_config[RUN_N_XFER] = { 654 [RUN_BULK_TX_BE] = { 655 .type = UE_BULK, 656 .endpoint = UE_ADDR_ANY, 657 .ep_index = 0, 658 .direction = UE_DIR_OUT, 659 .bufsize = RUN_MAX_TXSZ, 660 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 661 .callback = run_bulk_tx_callback0, 662 .timeout = 5000, /* ms */ 663 }, 664 [RUN_BULK_TX_BK] = { 665 .type = UE_BULK, 666 .endpoint = UE_ADDR_ANY, 667 .direction = UE_DIR_OUT, 668 .ep_index = 1, 669 .bufsize = RUN_MAX_TXSZ, 670 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 671 .callback = run_bulk_tx_callback1, 672 .timeout = 5000, /* ms */ 673 }, 674 [RUN_BULK_TX_VI] = { 675 .type = UE_BULK, 676 .endpoint = UE_ADDR_ANY, 677 .direction = UE_DIR_OUT, 678 .ep_index = 2, 679 .bufsize = RUN_MAX_TXSZ, 680 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 681 .callback = run_bulk_tx_callback2, 682 .timeout = 5000, /* ms */ 683 }, 684 [RUN_BULK_TX_VO] = { 685 .type = UE_BULK, 686 .endpoint = UE_ADDR_ANY, 687 .direction = UE_DIR_OUT, 688 .ep_index = 3, 689 .bufsize = RUN_MAX_TXSZ, 690 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 691 .callback = run_bulk_tx_callback3, 692 .timeout = 5000, /* ms */ 693 }, 694 [RUN_BULK_TX_HCCA] = { 695 .type = UE_BULK, 696 .endpoint = UE_ADDR_ANY, 697 .direction = UE_DIR_OUT, 698 .ep_index = 4, 699 .bufsize = RUN_MAX_TXSZ, 700 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 701 .callback = run_bulk_tx_callback4, 702 .timeout = 5000, /* ms */ 703 }, 704 [RUN_BULK_TX_PRIO] = { 705 .type = UE_BULK, 706 .endpoint = UE_ADDR_ANY, 707 .direction = UE_DIR_OUT, 708 .ep_index = 5, 709 .bufsize = RUN_MAX_TXSZ, 710 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 711 .callback = run_bulk_tx_callback5, 712 .timeout = 5000, /* ms */ 713 }, 714 [RUN_BULK_RX] = { 715 .type = UE_BULK, 716 .endpoint = UE_ADDR_ANY, 717 .direction = UE_DIR_IN, 718 .bufsize = RUN_MAX_RXSZ, 719 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 720 .callback = run_bulk_rx_callback, 721 } 722 }; 723 724 static void 725 run_autoinst(void *arg, struct usb_device *udev, 726 struct usb_attach_arg *uaa) 727 { 728 struct usb_interface *iface; 729 struct usb_interface_descriptor *id; 730 731 if (uaa->dev_state != UAA_DEV_READY) 732 return; 733 734 iface = usbd_get_iface(udev, 0); 735 if (iface == NULL) 736 return; 737 id = iface->idesc; 738 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 739 return; 740 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 741 return; 742 743 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 744 uaa->dev_state = UAA_DEV_EJECTING; 745 } 746 747 static int 748 run_driver_loaded(struct module *mod, int what, void *arg) 749 { 750 switch (what) { 751 case MOD_LOAD: 752 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 753 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 754 break; 755 case MOD_UNLOAD: 756 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 757 break; 758 default: 759 return (EOPNOTSUPP); 760 } 761 return (0); 762 } 763 764 static int 765 run_match(device_t self) 766 { 767 struct usb_attach_arg *uaa = device_get_ivars(self); 768 769 if (uaa->usb_mode != USB_MODE_HOST) 770 return (ENXIO); 771 if (uaa->info.bConfigIndex != 0) 772 return (ENXIO); 773 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 774 return (ENXIO); 775 776 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 777 } 778 779 static int 780 run_attach(device_t self) 781 { 782 struct run_softc *sc = device_get_softc(self); 783 struct usb_attach_arg *uaa = device_get_ivars(self); 784 struct ieee80211com *ic = &sc->sc_ic; 785 uint32_t ver; 786 uint8_t iface_index; 787 int ntries, error; 788 789 device_set_usb_desc(self); 790 sc->sc_udev = uaa->device; 791 sc->sc_dev = self; 792 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 793 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 794 795 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 796 MTX_NETWORK_LOCK, MTX_DEF); 797 mbufq_init(&sc->sc_snd, ifqmaxlen); 798 799 iface_index = RT2860_IFACE_INDEX; 800 801 error = usbd_transfer_setup(uaa->device, &iface_index, 802 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 803 if (error) { 804 device_printf(self, "could not allocate USB transfers, " 805 "err=%s\n", usbd_errstr(error)); 806 goto detach; 807 } 808 809 RUN_LOCK(sc); 810 811 /* wait for the chip to settle */ 812 for (ntries = 0; ntries < 100; ntries++) { 813 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 814 RUN_UNLOCK(sc); 815 goto detach; 816 } 817 if (ver != 0 && ver != 0xffffffff) 818 break; 819 run_delay(sc, 10); 820 } 821 if (ntries == 100) { 822 device_printf(sc->sc_dev, 823 "timeout waiting for NIC to initialize\n"); 824 RUN_UNLOCK(sc); 825 goto detach; 826 } 827 sc->mac_ver = ver >> 16; 828 sc->mac_rev = ver & 0xffff; 829 830 /* retrieve RF rev. no and various other things from EEPROM */ 831 run_read_eeprom(sc); 832 833 device_printf(sc->sc_dev, 834 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 835 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 836 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 837 838 RUN_UNLOCK(sc); 839 840 ic->ic_softc = sc; 841 ic->ic_name = device_get_nameunit(self); 842 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 843 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 844 845 /* set device capabilities */ 846 ic->ic_caps = 847 IEEE80211_C_STA | /* station mode supported */ 848 IEEE80211_C_MONITOR | /* monitor mode supported */ 849 IEEE80211_C_IBSS | 850 IEEE80211_C_HOSTAP | 851 IEEE80211_C_WDS | /* 4-address traffic works */ 852 IEEE80211_C_MBSS | 853 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 854 IEEE80211_C_SHSLOT | /* short slot time supported */ 855 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */ 856 IEEE80211_C_FF | /* Atheros fast-frames */ 857 IEEE80211_C_WME | /* WME */ 858 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 859 860 /* 861 * RF2020 is not an 11n device. 862 */ 863 if (sc->rf_rev != RT3070_RF_2020) { 864 device_printf(sc->sc_dev, "[HT] Enabling 802.11n\n"); 865 ic->ic_htcaps = 866 IEEE80211_HTC_HT | 867 IEEE80211_HTC_AMPDU | 868 IEEE80211_HTC_AMSDU | 869 IEEE80211_HTCAP_MAXAMSDU_3839 | 870 IEEE80211_HTCAP_SMPS_OFF; 871 872 ic->ic_rxstream = sc->nrxchains; 873 ic->ic_txstream = sc->ntxchains; 874 } 875 876 ic->ic_cryptocaps = 877 IEEE80211_CRYPTO_WEP | 878 IEEE80211_CRYPTO_AES_CCM | 879 IEEE80211_CRYPTO_TKIPMIC | 880 IEEE80211_CRYPTO_TKIP; 881 882 ic->ic_flags |= IEEE80211_F_DATAPAD; 883 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 884 885 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 886 ic->ic_channels); 887 888 ieee80211_ifattach(ic); 889 890 ic->ic_scan_start = run_scan_start; 891 ic->ic_scan_end = run_scan_end; 892 ic->ic_set_channel = run_set_channel; 893 ic->ic_getradiocaps = run_getradiocaps; 894 ic->ic_node_alloc = run_node_alloc; 895 ic->ic_newassoc = run_newassoc; 896 ic->ic_updateslot = run_updateslot; 897 ic->ic_update_mcast = run_update_mcast; 898 ic->ic_wme.wme_update = run_wme_update; 899 ic->ic_raw_xmit = run_raw_xmit; 900 ic->ic_update_promisc = run_update_promisc; 901 ic->ic_vap_create = run_vap_create; 902 ic->ic_vap_delete = run_vap_delete; 903 ic->ic_transmit = run_transmit; 904 ic->ic_parent = run_parent; 905 ic->ic_update_chw = run_update_chw; 906 ic->ic_ampdu_enable = run_ampdu_enable; 907 908 ieee80211_radiotap_attach(ic, 909 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 910 RUN_TX_RADIOTAP_PRESENT, 911 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 912 RUN_RX_RADIOTAP_PRESENT); 913 914 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 915 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 916 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 917 918 if (bootverbose) 919 ieee80211_announce(ic); 920 921 return (0); 922 923 detach: 924 run_detach(self); 925 return (ENXIO); 926 } 927 928 static void 929 run_drain_mbufq(struct run_softc *sc) 930 { 931 struct mbuf *m; 932 struct ieee80211_node *ni; 933 934 RUN_LOCK_ASSERT(sc, MA_OWNED); 935 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 936 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 937 m->m_pkthdr.rcvif = NULL; 938 ieee80211_free_node(ni); 939 m_freem(m); 940 } 941 } 942 943 static int 944 run_detach(device_t self) 945 { 946 struct run_softc *sc = device_get_softc(self); 947 struct ieee80211com *ic = &sc->sc_ic; 948 int i; 949 950 RUN_LOCK(sc); 951 sc->sc_detached = 1; 952 RUN_UNLOCK(sc); 953 954 /* stop all USB transfers */ 955 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 956 957 RUN_LOCK(sc); 958 sc->ratectl_run = RUN_RATECTL_OFF; 959 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 960 961 /* free TX list, if any */ 962 for (i = 0; i != RUN_EP_QUEUES; i++) 963 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 964 965 /* Free TX queue */ 966 run_drain_mbufq(sc); 967 RUN_UNLOCK(sc); 968 969 if (sc->sc_ic.ic_softc == sc) { 970 /* drain tasks */ 971 usb_callout_drain(&sc->ratectl_ch); 972 ieee80211_draintask(ic, &sc->cmdq_task); 973 ieee80211_draintask(ic, &sc->ratectl_task); 974 ieee80211_ifdetach(ic); 975 } 976 977 mtx_destroy(&sc->sc_mtx); 978 979 return (0); 980 } 981 982 static struct ieee80211vap * 983 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 984 enum ieee80211_opmode opmode, int flags, 985 const uint8_t bssid[IEEE80211_ADDR_LEN], 986 const uint8_t mac[IEEE80211_ADDR_LEN]) 987 { 988 struct run_softc *sc = ic->ic_softc; 989 struct run_vap *rvp; 990 struct ieee80211vap *vap; 991 int i; 992 993 if (sc->rvp_cnt >= RUN_VAP_MAX) { 994 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 995 return (NULL); 996 } 997 998 switch (opmode) { 999 case IEEE80211_M_STA: 1000 /* enable s/w bmiss handling for sta mode */ 1001 flags |= IEEE80211_CLONE_NOBEACONS; 1002 /* fall though */ 1003 case IEEE80211_M_IBSS: 1004 case IEEE80211_M_MONITOR: 1005 case IEEE80211_M_HOSTAP: 1006 case IEEE80211_M_MBSS: 1007 /* other than WDS vaps, only one at a time */ 1008 if (!TAILQ_EMPTY(&ic->ic_vaps)) 1009 return (NULL); 1010 break; 1011 case IEEE80211_M_WDS: 1012 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 1013 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 1014 continue; 1015 /* WDS vap's always share the local mac address. */ 1016 flags &= ~IEEE80211_CLONE_BSSID; 1017 break; 1018 } 1019 if (vap == NULL) { 1020 device_printf(sc->sc_dev, 1021 "wds only supported in ap mode\n"); 1022 return (NULL); 1023 } 1024 break; 1025 default: 1026 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 1027 return (NULL); 1028 } 1029 1030 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 1031 vap = &rvp->vap; 1032 1033 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 1034 bssid) != 0) { 1035 /* out of memory */ 1036 free(rvp, M_80211_VAP); 1037 return (NULL); 1038 } 1039 1040 vap->iv_update_beacon = run_update_beacon; 1041 vap->iv_max_aid = RT2870_WCID_MAX; 1042 1043 /* 1044 * The linux rt2800 driver limits 1 stream devices to a 32KB 1045 * RX AMPDU. 1046 */ 1047 if (ic->ic_rxstream > 1) 1048 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K; 1049 else 1050 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K; 1051 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_2; /* 2uS */ 1052 1053 /* 1054 * To delete the right key from h/w, we need wcid. 1055 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 1056 * and matching wcid will be written into there. So, cast 1057 * some spells to remove 'const' from ieee80211_key{} 1058 */ 1059 vap->iv_key_delete = (void *)run_key_delete; 1060 vap->iv_key_set = (void *)run_key_set; 1061 1062 /* override state transition machine */ 1063 rvp->newstate = vap->iv_newstate; 1064 vap->iv_newstate = run_newstate; 1065 if (opmode == IEEE80211_M_IBSS) { 1066 rvp->recv_mgmt = vap->iv_recv_mgmt; 1067 vap->iv_recv_mgmt = run_recv_mgmt; 1068 } 1069 1070 ieee80211_ratectl_init(vap); 1071 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 1072 1073 /* complete setup */ 1074 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 1075 mac); 1076 1077 /* make sure id is always unique */ 1078 for (i = 0; i < RUN_VAP_MAX; i++) { 1079 if((sc->rvp_bmap & 1 << i) == 0){ 1080 sc->rvp_bmap |= 1 << i; 1081 rvp->rvp_id = i; 1082 break; 1083 } 1084 } 1085 if (sc->rvp_cnt++ == 0) 1086 ic->ic_opmode = opmode; 1087 1088 if (opmode == IEEE80211_M_HOSTAP) 1089 sc->cmdq_run = RUN_CMDQ_GO; 1090 1091 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1092 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1093 1094 return (vap); 1095 } 1096 1097 static void 1098 run_vap_delete(struct ieee80211vap *vap) 1099 { 1100 struct run_vap *rvp = RUN_VAP(vap); 1101 struct ieee80211com *ic; 1102 struct run_softc *sc; 1103 uint8_t rvp_id; 1104 1105 if (vap == NULL) 1106 return; 1107 1108 ic = vap->iv_ic; 1109 sc = ic->ic_softc; 1110 1111 RUN_LOCK(sc); 1112 1113 m_freem(rvp->beacon_mbuf); 1114 rvp->beacon_mbuf = NULL; 1115 1116 rvp_id = rvp->rvp_id; 1117 sc->ratectl_run &= ~(1 << rvp_id); 1118 sc->rvp_bmap &= ~(1 << rvp_id); 1119 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1120 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1121 --sc->rvp_cnt; 1122 1123 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1124 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1125 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1126 1127 RUN_UNLOCK(sc); 1128 1129 ieee80211_ratectl_deinit(vap); 1130 ieee80211_vap_detach(vap); 1131 free(rvp, M_80211_VAP); 1132 } 1133 1134 /* 1135 * There are numbers of functions need to be called in context thread. 1136 * Rather than creating taskqueue event for each of those functions, 1137 * here is all-for-one taskqueue callback function. This function 1138 * guarantees deferred functions are executed in the same order they 1139 * were enqueued. 1140 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1141 */ 1142 static void 1143 run_cmdq_cb(void *arg, int pending) 1144 { 1145 struct run_softc *sc = arg; 1146 uint8_t i; 1147 1148 /* call cmdq[].func locked */ 1149 RUN_LOCK(sc); 1150 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1151 i = sc->cmdq_exec, pending--) { 1152 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1153 i, pending); 1154 if (sc->cmdq_run == RUN_CMDQ_GO) { 1155 /* 1156 * If arg0 is NULL, callback func needs more 1157 * than one arg. So, pass ptr to cmdq struct. 1158 */ 1159 if (sc->cmdq[i].arg0) 1160 sc->cmdq[i].func(sc->cmdq[i].arg0); 1161 else 1162 sc->cmdq[i].func(&sc->cmdq[i]); 1163 } 1164 sc->cmdq[i].arg0 = NULL; 1165 sc->cmdq[i].func = NULL; 1166 sc->cmdq_exec++; 1167 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1168 } 1169 RUN_UNLOCK(sc); 1170 } 1171 1172 static void 1173 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1174 { 1175 struct run_tx_data *data; 1176 1177 memset(pq, 0, sizeof(*pq)); 1178 1179 STAILQ_INIT(&pq->tx_qh); 1180 STAILQ_INIT(&pq->tx_fh); 1181 1182 for (data = &pq->tx_data[0]; 1183 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1184 data->sc = sc; 1185 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1186 } 1187 pq->tx_nfree = RUN_TX_RING_COUNT; 1188 } 1189 1190 static void 1191 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1192 { 1193 struct run_tx_data *data; 1194 1195 /* make sure any subsequent use of the queues will fail */ 1196 pq->tx_nfree = 0; 1197 STAILQ_INIT(&pq->tx_fh); 1198 STAILQ_INIT(&pq->tx_qh); 1199 1200 /* free up all node references and mbufs */ 1201 for (data = &pq->tx_data[0]; 1202 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1203 if (data->m != NULL) { 1204 m_freem(data->m); 1205 data->m = NULL; 1206 } 1207 if (data->ni != NULL) { 1208 ieee80211_free_node(data->ni); 1209 data->ni = NULL; 1210 } 1211 } 1212 } 1213 1214 static int 1215 run_load_microcode(struct run_softc *sc) 1216 { 1217 usb_device_request_t req; 1218 const struct firmware *fw; 1219 const u_char *base; 1220 uint32_t tmp; 1221 int ntries, error; 1222 const uint64_t *temp; 1223 uint64_t bytes; 1224 1225 RUN_UNLOCK(sc); 1226 fw = firmware_get("runfw"); 1227 RUN_LOCK(sc); 1228 if (fw == NULL) { 1229 device_printf(sc->sc_dev, 1230 "failed loadfirmware of file %s\n", "runfw"); 1231 return ENOENT; 1232 } 1233 1234 if (fw->datasize != 8192) { 1235 device_printf(sc->sc_dev, 1236 "invalid firmware size (should be 8KB)\n"); 1237 error = EINVAL; 1238 goto fail; 1239 } 1240 1241 /* 1242 * RT3071/RT3072 use a different firmware 1243 * run-rt2870 (8KB) contains both, 1244 * first half (4KB) is for rt2870, 1245 * last half is for rt3071. 1246 */ 1247 base = fw->data; 1248 if ((sc->mac_ver) != 0x2860 && 1249 (sc->mac_ver) != 0x2872 && 1250 (sc->mac_ver) != 0x3070) { 1251 base += 4096; 1252 } 1253 1254 /* cheap sanity check */ 1255 temp = fw->data; 1256 bytes = *temp; 1257 if (bytes != be64toh(0xffffff0210280210ULL)) { 1258 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1259 error = EINVAL; 1260 goto fail; 1261 } 1262 1263 /* write microcode image */ 1264 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1265 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1266 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1267 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1268 } 1269 1270 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1271 req.bRequest = RT2870_RESET; 1272 USETW(req.wValue, 8); 1273 USETW(req.wIndex, 0); 1274 USETW(req.wLength, 0); 1275 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1276 != 0) { 1277 device_printf(sc->sc_dev, "firmware reset failed\n"); 1278 goto fail; 1279 } 1280 1281 run_delay(sc, 10); 1282 1283 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1284 run_write(sc, RT2860_H2M_MAILBOX, 0); 1285 run_write(sc, RT2860_H2M_INTSRC, 0); 1286 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1287 goto fail; 1288 1289 /* wait until microcontroller is ready */ 1290 for (ntries = 0; ntries < 1000; ntries++) { 1291 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1292 goto fail; 1293 if (tmp & RT2860_MCU_READY) 1294 break; 1295 run_delay(sc, 10); 1296 } 1297 if (ntries == 1000) { 1298 device_printf(sc->sc_dev, 1299 "timeout waiting for MCU to initialize\n"); 1300 error = ETIMEDOUT; 1301 goto fail; 1302 } 1303 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1304 (base == fw->data) ? "RT2870" : "RT3071", 1305 *(base + 4092), *(base + 4093)); 1306 1307 fail: 1308 firmware_put(fw, FIRMWARE_UNLOAD); 1309 return (error); 1310 } 1311 1312 static int 1313 run_reset(struct run_softc *sc) 1314 { 1315 usb_device_request_t req; 1316 1317 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1318 req.bRequest = RT2870_RESET; 1319 USETW(req.wValue, 1); 1320 USETW(req.wIndex, 0); 1321 USETW(req.wLength, 0); 1322 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1323 } 1324 1325 static usb_error_t 1326 run_do_request(struct run_softc *sc, 1327 struct usb_device_request *req, void *data) 1328 { 1329 usb_error_t err; 1330 int ntries = 10; 1331 1332 RUN_LOCK_ASSERT(sc, MA_OWNED); 1333 1334 while (ntries--) { 1335 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1336 req, data, 0, NULL, 250 /* ms */); 1337 if (err == 0) 1338 break; 1339 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1340 "Control request failed, %s (retrying)\n", 1341 usbd_errstr(err)); 1342 run_delay(sc, 10); 1343 } 1344 return (err); 1345 } 1346 1347 static int 1348 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1349 { 1350 uint32_t tmp; 1351 int error; 1352 1353 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1354 if (error == 0) 1355 *val = le32toh(tmp); 1356 else 1357 *val = 0xffffffff; 1358 return (error); 1359 } 1360 1361 static int 1362 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1363 { 1364 usb_device_request_t req; 1365 1366 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1367 req.bRequest = RT2870_READ_REGION_1; 1368 USETW(req.wValue, 0); 1369 USETW(req.wIndex, reg); 1370 USETW(req.wLength, len); 1371 1372 return (run_do_request(sc, &req, buf)); 1373 } 1374 1375 static int 1376 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1377 { 1378 usb_device_request_t req; 1379 1380 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1381 req.bRequest = RT2870_WRITE_2; 1382 USETW(req.wValue, val); 1383 USETW(req.wIndex, reg); 1384 USETW(req.wLength, 0); 1385 1386 return (run_do_request(sc, &req, NULL)); 1387 } 1388 1389 static int 1390 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1391 { 1392 int error; 1393 1394 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1395 error = run_write_2(sc, reg + 2, val >> 16); 1396 return (error); 1397 } 1398 1399 static int 1400 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1401 int len) 1402 { 1403 #if 1 1404 int i, error = 0; 1405 /* 1406 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1407 * We thus issue multiple WRITE_2 commands instead. 1408 */ 1409 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1410 for (i = 0; i < len && error == 0; i += 2) 1411 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1412 return (error); 1413 #else 1414 usb_device_request_t req; 1415 int error = 0; 1416 1417 /* 1418 * NOTE: It appears the WRITE_REGION_1 command cannot be 1419 * passed a huge amount of data, which will crash the 1420 * firmware. Limit amount of data passed to 64-bytes at a 1421 * time. 1422 */ 1423 while (len > 0) { 1424 int delta = 64; 1425 if (delta > len) 1426 delta = len; 1427 1428 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1429 req.bRequest = RT2870_WRITE_REGION_1; 1430 USETW(req.wValue, 0); 1431 USETW(req.wIndex, reg); 1432 USETW(req.wLength, delta); 1433 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1434 if (error != 0) 1435 break; 1436 reg += delta; 1437 buf += delta; 1438 len -= delta; 1439 } 1440 return (error); 1441 #endif 1442 } 1443 1444 static int 1445 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1446 { 1447 int i, error = 0; 1448 1449 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1450 for (i = 0; i < len && error == 0; i += 4) 1451 error = run_write(sc, reg + i, val); 1452 return (error); 1453 } 1454 1455 static int 1456 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1457 { 1458 uint32_t tmp; 1459 uint16_t reg; 1460 int error, ntries; 1461 1462 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1463 return (error); 1464 1465 if (count == 2) 1466 addr *= 2; 1467 /*- 1468 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1469 * DATA0: F E D C 1470 * DATA1: B A 9 8 1471 * DATA2: 7 6 5 4 1472 * DATA3: 3 2 1 0 1473 */ 1474 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1475 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1476 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1477 for (ntries = 0; ntries < 100; ntries++) { 1478 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1479 return (error); 1480 if (!(tmp & RT3070_EFSROM_KICK)) 1481 break; 1482 run_delay(sc, 2); 1483 } 1484 if (ntries == 100) 1485 return (ETIMEDOUT); 1486 1487 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1488 *val = 0xffff; /* address not found */ 1489 return (0); 1490 } 1491 /* determine to which 32-bit register our 16-bit word belongs */ 1492 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1493 if ((error = run_read(sc, reg, &tmp)) != 0) 1494 return (error); 1495 1496 tmp >>= (8 * (addr & 0x3)); 1497 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1498 1499 return (0); 1500 } 1501 1502 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1503 static int 1504 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1505 { 1506 return (run_efuse_read(sc, addr, val, 2)); 1507 } 1508 1509 static int 1510 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1511 { 1512 usb_device_request_t req; 1513 uint16_t tmp; 1514 int error; 1515 1516 addr *= 2; 1517 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1518 req.bRequest = RT2870_EEPROM_READ; 1519 USETW(req.wValue, 0); 1520 USETW(req.wIndex, addr); 1521 USETW(req.wLength, sizeof(tmp)); 1522 1523 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1524 if (error == 0) 1525 *val = le16toh(tmp); 1526 else 1527 *val = 0xffff; 1528 return (error); 1529 } 1530 1531 static __inline int 1532 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1533 { 1534 /* either eFUSE ROM or EEPROM */ 1535 return sc->sc_srom_read(sc, addr, val); 1536 } 1537 1538 static int 1539 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1540 { 1541 uint32_t tmp; 1542 int error, ntries; 1543 1544 for (ntries = 0; ntries < 10; ntries++) { 1545 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1546 return (error); 1547 if (!(tmp & RT2860_RF_REG_CTRL)) 1548 break; 1549 } 1550 if (ntries == 10) 1551 return (ETIMEDOUT); 1552 1553 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1554 } 1555 1556 static int 1557 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1558 { 1559 uint32_t tmp; 1560 int error, ntries; 1561 1562 for (ntries = 0; ntries < 100; ntries++) { 1563 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1564 return (error); 1565 if (!(tmp & RT3070_RF_KICK)) 1566 break; 1567 } 1568 if (ntries == 100) 1569 return (ETIMEDOUT); 1570 1571 tmp = RT3070_RF_KICK | reg << 8; 1572 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1573 return (error); 1574 1575 for (ntries = 0; ntries < 100; ntries++) { 1576 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1577 return (error); 1578 if (!(tmp & RT3070_RF_KICK)) 1579 break; 1580 } 1581 if (ntries == 100) 1582 return (ETIMEDOUT); 1583 1584 *val = tmp & 0xff; 1585 return (0); 1586 } 1587 1588 static int 1589 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1590 { 1591 uint32_t tmp; 1592 int error, ntries; 1593 1594 for (ntries = 0; ntries < 10; ntries++) { 1595 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1596 return (error); 1597 if (!(tmp & RT3070_RF_KICK)) 1598 break; 1599 } 1600 if (ntries == 10) 1601 return (ETIMEDOUT); 1602 1603 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1604 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1605 } 1606 1607 static int 1608 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1609 { 1610 uint32_t tmp; 1611 int ntries, error; 1612 1613 for (ntries = 0; ntries < 10; ntries++) { 1614 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1615 return (error); 1616 if (!(tmp & RT2860_BBP_CSR_KICK)) 1617 break; 1618 } 1619 if (ntries == 10) 1620 return (ETIMEDOUT); 1621 1622 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1623 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1624 return (error); 1625 1626 for (ntries = 0; ntries < 10; ntries++) { 1627 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1628 return (error); 1629 if (!(tmp & RT2860_BBP_CSR_KICK)) 1630 break; 1631 } 1632 if (ntries == 10) 1633 return (ETIMEDOUT); 1634 1635 *val = tmp & 0xff; 1636 return (0); 1637 } 1638 1639 static int 1640 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1641 { 1642 uint32_t tmp; 1643 int ntries, error; 1644 1645 for (ntries = 0; ntries < 10; ntries++) { 1646 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1647 return (error); 1648 if (!(tmp & RT2860_BBP_CSR_KICK)) 1649 break; 1650 } 1651 if (ntries == 10) 1652 return (ETIMEDOUT); 1653 1654 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1655 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1656 } 1657 1658 /* 1659 * Send a command to the 8051 microcontroller unit. 1660 */ 1661 static int 1662 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1663 { 1664 uint32_t tmp; 1665 int error, ntries; 1666 1667 for (ntries = 0; ntries < 100; ntries++) { 1668 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1669 return error; 1670 if (!(tmp & RT2860_H2M_BUSY)) 1671 break; 1672 } 1673 if (ntries == 100) 1674 return ETIMEDOUT; 1675 1676 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1677 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1678 error = run_write(sc, RT2860_HOST_CMD, cmd); 1679 return (error); 1680 } 1681 1682 /* 1683 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1684 * Used to adjust per-rate Tx power registers. 1685 */ 1686 static __inline uint32_t 1687 b4inc(uint32_t b32, int8_t delta) 1688 { 1689 int8_t i, b4; 1690 1691 for (i = 0; i < 8; i++) { 1692 b4 = b32 & 0xf; 1693 b4 += delta; 1694 if (b4 < 0) 1695 b4 = 0; 1696 else if (b4 > 0xf) 1697 b4 = 0xf; 1698 b32 = b32 >> 4 | b4 << 28; 1699 } 1700 return (b32); 1701 } 1702 1703 static const char * 1704 run_get_rf(uint16_t rev) 1705 { 1706 switch (rev) { 1707 case RT2860_RF_2820: return "RT2820"; 1708 case RT2860_RF_2850: return "RT2850"; 1709 case RT2860_RF_2720: return "RT2720"; 1710 case RT2860_RF_2750: return "RT2750"; 1711 case RT3070_RF_3020: return "RT3020"; 1712 case RT3070_RF_2020: return "RT2020"; 1713 case RT3070_RF_3021: return "RT3021"; 1714 case RT3070_RF_3022: return "RT3022"; 1715 case RT3070_RF_3052: return "RT3052"; 1716 case RT3593_RF_3053: return "RT3053"; 1717 case RT5592_RF_5592: return "RT5592"; 1718 case RT5390_RF_5370: return "RT5370"; 1719 case RT5390_RF_5372: return "RT5372"; 1720 } 1721 return ("unknown"); 1722 } 1723 1724 static void 1725 run_rt3593_get_txpower(struct run_softc *sc) 1726 { 1727 uint16_t addr, val; 1728 int i; 1729 1730 /* Read power settings for 2GHz channels. */ 1731 for (i = 0; i < 14; i += 2) { 1732 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1733 RT2860_EEPROM_PWR2GHZ_BASE1; 1734 run_srom_read(sc, addr + i / 2, &val); 1735 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1736 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1737 1738 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1739 RT2860_EEPROM_PWR2GHZ_BASE2; 1740 run_srom_read(sc, addr + i / 2, &val); 1741 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1742 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1743 1744 if (sc->ntxchains == 3) { 1745 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1746 &val); 1747 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1748 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1749 } 1750 } 1751 /* Fix broken Tx power entries. */ 1752 for (i = 0; i < 14; i++) { 1753 if (sc->txpow1[i] > 31) 1754 sc->txpow1[i] = 5; 1755 if (sc->txpow2[i] > 31) 1756 sc->txpow2[i] = 5; 1757 if (sc->ntxchains == 3) { 1758 if (sc->txpow3[i] > 31) 1759 sc->txpow3[i] = 5; 1760 } 1761 } 1762 /* Read power settings for 5GHz channels. */ 1763 for (i = 0; i < 40; i += 2) { 1764 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1765 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1766 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1767 1768 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1769 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1770 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1771 1772 if (sc->ntxchains == 3) { 1773 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1774 &val); 1775 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1776 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1777 } 1778 } 1779 } 1780 1781 static void 1782 run_get_txpower(struct run_softc *sc) 1783 { 1784 uint16_t val; 1785 int i; 1786 1787 /* Read power settings for 2GHz channels. */ 1788 for (i = 0; i < 14; i += 2) { 1789 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1790 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1791 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1792 1793 if (sc->mac_ver != 0x5390) { 1794 run_srom_read(sc, 1795 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1796 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1797 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1798 } 1799 } 1800 /* Fix broken Tx power entries. */ 1801 for (i = 0; i < 14; i++) { 1802 if (sc->mac_ver >= 0x5390) { 1803 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1804 sc->txpow1[i] = 5; 1805 } else { 1806 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1807 sc->txpow1[i] = 5; 1808 } 1809 if (sc->mac_ver > 0x5390) { 1810 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1811 sc->txpow2[i] = 5; 1812 } else if (sc->mac_ver < 0x5390) { 1813 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1814 sc->txpow2[i] = 5; 1815 } 1816 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1817 "chan %d: power1=%d, power2=%d\n", 1818 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1819 } 1820 /* Read power settings for 5GHz channels. */ 1821 for (i = 0; i < 40; i += 2) { 1822 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1823 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1824 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1825 1826 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1827 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1828 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1829 } 1830 /* Fix broken Tx power entries. */ 1831 for (i = 0; i < 40; i++ ) { 1832 if (sc->mac_ver != 0x5592) { 1833 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1834 sc->txpow1[14 + i] = 5; 1835 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1836 sc->txpow2[14 + i] = 5; 1837 } 1838 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1839 "chan %d: power1=%d, power2=%d\n", 1840 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1841 sc->txpow2[14 + i]); 1842 } 1843 } 1844 1845 static int 1846 run_read_eeprom(struct run_softc *sc) 1847 { 1848 struct ieee80211com *ic = &sc->sc_ic; 1849 int8_t delta_2ghz, delta_5ghz; 1850 uint32_t tmp; 1851 uint16_t val; 1852 int ridx, ant, i; 1853 1854 /* check whether the ROM is eFUSE ROM or EEPROM */ 1855 sc->sc_srom_read = run_eeprom_read_2; 1856 if (sc->mac_ver >= 0x3070) { 1857 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1858 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1859 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1860 sc->sc_srom_read = run_efuse_read_2; 1861 } 1862 1863 /* read ROM version */ 1864 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1865 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1866 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1867 1868 /* read MAC address */ 1869 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1870 ic->ic_macaddr[0] = val & 0xff; 1871 ic->ic_macaddr[1] = val >> 8; 1872 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1873 ic->ic_macaddr[2] = val & 0xff; 1874 ic->ic_macaddr[3] = val >> 8; 1875 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1876 ic->ic_macaddr[4] = val & 0xff; 1877 ic->ic_macaddr[5] = val >> 8; 1878 1879 if (sc->mac_ver < 0x3593) { 1880 /* read vender BBP settings */ 1881 for (i = 0; i < 10; i++) { 1882 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1883 sc->bbp[i].val = val & 0xff; 1884 sc->bbp[i].reg = val >> 8; 1885 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1886 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1887 } 1888 if (sc->mac_ver >= 0x3071) { 1889 /* read vendor RF settings */ 1890 for (i = 0; i < 10; i++) { 1891 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1892 &val); 1893 sc->rf[i].val = val & 0xff; 1894 sc->rf[i].reg = val >> 8; 1895 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1896 sc->rf[i].reg, sc->rf[i].val); 1897 } 1898 } 1899 } 1900 1901 /* read RF frequency offset from EEPROM */ 1902 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1903 RT3593_EEPROM_FREQ, &val); 1904 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1905 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1906 sc->freq & 0xff); 1907 1908 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1909 RT3593_EEPROM_FREQ_LEDS, &val); 1910 if (val >> 8 != 0xff) { 1911 /* read LEDs operating mode */ 1912 sc->leds = val >> 8; 1913 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1914 RT3593_EEPROM_LED1, &sc->led[0]); 1915 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1916 RT3593_EEPROM_LED2, &sc->led[1]); 1917 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1918 RT3593_EEPROM_LED3, &sc->led[2]); 1919 } else { 1920 /* broken EEPROM, use default settings */ 1921 sc->leds = 0x01; 1922 sc->led[0] = 0x5555; 1923 sc->led[1] = 0x2221; 1924 sc->led[2] = 0x5627; /* differs from RT2860 */ 1925 } 1926 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1927 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1928 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1929 1930 /* read RF information */ 1931 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1932 run_srom_read(sc, 0x00, &val); 1933 else 1934 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1935 1936 if (val == 0xffff) { 1937 device_printf(sc->sc_dev, 1938 "invalid EEPROM antenna info, using default\n"); 1939 if (sc->mac_ver == 0x3572) { 1940 /* default to RF3052 2T2R */ 1941 sc->rf_rev = RT3070_RF_3052; 1942 sc->ntxchains = 2; 1943 sc->nrxchains = 2; 1944 } else if (sc->mac_ver >= 0x3070) { 1945 /* default to RF3020 1T1R */ 1946 sc->rf_rev = RT3070_RF_3020; 1947 sc->ntxchains = 1; 1948 sc->nrxchains = 1; 1949 } else { 1950 /* default to RF2820 1T2R */ 1951 sc->rf_rev = RT2860_RF_2820; 1952 sc->ntxchains = 1; 1953 sc->nrxchains = 2; 1954 } 1955 } else { 1956 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1957 sc->rf_rev = val; 1958 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1959 } else 1960 sc->rf_rev = (val >> 8) & 0xf; 1961 sc->ntxchains = (val >> 4) & 0xf; 1962 sc->nrxchains = val & 0xf; 1963 } 1964 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1965 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1966 1967 /* check if RF supports automatic Tx access gain control */ 1968 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1969 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1970 /* check if driver should patch the DAC issue */ 1971 if ((val >> 8) != 0xff) 1972 sc->patch_dac = (val >> 15) & 1; 1973 if ((val & 0xff) != 0xff) { 1974 sc->ext_5ghz_lna = (val >> 3) & 1; 1975 sc->ext_2ghz_lna = (val >> 2) & 1; 1976 /* check if RF supports automatic Tx access gain control */ 1977 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1978 /* check if we have a hardware radio switch */ 1979 sc->rfswitch = val & 1; 1980 } 1981 1982 /* Read Tx power settings. */ 1983 if (sc->mac_ver == 0x3593) 1984 run_rt3593_get_txpower(sc); 1985 else 1986 run_get_txpower(sc); 1987 1988 /* read Tx power compensation for each Tx rate */ 1989 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1990 delta_2ghz = delta_5ghz = 0; 1991 if ((val & 0xff) != 0xff && (val & 0x80)) { 1992 delta_2ghz = val & 0xf; 1993 if (!(val & 0x40)) /* negative number */ 1994 delta_2ghz = -delta_2ghz; 1995 } 1996 val >>= 8; 1997 if ((val & 0xff) != 0xff && (val & 0x80)) { 1998 delta_5ghz = val & 0xf; 1999 if (!(val & 0x40)) /* negative number */ 2000 delta_5ghz = -delta_5ghz; 2001 } 2002 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2003 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 2004 2005 for (ridx = 0; ridx < 5; ridx++) { 2006 uint32_t reg; 2007 2008 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 2009 reg = val; 2010 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 2011 reg |= (uint32_t)val << 16; 2012 2013 sc->txpow20mhz[ridx] = reg; 2014 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 2015 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 2016 2017 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2018 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 2019 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 2020 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 2021 } 2022 2023 /* Read RSSI offsets and LNA gains from EEPROM. */ 2024 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 2025 RT3593_EEPROM_RSSI1_2GHZ, &val); 2026 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 2027 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 2028 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 2029 RT3593_EEPROM_RSSI2_2GHZ, &val); 2030 if (sc->mac_ver >= 0x3070) { 2031 if (sc->mac_ver == 0x3593) { 2032 sc->txmixgain_2ghz = 0; 2033 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2034 } else { 2035 /* 2036 * On RT3070 chips (limited to 2 Rx chains), this ROM 2037 * field contains the Tx mixer gain for the 2GHz band. 2038 */ 2039 if ((val & 0xff) != 0xff) 2040 sc->txmixgain_2ghz = val & 0x7; 2041 } 2042 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 2043 sc->txmixgain_2ghz); 2044 } else 2045 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2046 if (sc->mac_ver == 0x3593) 2047 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2048 sc->lna[2] = val >> 8; /* channel group 2 */ 2049 2050 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 2051 RT3593_EEPROM_RSSI1_5GHZ, &val); 2052 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 2053 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 2054 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 2055 RT3593_EEPROM_RSSI2_5GHZ, &val); 2056 if (sc->mac_ver == 0x3572) { 2057 /* 2058 * On RT3572 chips (limited to 2 Rx chains), this ROM 2059 * field contains the Tx mixer gain for the 5GHz band. 2060 */ 2061 if ((val & 0xff) != 0xff) 2062 sc->txmixgain_5ghz = val & 0x7; 2063 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 2064 sc->txmixgain_5ghz); 2065 } else 2066 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 2067 if (sc->mac_ver == 0x3593) { 2068 sc->txmixgain_5ghz = 0; 2069 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2070 } 2071 sc->lna[3] = val >> 8; /* channel group 3 */ 2072 2073 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 2074 RT3593_EEPROM_LNA, &val); 2075 sc->lna[0] = val & 0xff; /* channel group 0 */ 2076 sc->lna[1] = val >> 8; /* channel group 1 */ 2077 2078 /* fix broken 5GHz LNA entries */ 2079 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2080 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2081 "invalid LNA for channel group %d\n", 2); 2082 sc->lna[2] = sc->lna[1]; 2083 } 2084 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2085 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2086 "invalid LNA for channel group %d\n", 3); 2087 sc->lna[3] = sc->lna[1]; 2088 } 2089 2090 /* fix broken RSSI offset entries */ 2091 for (ant = 0; ant < 3; ant++) { 2092 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2093 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2094 "invalid RSSI%d offset: %d (2GHz)\n", 2095 ant + 1, sc->rssi_2ghz[ant]); 2096 sc->rssi_2ghz[ant] = 0; 2097 } 2098 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2099 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2100 "invalid RSSI%d offset: %d (5GHz)\n", 2101 ant + 1, sc->rssi_5ghz[ant]); 2102 sc->rssi_5ghz[ant] = 0; 2103 } 2104 } 2105 return (0); 2106 } 2107 2108 static struct ieee80211_node * 2109 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2110 { 2111 return malloc(sizeof (struct run_node), M_80211_NODE, 2112 M_NOWAIT | M_ZERO); 2113 } 2114 2115 static int 2116 run_media_change(if_t ifp) 2117 { 2118 struct ieee80211vap *vap = if_getsoftc(ifp); 2119 struct ieee80211com *ic = vap->iv_ic; 2120 const struct ieee80211_txparam *tp; 2121 struct run_softc *sc = ic->ic_softc; 2122 uint8_t rate, ridx; 2123 int error; 2124 2125 RUN_LOCK(sc); 2126 2127 error = ieee80211_media_change(ifp); 2128 if (error != 0) { 2129 RUN_UNLOCK(sc); 2130 return (error); 2131 } 2132 2133 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2134 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2135 struct ieee80211_node *ni; 2136 struct run_node *rn; 2137 2138 /* XXX TODO: methodize with MCS rates */ 2139 rate = ic->ic_sup_rates[ic->ic_curmode]. 2140 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2141 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2142 if (rt2860_rates[ridx].rate == rate) 2143 break; 2144 2145 ni = ieee80211_ref_node(vap->iv_bss); 2146 rn = RUN_NODE(ni); 2147 rn->fix_ridx = ridx; 2148 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2149 rate, rn->fix_ridx); 2150 ieee80211_free_node(ni); 2151 } 2152 2153 #if 0 2154 if ((if_getflags(ifp) & IFF_UP) && 2155 (if_getdrvflags(ifp) & RUN_RUNNING)){ 2156 run_init_locked(sc); 2157 } 2158 #endif 2159 2160 RUN_UNLOCK(sc); 2161 2162 return (0); 2163 } 2164 2165 static int 2166 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2167 { 2168 const struct ieee80211_txparam *tp; 2169 struct ieee80211com *ic = vap->iv_ic; 2170 struct run_softc *sc = ic->ic_softc; 2171 struct run_vap *rvp = RUN_VAP(vap); 2172 enum ieee80211_state ostate; 2173 uint32_t sta[3]; 2174 uint8_t ratectl; 2175 uint8_t restart_ratectl = 0; 2176 uint8_t bid = 1 << rvp->rvp_id; 2177 2178 ostate = vap->iv_state; 2179 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2180 ieee80211_state_name[ostate], 2181 ieee80211_state_name[nstate]); 2182 2183 IEEE80211_UNLOCK(ic); 2184 RUN_LOCK(sc); 2185 2186 ratectl = sc->ratectl_run; /* remember current state */ 2187 sc->ratectl_run = RUN_RATECTL_OFF; 2188 usb_callout_stop(&sc->ratectl_ch); 2189 2190 if (ostate == IEEE80211_S_RUN) { 2191 /* turn link LED off */ 2192 run_set_leds(sc, RT2860_LED_RADIO); 2193 } 2194 2195 switch (nstate) { 2196 case IEEE80211_S_INIT: 2197 restart_ratectl = 1; 2198 2199 if (ostate != IEEE80211_S_RUN) 2200 break; 2201 2202 ratectl &= ~bid; 2203 sc->runbmap &= ~bid; 2204 2205 /* abort TSF synchronization if there is no vap running */ 2206 if (--sc->running == 0) 2207 run_disable_tsf(sc); 2208 break; 2209 2210 case IEEE80211_S_RUN: 2211 if (!(sc->runbmap & bid)) { 2212 if(sc->running++) 2213 restart_ratectl = 1; 2214 sc->runbmap |= bid; 2215 } 2216 2217 m_freem(rvp->beacon_mbuf); 2218 rvp->beacon_mbuf = NULL; 2219 2220 switch (vap->iv_opmode) { 2221 case IEEE80211_M_HOSTAP: 2222 case IEEE80211_M_MBSS: 2223 sc->ap_running |= bid; 2224 ic->ic_opmode = vap->iv_opmode; 2225 run_update_beacon_cb(vap); 2226 break; 2227 case IEEE80211_M_IBSS: 2228 sc->adhoc_running |= bid; 2229 if (!sc->ap_running) 2230 ic->ic_opmode = vap->iv_opmode; 2231 run_update_beacon_cb(vap); 2232 break; 2233 case IEEE80211_M_STA: 2234 sc->sta_running |= bid; 2235 if (!sc->ap_running && !sc->adhoc_running) 2236 ic->ic_opmode = vap->iv_opmode; 2237 2238 /* read statistic counters (clear on read) */ 2239 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2240 (uint8_t *)sta, sizeof sta); 2241 2242 break; 2243 default: 2244 ic->ic_opmode = vap->iv_opmode; 2245 break; 2246 } 2247 2248 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2249 struct ieee80211_node *ni; 2250 2251 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2252 RUN_UNLOCK(sc); 2253 IEEE80211_LOCK(ic); 2254 return (-1); 2255 } 2256 run_updateslot(ic); 2257 run_enable_mrr(sc); 2258 run_set_txpreamble(sc); 2259 run_set_basicrates(sc); 2260 ni = ieee80211_ref_node(vap->iv_bss); 2261 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2262 run_set_bssid(sc, sc->sc_bssid); 2263 ieee80211_free_node(ni); 2264 run_enable_tsf_sync(sc); 2265 2266 /* enable automatic rate adaptation */ 2267 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2268 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2269 ratectl |= bid; 2270 } else 2271 run_enable_tsf(sc); 2272 2273 /* turn link LED on */ 2274 run_set_leds(sc, RT2860_LED_RADIO | 2275 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2276 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2277 2278 break; 2279 default: 2280 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2281 break; 2282 } 2283 2284 /* restart amrr for running VAPs */ 2285 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2286 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2287 2288 RUN_UNLOCK(sc); 2289 IEEE80211_LOCK(ic); 2290 2291 return(rvp->newstate(vap, nstate, arg)); 2292 } 2293 2294 static int 2295 run_wme_update(struct ieee80211com *ic) 2296 { 2297 struct chanAccParams chp; 2298 struct run_softc *sc = ic->ic_softc; 2299 const struct wmeParams *ac; 2300 int aci, error = 0; 2301 2302 ieee80211_wme_ic_getparams(ic, &chp); 2303 ac = chp.cap_wmeParams; 2304 2305 /* update MAC TX configuration registers */ 2306 RUN_LOCK(sc); 2307 for (aci = 0; aci < WME_NUM_AC; aci++) { 2308 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2309 ac[aci].wmep_logcwmax << 16 | 2310 ac[aci].wmep_logcwmin << 12 | 2311 ac[aci].wmep_aifsn << 8 | 2312 ac[aci].wmep_txopLimit); 2313 if (error) goto err; 2314 } 2315 2316 /* update SCH/DMA registers too */ 2317 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2318 ac[WME_AC_VO].wmep_aifsn << 12 | 2319 ac[WME_AC_VI].wmep_aifsn << 8 | 2320 ac[WME_AC_BK].wmep_aifsn << 4 | 2321 ac[WME_AC_BE].wmep_aifsn); 2322 if (error) goto err; 2323 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2324 ac[WME_AC_VO].wmep_logcwmin << 12 | 2325 ac[WME_AC_VI].wmep_logcwmin << 8 | 2326 ac[WME_AC_BK].wmep_logcwmin << 4 | 2327 ac[WME_AC_BE].wmep_logcwmin); 2328 if (error) goto err; 2329 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2330 ac[WME_AC_VO].wmep_logcwmax << 12 | 2331 ac[WME_AC_VI].wmep_logcwmax << 8 | 2332 ac[WME_AC_BK].wmep_logcwmax << 4 | 2333 ac[WME_AC_BE].wmep_logcwmax); 2334 if (error) goto err; 2335 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2336 ac[WME_AC_BK].wmep_txopLimit << 16 | 2337 ac[WME_AC_BE].wmep_txopLimit); 2338 if (error) goto err; 2339 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2340 ac[WME_AC_VO].wmep_txopLimit << 16 | 2341 ac[WME_AC_VI].wmep_txopLimit); 2342 2343 err: 2344 RUN_UNLOCK(sc); 2345 if (error) 2346 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2347 2348 return (error); 2349 } 2350 2351 static void 2352 run_key_set_cb(void *arg) 2353 { 2354 struct run_cmdq *cmdq = arg; 2355 struct ieee80211vap *vap = cmdq->arg1; 2356 struct ieee80211_key *k = cmdq->k; 2357 struct ieee80211com *ic = vap->iv_ic; 2358 struct run_softc *sc = ic->ic_softc; 2359 struct ieee80211_node *ni; 2360 u_int cipher = k->wk_cipher->ic_cipher; 2361 uint32_t attr; 2362 uint16_t base, associd; 2363 uint8_t mode, wcid, iv[8]; 2364 2365 RUN_LOCK_ASSERT(sc, MA_OWNED); 2366 2367 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2368 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2369 else 2370 ni = vap->iv_bss; 2371 associd = (ni != NULL) ? ni->ni_associd : 0; 2372 2373 /* map net80211 cipher to RT2860 security mode */ 2374 switch (cipher) { 2375 case IEEE80211_CIPHER_WEP: 2376 if(k->wk_keylen < 8) 2377 mode = RT2860_MODE_WEP40; 2378 else 2379 mode = RT2860_MODE_WEP104; 2380 break; 2381 case IEEE80211_CIPHER_TKIP: 2382 mode = RT2860_MODE_TKIP; 2383 break; 2384 case IEEE80211_CIPHER_AES_CCM: 2385 mode = RT2860_MODE_AES_CCMP; 2386 break; 2387 default: 2388 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2389 return; 2390 } 2391 2392 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2393 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2394 associd, k->wk_keyix, mode, 2395 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2396 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2397 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2398 2399 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2400 wcid = 0; /* NB: update WCID0 for group keys */ 2401 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2402 } else { 2403 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2404 1 : RUN_AID2WCID(associd); 2405 base = RT2860_PKEY(wcid); 2406 } 2407 2408 if (cipher == IEEE80211_CIPHER_TKIP) { 2409 if(run_write_region_1(sc, base, k->wk_key, 16)) 2410 return; 2411 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2412 return; 2413 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2414 return; 2415 } else { 2416 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2417 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2418 return; 2419 } 2420 2421 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2422 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2423 /* set initial packet number in IV+EIV */ 2424 if (cipher == IEEE80211_CIPHER_WEP) { 2425 memset(iv, 0, sizeof iv); 2426 iv[3] = vap->iv_def_txkey << 6; 2427 } else { 2428 if (cipher == IEEE80211_CIPHER_TKIP) { 2429 iv[0] = k->wk_keytsc >> 8; 2430 iv[1] = (iv[0] | 0x20) & 0x7f; 2431 iv[2] = k->wk_keytsc; 2432 } else /* CCMP */ { 2433 iv[0] = k->wk_keytsc; 2434 iv[1] = k->wk_keytsc >> 8; 2435 iv[2] = 0; 2436 } 2437 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2438 iv[4] = k->wk_keytsc >> 16; 2439 iv[5] = k->wk_keytsc >> 24; 2440 iv[6] = k->wk_keytsc >> 32; 2441 iv[7] = k->wk_keytsc >> 40; 2442 } 2443 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2444 return; 2445 } 2446 2447 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2448 /* install group key */ 2449 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2450 return; 2451 attr &= ~(0xf << (k->wk_keyix * 4)); 2452 attr |= mode << (k->wk_keyix * 4); 2453 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2454 return; 2455 } else { 2456 /* install pairwise key */ 2457 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2458 return; 2459 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2460 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2461 return; 2462 } 2463 2464 /* TODO create a pass-thru key entry? */ 2465 2466 /* need wcid to delete the right key later */ 2467 k->wk_pad = wcid; 2468 } 2469 2470 /* 2471 * Don't have to be deferred, but in order to keep order of 2472 * execution, i.e. with run_key_delete(), defer this and let 2473 * run_cmdq_cb() maintain the order. 2474 * 2475 * return 0 on error 2476 */ 2477 static int 2478 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2479 { 2480 struct ieee80211com *ic = vap->iv_ic; 2481 struct run_softc *sc = ic->ic_softc; 2482 uint32_t i; 2483 2484 i = RUN_CMDQ_GET(&sc->cmdq_store); 2485 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2486 sc->cmdq[i].func = run_key_set_cb; 2487 sc->cmdq[i].arg0 = NULL; 2488 sc->cmdq[i].arg1 = vap; 2489 sc->cmdq[i].k = k; 2490 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2491 ieee80211_runtask(ic, &sc->cmdq_task); 2492 2493 /* 2494 * To make sure key will be set when hostapd 2495 * calls iv_key_set() before if_init(). 2496 */ 2497 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2498 RUN_LOCK(sc); 2499 sc->cmdq_key_set = RUN_CMDQ_GO; 2500 RUN_UNLOCK(sc); 2501 } 2502 2503 return (1); 2504 } 2505 2506 /* 2507 * If wlan is destroyed without being brought down i.e. without 2508 * wlan down or wpa_cli terminate, this function is called after 2509 * vap is gone. Don't refer it. 2510 */ 2511 static void 2512 run_key_delete_cb(void *arg) 2513 { 2514 struct run_cmdq *cmdq = arg; 2515 struct run_softc *sc = cmdq->arg1; 2516 struct ieee80211_key *k = &cmdq->key; 2517 uint32_t attr; 2518 uint8_t wcid; 2519 2520 RUN_LOCK_ASSERT(sc, MA_OWNED); 2521 2522 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2523 /* remove group key */ 2524 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2525 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2526 attr &= ~(0xf << (k->wk_keyix * 4)); 2527 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2528 } else { 2529 /* remove pairwise key */ 2530 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2531 "removing key for wcid %x\n", k->wk_pad); 2532 /* matching wcid was written to wk_pad in run_key_set() */ 2533 wcid = k->wk_pad; 2534 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2535 attr &= ~0xf; 2536 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2537 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2538 } 2539 2540 k->wk_pad = 0; 2541 } 2542 2543 /* 2544 * return 0 on error 2545 */ 2546 static int 2547 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2548 { 2549 struct ieee80211com *ic = vap->iv_ic; 2550 struct run_softc *sc = ic->ic_softc; 2551 struct ieee80211_key *k0; 2552 uint32_t i; 2553 2554 /* 2555 * When called back, key might be gone. So, make a copy 2556 * of some values need to delete keys before deferring. 2557 * But, because of LOR with node lock, cannot use lock here. 2558 * So, use atomic instead. 2559 */ 2560 i = RUN_CMDQ_GET(&sc->cmdq_store); 2561 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2562 sc->cmdq[i].func = run_key_delete_cb; 2563 sc->cmdq[i].arg0 = NULL; 2564 sc->cmdq[i].arg1 = sc; 2565 k0 = &sc->cmdq[i].key; 2566 k0->wk_flags = k->wk_flags; 2567 k0->wk_keyix = k->wk_keyix; 2568 /* matching wcid was written to wk_pad in run_key_set() */ 2569 k0->wk_pad = k->wk_pad; 2570 ieee80211_runtask(ic, &sc->cmdq_task); 2571 return (1); /* return fake success */ 2572 2573 } 2574 2575 static void 2576 run_ratectl_to(void *arg) 2577 { 2578 struct run_softc *sc = arg; 2579 2580 /* do it in a process context, so it can go sleep */ 2581 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2582 /* next timeout will be rescheduled in the callback task */ 2583 } 2584 2585 /* ARGSUSED */ 2586 static void 2587 run_ratectl_cb(void *arg, int pending) 2588 { 2589 struct run_softc *sc = arg; 2590 struct ieee80211com *ic = &sc->sc_ic; 2591 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2592 2593 if (vap == NULL) 2594 return; 2595 2596 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2597 /* 2598 * run_reset_livelock() doesn't do anything with AMRR, 2599 * but Ralink wants us to call it every 1 sec. So, we 2600 * piggyback here rather than creating another callout. 2601 * Livelock may occur only in HOSTAP or IBSS mode 2602 * (when h/w is sending beacons). 2603 */ 2604 RUN_LOCK(sc); 2605 run_reset_livelock(sc); 2606 /* just in case, there are some stats to drain */ 2607 run_drain_fifo(sc); 2608 RUN_UNLOCK(sc); 2609 } 2610 2611 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2612 2613 RUN_LOCK(sc); 2614 if(sc->ratectl_run != RUN_RATECTL_OFF) 2615 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2616 RUN_UNLOCK(sc); 2617 } 2618 2619 static void 2620 run_drain_fifo(void *arg) 2621 { 2622 struct run_softc *sc = arg; 2623 uint32_t stat; 2624 uint16_t (*wstat)[3]; 2625 uint8_t wcid, mcs, pid; 2626 int8_t retry; 2627 2628 RUN_LOCK_ASSERT(sc, MA_OWNED); 2629 2630 for (;;) { 2631 /* drain Tx status FIFO (maxsize = 16) */ 2632 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2633 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2634 if (!(stat & RT2860_TXQ_VLD)) 2635 break; 2636 2637 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2638 2639 /* if no ACK was requested, no feedback is available */ 2640 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2641 wcid == 0) 2642 continue; 2643 2644 /* 2645 * Even though each stat is Tx-complete-status like format, 2646 * the device can poll stats. Because there is no guarantee 2647 * that the referring node is still around when read the stats. 2648 * So that, if we use ieee80211_ratectl_tx_update(), we will 2649 * have hard time not to refer already freed node. 2650 * 2651 * To eliminate such page faults, we poll stats in softc. 2652 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2653 */ 2654 wstat = &(sc->wcid_stats[wcid]); 2655 (*wstat)[RUN_TXCNT]++; 2656 if (stat & RT2860_TXQ_OK) 2657 (*wstat)[RUN_SUCCESS]++; 2658 else 2659 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2660 /* 2661 * Check if there were retries, ie if the Tx success rate is 2662 * different from the requested rate. Note that it works only 2663 * because we do not allow rate fallback from OFDM to CCK. 2664 */ 2665 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2666 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2667 if ((retry = pid -1 - mcs) > 0) { 2668 (*wstat)[RUN_TXCNT] += retry; 2669 (*wstat)[RUN_RETRY] += retry; 2670 } 2671 } 2672 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2673 2674 sc->fifo_cnt = 0; 2675 } 2676 2677 static void 2678 run_iter_func(void *arg, struct ieee80211_node *ni) 2679 { 2680 struct run_softc *sc = arg; 2681 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2682 struct ieee80211vap *vap = ni->ni_vap; 2683 struct run_node *rn = RUN_NODE(ni); 2684 union run_stats sta[2]; 2685 uint16_t (*wstat)[3]; 2686 int error, ridx; 2687 uint8_t dot11rate; 2688 2689 RUN_LOCK(sc); 2690 2691 /* Check for special case */ 2692 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2693 ni != vap->iv_bss) 2694 goto fail; 2695 2696 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2697 IEEE80211_RATECTL_TX_STATS_RETRIES; 2698 txs->ni = ni; 2699 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2700 vap->iv_opmode == IEEE80211_M_STA)) { 2701 /* read statistic counters (clear on read) and update AMRR state */ 2702 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2703 sizeof sta); 2704 if (error != 0) 2705 goto fail; 2706 2707 /* count failed TX as errors */ 2708 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2709 le16toh(sta[0].error.fail)); 2710 2711 txs->nretries = le16toh(sta[1].tx.retry); 2712 txs->nsuccess = le16toh(sta[1].tx.success); 2713 /* nretries??? */ 2714 txs->nframes = txs->nretries + txs->nsuccess + 2715 le16toh(sta[0].error.fail); 2716 2717 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2718 "retrycnt=%d success=%d failcnt=%d\n", 2719 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2720 } else { 2721 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2722 2723 if (wstat == &(sc->wcid_stats[0]) || 2724 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2725 goto fail; 2726 2727 txs->nretries = (*wstat)[RUN_RETRY]; 2728 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2729 txs->nframes = (*wstat)[RUN_TXCNT]; 2730 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2731 "retrycnt=%d txcnt=%d success=%d\n", 2732 txs->nretries, txs->nframes, txs->nsuccess); 2733 2734 memset(wstat, 0, sizeof(*wstat)); 2735 } 2736 2737 ieee80211_ratectl_tx_update(vap, txs); 2738 ieee80211_ratectl_rate(ni, NULL, 0); 2739 /* XXX TODO: methodize with MCS rates */ 2740 dot11rate = ieee80211_node_get_txrate_dot11rate(ni); 2741 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2742 if (rt2860_rates[ridx].rate == dot11rate) 2743 break; 2744 rn->amrr_ridx = ridx; 2745 2746 fail: 2747 RUN_UNLOCK(sc); 2748 2749 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=0x%02x, ridx=%d\n", 2750 ieee80211_node_get_txrate_dot11rate(ni), rn->amrr_ridx); 2751 } 2752 2753 static void 2754 run_newassoc_cb(void *arg) 2755 { 2756 struct run_cmdq *cmdq = arg; 2757 struct ieee80211_node *ni = cmdq->arg1; 2758 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2759 uint8_t wcid = cmdq->wcid; 2760 2761 RUN_LOCK_ASSERT(sc, MA_OWNED); 2762 2763 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2764 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2765 2766 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2767 } 2768 2769 static void 2770 run_newassoc(struct ieee80211_node *ni, int isnew) 2771 { 2772 struct run_node *rn = RUN_NODE(ni); 2773 struct ieee80211vap *vap = ni->ni_vap; 2774 struct ieee80211com *ic = vap->iv_ic; 2775 struct run_softc *sc = ic->ic_softc; 2776 uint8_t rate; 2777 uint8_t ridx; 2778 uint8_t wcid; 2779 2780 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2781 1 : RUN_AID2WCID(ni->ni_associd); 2782 2783 if (wcid > RT2870_WCID_MAX) { 2784 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2785 return; 2786 } 2787 2788 /* only interested in true associations */ 2789 if (isnew && ni->ni_associd != 0) { 2790 /* 2791 * This function could is called though timeout function. 2792 * Need to defer. 2793 */ 2794 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2795 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2796 sc->cmdq[cnt].func = run_newassoc_cb; 2797 sc->cmdq[cnt].arg0 = NULL; 2798 sc->cmdq[cnt].arg1 = ni; 2799 sc->cmdq[cnt].wcid = wcid; 2800 ieee80211_runtask(ic, &sc->cmdq_task); 2801 } 2802 2803 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2804 "new assoc isnew=%d associd=%x addr=%s\n", 2805 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2806 2807 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2808 /* XXX TODO: methodize with MCS rates */ 2809 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2810 if (rt2860_rates[ridx].rate == rate) 2811 break; 2812 rn->mgt_ridx = ridx; 2813 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2814 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2815 2816 RUN_LOCK(sc); 2817 if(sc->ratectl_run != RUN_RATECTL_OFF) 2818 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2819 RUN_UNLOCK(sc); 2820 } 2821 2822 /* 2823 * Return the Rx chain with the highest RSSI for a given frame. 2824 */ 2825 static __inline uint8_t 2826 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2827 { 2828 uint8_t rxchain = 0; 2829 2830 if (sc->nrxchains > 1) { 2831 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2832 rxchain = 1; 2833 if (sc->nrxchains > 2) 2834 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2835 rxchain = 2; 2836 } 2837 return (rxchain); 2838 } 2839 2840 static void 2841 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2842 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2843 { 2844 struct ieee80211vap *vap = ni->ni_vap; 2845 struct run_softc *sc = vap->iv_ic->ic_softc; 2846 struct run_vap *rvp = RUN_VAP(vap); 2847 uint64_t ni_tstamp, rx_tstamp; 2848 2849 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2850 2851 if (vap->iv_state == IEEE80211_S_RUN && 2852 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2853 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2854 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2855 RUN_LOCK(sc); 2856 run_get_tsf(sc, &rx_tstamp); 2857 RUN_UNLOCK(sc); 2858 rx_tstamp = le64toh(rx_tstamp); 2859 2860 if (ni_tstamp >= rx_tstamp) { 2861 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2862 "ibss merge, tsf %ju tstamp %ju\n", 2863 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2864 (void) ieee80211_ibss_merge(ni); 2865 } 2866 } 2867 } 2868 2869 static void 2870 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2871 { 2872 struct ieee80211com *ic = &sc->sc_ic; 2873 struct ieee80211_frame *wh; 2874 struct ieee80211_node *ni; 2875 struct rt2870_rxd *rxd; 2876 struct rt2860_rxwi *rxwi; 2877 uint32_t flags; 2878 uint16_t len, rxwisize; 2879 uint8_t ant, rssi; 2880 int8_t nf; 2881 2882 rxwisize = sizeof(struct rt2860_rxwi); 2883 if (sc->mac_ver == 0x5592) 2884 rxwisize += sizeof(uint64_t); 2885 else if (sc->mac_ver == 0x3593) 2886 rxwisize += sizeof(uint32_t); 2887 2888 if (__predict_false(dmalen < 2889 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2890 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2891 "payload is too short: dma length %u < %zu\n", 2892 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2893 goto fail; 2894 } 2895 2896 rxwi = mtod(m, struct rt2860_rxwi *); 2897 len = le16toh(rxwi->len) & 0xfff; 2898 2899 if (__predict_false(len > dmalen - rxwisize)) { 2900 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2901 "bad RXWI length %u > %u\n", len, dmalen); 2902 goto fail; 2903 } 2904 2905 /* Rx descriptor is located at the end */ 2906 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2907 flags = le32toh(rxd->flags); 2908 2909 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2910 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2911 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2912 goto fail; 2913 } 2914 2915 if (flags & RT2860_RX_L2PAD) { 2916 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2917 "received RT2860_RX_L2PAD frame\n"); 2918 len += 2; 2919 } 2920 2921 m->m_data += rxwisize; 2922 m->m_pkthdr.len = m->m_len = len; 2923 2924 wh = mtod(m, struct ieee80211_frame *); 2925 2926 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2927 (flags & RT2860_RX_DEC) != 0) { 2928 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2929 m->m_flags |= M_WEP; 2930 } 2931 2932 if (len >= sizeof(struct ieee80211_frame_min)) { 2933 ni = ieee80211_find_rxnode(ic, 2934 mtod(m, struct ieee80211_frame_min *)); 2935 } else 2936 ni = NULL; 2937 2938 if(ni && ni->ni_flags & IEEE80211_NODE_HT) { 2939 m->m_flags |= M_AMPDU; 2940 } 2941 2942 if (__predict_false(flags & RT2860_RX_MICERR)) { 2943 /* report MIC failures to net80211 for TKIP */ 2944 if (ni != NULL) 2945 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2946 rxwi->keyidx); 2947 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2948 "MIC error. Someone is lying.\n"); 2949 goto fail; 2950 } 2951 2952 ant = run_maxrssi_chain(sc, rxwi); 2953 rssi = rxwi->rssi[ant]; 2954 nf = run_rssi2dbm(sc, rssi, ant); 2955 2956 if (__predict_false(ieee80211_radiotap_active(ic))) { 2957 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2958 uint16_t phy; 2959 2960 tap->wr_flags = 0; 2961 if (flags & RT2860_RX_L2PAD) 2962 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2963 tap->wr_antsignal = rssi; 2964 tap->wr_antenna = ant; 2965 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2966 tap->wr_rate = 2; /* in case it can't be found below */ 2967 RUN_LOCK(sc); 2968 run_get_tsf(sc, &tap->wr_tsf); 2969 RUN_UNLOCK(sc); 2970 phy = le16toh(rxwi->phy); 2971 switch (phy & RT2860_PHY_MODE) { 2972 case RT2860_PHY_CCK: 2973 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2974 case 0: tap->wr_rate = 2; break; 2975 case 1: tap->wr_rate = 4; break; 2976 case 2: tap->wr_rate = 11; break; 2977 case 3: tap->wr_rate = 22; break; 2978 } 2979 if (phy & RT2860_PHY_SHPRE) 2980 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2981 break; 2982 case RT2860_PHY_OFDM: 2983 switch (phy & RT2860_PHY_MCS) { 2984 case 0: tap->wr_rate = 12; break; 2985 case 1: tap->wr_rate = 18; break; 2986 case 2: tap->wr_rate = 24; break; 2987 case 3: tap->wr_rate = 36; break; 2988 case 4: tap->wr_rate = 48; break; 2989 case 5: tap->wr_rate = 72; break; 2990 case 6: tap->wr_rate = 96; break; 2991 case 7: tap->wr_rate = 108; break; 2992 } 2993 break; 2994 } 2995 } 2996 2997 if (ni != NULL) { 2998 (void)ieee80211_input(ni, m, rssi, nf); 2999 ieee80211_free_node(ni); 3000 } else { 3001 (void)ieee80211_input_all(ic, m, rssi, nf); 3002 } 3003 3004 return; 3005 3006 fail: 3007 m_freem(m); 3008 counter_u64_add(ic->ic_ierrors, 1); 3009 } 3010 3011 static void 3012 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 3013 { 3014 struct run_softc *sc = usbd_xfer_softc(xfer); 3015 struct ieee80211com *ic = &sc->sc_ic; 3016 struct mbuf *m = NULL; 3017 struct mbuf *m0; 3018 uint32_t dmalen, mbuf_len; 3019 uint16_t rxwisize; 3020 int xferlen; 3021 3022 rxwisize = sizeof(struct rt2860_rxwi); 3023 if (sc->mac_ver == 0x5592) 3024 rxwisize += sizeof(uint64_t); 3025 else if (sc->mac_ver == 0x3593) 3026 rxwisize += sizeof(uint32_t); 3027 3028 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 3029 3030 switch (USB_GET_STATE(xfer)) { 3031 case USB_ST_TRANSFERRED: 3032 3033 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 3034 "rx done, actlen=%d\n", xferlen); 3035 3036 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 3037 sizeof(struct rt2870_rxd))) { 3038 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3039 "xfer too short %d\n", xferlen); 3040 goto tr_setup; 3041 } 3042 3043 m = sc->rx_m; 3044 sc->rx_m = NULL; 3045 3046 /* FALLTHROUGH */ 3047 case USB_ST_SETUP: 3048 tr_setup: 3049 if (sc->rx_m == NULL) { 3050 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 3051 RUN_MAX_RXSZ); 3052 } 3053 if (sc->rx_m == NULL) { 3054 RUN_DPRINTF(sc, RUN_DEBUG_RECV | 3055 RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3056 "could not allocate mbuf - idle with stall\n"); 3057 counter_u64_add(ic->ic_ierrors, 1); 3058 usbd_xfer_set_stall(xfer); 3059 usbd_xfer_set_frames(xfer, 0); 3060 } else { 3061 /* 3062 * Directly loading a mbuf cluster into DMA to 3063 * save some data copying. This works because 3064 * there is only one cluster. 3065 */ 3066 usbd_xfer_set_frame_data(xfer, 0, 3067 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3068 usbd_xfer_set_frames(xfer, 1); 3069 } 3070 usbd_transfer_submit(xfer); 3071 break; 3072 3073 default: /* Error */ 3074 if (error != USB_ERR_CANCELLED) { 3075 /* try to clear stall first */ 3076 usbd_xfer_set_stall(xfer); 3077 if (error == USB_ERR_TIMEOUT) 3078 device_printf(sc->sc_dev, "device timeout\n"); 3079 counter_u64_add(ic->ic_ierrors, 1); 3080 goto tr_setup; 3081 } 3082 if (sc->rx_m != NULL) { 3083 m_freem(sc->rx_m); 3084 sc->rx_m = NULL; 3085 } 3086 break; 3087 } 3088 3089 if (m == NULL) 3090 return; 3091 3092 /* inputting all the frames must be last */ 3093 3094 RUN_UNLOCK(sc); 3095 3096 m->m_pkthdr.len = m->m_len = xferlen; 3097 3098 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3099 for(;;) { 3100 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3101 3102 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3103 ((dmalen & 3) != 0)) { 3104 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3105 "bad DMA length %u\n", dmalen); 3106 break; 3107 } 3108 if ((dmalen + 8) > (uint32_t)xferlen) { 3109 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3110 "bad DMA length %u > %d\n", 3111 dmalen + 8, xferlen); 3112 break; 3113 } 3114 3115 /* If it is the last one or a single frame, we won't copy. */ 3116 if ((xferlen -= dmalen + 8) <= 8) { 3117 /* trim 32-bit DMA-len header */ 3118 m->m_data += 4; 3119 m->m_pkthdr.len = m->m_len -= 4; 3120 run_rx_frame(sc, m, dmalen); 3121 m = NULL; /* don't free source buffer */ 3122 break; 3123 } 3124 3125 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3126 if (__predict_false(mbuf_len > MCLBYTES)) { 3127 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3128 "payload is too big: mbuf_len %u\n", mbuf_len); 3129 counter_u64_add(ic->ic_ierrors, 1); 3130 break; 3131 } 3132 3133 /* copy aggregated frames to another mbuf */ 3134 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3135 if (__predict_false(m0 == NULL)) { 3136 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3137 "could not allocate mbuf\n"); 3138 counter_u64_add(ic->ic_ierrors, 1); 3139 break; 3140 } 3141 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3142 mbuf_len, mtod(m0, caddr_t)); 3143 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3144 run_rx_frame(sc, m0, dmalen); 3145 3146 /* update data ptr */ 3147 m->m_data += mbuf_len + 4; 3148 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3149 } 3150 3151 /* make sure we free the source buffer, if any */ 3152 m_freem(m); 3153 3154 #ifdef IEEE80211_SUPPORT_SUPERG 3155 ieee80211_ff_age_all(ic, 100); 3156 #endif 3157 RUN_LOCK(sc); 3158 } 3159 3160 static void 3161 run_tx_free(struct run_endpoint_queue *pq, 3162 struct run_tx_data *data, int txerr) 3163 { 3164 3165 ieee80211_tx_complete(data->ni, data->m, txerr); 3166 3167 data->m = NULL; 3168 data->ni = NULL; 3169 3170 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3171 pq->tx_nfree++; 3172 } 3173 3174 static void 3175 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3176 { 3177 struct run_softc *sc = usbd_xfer_softc(xfer); 3178 struct ieee80211com *ic = &sc->sc_ic; 3179 struct run_tx_data *data; 3180 struct ieee80211vap *vap = NULL; 3181 struct usb_page_cache *pc; 3182 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3183 struct mbuf *m; 3184 usb_frlength_t size; 3185 int actlen; 3186 int sumlen; 3187 3188 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3189 3190 switch (USB_GET_STATE(xfer)) { 3191 case USB_ST_TRANSFERRED: 3192 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3193 "transfer complete: %d bytes @ index %d\n", actlen, index); 3194 3195 data = usbd_xfer_get_priv(xfer); 3196 run_tx_free(pq, data, 0); 3197 usbd_xfer_set_priv(xfer, NULL); 3198 3199 /* FALLTHROUGH */ 3200 case USB_ST_SETUP: 3201 tr_setup: 3202 data = STAILQ_FIRST(&pq->tx_qh); 3203 if (data == NULL) 3204 break; 3205 3206 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3207 3208 m = data->m; 3209 size = (sc->mac_ver == 0x5592) ? 3210 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3211 if ((m->m_pkthdr.len + 3212 size + 3 + 8) > RUN_MAX_TXSZ) { 3213 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3214 "data overflow, %u bytes\n", m->m_pkthdr.len); 3215 run_tx_free(pq, data, 1); 3216 goto tr_setup; 3217 } 3218 3219 pc = usbd_xfer_get_frame(xfer, 0); 3220 usbd_copy_in(pc, 0, &data->desc, size); 3221 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3222 size += m->m_pkthdr.len; 3223 /* 3224 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3225 * 4-byte padding), and be sure to zero those trailing 3226 * bytes: 3227 */ 3228 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3229 size += ((-size) & 3) + 8; 3230 3231 vap = data->ni->ni_vap; 3232 if (ieee80211_radiotap_active_vap(vap)) { 3233 const struct ieee80211_frame *wh; 3234 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3235 struct rt2860_txwi *txwi = 3236 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3237 int has_l2pad; 3238 3239 wh = mtod(m, struct ieee80211_frame *); 3240 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3241 IEEE80211_QOS_HAS_SEQ(wh); 3242 3243 tap->wt_flags = 0; 3244 tap->wt_rate = rt2860_rates[data->ridx].rate; 3245 tap->wt_hwqueue = index; 3246 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3247 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3248 if (has_l2pad) 3249 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3250 3251 ieee80211_radiotap_tx(vap, m); 3252 } 3253 3254 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3255 "sending frame len=%u/%u @ index %d\n", 3256 m->m_pkthdr.len, size, index); 3257 3258 usbd_xfer_set_frame_len(xfer, 0, size); 3259 usbd_xfer_set_priv(xfer, data); 3260 usbd_transfer_submit(xfer); 3261 run_start(sc); 3262 3263 break; 3264 3265 default: 3266 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3267 "USB transfer error, %s\n", usbd_errstr(error)); 3268 3269 data = usbd_xfer_get_priv(xfer); 3270 3271 if (data != NULL) { 3272 if(data->ni != NULL) 3273 vap = data->ni->ni_vap; 3274 run_tx_free(pq, data, error); 3275 usbd_xfer_set_priv(xfer, NULL); 3276 } 3277 3278 if (vap == NULL) 3279 vap = TAILQ_FIRST(&ic->ic_vaps); 3280 3281 if (error != USB_ERR_CANCELLED) { 3282 if (error == USB_ERR_TIMEOUT) { 3283 device_printf(sc->sc_dev, "device timeout\n"); 3284 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3285 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3286 "cmdq_store=%d\n", i); 3287 sc->cmdq[i].func = run_usb_timeout_cb; 3288 sc->cmdq[i].arg0 = vap; 3289 ieee80211_runtask(ic, &sc->cmdq_task); 3290 } 3291 3292 /* 3293 * Try to clear stall first, also if other 3294 * errors occur, hence clearing stall 3295 * introduces a 50 ms delay: 3296 */ 3297 usbd_xfer_set_stall(xfer); 3298 goto tr_setup; 3299 } 3300 break; 3301 } 3302 #ifdef IEEE80211_SUPPORT_SUPERG 3303 /* XXX TODO: make this deferred rather than unlock/relock */ 3304 /* XXX TODO: should only do the QoS AC this belongs to */ 3305 if (pq->tx_nfree >= RUN_TX_RING_COUNT) { 3306 RUN_UNLOCK(sc); 3307 ieee80211_ff_flush_all(ic); 3308 RUN_LOCK(sc); 3309 } 3310 #endif 3311 } 3312 3313 static void 3314 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3315 { 3316 run_bulk_tx_callbackN(xfer, error, 0); 3317 } 3318 3319 static void 3320 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3321 { 3322 run_bulk_tx_callbackN(xfer, error, 1); 3323 } 3324 3325 static void 3326 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3327 { 3328 run_bulk_tx_callbackN(xfer, error, 2); 3329 } 3330 3331 static void 3332 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3333 { 3334 run_bulk_tx_callbackN(xfer, error, 3); 3335 } 3336 3337 static void 3338 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3339 { 3340 run_bulk_tx_callbackN(xfer, error, 4); 3341 } 3342 3343 static void 3344 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3345 { 3346 run_bulk_tx_callbackN(xfer, error, 5); 3347 } 3348 3349 static void 3350 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3351 { 3352 struct mbuf *m = data->m; 3353 struct ieee80211com *ic = &sc->sc_ic; 3354 struct ieee80211vap *vap = data->ni->ni_vap; 3355 struct ieee80211_frame *wh; 3356 struct rt2870_txd *txd; 3357 struct rt2860_txwi *txwi; 3358 uint16_t xferlen, txwisize; 3359 uint16_t mcs; 3360 uint8_t ridx = data->ridx; 3361 uint8_t pad; 3362 3363 /* get MCS code from rate index */ 3364 mcs = rt2860_rates[ridx].mcs; 3365 3366 txwisize = (sc->mac_ver == 0x5592) ? 3367 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3368 xferlen = txwisize + m->m_pkthdr.len; 3369 3370 /* roundup to 32-bit alignment */ 3371 xferlen = (xferlen + 3) & ~3; 3372 3373 txd = (struct rt2870_txd *)&data->desc; 3374 txd->len = htole16(xferlen); 3375 3376 wh = mtod(m, struct ieee80211_frame *); 3377 3378 /* 3379 * Ether both are true or both are false, the header 3380 * are nicely aligned to 32-bit. So, no L2 padding. 3381 */ 3382 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3383 pad = 0; 3384 else 3385 pad = 2; 3386 3387 /* setup TX Wireless Information */ 3388 txwi = (struct rt2860_txwi *)(txd + 1); 3389 txwi->len = htole16(m->m_pkthdr.len - pad); 3390 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3391 mcs |= RT2860_PHY_CCK; 3392 if (ridx != RT2860_RIDX_CCK1 && 3393 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3394 mcs |= RT2860_PHY_SHPRE; 3395 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) { 3396 mcs |= RT2860_PHY_OFDM; 3397 } else if (rt2860_rates[ridx].phy == IEEE80211_T_HT) { 3398 /* XXX TODO: [adrian] set short preamble for MCS? */ 3399 mcs |= RT2860_PHY_HT_MIX; /* Mixed, not greenfield */ 3400 } 3401 txwi->phy = htole16(mcs); 3402 3403 /* check if RTS/CTS or CTS-to-self protection is required */ 3404 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3405 ((m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) || 3406 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3407 rt2860_rates[ridx].phy == IEEE80211_T_OFDM) || 3408 ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) && 3409 rt2860_rates[ridx].phy == IEEE80211_T_HT))) 3410 txwi->txop |= RT2860_TX_TXOP_HT; 3411 else 3412 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3413 3414 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3415 txwi->xflags |= RT2860_TX_NSEQ; 3416 } 3417 3418 /* This function must be called locked */ 3419 static int 3420 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3421 { 3422 struct ieee80211com *ic = &sc->sc_ic; 3423 struct ieee80211vap *vap = ni->ni_vap; 3424 struct ieee80211_frame *wh; 3425 const struct ieee80211_txparam *tp = ni->ni_txparms; 3426 struct run_node *rn = RUN_NODE(ni); 3427 struct run_tx_data *data; 3428 struct rt2870_txd *txd; 3429 struct rt2860_txwi *txwi; 3430 uint16_t qos; 3431 uint16_t dur; 3432 uint16_t qid; 3433 uint8_t type; 3434 uint8_t tid; 3435 uint8_t ridx; 3436 uint8_t ctl_ridx; 3437 uint8_t qflags; 3438 uint8_t xflags = 0; 3439 int hasqos; 3440 3441 RUN_LOCK_ASSERT(sc, MA_OWNED); 3442 3443 wh = mtod(m, struct ieee80211_frame *); 3444 3445 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3446 3447 /* 3448 * There are 7 bulk endpoints: 1 for RX 3449 * and 6 for TX (4 EDCAs + HCCA + Prio). 3450 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3451 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3452 */ 3453 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3454 uint8_t *frm; 3455 3456 frm = ieee80211_getqos(wh); 3457 qos = le16toh(*(const uint16_t *)frm); 3458 tid = qos & IEEE80211_QOS_TID; 3459 qid = TID_TO_WME_AC(tid); 3460 } else { 3461 qos = 0; 3462 tid = 0; 3463 qid = WME_AC_BE; 3464 } 3465 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3466 3467 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3468 qos, qid, tid, qflags); 3469 3470 /* pickup a rate index */ 3471 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3472 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3473 /* XXX TODO: methodize for 11n; use MCS0 for 11NA/11NG */ 3474 ridx = (ic->ic_curmode == IEEE80211_MODE_11A || ic->ic_curmode == IEEE80211_MODE_11NA) ? 3475 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3476 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3477 } else { 3478 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3479 ridx = rn->fix_ridx; 3480 else 3481 ridx = rn->amrr_ridx; 3482 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3483 } 3484 3485 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3486 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3487 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3488 xflags |= RT2860_TX_ACK; 3489 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3490 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3491 else 3492 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3493 USETW(wh->i_dur, dur); 3494 } 3495 3496 /* reserve slots for mgmt packets, just in case */ 3497 if (sc->sc_epq[qid].tx_nfree < 3) { 3498 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3499 return (-1); 3500 } 3501 3502 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3503 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3504 sc->sc_epq[qid].tx_nfree--; 3505 3506 txd = (struct rt2870_txd *)&data->desc; 3507 txd->flags = qflags; 3508 txwi = (struct rt2860_txwi *)(txd + 1); 3509 txwi->xflags = xflags; 3510 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3511 txwi->wcid = 0; 3512 else 3513 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3514 1 : RUN_AID2WCID(ni->ni_associd); 3515 3516 /* clear leftover garbage bits */ 3517 txwi->flags = 0; 3518 txwi->txop = 0; 3519 3520 data->m = m; 3521 data->ni = ni; 3522 data->ridx = ridx; 3523 3524 run_set_tx_desc(sc, data); 3525 3526 /* 3527 * The chip keeps track of 2 kind of Tx stats, 3528 * * TX_STAT_FIFO, for per WCID stats, and 3529 * * TX_STA_CNT0 for all-TX-in-one stats. 3530 * 3531 * To use FIFO stats, we need to store MCS into the driver-private 3532 * PacketID field. So that, we can tell whose stats when we read them. 3533 * We add 1 to the MCS because setting the PacketID field to 0 means 3534 * that we don't want feedback in TX_STAT_FIFO. 3535 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3536 * 3537 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3538 */ 3539 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3540 vap->iv_opmode == IEEE80211_M_MBSS) { 3541 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3542 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3543 3544 /* 3545 * Unlike PCI based devices, we don't get any interrupt from 3546 * USB devices, so we simulate FIFO-is-full interrupt here. 3547 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3548 * quickly get fulled. To prevent overflow, increment a counter on 3549 * every FIFO stat request, so we know how many slots are left. 3550 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3551 * are used only in those modes. 3552 * We just drain stats. AMRR gets updated every 1 sec by 3553 * run_ratectl_cb() via callout. 3554 * Call it early. Otherwise overflow. 3555 */ 3556 if (sc->fifo_cnt++ == 10) { 3557 /* 3558 * With multiple vaps or if_bridge, if_start() is called 3559 * with a non-sleepable lock, tcpinp. So, need to defer. 3560 */ 3561 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3562 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3563 sc->cmdq[i].func = run_drain_fifo; 3564 sc->cmdq[i].arg0 = sc; 3565 ieee80211_runtask(ic, &sc->cmdq_task); 3566 } 3567 } 3568 3569 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3570 3571 usbd_transfer_start(sc->sc_xfer[qid]); 3572 3573 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3574 "sending data frame len=%d rate=%d qid=%d\n", 3575 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3576 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3577 3578 return (0); 3579 } 3580 3581 static int 3582 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3583 { 3584 struct ieee80211com *ic = &sc->sc_ic; 3585 struct run_node *rn = RUN_NODE(ni); 3586 struct run_tx_data *data; 3587 struct ieee80211_frame *wh; 3588 struct rt2870_txd *txd; 3589 struct rt2860_txwi *txwi; 3590 uint16_t dur; 3591 uint8_t ridx = rn->mgt_ridx; 3592 uint8_t xflags = 0; 3593 uint8_t wflags = 0; 3594 3595 RUN_LOCK_ASSERT(sc, MA_OWNED); 3596 3597 wh = mtod(m, struct ieee80211_frame *); 3598 3599 /* tell hardware to add timestamp for probe responses */ 3600 if (IEEE80211_IS_MGMT_PROBE_RESP(wh)) 3601 wflags |= RT2860_TX_TS; 3602 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3603 xflags |= RT2860_TX_ACK; 3604 3605 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3606 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3607 USETW(wh->i_dur, dur); 3608 } 3609 3610 if (sc->sc_epq[0].tx_nfree == 0) 3611 /* let caller free mbuf */ 3612 return (EIO); 3613 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3614 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3615 sc->sc_epq[0].tx_nfree--; 3616 3617 txd = (struct rt2870_txd *)&data->desc; 3618 txd->flags = RT2860_TX_QSEL_EDCA; 3619 txwi = (struct rt2860_txwi *)(txd + 1); 3620 txwi->wcid = 0xff; 3621 txwi->flags = wflags; 3622 txwi->xflags = xflags; 3623 txwi->txop = 0; /* clear leftover garbage bits */ 3624 3625 data->m = m; 3626 data->ni = ni; 3627 data->ridx = ridx; 3628 3629 run_set_tx_desc(sc, data); 3630 3631 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3632 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3633 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3634 3635 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3636 3637 usbd_transfer_start(sc->sc_xfer[0]); 3638 3639 return (0); 3640 } 3641 3642 static int 3643 run_sendprot(struct run_softc *sc, 3644 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3645 { 3646 struct ieee80211com *ic = ni->ni_ic; 3647 struct run_tx_data *data; 3648 struct rt2870_txd *txd; 3649 struct rt2860_txwi *txwi; 3650 struct mbuf *mprot; 3651 int ridx; 3652 int protrate; 3653 uint8_t wflags = 0; 3654 uint8_t xflags = 0; 3655 3656 RUN_LOCK_ASSERT(sc, MA_OWNED); 3657 3658 /* check that there are free slots before allocating the mbuf */ 3659 if (sc->sc_epq[0].tx_nfree == 0) 3660 /* let caller free mbuf */ 3661 return (ENOBUFS); 3662 3663 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3664 if (mprot == NULL) { 3665 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3666 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3667 return (ENOBUFS); 3668 } 3669 3670 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3671 wflags = RT2860_TX_FRAG; 3672 xflags = 0; 3673 if (prot == IEEE80211_PROT_RTSCTS) 3674 xflags |= RT2860_TX_ACK; 3675 3676 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3677 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3678 sc->sc_epq[0].tx_nfree--; 3679 3680 txd = (struct rt2870_txd *)&data->desc; 3681 txd->flags = RT2860_TX_QSEL_EDCA; 3682 txwi = (struct rt2860_txwi *)(txd + 1); 3683 txwi->wcid = 0xff; 3684 txwi->flags = wflags; 3685 txwi->xflags = xflags; 3686 txwi->txop = 0; /* clear leftover garbage bits */ 3687 3688 data->m = mprot; 3689 data->ni = ieee80211_ref_node(ni); 3690 3691 /* XXX TODO: methodize with MCS rates */ 3692 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3693 if (rt2860_rates[ridx].rate == protrate) 3694 break; 3695 data->ridx = ridx; 3696 3697 run_set_tx_desc(sc, data); 3698 3699 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3700 m->m_pkthdr.len, rate); 3701 3702 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3703 3704 usbd_transfer_start(sc->sc_xfer[0]); 3705 3706 return (0); 3707 } 3708 3709 static int 3710 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3711 const struct ieee80211_bpf_params *params) 3712 { 3713 struct ieee80211com *ic = ni->ni_ic; 3714 struct run_tx_data *data; 3715 struct rt2870_txd *txd; 3716 struct rt2860_txwi *txwi; 3717 uint8_t ridx; 3718 uint8_t rate; 3719 uint8_t opflags = 0; 3720 uint8_t xflags = 0; 3721 int error; 3722 3723 RUN_LOCK_ASSERT(sc, MA_OWNED); 3724 3725 KASSERT(params != NULL, ("no raw xmit params")); 3726 3727 rate = params->ibp_rate0; 3728 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3729 /* let caller free mbuf */ 3730 return (EINVAL); 3731 } 3732 3733 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3734 xflags |= RT2860_TX_ACK; 3735 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3736 error = run_sendprot(sc, m, ni, 3737 params->ibp_flags & IEEE80211_BPF_RTS ? 3738 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3739 rate); 3740 if (error) { 3741 /* let caller free mbuf */ 3742 return error; 3743 } 3744 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3745 } 3746 3747 if (sc->sc_epq[0].tx_nfree == 0) { 3748 /* let caller free mbuf */ 3749 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3750 "sending raw frame, but tx ring is full\n"); 3751 return (EIO); 3752 } 3753 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3754 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3755 sc->sc_epq[0].tx_nfree--; 3756 3757 txd = (struct rt2870_txd *)&data->desc; 3758 txd->flags = RT2860_TX_QSEL_EDCA; 3759 txwi = (struct rt2860_txwi *)(txd + 1); 3760 txwi->wcid = 0xff; 3761 txwi->xflags = xflags; 3762 txwi->txop = opflags; 3763 txwi->flags = 0; /* clear leftover garbage bits */ 3764 3765 data->m = m; 3766 data->ni = ni; 3767 /* XXX TODO: methodize with MCS rates */ 3768 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3769 if (rt2860_rates[ridx].rate == rate) 3770 break; 3771 data->ridx = ridx; 3772 3773 run_set_tx_desc(sc, data); 3774 3775 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3776 m->m_pkthdr.len, rate); 3777 3778 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3779 3780 usbd_transfer_start(sc->sc_xfer[0]); 3781 3782 return (0); 3783 } 3784 3785 static int 3786 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3787 const struct ieee80211_bpf_params *params) 3788 { 3789 struct run_softc *sc = ni->ni_ic->ic_softc; 3790 int error = 0; 3791 3792 RUN_LOCK(sc); 3793 3794 /* prevent management frames from being sent if we're not ready */ 3795 if (!(sc->sc_flags & RUN_RUNNING)) { 3796 error = ENETDOWN; 3797 goto done; 3798 } 3799 3800 if (params == NULL) { 3801 /* tx mgt packet */ 3802 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3803 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3804 goto done; 3805 } 3806 } else { 3807 /* tx raw packet with param */ 3808 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3809 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3810 goto done; 3811 } 3812 } 3813 3814 done: 3815 RUN_UNLOCK(sc); 3816 3817 if (error != 0) { 3818 if(m != NULL) 3819 m_freem(m); 3820 } 3821 3822 return (error); 3823 } 3824 3825 static int 3826 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3827 { 3828 struct run_softc *sc = ic->ic_softc; 3829 int error; 3830 3831 RUN_LOCK(sc); 3832 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3833 RUN_UNLOCK(sc); 3834 return (ENXIO); 3835 } 3836 error = mbufq_enqueue(&sc->sc_snd, m); 3837 if (error) { 3838 RUN_UNLOCK(sc); 3839 return (error); 3840 } 3841 run_start(sc); 3842 RUN_UNLOCK(sc); 3843 3844 return (0); 3845 } 3846 3847 static void 3848 run_start(struct run_softc *sc) 3849 { 3850 struct ieee80211_node *ni; 3851 struct mbuf *m; 3852 3853 RUN_LOCK_ASSERT(sc, MA_OWNED); 3854 3855 if ((sc->sc_flags & RUN_RUNNING) == 0) 3856 return; 3857 3858 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3859 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3860 if (run_tx(sc, m, ni) != 0) { 3861 mbufq_prepend(&sc->sc_snd, m); 3862 break; 3863 } 3864 } 3865 } 3866 3867 static void 3868 run_parent(struct ieee80211com *ic) 3869 { 3870 struct run_softc *sc = ic->ic_softc; 3871 int startall = 0; 3872 3873 RUN_LOCK(sc); 3874 if (sc->sc_detached) { 3875 RUN_UNLOCK(sc); 3876 return; 3877 } 3878 3879 if (ic->ic_nrunning > 0) { 3880 if (!(sc->sc_flags & RUN_RUNNING)) { 3881 startall = 1; 3882 run_init_locked(sc); 3883 } else 3884 run_update_promisc_locked(sc); 3885 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3886 run_stop(sc); 3887 RUN_UNLOCK(sc); 3888 if (startall) 3889 ieee80211_start_all(ic); 3890 } 3891 3892 static void 3893 run_iq_calib(struct run_softc *sc, u_int chan) 3894 { 3895 uint16_t val; 3896 3897 /* Tx0 IQ gain. */ 3898 run_bbp_write(sc, 158, 0x2c); 3899 if (chan <= 14) 3900 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3901 else if (chan <= 64) { 3902 run_efuse_read(sc, 3903 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3904 &val, 1); 3905 } else if (chan <= 138) { 3906 run_efuse_read(sc, 3907 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3908 &val, 1); 3909 } else if (chan <= 165) { 3910 run_efuse_read(sc, 3911 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3912 &val, 1); 3913 } else 3914 val = 0; 3915 run_bbp_write(sc, 159, val); 3916 3917 /* Tx0 IQ phase. */ 3918 run_bbp_write(sc, 158, 0x2d); 3919 if (chan <= 14) { 3920 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3921 &val, 1); 3922 } else if (chan <= 64) { 3923 run_efuse_read(sc, 3924 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3925 &val, 1); 3926 } else if (chan <= 138) { 3927 run_efuse_read(sc, 3928 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3929 &val, 1); 3930 } else if (chan <= 165) { 3931 run_efuse_read(sc, 3932 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3933 &val, 1); 3934 } else 3935 val = 0; 3936 run_bbp_write(sc, 159, val); 3937 3938 /* Tx1 IQ gain. */ 3939 run_bbp_write(sc, 158, 0x4a); 3940 if (chan <= 14) { 3941 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3942 &val, 1); 3943 } else if (chan <= 64) { 3944 run_efuse_read(sc, 3945 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3946 &val, 1); 3947 } else if (chan <= 138) { 3948 run_efuse_read(sc, 3949 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3950 &val, 1); 3951 } else if (chan <= 165) { 3952 run_efuse_read(sc, 3953 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3954 &val, 1); 3955 } else 3956 val = 0; 3957 run_bbp_write(sc, 159, val); 3958 3959 /* Tx1 IQ phase. */ 3960 run_bbp_write(sc, 158, 0x4b); 3961 if (chan <= 14) { 3962 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3963 &val, 1); 3964 } else if (chan <= 64) { 3965 run_efuse_read(sc, 3966 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3967 &val, 1); 3968 } else if (chan <= 138) { 3969 run_efuse_read(sc, 3970 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3971 &val, 1); 3972 } else if (chan <= 165) { 3973 run_efuse_read(sc, 3974 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3975 &val, 1); 3976 } else 3977 val = 0; 3978 run_bbp_write(sc, 159, val); 3979 3980 /* RF IQ compensation control. */ 3981 run_bbp_write(sc, 158, 0x04); 3982 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3983 &val, 1); 3984 run_bbp_write(sc, 159, val); 3985 3986 /* RF IQ imbalance compensation control. */ 3987 run_bbp_write(sc, 158, 0x03); 3988 run_efuse_read(sc, 3989 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3990 run_bbp_write(sc, 159, val); 3991 } 3992 3993 static void 3994 run_set_agc(struct run_softc *sc, uint8_t agc) 3995 { 3996 uint8_t bbp; 3997 3998 if (sc->mac_ver == 0x3572) { 3999 run_bbp_read(sc, 27, &bbp); 4000 bbp &= ~(0x3 << 5); 4001 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 4002 run_bbp_write(sc, 66, agc); 4003 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 4004 run_bbp_write(sc, 66, agc); 4005 } else 4006 run_bbp_write(sc, 66, agc); 4007 } 4008 4009 static void 4010 run_select_chan_group(struct run_softc *sc, int group) 4011 { 4012 uint32_t tmp; 4013 uint8_t agc; 4014 4015 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 4016 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 4017 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 4018 if (sc->mac_ver < 0x3572) 4019 run_bbp_write(sc, 86, 0x00); 4020 4021 if (sc->mac_ver == 0x3593) { 4022 run_bbp_write(sc, 77, 0x98); 4023 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 4024 } 4025 4026 if (group == 0) { 4027 if (sc->ext_2ghz_lna) { 4028 if (sc->mac_ver >= 0x5390) 4029 run_bbp_write(sc, 75, 0x52); 4030 else { 4031 run_bbp_write(sc, 82, 0x62); 4032 run_bbp_write(sc, 75, 0x46); 4033 } 4034 } else { 4035 if (sc->mac_ver == 0x5592) { 4036 run_bbp_write(sc, 79, 0x1c); 4037 run_bbp_write(sc, 80, 0x0e); 4038 run_bbp_write(sc, 81, 0x3a); 4039 run_bbp_write(sc, 82, 0x62); 4040 4041 run_bbp_write(sc, 195, 0x80); 4042 run_bbp_write(sc, 196, 0xe0); 4043 run_bbp_write(sc, 195, 0x81); 4044 run_bbp_write(sc, 196, 0x1f); 4045 run_bbp_write(sc, 195, 0x82); 4046 run_bbp_write(sc, 196, 0x38); 4047 run_bbp_write(sc, 195, 0x83); 4048 run_bbp_write(sc, 196, 0x32); 4049 run_bbp_write(sc, 195, 0x85); 4050 run_bbp_write(sc, 196, 0x28); 4051 run_bbp_write(sc, 195, 0x86); 4052 run_bbp_write(sc, 196, 0x19); 4053 } else if (sc->mac_ver >= 0x5390) 4054 run_bbp_write(sc, 75, 0x50); 4055 else { 4056 run_bbp_write(sc, 82, 4057 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 4058 run_bbp_write(sc, 75, 0x50); 4059 } 4060 } 4061 } else { 4062 if (sc->mac_ver == 0x5592) { 4063 run_bbp_write(sc, 79, 0x18); 4064 run_bbp_write(sc, 80, 0x08); 4065 run_bbp_write(sc, 81, 0x38); 4066 run_bbp_write(sc, 82, 0x92); 4067 4068 run_bbp_write(sc, 195, 0x80); 4069 run_bbp_write(sc, 196, 0xf0); 4070 run_bbp_write(sc, 195, 0x81); 4071 run_bbp_write(sc, 196, 0x1e); 4072 run_bbp_write(sc, 195, 0x82); 4073 run_bbp_write(sc, 196, 0x28); 4074 run_bbp_write(sc, 195, 0x83); 4075 run_bbp_write(sc, 196, 0x20); 4076 run_bbp_write(sc, 195, 0x85); 4077 run_bbp_write(sc, 196, 0x7f); 4078 run_bbp_write(sc, 195, 0x86); 4079 run_bbp_write(sc, 196, 0x7f); 4080 } else if (sc->mac_ver == 0x3572) 4081 run_bbp_write(sc, 82, 0x94); 4082 else 4083 run_bbp_write(sc, 82, 4084 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4085 if (sc->ext_5ghz_lna) 4086 run_bbp_write(sc, 75, 0x46); 4087 else 4088 run_bbp_write(sc, 75, 0x50); 4089 } 4090 4091 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4092 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4093 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4094 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4095 4096 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4097 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4098 if (sc->mac_ver == 0x3593) 4099 tmp |= 1 << 29 | 1 << 28; 4100 if (sc->nrxchains > 1) 4101 tmp |= RT2860_LNA_PE1_EN; 4102 if (group == 0) { /* 2GHz */ 4103 tmp |= RT2860_PA_PE_G0_EN; 4104 if (sc->ntxchains > 1) 4105 tmp |= RT2860_PA_PE_G1_EN; 4106 if (sc->mac_ver == 0x3593) { 4107 if (sc->ntxchains > 2) 4108 tmp |= 1 << 25; 4109 } 4110 } else { /* 5GHz */ 4111 tmp |= RT2860_PA_PE_A0_EN; 4112 if (sc->ntxchains > 1) 4113 tmp |= RT2860_PA_PE_A1_EN; 4114 } 4115 if (sc->mac_ver == 0x3572) { 4116 run_rt3070_rf_write(sc, 8, 0x00); 4117 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4118 run_rt3070_rf_write(sc, 8, 0x80); 4119 } else 4120 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4121 4122 if (sc->mac_ver == 0x5592) { 4123 run_bbp_write(sc, 195, 0x8d); 4124 run_bbp_write(sc, 196, 0x1a); 4125 } 4126 4127 if (sc->mac_ver == 0x3593) { 4128 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4129 tmp &= ~0x01010000; 4130 if (group == 0) 4131 tmp |= 0x00010000; 4132 tmp = (tmp & ~0x00009090) | 0x00000090; 4133 run_write(sc, RT2860_GPIO_CTRL, tmp); 4134 } 4135 4136 /* set initial AGC value */ 4137 if (group == 0) { /* 2GHz band */ 4138 if (sc->mac_ver >= 0x3070) 4139 agc = 0x1c + sc->lna[0] * 2; 4140 else 4141 agc = 0x2e + sc->lna[0]; 4142 } else { /* 5GHz band */ 4143 if (sc->mac_ver == 0x5592) 4144 agc = 0x24 + sc->lna[group] * 2; 4145 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4146 agc = 0x22 + (sc->lna[group] * 5) / 3; 4147 else 4148 agc = 0x32 + (sc->lna[group] * 5) / 3; 4149 } 4150 run_set_agc(sc, agc); 4151 } 4152 4153 static void 4154 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4155 { 4156 const struct rfprog *rfprog = rt2860_rf2850; 4157 uint32_t r2, r3, r4; 4158 int8_t txpow1, txpow2; 4159 int i; 4160 4161 /* find the settings for this channel (we know it exists) */ 4162 for (i = 0; rfprog[i].chan != chan; i++); 4163 4164 r2 = rfprog[i].r2; 4165 if (sc->ntxchains == 1) 4166 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4167 if (sc->nrxchains == 1) 4168 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4169 else if (sc->nrxchains == 2) 4170 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4171 4172 /* use Tx power values from EEPROM */ 4173 txpow1 = sc->txpow1[i]; 4174 txpow2 = sc->txpow2[i]; 4175 4176 /* Initialize RF R3 and R4. */ 4177 r3 = rfprog[i].r3 & 0xffffc1ff; 4178 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4179 if (chan > 14) { 4180 if (txpow1 >= 0) { 4181 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4182 r3 |= (txpow1 << 10) | (1 << 9); 4183 } else { 4184 txpow1 += 7; 4185 4186 /* txpow1 is not possible larger than 15. */ 4187 r3 |= (txpow1 << 10); 4188 } 4189 if (txpow2 >= 0) { 4190 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4191 r4 |= (txpow2 << 7) | (1 << 6); 4192 } else { 4193 txpow2 += 7; 4194 r4 |= (txpow2 << 7); 4195 } 4196 } else { 4197 /* Set Tx0 power. */ 4198 r3 |= (txpow1 << 9); 4199 4200 /* Set frequency offset and Tx1 power. */ 4201 r4 |= (txpow2 << 6); 4202 } 4203 4204 run_rt2870_rf_write(sc, rfprog[i].r1); 4205 run_rt2870_rf_write(sc, r2); 4206 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4207 run_rt2870_rf_write(sc, r4); 4208 4209 run_delay(sc, 10); 4210 4211 run_rt2870_rf_write(sc, rfprog[i].r1); 4212 run_rt2870_rf_write(sc, r2); 4213 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4214 run_rt2870_rf_write(sc, r4); 4215 4216 run_delay(sc, 10); 4217 4218 run_rt2870_rf_write(sc, rfprog[i].r1); 4219 run_rt2870_rf_write(sc, r2); 4220 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4221 run_rt2870_rf_write(sc, r4); 4222 } 4223 4224 static void 4225 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4226 { 4227 int8_t txpow1, txpow2; 4228 uint8_t rf; 4229 int i; 4230 4231 /* find the settings for this channel (we know it exists) */ 4232 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4233 4234 /* use Tx power values from EEPROM */ 4235 txpow1 = sc->txpow1[i]; 4236 txpow2 = sc->txpow2[i]; 4237 4238 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4239 4240 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4241 run_rt3070_rf_read(sc, 3, &rf); 4242 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4243 run_rt3070_rf_write(sc, 3, rf); 4244 4245 run_rt3070_rf_read(sc, 6, &rf); 4246 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4247 run_rt3070_rf_write(sc, 6, rf); 4248 4249 /* set Tx0 power */ 4250 run_rt3070_rf_read(sc, 12, &rf); 4251 rf = (rf & ~0x1f) | txpow1; 4252 run_rt3070_rf_write(sc, 12, rf); 4253 4254 /* set Tx1 power */ 4255 run_rt3070_rf_read(sc, 13, &rf); 4256 rf = (rf & ~0x1f) | txpow2; 4257 run_rt3070_rf_write(sc, 13, rf); 4258 4259 run_rt3070_rf_read(sc, 1, &rf); 4260 rf &= ~0xfc; 4261 if (sc->ntxchains == 1) 4262 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4263 else if (sc->ntxchains == 2) 4264 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4265 if (sc->nrxchains == 1) 4266 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4267 else if (sc->nrxchains == 2) 4268 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4269 run_rt3070_rf_write(sc, 1, rf); 4270 4271 /* set RF offset */ 4272 run_rt3070_rf_read(sc, 23, &rf); 4273 rf = (rf & ~0x7f) | sc->freq; 4274 run_rt3070_rf_write(sc, 23, rf); 4275 4276 /* program RF filter */ 4277 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4278 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4279 run_rt3070_rf_write(sc, 24, rf); 4280 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4281 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4282 run_rt3070_rf_write(sc, 31, rf); 4283 4284 /* enable RF tuning */ 4285 run_rt3070_rf_read(sc, 7, &rf); 4286 run_rt3070_rf_write(sc, 7, rf | 0x01); 4287 } 4288 4289 static void 4290 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4291 { 4292 int8_t txpow1, txpow2; 4293 uint32_t tmp; 4294 uint8_t rf; 4295 int i; 4296 4297 /* find the settings for this channel (we know it exists) */ 4298 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4299 4300 /* use Tx power values from EEPROM */ 4301 txpow1 = sc->txpow1[i]; 4302 txpow2 = sc->txpow2[i]; 4303 4304 if (chan <= 14) { 4305 run_bbp_write(sc, 25, sc->bbp25); 4306 run_bbp_write(sc, 26, sc->bbp26); 4307 } else { 4308 /* enable IQ phase correction */ 4309 run_bbp_write(sc, 25, 0x09); 4310 run_bbp_write(sc, 26, 0xff); 4311 } 4312 4313 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4314 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4315 run_rt3070_rf_read(sc, 6, &rf); 4316 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4317 rf |= (chan <= 14) ? 0x08 : 0x04; 4318 run_rt3070_rf_write(sc, 6, rf); 4319 4320 /* set PLL mode */ 4321 run_rt3070_rf_read(sc, 5, &rf); 4322 rf &= ~(0x08 | 0x04); 4323 rf |= (chan <= 14) ? 0x04 : 0x08; 4324 run_rt3070_rf_write(sc, 5, rf); 4325 4326 /* set Tx power for chain 0 */ 4327 if (chan <= 14) 4328 rf = 0x60 | txpow1; 4329 else 4330 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4331 run_rt3070_rf_write(sc, 12, rf); 4332 4333 /* set Tx power for chain 1 */ 4334 if (chan <= 14) 4335 rf = 0x60 | txpow2; 4336 else 4337 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4338 run_rt3070_rf_write(sc, 13, rf); 4339 4340 /* set Tx/Rx streams */ 4341 run_rt3070_rf_read(sc, 1, &rf); 4342 rf &= ~0xfc; 4343 if (sc->ntxchains == 1) 4344 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4345 else if (sc->ntxchains == 2) 4346 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4347 if (sc->nrxchains == 1) 4348 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4349 else if (sc->nrxchains == 2) 4350 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4351 run_rt3070_rf_write(sc, 1, rf); 4352 4353 /* set RF offset */ 4354 run_rt3070_rf_read(sc, 23, &rf); 4355 rf = (rf & ~0x7f) | sc->freq; 4356 run_rt3070_rf_write(sc, 23, rf); 4357 4358 /* program RF filter */ 4359 rf = sc->rf24_20mhz; 4360 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4361 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4362 4363 /* enable RF tuning */ 4364 run_rt3070_rf_read(sc, 7, &rf); 4365 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4366 run_rt3070_rf_write(sc, 7, rf); 4367 4368 /* TSSI */ 4369 rf = (chan <= 14) ? 0xc3 : 0xc0; 4370 run_rt3070_rf_write(sc, 9, rf); 4371 4372 /* set loop filter 1 */ 4373 run_rt3070_rf_write(sc, 10, 0xf1); 4374 /* set loop filter 2 */ 4375 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4376 4377 /* set tx_mx2_ic */ 4378 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4379 /* set tx_mx1_ic */ 4380 if (chan <= 14) 4381 rf = 0x48 | sc->txmixgain_2ghz; 4382 else 4383 rf = 0x78 | sc->txmixgain_5ghz; 4384 run_rt3070_rf_write(sc, 16, rf); 4385 4386 /* set tx_lo1 */ 4387 run_rt3070_rf_write(sc, 17, 0x23); 4388 /* set tx_lo2 */ 4389 if (chan <= 14) 4390 rf = 0x93; 4391 else if (chan <= 64) 4392 rf = 0xb7; 4393 else if (chan <= 128) 4394 rf = 0x74; 4395 else 4396 rf = 0x72; 4397 run_rt3070_rf_write(sc, 19, rf); 4398 4399 /* set rx_lo1 */ 4400 if (chan <= 14) 4401 rf = 0xb3; 4402 else if (chan <= 64) 4403 rf = 0xf6; 4404 else if (chan <= 128) 4405 rf = 0xf4; 4406 else 4407 rf = 0xf3; 4408 run_rt3070_rf_write(sc, 20, rf); 4409 4410 /* set pfd_delay */ 4411 if (chan <= 14) 4412 rf = 0x15; 4413 else if (chan <= 64) 4414 rf = 0x3d; 4415 else 4416 rf = 0x01; 4417 run_rt3070_rf_write(sc, 25, rf); 4418 4419 /* set rx_lo2 */ 4420 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4421 /* set ldo_rf_vc */ 4422 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4423 /* set drv_cc */ 4424 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4425 4426 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4427 tmp &= ~0x8080; 4428 if (chan <= 14) 4429 tmp |= 0x80; 4430 run_write(sc, RT2860_GPIO_CTRL, tmp); 4431 4432 /* enable RF tuning */ 4433 run_rt3070_rf_read(sc, 7, &rf); 4434 run_rt3070_rf_write(sc, 7, rf | 0x01); 4435 4436 run_delay(sc, 2); 4437 } 4438 4439 static void 4440 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4441 { 4442 int8_t txpow1, txpow2, txpow3; 4443 uint8_t h20mhz, rf; 4444 int i; 4445 4446 /* find the settings for this channel (we know it exists) */ 4447 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4448 4449 /* use Tx power values from EEPROM */ 4450 txpow1 = sc->txpow1[i]; 4451 txpow2 = sc->txpow2[i]; 4452 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4453 4454 if (chan <= 14) { 4455 run_bbp_write(sc, 25, sc->bbp25); 4456 run_bbp_write(sc, 26, sc->bbp26); 4457 } else { 4458 /* Enable IQ phase correction. */ 4459 run_bbp_write(sc, 25, 0x09); 4460 run_bbp_write(sc, 26, 0xff); 4461 } 4462 4463 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4464 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4465 run_rt3070_rf_read(sc, 11, &rf); 4466 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4467 run_rt3070_rf_write(sc, 11, rf); 4468 4469 /* Set pll_idoh. */ 4470 run_rt3070_rf_read(sc, 11, &rf); 4471 rf &= ~0x4c; 4472 rf |= (chan <= 14) ? 0x44 : 0x48; 4473 run_rt3070_rf_write(sc, 11, rf); 4474 4475 if (chan <= 14) 4476 rf = txpow1 & 0x1f; 4477 else 4478 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4479 run_rt3070_rf_write(sc, 53, rf); 4480 4481 if (chan <= 14) 4482 rf = txpow2 & 0x1f; 4483 else 4484 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4485 run_rt3070_rf_write(sc, 55, rf); 4486 4487 if (chan <= 14) 4488 rf = txpow3 & 0x1f; 4489 else 4490 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4491 run_rt3070_rf_write(sc, 54, rf); 4492 4493 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4494 if (sc->ntxchains == 3) 4495 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4496 else 4497 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4498 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4499 run_rt3070_rf_write(sc, 1, rf); 4500 4501 run_adjust_freq_offset(sc); 4502 4503 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4504 4505 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4506 run_rt3070_rf_read(sc, 30, &rf); 4507 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4508 run_rt3070_rf_write(sc, 30, rf); 4509 4510 run_rt3070_rf_read(sc, 36, &rf); 4511 if (chan <= 14) 4512 rf |= 0x80; 4513 else 4514 rf &= ~0x80; 4515 run_rt3070_rf_write(sc, 36, rf); 4516 4517 /* Set vcolo_bs. */ 4518 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4519 /* Set pfd_delay. */ 4520 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4521 4522 /* Set vco bias current control. */ 4523 run_rt3070_rf_read(sc, 6, &rf); 4524 rf &= ~0xc0; 4525 if (chan <= 14) 4526 rf |= 0x40; 4527 else if (chan <= 128) 4528 rf |= 0x80; 4529 else 4530 rf |= 0x40; 4531 run_rt3070_rf_write(sc, 6, rf); 4532 4533 run_rt3070_rf_read(sc, 30, &rf); 4534 rf = (rf & ~0x18) | 0x10; 4535 run_rt3070_rf_write(sc, 30, rf); 4536 4537 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4538 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4539 4540 run_rt3070_rf_read(sc, 51, &rf); 4541 rf = (rf & ~0x03) | 0x01; 4542 run_rt3070_rf_write(sc, 51, rf); 4543 /* Set tx_mx1_cc. */ 4544 run_rt3070_rf_read(sc, 51, &rf); 4545 rf &= ~0x1c; 4546 rf |= (chan <= 14) ? 0x14 : 0x10; 4547 run_rt3070_rf_write(sc, 51, rf); 4548 /* Set tx_mx1_ic. */ 4549 run_rt3070_rf_read(sc, 51, &rf); 4550 rf &= ~0xe0; 4551 rf |= (chan <= 14) ? 0x60 : 0x40; 4552 run_rt3070_rf_write(sc, 51, rf); 4553 /* Set tx_lo1_ic. */ 4554 run_rt3070_rf_read(sc, 49, &rf); 4555 rf &= ~0x1c; 4556 rf |= (chan <= 14) ? 0x0c : 0x08; 4557 run_rt3070_rf_write(sc, 49, rf); 4558 /* Set tx_lo1_en. */ 4559 run_rt3070_rf_read(sc, 50, &rf); 4560 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4561 /* Set drv_cc. */ 4562 run_rt3070_rf_read(sc, 57, &rf); 4563 rf &= ~0xfc; 4564 rf |= (chan <= 14) ? 0x6c : 0x3c; 4565 run_rt3070_rf_write(sc, 57, rf); 4566 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4567 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4568 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4569 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4570 /* Enable VCO calibration. */ 4571 run_rt3070_rf_read(sc, 3, &rf); 4572 rf &= ~RT5390_VCOCAL; 4573 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4574 run_rt3070_rf_write(sc, 3, rf); 4575 4576 if (chan <= 14) 4577 rf = 0x23; 4578 else if (chan <= 64) 4579 rf = 0x36; 4580 else if (chan <= 128) 4581 rf = 0x32; 4582 else 4583 rf = 0x30; 4584 run_rt3070_rf_write(sc, 39, rf); 4585 if (chan <= 14) 4586 rf = 0xbb; 4587 else if (chan <= 64) 4588 rf = 0xeb; 4589 else if (chan <= 128) 4590 rf = 0xb3; 4591 else 4592 rf = 0x9b; 4593 run_rt3070_rf_write(sc, 45, rf); 4594 4595 /* Set FEQ/AEQ control. */ 4596 run_bbp_write(sc, 105, 0x34); 4597 } 4598 4599 static void 4600 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4601 { 4602 int8_t txpow1, txpow2; 4603 uint8_t rf; 4604 int i; 4605 4606 /* find the settings for this channel (we know it exists) */ 4607 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4608 4609 /* use Tx power values from EEPROM */ 4610 txpow1 = sc->txpow1[i]; 4611 txpow2 = sc->txpow2[i]; 4612 4613 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4614 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4615 run_rt3070_rf_read(sc, 11, &rf); 4616 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4617 run_rt3070_rf_write(sc, 11, rf); 4618 4619 run_rt3070_rf_read(sc, 49, &rf); 4620 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4621 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4622 if ((rf & 0x3f) > 0x27) 4623 rf = (rf & ~0x3f) | 0x27; 4624 run_rt3070_rf_write(sc, 49, rf); 4625 4626 if (sc->mac_ver == 0x5392) { 4627 run_rt3070_rf_read(sc, 50, &rf); 4628 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4629 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4630 if ((rf & 0x3f) > 0x27) 4631 rf = (rf & ~0x3f) | 0x27; 4632 run_rt3070_rf_write(sc, 50, rf); 4633 } 4634 4635 run_rt3070_rf_read(sc, 1, &rf); 4636 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4637 if (sc->mac_ver == 0x5392) 4638 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4639 run_rt3070_rf_write(sc, 1, rf); 4640 4641 if (sc->mac_ver != 0x5392) { 4642 run_rt3070_rf_read(sc, 2, &rf); 4643 rf |= 0x80; 4644 run_rt3070_rf_write(sc, 2, rf); 4645 run_delay(sc, 10); 4646 rf &= 0x7f; 4647 run_rt3070_rf_write(sc, 2, rf); 4648 } 4649 4650 run_adjust_freq_offset(sc); 4651 4652 if (sc->mac_ver == 0x5392) { 4653 /* Fix for RT5392C. */ 4654 if (sc->mac_rev >= 0x0223) { 4655 if (chan <= 4) 4656 rf = 0x0f; 4657 else if (chan >= 5 && chan <= 7) 4658 rf = 0x0e; 4659 else 4660 rf = 0x0d; 4661 run_rt3070_rf_write(sc, 23, rf); 4662 4663 if (chan <= 4) 4664 rf = 0x0c; 4665 else if (chan == 5) 4666 rf = 0x0b; 4667 else if (chan >= 6 && chan <= 7) 4668 rf = 0x0a; 4669 else if (chan >= 8 && chan <= 10) 4670 rf = 0x09; 4671 else 4672 rf = 0x08; 4673 run_rt3070_rf_write(sc, 59, rf); 4674 } else { 4675 if (chan <= 11) 4676 rf = 0x0f; 4677 else 4678 rf = 0x0b; 4679 run_rt3070_rf_write(sc, 59, rf); 4680 } 4681 } else { 4682 /* Fix for RT5390F. */ 4683 if (sc->mac_rev >= 0x0502) { 4684 if (chan <= 11) 4685 rf = 0x43; 4686 else 4687 rf = 0x23; 4688 run_rt3070_rf_write(sc, 55, rf); 4689 4690 if (chan <= 11) 4691 rf = 0x0f; 4692 else if (chan == 12) 4693 rf = 0x0d; 4694 else 4695 rf = 0x0b; 4696 run_rt3070_rf_write(sc, 59, rf); 4697 } else { 4698 run_rt3070_rf_write(sc, 55, 0x44); 4699 run_rt3070_rf_write(sc, 59, 0x8f); 4700 } 4701 } 4702 4703 /* Enable VCO calibration. */ 4704 run_rt3070_rf_read(sc, 3, &rf); 4705 rf |= RT5390_VCOCAL; 4706 run_rt3070_rf_write(sc, 3, rf); 4707 } 4708 4709 static void 4710 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4711 { 4712 const struct rt5592_freqs *freqs; 4713 uint32_t tmp; 4714 uint8_t reg, rf, txpow_bound; 4715 int8_t txpow1, txpow2; 4716 int i; 4717 4718 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4719 freqs = (tmp & RT5592_SEL_XTAL) ? 4720 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4721 4722 /* find the settings for this channel (we know it exists) */ 4723 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4724 4725 /* use Tx power values from EEPROM */ 4726 txpow1 = sc->txpow1[i]; 4727 txpow2 = sc->txpow2[i]; 4728 4729 run_read(sc, RT3070_LDO_CFG0, &tmp); 4730 tmp &= ~0x1c000000; 4731 if (chan > 14) 4732 tmp |= 0x14000000; 4733 run_write(sc, RT3070_LDO_CFG0, tmp); 4734 4735 /* N setting. */ 4736 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4737 run_rt3070_rf_read(sc, 9, &rf); 4738 rf &= ~(1 << 4); 4739 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4740 run_rt3070_rf_write(sc, 9, rf); 4741 4742 /* K setting. */ 4743 run_rt3070_rf_read(sc, 9, &rf); 4744 rf &= ~0x0f; 4745 rf |= (freqs->k & 0x0f); 4746 run_rt3070_rf_write(sc, 9, rf); 4747 4748 /* Mode setting. */ 4749 run_rt3070_rf_read(sc, 11, &rf); 4750 rf &= ~0x0c; 4751 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4752 run_rt3070_rf_write(sc, 11, rf); 4753 run_rt3070_rf_read(sc, 9, &rf); 4754 rf &= ~(1 << 7); 4755 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4756 run_rt3070_rf_write(sc, 9, rf); 4757 4758 /* R setting. */ 4759 run_rt3070_rf_read(sc, 11, &rf); 4760 rf &= ~0x03; 4761 rf |= (freqs->r - 0x1); 4762 run_rt3070_rf_write(sc, 11, rf); 4763 4764 if (chan <= 14) { 4765 /* Initialize RF registers for 2GHZ. */ 4766 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4767 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4768 rt5592_2ghz_def_rf[i].val); 4769 } 4770 4771 rf = (chan <= 10) ? 0x07 : 0x06; 4772 run_rt3070_rf_write(sc, 23, rf); 4773 run_rt3070_rf_write(sc, 59, rf); 4774 4775 run_rt3070_rf_write(sc, 55, 0x43); 4776 4777 /* 4778 * RF R49/R50 Tx power ALC code. 4779 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4780 */ 4781 reg = 2; 4782 txpow_bound = 0x27; 4783 } else { 4784 /* Initialize RF registers for 5GHZ. */ 4785 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4786 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4787 rt5592_5ghz_def_rf[i].val); 4788 } 4789 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4790 if (chan >= rt5592_chan_5ghz[i].firstchan && 4791 chan <= rt5592_chan_5ghz[i].lastchan) { 4792 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4793 rt5592_chan_5ghz[i].val); 4794 } 4795 } 4796 4797 /* 4798 * RF R49/R50 Tx power ALC code. 4799 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4800 */ 4801 reg = 3; 4802 txpow_bound = 0x2b; 4803 } 4804 4805 /* RF R49 ch0 Tx power ALC code. */ 4806 run_rt3070_rf_read(sc, 49, &rf); 4807 rf &= ~0xc0; 4808 rf |= (reg << 6); 4809 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4810 if ((rf & 0x3f) > txpow_bound) 4811 rf = (rf & ~0x3f) | txpow_bound; 4812 run_rt3070_rf_write(sc, 49, rf); 4813 4814 /* RF R50 ch1 Tx power ALC code. */ 4815 run_rt3070_rf_read(sc, 50, &rf); 4816 rf &= ~(1 << 7 | 1 << 6); 4817 rf |= (reg << 6); 4818 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4819 if ((rf & 0x3f) > txpow_bound) 4820 rf = (rf & ~0x3f) | txpow_bound; 4821 run_rt3070_rf_write(sc, 50, rf); 4822 4823 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4824 run_rt3070_rf_read(sc, 1, &rf); 4825 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4826 if (sc->ntxchains > 1) 4827 rf |= RT3070_TX1_PD; 4828 if (sc->nrxchains > 1) 4829 rf |= RT3070_RX1_PD; 4830 run_rt3070_rf_write(sc, 1, rf); 4831 4832 run_rt3070_rf_write(sc, 6, 0xe4); 4833 4834 run_rt3070_rf_write(sc, 30, 0x10); 4835 run_rt3070_rf_write(sc, 31, 0x80); 4836 run_rt3070_rf_write(sc, 32, 0x80); 4837 4838 run_adjust_freq_offset(sc); 4839 4840 /* Enable VCO calibration. */ 4841 run_rt3070_rf_read(sc, 3, &rf); 4842 rf |= RT5390_VCOCAL; 4843 run_rt3070_rf_write(sc, 3, rf); 4844 } 4845 4846 static void 4847 run_set_rx_antenna(struct run_softc *sc, int aux) 4848 { 4849 uint32_t tmp; 4850 uint8_t bbp152; 4851 4852 if (aux) { 4853 if (sc->rf_rev == RT5390_RF_5370) { 4854 run_bbp_read(sc, 152, &bbp152); 4855 run_bbp_write(sc, 152, bbp152 & ~0x80); 4856 } else { 4857 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4858 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4859 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4860 } 4861 } else { 4862 if (sc->rf_rev == RT5390_RF_5370) { 4863 run_bbp_read(sc, 152, &bbp152); 4864 run_bbp_write(sc, 152, bbp152 | 0x80); 4865 } else { 4866 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4867 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4868 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4869 } 4870 } 4871 } 4872 4873 static int 4874 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4875 { 4876 struct ieee80211com *ic = &sc->sc_ic; 4877 u_int chan, group; 4878 4879 chan = ieee80211_chan2ieee(ic, c); 4880 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4881 return (EINVAL); 4882 4883 if (sc->mac_ver == 0x5592) 4884 run_rt5592_set_chan(sc, chan); 4885 else if (sc->mac_ver >= 0x5390) 4886 run_rt5390_set_chan(sc, chan); 4887 else if (sc->mac_ver == 0x3593) 4888 run_rt3593_set_chan(sc, chan); 4889 else if (sc->mac_ver == 0x3572) 4890 run_rt3572_set_chan(sc, chan); 4891 else if (sc->mac_ver >= 0x3070) 4892 run_rt3070_set_chan(sc, chan); 4893 else 4894 run_rt2870_set_chan(sc, chan); 4895 4896 /* determine channel group */ 4897 if (chan <= 14) 4898 group = 0; 4899 else if (chan <= 64) 4900 group = 1; 4901 else if (chan <= 128) 4902 group = 2; 4903 else 4904 group = 3; 4905 4906 /* XXX necessary only when group has changed! */ 4907 run_select_chan_group(sc, group); 4908 4909 run_delay(sc, 10); 4910 4911 /* Perform IQ calibration. */ 4912 if (sc->mac_ver >= 0x5392) 4913 run_iq_calib(sc, chan); 4914 4915 return (0); 4916 } 4917 4918 static void 4919 run_set_channel(struct ieee80211com *ic) 4920 { 4921 struct run_softc *sc = ic->ic_softc; 4922 4923 RUN_LOCK(sc); 4924 run_set_chan(sc, ic->ic_curchan); 4925 RUN_UNLOCK(sc); 4926 4927 return; 4928 } 4929 4930 static void 4931 run_getradiocaps(struct ieee80211com *ic, 4932 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4933 { 4934 struct run_softc *sc = ic->ic_softc; 4935 uint8_t bands[IEEE80211_MODE_BYTES]; 4936 4937 memset(bands, 0, sizeof(bands)); 4938 setbit(bands, IEEE80211_MODE_11B); 4939 setbit(bands, IEEE80211_MODE_11G); 4940 if (sc->rf_rev != RT3070_RF_2020) 4941 setbit(bands, IEEE80211_MODE_11NG); 4942 4943 /* Note: for now, only support HT20 channels */ 4944 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4945 4946 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4947 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4948 sc->rf_rev == RT5592_RF_5592) { 4949 setbit(bands, IEEE80211_MODE_11A); 4950 if (sc->rf_rev != RT3070_RF_2020) 4951 setbit(bands, IEEE80211_MODE_11NA); 4952 /* Note: for now, only support HT20 channels */ 4953 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4954 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4955 } 4956 } 4957 4958 static void 4959 run_scan_start(struct ieee80211com *ic) 4960 { 4961 struct run_softc *sc = ic->ic_softc; 4962 4963 RUN_LOCK(sc); 4964 4965 /* abort TSF synchronization */ 4966 run_disable_tsf(sc); 4967 run_set_bssid(sc, ieee80211broadcastaddr); 4968 4969 RUN_UNLOCK(sc); 4970 4971 return; 4972 } 4973 4974 static void 4975 run_scan_end(struct ieee80211com *ic) 4976 { 4977 struct run_softc *sc = ic->ic_softc; 4978 4979 RUN_LOCK(sc); 4980 4981 run_enable_tsf_sync(sc); 4982 run_set_bssid(sc, sc->sc_bssid); 4983 4984 RUN_UNLOCK(sc); 4985 4986 return; 4987 } 4988 4989 /* 4990 * Could be called from ieee80211_node_timeout() 4991 * (non-sleepable thread) 4992 */ 4993 static void 4994 run_update_beacon(struct ieee80211vap *vap, int item) 4995 { 4996 struct ieee80211com *ic = vap->iv_ic; 4997 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4998 struct ieee80211_node *ni = vap->iv_bss; 4999 struct run_softc *sc = ic->ic_softc; 5000 struct run_vap *rvp = RUN_VAP(vap); 5001 int mcast = 0; 5002 uint32_t i; 5003 5004 switch (item) { 5005 case IEEE80211_BEACON_ERP: 5006 run_updateslot(ic); 5007 break; 5008 case IEEE80211_BEACON_HTINFO: 5009 run_updateprot(ic); 5010 break; 5011 case IEEE80211_BEACON_TIM: 5012 mcast = 1; /*TODO*/ 5013 break; 5014 default: 5015 break; 5016 } 5017 5018 setbit(bo->bo_flags, item); 5019 if (rvp->beacon_mbuf == NULL) { 5020 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5021 if (rvp->beacon_mbuf == NULL) 5022 return; 5023 } 5024 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 5025 5026 i = RUN_CMDQ_GET(&sc->cmdq_store); 5027 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5028 sc->cmdq[i].func = run_update_beacon_cb; 5029 sc->cmdq[i].arg0 = vap; 5030 ieee80211_runtask(ic, &sc->cmdq_task); 5031 5032 return; 5033 } 5034 5035 static void 5036 run_update_beacon_cb(void *arg) 5037 { 5038 struct ieee80211vap *vap = arg; 5039 struct ieee80211_node *ni = vap->iv_bss; 5040 struct run_vap *rvp = RUN_VAP(vap); 5041 struct ieee80211com *ic = vap->iv_ic; 5042 struct run_softc *sc = ic->ic_softc; 5043 struct rt2860_txwi txwi; 5044 struct mbuf *m; 5045 uint16_t txwisize; 5046 uint8_t ridx; 5047 5048 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 5049 return; 5050 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 5051 return; 5052 5053 /* 5054 * No need to call ieee80211_beacon_update(), run_update_beacon() 5055 * is taking care of appropriate calls. 5056 */ 5057 if (rvp->beacon_mbuf == NULL) { 5058 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5059 if (rvp->beacon_mbuf == NULL) 5060 return; 5061 } 5062 m = rvp->beacon_mbuf; 5063 5064 memset(&txwi, 0, sizeof(txwi)); 5065 txwi.wcid = 0xff; 5066 txwi.len = htole16(m->m_pkthdr.len); 5067 5068 /* send beacons at the lowest available rate */ 5069 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 5070 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 5071 txwi.phy = htole16(rt2860_rates[ridx].mcs); 5072 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 5073 txwi.phy |= htole16(RT2860_PHY_OFDM); 5074 txwi.txop = RT2860_TX_TXOP_HT; 5075 txwi.flags = RT2860_TX_TS; 5076 txwi.xflags = RT2860_TX_NSEQ; 5077 5078 txwisize = (sc->mac_ver == 0x5592) ? 5079 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 5080 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 5081 txwisize); 5082 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 5083 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5084 } 5085 5086 static void 5087 run_updateprot(struct ieee80211com *ic) 5088 { 5089 struct run_softc *sc = ic->ic_softc; 5090 uint32_t i; 5091 5092 i = RUN_CMDQ_GET(&sc->cmdq_store); 5093 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5094 sc->cmdq[i].func = run_updateprot_cb; 5095 sc->cmdq[i].arg0 = ic; 5096 ieee80211_runtask(ic, &sc->cmdq_task); 5097 } 5098 5099 static void 5100 run_updateprot_cb(void *arg) 5101 { 5102 struct ieee80211com *ic = arg; 5103 struct run_softc *sc = ic->ic_softc; 5104 uint32_t tmp; 5105 5106 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5107 /* setup protection frame rate (MCS code) */ 5108 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5109 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5110 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5111 5112 /* CCK frames don't require protection */ 5113 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5114 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5115 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5116 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5117 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5118 tmp |= RT2860_PROT_CTRL_CTS; 5119 } 5120 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5121 } 5122 5123 static void 5124 run_usb_timeout_cb(void *arg) 5125 { 5126 struct ieee80211vap *vap = arg; 5127 struct run_softc *sc = vap->iv_ic->ic_softc; 5128 5129 RUN_LOCK_ASSERT(sc, MA_OWNED); 5130 5131 if(vap->iv_state == IEEE80211_S_RUN && 5132 vap->iv_opmode != IEEE80211_M_STA) 5133 run_reset_livelock(sc); 5134 else if (vap->iv_state == IEEE80211_S_SCAN) { 5135 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5136 "timeout caused by scan\n"); 5137 /* cancel bgscan */ 5138 ieee80211_cancel_scan(vap); 5139 } else 5140 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5141 "timeout by unknown cause\n"); 5142 } 5143 5144 static void 5145 run_reset_livelock(struct run_softc *sc) 5146 { 5147 uint32_t tmp; 5148 5149 RUN_LOCK_ASSERT(sc, MA_OWNED); 5150 5151 /* 5152 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5153 * can run into a livelock and start sending CTS-to-self frames like 5154 * crazy if protection is enabled. Reset MAC/BBP for a while 5155 */ 5156 run_read(sc, RT2860_DEBUG, &tmp); 5157 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5158 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5159 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5160 "CTS-to-self livelock detected\n"); 5161 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5162 run_delay(sc, 1); 5163 run_write(sc, RT2860_MAC_SYS_CTRL, 5164 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5165 } 5166 } 5167 5168 static void 5169 run_update_promisc_locked(struct run_softc *sc) 5170 { 5171 uint32_t tmp; 5172 5173 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5174 5175 tmp |= RT2860_DROP_UC_NOME; 5176 if (sc->sc_ic.ic_promisc > 0) 5177 tmp &= ~RT2860_DROP_UC_NOME; 5178 5179 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5180 5181 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5182 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5183 } 5184 5185 static void 5186 run_update_promisc(struct ieee80211com *ic) 5187 { 5188 struct run_softc *sc = ic->ic_softc; 5189 5190 if ((sc->sc_flags & RUN_RUNNING) == 0) 5191 return; 5192 5193 RUN_LOCK(sc); 5194 run_update_promisc_locked(sc); 5195 RUN_UNLOCK(sc); 5196 } 5197 5198 static void 5199 run_enable_tsf_sync(struct run_softc *sc) 5200 { 5201 struct ieee80211com *ic = &sc->sc_ic; 5202 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5203 uint32_t tmp; 5204 5205 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5206 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5207 5208 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5209 tmp &= ~0x1fffff; 5210 tmp |= vap->iv_bss->ni_intval * 16; 5211 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5212 5213 if (ic->ic_opmode == IEEE80211_M_STA) { 5214 /* 5215 * Local TSF is always updated with remote TSF on beacon 5216 * reception. 5217 */ 5218 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5219 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5220 tmp |= RT2860_BCN_TX_EN; 5221 /* 5222 * Local TSF is updated with remote TSF on beacon reception 5223 * only if the remote TSF is greater than local TSF. 5224 */ 5225 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5226 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5227 ic->ic_opmode == IEEE80211_M_MBSS) { 5228 tmp |= RT2860_BCN_TX_EN; 5229 /* SYNC with nobody */ 5230 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5231 } else { 5232 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5233 "Enabling TSF failed. undefined opmode\n"); 5234 return; 5235 } 5236 5237 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5238 } 5239 5240 static void 5241 run_enable_tsf(struct run_softc *sc) 5242 { 5243 uint32_t tmp; 5244 5245 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5246 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5247 tmp |= RT2860_TSF_TIMER_EN; 5248 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5249 } 5250 } 5251 5252 static void 5253 run_disable_tsf(struct run_softc *sc) 5254 { 5255 uint32_t tmp; 5256 5257 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5258 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5259 RT2860_TBTT_TIMER_EN); 5260 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5261 } 5262 } 5263 5264 static void 5265 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5266 { 5267 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5268 sizeof(*buf)); 5269 } 5270 5271 static void 5272 run_enable_mrr(struct run_softc *sc) 5273 { 5274 #define CCK(mcs) (mcs) 5275 #define OFDM(mcs) (1 << 3 | (mcs)) 5276 run_write(sc, RT2860_LG_FBK_CFG0, 5277 OFDM(6) << 28 | /* 54->48 */ 5278 OFDM(5) << 24 | /* 48->36 */ 5279 OFDM(4) << 20 | /* 36->24 */ 5280 OFDM(3) << 16 | /* 24->18 */ 5281 OFDM(2) << 12 | /* 18->12 */ 5282 OFDM(1) << 8 | /* 12-> 9 */ 5283 OFDM(0) << 4 | /* 9-> 6 */ 5284 OFDM(0)); /* 6-> 6 */ 5285 5286 run_write(sc, RT2860_LG_FBK_CFG1, 5287 CCK(2) << 12 | /* 11->5.5 */ 5288 CCK(1) << 8 | /* 5.5-> 2 */ 5289 CCK(0) << 4 | /* 2-> 1 */ 5290 CCK(0)); /* 1-> 1 */ 5291 #undef OFDM 5292 #undef CCK 5293 } 5294 5295 static void 5296 run_set_txpreamble(struct run_softc *sc) 5297 { 5298 struct ieee80211com *ic = &sc->sc_ic; 5299 uint32_t tmp; 5300 5301 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5302 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5303 tmp |= RT2860_CCK_SHORT_EN; 5304 else 5305 tmp &= ~RT2860_CCK_SHORT_EN; 5306 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5307 } 5308 5309 static void 5310 run_set_basicrates(struct run_softc *sc) 5311 { 5312 struct ieee80211com *ic = &sc->sc_ic; 5313 5314 /* set basic rates mask */ 5315 if (ic->ic_curmode == IEEE80211_MODE_11B) 5316 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5317 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5318 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5319 else /* 11g */ 5320 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5321 } 5322 5323 static void 5324 run_set_leds(struct run_softc *sc, uint16_t which) 5325 { 5326 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5327 which | (sc->leds & 0x7f)); 5328 } 5329 5330 static void 5331 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5332 { 5333 run_write(sc, RT2860_MAC_BSSID_DW0, 5334 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5335 run_write(sc, RT2860_MAC_BSSID_DW1, 5336 bssid[4] | bssid[5] << 8); 5337 } 5338 5339 static void 5340 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5341 { 5342 run_write(sc, RT2860_MAC_ADDR_DW0, 5343 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5344 run_write(sc, RT2860_MAC_ADDR_DW1, 5345 addr[4] | addr[5] << 8 | 0xff << 16); 5346 } 5347 5348 static void 5349 run_updateslot(struct ieee80211com *ic) 5350 { 5351 struct run_softc *sc = ic->ic_softc; 5352 uint32_t i; 5353 5354 i = RUN_CMDQ_GET(&sc->cmdq_store); 5355 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5356 sc->cmdq[i].func = run_updateslot_cb; 5357 sc->cmdq[i].arg0 = ic; 5358 ieee80211_runtask(ic, &sc->cmdq_task); 5359 5360 return; 5361 } 5362 5363 /* ARGSUSED */ 5364 static void 5365 run_updateslot_cb(void *arg) 5366 { 5367 struct ieee80211com *ic = arg; 5368 struct run_softc *sc = ic->ic_softc; 5369 uint32_t tmp; 5370 5371 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5372 tmp &= ~0xff; 5373 tmp |= IEEE80211_GET_SLOTTIME(ic); 5374 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5375 } 5376 5377 static void 5378 run_update_mcast(struct ieee80211com *ic) 5379 { 5380 } 5381 5382 static int8_t 5383 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5384 { 5385 struct ieee80211com *ic = &sc->sc_ic; 5386 struct ieee80211_channel *c = ic->ic_curchan; 5387 int delta; 5388 5389 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5390 u_int chan = ieee80211_chan2ieee(ic, c); 5391 delta = sc->rssi_5ghz[rxchain]; 5392 5393 /* determine channel group */ 5394 if (chan <= 64) 5395 delta -= sc->lna[1]; 5396 else if (chan <= 128) 5397 delta -= sc->lna[2]; 5398 else 5399 delta -= sc->lna[3]; 5400 } else 5401 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5402 5403 return (-12 - delta - rssi); 5404 } 5405 5406 static void 5407 run_rt5390_bbp_init(struct run_softc *sc) 5408 { 5409 u_int i; 5410 uint8_t bbp; 5411 5412 /* Apply maximum likelihood detection for 2 stream case. */ 5413 run_bbp_read(sc, 105, &bbp); 5414 if (sc->nrxchains > 1) 5415 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5416 5417 /* Avoid data lost and CRC error. */ 5418 run_bbp_read(sc, 4, &bbp); 5419 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5420 5421 if (sc->mac_ver == 0x5592) { 5422 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5423 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5424 rt5592_def_bbp[i].val); 5425 } 5426 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5427 run_bbp_write(sc, 195, i + 0x80); 5428 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5429 } 5430 } else { 5431 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5432 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5433 rt5390_def_bbp[i].val); 5434 } 5435 } 5436 if (sc->mac_ver == 0x5392) { 5437 run_bbp_write(sc, 88, 0x90); 5438 run_bbp_write(sc, 95, 0x9a); 5439 run_bbp_write(sc, 98, 0x12); 5440 run_bbp_write(sc, 106, 0x12); 5441 run_bbp_write(sc, 134, 0xd0); 5442 run_bbp_write(sc, 135, 0xf6); 5443 run_bbp_write(sc, 148, 0x84); 5444 } 5445 5446 run_bbp_read(sc, 152, &bbp); 5447 run_bbp_write(sc, 152, bbp | 0x80); 5448 5449 /* Fix BBP254 for RT5592C. */ 5450 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5451 run_bbp_read(sc, 254, &bbp); 5452 run_bbp_write(sc, 254, bbp | 0x80); 5453 } 5454 5455 /* Disable hardware antenna diversity. */ 5456 if (sc->mac_ver == 0x5390) 5457 run_bbp_write(sc, 154, 0); 5458 5459 /* Initialize Rx CCK/OFDM frequency offset report. */ 5460 run_bbp_write(sc, 142, 1); 5461 run_bbp_write(sc, 143, 57); 5462 } 5463 5464 static int 5465 run_bbp_init(struct run_softc *sc) 5466 { 5467 int i, error, ntries; 5468 uint8_t bbp0; 5469 5470 /* wait for BBP to wake up */ 5471 for (ntries = 0; ntries < 20; ntries++) { 5472 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5473 return error; 5474 if (bbp0 != 0 && bbp0 != 0xff) 5475 break; 5476 } 5477 if (ntries == 20) 5478 return (ETIMEDOUT); 5479 5480 /* initialize BBP registers to default values */ 5481 if (sc->mac_ver >= 0x5390) 5482 run_rt5390_bbp_init(sc); 5483 else { 5484 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5485 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5486 rt2860_def_bbp[i].val); 5487 } 5488 } 5489 5490 if (sc->mac_ver == 0x3593) { 5491 run_bbp_write(sc, 79, 0x13); 5492 run_bbp_write(sc, 80, 0x05); 5493 run_bbp_write(sc, 81, 0x33); 5494 run_bbp_write(sc, 86, 0x46); 5495 run_bbp_write(sc, 137, 0x0f); 5496 } 5497 5498 /* fix BBP84 for RT2860E */ 5499 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5500 run_bbp_write(sc, 84, 0x19); 5501 5502 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5503 sc->mac_ver != 0x5592)) { 5504 run_bbp_write(sc, 79, 0x13); 5505 run_bbp_write(sc, 80, 0x05); 5506 run_bbp_write(sc, 81, 0x33); 5507 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5508 run_bbp_write(sc, 69, 0x16); 5509 run_bbp_write(sc, 73, 0x12); 5510 } 5511 return (0); 5512 } 5513 5514 static int 5515 run_rt3070_rf_init(struct run_softc *sc) 5516 { 5517 uint32_t tmp; 5518 uint8_t bbp4, mingain, rf, target; 5519 u_int i; 5520 5521 run_rt3070_rf_read(sc, 30, &rf); 5522 /* toggle RF R30 bit 7 */ 5523 run_rt3070_rf_write(sc, 30, rf | 0x80); 5524 run_delay(sc, 10); 5525 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5526 5527 /* initialize RF registers to default value */ 5528 if (sc->mac_ver == 0x3572) { 5529 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5530 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5531 rt3572_def_rf[i].val); 5532 } 5533 } else { 5534 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5535 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5536 rt3070_def_rf[i].val); 5537 } 5538 } 5539 5540 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5541 /* 5542 * Change voltage from 1.2V to 1.35V for RT3070. 5543 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5544 * in RT3070(F). 5545 */ 5546 run_read(sc, RT3070_LDO_CFG0, &tmp); 5547 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5548 run_write(sc, RT3070_LDO_CFG0, tmp); 5549 5550 } else if (sc->mac_ver == 0x3071) { 5551 run_rt3070_rf_read(sc, 6, &rf); 5552 run_rt3070_rf_write(sc, 6, rf | 0x40); 5553 run_rt3070_rf_write(sc, 31, 0x14); 5554 5555 run_read(sc, RT3070_LDO_CFG0, &tmp); 5556 tmp &= ~0x1f000000; 5557 if (sc->mac_rev < 0x0211) 5558 tmp |= 0x0d000000; /* 1.3V */ 5559 else 5560 tmp |= 0x01000000; /* 1.2V */ 5561 run_write(sc, RT3070_LDO_CFG0, tmp); 5562 5563 /* patch LNA_PE_G1 */ 5564 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5565 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5566 5567 } else if (sc->mac_ver == 0x3572) { 5568 run_rt3070_rf_read(sc, 6, &rf); 5569 run_rt3070_rf_write(sc, 6, rf | 0x40); 5570 5571 /* increase voltage from 1.2V to 1.35V */ 5572 run_read(sc, RT3070_LDO_CFG0, &tmp); 5573 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5574 run_write(sc, RT3070_LDO_CFG0, tmp); 5575 5576 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5577 run_delay(sc, 1); /* wait for 1msec */ 5578 /* decrease voltage back to 1.2V */ 5579 tmp = (tmp & ~0x1f000000) | 0x01000000; 5580 run_write(sc, RT3070_LDO_CFG0, tmp); 5581 } 5582 } 5583 5584 /* select 20MHz bandwidth */ 5585 run_rt3070_rf_read(sc, 31, &rf); 5586 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5587 5588 /* calibrate filter for 20MHz bandwidth */ 5589 sc->rf24_20mhz = 0x1f; /* default value */ 5590 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5591 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5592 5593 /* select 40MHz bandwidth */ 5594 run_bbp_read(sc, 4, &bbp4); 5595 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5596 run_rt3070_rf_read(sc, 31, &rf); 5597 run_rt3070_rf_write(sc, 31, rf | 0x20); 5598 5599 /* calibrate filter for 40MHz bandwidth */ 5600 sc->rf24_40mhz = 0x2f; /* default value */ 5601 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5602 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5603 5604 /* go back to 20MHz bandwidth */ 5605 run_bbp_read(sc, 4, &bbp4); 5606 run_bbp_write(sc, 4, bbp4 & ~0x18); 5607 5608 if (sc->mac_ver == 0x3572) { 5609 /* save default BBP registers 25 and 26 values */ 5610 run_bbp_read(sc, 25, &sc->bbp25); 5611 run_bbp_read(sc, 26, &sc->bbp26); 5612 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5613 run_rt3070_rf_write(sc, 27, 0x03); 5614 5615 run_read(sc, RT3070_OPT_14, &tmp); 5616 run_write(sc, RT3070_OPT_14, tmp | 1); 5617 5618 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5619 run_rt3070_rf_read(sc, 17, &rf); 5620 rf &= ~RT3070_TX_LO1; 5621 if ((sc->mac_ver == 0x3070 || 5622 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5623 !sc->ext_2ghz_lna) 5624 rf |= 0x20; /* fix for long range Rx issue */ 5625 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5626 if (sc->txmixgain_2ghz >= mingain) 5627 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5628 run_rt3070_rf_write(sc, 17, rf); 5629 } 5630 5631 if (sc->mac_ver == 0x3071) { 5632 run_rt3070_rf_read(sc, 1, &rf); 5633 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5634 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5635 run_rt3070_rf_write(sc, 1, rf); 5636 5637 run_rt3070_rf_read(sc, 15, &rf); 5638 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5639 5640 run_rt3070_rf_read(sc, 20, &rf); 5641 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5642 5643 run_rt3070_rf_read(sc, 21, &rf); 5644 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5645 } 5646 5647 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5648 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5649 run_rt3070_rf_read(sc, 27, &rf); 5650 rf &= ~0x77; 5651 if (sc->mac_rev < 0x0211) 5652 rf |= 0x03; 5653 run_rt3070_rf_write(sc, 27, rf); 5654 } 5655 return (0); 5656 } 5657 5658 static void 5659 run_rt3593_rf_init(struct run_softc *sc) 5660 { 5661 uint32_t tmp; 5662 uint8_t rf; 5663 u_int i; 5664 5665 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5666 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5667 tmp &= ~(1 << 4 | 1 << 7); 5668 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5669 5670 /* Initialize RF registers to default value. */ 5671 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5672 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5673 rt3593_def_rf[i].val); 5674 } 5675 5676 /* Toggle RF R2 to initiate calibration. */ 5677 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5678 5679 /* Initialize RF frequency offset. */ 5680 run_adjust_freq_offset(sc); 5681 5682 run_rt3070_rf_read(sc, 18, &rf); 5683 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5684 5685 /* 5686 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5687 * decrease voltage back to 1.2V. 5688 */ 5689 run_read(sc, RT3070_LDO_CFG0, &tmp); 5690 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5691 run_write(sc, RT3070_LDO_CFG0, tmp); 5692 run_delay(sc, 1); 5693 tmp = (tmp & ~0x1f000000) | 0x01000000; 5694 run_write(sc, RT3070_LDO_CFG0, tmp); 5695 5696 sc->rf24_20mhz = 0x1f; 5697 sc->rf24_40mhz = 0x2f; 5698 5699 /* Save default BBP registers 25 and 26 values. */ 5700 run_bbp_read(sc, 25, &sc->bbp25); 5701 run_bbp_read(sc, 26, &sc->bbp26); 5702 5703 run_read(sc, RT3070_OPT_14, &tmp); 5704 run_write(sc, RT3070_OPT_14, tmp | 1); 5705 } 5706 5707 static void 5708 run_rt5390_rf_init(struct run_softc *sc) 5709 { 5710 uint32_t tmp; 5711 uint8_t rf; 5712 u_int i; 5713 5714 /* Toggle RF R2 to initiate calibration. */ 5715 if (sc->mac_ver == 0x5390) { 5716 run_rt3070_rf_read(sc, 2, &rf); 5717 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5718 run_delay(sc, 10); 5719 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5720 } else { 5721 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5722 run_delay(sc, 10); 5723 } 5724 5725 /* Initialize RF registers to default value. */ 5726 if (sc->mac_ver == 0x5592) { 5727 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5728 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5729 rt5592_def_rf[i].val); 5730 } 5731 /* Initialize RF frequency offset. */ 5732 run_adjust_freq_offset(sc); 5733 } else if (sc->mac_ver == 0x5392) { 5734 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5735 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5736 rt5392_def_rf[i].val); 5737 } 5738 if (sc->mac_rev >= 0x0223) { 5739 run_rt3070_rf_write(sc, 23, 0x0f); 5740 run_rt3070_rf_write(sc, 24, 0x3e); 5741 run_rt3070_rf_write(sc, 51, 0x32); 5742 run_rt3070_rf_write(sc, 53, 0x22); 5743 run_rt3070_rf_write(sc, 56, 0xc1); 5744 run_rt3070_rf_write(sc, 59, 0x0f); 5745 } 5746 } else { 5747 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5748 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5749 rt5390_def_rf[i].val); 5750 } 5751 if (sc->mac_rev >= 0x0502) { 5752 run_rt3070_rf_write(sc, 6, 0xe0); 5753 run_rt3070_rf_write(sc, 25, 0x80); 5754 run_rt3070_rf_write(sc, 46, 0x73); 5755 run_rt3070_rf_write(sc, 53, 0x00); 5756 run_rt3070_rf_write(sc, 56, 0x42); 5757 run_rt3070_rf_write(sc, 61, 0xd1); 5758 } 5759 } 5760 5761 sc->rf24_20mhz = 0x1f; /* default value */ 5762 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5763 5764 if (sc->mac_rev < 0x0211) 5765 run_rt3070_rf_write(sc, 27, 0x3); 5766 5767 run_read(sc, RT3070_OPT_14, &tmp); 5768 run_write(sc, RT3070_OPT_14, tmp | 1); 5769 } 5770 5771 static int 5772 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5773 uint8_t *val) 5774 { 5775 uint8_t rf22, rf24; 5776 uint8_t bbp55_pb, bbp55_sb, delta; 5777 int ntries; 5778 5779 /* program filter */ 5780 run_rt3070_rf_read(sc, 24, &rf24); 5781 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5782 run_rt3070_rf_write(sc, 24, rf24); 5783 5784 /* enable baseband loopback mode */ 5785 run_rt3070_rf_read(sc, 22, &rf22); 5786 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5787 5788 /* set power and frequency of passband test tone */ 5789 run_bbp_write(sc, 24, 0x00); 5790 for (ntries = 0; ntries < 100; ntries++) { 5791 /* transmit test tone */ 5792 run_bbp_write(sc, 25, 0x90); 5793 run_delay(sc, 10); 5794 /* read received power */ 5795 run_bbp_read(sc, 55, &bbp55_pb); 5796 if (bbp55_pb != 0) 5797 break; 5798 } 5799 if (ntries == 100) 5800 return (ETIMEDOUT); 5801 5802 /* set power and frequency of stopband test tone */ 5803 run_bbp_write(sc, 24, 0x06); 5804 for (ntries = 0; ntries < 100; ntries++) { 5805 /* transmit test tone */ 5806 run_bbp_write(sc, 25, 0x90); 5807 run_delay(sc, 10); 5808 /* read received power */ 5809 run_bbp_read(sc, 55, &bbp55_sb); 5810 5811 delta = bbp55_pb - bbp55_sb; 5812 if (delta > target) 5813 break; 5814 5815 /* reprogram filter */ 5816 rf24++; 5817 run_rt3070_rf_write(sc, 24, rf24); 5818 } 5819 if (ntries < 100) { 5820 if (rf24 != init) 5821 rf24--; /* backtrack */ 5822 *val = rf24; 5823 run_rt3070_rf_write(sc, 24, rf24); 5824 } 5825 5826 /* restore initial state */ 5827 run_bbp_write(sc, 24, 0x00); 5828 5829 /* disable baseband loopback mode */ 5830 run_rt3070_rf_read(sc, 22, &rf22); 5831 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5832 5833 return (0); 5834 } 5835 5836 static void 5837 run_rt3070_rf_setup(struct run_softc *sc) 5838 { 5839 uint8_t bbp, rf; 5840 int i; 5841 5842 if (sc->mac_ver == 0x3572) { 5843 /* enable DC filter */ 5844 if (sc->mac_rev >= 0x0201) 5845 run_bbp_write(sc, 103, 0xc0); 5846 5847 run_bbp_read(sc, 138, &bbp); 5848 if (sc->ntxchains == 1) 5849 bbp |= 0x20; /* turn off DAC1 */ 5850 if (sc->nrxchains == 1) 5851 bbp &= ~0x02; /* turn off ADC1 */ 5852 run_bbp_write(sc, 138, bbp); 5853 5854 if (sc->mac_rev >= 0x0211) { 5855 /* improve power consumption */ 5856 run_bbp_read(sc, 31, &bbp); 5857 run_bbp_write(sc, 31, bbp & ~0x03); 5858 } 5859 5860 run_rt3070_rf_read(sc, 16, &rf); 5861 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5862 run_rt3070_rf_write(sc, 16, rf); 5863 5864 } else if (sc->mac_ver == 0x3071) { 5865 if (sc->mac_rev >= 0x0211) { 5866 /* enable DC filter */ 5867 run_bbp_write(sc, 103, 0xc0); 5868 5869 /* improve power consumption */ 5870 run_bbp_read(sc, 31, &bbp); 5871 run_bbp_write(sc, 31, bbp & ~0x03); 5872 } 5873 5874 run_bbp_read(sc, 138, &bbp); 5875 if (sc->ntxchains == 1) 5876 bbp |= 0x20; /* turn off DAC1 */ 5877 if (sc->nrxchains == 1) 5878 bbp &= ~0x02; /* turn off ADC1 */ 5879 run_bbp_write(sc, 138, bbp); 5880 5881 run_write(sc, RT2860_TX_SW_CFG1, 0); 5882 if (sc->mac_rev < 0x0211) { 5883 run_write(sc, RT2860_TX_SW_CFG2, 5884 sc->patch_dac ? 0x2c : 0x0f); 5885 } else 5886 run_write(sc, RT2860_TX_SW_CFG2, 0); 5887 5888 } else if (sc->mac_ver == 0x3070) { 5889 if (sc->mac_rev >= 0x0201) { 5890 /* enable DC filter */ 5891 run_bbp_write(sc, 103, 0xc0); 5892 5893 /* improve power consumption */ 5894 run_bbp_read(sc, 31, &bbp); 5895 run_bbp_write(sc, 31, bbp & ~0x03); 5896 } 5897 5898 if (sc->mac_rev < 0x0201) { 5899 run_write(sc, RT2860_TX_SW_CFG1, 0); 5900 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5901 } else 5902 run_write(sc, RT2860_TX_SW_CFG2, 0); 5903 } 5904 5905 /* initialize RF registers from ROM for >=RT3071*/ 5906 if (sc->mac_ver >= 0x3071) { 5907 for (i = 0; i < 10; i++) { 5908 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5909 continue; 5910 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5911 } 5912 } 5913 } 5914 5915 static void 5916 run_rt3593_rf_setup(struct run_softc *sc) 5917 { 5918 uint8_t bbp, rf; 5919 5920 if (sc->mac_rev >= 0x0211) { 5921 /* Enable DC filter. */ 5922 run_bbp_write(sc, 103, 0xc0); 5923 } 5924 run_write(sc, RT2860_TX_SW_CFG1, 0); 5925 if (sc->mac_rev < 0x0211) { 5926 run_write(sc, RT2860_TX_SW_CFG2, 5927 sc->patch_dac ? 0x2c : 0x0f); 5928 } else 5929 run_write(sc, RT2860_TX_SW_CFG2, 0); 5930 5931 run_rt3070_rf_read(sc, 50, &rf); 5932 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5933 5934 run_rt3070_rf_read(sc, 51, &rf); 5935 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5936 ((sc->txmixgain_2ghz & 0x07) << 2); 5937 run_rt3070_rf_write(sc, 51, rf); 5938 5939 run_rt3070_rf_read(sc, 38, &rf); 5940 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5941 5942 run_rt3070_rf_read(sc, 39, &rf); 5943 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5944 5945 run_rt3070_rf_read(sc, 1, &rf); 5946 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5947 5948 run_rt3070_rf_read(sc, 30, &rf); 5949 rf = (rf & ~0x18) | 0x10; 5950 run_rt3070_rf_write(sc, 30, rf); 5951 5952 /* Apply maximum likelihood detection for 2 stream case. */ 5953 run_bbp_read(sc, 105, &bbp); 5954 if (sc->nrxchains > 1) 5955 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5956 5957 /* Avoid data lost and CRC error. */ 5958 run_bbp_read(sc, 4, &bbp); 5959 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5960 5961 run_bbp_write(sc, 92, 0x02); 5962 run_bbp_write(sc, 82, 0x82); 5963 run_bbp_write(sc, 106, 0x05); 5964 run_bbp_write(sc, 104, 0x92); 5965 run_bbp_write(sc, 88, 0x90); 5966 run_bbp_write(sc, 148, 0xc8); 5967 run_bbp_write(sc, 47, 0x48); 5968 run_bbp_write(sc, 120, 0x50); 5969 5970 run_bbp_write(sc, 163, 0x9d); 5971 5972 /* SNR mapping. */ 5973 run_bbp_write(sc, 142, 0x06); 5974 run_bbp_write(sc, 143, 0xa0); 5975 run_bbp_write(sc, 142, 0x07); 5976 run_bbp_write(sc, 143, 0xa1); 5977 run_bbp_write(sc, 142, 0x08); 5978 run_bbp_write(sc, 143, 0xa2); 5979 5980 run_bbp_write(sc, 31, 0x08); 5981 run_bbp_write(sc, 68, 0x0b); 5982 run_bbp_write(sc, 105, 0x04); 5983 } 5984 5985 static void 5986 run_rt5390_rf_setup(struct run_softc *sc) 5987 { 5988 uint8_t bbp, rf; 5989 5990 if (sc->mac_rev >= 0x0211) { 5991 /* Enable DC filter. */ 5992 run_bbp_write(sc, 103, 0xc0); 5993 5994 if (sc->mac_ver != 0x5592) { 5995 /* Improve power consumption. */ 5996 run_bbp_read(sc, 31, &bbp); 5997 run_bbp_write(sc, 31, bbp & ~0x03); 5998 } 5999 } 6000 6001 run_bbp_read(sc, 138, &bbp); 6002 if (sc->ntxchains == 1) 6003 bbp |= 0x20; /* turn off DAC1 */ 6004 if (sc->nrxchains == 1) 6005 bbp &= ~0x02; /* turn off ADC1 */ 6006 run_bbp_write(sc, 138, bbp); 6007 6008 run_rt3070_rf_read(sc, 38, &rf); 6009 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 6010 6011 run_rt3070_rf_read(sc, 39, &rf); 6012 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 6013 6014 /* Avoid data lost and CRC error. */ 6015 run_bbp_read(sc, 4, &bbp); 6016 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 6017 6018 run_rt3070_rf_read(sc, 30, &rf); 6019 rf = (rf & ~0x18) | 0x10; 6020 run_rt3070_rf_write(sc, 30, rf); 6021 6022 if (sc->mac_ver != 0x5592) { 6023 run_write(sc, RT2860_TX_SW_CFG1, 0); 6024 if (sc->mac_rev < 0x0211) { 6025 run_write(sc, RT2860_TX_SW_CFG2, 6026 sc->patch_dac ? 0x2c : 0x0f); 6027 } else 6028 run_write(sc, RT2860_TX_SW_CFG2, 0); 6029 } 6030 } 6031 6032 static int 6033 run_txrx_enable(struct run_softc *sc) 6034 { 6035 struct ieee80211com *ic = &sc->sc_ic; 6036 uint32_t tmp; 6037 int error, ntries; 6038 6039 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 6040 for (ntries = 0; ntries < 200; ntries++) { 6041 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 6042 return (error); 6043 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6044 break; 6045 run_delay(sc, 50); 6046 } 6047 if (ntries == 200) 6048 return (ETIMEDOUT); 6049 6050 run_delay(sc, 50); 6051 6052 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 6053 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6054 6055 /* enable Rx bulk aggregation (set timeout and limit) */ 6056 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 6057 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 6058 run_write(sc, RT2860_USB_DMA_CFG, tmp); 6059 6060 /* set Rx filter */ 6061 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 6062 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 6063 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 6064 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 6065 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 6066 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 6067 if (ic->ic_opmode == IEEE80211_M_STA) 6068 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 6069 } 6070 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 6071 6072 run_write(sc, RT2860_MAC_SYS_CTRL, 6073 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6074 6075 return (0); 6076 } 6077 6078 static void 6079 run_adjust_freq_offset(struct run_softc *sc) 6080 { 6081 uint8_t rf, tmp; 6082 6083 run_rt3070_rf_read(sc, 17, &rf); 6084 tmp = rf; 6085 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 6086 rf = MIN(rf, 0x5f); 6087 6088 if (tmp != rf) 6089 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6090 } 6091 6092 static void 6093 run_init_locked(struct run_softc *sc) 6094 { 6095 struct ieee80211com *ic = &sc->sc_ic; 6096 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6097 uint32_t tmp; 6098 uint8_t bbp1, bbp3; 6099 int i; 6100 int ridx; 6101 int ntries; 6102 6103 if (ic->ic_nrunning > 1) 6104 return; 6105 6106 run_stop(sc); 6107 6108 if (run_load_microcode(sc) != 0) { 6109 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6110 goto fail; 6111 } 6112 6113 for (ntries = 0; ntries < 100; ntries++) { 6114 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6115 goto fail; 6116 if (tmp != 0 && tmp != 0xffffffff) 6117 break; 6118 run_delay(sc, 10); 6119 } 6120 if (ntries == 100) 6121 goto fail; 6122 6123 for (i = 0; i != RUN_EP_QUEUES; i++) 6124 run_setup_tx_list(sc, &sc->sc_epq[i]); 6125 6126 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6127 6128 for (ntries = 0; ntries < 100; ntries++) { 6129 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6130 goto fail; 6131 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6132 break; 6133 run_delay(sc, 10); 6134 } 6135 if (ntries == 100) { 6136 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6137 goto fail; 6138 } 6139 tmp &= 0xff0; 6140 tmp |= RT2860_TX_WB_DDONE; 6141 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6142 6143 /* turn off PME_OEN to solve high-current issue */ 6144 run_read(sc, RT2860_SYS_CTRL, &tmp); 6145 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6146 6147 run_write(sc, RT2860_MAC_SYS_CTRL, 6148 RT2860_BBP_HRST | RT2860_MAC_SRST); 6149 run_write(sc, RT2860_USB_DMA_CFG, 0); 6150 6151 if (run_reset(sc) != 0) { 6152 device_printf(sc->sc_dev, "could not reset chipset\n"); 6153 goto fail; 6154 } 6155 6156 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6157 6158 /* init Tx power for all Tx rates (from EEPROM) */ 6159 for (ridx = 0; ridx < 5; ridx++) { 6160 if (sc->txpow20mhz[ridx] == 0xffffffff) 6161 continue; 6162 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6163 } 6164 6165 for (i = 0; i < nitems(rt2870_def_mac); i++) 6166 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6167 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6168 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6169 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6170 6171 if (sc->mac_ver >= 0x5390) { 6172 run_write(sc, RT2860_TX_SW_CFG0, 6173 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6174 if (sc->mac_ver >= 0x5392) { 6175 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6176 if (sc->mac_ver == 0x5592) { 6177 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6178 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6179 } else { 6180 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6181 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6182 } 6183 } 6184 } else if (sc->mac_ver == 0x3593) { 6185 run_write(sc, RT2860_TX_SW_CFG0, 6186 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6187 } else if (sc->mac_ver >= 0x3070) { 6188 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6189 run_write(sc, RT2860_TX_SW_CFG0, 6190 4 << RT2860_DLY_PAPE_EN_SHIFT); 6191 } 6192 6193 /* wait while MAC is busy */ 6194 for (ntries = 0; ntries < 100; ntries++) { 6195 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6196 goto fail; 6197 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6198 break; 6199 run_delay(sc, 10); 6200 } 6201 if (ntries == 100) 6202 goto fail; 6203 6204 /* clear Host to MCU mailbox */ 6205 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6206 run_write(sc, RT2860_H2M_MAILBOX, 0); 6207 run_delay(sc, 10); 6208 6209 if (run_bbp_init(sc) != 0) { 6210 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6211 goto fail; 6212 } 6213 6214 /* abort TSF synchronization */ 6215 run_disable_tsf(sc); 6216 6217 /* clear RX WCID search table */ 6218 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6219 /* clear WCID attribute table */ 6220 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6221 6222 /* hostapd sets a key before init. So, don't clear it. */ 6223 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6224 /* clear shared key table */ 6225 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6226 /* clear shared key mode */ 6227 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6228 } 6229 6230 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6231 tmp = (tmp & ~0xff) | 0x1e; 6232 run_write(sc, RT2860_US_CYC_CNT, tmp); 6233 6234 if (sc->mac_rev != 0x0101) 6235 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6236 6237 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6238 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6239 6240 /* write vendor-specific BBP values (from EEPROM) */ 6241 if (sc->mac_ver < 0x3593) { 6242 for (i = 0; i < 10; i++) { 6243 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6244 continue; 6245 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6246 } 6247 } 6248 6249 /* select Main antenna for 1T1R devices */ 6250 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6251 run_set_rx_antenna(sc, 0); 6252 6253 /* send LEDs operating mode to microcontroller */ 6254 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6255 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6256 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6257 6258 if (sc->mac_ver >= 0x5390) 6259 run_rt5390_rf_init(sc); 6260 else if (sc->mac_ver == 0x3593) 6261 run_rt3593_rf_init(sc); 6262 else if (sc->mac_ver >= 0x3070) 6263 run_rt3070_rf_init(sc); 6264 6265 /* disable non-existing Rx chains */ 6266 run_bbp_read(sc, 3, &bbp3); 6267 bbp3 &= ~(1 << 3 | 1 << 4); 6268 if (sc->nrxchains == 2) 6269 bbp3 |= 1 << 3; 6270 else if (sc->nrxchains == 3) 6271 bbp3 |= 1 << 4; 6272 run_bbp_write(sc, 3, bbp3); 6273 6274 /* disable non-existing Tx chains */ 6275 run_bbp_read(sc, 1, &bbp1); 6276 if (sc->ntxchains == 1) 6277 bbp1 &= ~(1 << 3 | 1 << 4); 6278 run_bbp_write(sc, 1, bbp1); 6279 6280 if (sc->mac_ver >= 0x5390) 6281 run_rt5390_rf_setup(sc); 6282 else if (sc->mac_ver == 0x3593) 6283 run_rt3593_rf_setup(sc); 6284 else if (sc->mac_ver >= 0x3070) 6285 run_rt3070_rf_setup(sc); 6286 6287 /* select default channel */ 6288 run_set_chan(sc, ic->ic_curchan); 6289 6290 /* setup initial protection mode */ 6291 run_updateprot_cb(ic); 6292 6293 /* turn radio LED on */ 6294 run_set_leds(sc, RT2860_LED_RADIO); 6295 6296 /* Set up AUTO_RSP_CFG register for auto response */ 6297 run_write(sc, RT2860_AUTO_RSP_CFG, RT2860_AUTO_RSP_EN | 6298 RT2860_BAC_ACKPOLICY_EN | RT2860_CTS_40M_MODE_EN); 6299 6300 sc->sc_flags |= RUN_RUNNING; 6301 sc->cmdq_run = RUN_CMDQ_GO; 6302 6303 for (i = 0; i != RUN_N_XFER; i++) 6304 usbd_xfer_set_stall(sc->sc_xfer[i]); 6305 6306 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6307 6308 if (run_txrx_enable(sc) != 0) 6309 goto fail; 6310 6311 return; 6312 6313 fail: 6314 run_stop(sc); 6315 } 6316 6317 static void 6318 run_stop(void *arg) 6319 { 6320 struct run_softc *sc = (struct run_softc *)arg; 6321 uint32_t tmp; 6322 int i; 6323 int ntries; 6324 6325 RUN_LOCK_ASSERT(sc, MA_OWNED); 6326 6327 if (sc->sc_flags & RUN_RUNNING) 6328 run_set_leds(sc, 0); /* turn all LEDs off */ 6329 6330 sc->sc_flags &= ~RUN_RUNNING; 6331 6332 sc->ratectl_run = RUN_RATECTL_OFF; 6333 sc->cmdq_run = sc->cmdq_key_set; 6334 6335 RUN_UNLOCK(sc); 6336 6337 for(i = 0; i < RUN_N_XFER; i++) 6338 usbd_transfer_drain(sc->sc_xfer[i]); 6339 6340 RUN_LOCK(sc); 6341 6342 run_drain_mbufq(sc); 6343 6344 if (sc->rx_m != NULL) { 6345 m_free(sc->rx_m); 6346 sc->rx_m = NULL; 6347 } 6348 6349 /* Disable Tx/Rx DMA. */ 6350 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6351 return; 6352 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6353 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6354 6355 for (ntries = 0; ntries < 100; ntries++) { 6356 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6357 return; 6358 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6359 break; 6360 run_delay(sc, 10); 6361 } 6362 if (ntries == 100) { 6363 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6364 return; 6365 } 6366 6367 /* disable Tx/Rx */ 6368 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6369 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6370 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6371 6372 /* wait for pending Tx to complete */ 6373 for (ntries = 0; ntries < 100; ntries++) { 6374 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6375 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6376 "Cannot read Tx queue count\n"); 6377 break; 6378 } 6379 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6380 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6381 "All Tx cleared\n"); 6382 break; 6383 } 6384 run_delay(sc, 10); 6385 } 6386 if (ntries >= 100) 6387 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6388 "There are still pending Tx\n"); 6389 run_delay(sc, 10); 6390 run_write(sc, RT2860_USB_DMA_CFG, 0); 6391 6392 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6393 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6394 6395 for (i = 0; i != RUN_EP_QUEUES; i++) 6396 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6397 } 6398 6399 static void 6400 run_delay(struct run_softc *sc, u_int ms) 6401 { 6402 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6403 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6404 } 6405 6406 static void 6407 run_update_chw(struct ieee80211com *ic) 6408 { 6409 6410 printf("%s: TODO\n", __func__); 6411 } 6412 6413 static int 6414 run_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 6415 { 6416 6417 /* For now, no A-MPDU TX support in the driver */ 6418 return (0); 6419 } 6420 6421 static device_method_t run_methods[] = { 6422 /* Device interface */ 6423 DEVMETHOD(device_probe, run_match), 6424 DEVMETHOD(device_attach, run_attach), 6425 DEVMETHOD(device_detach, run_detach), 6426 DEVMETHOD_END 6427 }; 6428 6429 static driver_t run_driver = { 6430 .name = "run", 6431 .methods = run_methods, 6432 .size = sizeof(struct run_softc) 6433 }; 6434 6435 DRIVER_MODULE(run, uhub, run_driver, run_driver_loaded, NULL); 6436 MODULE_DEPEND(run, wlan, 1, 1, 1); 6437 MODULE_DEPEND(run, usb, 1, 1, 1); 6438 MODULE_DEPEND(run, firmware, 1, 1, 1); 6439 MODULE_VERSION(run, 1); 6440 USB_PNP_HOST_INFO(run_devs); 6441