1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) \ 92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 93 94 /* 95 * Because of LOR in run_key_delete(), use atomic instead. 96 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 97 */ 98 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 99 100 static const STRUCT_USB_HOST_ID run_devs[] = { 101 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 102 #define RUN_DEV_EJECT(v,p) \ 103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 104 #define RUN_EJECT 1 105 RUN_DEV(ABOCOM, RT2770), 106 RUN_DEV(ABOCOM, RT2870), 107 RUN_DEV(ABOCOM, RT3070), 108 RUN_DEV(ABOCOM, RT3071), 109 RUN_DEV(ABOCOM, RT3072), 110 RUN_DEV(ABOCOM2, RT2870_1), 111 RUN_DEV(ACCTON, RT2770), 112 RUN_DEV(ACCTON, RT2870_1), 113 RUN_DEV(ACCTON, RT2870_2), 114 RUN_DEV(ACCTON, RT2870_3), 115 RUN_DEV(ACCTON, RT2870_4), 116 RUN_DEV(ACCTON, RT2870_5), 117 RUN_DEV(ACCTON, RT3070), 118 RUN_DEV(ACCTON, RT3070_1), 119 RUN_DEV(ACCTON, RT3070_2), 120 RUN_DEV(ACCTON, RT3070_3), 121 RUN_DEV(ACCTON, RT3070_4), 122 RUN_DEV(ACCTON, RT3070_5), 123 RUN_DEV(AIRTIES, RT3070), 124 RUN_DEV(ALLWIN, RT2070), 125 RUN_DEV(ALLWIN, RT2770), 126 RUN_DEV(ALLWIN, RT2870), 127 RUN_DEV(ALLWIN, RT3070), 128 RUN_DEV(ALLWIN, RT3071), 129 RUN_DEV(ALLWIN, RT3072), 130 RUN_DEV(ALLWIN, RT3572), 131 RUN_DEV(AMIGO, RT2870_1), 132 RUN_DEV(AMIGO, RT2870_2), 133 RUN_DEV(AMIT, CGWLUSB2GNR), 134 RUN_DEV(AMIT, RT2870_1), 135 RUN_DEV(AMIT2, RT2870), 136 RUN_DEV(ASUS, RT2870_1), 137 RUN_DEV(ASUS, RT2870_2), 138 RUN_DEV(ASUS, RT2870_3), 139 RUN_DEV(ASUS, RT2870_4), 140 RUN_DEV(ASUS, RT2870_5), 141 RUN_DEV(ASUS, USBN13), 142 RUN_DEV(ASUS, RT3070_1), 143 RUN_DEV(ASUS, USBN66), 144 RUN_DEV(ASUS, USB_N53), 145 RUN_DEV(ASUS2, USBN11), 146 RUN_DEV(AZUREWAVE, RT2870_1), 147 RUN_DEV(AZUREWAVE, RT2870_2), 148 RUN_DEV(AZUREWAVE, RT3070_1), 149 RUN_DEV(AZUREWAVE, RT3070_2), 150 RUN_DEV(AZUREWAVE, RT3070_3), 151 RUN_DEV(BELKIN, F9L1103), 152 RUN_DEV(BELKIN, F5D8053V3), 153 RUN_DEV(BELKIN, F5D8055), 154 RUN_DEV(BELKIN, F5D8055V2), 155 RUN_DEV(BELKIN, F6D4050V1), 156 RUN_DEV(BELKIN, F6D4050V2), 157 RUN_DEV(BELKIN, RT2870_1), 158 RUN_DEV(BELKIN, RT2870_2), 159 RUN_DEV(CISCOLINKSYS, AE1000), 160 RUN_DEV(CISCOLINKSYS2, RT3070), 161 RUN_DEV(CISCOLINKSYS3, RT3070), 162 RUN_DEV(CONCEPTRONIC2, RT2870_1), 163 RUN_DEV(CONCEPTRONIC2, RT2870_2), 164 RUN_DEV(CONCEPTRONIC2, RT2870_3), 165 RUN_DEV(CONCEPTRONIC2, RT2870_4), 166 RUN_DEV(CONCEPTRONIC2, RT2870_5), 167 RUN_DEV(CONCEPTRONIC2, RT2870_6), 168 RUN_DEV(CONCEPTRONIC2, RT2870_7), 169 RUN_DEV(CONCEPTRONIC2, RT2870_8), 170 RUN_DEV(CONCEPTRONIC2, RT3070_1), 171 RUN_DEV(CONCEPTRONIC2, RT3070_2), 172 RUN_DEV(CONCEPTRONIC2, VIGORN61), 173 RUN_DEV(COREGA, CGWLUSB300GNM), 174 RUN_DEV(COREGA, RT2870_1), 175 RUN_DEV(COREGA, RT2870_2), 176 RUN_DEV(COREGA, RT2870_3), 177 RUN_DEV(COREGA, RT3070), 178 RUN_DEV(CYBERTAN, RT2870), 179 RUN_DEV(DLINK, RT2870), 180 RUN_DEV(DLINK, RT3072), 181 RUN_DEV(DLINK, DWA127), 182 RUN_DEV(DLINK, DWA140B3), 183 RUN_DEV(DLINK, DWA160B2), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, RT2870_1), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCGNM2), 235 RUN_DEV(MOTOROLA4, RT2770), 236 RUN_DEV(MOTOROLA4, RT3070), 237 RUN_DEV(MSI, RT3070_1), 238 RUN_DEV(MSI, RT3070_2), 239 RUN_DEV(MSI, RT3070_3), 240 RUN_DEV(MSI, RT3070_4), 241 RUN_DEV(MSI, RT3070_5), 242 RUN_DEV(MSI, RT3070_6), 243 RUN_DEV(MSI, RT3070_7), 244 RUN_DEV(MSI, RT3070_8), 245 RUN_DEV(MSI, RT3070_9), 246 RUN_DEV(MSI, RT3070_10), 247 RUN_DEV(MSI, RT3070_11), 248 RUN_DEV(OVISLINK, RT3072), 249 RUN_DEV(PARA, RT3070), 250 RUN_DEV(PEGATRON, RT2870), 251 RUN_DEV(PEGATRON, RT3070), 252 RUN_DEV(PEGATRON, RT3070_2), 253 RUN_DEV(PEGATRON, RT3070_3), 254 RUN_DEV(PHILIPS, RT2870), 255 RUN_DEV(PLANEX2, GWUS300MINIS), 256 RUN_DEV(PLANEX2, GWUSMICRON), 257 RUN_DEV(PLANEX2, RT2870), 258 RUN_DEV(PLANEX2, RT3070), 259 RUN_DEV(QCOM, RT2870), 260 RUN_DEV(QUANTA, RT3070), 261 RUN_DEV(RALINK, RT2070), 262 RUN_DEV(RALINK, RT2770), 263 RUN_DEV(RALINK, RT2870), 264 RUN_DEV(RALINK, RT3070), 265 RUN_DEV(RALINK, RT3071), 266 RUN_DEV(RALINK, RT3072), 267 RUN_DEV(RALINK, RT3370), 268 RUN_DEV(RALINK, RT3572), 269 RUN_DEV(RALINK, RT3573), 270 RUN_DEV(RALINK, RT5370), 271 RUN_DEV(RALINK, RT5572), 272 RUN_DEV(RALINK, RT8070), 273 RUN_DEV(SAMSUNG, WIS09ABGN), 274 RUN_DEV(SAMSUNG2, RT2870_1), 275 RUN_DEV(SENAO, RT2870_1), 276 RUN_DEV(SENAO, RT2870_2), 277 RUN_DEV(SENAO, RT2870_3), 278 RUN_DEV(SENAO, RT2870_4), 279 RUN_DEV(SENAO, RT3070), 280 RUN_DEV(SENAO, RT3071), 281 RUN_DEV(SENAO, RT3072_1), 282 RUN_DEV(SENAO, RT3072_2), 283 RUN_DEV(SENAO, RT3072_3), 284 RUN_DEV(SENAO, RT3072_4), 285 RUN_DEV(SENAO, RT3072_5), 286 RUN_DEV(SITECOMEU, RT2770), 287 RUN_DEV(SITECOMEU, RT2870_1), 288 RUN_DEV(SITECOMEU, RT2870_2), 289 RUN_DEV(SITECOMEU, RT2870_3), 290 RUN_DEV(SITECOMEU, RT2870_4), 291 RUN_DEV(SITECOMEU, RT3070), 292 RUN_DEV(SITECOMEU, RT3070_2), 293 RUN_DEV(SITECOMEU, RT3070_3), 294 RUN_DEV(SITECOMEU, RT3070_4), 295 RUN_DEV(SITECOMEU, RT3071), 296 RUN_DEV(SITECOMEU, RT3072_1), 297 RUN_DEV(SITECOMEU, RT3072_2), 298 RUN_DEV(SITECOMEU, RT3072_3), 299 RUN_DEV(SITECOMEU, RT3072_4), 300 RUN_DEV(SITECOMEU, RT3072_5), 301 RUN_DEV(SITECOMEU, RT3072_6), 302 RUN_DEV(SITECOMEU, WL608), 303 RUN_DEV(SPARKLAN, RT2870_1), 304 RUN_DEV(SPARKLAN, RT3070), 305 RUN_DEV(SWEEX2, LW153), 306 RUN_DEV(SWEEX2, LW303), 307 RUN_DEV(SWEEX2, LW313), 308 RUN_DEV(TOSHIBA, RT3070), 309 RUN_DEV(UMEDIA, RT2870_1), 310 RUN_DEV(ZCOM, RT2870_1), 311 RUN_DEV(ZCOM, RT2870_2), 312 RUN_DEV(ZINWELL, RT2870_1), 313 RUN_DEV(ZINWELL, RT2870_2), 314 RUN_DEV(ZINWELL, RT3070), 315 RUN_DEV(ZINWELL, RT3072_1), 316 RUN_DEV(ZINWELL, RT3072_2), 317 RUN_DEV(ZYXEL, RT2870_1), 318 RUN_DEV(ZYXEL, RT2870_2), 319 RUN_DEV(ZYXEL, RT3070), 320 RUN_DEV_EJECT(ZYXEL, NWD2705), 321 RUN_DEV_EJECT(RALINK, RT_STOR), 322 #undef RUN_DEV_EJECT 323 #undef RUN_DEV 324 }; 325 326 static device_probe_t run_match; 327 static device_attach_t run_attach; 328 static device_detach_t run_detach; 329 330 static usb_callback_t run_bulk_rx_callback; 331 static usb_callback_t run_bulk_tx_callback0; 332 static usb_callback_t run_bulk_tx_callback1; 333 static usb_callback_t run_bulk_tx_callback2; 334 static usb_callback_t run_bulk_tx_callback3; 335 static usb_callback_t run_bulk_tx_callback4; 336 static usb_callback_t run_bulk_tx_callback5; 337 338 static void run_autoinst(void *, struct usb_device *, 339 struct usb_attach_arg *); 340 static int run_driver_loaded(struct module *, int, void *); 341 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 342 usb_error_t error, u_int index); 343 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 344 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 345 const uint8_t [IEEE80211_ADDR_LEN], 346 const uint8_t [IEEE80211_ADDR_LEN]); 347 static void run_vap_delete(struct ieee80211vap *); 348 static void run_cmdq_cb(void *, int); 349 static void run_setup_tx_list(struct run_softc *, 350 struct run_endpoint_queue *); 351 static void run_unsetup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static int run_load_microcode(struct run_softc *); 354 static int run_reset(struct run_softc *); 355 static usb_error_t run_do_request(struct run_softc *, 356 struct usb_device_request *, void *); 357 static int run_read(struct run_softc *, uint16_t, uint32_t *); 358 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 359 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 360 static int run_write(struct run_softc *, uint16_t, uint32_t); 361 static int run_write_region_1(struct run_softc *, uint16_t, 362 const uint8_t *, int); 363 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 364 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 365 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 366 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 367 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 368 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 369 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 370 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 373 static const char *run_get_rf(uint16_t); 374 static void run_rt3593_get_txpower(struct run_softc *); 375 static void run_get_txpower(struct run_softc *); 376 static int run_read_eeprom(struct run_softc *); 377 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 378 const uint8_t mac[IEEE80211_ADDR_LEN]); 379 static int run_media_change(struct ifnet *); 380 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 381 static int run_wme_update(struct ieee80211com *); 382 static void run_wme_update_cb(void *); 383 static void run_key_update_begin(struct ieee80211vap *); 384 static void run_key_update_end(struct ieee80211vap *); 385 static void run_key_set_cb(void *); 386 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 387 const uint8_t mac[IEEE80211_ADDR_LEN]); 388 static void run_key_delete_cb(void *); 389 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 390 static void run_ratectl_to(void *); 391 static void run_ratectl_cb(void *, int); 392 static void run_drain_fifo(void *); 393 static void run_iter_func(void *, struct ieee80211_node *); 394 static void run_newassoc_cb(void *); 395 static void run_newassoc(struct ieee80211_node *, int); 396 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 397 static void run_tx_free(struct run_endpoint_queue *pq, 398 struct run_tx_data *, int); 399 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 400 static int run_tx(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402 static int run_tx_mgt(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_sendprot(struct run_softc *, const struct mbuf *, 405 struct ieee80211_node *, int, int); 406 static int run_tx_param(struct run_softc *, struct mbuf *, 407 struct ieee80211_node *, 408 const struct ieee80211_bpf_params *); 409 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 410 const struct ieee80211_bpf_params *); 411 static void run_start(struct ifnet *); 412 static int run_ioctl(struct ifnet *, u_long, caddr_t); 413 static void run_iq_calib(struct run_softc *, u_int); 414 static void run_set_agc(struct run_softc *, uint8_t); 415 static void run_select_chan_group(struct run_softc *, int); 416 static void run_set_rx_antenna(struct run_softc *, int); 417 static void run_rt2870_set_chan(struct run_softc *, u_int); 418 static void run_rt3070_set_chan(struct run_softc *, u_int); 419 static void run_rt3572_set_chan(struct run_softc *, u_int); 420 static void run_rt3593_set_chan(struct run_softc *, u_int); 421 static void run_rt5390_set_chan(struct run_softc *, u_int); 422 static void run_rt5592_set_chan(struct run_softc *, u_int); 423 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 424 static void run_set_channel(struct ieee80211com *); 425 static void run_scan_start(struct ieee80211com *); 426 static void run_scan_end(struct ieee80211com *); 427 static void run_update_beacon(struct ieee80211vap *, int); 428 static void run_update_beacon_cb(void *); 429 static void run_updateprot(struct ieee80211com *); 430 static void run_updateprot_cb(void *); 431 static void run_usb_timeout_cb(void *); 432 static void run_reset_livelock(struct run_softc *); 433 static void run_enable_tsf_sync(struct run_softc *); 434 static void run_enable_mrr(struct run_softc *); 435 static void run_set_txpreamble(struct run_softc *); 436 static void run_set_basicrates(struct run_softc *); 437 static void run_set_leds(struct run_softc *, uint16_t); 438 static void run_set_bssid(struct run_softc *, const uint8_t *); 439 static void run_set_macaddr(struct run_softc *, const uint8_t *); 440 static void run_updateslot(struct ifnet *); 441 static void run_updateslot_cb(void *); 442 static void run_update_mcast(struct ifnet *); 443 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 444 static void run_update_promisc_locked(struct ifnet *); 445 static void run_update_promisc(struct ifnet *); 446 static void run_rt5390_bbp_init(struct run_softc *); 447 static int run_bbp_init(struct run_softc *); 448 static int run_rt3070_rf_init(struct run_softc *); 449 static void run_rt3593_rf_init(struct run_softc *); 450 static void run_rt5390_rf_init(struct run_softc *); 451 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 452 uint8_t *); 453 static void run_rt3070_rf_setup(struct run_softc *); 454 static void run_rt3593_rf_setup(struct run_softc *); 455 static void run_rt5390_rf_setup(struct run_softc *); 456 static int run_txrx_enable(struct run_softc *); 457 static void run_adjust_freq_offset(struct run_softc *); 458 static void run_init(void *); 459 static void run_init_locked(struct run_softc *); 460 static void run_stop(void *); 461 static void run_delay(struct run_softc *, u_int); 462 463 static eventhandler_tag run_etag; 464 465 static const struct rt2860_rate { 466 uint8_t rate; 467 uint8_t mcs; 468 enum ieee80211_phytype phy; 469 uint8_t ctl_ridx; 470 uint16_t sp_ack_dur; 471 uint16_t lp_ack_dur; 472 } rt2860_rates[] = { 473 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 474 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 475 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 476 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 477 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 478 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 479 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 480 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 481 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 482 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 483 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 484 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 485 }; 486 487 static const struct { 488 uint16_t reg; 489 uint32_t val; 490 } rt2870_def_mac[] = { 491 RT2870_DEF_MAC 492 }; 493 494 static const struct { 495 uint8_t reg; 496 uint8_t val; 497 } rt2860_def_bbp[] = { 498 RT2860_DEF_BBP 499 },rt5390_def_bbp[] = { 500 RT5390_DEF_BBP 501 },rt5592_def_bbp[] = { 502 RT5592_DEF_BBP 503 }; 504 505 /* 506 * Default values for BBP register R196 for RT5592. 507 */ 508 static const uint8_t rt5592_bbp_r196[] = { 509 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 510 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 511 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 512 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 513 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 514 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 515 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 516 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 517 0x2e, 0x36, 0x30, 0x6e 518 }; 519 520 static const struct rfprog { 521 uint8_t chan; 522 uint32_t r1, r2, r3, r4; 523 } rt2860_rf2850[] = { 524 RT2860_RF2850 525 }; 526 527 struct { 528 uint8_t n, r, k; 529 } rt3070_freqs[] = { 530 RT3070_RF3052 531 }; 532 533 static const struct rt5592_freqs { 534 uint16_t n; 535 uint8_t k, m, r; 536 } rt5592_freqs_20mhz[] = { 537 RT5592_RF5592_20MHZ 538 },rt5592_freqs_40mhz[] = { 539 RT5592_RF5592_40MHZ 540 }; 541 542 static const struct { 543 uint8_t reg; 544 uint8_t val; 545 } rt3070_def_rf[] = { 546 RT3070_DEF_RF 547 },rt3572_def_rf[] = { 548 RT3572_DEF_RF 549 },rt3593_def_rf[] = { 550 RT3593_DEF_RF 551 },rt5390_def_rf[] = { 552 RT5390_DEF_RF 553 },rt5392_def_rf[] = { 554 RT5392_DEF_RF 555 },rt5592_def_rf[] = { 556 RT5592_DEF_RF 557 },rt5592_2ghz_def_rf[] = { 558 RT5592_2GHZ_DEF_RF 559 },rt5592_5ghz_def_rf[] = { 560 RT5592_5GHZ_DEF_RF 561 }; 562 563 static const struct { 564 u_int firstchan; 565 u_int lastchan; 566 uint8_t reg; 567 uint8_t val; 568 } rt5592_chan_5ghz[] = { 569 RT5592_CHAN_5GHZ 570 }; 571 572 static const struct usb_config run_config[RUN_N_XFER] = { 573 [RUN_BULK_TX_BE] = { 574 .type = UE_BULK, 575 .endpoint = UE_ADDR_ANY, 576 .ep_index = 0, 577 .direction = UE_DIR_OUT, 578 .bufsize = RUN_MAX_TXSZ, 579 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 580 .callback = run_bulk_tx_callback0, 581 .timeout = 5000, /* ms */ 582 }, 583 [RUN_BULK_TX_BK] = { 584 .type = UE_BULK, 585 .endpoint = UE_ADDR_ANY, 586 .direction = UE_DIR_OUT, 587 .ep_index = 1, 588 .bufsize = RUN_MAX_TXSZ, 589 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 590 .callback = run_bulk_tx_callback1, 591 .timeout = 5000, /* ms */ 592 }, 593 [RUN_BULK_TX_VI] = { 594 .type = UE_BULK, 595 .endpoint = UE_ADDR_ANY, 596 .direction = UE_DIR_OUT, 597 .ep_index = 2, 598 .bufsize = RUN_MAX_TXSZ, 599 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 600 .callback = run_bulk_tx_callback2, 601 .timeout = 5000, /* ms */ 602 }, 603 [RUN_BULK_TX_VO] = { 604 .type = UE_BULK, 605 .endpoint = UE_ADDR_ANY, 606 .direction = UE_DIR_OUT, 607 .ep_index = 3, 608 .bufsize = RUN_MAX_TXSZ, 609 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 610 .callback = run_bulk_tx_callback3, 611 .timeout = 5000, /* ms */ 612 }, 613 [RUN_BULK_TX_HCCA] = { 614 .type = UE_BULK, 615 .endpoint = UE_ADDR_ANY, 616 .direction = UE_DIR_OUT, 617 .ep_index = 4, 618 .bufsize = RUN_MAX_TXSZ, 619 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 620 .callback = run_bulk_tx_callback4, 621 .timeout = 5000, /* ms */ 622 }, 623 [RUN_BULK_TX_PRIO] = { 624 .type = UE_BULK, 625 .endpoint = UE_ADDR_ANY, 626 .direction = UE_DIR_OUT, 627 .ep_index = 5, 628 .bufsize = RUN_MAX_TXSZ, 629 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 630 .callback = run_bulk_tx_callback5, 631 .timeout = 5000, /* ms */ 632 }, 633 [RUN_BULK_RX] = { 634 .type = UE_BULK, 635 .endpoint = UE_ADDR_ANY, 636 .direction = UE_DIR_IN, 637 .bufsize = RUN_MAX_RXSZ, 638 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 639 .callback = run_bulk_rx_callback, 640 } 641 }; 642 643 static void 644 run_autoinst(void *arg, struct usb_device *udev, 645 struct usb_attach_arg *uaa) 646 { 647 struct usb_interface *iface; 648 struct usb_interface_descriptor *id; 649 650 if (uaa->dev_state != UAA_DEV_READY) 651 return; 652 653 iface = usbd_get_iface(udev, 0); 654 if (iface == NULL) 655 return; 656 id = iface->idesc; 657 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 658 return; 659 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 660 return; 661 662 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 663 uaa->dev_state = UAA_DEV_EJECTING; 664 } 665 666 static int 667 run_driver_loaded(struct module *mod, int what, void *arg) 668 { 669 switch (what) { 670 case MOD_LOAD: 671 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 672 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 673 break; 674 case MOD_UNLOAD: 675 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 676 break; 677 default: 678 return (EOPNOTSUPP); 679 } 680 return (0); 681 } 682 683 static int 684 run_match(device_t self) 685 { 686 struct usb_attach_arg *uaa = device_get_ivars(self); 687 688 if (uaa->usb_mode != USB_MODE_HOST) 689 return (ENXIO); 690 if (uaa->info.bConfigIndex != 0) 691 return (ENXIO); 692 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 693 return (ENXIO); 694 695 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 696 } 697 698 static int 699 run_attach(device_t self) 700 { 701 struct run_softc *sc = device_get_softc(self); 702 struct usb_attach_arg *uaa = device_get_ivars(self); 703 struct ieee80211com *ic; 704 struct ifnet *ifp; 705 uint32_t ver; 706 int ntries, error; 707 uint8_t iface_index, bands; 708 709 device_set_usb_desc(self); 710 sc->sc_udev = uaa->device; 711 sc->sc_dev = self; 712 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 713 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 714 715 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 716 MTX_NETWORK_LOCK, MTX_DEF); 717 718 iface_index = RT2860_IFACE_INDEX; 719 720 error = usbd_transfer_setup(uaa->device, &iface_index, 721 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 722 if (error) { 723 device_printf(self, "could not allocate USB transfers, " 724 "err=%s\n", usbd_errstr(error)); 725 goto detach; 726 } 727 728 RUN_LOCK(sc); 729 730 /* wait for the chip to settle */ 731 for (ntries = 0; ntries < 100; ntries++) { 732 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 733 RUN_UNLOCK(sc); 734 goto detach; 735 } 736 if (ver != 0 && ver != 0xffffffff) 737 break; 738 run_delay(sc, 10); 739 } 740 if (ntries == 100) { 741 device_printf(sc->sc_dev, 742 "timeout waiting for NIC to initialize\n"); 743 RUN_UNLOCK(sc); 744 goto detach; 745 } 746 sc->mac_ver = ver >> 16; 747 sc->mac_rev = ver & 0xffff; 748 749 /* retrieve RF rev. no and various other things from EEPROM */ 750 run_read_eeprom(sc); 751 752 device_printf(sc->sc_dev, 753 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 754 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 755 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 756 757 RUN_UNLOCK(sc); 758 759 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 760 if (ifp == NULL) { 761 device_printf(sc->sc_dev, "can not if_alloc()\n"); 762 goto detach; 763 } 764 ic = ifp->if_l2com; 765 766 ifp->if_softc = sc; 767 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 768 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 769 ifp->if_init = run_init; 770 ifp->if_ioctl = run_ioctl; 771 ifp->if_start = run_start; 772 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 773 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 774 IFQ_SET_READY(&ifp->if_snd); 775 776 ic->ic_ifp = ifp; 777 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 778 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 779 780 /* set device capabilities */ 781 ic->ic_caps = 782 IEEE80211_C_STA | /* station mode supported */ 783 IEEE80211_C_MONITOR | /* monitor mode supported */ 784 IEEE80211_C_IBSS | 785 IEEE80211_C_HOSTAP | 786 IEEE80211_C_WDS | /* 4-address traffic works */ 787 IEEE80211_C_MBSS | 788 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 789 IEEE80211_C_SHSLOT | /* short slot time supported */ 790 IEEE80211_C_WME | /* WME */ 791 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 792 793 ic->ic_cryptocaps = 794 IEEE80211_CRYPTO_WEP | 795 IEEE80211_CRYPTO_AES_CCM | 796 IEEE80211_CRYPTO_TKIPMIC | 797 IEEE80211_CRYPTO_TKIP; 798 799 ic->ic_flags |= IEEE80211_F_DATAPAD; 800 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 801 802 bands = 0; 803 setbit(&bands, IEEE80211_MODE_11B); 804 setbit(&bands, IEEE80211_MODE_11G); 805 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 806 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 807 sc->rf_rev == RT5592_RF_5592) 808 setbit(&bands, IEEE80211_MODE_11A); 809 ieee80211_init_channels(ic, NULL, &bands); 810 811 ieee80211_ifattach(ic, sc->sc_bssid); 812 813 ic->ic_scan_start = run_scan_start; 814 ic->ic_scan_end = run_scan_end; 815 ic->ic_set_channel = run_set_channel; 816 ic->ic_node_alloc = run_node_alloc; 817 ic->ic_newassoc = run_newassoc; 818 ic->ic_updateslot = run_updateslot; 819 ic->ic_update_mcast = run_update_mcast; 820 ic->ic_wme.wme_update = run_wme_update; 821 ic->ic_raw_xmit = run_raw_xmit; 822 ic->ic_update_promisc = run_update_promisc; 823 824 ic->ic_vap_create = run_vap_create; 825 ic->ic_vap_delete = run_vap_delete; 826 827 ieee80211_radiotap_attach(ic, 828 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 829 RUN_TX_RADIOTAP_PRESENT, 830 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 831 RUN_RX_RADIOTAP_PRESENT); 832 833 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 834 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 835 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 836 837 if (bootverbose) 838 ieee80211_announce(ic); 839 840 return (0); 841 842 detach: 843 run_detach(self); 844 return (ENXIO); 845 } 846 847 static int 848 run_detach(device_t self) 849 { 850 struct run_softc *sc = device_get_softc(self); 851 struct ifnet *ifp = sc->sc_ifp; 852 struct ieee80211com *ic; 853 int i; 854 855 RUN_LOCK(sc); 856 sc->sc_detached = 1; 857 RUN_UNLOCK(sc); 858 859 /* stop all USB transfers */ 860 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 861 862 RUN_LOCK(sc); 863 sc->ratectl_run = RUN_RATECTL_OFF; 864 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 865 866 /* free TX list, if any */ 867 for (i = 0; i != RUN_EP_QUEUES; i++) 868 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 869 RUN_UNLOCK(sc); 870 871 if (ifp) { 872 ic = ifp->if_l2com; 873 /* drain tasks */ 874 usb_callout_drain(&sc->ratectl_ch); 875 ieee80211_draintask(ic, &sc->cmdq_task); 876 ieee80211_draintask(ic, &sc->ratectl_task); 877 ieee80211_ifdetach(ic); 878 if_free(ifp); 879 } 880 881 mtx_destroy(&sc->sc_mtx); 882 883 return (0); 884 } 885 886 static struct ieee80211vap * 887 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 888 enum ieee80211_opmode opmode, int flags, 889 const uint8_t bssid[IEEE80211_ADDR_LEN], 890 const uint8_t mac[IEEE80211_ADDR_LEN]) 891 { 892 struct ifnet *ifp = ic->ic_ifp; 893 struct run_softc *sc = ifp->if_softc; 894 struct run_vap *rvp; 895 struct ieee80211vap *vap; 896 int i; 897 898 if (sc->rvp_cnt >= RUN_VAP_MAX) { 899 if_printf(ifp, "number of VAPs maxed out\n"); 900 return (NULL); 901 } 902 903 switch (opmode) { 904 case IEEE80211_M_STA: 905 /* enable s/w bmiss handling for sta mode */ 906 flags |= IEEE80211_CLONE_NOBEACONS; 907 /* fall though */ 908 case IEEE80211_M_IBSS: 909 case IEEE80211_M_MONITOR: 910 case IEEE80211_M_HOSTAP: 911 case IEEE80211_M_MBSS: 912 /* other than WDS vaps, only one at a time */ 913 if (!TAILQ_EMPTY(&ic->ic_vaps)) 914 return (NULL); 915 break; 916 case IEEE80211_M_WDS: 917 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 918 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 919 continue; 920 /* WDS vap's always share the local mac address. */ 921 flags &= ~IEEE80211_CLONE_BSSID; 922 break; 923 } 924 if (vap == NULL) { 925 if_printf(ifp, "wds only supported in ap mode\n"); 926 return (NULL); 927 } 928 break; 929 default: 930 if_printf(ifp, "unknown opmode %d\n", opmode); 931 return (NULL); 932 } 933 934 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 935 M_80211_VAP, M_NOWAIT | M_ZERO); 936 if (rvp == NULL) 937 return (NULL); 938 vap = &rvp->vap; 939 940 if (ieee80211_vap_setup(ic, vap, name, unit, 941 opmode, flags, bssid, mac) != 0) { 942 /* out of memory */ 943 free(rvp, M_80211_VAP); 944 return (NULL); 945 } 946 947 vap->iv_key_update_begin = run_key_update_begin; 948 vap->iv_key_update_end = run_key_update_end; 949 vap->iv_update_beacon = run_update_beacon; 950 vap->iv_max_aid = RT2870_WCID_MAX; 951 /* 952 * To delete the right key from h/w, we need wcid. 953 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 954 * and matching wcid will be written into there. So, cast 955 * some spells to remove 'const' from ieee80211_key{} 956 */ 957 vap->iv_key_delete = (void *)run_key_delete; 958 vap->iv_key_set = (void *)run_key_set; 959 960 /* override state transition machine */ 961 rvp->newstate = vap->iv_newstate; 962 vap->iv_newstate = run_newstate; 963 964 ieee80211_ratectl_init(vap); 965 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 966 967 /* complete setup */ 968 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 969 970 /* make sure id is always unique */ 971 for (i = 0; i < RUN_VAP_MAX; i++) { 972 if((sc->rvp_bmap & 1 << i) == 0){ 973 sc->rvp_bmap |= 1 << i; 974 rvp->rvp_id = i; 975 break; 976 } 977 } 978 if (sc->rvp_cnt++ == 0) 979 ic->ic_opmode = opmode; 980 981 if (opmode == IEEE80211_M_HOSTAP) 982 sc->cmdq_run = RUN_CMDQ_GO; 983 984 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 985 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 986 987 return (vap); 988 } 989 990 static void 991 run_vap_delete(struct ieee80211vap *vap) 992 { 993 struct run_vap *rvp = RUN_VAP(vap); 994 struct ifnet *ifp; 995 struct ieee80211com *ic; 996 struct run_softc *sc; 997 uint8_t rvp_id; 998 999 if (vap == NULL) 1000 return; 1001 1002 ic = vap->iv_ic; 1003 ifp = ic->ic_ifp; 1004 1005 sc = ifp->if_softc; 1006 1007 RUN_LOCK(sc); 1008 1009 m_freem(rvp->beacon_mbuf); 1010 rvp->beacon_mbuf = NULL; 1011 1012 rvp_id = rvp->rvp_id; 1013 sc->ratectl_run &= ~(1 << rvp_id); 1014 sc->rvp_bmap &= ~(1 << rvp_id); 1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1017 --sc->rvp_cnt; 1018 1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1021 1022 RUN_UNLOCK(sc); 1023 1024 ieee80211_ratectl_deinit(vap); 1025 ieee80211_vap_detach(vap); 1026 free(rvp, M_80211_VAP); 1027 } 1028 1029 /* 1030 * There are numbers of functions need to be called in context thread. 1031 * Rather than creating taskqueue event for each of those functions, 1032 * here is all-for-one taskqueue callback function. This function 1033 * gurantees deferred functions are executed in the same order they 1034 * were enqueued. 1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1036 */ 1037 static void 1038 run_cmdq_cb(void *arg, int pending) 1039 { 1040 struct run_softc *sc = arg; 1041 uint8_t i; 1042 1043 /* call cmdq[].func locked */ 1044 RUN_LOCK(sc); 1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1046 i = sc->cmdq_exec, pending--) { 1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1048 if (sc->cmdq_run == RUN_CMDQ_GO) { 1049 /* 1050 * If arg0 is NULL, callback func needs more 1051 * than one arg. So, pass ptr to cmdq struct. 1052 */ 1053 if (sc->cmdq[i].arg0) 1054 sc->cmdq[i].func(sc->cmdq[i].arg0); 1055 else 1056 sc->cmdq[i].func(&sc->cmdq[i]); 1057 } 1058 sc->cmdq[i].arg0 = NULL; 1059 sc->cmdq[i].func = NULL; 1060 sc->cmdq_exec++; 1061 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1062 } 1063 RUN_UNLOCK(sc); 1064 } 1065 1066 static void 1067 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1068 { 1069 struct run_tx_data *data; 1070 1071 memset(pq, 0, sizeof(*pq)); 1072 1073 STAILQ_INIT(&pq->tx_qh); 1074 STAILQ_INIT(&pq->tx_fh); 1075 1076 for (data = &pq->tx_data[0]; 1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1078 data->sc = sc; 1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1080 } 1081 pq->tx_nfree = RUN_TX_RING_COUNT; 1082 } 1083 1084 static void 1085 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1086 { 1087 struct run_tx_data *data; 1088 1089 /* make sure any subsequent use of the queues will fail */ 1090 pq->tx_nfree = 0; 1091 STAILQ_INIT(&pq->tx_fh); 1092 STAILQ_INIT(&pq->tx_qh); 1093 1094 /* free up all node references and mbufs */ 1095 for (data = &pq->tx_data[0]; 1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1097 if (data->m != NULL) { 1098 m_freem(data->m); 1099 data->m = NULL; 1100 } 1101 if (data->ni != NULL) { 1102 ieee80211_free_node(data->ni); 1103 data->ni = NULL; 1104 } 1105 } 1106 } 1107 1108 static int 1109 run_load_microcode(struct run_softc *sc) 1110 { 1111 usb_device_request_t req; 1112 const struct firmware *fw; 1113 const u_char *base; 1114 uint32_t tmp; 1115 int ntries, error; 1116 const uint64_t *temp; 1117 uint64_t bytes; 1118 1119 RUN_UNLOCK(sc); 1120 fw = firmware_get("runfw"); 1121 RUN_LOCK(sc); 1122 if (fw == NULL) { 1123 device_printf(sc->sc_dev, 1124 "failed loadfirmware of file %s\n", "runfw"); 1125 return ENOENT; 1126 } 1127 1128 if (fw->datasize != 8192) { 1129 device_printf(sc->sc_dev, 1130 "invalid firmware size (should be 8KB)\n"); 1131 error = EINVAL; 1132 goto fail; 1133 } 1134 1135 /* 1136 * RT3071/RT3072 use a different firmware 1137 * run-rt2870 (8KB) contains both, 1138 * first half (4KB) is for rt2870, 1139 * last half is for rt3071. 1140 */ 1141 base = fw->data; 1142 if ((sc->mac_ver) != 0x2860 && 1143 (sc->mac_ver) != 0x2872 && 1144 (sc->mac_ver) != 0x3070) { 1145 base += 4096; 1146 } 1147 1148 /* cheap sanity check */ 1149 temp = fw->data; 1150 bytes = *temp; 1151 if (bytes != be64toh(0xffffff0210280210ULL)) { 1152 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1153 error = EINVAL; 1154 goto fail; 1155 } 1156 1157 /* write microcode image */ 1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1162 } 1163 1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1165 req.bRequest = RT2870_RESET; 1166 USETW(req.wValue, 8); 1167 USETW(req.wIndex, 0); 1168 USETW(req.wLength, 0); 1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1170 != 0) { 1171 device_printf(sc->sc_dev, "firmware reset failed\n"); 1172 goto fail; 1173 } 1174 1175 run_delay(sc, 10); 1176 1177 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1178 run_write(sc, RT2860_H2M_MAILBOX, 0); 1179 run_write(sc, RT2860_H2M_INTSRC, 0); 1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1181 goto fail; 1182 1183 /* wait until microcontroller is ready */ 1184 for (ntries = 0; ntries < 1000; ntries++) { 1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1186 goto fail; 1187 if (tmp & RT2860_MCU_READY) 1188 break; 1189 run_delay(sc, 10); 1190 } 1191 if (ntries == 1000) { 1192 device_printf(sc->sc_dev, 1193 "timeout waiting for MCU to initialize\n"); 1194 error = ETIMEDOUT; 1195 goto fail; 1196 } 1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1198 (base == fw->data) ? "RT2870" : "RT3071", 1199 *(base + 4092), *(base + 4093)); 1200 1201 fail: 1202 firmware_put(fw, FIRMWARE_UNLOAD); 1203 return (error); 1204 } 1205 1206 static int 1207 run_reset(struct run_softc *sc) 1208 { 1209 usb_device_request_t req; 1210 1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1212 req.bRequest = RT2870_RESET; 1213 USETW(req.wValue, 1); 1214 USETW(req.wIndex, 0); 1215 USETW(req.wLength, 0); 1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1217 } 1218 1219 static usb_error_t 1220 run_do_request(struct run_softc *sc, 1221 struct usb_device_request *req, void *data) 1222 { 1223 usb_error_t err; 1224 int ntries = 10; 1225 1226 RUN_LOCK_ASSERT(sc, MA_OWNED); 1227 1228 while (ntries--) { 1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1230 req, data, 0, NULL, 250 /* ms */); 1231 if (err == 0) 1232 break; 1233 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1234 usbd_errstr(err)); 1235 run_delay(sc, 10); 1236 } 1237 return (err); 1238 } 1239 1240 static int 1241 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1242 { 1243 uint32_t tmp; 1244 int error; 1245 1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1247 if (error == 0) 1248 *val = le32toh(tmp); 1249 else 1250 *val = 0xffffffff; 1251 return (error); 1252 } 1253 1254 static int 1255 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1256 { 1257 usb_device_request_t req; 1258 1259 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1260 req.bRequest = RT2870_READ_REGION_1; 1261 USETW(req.wValue, 0); 1262 USETW(req.wIndex, reg); 1263 USETW(req.wLength, len); 1264 1265 return (run_do_request(sc, &req, buf)); 1266 } 1267 1268 static int 1269 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1270 { 1271 usb_device_request_t req; 1272 1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1274 req.bRequest = RT2870_WRITE_2; 1275 USETW(req.wValue, val); 1276 USETW(req.wIndex, reg); 1277 USETW(req.wLength, 0); 1278 1279 return (run_do_request(sc, &req, NULL)); 1280 } 1281 1282 static int 1283 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1284 { 1285 int error; 1286 1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1288 error = run_write_2(sc, reg + 2, val >> 16); 1289 return (error); 1290 } 1291 1292 static int 1293 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1294 int len) 1295 { 1296 #if 1 1297 int i, error = 0; 1298 /* 1299 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1300 * We thus issue multiple WRITE_2 commands instead. 1301 */ 1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1303 for (i = 0; i < len && error == 0; i += 2) 1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1305 return (error); 1306 #else 1307 usb_device_request_t req; 1308 int error = 0; 1309 1310 /* 1311 * NOTE: It appears the WRITE_REGION_1 command cannot be 1312 * passed a huge amount of data, which will crash the 1313 * firmware. Limit amount of data passed to 64-bytes at a 1314 * time. 1315 */ 1316 while (len > 0) { 1317 int delta = 64; 1318 if (delta > len) 1319 delta = len; 1320 1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1322 req.bRequest = RT2870_WRITE_REGION_1; 1323 USETW(req.wValue, 0); 1324 USETW(req.wIndex, reg); 1325 USETW(req.wLength, delta); 1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1327 if (error != 0) 1328 break; 1329 reg += delta; 1330 buf += delta; 1331 len -= delta; 1332 } 1333 return (error); 1334 #endif 1335 } 1336 1337 static int 1338 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1339 { 1340 int i, error = 0; 1341 1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1343 for (i = 0; i < len && error == 0; i += 4) 1344 error = run_write(sc, reg + i, val); 1345 return (error); 1346 } 1347 1348 static int 1349 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1350 { 1351 uint32_t tmp; 1352 uint16_t reg; 1353 int error, ntries; 1354 1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1356 return (error); 1357 1358 if (count == 2) 1359 addr *= 2; 1360 /*- 1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1362 * DATA0: F E D C 1363 * DATA1: B A 9 8 1364 * DATA2: 7 6 5 4 1365 * DATA3: 3 2 1 0 1366 */ 1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1369 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1370 for (ntries = 0; ntries < 100; ntries++) { 1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1372 return (error); 1373 if (!(tmp & RT3070_EFSROM_KICK)) 1374 break; 1375 run_delay(sc, 2); 1376 } 1377 if (ntries == 100) 1378 return (ETIMEDOUT); 1379 1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1381 *val = 0xffff; /* address not found */ 1382 return (0); 1383 } 1384 /* determine to which 32-bit register our 16-bit word belongs */ 1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1386 if ((error = run_read(sc, reg, &tmp)) != 0) 1387 return (error); 1388 1389 tmp >>= (8 * (addr & 0x3)); 1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1391 1392 return (0); 1393 } 1394 1395 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1396 static int 1397 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1398 { 1399 return (run_efuse_read(sc, addr, val, 2)); 1400 } 1401 1402 static int 1403 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1404 { 1405 usb_device_request_t req; 1406 uint16_t tmp; 1407 int error; 1408 1409 addr *= 2; 1410 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1411 req.bRequest = RT2870_EEPROM_READ; 1412 USETW(req.wValue, 0); 1413 USETW(req.wIndex, addr); 1414 USETW(req.wLength, sizeof(tmp)); 1415 1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1417 if (error == 0) 1418 *val = le16toh(tmp); 1419 else 1420 *val = 0xffff; 1421 return (error); 1422 } 1423 1424 static __inline int 1425 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426 { 1427 /* either eFUSE ROM or EEPROM */ 1428 return sc->sc_srom_read(sc, addr, val); 1429 } 1430 1431 static int 1432 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1433 { 1434 uint32_t tmp; 1435 int error, ntries; 1436 1437 for (ntries = 0; ntries < 10; ntries++) { 1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1439 return (error); 1440 if (!(tmp & RT2860_RF_REG_CTRL)) 1441 break; 1442 } 1443 if (ntries == 10) 1444 return (ETIMEDOUT); 1445 1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1447 } 1448 1449 static int 1450 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1451 { 1452 uint32_t tmp; 1453 int error, ntries; 1454 1455 for (ntries = 0; ntries < 100; ntries++) { 1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1457 return (error); 1458 if (!(tmp & RT3070_RF_KICK)) 1459 break; 1460 } 1461 if (ntries == 100) 1462 return (ETIMEDOUT); 1463 1464 tmp = RT3070_RF_KICK | reg << 8; 1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1466 return (error); 1467 1468 for (ntries = 0; ntries < 100; ntries++) { 1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1470 return (error); 1471 if (!(tmp & RT3070_RF_KICK)) 1472 break; 1473 } 1474 if (ntries == 100) 1475 return (ETIMEDOUT); 1476 1477 *val = tmp & 0xff; 1478 return (0); 1479 } 1480 1481 static int 1482 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1483 { 1484 uint32_t tmp; 1485 int error, ntries; 1486 1487 for (ntries = 0; ntries < 10; ntries++) { 1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1489 return (error); 1490 if (!(tmp & RT3070_RF_KICK)) 1491 break; 1492 } 1493 if (ntries == 10) 1494 return (ETIMEDOUT); 1495 1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1498 } 1499 1500 static int 1501 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1502 { 1503 uint32_t tmp; 1504 int ntries, error; 1505 1506 for (ntries = 0; ntries < 10; ntries++) { 1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1508 return (error); 1509 if (!(tmp & RT2860_BBP_CSR_KICK)) 1510 break; 1511 } 1512 if (ntries == 10) 1513 return (ETIMEDOUT); 1514 1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1517 return (error); 1518 1519 for (ntries = 0; ntries < 10; ntries++) { 1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1521 return (error); 1522 if (!(tmp & RT2860_BBP_CSR_KICK)) 1523 break; 1524 } 1525 if (ntries == 10) 1526 return (ETIMEDOUT); 1527 1528 *val = tmp & 0xff; 1529 return (0); 1530 } 1531 1532 static int 1533 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1534 { 1535 uint32_t tmp; 1536 int ntries, error; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_BBP_CSR_KICK)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1549 } 1550 1551 /* 1552 * Send a command to the 8051 microcontroller unit. 1553 */ 1554 static int 1555 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1556 { 1557 uint32_t tmp; 1558 int error, ntries; 1559 1560 for (ntries = 0; ntries < 100; ntries++) { 1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1562 return error; 1563 if (!(tmp & RT2860_H2M_BUSY)) 1564 break; 1565 } 1566 if (ntries == 100) 1567 return ETIMEDOUT; 1568 1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1571 error = run_write(sc, RT2860_HOST_CMD, cmd); 1572 return (error); 1573 } 1574 1575 /* 1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1577 * Used to adjust per-rate Tx power registers. 1578 */ 1579 static __inline uint32_t 1580 b4inc(uint32_t b32, int8_t delta) 1581 { 1582 int8_t i, b4; 1583 1584 for (i = 0; i < 8; i++) { 1585 b4 = b32 & 0xf; 1586 b4 += delta; 1587 if (b4 < 0) 1588 b4 = 0; 1589 else if (b4 > 0xf) 1590 b4 = 0xf; 1591 b32 = b32 >> 4 | b4 << 28; 1592 } 1593 return (b32); 1594 } 1595 1596 static const char * 1597 run_get_rf(uint16_t rev) 1598 { 1599 switch (rev) { 1600 case RT2860_RF_2820: return "RT2820"; 1601 case RT2860_RF_2850: return "RT2850"; 1602 case RT2860_RF_2720: return "RT2720"; 1603 case RT2860_RF_2750: return "RT2750"; 1604 case RT3070_RF_3020: return "RT3020"; 1605 case RT3070_RF_2020: return "RT2020"; 1606 case RT3070_RF_3021: return "RT3021"; 1607 case RT3070_RF_3022: return "RT3022"; 1608 case RT3070_RF_3052: return "RT3052"; 1609 case RT3593_RF_3053: return "RT3053"; 1610 case RT5592_RF_5592: return "RT5592"; 1611 case RT5390_RF_5370: return "RT5370"; 1612 case RT5390_RF_5372: return "RT5372"; 1613 } 1614 return ("unknown"); 1615 } 1616 1617 static void 1618 run_rt3593_get_txpower(struct run_softc *sc) 1619 { 1620 uint16_t addr, val; 1621 int i; 1622 1623 /* Read power settings for 2GHz channels. */ 1624 for (i = 0; i < 14; i += 2) { 1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1626 RT2860_EEPROM_PWR2GHZ_BASE1; 1627 run_srom_read(sc, addr + i / 2, &val); 1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1629 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1630 1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1632 RT2860_EEPROM_PWR2GHZ_BASE2; 1633 run_srom_read(sc, addr + i / 2, &val); 1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1635 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1636 1637 if (sc->ntxchains == 3) { 1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1639 &val); 1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1641 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1642 } 1643 } 1644 /* Fix broken Tx power entries. */ 1645 for (i = 0; i < 14; i++) { 1646 if (sc->txpow1[i] > 31) 1647 sc->txpow1[i] = 5; 1648 if (sc->txpow2[i] > 31) 1649 sc->txpow2[i] = 5; 1650 if (sc->ntxchains == 3) { 1651 if (sc->txpow3[i] > 31) 1652 sc->txpow3[i] = 5; 1653 } 1654 } 1655 /* Read power settings for 5GHz channels. */ 1656 for (i = 0; i < 40; i += 2) { 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1660 1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1670 } 1671 } 1672 } 1673 1674 static void 1675 run_get_txpower(struct run_softc *sc) 1676 { 1677 uint16_t val; 1678 int i; 1679 1680 /* Read power settings for 2GHz channels. */ 1681 for (i = 0; i < 14; i += 2) { 1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1684 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1685 1686 if (sc->mac_ver != 0x5390) { 1687 run_srom_read(sc, 1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1690 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1691 } 1692 } 1693 /* Fix broken Tx power entries. */ 1694 for (i = 0; i < 14; i++) { 1695 if (sc->mac_ver >= 0x5390) { 1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1697 sc->txpow1[i] = 5; 1698 } else { 1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1700 sc->txpow1[i] = 5; 1701 } 1702 if (sc->mac_ver > 0x5390) { 1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1704 sc->txpow2[i] = 5; 1705 } else if (sc->mac_ver < 0x5390) { 1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1707 sc->txpow2[i] = 5; 1708 } 1709 DPRINTF("chan %d: power1=%d, power2=%d\n", 1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1711 } 1712 /* Read power settings for 5GHz channels. */ 1713 for (i = 0; i < 40; i += 2) { 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1717 1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1720 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1721 } 1722 /* Fix broken Tx power entries. */ 1723 for (i = 0; i < 40; i++ ) { 1724 if (sc->mac_ver != 0x5592) { 1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1726 sc->txpow1[14 + i] = 5; 1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1728 sc->txpow2[14 + i] = 5; 1729 } 1730 DPRINTF("chan %d: power1=%d, power2=%d\n", 1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1732 sc->txpow2[14 + i]); 1733 } 1734 } 1735 1736 static int 1737 run_read_eeprom(struct run_softc *sc) 1738 { 1739 int8_t delta_2ghz, delta_5ghz; 1740 uint32_t tmp; 1741 uint16_t val; 1742 int ridx, ant, i; 1743 1744 /* check whether the ROM is eFUSE ROM or EEPROM */ 1745 sc->sc_srom_read = run_eeprom_read_2; 1746 if (sc->mac_ver >= 0x3070) { 1747 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1748 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1749 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1750 sc->sc_srom_read = run_efuse_read_2; 1751 } 1752 1753 /* read ROM version */ 1754 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1755 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1756 1757 /* read MAC address */ 1758 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1759 sc->sc_bssid[0] = val & 0xff; 1760 sc->sc_bssid[1] = val >> 8; 1761 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1762 sc->sc_bssid[2] = val & 0xff; 1763 sc->sc_bssid[3] = val >> 8; 1764 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1765 sc->sc_bssid[4] = val & 0xff; 1766 sc->sc_bssid[5] = val >> 8; 1767 1768 if (sc->mac_ver < 0x3593) { 1769 /* read vender BBP settings */ 1770 for (i = 0; i < 10; i++) { 1771 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1772 sc->bbp[i].val = val & 0xff; 1773 sc->bbp[i].reg = val >> 8; 1774 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1775 sc->bbp[i].val); 1776 } 1777 if (sc->mac_ver >= 0x3071) { 1778 /* read vendor RF settings */ 1779 for (i = 0; i < 10; i++) { 1780 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1781 &val); 1782 sc->rf[i].val = val & 0xff; 1783 sc->rf[i].reg = val >> 8; 1784 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1785 sc->rf[i].val); 1786 } 1787 } 1788 } 1789 1790 /* read RF frequency offset from EEPROM */ 1791 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1792 RT3593_EEPROM_FREQ, &val); 1793 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1794 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1795 1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1797 RT3593_EEPROM_FREQ_LEDS, &val); 1798 if (val >> 8 != 0xff) { 1799 /* read LEDs operating mode */ 1800 sc->leds = val >> 8; 1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1802 RT3593_EEPROM_LED1, &sc->led[0]); 1803 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1804 RT3593_EEPROM_LED2, &sc->led[1]); 1805 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1806 RT3593_EEPROM_LED3, &sc->led[2]); 1807 } else { 1808 /* broken EEPROM, use default settings */ 1809 sc->leds = 0x01; 1810 sc->led[0] = 0x5555; 1811 sc->led[1] = 0x2221; 1812 sc->led[2] = 0x5627; /* differs from RT2860 */ 1813 } 1814 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1815 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1816 1817 /* read RF information */ 1818 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1819 run_srom_read(sc, 0x00, &val); 1820 else 1821 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1822 1823 if (val == 0xffff) { 1824 device_printf(sc->sc_dev, 1825 "invalid EEPROM antenna info, using default\n"); 1826 DPRINTF("invalid EEPROM antenna info, using default\n"); 1827 if (sc->mac_ver == 0x3572) { 1828 /* default to RF3052 2T2R */ 1829 sc->rf_rev = RT3070_RF_3052; 1830 sc->ntxchains = 2; 1831 sc->nrxchains = 2; 1832 } else if (sc->mac_ver >= 0x3070) { 1833 /* default to RF3020 1T1R */ 1834 sc->rf_rev = RT3070_RF_3020; 1835 sc->ntxchains = 1; 1836 sc->nrxchains = 1; 1837 } else { 1838 /* default to RF2820 1T2R */ 1839 sc->rf_rev = RT2860_RF_2820; 1840 sc->ntxchains = 1; 1841 sc->nrxchains = 2; 1842 } 1843 } else { 1844 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1845 sc->rf_rev = val; 1846 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1847 } else 1848 sc->rf_rev = (val >> 8) & 0xf; 1849 sc->ntxchains = (val >> 4) & 0xf; 1850 sc->nrxchains = val & 0xf; 1851 } 1852 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1853 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1854 1855 /* check if RF supports automatic Tx access gain control */ 1856 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1857 DPRINTF("EEPROM CFG 0x%04x\n", val); 1858 /* check if driver should patch the DAC issue */ 1859 if ((val >> 8) != 0xff) 1860 sc->patch_dac = (val >> 15) & 1; 1861 if ((val & 0xff) != 0xff) { 1862 sc->ext_5ghz_lna = (val >> 3) & 1; 1863 sc->ext_2ghz_lna = (val >> 2) & 1; 1864 /* check if RF supports automatic Tx access gain control */ 1865 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1866 /* check if we have a hardware radio switch */ 1867 sc->rfswitch = val & 1; 1868 } 1869 1870 /* Read Tx power settings. */ 1871 if (sc->mac_ver == 0x3593) 1872 run_rt3593_get_txpower(sc); 1873 else 1874 run_get_txpower(sc); 1875 1876 /* read Tx power compensation for each Tx rate */ 1877 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1878 delta_2ghz = delta_5ghz = 0; 1879 if ((val & 0xff) != 0xff && (val & 0x80)) { 1880 delta_2ghz = val & 0xf; 1881 if (!(val & 0x40)) /* negative number */ 1882 delta_2ghz = -delta_2ghz; 1883 } 1884 val >>= 8; 1885 if ((val & 0xff) != 0xff && (val & 0x80)) { 1886 delta_5ghz = val & 0xf; 1887 if (!(val & 0x40)) /* negative number */ 1888 delta_5ghz = -delta_5ghz; 1889 } 1890 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1891 delta_2ghz, delta_5ghz); 1892 1893 for (ridx = 0; ridx < 5; ridx++) { 1894 uint32_t reg; 1895 1896 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1897 reg = val; 1898 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1899 reg |= (uint32_t)val << 16; 1900 1901 sc->txpow20mhz[ridx] = reg; 1902 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1903 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1904 1905 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1906 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1907 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1908 } 1909 1910 /* Read RSSI offsets and LNA gains from EEPROM. */ 1911 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1912 RT3593_EEPROM_RSSI1_2GHZ, &val); 1913 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1914 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1915 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1916 RT3593_EEPROM_RSSI2_2GHZ, &val); 1917 if (sc->mac_ver >= 0x3070) { 1918 if (sc->mac_ver == 0x3593) { 1919 sc->txmixgain_2ghz = 0; 1920 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1921 } else { 1922 /* 1923 * On RT3070 chips (limited to 2 Rx chains), this ROM 1924 * field contains the Tx mixer gain for the 2GHz band. 1925 */ 1926 if ((val & 0xff) != 0xff) 1927 sc->txmixgain_2ghz = val & 0x7; 1928 } 1929 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1930 } else 1931 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1932 if (sc->mac_ver == 0x3593) 1933 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1934 sc->lna[2] = val >> 8; /* channel group 2 */ 1935 1936 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1937 RT3593_EEPROM_RSSI1_5GHZ, &val); 1938 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1939 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1940 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1941 RT3593_EEPROM_RSSI2_5GHZ, &val); 1942 if (sc->mac_ver == 0x3572) { 1943 /* 1944 * On RT3572 chips (limited to 2 Rx chains), this ROM 1945 * field contains the Tx mixer gain for the 5GHz band. 1946 */ 1947 if ((val & 0xff) != 0xff) 1948 sc->txmixgain_5ghz = val & 0x7; 1949 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1950 } else 1951 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1952 if (sc->mac_ver == 0x3593) { 1953 sc->txmixgain_5ghz = 0; 1954 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1955 } 1956 sc->lna[3] = val >> 8; /* channel group 3 */ 1957 1958 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1959 RT3593_EEPROM_LNA, &val); 1960 sc->lna[0] = val & 0xff; /* channel group 0 */ 1961 sc->lna[1] = val >> 8; /* channel group 1 */ 1962 1963 /* fix broken 5GHz LNA entries */ 1964 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1965 DPRINTF("invalid LNA for channel group %d\n", 2); 1966 sc->lna[2] = sc->lna[1]; 1967 } 1968 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1969 DPRINTF("invalid LNA for channel group %d\n", 3); 1970 sc->lna[3] = sc->lna[1]; 1971 } 1972 1973 /* fix broken RSSI offset entries */ 1974 for (ant = 0; ant < 3; ant++) { 1975 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1976 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1977 ant + 1, sc->rssi_2ghz[ant]); 1978 sc->rssi_2ghz[ant] = 0; 1979 } 1980 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1981 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1982 ant + 1, sc->rssi_5ghz[ant]); 1983 sc->rssi_5ghz[ant] = 0; 1984 } 1985 } 1986 return (0); 1987 } 1988 1989 static struct ieee80211_node * 1990 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1991 { 1992 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1993 } 1994 1995 static int 1996 run_media_change(struct ifnet *ifp) 1997 { 1998 struct ieee80211vap *vap = ifp->if_softc; 1999 struct ieee80211com *ic = vap->iv_ic; 2000 const struct ieee80211_txparam *tp; 2001 struct run_softc *sc = ic->ic_ifp->if_softc; 2002 uint8_t rate, ridx; 2003 int error; 2004 2005 RUN_LOCK(sc); 2006 2007 error = ieee80211_media_change(ifp); 2008 if (error != ENETRESET) { 2009 RUN_UNLOCK(sc); 2010 return (error); 2011 } 2012 2013 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2014 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2015 struct ieee80211_node *ni; 2016 struct run_node *rn; 2017 2018 rate = ic->ic_sup_rates[ic->ic_curmode]. 2019 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2020 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2021 if (rt2860_rates[ridx].rate == rate) 2022 break; 2023 ni = ieee80211_ref_node(vap->iv_bss); 2024 rn = (struct run_node *)ni; 2025 rn->fix_ridx = ridx; 2026 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2027 ieee80211_free_node(ni); 2028 } 2029 2030 #if 0 2031 if ((ifp->if_flags & IFF_UP) && 2032 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 2033 run_init_locked(sc); 2034 } 2035 #endif 2036 2037 RUN_UNLOCK(sc); 2038 2039 return (0); 2040 } 2041 2042 static int 2043 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2044 { 2045 const struct ieee80211_txparam *tp; 2046 struct ieee80211com *ic = vap->iv_ic; 2047 struct run_softc *sc = ic->ic_ifp->if_softc; 2048 struct run_vap *rvp = RUN_VAP(vap); 2049 enum ieee80211_state ostate; 2050 uint32_t sta[3]; 2051 uint32_t tmp; 2052 uint8_t ratectl; 2053 uint8_t restart_ratectl = 0; 2054 uint8_t bid = 1 << rvp->rvp_id; 2055 2056 ostate = vap->iv_state; 2057 DPRINTF("%s -> %s\n", 2058 ieee80211_state_name[ostate], 2059 ieee80211_state_name[nstate]); 2060 2061 IEEE80211_UNLOCK(ic); 2062 RUN_LOCK(sc); 2063 2064 ratectl = sc->ratectl_run; /* remember current state */ 2065 sc->ratectl_run = RUN_RATECTL_OFF; 2066 usb_callout_stop(&sc->ratectl_ch); 2067 2068 if (ostate == IEEE80211_S_RUN) { 2069 /* turn link LED off */ 2070 run_set_leds(sc, RT2860_LED_RADIO); 2071 } 2072 2073 switch (nstate) { 2074 case IEEE80211_S_INIT: 2075 restart_ratectl = 1; 2076 2077 if (ostate != IEEE80211_S_RUN) 2078 break; 2079 2080 ratectl &= ~bid; 2081 sc->runbmap &= ~bid; 2082 2083 /* abort TSF synchronization if there is no vap running */ 2084 if (--sc->running == 0) { 2085 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2086 run_write(sc, RT2860_BCN_TIME_CFG, 2087 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2088 RT2860_TBTT_TIMER_EN)); 2089 } 2090 break; 2091 2092 case IEEE80211_S_RUN: 2093 if (!(sc->runbmap & bid)) { 2094 if(sc->running++) 2095 restart_ratectl = 1; 2096 sc->runbmap |= bid; 2097 } 2098 2099 m_freem(rvp->beacon_mbuf); 2100 rvp->beacon_mbuf = NULL; 2101 2102 switch (vap->iv_opmode) { 2103 case IEEE80211_M_HOSTAP: 2104 case IEEE80211_M_MBSS: 2105 sc->ap_running |= bid; 2106 ic->ic_opmode = vap->iv_opmode; 2107 run_update_beacon_cb(vap); 2108 break; 2109 case IEEE80211_M_IBSS: 2110 sc->adhoc_running |= bid; 2111 if (!sc->ap_running) 2112 ic->ic_opmode = vap->iv_opmode; 2113 run_update_beacon_cb(vap); 2114 break; 2115 case IEEE80211_M_STA: 2116 sc->sta_running |= bid; 2117 if (!sc->ap_running && !sc->adhoc_running) 2118 ic->ic_opmode = vap->iv_opmode; 2119 2120 /* read statistic counters (clear on read) */ 2121 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2122 (uint8_t *)sta, sizeof sta); 2123 2124 break; 2125 default: 2126 ic->ic_opmode = vap->iv_opmode; 2127 break; 2128 } 2129 2130 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2131 struct ieee80211_node *ni; 2132 2133 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2134 RUN_UNLOCK(sc); 2135 IEEE80211_LOCK(ic); 2136 return (-1); 2137 } 2138 run_updateslot(ic->ic_ifp); 2139 run_enable_mrr(sc); 2140 run_set_txpreamble(sc); 2141 run_set_basicrates(sc); 2142 ni = ieee80211_ref_node(vap->iv_bss); 2143 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2144 run_set_bssid(sc, ni->ni_bssid); 2145 ieee80211_free_node(ni); 2146 run_enable_tsf_sync(sc); 2147 2148 /* enable automatic rate adaptation */ 2149 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2150 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2151 ratectl |= bid; 2152 } 2153 2154 /* turn link LED on */ 2155 run_set_leds(sc, RT2860_LED_RADIO | 2156 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2157 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2158 2159 break; 2160 default: 2161 DPRINTFN(6, "undefined case\n"); 2162 break; 2163 } 2164 2165 /* restart amrr for running VAPs */ 2166 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2167 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2168 2169 RUN_UNLOCK(sc); 2170 IEEE80211_LOCK(ic); 2171 2172 return(rvp->newstate(vap, nstate, arg)); 2173 } 2174 2175 /* ARGSUSED */ 2176 static void 2177 run_wme_update_cb(void *arg) 2178 { 2179 struct ieee80211com *ic = arg; 2180 struct run_softc *sc = ic->ic_ifp->if_softc; 2181 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2182 int aci, error = 0; 2183 2184 RUN_LOCK_ASSERT(sc, MA_OWNED); 2185 2186 /* update MAC TX configuration registers */ 2187 for (aci = 0; aci < WME_NUM_AC; aci++) { 2188 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2189 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2190 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2191 wmesp->wme_params[aci].wmep_aifsn << 8 | 2192 wmesp->wme_params[aci].wmep_txopLimit); 2193 if (error) goto err; 2194 } 2195 2196 /* update SCH/DMA registers too */ 2197 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2198 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2199 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2200 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2201 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2202 if (error) goto err; 2203 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2204 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2205 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2206 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2207 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2208 if (error) goto err; 2209 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2210 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2211 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2212 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2213 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2214 if (error) goto err; 2215 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2216 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2217 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2218 if (error) goto err; 2219 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2220 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2221 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2222 2223 err: 2224 if (error) 2225 DPRINTF("WME update failed\n"); 2226 2227 return; 2228 } 2229 2230 static int 2231 run_wme_update(struct ieee80211com *ic) 2232 { 2233 struct run_softc *sc = ic->ic_ifp->if_softc; 2234 2235 /* sometime called wothout lock */ 2236 if (mtx_owned(&ic->ic_comlock.mtx)) { 2237 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2238 DPRINTF("cmdq_store=%d\n", i); 2239 sc->cmdq[i].func = run_wme_update_cb; 2240 sc->cmdq[i].arg0 = ic; 2241 ieee80211_runtask(ic, &sc->cmdq_task); 2242 return (0); 2243 } 2244 2245 RUN_LOCK(sc); 2246 run_wme_update_cb(ic); 2247 RUN_UNLOCK(sc); 2248 2249 /* return whatever, upper layer desn't care anyway */ 2250 return (0); 2251 } 2252 2253 static void 2254 run_key_update_begin(struct ieee80211vap *vap) 2255 { 2256 /* 2257 * To avoid out-of-order events, both run_key_set() and 2258 * _delete() are deferred and handled by run_cmdq_cb(). 2259 * So, there is nothing we need to do here. 2260 */ 2261 } 2262 2263 static void 2264 run_key_update_end(struct ieee80211vap *vap) 2265 { 2266 /* null */ 2267 } 2268 2269 static void 2270 run_key_set_cb(void *arg) 2271 { 2272 struct run_cmdq *cmdq = arg; 2273 struct ieee80211vap *vap = cmdq->arg1; 2274 struct ieee80211_key *k = cmdq->k; 2275 struct ieee80211com *ic = vap->iv_ic; 2276 struct run_softc *sc = ic->ic_ifp->if_softc; 2277 struct ieee80211_node *ni; 2278 uint32_t attr; 2279 uint16_t base, associd; 2280 uint8_t mode, wcid, iv[8]; 2281 2282 RUN_LOCK_ASSERT(sc, MA_OWNED); 2283 2284 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2285 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2286 else 2287 ni = vap->iv_bss; 2288 associd = (ni != NULL) ? ni->ni_associd : 0; 2289 2290 /* map net80211 cipher to RT2860 security mode */ 2291 switch (k->wk_cipher->ic_cipher) { 2292 case IEEE80211_CIPHER_WEP: 2293 if(k->wk_keylen < 8) 2294 mode = RT2860_MODE_WEP40; 2295 else 2296 mode = RT2860_MODE_WEP104; 2297 break; 2298 case IEEE80211_CIPHER_TKIP: 2299 mode = RT2860_MODE_TKIP; 2300 break; 2301 case IEEE80211_CIPHER_AES_CCM: 2302 mode = RT2860_MODE_AES_CCMP; 2303 break; 2304 default: 2305 DPRINTF("undefined case\n"); 2306 return; 2307 } 2308 2309 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2310 associd, k->wk_keyix, mode, 2311 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2312 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2313 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2314 2315 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2316 wcid = 0; /* NB: update WCID0 for group keys */ 2317 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2318 } else { 2319 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2320 1 : RUN_AID2WCID(associd); 2321 base = RT2860_PKEY(wcid); 2322 } 2323 2324 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2325 if(run_write_region_1(sc, base, k->wk_key, 16)) 2326 return; 2327 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2328 return; 2329 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2330 return; 2331 } else { 2332 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2333 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2334 return; 2335 } 2336 2337 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2338 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2339 /* set initial packet number in IV+EIV */ 2340 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2341 memset(iv, 0, sizeof iv); 2342 iv[3] = vap->iv_def_txkey << 6; 2343 } else { 2344 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2345 iv[0] = k->wk_keytsc >> 8; 2346 iv[1] = (iv[0] | 0x20) & 0x7f; 2347 iv[2] = k->wk_keytsc; 2348 } else /* CCMP */ { 2349 iv[0] = k->wk_keytsc; 2350 iv[1] = k->wk_keytsc >> 8; 2351 iv[2] = 0; 2352 } 2353 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2354 iv[4] = k->wk_keytsc >> 16; 2355 iv[5] = k->wk_keytsc >> 24; 2356 iv[6] = k->wk_keytsc >> 32; 2357 iv[7] = k->wk_keytsc >> 40; 2358 } 2359 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2360 return; 2361 } 2362 2363 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2364 /* install group key */ 2365 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2366 return; 2367 attr &= ~(0xf << (k->wk_keyix * 4)); 2368 attr |= mode << (k->wk_keyix * 4); 2369 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2370 return; 2371 } else { 2372 /* install pairwise key */ 2373 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2374 return; 2375 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2376 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2377 return; 2378 } 2379 2380 /* TODO create a pass-thru key entry? */ 2381 2382 /* need wcid to delete the right key later */ 2383 k->wk_pad = wcid; 2384 } 2385 2386 /* 2387 * Don't have to be deferred, but in order to keep order of 2388 * execution, i.e. with run_key_delete(), defer this and let 2389 * run_cmdq_cb() maintain the order. 2390 * 2391 * return 0 on error 2392 */ 2393 static int 2394 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2395 const uint8_t mac[IEEE80211_ADDR_LEN]) 2396 { 2397 struct ieee80211com *ic = vap->iv_ic; 2398 struct run_softc *sc = ic->ic_ifp->if_softc; 2399 uint32_t i; 2400 2401 i = RUN_CMDQ_GET(&sc->cmdq_store); 2402 DPRINTF("cmdq_store=%d\n", i); 2403 sc->cmdq[i].func = run_key_set_cb; 2404 sc->cmdq[i].arg0 = NULL; 2405 sc->cmdq[i].arg1 = vap; 2406 sc->cmdq[i].k = k; 2407 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2408 ieee80211_runtask(ic, &sc->cmdq_task); 2409 2410 /* 2411 * To make sure key will be set when hostapd 2412 * calls iv_key_set() before if_init(). 2413 */ 2414 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2415 RUN_LOCK(sc); 2416 sc->cmdq_key_set = RUN_CMDQ_GO; 2417 RUN_UNLOCK(sc); 2418 } 2419 2420 return (1); 2421 } 2422 2423 /* 2424 * If wlan is destroyed without being brought down i.e. without 2425 * wlan down or wpa_cli terminate, this function is called after 2426 * vap is gone. Don't refer it. 2427 */ 2428 static void 2429 run_key_delete_cb(void *arg) 2430 { 2431 struct run_cmdq *cmdq = arg; 2432 struct run_softc *sc = cmdq->arg1; 2433 struct ieee80211_key *k = &cmdq->key; 2434 uint32_t attr; 2435 uint8_t wcid; 2436 2437 RUN_LOCK_ASSERT(sc, MA_OWNED); 2438 2439 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2440 /* remove group key */ 2441 DPRINTF("removing group key\n"); 2442 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2443 attr &= ~(0xf << (k->wk_keyix * 4)); 2444 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2445 } else { 2446 /* remove pairwise key */ 2447 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2448 /* matching wcid was written to wk_pad in run_key_set() */ 2449 wcid = k->wk_pad; 2450 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2451 attr &= ~0xf; 2452 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2453 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2454 } 2455 2456 k->wk_pad = 0; 2457 } 2458 2459 /* 2460 * return 0 on error 2461 */ 2462 static int 2463 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2464 { 2465 struct ieee80211com *ic = vap->iv_ic; 2466 struct run_softc *sc = ic->ic_ifp->if_softc; 2467 struct ieee80211_key *k0; 2468 uint32_t i; 2469 2470 /* 2471 * When called back, key might be gone. So, make a copy 2472 * of some values need to delete keys before deferring. 2473 * But, because of LOR with node lock, cannot use lock here. 2474 * So, use atomic instead. 2475 */ 2476 i = RUN_CMDQ_GET(&sc->cmdq_store); 2477 DPRINTF("cmdq_store=%d\n", i); 2478 sc->cmdq[i].func = run_key_delete_cb; 2479 sc->cmdq[i].arg0 = NULL; 2480 sc->cmdq[i].arg1 = sc; 2481 k0 = &sc->cmdq[i].key; 2482 k0->wk_flags = k->wk_flags; 2483 k0->wk_keyix = k->wk_keyix; 2484 /* matching wcid was written to wk_pad in run_key_set() */ 2485 k0->wk_pad = k->wk_pad; 2486 ieee80211_runtask(ic, &sc->cmdq_task); 2487 return (1); /* return fake success */ 2488 2489 } 2490 2491 static void 2492 run_ratectl_to(void *arg) 2493 { 2494 struct run_softc *sc = arg; 2495 2496 /* do it in a process context, so it can go sleep */ 2497 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2498 /* next timeout will be rescheduled in the callback task */ 2499 } 2500 2501 /* ARGSUSED */ 2502 static void 2503 run_ratectl_cb(void *arg, int pending) 2504 { 2505 struct run_softc *sc = arg; 2506 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2507 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2508 2509 if (vap == NULL) 2510 return; 2511 2512 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2513 /* 2514 * run_reset_livelock() doesn't do anything with AMRR, 2515 * but Ralink wants us to call it every 1 sec. So, we 2516 * piggyback here rather than creating another callout. 2517 * Livelock may occur only in HOSTAP or IBSS mode 2518 * (when h/w is sending beacons). 2519 */ 2520 RUN_LOCK(sc); 2521 run_reset_livelock(sc); 2522 /* just in case, there are some stats to drain */ 2523 run_drain_fifo(sc); 2524 RUN_UNLOCK(sc); 2525 } 2526 2527 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2528 2529 RUN_LOCK(sc); 2530 if(sc->ratectl_run != RUN_RATECTL_OFF) 2531 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2532 RUN_UNLOCK(sc); 2533 } 2534 2535 static void 2536 run_drain_fifo(void *arg) 2537 { 2538 struct run_softc *sc = arg; 2539 struct ifnet *ifp = sc->sc_ifp; 2540 uint32_t stat; 2541 uint16_t (*wstat)[3]; 2542 uint8_t wcid, mcs, pid; 2543 int8_t retry; 2544 2545 RUN_LOCK_ASSERT(sc, MA_OWNED); 2546 2547 for (;;) { 2548 /* drain Tx status FIFO (maxsize = 16) */ 2549 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2550 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2551 if (!(stat & RT2860_TXQ_VLD)) 2552 break; 2553 2554 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2555 2556 /* if no ACK was requested, no feedback is available */ 2557 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2558 wcid == 0) 2559 continue; 2560 2561 /* 2562 * Even though each stat is Tx-complete-status like format, 2563 * the device can poll stats. Because there is no guarantee 2564 * that the referring node is still around when read the stats. 2565 * So that, if we use ieee80211_ratectl_tx_update(), we will 2566 * have hard time not to refer already freed node. 2567 * 2568 * To eliminate such page faults, we poll stats in softc. 2569 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2570 */ 2571 wstat = &(sc->wcid_stats[wcid]); 2572 (*wstat)[RUN_TXCNT]++; 2573 if (stat & RT2860_TXQ_OK) 2574 (*wstat)[RUN_SUCCESS]++; 2575 else 2576 ifp->if_oerrors++; 2577 /* 2578 * Check if there were retries, ie if the Tx success rate is 2579 * different from the requested rate. Note that it works only 2580 * because we do not allow rate fallback from OFDM to CCK. 2581 */ 2582 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2583 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2584 if ((retry = pid -1 - mcs) > 0) { 2585 (*wstat)[RUN_TXCNT] += retry; 2586 (*wstat)[RUN_RETRY] += retry; 2587 } 2588 } 2589 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2590 2591 sc->fifo_cnt = 0; 2592 } 2593 2594 static void 2595 run_iter_func(void *arg, struct ieee80211_node *ni) 2596 { 2597 struct run_softc *sc = arg; 2598 struct ieee80211vap *vap = ni->ni_vap; 2599 struct ieee80211com *ic = ni->ni_ic; 2600 struct ifnet *ifp = ic->ic_ifp; 2601 struct run_node *rn = (void *)ni; 2602 union run_stats sta[2]; 2603 uint16_t (*wstat)[3]; 2604 int txcnt, success, retrycnt, error; 2605 2606 RUN_LOCK(sc); 2607 2608 /* Check for special case */ 2609 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2610 ni != vap->iv_bss) 2611 goto fail; 2612 2613 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2614 vap->iv_opmode == IEEE80211_M_STA)) { 2615 /* read statistic counters (clear on read) and update AMRR state */ 2616 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2617 sizeof sta); 2618 if (error != 0) 2619 goto fail; 2620 2621 /* count failed TX as errors */ 2622 ifp->if_oerrors += le16toh(sta[0].error.fail); 2623 2624 retrycnt = le16toh(sta[1].tx.retry); 2625 success = le16toh(sta[1].tx.success); 2626 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2627 2628 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2629 retrycnt, success, le16toh(sta[0].error.fail)); 2630 } else { 2631 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2632 2633 if (wstat == &(sc->wcid_stats[0]) || 2634 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2635 goto fail; 2636 2637 txcnt = (*wstat)[RUN_TXCNT]; 2638 success = (*wstat)[RUN_SUCCESS]; 2639 retrycnt = (*wstat)[RUN_RETRY]; 2640 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2641 retrycnt, txcnt, success); 2642 2643 memset(wstat, 0, sizeof(*wstat)); 2644 } 2645 2646 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2647 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2648 2649 fail: 2650 RUN_UNLOCK(sc); 2651 2652 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2653 } 2654 2655 static void 2656 run_newassoc_cb(void *arg) 2657 { 2658 struct run_cmdq *cmdq = arg; 2659 struct ieee80211_node *ni = cmdq->arg1; 2660 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2661 uint8_t wcid = cmdq->wcid; 2662 2663 RUN_LOCK_ASSERT(sc, MA_OWNED); 2664 2665 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2666 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2667 2668 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2669 } 2670 2671 static void 2672 run_newassoc(struct ieee80211_node *ni, int isnew) 2673 { 2674 struct run_node *rn = (void *)ni; 2675 struct ieee80211_rateset *rs = &ni->ni_rates; 2676 struct ieee80211vap *vap = ni->ni_vap; 2677 struct ieee80211com *ic = vap->iv_ic; 2678 struct run_softc *sc = ic->ic_ifp->if_softc; 2679 uint8_t rate; 2680 uint8_t ridx; 2681 uint8_t wcid; 2682 int i, j; 2683 2684 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2685 1 : RUN_AID2WCID(ni->ni_associd); 2686 2687 if (wcid > RT2870_WCID_MAX) { 2688 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2689 return; 2690 } 2691 2692 /* only interested in true associations */ 2693 if (isnew && ni->ni_associd != 0) { 2694 2695 /* 2696 * This function could is called though timeout function. 2697 * Need to defer. 2698 */ 2699 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2700 DPRINTF("cmdq_store=%d\n", cnt); 2701 sc->cmdq[cnt].func = run_newassoc_cb; 2702 sc->cmdq[cnt].arg0 = NULL; 2703 sc->cmdq[cnt].arg1 = ni; 2704 sc->cmdq[cnt].wcid = wcid; 2705 ieee80211_runtask(ic, &sc->cmdq_task); 2706 } 2707 2708 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2709 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2710 2711 for (i = 0; i < rs->rs_nrates; i++) { 2712 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2713 /* convert 802.11 rate to hardware rate index */ 2714 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2715 if (rt2860_rates[ridx].rate == rate) 2716 break; 2717 rn->ridx[i] = ridx; 2718 /* determine rate of control response frames */ 2719 for (j = i; j >= 0; j--) { 2720 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2721 rt2860_rates[rn->ridx[i]].phy == 2722 rt2860_rates[rn->ridx[j]].phy) 2723 break; 2724 } 2725 if (j >= 0) { 2726 rn->ctl_ridx[i] = rn->ridx[j]; 2727 } else { 2728 /* no basic rate found, use mandatory one */ 2729 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2730 } 2731 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2732 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2733 } 2734 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2735 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2736 if (rt2860_rates[ridx].rate == rate) 2737 break; 2738 rn->mgt_ridx = ridx; 2739 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2740 2741 RUN_LOCK(sc); 2742 if(sc->ratectl_run != RUN_RATECTL_OFF) 2743 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2744 RUN_UNLOCK(sc); 2745 } 2746 2747 /* 2748 * Return the Rx chain with the highest RSSI for a given frame. 2749 */ 2750 static __inline uint8_t 2751 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2752 { 2753 uint8_t rxchain = 0; 2754 2755 if (sc->nrxchains > 1) { 2756 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2757 rxchain = 1; 2758 if (sc->nrxchains > 2) 2759 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2760 rxchain = 2; 2761 } 2762 return (rxchain); 2763 } 2764 2765 static void 2766 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2767 { 2768 struct ifnet *ifp = sc->sc_ifp; 2769 struct ieee80211com *ic = ifp->if_l2com; 2770 struct ieee80211_frame *wh; 2771 struct ieee80211_node *ni; 2772 struct rt2870_rxd *rxd; 2773 struct rt2860_rxwi *rxwi; 2774 uint32_t flags; 2775 uint16_t len, rxwisize; 2776 uint8_t ant, rssi; 2777 int8_t nf; 2778 2779 rxwi = mtod(m, struct rt2860_rxwi *); 2780 len = le16toh(rxwi->len) & 0xfff; 2781 rxwisize = sizeof(struct rt2860_rxwi); 2782 if (sc->mac_ver == 0x5592) 2783 rxwisize += sizeof(uint64_t); 2784 else if (sc->mac_ver == 0x3593) 2785 rxwisize += sizeof(uint32_t); 2786 if (__predict_false(len > dmalen)) { 2787 m_freem(m); 2788 ifp->if_ierrors++; 2789 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2790 return; 2791 } 2792 /* Rx descriptor is located at the end */ 2793 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2794 flags = le32toh(rxd->flags); 2795 2796 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2797 m_freem(m); 2798 ifp->if_ierrors++; 2799 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2800 return; 2801 } 2802 2803 m->m_data += rxwisize; 2804 m->m_pkthdr.len = m->m_len -= rxwisize; 2805 2806 wh = mtod(m, struct ieee80211_frame *); 2807 2808 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2809 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2810 m->m_flags |= M_WEP; 2811 } 2812 2813 if (flags & RT2860_RX_L2PAD) { 2814 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2815 len += 2; 2816 } 2817 2818 ni = ieee80211_find_rxnode(ic, 2819 mtod(m, struct ieee80211_frame_min *)); 2820 2821 if (__predict_false(flags & RT2860_RX_MICERR)) { 2822 /* report MIC failures to net80211 for TKIP */ 2823 if (ni != NULL) 2824 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2825 rxwi->keyidx); 2826 m_freem(m); 2827 ifp->if_ierrors++; 2828 DPRINTF("MIC error. Someone is lying.\n"); 2829 return; 2830 } 2831 2832 ant = run_maxrssi_chain(sc, rxwi); 2833 rssi = rxwi->rssi[ant]; 2834 nf = run_rssi2dbm(sc, rssi, ant); 2835 2836 m->m_pkthdr.rcvif = ifp; 2837 m->m_pkthdr.len = m->m_len = len; 2838 2839 if (ni != NULL) { 2840 (void)ieee80211_input(ni, m, rssi, nf); 2841 ieee80211_free_node(ni); 2842 } else { 2843 (void)ieee80211_input_all(ic, m, rssi, nf); 2844 } 2845 2846 if (__predict_false(ieee80211_radiotap_active(ic))) { 2847 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2848 uint16_t phy; 2849 2850 tap->wr_flags = 0; 2851 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2852 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2853 tap->wr_antsignal = rssi; 2854 tap->wr_antenna = ant; 2855 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2856 tap->wr_rate = 2; /* in case it can't be found below */ 2857 phy = le16toh(rxwi->phy); 2858 switch (phy & RT2860_PHY_MODE) { 2859 case RT2860_PHY_CCK: 2860 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2861 case 0: tap->wr_rate = 2; break; 2862 case 1: tap->wr_rate = 4; break; 2863 case 2: tap->wr_rate = 11; break; 2864 case 3: tap->wr_rate = 22; break; 2865 } 2866 if (phy & RT2860_PHY_SHPRE) 2867 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2868 break; 2869 case RT2860_PHY_OFDM: 2870 switch (phy & RT2860_PHY_MCS) { 2871 case 0: tap->wr_rate = 12; break; 2872 case 1: tap->wr_rate = 18; break; 2873 case 2: tap->wr_rate = 24; break; 2874 case 3: tap->wr_rate = 36; break; 2875 case 4: tap->wr_rate = 48; break; 2876 case 5: tap->wr_rate = 72; break; 2877 case 6: tap->wr_rate = 96; break; 2878 case 7: tap->wr_rate = 108; break; 2879 } 2880 break; 2881 } 2882 } 2883 } 2884 2885 static void 2886 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2887 { 2888 struct run_softc *sc = usbd_xfer_softc(xfer); 2889 struct ifnet *ifp = sc->sc_ifp; 2890 struct mbuf *m = NULL; 2891 struct mbuf *m0; 2892 uint32_t dmalen; 2893 uint16_t rxwisize; 2894 int xferlen; 2895 2896 rxwisize = sizeof(struct rt2860_rxwi); 2897 if (sc->mac_ver == 0x5592) 2898 rxwisize += sizeof(uint64_t); 2899 else if (sc->mac_ver == 0x3593) 2900 rxwisize += sizeof(uint32_t); 2901 2902 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2903 2904 switch (USB_GET_STATE(xfer)) { 2905 case USB_ST_TRANSFERRED: 2906 2907 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2908 2909 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2910 sizeof(struct rt2870_rxd))) { 2911 DPRINTF("xfer too short %d\n", xferlen); 2912 goto tr_setup; 2913 } 2914 2915 m = sc->rx_m; 2916 sc->rx_m = NULL; 2917 2918 /* FALLTHROUGH */ 2919 case USB_ST_SETUP: 2920 tr_setup: 2921 if (sc->rx_m == NULL) { 2922 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2923 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2924 } 2925 if (sc->rx_m == NULL) { 2926 DPRINTF("could not allocate mbuf - idle with stall\n"); 2927 ifp->if_ierrors++; 2928 usbd_xfer_set_stall(xfer); 2929 usbd_xfer_set_frames(xfer, 0); 2930 } else { 2931 /* 2932 * Directly loading a mbuf cluster into DMA to 2933 * save some data copying. This works because 2934 * there is only one cluster. 2935 */ 2936 usbd_xfer_set_frame_data(xfer, 0, 2937 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2938 usbd_xfer_set_frames(xfer, 1); 2939 } 2940 usbd_transfer_submit(xfer); 2941 break; 2942 2943 default: /* Error */ 2944 if (error != USB_ERR_CANCELLED) { 2945 /* try to clear stall first */ 2946 usbd_xfer_set_stall(xfer); 2947 2948 if (error == USB_ERR_TIMEOUT) 2949 device_printf(sc->sc_dev, "device timeout\n"); 2950 2951 ifp->if_ierrors++; 2952 2953 goto tr_setup; 2954 } 2955 if (sc->rx_m != NULL) { 2956 m_freem(sc->rx_m); 2957 sc->rx_m = NULL; 2958 } 2959 break; 2960 } 2961 2962 if (m == NULL) 2963 return; 2964 2965 /* inputting all the frames must be last */ 2966 2967 RUN_UNLOCK(sc); 2968 2969 m->m_pkthdr.len = m->m_len = xferlen; 2970 2971 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2972 for(;;) { 2973 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2974 2975 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2976 ((dmalen & 3) != 0)) { 2977 DPRINTF("bad DMA length %u\n", dmalen); 2978 break; 2979 } 2980 if ((dmalen + 8) > (uint32_t)xferlen) { 2981 DPRINTF("bad DMA length %u > %d\n", 2982 dmalen + 8, xferlen); 2983 break; 2984 } 2985 2986 /* If it is the last one or a single frame, we won't copy. */ 2987 if ((xferlen -= dmalen + 8) <= 8) { 2988 /* trim 32-bit DMA-len header */ 2989 m->m_data += 4; 2990 m->m_pkthdr.len = m->m_len -= 4; 2991 run_rx_frame(sc, m, dmalen); 2992 m = NULL; /* don't free source buffer */ 2993 break; 2994 } 2995 2996 /* copy aggregated frames to another mbuf */ 2997 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2998 if (__predict_false(m0 == NULL)) { 2999 DPRINTF("could not allocate mbuf\n"); 3000 ifp->if_ierrors++; 3001 break; 3002 } 3003 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3004 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3005 m0->m_pkthdr.len = m0->m_len = 3006 dmalen + sizeof(struct rt2870_rxd); 3007 run_rx_frame(sc, m0, dmalen); 3008 3009 /* update data ptr */ 3010 m->m_data += dmalen + 8; 3011 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3012 } 3013 3014 /* make sure we free the source buffer, if any */ 3015 m_freem(m); 3016 3017 RUN_LOCK(sc); 3018 } 3019 3020 static void 3021 run_tx_free(struct run_endpoint_queue *pq, 3022 struct run_tx_data *data, int txerr) 3023 { 3024 if (data->m != NULL) { 3025 if (data->m->m_flags & M_TXCB) 3026 ieee80211_process_callback(data->ni, data->m, 3027 txerr ? ETIMEDOUT : 0); 3028 m_freem(data->m); 3029 data->m = NULL; 3030 3031 if (data->ni == NULL) { 3032 DPRINTF("no node\n"); 3033 } else { 3034 ieee80211_free_node(data->ni); 3035 data->ni = NULL; 3036 } 3037 } 3038 3039 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3040 pq->tx_nfree++; 3041 } 3042 3043 static void 3044 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3045 { 3046 struct run_softc *sc = usbd_xfer_softc(xfer); 3047 struct ifnet *ifp = sc->sc_ifp; 3048 struct ieee80211com *ic = ifp->if_l2com; 3049 struct run_tx_data *data; 3050 struct ieee80211vap *vap = NULL; 3051 struct usb_page_cache *pc; 3052 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3053 struct mbuf *m; 3054 usb_frlength_t size; 3055 int actlen; 3056 int sumlen; 3057 3058 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3059 3060 switch (USB_GET_STATE(xfer)) { 3061 case USB_ST_TRANSFERRED: 3062 DPRINTFN(11, "transfer complete: %d " 3063 "bytes @ index %d\n", actlen, index); 3064 3065 data = usbd_xfer_get_priv(xfer); 3066 3067 run_tx_free(pq, data, 0); 3068 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 3069 3070 usbd_xfer_set_priv(xfer, NULL); 3071 3072 ifp->if_opackets++; 3073 3074 /* FALLTHROUGH */ 3075 case USB_ST_SETUP: 3076 tr_setup: 3077 data = STAILQ_FIRST(&pq->tx_qh); 3078 if (data == NULL) 3079 break; 3080 3081 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3082 3083 m = data->m; 3084 size = (sc->mac_ver == 0x5592) ? 3085 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3086 if ((m->m_pkthdr.len + 3087 size + 3 + 8) > RUN_MAX_TXSZ) { 3088 DPRINTF("data overflow, %u bytes\n", 3089 m->m_pkthdr.len); 3090 3091 ifp->if_oerrors++; 3092 3093 run_tx_free(pq, data, 1); 3094 3095 goto tr_setup; 3096 } 3097 3098 pc = usbd_xfer_get_frame(xfer, 0); 3099 usbd_copy_in(pc, 0, &data->desc, size); 3100 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3101 size += m->m_pkthdr.len; 3102 /* 3103 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3104 * 4-byte padding), and be sure to zero those trailing 3105 * bytes: 3106 */ 3107 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3108 size += ((-size) & 3) + 8; 3109 3110 vap = data->ni->ni_vap; 3111 if (ieee80211_radiotap_active_vap(vap)) { 3112 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3113 struct rt2860_txwi *txwi = 3114 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3115 tap->wt_flags = 0; 3116 tap->wt_rate = rt2860_rates[data->ridx].rate; 3117 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3118 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3119 tap->wt_hwqueue = index; 3120 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3121 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3122 3123 ieee80211_radiotap_tx(vap, m); 3124 } 3125 3126 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3127 m->m_pkthdr.len, size, index); 3128 3129 usbd_xfer_set_frame_len(xfer, 0, size); 3130 usbd_xfer_set_priv(xfer, data); 3131 3132 usbd_transfer_submit(xfer); 3133 3134 RUN_UNLOCK(sc); 3135 run_start(ifp); 3136 RUN_LOCK(sc); 3137 3138 break; 3139 3140 default: 3141 DPRINTF("USB transfer error, %s\n", 3142 usbd_errstr(error)); 3143 3144 data = usbd_xfer_get_priv(xfer); 3145 3146 ifp->if_oerrors++; 3147 3148 if (data != NULL) { 3149 if(data->ni != NULL) 3150 vap = data->ni->ni_vap; 3151 run_tx_free(pq, data, error); 3152 usbd_xfer_set_priv(xfer, NULL); 3153 } 3154 if (vap == NULL) 3155 vap = TAILQ_FIRST(&ic->ic_vaps); 3156 3157 if (error != USB_ERR_CANCELLED) { 3158 if (error == USB_ERR_TIMEOUT) { 3159 device_printf(sc->sc_dev, "device timeout\n"); 3160 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3161 DPRINTF("cmdq_store=%d\n", i); 3162 sc->cmdq[i].func = run_usb_timeout_cb; 3163 sc->cmdq[i].arg0 = vap; 3164 ieee80211_runtask(ic, &sc->cmdq_task); 3165 } 3166 3167 /* 3168 * Try to clear stall first, also if other 3169 * errors occur, hence clearing stall 3170 * introduces a 50 ms delay: 3171 */ 3172 usbd_xfer_set_stall(xfer); 3173 goto tr_setup; 3174 } 3175 break; 3176 } 3177 } 3178 3179 static void 3180 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3181 { 3182 run_bulk_tx_callbackN(xfer, error, 0); 3183 } 3184 3185 static void 3186 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3187 { 3188 run_bulk_tx_callbackN(xfer, error, 1); 3189 } 3190 3191 static void 3192 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3193 { 3194 run_bulk_tx_callbackN(xfer, error, 2); 3195 } 3196 3197 static void 3198 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3199 { 3200 run_bulk_tx_callbackN(xfer, error, 3); 3201 } 3202 3203 static void 3204 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3205 { 3206 run_bulk_tx_callbackN(xfer, error, 4); 3207 } 3208 3209 static void 3210 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3211 { 3212 run_bulk_tx_callbackN(xfer, error, 5); 3213 } 3214 3215 static void 3216 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3217 { 3218 struct mbuf *m = data->m; 3219 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3220 struct ieee80211vap *vap = data->ni->ni_vap; 3221 struct ieee80211_frame *wh; 3222 struct rt2870_txd *txd; 3223 struct rt2860_txwi *txwi; 3224 uint16_t xferlen, txwisize; 3225 uint16_t mcs; 3226 uint8_t ridx = data->ridx; 3227 uint8_t pad; 3228 3229 /* get MCS code from rate index */ 3230 mcs = rt2860_rates[ridx].mcs; 3231 3232 txwisize = (sc->mac_ver == 0x5592) ? 3233 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3234 xferlen = txwisize + m->m_pkthdr.len; 3235 3236 /* roundup to 32-bit alignment */ 3237 xferlen = (xferlen + 3) & ~3; 3238 3239 txd = (struct rt2870_txd *)&data->desc; 3240 txd->len = htole16(xferlen); 3241 3242 wh = mtod(m, struct ieee80211_frame *); 3243 3244 /* 3245 * Ether both are true or both are false, the header 3246 * are nicely aligned to 32-bit. So, no L2 padding. 3247 */ 3248 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3249 pad = 0; 3250 else 3251 pad = 2; 3252 3253 /* setup TX Wireless Information */ 3254 txwi = (struct rt2860_txwi *)(txd + 1); 3255 txwi->len = htole16(m->m_pkthdr.len - pad); 3256 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3257 txwi->phy = htole16(RT2860_PHY_CCK); 3258 if (ridx != RT2860_RIDX_CCK1 && 3259 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3260 mcs |= RT2860_PHY_SHPRE; 3261 } else 3262 txwi->phy = htole16(RT2860_PHY_OFDM); 3263 txwi->phy |= htole16(mcs); 3264 3265 /* check if RTS/CTS or CTS-to-self protection is required */ 3266 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3267 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3268 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3269 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3270 txwi->txop |= RT2860_TX_TXOP_HT; 3271 else 3272 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3273 3274 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3275 txwi->xflags |= RT2860_TX_NSEQ; 3276 } 3277 3278 /* This function must be called locked */ 3279 static int 3280 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3281 { 3282 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3283 struct ieee80211vap *vap = ni->ni_vap; 3284 struct ieee80211_frame *wh; 3285 struct ieee80211_channel *chan; 3286 const struct ieee80211_txparam *tp; 3287 struct run_node *rn = (void *)ni; 3288 struct run_tx_data *data; 3289 struct rt2870_txd *txd; 3290 struct rt2860_txwi *txwi; 3291 uint16_t qos; 3292 uint16_t dur; 3293 uint16_t qid; 3294 uint8_t type; 3295 uint8_t tid; 3296 uint8_t ridx; 3297 uint8_t ctl_ridx; 3298 uint8_t qflags; 3299 uint8_t xflags = 0; 3300 int hasqos; 3301 3302 RUN_LOCK_ASSERT(sc, MA_OWNED); 3303 3304 wh = mtod(m, struct ieee80211_frame *); 3305 3306 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3307 3308 /* 3309 * There are 7 bulk endpoints: 1 for RX 3310 * and 6 for TX (4 EDCAs + HCCA + Prio). 3311 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3312 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3313 */ 3314 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3315 uint8_t *frm; 3316 3317 if(IEEE80211_HAS_ADDR4(wh)) 3318 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3319 else 3320 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3321 3322 qos = le16toh(*(const uint16_t *)frm); 3323 tid = qos & IEEE80211_QOS_TID; 3324 qid = TID_TO_WME_AC(tid); 3325 } else { 3326 qos = 0; 3327 tid = 0; 3328 qid = WME_AC_BE; 3329 } 3330 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3331 3332 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3333 qos, qid, tid, qflags); 3334 3335 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3336 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3337 3338 /* pickup a rate index */ 3339 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3340 type != IEEE80211_FC0_TYPE_DATA) { 3341 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3342 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3343 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3344 } else { 3345 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3346 ridx = rn->fix_ridx; 3347 else 3348 ridx = rn->amrr_ridx; 3349 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3350 } 3351 3352 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3353 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3354 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3355 xflags |= RT2860_TX_ACK; 3356 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3357 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3358 else 3359 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3360 USETW(wh->i_dur, dur); 3361 } 3362 3363 /* reserve slots for mgmt packets, just in case */ 3364 if (sc->sc_epq[qid].tx_nfree < 3) { 3365 DPRINTFN(10, "tx ring %d is full\n", qid); 3366 return (-1); 3367 } 3368 3369 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3370 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3371 sc->sc_epq[qid].tx_nfree--; 3372 3373 txd = (struct rt2870_txd *)&data->desc; 3374 txd->flags = qflags; 3375 txwi = (struct rt2860_txwi *)(txd + 1); 3376 txwi->xflags = xflags; 3377 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3378 txwi->wcid = 0; 3379 else 3380 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3381 1 : RUN_AID2WCID(ni->ni_associd); 3382 3383 /* clear leftover garbage bits */ 3384 txwi->flags = 0; 3385 txwi->txop = 0; 3386 3387 data->m = m; 3388 data->ni = ni; 3389 data->ridx = ridx; 3390 3391 run_set_tx_desc(sc, data); 3392 3393 /* 3394 * The chip keeps track of 2 kind of Tx stats, 3395 * * TX_STAT_FIFO, for per WCID stats, and 3396 * * TX_STA_CNT0 for all-TX-in-one stats. 3397 * 3398 * To use FIFO stats, we need to store MCS into the driver-private 3399 * PacketID field. So that, we can tell whose stats when we read them. 3400 * We add 1 to the MCS because setting the PacketID field to 0 means 3401 * that we don't want feedback in TX_STAT_FIFO. 3402 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3403 * 3404 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3405 */ 3406 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3407 vap->iv_opmode == IEEE80211_M_MBSS) { 3408 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3409 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3410 3411 /* 3412 * Unlike PCI based devices, we don't get any interrupt from 3413 * USB devices, so we simulate FIFO-is-full interrupt here. 3414 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3415 * quickly get fulled. To prevent overflow, increment a counter on 3416 * every FIFO stat request, so we know how many slots are left. 3417 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3418 * are used only in those modes. 3419 * We just drain stats. AMRR gets updated every 1 sec by 3420 * run_ratectl_cb() via callout. 3421 * Call it early. Otherwise overflow. 3422 */ 3423 if (sc->fifo_cnt++ == 10) { 3424 /* 3425 * With multiple vaps or if_bridge, if_start() is called 3426 * with a non-sleepable lock, tcpinp. So, need to defer. 3427 */ 3428 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3429 DPRINTFN(6, "cmdq_store=%d\n", i); 3430 sc->cmdq[i].func = run_drain_fifo; 3431 sc->cmdq[i].arg0 = sc; 3432 ieee80211_runtask(ic, &sc->cmdq_task); 3433 } 3434 } 3435 3436 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3437 3438 usbd_transfer_start(sc->sc_xfer[qid]); 3439 3440 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3441 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3442 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3443 3444 return (0); 3445 } 3446 3447 static int 3448 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3449 { 3450 struct ifnet *ifp = sc->sc_ifp; 3451 struct ieee80211com *ic = ifp->if_l2com; 3452 struct run_node *rn = (void *)ni; 3453 struct run_tx_data *data; 3454 struct ieee80211_frame *wh; 3455 struct rt2870_txd *txd; 3456 struct rt2860_txwi *txwi; 3457 uint16_t dur; 3458 uint8_t ridx = rn->mgt_ridx; 3459 uint8_t type; 3460 uint8_t xflags = 0; 3461 uint8_t wflags = 0; 3462 3463 RUN_LOCK_ASSERT(sc, MA_OWNED); 3464 3465 wh = mtod(m, struct ieee80211_frame *); 3466 3467 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3468 3469 /* tell hardware to add timestamp for probe responses */ 3470 if ((wh->i_fc[0] & 3471 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3472 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3473 wflags |= RT2860_TX_TS; 3474 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3475 xflags |= RT2860_TX_ACK; 3476 3477 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3478 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3479 USETW(wh->i_dur, dur); 3480 } 3481 3482 if (sc->sc_epq[0].tx_nfree == 0) { 3483 /* let caller free mbuf */ 3484 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3485 return (EIO); 3486 } 3487 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3488 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3489 sc->sc_epq[0].tx_nfree--; 3490 3491 txd = (struct rt2870_txd *)&data->desc; 3492 txd->flags = RT2860_TX_QSEL_EDCA; 3493 txwi = (struct rt2860_txwi *)(txd + 1); 3494 txwi->wcid = 0xff; 3495 txwi->flags = wflags; 3496 txwi->xflags = xflags; 3497 txwi->txop = 0; /* clear leftover garbage bits */ 3498 3499 data->m = m; 3500 data->ni = ni; 3501 data->ridx = ridx; 3502 3503 run_set_tx_desc(sc, data); 3504 3505 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3506 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3507 rt2860_rates[ridx].rate); 3508 3509 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3510 3511 usbd_transfer_start(sc->sc_xfer[0]); 3512 3513 return (0); 3514 } 3515 3516 static int 3517 run_sendprot(struct run_softc *sc, 3518 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3519 { 3520 struct ieee80211com *ic = ni->ni_ic; 3521 struct ieee80211_frame *wh; 3522 struct run_tx_data *data; 3523 struct rt2870_txd *txd; 3524 struct rt2860_txwi *txwi; 3525 struct mbuf *mprot; 3526 int ridx; 3527 int protrate; 3528 int ackrate; 3529 int pktlen; 3530 int isshort; 3531 uint16_t dur; 3532 uint8_t type; 3533 uint8_t wflags = 0; 3534 uint8_t xflags = 0; 3535 3536 RUN_LOCK_ASSERT(sc, MA_OWNED); 3537 3538 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3539 ("protection %d", prot)); 3540 3541 wh = mtod(m, struct ieee80211_frame *); 3542 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3543 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3544 3545 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3546 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3547 3548 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3549 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3550 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3551 wflags = RT2860_TX_FRAG; 3552 3553 /* check that there are free slots before allocating the mbuf */ 3554 if (sc->sc_epq[0].tx_nfree == 0) { 3555 /* let caller free mbuf */ 3556 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3557 return (ENOBUFS); 3558 } 3559 3560 if (prot == IEEE80211_PROT_RTSCTS) { 3561 /* NB: CTS is the same size as an ACK */ 3562 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3563 xflags |= RT2860_TX_ACK; 3564 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3565 } else { 3566 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3567 } 3568 if (mprot == NULL) { 3569 sc->sc_ifp->if_oerrors++; 3570 DPRINTF("could not allocate mbuf\n"); 3571 return (ENOBUFS); 3572 } 3573 3574 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3575 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3576 sc->sc_epq[0].tx_nfree--; 3577 3578 txd = (struct rt2870_txd *)&data->desc; 3579 txd->flags = RT2860_TX_QSEL_EDCA; 3580 txwi = (struct rt2860_txwi *)(txd + 1); 3581 txwi->wcid = 0xff; 3582 txwi->flags = wflags; 3583 txwi->xflags = xflags; 3584 txwi->txop = 0; /* clear leftover garbage bits */ 3585 3586 data->m = mprot; 3587 data->ni = ieee80211_ref_node(ni); 3588 3589 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3590 if (rt2860_rates[ridx].rate == protrate) 3591 break; 3592 data->ridx = ridx; 3593 3594 run_set_tx_desc(sc, data); 3595 3596 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3597 m->m_pkthdr.len, rate); 3598 3599 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3600 3601 usbd_transfer_start(sc->sc_xfer[0]); 3602 3603 return (0); 3604 } 3605 3606 static int 3607 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3608 const struct ieee80211_bpf_params *params) 3609 { 3610 struct ieee80211com *ic = ni->ni_ic; 3611 struct ieee80211_frame *wh; 3612 struct run_tx_data *data; 3613 struct rt2870_txd *txd; 3614 struct rt2860_txwi *txwi; 3615 uint8_t type; 3616 uint8_t ridx; 3617 uint8_t rate; 3618 uint8_t opflags = 0; 3619 uint8_t xflags = 0; 3620 int error; 3621 3622 RUN_LOCK_ASSERT(sc, MA_OWNED); 3623 3624 KASSERT(params != NULL, ("no raw xmit params")); 3625 3626 wh = mtod(m, struct ieee80211_frame *); 3627 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3628 3629 rate = params->ibp_rate0; 3630 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3631 /* let caller free mbuf */ 3632 return (EINVAL); 3633 } 3634 3635 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3636 xflags |= RT2860_TX_ACK; 3637 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3638 error = run_sendprot(sc, m, ni, 3639 params->ibp_flags & IEEE80211_BPF_RTS ? 3640 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3641 rate); 3642 if (error) { 3643 /* let caller free mbuf */ 3644 return error; 3645 } 3646 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3647 } 3648 3649 if (sc->sc_epq[0].tx_nfree == 0) { 3650 /* let caller free mbuf */ 3651 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3652 DPRINTF("sending raw frame, but tx ring is full\n"); 3653 return (EIO); 3654 } 3655 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3656 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3657 sc->sc_epq[0].tx_nfree--; 3658 3659 txd = (struct rt2870_txd *)&data->desc; 3660 txd->flags = RT2860_TX_QSEL_EDCA; 3661 txwi = (struct rt2860_txwi *)(txd + 1); 3662 txwi->wcid = 0xff; 3663 txwi->xflags = xflags; 3664 txwi->txop = opflags; 3665 txwi->flags = 0; /* clear leftover garbage bits */ 3666 3667 data->m = m; 3668 data->ni = ni; 3669 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3670 if (rt2860_rates[ridx].rate == rate) 3671 break; 3672 data->ridx = ridx; 3673 3674 run_set_tx_desc(sc, data); 3675 3676 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3677 m->m_pkthdr.len, rate); 3678 3679 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3680 3681 usbd_transfer_start(sc->sc_xfer[0]); 3682 3683 return (0); 3684 } 3685 3686 static int 3687 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3688 const struct ieee80211_bpf_params *params) 3689 { 3690 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3691 struct run_softc *sc = ifp->if_softc; 3692 int error = 0; 3693 3694 RUN_LOCK(sc); 3695 3696 /* prevent management frames from being sent if we're not ready */ 3697 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3698 error = ENETDOWN; 3699 goto done; 3700 } 3701 3702 if (params == NULL) { 3703 /* tx mgt packet */ 3704 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3705 ifp->if_oerrors++; 3706 DPRINTF("mgt tx failed\n"); 3707 goto done; 3708 } 3709 } else { 3710 /* tx raw packet with param */ 3711 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3712 ifp->if_oerrors++; 3713 DPRINTF("tx with param failed\n"); 3714 goto done; 3715 } 3716 } 3717 3718 ifp->if_opackets++; 3719 3720 done: 3721 RUN_UNLOCK(sc); 3722 3723 if (error != 0) { 3724 if(m != NULL) 3725 m_freem(m); 3726 ieee80211_free_node(ni); 3727 } 3728 3729 return (error); 3730 } 3731 3732 static void 3733 run_start(struct ifnet *ifp) 3734 { 3735 struct run_softc *sc = ifp->if_softc; 3736 struct ieee80211_node *ni; 3737 struct mbuf *m; 3738 3739 RUN_LOCK(sc); 3740 3741 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3742 RUN_UNLOCK(sc); 3743 return; 3744 } 3745 3746 for (;;) { 3747 /* send data frames */ 3748 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3749 if (m == NULL) 3750 break; 3751 3752 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3753 if (run_tx(sc, m, ni) != 0) { 3754 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3755 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3756 break; 3757 } 3758 } 3759 3760 RUN_UNLOCK(sc); 3761 } 3762 3763 static int 3764 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3765 { 3766 struct run_softc *sc = ifp->if_softc; 3767 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3768 struct ifreq *ifr = (struct ifreq *) data; 3769 int startall = 0; 3770 int error; 3771 3772 RUN_LOCK(sc); 3773 error = sc->sc_detached ? ENXIO : 0; 3774 RUN_UNLOCK(sc); 3775 if (error) 3776 return (error); 3777 3778 switch (cmd) { 3779 case SIOCSIFFLAGS: 3780 RUN_LOCK(sc); 3781 if (ifp->if_flags & IFF_UP) { 3782 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3783 startall = 1; 3784 run_init_locked(sc); 3785 } else 3786 run_update_promisc_locked(ifp); 3787 } else { 3788 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3789 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3790 run_stop(sc); 3791 } 3792 } 3793 RUN_UNLOCK(sc); 3794 if (startall) 3795 ieee80211_start_all(ic); 3796 break; 3797 case SIOCGIFMEDIA: 3798 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3799 break; 3800 case SIOCGIFADDR: 3801 error = ether_ioctl(ifp, cmd, data); 3802 break; 3803 default: 3804 error = EINVAL; 3805 break; 3806 } 3807 3808 return (error); 3809 } 3810 3811 static void 3812 run_iq_calib(struct run_softc *sc, u_int chan) 3813 { 3814 uint16_t val; 3815 3816 /* Tx0 IQ gain. */ 3817 run_bbp_write(sc, 158, 0x2c); 3818 if (chan <= 14) 3819 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3820 else if (chan <= 64) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3823 &val, 1); 3824 } else if (chan <= 138) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3827 &val, 1); 3828 } else if (chan <= 165) { 3829 run_efuse_read(sc, 3830 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3831 &val, 1); 3832 } else 3833 val = 0; 3834 run_bbp_write(sc, 159, val); 3835 3836 /* Tx0 IQ phase. */ 3837 run_bbp_write(sc, 158, 0x2d); 3838 if (chan <= 14) { 3839 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3840 &val, 1); 3841 } else if (chan <= 64) { 3842 run_efuse_read(sc, 3843 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3844 &val, 1); 3845 } else if (chan <= 138) { 3846 run_efuse_read(sc, 3847 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3848 &val, 1); 3849 } else if (chan <= 165) { 3850 run_efuse_read(sc, 3851 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3852 &val, 1); 3853 } else 3854 val = 0; 3855 run_bbp_write(sc, 159, val); 3856 3857 /* Tx1 IQ gain. */ 3858 run_bbp_write(sc, 158, 0x4a); 3859 if (chan <= 14) { 3860 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3861 &val, 1); 3862 } else if (chan <= 64) { 3863 run_efuse_read(sc, 3864 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3865 &val, 1); 3866 } else if (chan <= 138) { 3867 run_efuse_read(sc, 3868 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3869 &val, 1); 3870 } else if (chan <= 165) { 3871 run_efuse_read(sc, 3872 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3873 &val, 1); 3874 } else 3875 val = 0; 3876 run_bbp_write(sc, 159, val); 3877 3878 /* Tx1 IQ phase. */ 3879 run_bbp_write(sc, 158, 0x4b); 3880 if (chan <= 14) { 3881 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3882 &val, 1); 3883 } else if (chan <= 64) { 3884 run_efuse_read(sc, 3885 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3886 &val, 1); 3887 } else if (chan <= 138) { 3888 run_efuse_read(sc, 3889 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3890 &val, 1); 3891 } else if (chan <= 165) { 3892 run_efuse_read(sc, 3893 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3894 &val, 1); 3895 } else 3896 val = 0; 3897 run_bbp_write(sc, 159, val); 3898 3899 /* RF IQ compensation control. */ 3900 run_bbp_write(sc, 158, 0x04); 3901 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3902 &val, 1); 3903 run_bbp_write(sc, 159, val); 3904 3905 /* RF IQ imbalance compensation control. */ 3906 run_bbp_write(sc, 158, 0x03); 3907 run_efuse_read(sc, 3908 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3909 run_bbp_write(sc, 159, val); 3910 } 3911 3912 static void 3913 run_set_agc(struct run_softc *sc, uint8_t agc) 3914 { 3915 uint8_t bbp; 3916 3917 if (sc->mac_ver == 0x3572) { 3918 run_bbp_read(sc, 27, &bbp); 3919 bbp &= ~(0x3 << 5); 3920 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3921 run_bbp_write(sc, 66, agc); 3922 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3923 run_bbp_write(sc, 66, agc); 3924 } else 3925 run_bbp_write(sc, 66, agc); 3926 } 3927 3928 static void 3929 run_select_chan_group(struct run_softc *sc, int group) 3930 { 3931 uint32_t tmp; 3932 uint8_t agc; 3933 3934 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3935 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3936 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3937 if (sc->mac_ver < 0x3572) 3938 run_bbp_write(sc, 86, 0x00); 3939 3940 if (sc->mac_ver == 0x3593) { 3941 run_bbp_write(sc, 77, 0x98); 3942 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3943 } 3944 3945 if (group == 0) { 3946 if (sc->ext_2ghz_lna) { 3947 if (sc->mac_ver >= 0x5390) 3948 run_bbp_write(sc, 75, 0x52); 3949 else { 3950 run_bbp_write(sc, 82, 0x62); 3951 run_bbp_write(sc, 75, 0x46); 3952 } 3953 } else { 3954 if (sc->mac_ver == 0x5592) { 3955 run_bbp_write(sc, 79, 0x1c); 3956 run_bbp_write(sc, 80, 0x0e); 3957 run_bbp_write(sc, 81, 0x3a); 3958 run_bbp_write(sc, 82, 0x62); 3959 3960 run_bbp_write(sc, 195, 0x80); 3961 run_bbp_write(sc, 196, 0xe0); 3962 run_bbp_write(sc, 195, 0x81); 3963 run_bbp_write(sc, 196, 0x1f); 3964 run_bbp_write(sc, 195, 0x82); 3965 run_bbp_write(sc, 196, 0x38); 3966 run_bbp_write(sc, 195, 0x83); 3967 run_bbp_write(sc, 196, 0x32); 3968 run_bbp_write(sc, 195, 0x85); 3969 run_bbp_write(sc, 196, 0x28); 3970 run_bbp_write(sc, 195, 0x86); 3971 run_bbp_write(sc, 196, 0x19); 3972 } else if (sc->mac_ver >= 0x5390) 3973 run_bbp_write(sc, 75, 0x50); 3974 else { 3975 run_bbp_write(sc, 82, 3976 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3977 run_bbp_write(sc, 75, 0x50); 3978 } 3979 } 3980 } else { 3981 if (sc->mac_ver == 0x5592) { 3982 run_bbp_write(sc, 79, 0x18); 3983 run_bbp_write(sc, 80, 0x08); 3984 run_bbp_write(sc, 81, 0x38); 3985 run_bbp_write(sc, 82, 0x92); 3986 3987 run_bbp_write(sc, 195, 0x80); 3988 run_bbp_write(sc, 196, 0xf0); 3989 run_bbp_write(sc, 195, 0x81); 3990 run_bbp_write(sc, 196, 0x1e); 3991 run_bbp_write(sc, 195, 0x82); 3992 run_bbp_write(sc, 196, 0x28); 3993 run_bbp_write(sc, 195, 0x83); 3994 run_bbp_write(sc, 196, 0x20); 3995 run_bbp_write(sc, 195, 0x85); 3996 run_bbp_write(sc, 196, 0x7f); 3997 run_bbp_write(sc, 195, 0x86); 3998 run_bbp_write(sc, 196, 0x7f); 3999 } else if (sc->mac_ver == 0x3572) 4000 run_bbp_write(sc, 82, 0x94); 4001 else 4002 run_bbp_write(sc, 82, 4003 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4004 if (sc->ext_5ghz_lna) 4005 run_bbp_write(sc, 75, 0x46); 4006 else 4007 run_bbp_write(sc, 75, 0x50); 4008 } 4009 4010 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4011 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4012 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4013 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4014 4015 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4016 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4017 if (sc->mac_ver == 0x3593) 4018 tmp |= 1 << 29 | 1 << 28; 4019 if (sc->nrxchains > 1) 4020 tmp |= RT2860_LNA_PE1_EN; 4021 if (group == 0) { /* 2GHz */ 4022 tmp |= RT2860_PA_PE_G0_EN; 4023 if (sc->ntxchains > 1) 4024 tmp |= RT2860_PA_PE_G1_EN; 4025 if (sc->mac_ver == 0x3593) { 4026 if (sc->ntxchains > 2) 4027 tmp |= 1 << 25; 4028 } 4029 } else { /* 5GHz */ 4030 tmp |= RT2860_PA_PE_A0_EN; 4031 if (sc->ntxchains > 1) 4032 tmp |= RT2860_PA_PE_A1_EN; 4033 } 4034 if (sc->mac_ver == 0x3572) { 4035 run_rt3070_rf_write(sc, 8, 0x00); 4036 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4037 run_rt3070_rf_write(sc, 8, 0x80); 4038 } else 4039 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4040 4041 if (sc->mac_ver == 0x5592) { 4042 run_bbp_write(sc, 195, 0x8d); 4043 run_bbp_write(sc, 196, 0x1a); 4044 } 4045 4046 if (sc->mac_ver == 0x3593) { 4047 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4048 tmp &= ~0x01010000; 4049 if (group == 0) 4050 tmp |= 0x00010000; 4051 tmp = (tmp & ~0x00009090) | 0x00000090; 4052 run_write(sc, RT2860_GPIO_CTRL, tmp); 4053 } 4054 4055 /* set initial AGC value */ 4056 if (group == 0) { /* 2GHz band */ 4057 if (sc->mac_ver >= 0x3070) 4058 agc = 0x1c + sc->lna[0] * 2; 4059 else 4060 agc = 0x2e + sc->lna[0]; 4061 } else { /* 5GHz band */ 4062 if (sc->mac_ver == 0x5592) 4063 agc = 0x24 + sc->lna[group] * 2; 4064 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4065 agc = 0x22 + (sc->lna[group] * 5) / 3; 4066 else 4067 agc = 0x32 + (sc->lna[group] * 5) / 3; 4068 } 4069 run_set_agc(sc, agc); 4070 } 4071 4072 static void 4073 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4074 { 4075 const struct rfprog *rfprog = rt2860_rf2850; 4076 uint32_t r2, r3, r4; 4077 int8_t txpow1, txpow2; 4078 int i; 4079 4080 /* find the settings for this channel (we know it exists) */ 4081 for (i = 0; rfprog[i].chan != chan; i++); 4082 4083 r2 = rfprog[i].r2; 4084 if (sc->ntxchains == 1) 4085 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4086 if (sc->nrxchains == 1) 4087 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4088 else if (sc->nrxchains == 2) 4089 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4090 4091 /* use Tx power values from EEPROM */ 4092 txpow1 = sc->txpow1[i]; 4093 txpow2 = sc->txpow2[i]; 4094 4095 /* Initialize RF R3 and R4. */ 4096 r3 = rfprog[i].r3 & 0xffffc1ff; 4097 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4098 if (chan > 14) { 4099 if (txpow1 >= 0) { 4100 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4101 r3 |= (txpow1 << 10) | (1 << 9); 4102 } else { 4103 txpow1 += 7; 4104 4105 /* txpow1 is not possible larger than 15. */ 4106 r3 |= (txpow1 << 10); 4107 } 4108 if (txpow2 >= 0) { 4109 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4110 r4 |= (txpow2 << 7) | (1 << 6); 4111 } else { 4112 txpow2 += 7; 4113 r4 |= (txpow2 << 7); 4114 } 4115 } else { 4116 /* Set Tx0 power. */ 4117 r3 |= (txpow1 << 9); 4118 4119 /* Set frequency offset and Tx1 power. */ 4120 r4 |= (txpow2 << 6); 4121 } 4122 4123 run_rt2870_rf_write(sc, rfprog[i].r1); 4124 run_rt2870_rf_write(sc, r2); 4125 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4126 run_rt2870_rf_write(sc, r4); 4127 4128 run_delay(sc, 10); 4129 4130 run_rt2870_rf_write(sc, rfprog[i].r1); 4131 run_rt2870_rf_write(sc, r2); 4132 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4133 run_rt2870_rf_write(sc, r4); 4134 4135 run_delay(sc, 10); 4136 4137 run_rt2870_rf_write(sc, rfprog[i].r1); 4138 run_rt2870_rf_write(sc, r2); 4139 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4140 run_rt2870_rf_write(sc, r4); 4141 } 4142 4143 static void 4144 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4145 { 4146 int8_t txpow1, txpow2; 4147 uint8_t rf; 4148 int i; 4149 4150 /* find the settings for this channel (we know it exists) */ 4151 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4152 4153 /* use Tx power values from EEPROM */ 4154 txpow1 = sc->txpow1[i]; 4155 txpow2 = sc->txpow2[i]; 4156 4157 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4158 4159 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4160 run_rt3070_rf_read(sc, 3, &rf); 4161 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4162 run_rt3070_rf_write(sc, 3, rf); 4163 4164 run_rt3070_rf_read(sc, 6, &rf); 4165 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4166 run_rt3070_rf_write(sc, 6, rf); 4167 4168 /* set Tx0 power */ 4169 run_rt3070_rf_read(sc, 12, &rf); 4170 rf = (rf & ~0x1f) | txpow1; 4171 run_rt3070_rf_write(sc, 12, rf); 4172 4173 /* set Tx1 power */ 4174 run_rt3070_rf_read(sc, 13, &rf); 4175 rf = (rf & ~0x1f) | txpow2; 4176 run_rt3070_rf_write(sc, 13, rf); 4177 4178 run_rt3070_rf_read(sc, 1, &rf); 4179 rf &= ~0xfc; 4180 if (sc->ntxchains == 1) 4181 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4182 else if (sc->ntxchains == 2) 4183 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4184 if (sc->nrxchains == 1) 4185 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4186 else if (sc->nrxchains == 2) 4187 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4188 run_rt3070_rf_write(sc, 1, rf); 4189 4190 /* set RF offset */ 4191 run_rt3070_rf_read(sc, 23, &rf); 4192 rf = (rf & ~0x7f) | sc->freq; 4193 run_rt3070_rf_write(sc, 23, rf); 4194 4195 /* program RF filter */ 4196 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4197 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4198 run_rt3070_rf_write(sc, 24, rf); 4199 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4200 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4201 run_rt3070_rf_write(sc, 31, rf); 4202 4203 /* enable RF tuning */ 4204 run_rt3070_rf_read(sc, 7, &rf); 4205 run_rt3070_rf_write(sc, 7, rf | 0x01); 4206 } 4207 4208 static void 4209 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4210 { 4211 int8_t txpow1, txpow2; 4212 uint32_t tmp; 4213 uint8_t rf; 4214 int i; 4215 4216 /* find the settings for this channel (we know it exists) */ 4217 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4218 4219 /* use Tx power values from EEPROM */ 4220 txpow1 = sc->txpow1[i]; 4221 txpow2 = sc->txpow2[i]; 4222 4223 if (chan <= 14) { 4224 run_bbp_write(sc, 25, sc->bbp25); 4225 run_bbp_write(sc, 26, sc->bbp26); 4226 } else { 4227 /* enable IQ phase correction */ 4228 run_bbp_write(sc, 25, 0x09); 4229 run_bbp_write(sc, 26, 0xff); 4230 } 4231 4232 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4233 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4234 run_rt3070_rf_read(sc, 6, &rf); 4235 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4236 rf |= (chan <= 14) ? 0x08 : 0x04; 4237 run_rt3070_rf_write(sc, 6, rf); 4238 4239 /* set PLL mode */ 4240 run_rt3070_rf_read(sc, 5, &rf); 4241 rf &= ~(0x08 | 0x04); 4242 rf |= (chan <= 14) ? 0x04 : 0x08; 4243 run_rt3070_rf_write(sc, 5, rf); 4244 4245 /* set Tx power for chain 0 */ 4246 if (chan <= 14) 4247 rf = 0x60 | txpow1; 4248 else 4249 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4250 run_rt3070_rf_write(sc, 12, rf); 4251 4252 /* set Tx power for chain 1 */ 4253 if (chan <= 14) 4254 rf = 0x60 | txpow2; 4255 else 4256 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4257 run_rt3070_rf_write(sc, 13, rf); 4258 4259 /* set Tx/Rx streams */ 4260 run_rt3070_rf_read(sc, 1, &rf); 4261 rf &= ~0xfc; 4262 if (sc->ntxchains == 1) 4263 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4264 else if (sc->ntxchains == 2) 4265 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4266 if (sc->nrxchains == 1) 4267 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4268 else if (sc->nrxchains == 2) 4269 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4270 run_rt3070_rf_write(sc, 1, rf); 4271 4272 /* set RF offset */ 4273 run_rt3070_rf_read(sc, 23, &rf); 4274 rf = (rf & ~0x7f) | sc->freq; 4275 run_rt3070_rf_write(sc, 23, rf); 4276 4277 /* program RF filter */ 4278 rf = sc->rf24_20mhz; 4279 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4280 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4281 4282 /* enable RF tuning */ 4283 run_rt3070_rf_read(sc, 7, &rf); 4284 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4285 run_rt3070_rf_write(sc, 7, rf); 4286 4287 /* TSSI */ 4288 rf = (chan <= 14) ? 0xc3 : 0xc0; 4289 run_rt3070_rf_write(sc, 9, rf); 4290 4291 /* set loop filter 1 */ 4292 run_rt3070_rf_write(sc, 10, 0xf1); 4293 /* set loop filter 2 */ 4294 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4295 4296 /* set tx_mx2_ic */ 4297 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4298 /* set tx_mx1_ic */ 4299 if (chan <= 14) 4300 rf = 0x48 | sc->txmixgain_2ghz; 4301 else 4302 rf = 0x78 | sc->txmixgain_5ghz; 4303 run_rt3070_rf_write(sc, 16, rf); 4304 4305 /* set tx_lo1 */ 4306 run_rt3070_rf_write(sc, 17, 0x23); 4307 /* set tx_lo2 */ 4308 if (chan <= 14) 4309 rf = 0x93; 4310 else if (chan <= 64) 4311 rf = 0xb7; 4312 else if (chan <= 128) 4313 rf = 0x74; 4314 else 4315 rf = 0x72; 4316 run_rt3070_rf_write(sc, 19, rf); 4317 4318 /* set rx_lo1 */ 4319 if (chan <= 14) 4320 rf = 0xb3; 4321 else if (chan <= 64) 4322 rf = 0xf6; 4323 else if (chan <= 128) 4324 rf = 0xf4; 4325 else 4326 rf = 0xf3; 4327 run_rt3070_rf_write(sc, 20, rf); 4328 4329 /* set pfd_delay */ 4330 if (chan <= 14) 4331 rf = 0x15; 4332 else if (chan <= 64) 4333 rf = 0x3d; 4334 else 4335 rf = 0x01; 4336 run_rt3070_rf_write(sc, 25, rf); 4337 4338 /* set rx_lo2 */ 4339 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4340 /* set ldo_rf_vc */ 4341 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4342 /* set drv_cc */ 4343 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4344 4345 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4346 tmp &= ~0x8080; 4347 if (chan <= 14) 4348 tmp |= 0x80; 4349 run_write(sc, RT2860_GPIO_CTRL, tmp); 4350 4351 /* enable RF tuning */ 4352 run_rt3070_rf_read(sc, 7, &rf); 4353 run_rt3070_rf_write(sc, 7, rf | 0x01); 4354 4355 run_delay(sc, 2); 4356 } 4357 4358 static void 4359 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4360 { 4361 int8_t txpow1, txpow2, txpow3; 4362 uint8_t h20mhz, rf; 4363 int i; 4364 4365 /* find the settings for this channel (we know it exists) */ 4366 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4367 4368 /* use Tx power values from EEPROM */ 4369 txpow1 = sc->txpow1[i]; 4370 txpow2 = sc->txpow2[i]; 4371 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4372 4373 if (chan <= 14) { 4374 run_bbp_write(sc, 25, sc->bbp25); 4375 run_bbp_write(sc, 26, sc->bbp26); 4376 } else { 4377 /* Enable IQ phase correction. */ 4378 run_bbp_write(sc, 25, 0x09); 4379 run_bbp_write(sc, 26, 0xff); 4380 } 4381 4382 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4383 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4384 run_rt3070_rf_read(sc, 11, &rf); 4385 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4386 run_rt3070_rf_write(sc, 11, rf); 4387 4388 /* Set pll_idoh. */ 4389 run_rt3070_rf_read(sc, 11, &rf); 4390 rf &= ~0x4c; 4391 rf |= (chan <= 14) ? 0x44 : 0x48; 4392 run_rt3070_rf_write(sc, 11, rf); 4393 4394 if (chan <= 14) 4395 rf = txpow1 & 0x1f; 4396 else 4397 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4398 run_rt3070_rf_write(sc, 53, rf); 4399 4400 if (chan <= 14) 4401 rf = txpow2 & 0x1f; 4402 else 4403 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4404 run_rt3070_rf_write(sc, 55, rf); 4405 4406 if (chan <= 14) 4407 rf = txpow3 & 0x1f; 4408 else 4409 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4410 run_rt3070_rf_write(sc, 54, rf); 4411 4412 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4413 if (sc->ntxchains == 3) 4414 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4415 else 4416 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4417 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4418 run_rt3070_rf_write(sc, 1, rf); 4419 4420 run_adjust_freq_offset(sc); 4421 4422 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4423 4424 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4425 run_rt3070_rf_read(sc, 30, &rf); 4426 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4427 run_rt3070_rf_write(sc, 30, rf); 4428 4429 run_rt3070_rf_read(sc, 36, &rf); 4430 if (chan <= 14) 4431 rf |= 0x80; 4432 else 4433 rf &= ~0x80; 4434 run_rt3070_rf_write(sc, 36, rf); 4435 4436 /* Set vcolo_bs. */ 4437 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4438 /* Set pfd_delay. */ 4439 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4440 4441 /* Set vco bias current control. */ 4442 run_rt3070_rf_read(sc, 6, &rf); 4443 rf &= ~0xc0; 4444 if (chan <= 14) 4445 rf |= 0x40; 4446 else if (chan <= 128) 4447 rf |= 0x80; 4448 else 4449 rf |= 0x40; 4450 run_rt3070_rf_write(sc, 6, rf); 4451 4452 run_rt3070_rf_read(sc, 30, &rf); 4453 rf = (rf & ~0x18) | 0x10; 4454 run_rt3070_rf_write(sc, 30, rf); 4455 4456 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4457 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4458 4459 run_rt3070_rf_read(sc, 51, &rf); 4460 rf = (rf & ~0x03) | 0x01; 4461 run_rt3070_rf_write(sc, 51, rf); 4462 /* Set tx_mx1_cc. */ 4463 run_rt3070_rf_read(sc, 51, &rf); 4464 rf &= ~0x1c; 4465 rf |= (chan <= 14) ? 0x14 : 0x10; 4466 run_rt3070_rf_write(sc, 51, rf); 4467 /* Set tx_mx1_ic. */ 4468 run_rt3070_rf_read(sc, 51, &rf); 4469 rf &= ~0xe0; 4470 rf |= (chan <= 14) ? 0x60 : 0x40; 4471 run_rt3070_rf_write(sc, 51, rf); 4472 /* Set tx_lo1_ic. */ 4473 run_rt3070_rf_read(sc, 49, &rf); 4474 rf &= ~0x1c; 4475 rf |= (chan <= 14) ? 0x0c : 0x08; 4476 run_rt3070_rf_write(sc, 49, rf); 4477 /* Set tx_lo1_en. */ 4478 run_rt3070_rf_read(sc, 50, &rf); 4479 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4480 /* Set drv_cc. */ 4481 run_rt3070_rf_read(sc, 57, &rf); 4482 rf &= ~0xfc; 4483 rf |= (chan <= 14) ? 0x6c : 0x3c; 4484 run_rt3070_rf_write(sc, 57, rf); 4485 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4486 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4487 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4488 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4489 /* Enable VCO calibration. */ 4490 run_rt3070_rf_read(sc, 3, &rf); 4491 rf &= ~RT5390_VCOCAL; 4492 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4493 run_rt3070_rf_write(sc, 3, rf); 4494 4495 if (chan <= 14) 4496 rf = 0x23; 4497 else if (chan <= 64) 4498 rf = 0x36; 4499 else if (chan <= 128) 4500 rf = 0x32; 4501 else 4502 rf = 0x30; 4503 run_rt3070_rf_write(sc, 39, rf); 4504 if (chan <= 14) 4505 rf = 0xbb; 4506 else if (chan <= 64) 4507 rf = 0xeb; 4508 else if (chan <= 128) 4509 rf = 0xb3; 4510 else 4511 rf = 0x9b; 4512 run_rt3070_rf_write(sc, 45, rf); 4513 4514 /* Set FEQ/AEQ control. */ 4515 run_bbp_write(sc, 105, 0x34); 4516 } 4517 4518 static void 4519 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4520 { 4521 int8_t txpow1, txpow2; 4522 uint8_t rf; 4523 int i; 4524 4525 /* find the settings for this channel (we know it exists) */ 4526 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4527 4528 /* use Tx power values from EEPROM */ 4529 txpow1 = sc->txpow1[i]; 4530 txpow2 = sc->txpow2[i]; 4531 4532 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4533 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4534 run_rt3070_rf_read(sc, 11, &rf); 4535 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4536 run_rt3070_rf_write(sc, 11, rf); 4537 4538 run_rt3070_rf_read(sc, 49, &rf); 4539 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4540 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4541 if ((rf & 0x3f) > 0x27) 4542 rf = (rf & ~0x3f) | 0x27; 4543 run_rt3070_rf_write(sc, 49, rf); 4544 4545 if (sc->mac_ver == 0x5392) { 4546 run_rt3070_rf_read(sc, 50, &rf); 4547 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4548 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4549 if ((rf & 0x3f) > 0x27) 4550 rf = (rf & ~0x3f) | 0x27; 4551 run_rt3070_rf_write(sc, 50, rf); 4552 } 4553 4554 run_rt3070_rf_read(sc, 1, &rf); 4555 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4556 if (sc->mac_ver == 0x5392) 4557 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4558 run_rt3070_rf_write(sc, 1, rf); 4559 4560 if (sc->mac_ver != 0x5392) { 4561 run_rt3070_rf_read(sc, 2, &rf); 4562 rf |= 0x80; 4563 run_rt3070_rf_write(sc, 2, rf); 4564 run_delay(sc, 10); 4565 rf &= 0x7f; 4566 run_rt3070_rf_write(sc, 2, rf); 4567 } 4568 4569 run_adjust_freq_offset(sc); 4570 4571 if (sc->mac_ver == 0x5392) { 4572 /* Fix for RT5392C. */ 4573 if (sc->mac_rev >= 0x0223) { 4574 if (chan <= 4) 4575 rf = 0x0f; 4576 else if (chan >= 5 && chan <= 7) 4577 rf = 0x0e; 4578 else 4579 rf = 0x0d; 4580 run_rt3070_rf_write(sc, 23, rf); 4581 4582 if (chan <= 4) 4583 rf = 0x0c; 4584 else if (chan == 5) 4585 rf = 0x0b; 4586 else if (chan >= 6 && chan <= 7) 4587 rf = 0x0a; 4588 else if (chan >= 8 && chan <= 10) 4589 rf = 0x09; 4590 else 4591 rf = 0x08; 4592 run_rt3070_rf_write(sc, 59, rf); 4593 } else { 4594 if (chan <= 11) 4595 rf = 0x0f; 4596 else 4597 rf = 0x0b; 4598 run_rt3070_rf_write(sc, 59, rf); 4599 } 4600 } else { 4601 /* Fix for RT5390F. */ 4602 if (sc->mac_rev >= 0x0502) { 4603 if (chan <= 11) 4604 rf = 0x43; 4605 else 4606 rf = 0x23; 4607 run_rt3070_rf_write(sc, 55, rf); 4608 4609 if (chan <= 11) 4610 rf = 0x0f; 4611 else if (chan == 12) 4612 rf = 0x0d; 4613 else 4614 rf = 0x0b; 4615 run_rt3070_rf_write(sc, 59, rf); 4616 } else { 4617 run_rt3070_rf_write(sc, 55, 0x44); 4618 run_rt3070_rf_write(sc, 59, 0x8f); 4619 } 4620 } 4621 4622 /* Enable VCO calibration. */ 4623 run_rt3070_rf_read(sc, 3, &rf); 4624 rf |= RT5390_VCOCAL; 4625 run_rt3070_rf_write(sc, 3, rf); 4626 } 4627 4628 static void 4629 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4630 { 4631 const struct rt5592_freqs *freqs; 4632 uint32_t tmp; 4633 uint8_t reg, rf, txpow_bound; 4634 int8_t txpow1, txpow2; 4635 int i; 4636 4637 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4638 freqs = (tmp & RT5592_SEL_XTAL) ? 4639 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4640 4641 /* find the settings for this channel (we know it exists) */ 4642 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4643 4644 /* use Tx power values from EEPROM */ 4645 txpow1 = sc->txpow1[i]; 4646 txpow2 = sc->txpow2[i]; 4647 4648 run_read(sc, RT3070_LDO_CFG0, &tmp); 4649 tmp &= ~0x1c000000; 4650 if (chan > 14) 4651 tmp |= 0x14000000; 4652 run_write(sc, RT3070_LDO_CFG0, tmp); 4653 4654 /* N setting. */ 4655 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4656 run_rt3070_rf_read(sc, 9, &rf); 4657 rf &= ~(1 << 4); 4658 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4659 run_rt3070_rf_write(sc, 9, rf); 4660 4661 /* K setting. */ 4662 run_rt3070_rf_read(sc, 9, &rf); 4663 rf &= ~0x0f; 4664 rf |= (freqs->k & 0x0f); 4665 run_rt3070_rf_write(sc, 9, rf); 4666 4667 /* Mode setting. */ 4668 run_rt3070_rf_read(sc, 11, &rf); 4669 rf &= ~0x0c; 4670 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4671 run_rt3070_rf_write(sc, 11, rf); 4672 run_rt3070_rf_read(sc, 9, &rf); 4673 rf &= ~(1 << 7); 4674 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4675 run_rt3070_rf_write(sc, 9, rf); 4676 4677 /* R setting. */ 4678 run_rt3070_rf_read(sc, 11, &rf); 4679 rf &= ~0x03; 4680 rf |= (freqs->r - 0x1); 4681 run_rt3070_rf_write(sc, 11, rf); 4682 4683 if (chan <= 14) { 4684 /* Initialize RF registers for 2GHZ. */ 4685 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4686 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4687 rt5592_2ghz_def_rf[i].val); 4688 } 4689 4690 rf = (chan <= 10) ? 0x07 : 0x06; 4691 run_rt3070_rf_write(sc, 23, rf); 4692 run_rt3070_rf_write(sc, 59, rf); 4693 4694 run_rt3070_rf_write(sc, 55, 0x43); 4695 4696 /* 4697 * RF R49/R50 Tx power ALC code. 4698 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4699 */ 4700 reg = 2; 4701 txpow_bound = 0x27; 4702 } else { 4703 /* Initialize RF registers for 5GHZ. */ 4704 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4705 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4706 rt5592_5ghz_def_rf[i].val); 4707 } 4708 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4709 if (chan >= rt5592_chan_5ghz[i].firstchan && 4710 chan <= rt5592_chan_5ghz[i].lastchan) { 4711 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4712 rt5592_chan_5ghz[i].val); 4713 } 4714 } 4715 4716 /* 4717 * RF R49/R50 Tx power ALC code. 4718 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4719 */ 4720 reg = 3; 4721 txpow_bound = 0x2b; 4722 } 4723 4724 /* RF R49 ch0 Tx power ALC code. */ 4725 run_rt3070_rf_read(sc, 49, &rf); 4726 rf &= ~0xc0; 4727 rf |= (reg << 6); 4728 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4729 if ((rf & 0x3f) > txpow_bound) 4730 rf = (rf & ~0x3f) | txpow_bound; 4731 run_rt3070_rf_write(sc, 49, rf); 4732 4733 /* RF R50 ch1 Tx power ALC code. */ 4734 run_rt3070_rf_read(sc, 50, &rf); 4735 rf &= ~(1 << 7 | 1 << 6); 4736 rf |= (reg << 6); 4737 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4738 if ((rf & 0x3f) > txpow_bound) 4739 rf = (rf & ~0x3f) | txpow_bound; 4740 run_rt3070_rf_write(sc, 50, rf); 4741 4742 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4743 run_rt3070_rf_read(sc, 1, &rf); 4744 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4745 if (sc->ntxchains > 1) 4746 rf |= RT3070_TX1_PD; 4747 if (sc->nrxchains > 1) 4748 rf |= RT3070_RX1_PD; 4749 run_rt3070_rf_write(sc, 1, rf); 4750 4751 run_rt3070_rf_write(sc, 6, 0xe4); 4752 4753 run_rt3070_rf_write(sc, 30, 0x10); 4754 run_rt3070_rf_write(sc, 31, 0x80); 4755 run_rt3070_rf_write(sc, 32, 0x80); 4756 4757 run_adjust_freq_offset(sc); 4758 4759 /* Enable VCO calibration. */ 4760 run_rt3070_rf_read(sc, 3, &rf); 4761 rf |= RT5390_VCOCAL; 4762 run_rt3070_rf_write(sc, 3, rf); 4763 } 4764 4765 static void 4766 run_set_rx_antenna(struct run_softc *sc, int aux) 4767 { 4768 uint32_t tmp; 4769 uint8_t bbp152; 4770 4771 if (aux) { 4772 if (sc->rf_rev == RT5390_RF_5370) { 4773 run_bbp_read(sc, 152, &bbp152); 4774 run_bbp_write(sc, 152, bbp152 & ~0x80); 4775 } else { 4776 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4777 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4778 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4779 } 4780 } else { 4781 if (sc->rf_rev == RT5390_RF_5370) { 4782 run_bbp_read(sc, 152, &bbp152); 4783 run_bbp_write(sc, 152, bbp152 | 0x80); 4784 } else { 4785 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4786 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4787 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4788 } 4789 } 4790 } 4791 4792 static int 4793 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4794 { 4795 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4796 u_int chan, group; 4797 4798 chan = ieee80211_chan2ieee(ic, c); 4799 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4800 return (EINVAL); 4801 4802 if (sc->mac_ver == 0x5592) 4803 run_rt5592_set_chan(sc, chan); 4804 else if (sc->mac_ver >= 0x5390) 4805 run_rt5390_set_chan(sc, chan); 4806 else if (sc->mac_ver == 0x3593) 4807 run_rt3593_set_chan(sc, chan); 4808 else if (sc->mac_ver == 0x3572) 4809 run_rt3572_set_chan(sc, chan); 4810 else if (sc->mac_ver >= 0x3070) 4811 run_rt3070_set_chan(sc, chan); 4812 else 4813 run_rt2870_set_chan(sc, chan); 4814 4815 /* determine channel group */ 4816 if (chan <= 14) 4817 group = 0; 4818 else if (chan <= 64) 4819 group = 1; 4820 else if (chan <= 128) 4821 group = 2; 4822 else 4823 group = 3; 4824 4825 /* XXX necessary only when group has changed! */ 4826 run_select_chan_group(sc, group); 4827 4828 run_delay(sc, 10); 4829 4830 /* Perform IQ calibration. */ 4831 if (sc->mac_ver >= 0x5392) 4832 run_iq_calib(sc, chan); 4833 4834 return (0); 4835 } 4836 4837 static void 4838 run_set_channel(struct ieee80211com *ic) 4839 { 4840 struct run_softc *sc = ic->ic_ifp->if_softc; 4841 4842 RUN_LOCK(sc); 4843 run_set_chan(sc, ic->ic_curchan); 4844 RUN_UNLOCK(sc); 4845 4846 return; 4847 } 4848 4849 static void 4850 run_scan_start(struct ieee80211com *ic) 4851 { 4852 struct run_softc *sc = ic->ic_ifp->if_softc; 4853 uint32_t tmp; 4854 4855 RUN_LOCK(sc); 4856 4857 /* abort TSF synchronization */ 4858 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4859 run_write(sc, RT2860_BCN_TIME_CFG, 4860 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4861 RT2860_TBTT_TIMER_EN)); 4862 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4863 4864 RUN_UNLOCK(sc); 4865 4866 return; 4867 } 4868 4869 static void 4870 run_scan_end(struct ieee80211com *ic) 4871 { 4872 struct run_softc *sc = ic->ic_ifp->if_softc; 4873 4874 RUN_LOCK(sc); 4875 4876 run_enable_tsf_sync(sc); 4877 /* XXX keep local copy */ 4878 run_set_bssid(sc, sc->sc_bssid); 4879 4880 RUN_UNLOCK(sc); 4881 4882 return; 4883 } 4884 4885 /* 4886 * Could be called from ieee80211_node_timeout() 4887 * (non-sleepable thread) 4888 */ 4889 static void 4890 run_update_beacon(struct ieee80211vap *vap, int item) 4891 { 4892 struct ieee80211com *ic = vap->iv_ic; 4893 struct run_softc *sc = ic->ic_ifp->if_softc; 4894 struct run_vap *rvp = RUN_VAP(vap); 4895 int mcast = 0; 4896 uint32_t i; 4897 4898 KASSERT(vap != NULL, ("no beacon")); 4899 4900 switch (item) { 4901 case IEEE80211_BEACON_ERP: 4902 run_updateslot(ic->ic_ifp); 4903 break; 4904 case IEEE80211_BEACON_HTINFO: 4905 run_updateprot(ic); 4906 break; 4907 case IEEE80211_BEACON_TIM: 4908 mcast = 1; /*TODO*/ 4909 break; 4910 default: 4911 break; 4912 } 4913 4914 setbit(rvp->bo.bo_flags, item); 4915 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4916 4917 i = RUN_CMDQ_GET(&sc->cmdq_store); 4918 DPRINTF("cmdq_store=%d\n", i); 4919 sc->cmdq[i].func = run_update_beacon_cb; 4920 sc->cmdq[i].arg0 = vap; 4921 ieee80211_runtask(ic, &sc->cmdq_task); 4922 4923 return; 4924 } 4925 4926 static void 4927 run_update_beacon_cb(void *arg) 4928 { 4929 struct ieee80211vap *vap = arg; 4930 struct run_vap *rvp = RUN_VAP(vap); 4931 struct ieee80211com *ic = vap->iv_ic; 4932 struct run_softc *sc = ic->ic_ifp->if_softc; 4933 struct rt2860_txwi txwi; 4934 struct mbuf *m; 4935 uint16_t txwisize; 4936 uint8_t ridx; 4937 4938 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4939 return; 4940 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4941 return; 4942 4943 /* 4944 * No need to call ieee80211_beacon_update(), run_update_beacon() 4945 * is taking care of apropriate calls. 4946 */ 4947 if (rvp->beacon_mbuf == NULL) { 4948 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4949 &rvp->bo); 4950 if (rvp->beacon_mbuf == NULL) 4951 return; 4952 } 4953 m = rvp->beacon_mbuf; 4954 4955 memset(&txwi, 0, sizeof(txwi)); 4956 txwi.wcid = 0xff; 4957 txwi.len = htole16(m->m_pkthdr.len); 4958 4959 /* send beacons at the lowest available rate */ 4960 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4961 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4962 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4963 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4964 txwi.phy |= htole16(RT2860_PHY_OFDM); 4965 txwi.txop = RT2860_TX_TXOP_HT; 4966 txwi.flags = RT2860_TX_TS; 4967 txwi.xflags = RT2860_TX_NSEQ; 4968 4969 txwisize = (sc->mac_ver == 0x5592) ? 4970 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4971 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4972 txwisize); 4973 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4974 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4975 } 4976 4977 static void 4978 run_updateprot(struct ieee80211com *ic) 4979 { 4980 struct run_softc *sc = ic->ic_ifp->if_softc; 4981 uint32_t i; 4982 4983 i = RUN_CMDQ_GET(&sc->cmdq_store); 4984 DPRINTF("cmdq_store=%d\n", i); 4985 sc->cmdq[i].func = run_updateprot_cb; 4986 sc->cmdq[i].arg0 = ic; 4987 ieee80211_runtask(ic, &sc->cmdq_task); 4988 } 4989 4990 static void 4991 run_updateprot_cb(void *arg) 4992 { 4993 struct ieee80211com *ic = arg; 4994 struct run_softc *sc = ic->ic_ifp->if_softc; 4995 uint32_t tmp; 4996 4997 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4998 /* setup protection frame rate (MCS code) */ 4999 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5000 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 5001 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5002 5003 /* CCK frames don't require protection */ 5004 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5005 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5006 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5007 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5008 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5009 tmp |= RT2860_PROT_CTRL_CTS; 5010 } 5011 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5012 } 5013 5014 static void 5015 run_usb_timeout_cb(void *arg) 5016 { 5017 struct ieee80211vap *vap = arg; 5018 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 5019 5020 RUN_LOCK_ASSERT(sc, MA_OWNED); 5021 5022 if(vap->iv_state == IEEE80211_S_RUN && 5023 vap->iv_opmode != IEEE80211_M_STA) 5024 run_reset_livelock(sc); 5025 else if (vap->iv_state == IEEE80211_S_SCAN) { 5026 DPRINTF("timeout caused by scan\n"); 5027 /* cancel bgscan */ 5028 ieee80211_cancel_scan(vap); 5029 } else 5030 DPRINTF("timeout by unknown cause\n"); 5031 } 5032 5033 static void 5034 run_reset_livelock(struct run_softc *sc) 5035 { 5036 uint32_t tmp; 5037 5038 RUN_LOCK_ASSERT(sc, MA_OWNED); 5039 5040 /* 5041 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5042 * can run into a livelock and start sending CTS-to-self frames like 5043 * crazy if protection is enabled. Reset MAC/BBP for a while 5044 */ 5045 run_read(sc, RT2860_DEBUG, &tmp); 5046 DPRINTFN(3, "debug reg %08x\n", tmp); 5047 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5048 DPRINTF("CTS-to-self livelock detected\n"); 5049 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5050 run_delay(sc, 1); 5051 run_write(sc, RT2860_MAC_SYS_CTRL, 5052 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5053 } 5054 } 5055 5056 static void 5057 run_update_promisc_locked(struct ifnet *ifp) 5058 { 5059 struct run_softc *sc = ifp->if_softc; 5060 uint32_t tmp; 5061 5062 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5063 5064 tmp |= RT2860_DROP_UC_NOME; 5065 if (ifp->if_flags & IFF_PROMISC) 5066 tmp &= ~RT2860_DROP_UC_NOME; 5067 5068 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5069 5070 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 5071 "entering" : "leaving"); 5072 } 5073 5074 static void 5075 run_update_promisc(struct ifnet *ifp) 5076 { 5077 struct run_softc *sc = ifp->if_softc; 5078 5079 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 5080 return; 5081 5082 RUN_LOCK(sc); 5083 run_update_promisc_locked(ifp); 5084 RUN_UNLOCK(sc); 5085 } 5086 5087 static void 5088 run_enable_tsf_sync(struct run_softc *sc) 5089 { 5090 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5091 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5092 uint32_t tmp; 5093 5094 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5095 ic->ic_opmode); 5096 5097 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5098 tmp &= ~0x1fffff; 5099 tmp |= vap->iv_bss->ni_intval * 16; 5100 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5101 5102 if (ic->ic_opmode == IEEE80211_M_STA) { 5103 /* 5104 * Local TSF is always updated with remote TSF on beacon 5105 * reception. 5106 */ 5107 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5108 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5109 tmp |= RT2860_BCN_TX_EN; 5110 /* 5111 * Local TSF is updated with remote TSF on beacon reception 5112 * only if the remote TSF is greater than local TSF. 5113 */ 5114 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5115 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5116 ic->ic_opmode == IEEE80211_M_MBSS) { 5117 tmp |= RT2860_BCN_TX_EN; 5118 /* SYNC with nobody */ 5119 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5120 } else { 5121 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5122 return; 5123 } 5124 5125 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5126 } 5127 5128 static void 5129 run_enable_mrr(struct run_softc *sc) 5130 { 5131 #define CCK(mcs) (mcs) 5132 #define OFDM(mcs) (1 << 3 | (mcs)) 5133 run_write(sc, RT2860_LG_FBK_CFG0, 5134 OFDM(6) << 28 | /* 54->48 */ 5135 OFDM(5) << 24 | /* 48->36 */ 5136 OFDM(4) << 20 | /* 36->24 */ 5137 OFDM(3) << 16 | /* 24->18 */ 5138 OFDM(2) << 12 | /* 18->12 */ 5139 OFDM(1) << 8 | /* 12-> 9 */ 5140 OFDM(0) << 4 | /* 9-> 6 */ 5141 OFDM(0)); /* 6-> 6 */ 5142 5143 run_write(sc, RT2860_LG_FBK_CFG1, 5144 CCK(2) << 12 | /* 11->5.5 */ 5145 CCK(1) << 8 | /* 5.5-> 2 */ 5146 CCK(0) << 4 | /* 2-> 1 */ 5147 CCK(0)); /* 1-> 1 */ 5148 #undef OFDM 5149 #undef CCK 5150 } 5151 5152 static void 5153 run_set_txpreamble(struct run_softc *sc) 5154 { 5155 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5156 uint32_t tmp; 5157 5158 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5159 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5160 tmp |= RT2860_CCK_SHORT_EN; 5161 else 5162 tmp &= ~RT2860_CCK_SHORT_EN; 5163 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5164 } 5165 5166 static void 5167 run_set_basicrates(struct run_softc *sc) 5168 { 5169 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5170 5171 /* set basic rates mask */ 5172 if (ic->ic_curmode == IEEE80211_MODE_11B) 5173 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5174 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5175 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5176 else /* 11g */ 5177 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5178 } 5179 5180 static void 5181 run_set_leds(struct run_softc *sc, uint16_t which) 5182 { 5183 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5184 which | (sc->leds & 0x7f)); 5185 } 5186 5187 static void 5188 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5189 { 5190 run_write(sc, RT2860_MAC_BSSID_DW0, 5191 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5192 run_write(sc, RT2860_MAC_BSSID_DW1, 5193 bssid[4] | bssid[5] << 8); 5194 } 5195 5196 static void 5197 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5198 { 5199 run_write(sc, RT2860_MAC_ADDR_DW0, 5200 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5201 run_write(sc, RT2860_MAC_ADDR_DW1, 5202 addr[4] | addr[5] << 8 | 0xff << 16); 5203 } 5204 5205 static void 5206 run_updateslot(struct ifnet *ifp) 5207 { 5208 struct run_softc *sc = ifp->if_softc; 5209 struct ieee80211com *ic = ifp->if_l2com; 5210 uint32_t i; 5211 5212 i = RUN_CMDQ_GET(&sc->cmdq_store); 5213 DPRINTF("cmdq_store=%d\n", i); 5214 sc->cmdq[i].func = run_updateslot_cb; 5215 sc->cmdq[i].arg0 = ifp; 5216 ieee80211_runtask(ic, &sc->cmdq_task); 5217 5218 return; 5219 } 5220 5221 /* ARGSUSED */ 5222 static void 5223 run_updateslot_cb(void *arg) 5224 { 5225 struct ifnet *ifp = arg; 5226 struct run_softc *sc = ifp->if_softc; 5227 struct ieee80211com *ic = ifp->if_l2com; 5228 uint32_t tmp; 5229 5230 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5231 tmp &= ~0xff; 5232 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5233 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5234 } 5235 5236 static void 5237 run_update_mcast(struct ifnet *ifp) 5238 { 5239 /* h/w filter supports getting everything or nothing */ 5240 ifp->if_flags |= IFF_ALLMULTI; 5241 } 5242 5243 static int8_t 5244 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5245 { 5246 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5247 struct ieee80211_channel *c = ic->ic_curchan; 5248 int delta; 5249 5250 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5251 u_int chan = ieee80211_chan2ieee(ic, c); 5252 delta = sc->rssi_5ghz[rxchain]; 5253 5254 /* determine channel group */ 5255 if (chan <= 64) 5256 delta -= sc->lna[1]; 5257 else if (chan <= 128) 5258 delta -= sc->lna[2]; 5259 else 5260 delta -= sc->lna[3]; 5261 } else 5262 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5263 5264 return (-12 - delta - rssi); 5265 } 5266 5267 static void 5268 run_rt5390_bbp_init(struct run_softc *sc) 5269 { 5270 int i; 5271 uint8_t bbp; 5272 5273 /* Apply maximum likelihood detection for 2 stream case. */ 5274 run_bbp_read(sc, 105, &bbp); 5275 if (sc->nrxchains > 1) 5276 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5277 5278 /* Avoid data lost and CRC error. */ 5279 run_bbp_read(sc, 4, &bbp); 5280 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5281 5282 if (sc->mac_ver == 0x5592) { 5283 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5284 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5285 rt5592_def_bbp[i].val); 5286 } 5287 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5288 run_bbp_write(sc, 195, i + 0x80); 5289 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5290 } 5291 } else { 5292 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5293 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5294 rt5390_def_bbp[i].val); 5295 } 5296 } 5297 if (sc->mac_ver == 0x5392) { 5298 run_bbp_write(sc, 88, 0x90); 5299 run_bbp_write(sc, 95, 0x9a); 5300 run_bbp_write(sc, 98, 0x12); 5301 run_bbp_write(sc, 106, 0x12); 5302 run_bbp_write(sc, 134, 0xd0); 5303 run_bbp_write(sc, 135, 0xf6); 5304 run_bbp_write(sc, 148, 0x84); 5305 } 5306 5307 run_bbp_read(sc, 152, &bbp); 5308 run_bbp_write(sc, 152, bbp | 0x80); 5309 5310 /* Fix BBP254 for RT5592C. */ 5311 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5312 run_bbp_read(sc, 254, &bbp); 5313 run_bbp_write(sc, 254, bbp | 0x80); 5314 } 5315 5316 /* Disable hardware antenna diversity. */ 5317 if (sc->mac_ver == 0x5390) 5318 run_bbp_write(sc, 154, 0); 5319 5320 /* Initialize Rx CCK/OFDM frequency offset report. */ 5321 run_bbp_write(sc, 142, 1); 5322 run_bbp_write(sc, 143, 57); 5323 } 5324 5325 static int 5326 run_bbp_init(struct run_softc *sc) 5327 { 5328 int i, error, ntries; 5329 uint8_t bbp0; 5330 5331 /* wait for BBP to wake up */ 5332 for (ntries = 0; ntries < 20; ntries++) { 5333 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5334 return error; 5335 if (bbp0 != 0 && bbp0 != 0xff) 5336 break; 5337 } 5338 if (ntries == 20) 5339 return (ETIMEDOUT); 5340 5341 /* initialize BBP registers to default values */ 5342 if (sc->mac_ver >= 0x5390) 5343 run_rt5390_bbp_init(sc); 5344 else { 5345 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5346 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5347 rt2860_def_bbp[i].val); 5348 } 5349 } 5350 5351 if (sc->mac_ver == 0x3593) { 5352 run_bbp_write(sc, 79, 0x13); 5353 run_bbp_write(sc, 80, 0x05); 5354 run_bbp_write(sc, 81, 0x33); 5355 run_bbp_write(sc, 86, 0x46); 5356 run_bbp_write(sc, 137, 0x0f); 5357 } 5358 5359 /* fix BBP84 for RT2860E */ 5360 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5361 run_bbp_write(sc, 84, 0x19); 5362 5363 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5364 sc->mac_ver != 0x5592)) { 5365 run_bbp_write(sc, 79, 0x13); 5366 run_bbp_write(sc, 80, 0x05); 5367 run_bbp_write(sc, 81, 0x33); 5368 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5369 run_bbp_write(sc, 69, 0x16); 5370 run_bbp_write(sc, 73, 0x12); 5371 } 5372 return (0); 5373 } 5374 5375 static int 5376 run_rt3070_rf_init(struct run_softc *sc) 5377 { 5378 uint32_t tmp; 5379 uint8_t bbp4, mingain, rf, target; 5380 int i; 5381 5382 run_rt3070_rf_read(sc, 30, &rf); 5383 /* toggle RF R30 bit 7 */ 5384 run_rt3070_rf_write(sc, 30, rf | 0x80); 5385 run_delay(sc, 10); 5386 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5387 5388 /* initialize RF registers to default value */ 5389 if (sc->mac_ver == 0x3572) { 5390 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5391 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5392 rt3572_def_rf[i].val); 5393 } 5394 } else { 5395 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5396 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5397 rt3070_def_rf[i].val); 5398 } 5399 } 5400 5401 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5402 /* 5403 * Change voltage from 1.2V to 1.35V for RT3070. 5404 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5405 * in RT3070(F). 5406 */ 5407 run_read(sc, RT3070_LDO_CFG0, &tmp); 5408 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5409 run_write(sc, RT3070_LDO_CFG0, tmp); 5410 5411 } else if (sc->mac_ver == 0x3071) { 5412 run_rt3070_rf_read(sc, 6, &rf); 5413 run_rt3070_rf_write(sc, 6, rf | 0x40); 5414 run_rt3070_rf_write(sc, 31, 0x14); 5415 5416 run_read(sc, RT3070_LDO_CFG0, &tmp); 5417 tmp &= ~0x1f000000; 5418 if (sc->mac_rev < 0x0211) 5419 tmp |= 0x0d000000; /* 1.3V */ 5420 else 5421 tmp |= 0x01000000; /* 1.2V */ 5422 run_write(sc, RT3070_LDO_CFG0, tmp); 5423 5424 /* patch LNA_PE_G1 */ 5425 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5426 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5427 5428 } else if (sc->mac_ver == 0x3572) { 5429 run_rt3070_rf_read(sc, 6, &rf); 5430 run_rt3070_rf_write(sc, 6, rf | 0x40); 5431 5432 /* increase voltage from 1.2V to 1.35V */ 5433 run_read(sc, RT3070_LDO_CFG0, &tmp); 5434 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5435 run_write(sc, RT3070_LDO_CFG0, tmp); 5436 5437 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5438 run_delay(sc, 1); /* wait for 1msec */ 5439 /* decrease voltage back to 1.2V */ 5440 tmp = (tmp & ~0x1f000000) | 0x01000000; 5441 run_write(sc, RT3070_LDO_CFG0, tmp); 5442 } 5443 } 5444 5445 /* select 20MHz bandwidth */ 5446 run_rt3070_rf_read(sc, 31, &rf); 5447 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5448 5449 /* calibrate filter for 20MHz bandwidth */ 5450 sc->rf24_20mhz = 0x1f; /* default value */ 5451 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5452 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5453 5454 /* select 40MHz bandwidth */ 5455 run_bbp_read(sc, 4, &bbp4); 5456 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5457 run_rt3070_rf_read(sc, 31, &rf); 5458 run_rt3070_rf_write(sc, 31, rf | 0x20); 5459 5460 /* calibrate filter for 40MHz bandwidth */ 5461 sc->rf24_40mhz = 0x2f; /* default value */ 5462 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5463 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5464 5465 /* go back to 20MHz bandwidth */ 5466 run_bbp_read(sc, 4, &bbp4); 5467 run_bbp_write(sc, 4, bbp4 & ~0x18); 5468 5469 if (sc->mac_ver == 0x3572) { 5470 /* save default BBP registers 25 and 26 values */ 5471 run_bbp_read(sc, 25, &sc->bbp25); 5472 run_bbp_read(sc, 26, &sc->bbp26); 5473 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5474 run_rt3070_rf_write(sc, 27, 0x03); 5475 5476 run_read(sc, RT3070_OPT_14, &tmp); 5477 run_write(sc, RT3070_OPT_14, tmp | 1); 5478 5479 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5480 run_rt3070_rf_read(sc, 17, &rf); 5481 rf &= ~RT3070_TX_LO1; 5482 if ((sc->mac_ver == 0x3070 || 5483 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5484 !sc->ext_2ghz_lna) 5485 rf |= 0x20; /* fix for long range Rx issue */ 5486 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5487 if (sc->txmixgain_2ghz >= mingain) 5488 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5489 run_rt3070_rf_write(sc, 17, rf); 5490 } 5491 5492 if (sc->mac_rev == 0x3071) { 5493 run_rt3070_rf_read(sc, 1, &rf); 5494 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5495 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5496 run_rt3070_rf_write(sc, 1, rf); 5497 5498 run_rt3070_rf_read(sc, 15, &rf); 5499 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5500 5501 run_rt3070_rf_read(sc, 20, &rf); 5502 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5503 5504 run_rt3070_rf_read(sc, 21, &rf); 5505 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5506 } 5507 5508 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5509 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5510 run_rt3070_rf_read(sc, 27, &rf); 5511 rf &= ~0x77; 5512 if (sc->mac_rev < 0x0211) 5513 rf |= 0x03; 5514 run_rt3070_rf_write(sc, 27, rf); 5515 } 5516 return (0); 5517 } 5518 5519 static void 5520 run_rt3593_rf_init(struct run_softc *sc) 5521 { 5522 uint32_t tmp; 5523 uint8_t rf; 5524 int i; 5525 5526 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5527 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5528 tmp &= ~(1 << 4 | 1 << 7); 5529 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5530 5531 /* Initialize RF registers to default value. */ 5532 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5533 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5534 rt3593_def_rf[i].val); 5535 } 5536 5537 /* Toggle RF R2 to initiate calibration. */ 5538 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5539 5540 /* Initialize RF frequency offset. */ 5541 run_adjust_freq_offset(sc); 5542 5543 run_rt3070_rf_read(sc, 18, &rf); 5544 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5545 5546 /* 5547 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5548 * decrease voltage back to 1.2V. 5549 */ 5550 run_read(sc, RT3070_LDO_CFG0, &tmp); 5551 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5552 run_write(sc, RT3070_LDO_CFG0, tmp); 5553 run_delay(sc, 1); 5554 tmp = (tmp & ~0x1f000000) | 0x01000000; 5555 run_write(sc, RT3070_LDO_CFG0, tmp); 5556 5557 sc->rf24_20mhz = 0x1f; 5558 sc->rf24_40mhz = 0x2f; 5559 5560 /* Save default BBP registers 25 and 26 values. */ 5561 run_bbp_read(sc, 25, &sc->bbp25); 5562 run_bbp_read(sc, 26, &sc->bbp26); 5563 5564 run_read(sc, RT3070_OPT_14, &tmp); 5565 run_write(sc, RT3070_OPT_14, tmp | 1); 5566 } 5567 5568 static void 5569 run_rt5390_rf_init(struct run_softc *sc) 5570 { 5571 uint32_t tmp; 5572 uint8_t rf; 5573 int i; 5574 5575 /* Toggle RF R2 to initiate calibration. */ 5576 if (sc->mac_ver == 0x5390) { 5577 run_rt3070_rf_read(sc, 2, &rf); 5578 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5579 run_delay(sc, 10); 5580 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5581 } else { 5582 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5583 run_delay(sc, 10); 5584 } 5585 5586 /* Initialize RF registers to default value. */ 5587 if (sc->mac_ver == 0x5592) { 5588 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5589 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5590 rt5592_def_rf[i].val); 5591 } 5592 /* Initialize RF frequency offset. */ 5593 run_adjust_freq_offset(sc); 5594 } else if (sc->mac_ver == 0x5392) { 5595 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5596 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5597 rt5392_def_rf[i].val); 5598 } 5599 if (sc->mac_rev >= 0x0223) { 5600 run_rt3070_rf_write(sc, 23, 0x0f); 5601 run_rt3070_rf_write(sc, 24, 0x3e); 5602 run_rt3070_rf_write(sc, 51, 0x32); 5603 run_rt3070_rf_write(sc, 53, 0x22); 5604 run_rt3070_rf_write(sc, 56, 0xc1); 5605 run_rt3070_rf_write(sc, 59, 0x0f); 5606 } 5607 } else { 5608 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5609 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5610 rt5390_def_rf[i].val); 5611 } 5612 if (sc->mac_rev >= 0x0502) { 5613 run_rt3070_rf_write(sc, 6, 0xe0); 5614 run_rt3070_rf_write(sc, 25, 0x80); 5615 run_rt3070_rf_write(sc, 46, 0x73); 5616 run_rt3070_rf_write(sc, 53, 0x00); 5617 run_rt3070_rf_write(sc, 56, 0x42); 5618 run_rt3070_rf_write(sc, 61, 0xd1); 5619 } 5620 } 5621 5622 sc->rf24_20mhz = 0x1f; /* default value */ 5623 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5624 5625 if (sc->mac_rev < 0x0211) 5626 run_rt3070_rf_write(sc, 27, 0x3); 5627 5628 run_read(sc, RT3070_OPT_14, &tmp); 5629 run_write(sc, RT3070_OPT_14, tmp | 1); 5630 } 5631 5632 static int 5633 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5634 uint8_t *val) 5635 { 5636 uint8_t rf22, rf24; 5637 uint8_t bbp55_pb, bbp55_sb, delta; 5638 int ntries; 5639 5640 /* program filter */ 5641 run_rt3070_rf_read(sc, 24, &rf24); 5642 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5643 run_rt3070_rf_write(sc, 24, rf24); 5644 5645 /* enable baseband loopback mode */ 5646 run_rt3070_rf_read(sc, 22, &rf22); 5647 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5648 5649 /* set power and frequency of passband test tone */ 5650 run_bbp_write(sc, 24, 0x00); 5651 for (ntries = 0; ntries < 100; ntries++) { 5652 /* transmit test tone */ 5653 run_bbp_write(sc, 25, 0x90); 5654 run_delay(sc, 10); 5655 /* read received power */ 5656 run_bbp_read(sc, 55, &bbp55_pb); 5657 if (bbp55_pb != 0) 5658 break; 5659 } 5660 if (ntries == 100) 5661 return (ETIMEDOUT); 5662 5663 /* set power and frequency of stopband test tone */ 5664 run_bbp_write(sc, 24, 0x06); 5665 for (ntries = 0; ntries < 100; ntries++) { 5666 /* transmit test tone */ 5667 run_bbp_write(sc, 25, 0x90); 5668 run_delay(sc, 10); 5669 /* read received power */ 5670 run_bbp_read(sc, 55, &bbp55_sb); 5671 5672 delta = bbp55_pb - bbp55_sb; 5673 if (delta > target) 5674 break; 5675 5676 /* reprogram filter */ 5677 rf24++; 5678 run_rt3070_rf_write(sc, 24, rf24); 5679 } 5680 if (ntries < 100) { 5681 if (rf24 != init) 5682 rf24--; /* backtrack */ 5683 *val = rf24; 5684 run_rt3070_rf_write(sc, 24, rf24); 5685 } 5686 5687 /* restore initial state */ 5688 run_bbp_write(sc, 24, 0x00); 5689 5690 /* disable baseband loopback mode */ 5691 run_rt3070_rf_read(sc, 22, &rf22); 5692 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5693 5694 return (0); 5695 } 5696 5697 static void 5698 run_rt3070_rf_setup(struct run_softc *sc) 5699 { 5700 uint8_t bbp, rf; 5701 int i; 5702 5703 if (sc->mac_ver == 0x3572) { 5704 /* enable DC filter */ 5705 if (sc->mac_rev >= 0x0201) 5706 run_bbp_write(sc, 103, 0xc0); 5707 5708 run_bbp_read(sc, 138, &bbp); 5709 if (sc->ntxchains == 1) 5710 bbp |= 0x20; /* turn off DAC1 */ 5711 if (sc->nrxchains == 1) 5712 bbp &= ~0x02; /* turn off ADC1 */ 5713 run_bbp_write(sc, 138, bbp); 5714 5715 if (sc->mac_rev >= 0x0211) { 5716 /* improve power consumption */ 5717 run_bbp_read(sc, 31, &bbp); 5718 run_bbp_write(sc, 31, bbp & ~0x03); 5719 } 5720 5721 run_rt3070_rf_read(sc, 16, &rf); 5722 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5723 run_rt3070_rf_write(sc, 16, rf); 5724 5725 } else if (sc->mac_ver == 0x3071) { 5726 if (sc->mac_rev >= 0x0211) { 5727 /* enable DC filter */ 5728 run_bbp_write(sc, 103, 0xc0); 5729 5730 /* improve power consumption */ 5731 run_bbp_read(sc, 31, &bbp); 5732 run_bbp_write(sc, 31, bbp & ~0x03); 5733 } 5734 5735 run_bbp_read(sc, 138, &bbp); 5736 if (sc->ntxchains == 1) 5737 bbp |= 0x20; /* turn off DAC1 */ 5738 if (sc->nrxchains == 1) 5739 bbp &= ~0x02; /* turn off ADC1 */ 5740 run_bbp_write(sc, 138, bbp); 5741 5742 run_write(sc, RT2860_TX_SW_CFG1, 0); 5743 if (sc->mac_rev < 0x0211) { 5744 run_write(sc, RT2860_TX_SW_CFG2, 5745 sc->patch_dac ? 0x2c : 0x0f); 5746 } else 5747 run_write(sc, RT2860_TX_SW_CFG2, 0); 5748 5749 } else if (sc->mac_ver == 0x3070) { 5750 if (sc->mac_rev >= 0x0201) { 5751 /* enable DC filter */ 5752 run_bbp_write(sc, 103, 0xc0); 5753 5754 /* improve power consumption */ 5755 run_bbp_read(sc, 31, &bbp); 5756 run_bbp_write(sc, 31, bbp & ~0x03); 5757 } 5758 5759 if (sc->mac_rev < 0x0201) { 5760 run_write(sc, RT2860_TX_SW_CFG1, 0); 5761 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5762 } else 5763 run_write(sc, RT2860_TX_SW_CFG2, 0); 5764 } 5765 5766 /* initialize RF registers from ROM for >=RT3071*/ 5767 if (sc->mac_ver >= 0x3071) { 5768 for (i = 0; i < 10; i++) { 5769 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5770 continue; 5771 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5772 } 5773 } 5774 } 5775 5776 static void 5777 run_rt3593_rf_setup(struct run_softc *sc) 5778 { 5779 uint8_t bbp, rf; 5780 5781 if (sc->mac_rev >= 0x0211) { 5782 /* Enable DC filter. */ 5783 run_bbp_write(sc, 103, 0xc0); 5784 } 5785 run_write(sc, RT2860_TX_SW_CFG1, 0); 5786 if (sc->mac_rev < 0x0211) { 5787 run_write(sc, RT2860_TX_SW_CFG2, 5788 sc->patch_dac ? 0x2c : 0x0f); 5789 } else 5790 run_write(sc, RT2860_TX_SW_CFG2, 0); 5791 5792 run_rt3070_rf_read(sc, 50, &rf); 5793 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5794 5795 run_rt3070_rf_read(sc, 51, &rf); 5796 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5797 ((sc->txmixgain_2ghz & 0x07) << 2); 5798 run_rt3070_rf_write(sc, 51, rf); 5799 5800 run_rt3070_rf_read(sc, 38, &rf); 5801 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5802 5803 run_rt3070_rf_read(sc, 39, &rf); 5804 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5805 5806 run_rt3070_rf_read(sc, 1, &rf); 5807 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5808 5809 run_rt3070_rf_read(sc, 30, &rf); 5810 rf = (rf & ~0x18) | 0x10; 5811 run_rt3070_rf_write(sc, 30, rf); 5812 5813 /* Apply maximum likelihood detection for 2 stream case. */ 5814 run_bbp_read(sc, 105, &bbp); 5815 if (sc->nrxchains > 1) 5816 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5817 5818 /* Avoid data lost and CRC error. */ 5819 run_bbp_read(sc, 4, &bbp); 5820 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5821 5822 run_bbp_write(sc, 92, 0x02); 5823 run_bbp_write(sc, 82, 0x82); 5824 run_bbp_write(sc, 106, 0x05); 5825 run_bbp_write(sc, 104, 0x92); 5826 run_bbp_write(sc, 88, 0x90); 5827 run_bbp_write(sc, 148, 0xc8); 5828 run_bbp_write(sc, 47, 0x48); 5829 run_bbp_write(sc, 120, 0x50); 5830 5831 run_bbp_write(sc, 163, 0x9d); 5832 5833 /* SNR mapping. */ 5834 run_bbp_write(sc, 142, 0x06); 5835 run_bbp_write(sc, 143, 0xa0); 5836 run_bbp_write(sc, 142, 0x07); 5837 run_bbp_write(sc, 143, 0xa1); 5838 run_bbp_write(sc, 142, 0x08); 5839 run_bbp_write(sc, 143, 0xa2); 5840 5841 run_bbp_write(sc, 31, 0x08); 5842 run_bbp_write(sc, 68, 0x0b); 5843 run_bbp_write(sc, 105, 0x04); 5844 } 5845 5846 static void 5847 run_rt5390_rf_setup(struct run_softc *sc) 5848 { 5849 uint8_t bbp, rf; 5850 5851 if (sc->mac_rev >= 0x0211) { 5852 /* Enable DC filter. */ 5853 run_bbp_write(sc, 103, 0xc0); 5854 5855 if (sc->mac_ver != 0x5592) { 5856 /* Improve power consumption. */ 5857 run_bbp_read(sc, 31, &bbp); 5858 run_bbp_write(sc, 31, bbp & ~0x03); 5859 } 5860 } 5861 5862 run_bbp_read(sc, 138, &bbp); 5863 if (sc->ntxchains == 1) 5864 bbp |= 0x20; /* turn off DAC1 */ 5865 if (sc->nrxchains == 1) 5866 bbp &= ~0x02; /* turn off ADC1 */ 5867 run_bbp_write(sc, 138, bbp); 5868 5869 run_rt3070_rf_read(sc, 38, &rf); 5870 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5871 5872 run_rt3070_rf_read(sc, 39, &rf); 5873 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5874 5875 /* Avoid data lost and CRC error. */ 5876 run_bbp_read(sc, 4, &bbp); 5877 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5878 5879 run_rt3070_rf_read(sc, 30, &rf); 5880 rf = (rf & ~0x18) | 0x10; 5881 run_rt3070_rf_write(sc, 30, rf); 5882 5883 if (sc->mac_ver != 0x5592) { 5884 run_write(sc, RT2860_TX_SW_CFG1, 0); 5885 if (sc->mac_rev < 0x0211) { 5886 run_write(sc, RT2860_TX_SW_CFG2, 5887 sc->patch_dac ? 0x2c : 0x0f); 5888 } else 5889 run_write(sc, RT2860_TX_SW_CFG2, 0); 5890 } 5891 } 5892 5893 static int 5894 run_txrx_enable(struct run_softc *sc) 5895 { 5896 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5897 uint32_t tmp; 5898 int error, ntries; 5899 5900 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5901 for (ntries = 0; ntries < 200; ntries++) { 5902 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5903 return (error); 5904 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5905 break; 5906 run_delay(sc, 50); 5907 } 5908 if (ntries == 200) 5909 return (ETIMEDOUT); 5910 5911 run_delay(sc, 50); 5912 5913 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5914 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5915 5916 /* enable Rx bulk aggregation (set timeout and limit) */ 5917 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5918 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5919 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5920 5921 /* set Rx filter */ 5922 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5923 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5924 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5925 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5926 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5927 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5928 if (ic->ic_opmode == IEEE80211_M_STA) 5929 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5930 } 5931 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5932 5933 run_write(sc, RT2860_MAC_SYS_CTRL, 5934 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5935 5936 return (0); 5937 } 5938 5939 static void 5940 run_adjust_freq_offset(struct run_softc *sc) 5941 { 5942 uint8_t rf, tmp; 5943 5944 run_rt3070_rf_read(sc, 17, &rf); 5945 tmp = rf; 5946 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5947 rf = MIN(rf, 0x5f); 5948 5949 if (tmp != rf) 5950 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5951 } 5952 5953 static void 5954 run_init_locked(struct run_softc *sc) 5955 { 5956 struct ifnet *ifp = sc->sc_ifp; 5957 struct ieee80211com *ic = ifp->if_l2com; 5958 uint32_t tmp; 5959 uint8_t bbp1, bbp3; 5960 int i; 5961 int ridx; 5962 int ntries; 5963 5964 if (ic->ic_nrunning > 1) 5965 return; 5966 5967 run_stop(sc); 5968 5969 if (run_load_microcode(sc) != 0) { 5970 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5971 goto fail; 5972 } 5973 5974 for (ntries = 0; ntries < 100; ntries++) { 5975 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5976 goto fail; 5977 if (tmp != 0 && tmp != 0xffffffff) 5978 break; 5979 run_delay(sc, 10); 5980 } 5981 if (ntries == 100) 5982 goto fail; 5983 5984 for (i = 0; i != RUN_EP_QUEUES; i++) 5985 run_setup_tx_list(sc, &sc->sc_epq[i]); 5986 5987 run_set_macaddr(sc, IF_LLADDR(ifp)); 5988 5989 for (ntries = 0; ntries < 100; ntries++) { 5990 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5991 goto fail; 5992 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5993 break; 5994 run_delay(sc, 10); 5995 } 5996 if (ntries == 100) { 5997 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5998 goto fail; 5999 } 6000 tmp &= 0xff0; 6001 tmp |= RT2860_TX_WB_DDONE; 6002 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6003 6004 /* turn off PME_OEN to solve high-current issue */ 6005 run_read(sc, RT2860_SYS_CTRL, &tmp); 6006 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6007 6008 run_write(sc, RT2860_MAC_SYS_CTRL, 6009 RT2860_BBP_HRST | RT2860_MAC_SRST); 6010 run_write(sc, RT2860_USB_DMA_CFG, 0); 6011 6012 if (run_reset(sc) != 0) { 6013 device_printf(sc->sc_dev, "could not reset chipset\n"); 6014 goto fail; 6015 } 6016 6017 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6018 6019 /* init Tx power for all Tx rates (from EEPROM) */ 6020 for (ridx = 0; ridx < 5; ridx++) { 6021 if (sc->txpow20mhz[ridx] == 0xffffffff) 6022 continue; 6023 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6024 } 6025 6026 for (i = 0; i < nitems(rt2870_def_mac); i++) 6027 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6028 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6029 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6030 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6031 6032 if (sc->mac_ver >= 0x5390) { 6033 run_write(sc, RT2860_TX_SW_CFG0, 6034 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6035 if (sc->mac_ver >= 0x5392) { 6036 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6037 if (sc->mac_ver == 0x5592) { 6038 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6039 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6040 } else { 6041 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6042 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6043 } 6044 } 6045 } else if (sc->mac_ver == 0x3593) { 6046 run_write(sc, RT2860_TX_SW_CFG0, 6047 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6048 } else if (sc->mac_ver >= 0x3070) { 6049 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6050 run_write(sc, RT2860_TX_SW_CFG0, 6051 4 << RT2860_DLY_PAPE_EN_SHIFT); 6052 } 6053 6054 /* wait while MAC is busy */ 6055 for (ntries = 0; ntries < 100; ntries++) { 6056 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6057 goto fail; 6058 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6059 break; 6060 run_delay(sc, 10); 6061 } 6062 if (ntries == 100) 6063 goto fail; 6064 6065 /* clear Host to MCU mailbox */ 6066 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6067 run_write(sc, RT2860_H2M_MAILBOX, 0); 6068 run_delay(sc, 10); 6069 6070 if (run_bbp_init(sc) != 0) { 6071 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6072 goto fail; 6073 } 6074 6075 /* abort TSF synchronization */ 6076 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6077 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6078 RT2860_TBTT_TIMER_EN); 6079 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6080 6081 /* clear RX WCID search table */ 6082 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6083 /* clear WCID attribute table */ 6084 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6085 6086 /* hostapd sets a key before init. So, don't clear it. */ 6087 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6088 /* clear shared key table */ 6089 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6090 /* clear shared key mode */ 6091 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6092 } 6093 6094 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6095 tmp = (tmp & ~0xff) | 0x1e; 6096 run_write(sc, RT2860_US_CYC_CNT, tmp); 6097 6098 if (sc->mac_rev != 0x0101) 6099 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6100 6101 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6102 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6103 6104 /* write vendor-specific BBP values (from EEPROM) */ 6105 if (sc->mac_ver < 0x3593) { 6106 for (i = 0; i < 10; i++) { 6107 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6108 continue; 6109 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6110 } 6111 } 6112 6113 /* select Main antenna for 1T1R devices */ 6114 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6115 run_set_rx_antenna(sc, 0); 6116 6117 /* send LEDs operating mode to microcontroller */ 6118 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6119 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6120 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6121 6122 if (sc->mac_ver >= 0x5390) 6123 run_rt5390_rf_init(sc); 6124 else if (sc->mac_ver == 0x3593) 6125 run_rt3593_rf_init(sc); 6126 else if (sc->mac_ver >= 0x3070) 6127 run_rt3070_rf_init(sc); 6128 6129 /* disable non-existing Rx chains */ 6130 run_bbp_read(sc, 3, &bbp3); 6131 bbp3 &= ~(1 << 3 | 1 << 4); 6132 if (sc->nrxchains == 2) 6133 bbp3 |= 1 << 3; 6134 else if (sc->nrxchains == 3) 6135 bbp3 |= 1 << 4; 6136 run_bbp_write(sc, 3, bbp3); 6137 6138 /* disable non-existing Tx chains */ 6139 run_bbp_read(sc, 1, &bbp1); 6140 if (sc->ntxchains == 1) 6141 bbp1 &= ~(1 << 3 | 1 << 4); 6142 run_bbp_write(sc, 1, bbp1); 6143 6144 if (sc->mac_ver >= 0x5390) 6145 run_rt5390_rf_setup(sc); 6146 else if (sc->mac_ver == 0x3593) 6147 run_rt3593_rf_setup(sc); 6148 else if (sc->mac_ver >= 0x3070) 6149 run_rt3070_rf_setup(sc); 6150 6151 /* select default channel */ 6152 run_set_chan(sc, ic->ic_curchan); 6153 6154 /* setup initial protection mode */ 6155 run_updateprot_cb(ic); 6156 6157 /* turn radio LED on */ 6158 run_set_leds(sc, RT2860_LED_RADIO); 6159 6160 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 6161 ifp->if_drv_flags |= IFF_DRV_RUNNING; 6162 sc->cmdq_run = RUN_CMDQ_GO; 6163 6164 for (i = 0; i != RUN_N_XFER; i++) 6165 usbd_xfer_set_stall(sc->sc_xfer[i]); 6166 6167 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6168 6169 if (run_txrx_enable(sc) != 0) 6170 goto fail; 6171 6172 return; 6173 6174 fail: 6175 run_stop(sc); 6176 } 6177 6178 static void 6179 run_init(void *arg) 6180 { 6181 struct run_softc *sc = arg; 6182 struct ifnet *ifp = sc->sc_ifp; 6183 struct ieee80211com *ic = ifp->if_l2com; 6184 6185 RUN_LOCK(sc); 6186 run_init_locked(sc); 6187 RUN_UNLOCK(sc); 6188 6189 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6190 ieee80211_start_all(ic); 6191 } 6192 6193 static void 6194 run_stop(void *arg) 6195 { 6196 struct run_softc *sc = (struct run_softc *)arg; 6197 struct ifnet *ifp = sc->sc_ifp; 6198 uint32_t tmp; 6199 int i; 6200 int ntries; 6201 6202 RUN_LOCK_ASSERT(sc, MA_OWNED); 6203 6204 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6205 run_set_leds(sc, 0); /* turn all LEDs off */ 6206 6207 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 6208 6209 sc->ratectl_run = RUN_RATECTL_OFF; 6210 sc->cmdq_run = sc->cmdq_key_set; 6211 6212 RUN_UNLOCK(sc); 6213 6214 for(i = 0; i < RUN_N_XFER; i++) 6215 usbd_transfer_drain(sc->sc_xfer[i]); 6216 6217 RUN_LOCK(sc); 6218 6219 if (sc->rx_m != NULL) { 6220 m_free(sc->rx_m); 6221 sc->rx_m = NULL; 6222 } 6223 6224 /* Disable Tx/Rx DMA. */ 6225 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6226 return; 6227 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6228 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6229 6230 for (ntries = 0; ntries < 100; ntries++) { 6231 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6232 return; 6233 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6234 break; 6235 run_delay(sc, 10); 6236 } 6237 if (ntries == 100) { 6238 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6239 return; 6240 } 6241 6242 /* disable Tx/Rx */ 6243 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6244 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6245 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6246 6247 /* wait for pending Tx to complete */ 6248 for (ntries = 0; ntries < 100; ntries++) { 6249 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6250 DPRINTF("Cannot read Tx queue count\n"); 6251 break; 6252 } 6253 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6254 DPRINTF("All Tx cleared\n"); 6255 break; 6256 } 6257 run_delay(sc, 10); 6258 } 6259 if (ntries >= 100) 6260 DPRINTF("There are still pending Tx\n"); 6261 run_delay(sc, 10); 6262 run_write(sc, RT2860_USB_DMA_CFG, 0); 6263 6264 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6265 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6266 6267 for (i = 0; i != RUN_EP_QUEUES; i++) 6268 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6269 } 6270 6271 static void 6272 run_delay(struct run_softc *sc, u_int ms) 6273 { 6274 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6275 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6276 } 6277 6278 static device_method_t run_methods[] = { 6279 /* Device interface */ 6280 DEVMETHOD(device_probe, run_match), 6281 DEVMETHOD(device_attach, run_attach), 6282 DEVMETHOD(device_detach, run_detach), 6283 DEVMETHOD_END 6284 }; 6285 6286 static driver_t run_driver = { 6287 .name = "run", 6288 .methods = run_methods, 6289 .size = sizeof(struct run_softc) 6290 }; 6291 6292 static devclass_t run_devclass; 6293 6294 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6295 MODULE_DEPEND(run, wlan, 1, 1, 1); 6296 MODULE_DEPEND(run, usb, 1, 1, 1); 6297 MODULE_DEPEND(run, firmware, 1, 1, 1); 6298 MODULE_VERSION(run, 1); 6299