1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 90 enum { 91 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 92 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 93 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 94 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 95 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 96 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 97 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 98 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 99 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 100 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 101 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 102 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 103 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 104 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 105 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 106 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 107 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 108 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 109 RUN_DEBUG_ANY = 0xffffffff 110 }; 111 112 #define RUN_DPRINTF(_sc, _m, ...) do { \ 113 if (run_debug & (_m)) \ 114 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 115 } while(0) 116 #else 117 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 118 #endif 119 120 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 121 122 /* 123 * Because of LOR in run_key_delete(), use atomic instead. 124 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 125 */ 126 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 127 128 static const STRUCT_USB_HOST_ID run_devs[] = { 129 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 130 #define RUN_DEV_EJECT(v,p) \ 131 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 132 #define RUN_EJECT 1 133 RUN_DEV(ABOCOM, RT2770), 134 RUN_DEV(ABOCOM, RT2870), 135 RUN_DEV(ABOCOM, RT3070), 136 RUN_DEV(ABOCOM, RT3071), 137 RUN_DEV(ABOCOM, RT3072), 138 RUN_DEV(ABOCOM2, RT2870_1), 139 RUN_DEV(ACCTON, RT2770), 140 RUN_DEV(ACCTON, RT2870_1), 141 RUN_DEV(ACCTON, RT2870_2), 142 RUN_DEV(ACCTON, RT2870_3), 143 RUN_DEV(ACCTON, RT2870_4), 144 RUN_DEV(ACCTON, RT2870_5), 145 RUN_DEV(ACCTON, RT3070), 146 RUN_DEV(ACCTON, RT3070_1), 147 RUN_DEV(ACCTON, RT3070_2), 148 RUN_DEV(ACCTON, RT3070_3), 149 RUN_DEV(ACCTON, RT3070_4), 150 RUN_DEV(ACCTON, RT3070_5), 151 RUN_DEV(AIRTIES, RT3070), 152 RUN_DEV(ALLWIN, RT2070), 153 RUN_DEV(ALLWIN, RT2770), 154 RUN_DEV(ALLWIN, RT2870), 155 RUN_DEV(ALLWIN, RT3070), 156 RUN_DEV(ALLWIN, RT3071), 157 RUN_DEV(ALLWIN, RT3072), 158 RUN_DEV(ALLWIN, RT3572), 159 RUN_DEV(AMIGO, RT2870_1), 160 RUN_DEV(AMIGO, RT2870_2), 161 RUN_DEV(AMIT, CGWLUSB2GNR), 162 RUN_DEV(AMIT, RT2870_1), 163 RUN_DEV(AMIT2, RT2870), 164 RUN_DEV(ASUS, RT2870_1), 165 RUN_DEV(ASUS, RT2870_2), 166 RUN_DEV(ASUS, RT2870_3), 167 RUN_DEV(ASUS, RT2870_4), 168 RUN_DEV(ASUS, RT2870_5), 169 RUN_DEV(ASUS, USBN13), 170 RUN_DEV(ASUS, RT3070_1), 171 RUN_DEV(ASUS, USBN66), 172 RUN_DEV(ASUS, USB_N53), 173 RUN_DEV(ASUS2, USBN11), 174 RUN_DEV(AZUREWAVE, RT2870_1), 175 RUN_DEV(AZUREWAVE, RT2870_2), 176 RUN_DEV(AZUREWAVE, RT3070_1), 177 RUN_DEV(AZUREWAVE, RT3070_2), 178 RUN_DEV(AZUREWAVE, RT3070_3), 179 RUN_DEV(BELKIN, F9L1103), 180 RUN_DEV(BELKIN, F5D8053V3), 181 RUN_DEV(BELKIN, F5D8055), 182 RUN_DEV(BELKIN, F5D8055V2), 183 RUN_DEV(BELKIN, F6D4050V1), 184 RUN_DEV(BELKIN, F6D4050V2), 185 RUN_DEV(BELKIN, RT2870_1), 186 RUN_DEV(BELKIN, RT2870_2), 187 RUN_DEV(CISCOLINKSYS, AE1000), 188 RUN_DEV(CISCOLINKSYS2, RT3070), 189 RUN_DEV(CISCOLINKSYS3, RT3070), 190 RUN_DEV(CONCEPTRONIC2, RT2870_1), 191 RUN_DEV(CONCEPTRONIC2, RT2870_2), 192 RUN_DEV(CONCEPTRONIC2, RT2870_3), 193 RUN_DEV(CONCEPTRONIC2, RT2870_4), 194 RUN_DEV(CONCEPTRONIC2, RT2870_5), 195 RUN_DEV(CONCEPTRONIC2, RT2870_6), 196 RUN_DEV(CONCEPTRONIC2, RT2870_7), 197 RUN_DEV(CONCEPTRONIC2, RT2870_8), 198 RUN_DEV(CONCEPTRONIC2, RT3070_1), 199 RUN_DEV(CONCEPTRONIC2, RT3070_2), 200 RUN_DEV(CONCEPTRONIC2, VIGORN61), 201 RUN_DEV(COREGA, CGWLUSB300GNM), 202 RUN_DEV(COREGA, RT2870_1), 203 RUN_DEV(COREGA, RT2870_2), 204 RUN_DEV(COREGA, RT2870_3), 205 RUN_DEV(COREGA, RT3070), 206 RUN_DEV(CYBERTAN, RT2870), 207 RUN_DEV(DLINK, RT2870), 208 RUN_DEV(DLINK, RT3072), 209 RUN_DEV(DLINK, DWA127), 210 RUN_DEV(DLINK, DWA140B3), 211 RUN_DEV(DLINK, DWA160B2), 212 RUN_DEV(DLINK, DWA140D1), 213 RUN_DEV(DLINK, DWA162), 214 RUN_DEV(DLINK2, DWA130), 215 RUN_DEV(DLINK2, RT2870_1), 216 RUN_DEV(DLINK2, RT2870_2), 217 RUN_DEV(DLINK2, RT3070_1), 218 RUN_DEV(DLINK2, RT3070_2), 219 RUN_DEV(DLINK2, RT3070_3), 220 RUN_DEV(DLINK2, RT3070_4), 221 RUN_DEV(DLINK2, RT3070_5), 222 RUN_DEV(DLINK2, RT3072), 223 RUN_DEV(DLINK2, RT3072_1), 224 RUN_DEV(EDIMAX, EW7717), 225 RUN_DEV(EDIMAX, EW7718), 226 RUN_DEV(EDIMAX, EW7733UND), 227 RUN_DEV(EDIMAX, RT2870_1), 228 RUN_DEV(ENCORE, RT3070_1), 229 RUN_DEV(ENCORE, RT3070_2), 230 RUN_DEV(ENCORE, RT3070_3), 231 RUN_DEV(GIGABYTE, GNWB31N), 232 RUN_DEV(GIGABYTE, GNWB32L), 233 RUN_DEV(GIGABYTE, RT2870_1), 234 RUN_DEV(GIGASET, RT3070_1), 235 RUN_DEV(GIGASET, RT3070_2), 236 RUN_DEV(GUILLEMOT, HWNU300), 237 RUN_DEV(HAWKING, HWUN2), 238 RUN_DEV(HAWKING, RT2870_1), 239 RUN_DEV(HAWKING, RT2870_2), 240 RUN_DEV(HAWKING, RT3070), 241 RUN_DEV(IODATA, RT3072_1), 242 RUN_DEV(IODATA, RT3072_2), 243 RUN_DEV(IODATA, RT3072_3), 244 RUN_DEV(IODATA, RT3072_4), 245 RUN_DEV(LINKSYS4, RT3070), 246 RUN_DEV(LINKSYS4, WUSB100), 247 RUN_DEV(LINKSYS4, WUSB54GCV3), 248 RUN_DEV(LINKSYS4, WUSB600N), 249 RUN_DEV(LINKSYS4, WUSB600NV2), 250 RUN_DEV(LOGITEC, RT2870_1), 251 RUN_DEV(LOGITEC, RT2870_2), 252 RUN_DEV(LOGITEC, RT2870_3), 253 RUN_DEV(LOGITEC, LANW300NU2), 254 RUN_DEV(LOGITEC, LANW150NU2), 255 RUN_DEV(LOGITEC, LANW300NU2S), 256 RUN_DEV(MELCO, WLIUCG300HP), 257 RUN_DEV(MELCO, RT2870_2), 258 RUN_DEV(MELCO, WLIUCAG300N), 259 RUN_DEV(MELCO, WLIUCG300N), 260 RUN_DEV(MELCO, WLIUCG301N), 261 RUN_DEV(MELCO, WLIUCGN), 262 RUN_DEV(MELCO, WLIUCGNM), 263 RUN_DEV(MELCO, WLIUCG300HPV1), 264 RUN_DEV(MELCO, WLIUCGNM2), 265 RUN_DEV(MOTOROLA4, RT2770), 266 RUN_DEV(MOTOROLA4, RT3070), 267 RUN_DEV(MSI, RT3070_1), 268 RUN_DEV(MSI, RT3070_2), 269 RUN_DEV(MSI, RT3070_3), 270 RUN_DEV(MSI, RT3070_4), 271 RUN_DEV(MSI, RT3070_5), 272 RUN_DEV(MSI, RT3070_6), 273 RUN_DEV(MSI, RT3070_7), 274 RUN_DEV(MSI, RT3070_8), 275 RUN_DEV(MSI, RT3070_9), 276 RUN_DEV(MSI, RT3070_10), 277 RUN_DEV(MSI, RT3070_11), 278 RUN_DEV(NETGEAR, WNDA4100), 279 RUN_DEV(OVISLINK, RT3072), 280 RUN_DEV(PARA, RT3070), 281 RUN_DEV(PEGATRON, RT2870), 282 RUN_DEV(PEGATRON, RT3070), 283 RUN_DEV(PEGATRON, RT3070_2), 284 RUN_DEV(PEGATRON, RT3070_3), 285 RUN_DEV(PHILIPS, RT2870), 286 RUN_DEV(PLANEX2, GWUS300MINIS), 287 RUN_DEV(PLANEX2, GWUSMICRON), 288 RUN_DEV(PLANEX2, RT2870), 289 RUN_DEV(PLANEX2, RT3070), 290 RUN_DEV(QCOM, RT2870), 291 RUN_DEV(QUANTA, RT3070), 292 RUN_DEV(RALINK, RT2070), 293 RUN_DEV(RALINK, RT2770), 294 RUN_DEV(RALINK, RT2870), 295 RUN_DEV(RALINK, RT3070), 296 RUN_DEV(RALINK, RT3071), 297 RUN_DEV(RALINK, RT3072), 298 RUN_DEV(RALINK, RT3370), 299 RUN_DEV(RALINK, RT3572), 300 RUN_DEV(RALINK, RT3573), 301 RUN_DEV(RALINK, RT5370), 302 RUN_DEV(RALINK, RT5572), 303 RUN_DEV(RALINK, RT8070), 304 RUN_DEV(SAMSUNG, WIS09ABGN), 305 RUN_DEV(SAMSUNG2, RT2870_1), 306 RUN_DEV(SENAO, RT2870_1), 307 RUN_DEV(SENAO, RT2870_2), 308 RUN_DEV(SENAO, RT2870_3), 309 RUN_DEV(SENAO, RT2870_4), 310 RUN_DEV(SENAO, RT3070), 311 RUN_DEV(SENAO, RT3071), 312 RUN_DEV(SENAO, RT3072_1), 313 RUN_DEV(SENAO, RT3072_2), 314 RUN_DEV(SENAO, RT3072_3), 315 RUN_DEV(SENAO, RT3072_4), 316 RUN_DEV(SENAO, RT3072_5), 317 RUN_DEV(SITECOMEU, RT2770), 318 RUN_DEV(SITECOMEU, RT2870_1), 319 RUN_DEV(SITECOMEU, RT2870_2), 320 RUN_DEV(SITECOMEU, RT2870_3), 321 RUN_DEV(SITECOMEU, RT2870_4), 322 RUN_DEV(SITECOMEU, RT3070), 323 RUN_DEV(SITECOMEU, RT3070_2), 324 RUN_DEV(SITECOMEU, RT3070_3), 325 RUN_DEV(SITECOMEU, RT3070_4), 326 RUN_DEV(SITECOMEU, RT3071), 327 RUN_DEV(SITECOMEU, RT3072_1), 328 RUN_DEV(SITECOMEU, RT3072_2), 329 RUN_DEV(SITECOMEU, RT3072_3), 330 RUN_DEV(SITECOMEU, RT3072_4), 331 RUN_DEV(SITECOMEU, RT3072_5), 332 RUN_DEV(SITECOMEU, RT3072_6), 333 RUN_DEV(SITECOMEU, WL608), 334 RUN_DEV(SPARKLAN, RT2870_1), 335 RUN_DEV(SPARKLAN, RT3070), 336 RUN_DEV(SWEEX2, LW153), 337 RUN_DEV(SWEEX2, LW303), 338 RUN_DEV(SWEEX2, LW313), 339 RUN_DEV(TOSHIBA, RT3070), 340 RUN_DEV(UMEDIA, RT2870_1), 341 RUN_DEV(ZCOM, RT2870_1), 342 RUN_DEV(ZCOM, RT2870_2), 343 RUN_DEV(ZINWELL, RT2870_1), 344 RUN_DEV(ZINWELL, RT2870_2), 345 RUN_DEV(ZINWELL, RT3070), 346 RUN_DEV(ZINWELL, RT3072_1), 347 RUN_DEV(ZINWELL, RT3072_2), 348 RUN_DEV(ZYXEL, RT2870_1), 349 RUN_DEV(ZYXEL, RT2870_2), 350 RUN_DEV(ZYXEL, RT3070), 351 RUN_DEV_EJECT(ZYXEL, NWD2705), 352 RUN_DEV_EJECT(RALINK, RT_STOR), 353 #undef RUN_DEV_EJECT 354 #undef RUN_DEV 355 }; 356 357 static device_probe_t run_match; 358 static device_attach_t run_attach; 359 static device_detach_t run_detach; 360 361 static usb_callback_t run_bulk_rx_callback; 362 static usb_callback_t run_bulk_tx_callback0; 363 static usb_callback_t run_bulk_tx_callback1; 364 static usb_callback_t run_bulk_tx_callback2; 365 static usb_callback_t run_bulk_tx_callback3; 366 static usb_callback_t run_bulk_tx_callback4; 367 static usb_callback_t run_bulk_tx_callback5; 368 369 static void run_autoinst(void *, struct usb_device *, 370 struct usb_attach_arg *); 371 static int run_driver_loaded(struct module *, int, void *); 372 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 373 usb_error_t error, u_int index); 374 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 375 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 376 const uint8_t [IEEE80211_ADDR_LEN], 377 const uint8_t [IEEE80211_ADDR_LEN]); 378 static void run_vap_delete(struct ieee80211vap *); 379 static void run_cmdq_cb(void *, int); 380 static void run_setup_tx_list(struct run_softc *, 381 struct run_endpoint_queue *); 382 static void run_unsetup_tx_list(struct run_softc *, 383 struct run_endpoint_queue *); 384 static int run_load_microcode(struct run_softc *); 385 static int run_reset(struct run_softc *); 386 static usb_error_t run_do_request(struct run_softc *, 387 struct usb_device_request *, void *); 388 static int run_read(struct run_softc *, uint16_t, uint32_t *); 389 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 390 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 391 static int run_write(struct run_softc *, uint16_t, uint32_t); 392 static int run_write_region_1(struct run_softc *, uint16_t, 393 const uint8_t *, int); 394 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 395 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 396 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 397 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 398 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 399 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 400 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 401 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 402 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 403 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 404 static const char *run_get_rf(uint16_t); 405 static void run_rt3593_get_txpower(struct run_softc *); 406 static void run_get_txpower(struct run_softc *); 407 static int run_read_eeprom(struct run_softc *); 408 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 409 const uint8_t mac[IEEE80211_ADDR_LEN]); 410 static int run_media_change(struct ifnet *); 411 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 412 static int run_wme_update(struct ieee80211com *); 413 static void run_key_set_cb(void *); 414 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 415 static void run_key_delete_cb(void *); 416 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 417 static void run_ratectl_to(void *); 418 static void run_ratectl_cb(void *, int); 419 static void run_drain_fifo(void *); 420 static void run_iter_func(void *, struct ieee80211_node *); 421 static void run_newassoc_cb(void *); 422 static void run_newassoc(struct ieee80211_node *, int); 423 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 424 const struct ieee80211_rx_stats *, int, int); 425 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 426 static void run_tx_free(struct run_endpoint_queue *pq, 427 struct run_tx_data *, int); 428 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 429 static int run_tx(struct run_softc *, struct mbuf *, 430 struct ieee80211_node *); 431 static int run_tx_mgt(struct run_softc *, struct mbuf *, 432 struct ieee80211_node *); 433 static int run_sendprot(struct run_softc *, const struct mbuf *, 434 struct ieee80211_node *, int, int); 435 static int run_tx_param(struct run_softc *, struct mbuf *, 436 struct ieee80211_node *, 437 const struct ieee80211_bpf_params *); 438 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 439 const struct ieee80211_bpf_params *); 440 static int run_transmit(struct ieee80211com *, struct mbuf *); 441 static void run_start(struct run_softc *); 442 static void run_parent(struct ieee80211com *); 443 static void run_iq_calib(struct run_softc *, u_int); 444 static void run_set_agc(struct run_softc *, uint8_t); 445 static void run_select_chan_group(struct run_softc *, int); 446 static void run_set_rx_antenna(struct run_softc *, int); 447 static void run_rt2870_set_chan(struct run_softc *, u_int); 448 static void run_rt3070_set_chan(struct run_softc *, u_int); 449 static void run_rt3572_set_chan(struct run_softc *, u_int); 450 static void run_rt3593_set_chan(struct run_softc *, u_int); 451 static void run_rt5390_set_chan(struct run_softc *, u_int); 452 static void run_rt5592_set_chan(struct run_softc *, u_int); 453 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 454 static void run_set_channel(struct ieee80211com *); 455 static void run_getradiocaps(struct ieee80211com *, int, int *, 456 struct ieee80211_channel[]); 457 static void run_scan_start(struct ieee80211com *); 458 static void run_scan_end(struct ieee80211com *); 459 static void run_update_beacon(struct ieee80211vap *, int); 460 static void run_update_beacon_cb(void *); 461 static void run_updateprot(struct ieee80211com *); 462 static void run_updateprot_cb(void *); 463 static void run_usb_timeout_cb(void *); 464 static void run_reset_livelock(struct run_softc *); 465 static void run_enable_tsf_sync(struct run_softc *); 466 static void run_enable_tsf(struct run_softc *); 467 static void run_get_tsf(struct run_softc *, uint64_t *); 468 static void run_enable_mrr(struct run_softc *); 469 static void run_set_txpreamble(struct run_softc *); 470 static void run_set_basicrates(struct run_softc *); 471 static void run_set_leds(struct run_softc *, uint16_t); 472 static void run_set_bssid(struct run_softc *, const uint8_t *); 473 static void run_set_macaddr(struct run_softc *, const uint8_t *); 474 static void run_updateslot(struct ieee80211com *); 475 static void run_updateslot_cb(void *); 476 static void run_update_mcast(struct ieee80211com *); 477 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 478 static void run_update_promisc_locked(struct run_softc *); 479 static void run_update_promisc(struct ieee80211com *); 480 static void run_rt5390_bbp_init(struct run_softc *); 481 static int run_bbp_init(struct run_softc *); 482 static int run_rt3070_rf_init(struct run_softc *); 483 static void run_rt3593_rf_init(struct run_softc *); 484 static void run_rt5390_rf_init(struct run_softc *); 485 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 486 uint8_t *); 487 static void run_rt3070_rf_setup(struct run_softc *); 488 static void run_rt3593_rf_setup(struct run_softc *); 489 static void run_rt5390_rf_setup(struct run_softc *); 490 static int run_txrx_enable(struct run_softc *); 491 static void run_adjust_freq_offset(struct run_softc *); 492 static void run_init_locked(struct run_softc *); 493 static void run_stop(void *); 494 static void run_delay(struct run_softc *, u_int); 495 496 static eventhandler_tag run_etag; 497 498 static const struct rt2860_rate { 499 uint8_t rate; 500 uint8_t mcs; 501 enum ieee80211_phytype phy; 502 uint8_t ctl_ridx; 503 uint16_t sp_ack_dur; 504 uint16_t lp_ack_dur; 505 } rt2860_rates[] = { 506 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 507 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 508 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 509 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 510 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 511 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 512 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 513 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 514 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 515 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 516 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 517 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 518 }; 519 520 static const struct { 521 uint16_t reg; 522 uint32_t val; 523 } rt2870_def_mac[] = { 524 RT2870_DEF_MAC 525 }; 526 527 static const struct { 528 uint8_t reg; 529 uint8_t val; 530 } rt2860_def_bbp[] = { 531 RT2860_DEF_BBP 532 },rt5390_def_bbp[] = { 533 RT5390_DEF_BBP 534 },rt5592_def_bbp[] = { 535 RT5592_DEF_BBP 536 }; 537 538 /* 539 * Default values for BBP register R196 for RT5592. 540 */ 541 static const uint8_t rt5592_bbp_r196[] = { 542 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 543 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 544 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 545 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 546 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 547 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 548 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 549 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 550 0x2e, 0x36, 0x30, 0x6e 551 }; 552 553 static const struct rfprog { 554 uint8_t chan; 555 uint32_t r1, r2, r3, r4; 556 } rt2860_rf2850[] = { 557 RT2860_RF2850 558 }; 559 560 struct { 561 uint8_t n, r, k; 562 } rt3070_freqs[] = { 563 RT3070_RF3052 564 }; 565 566 static const struct rt5592_freqs { 567 uint16_t n; 568 uint8_t k, m, r; 569 } rt5592_freqs_20mhz[] = { 570 RT5592_RF5592_20MHZ 571 },rt5592_freqs_40mhz[] = { 572 RT5592_RF5592_40MHZ 573 }; 574 575 static const struct { 576 uint8_t reg; 577 uint8_t val; 578 } rt3070_def_rf[] = { 579 RT3070_DEF_RF 580 },rt3572_def_rf[] = { 581 RT3572_DEF_RF 582 },rt3593_def_rf[] = { 583 RT3593_DEF_RF 584 },rt5390_def_rf[] = { 585 RT5390_DEF_RF 586 },rt5392_def_rf[] = { 587 RT5392_DEF_RF 588 },rt5592_def_rf[] = { 589 RT5592_DEF_RF 590 },rt5592_2ghz_def_rf[] = { 591 RT5592_2GHZ_DEF_RF 592 },rt5592_5ghz_def_rf[] = { 593 RT5592_5GHZ_DEF_RF 594 }; 595 596 static const struct { 597 u_int firstchan; 598 u_int lastchan; 599 uint8_t reg; 600 uint8_t val; 601 } rt5592_chan_5ghz[] = { 602 RT5592_CHAN_5GHZ 603 }; 604 605 static const struct usb_config run_config[RUN_N_XFER] = { 606 [RUN_BULK_TX_BE] = { 607 .type = UE_BULK, 608 .endpoint = UE_ADDR_ANY, 609 .ep_index = 0, 610 .direction = UE_DIR_OUT, 611 .bufsize = RUN_MAX_TXSZ, 612 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 613 .callback = run_bulk_tx_callback0, 614 .timeout = 5000, /* ms */ 615 }, 616 [RUN_BULK_TX_BK] = { 617 .type = UE_BULK, 618 .endpoint = UE_ADDR_ANY, 619 .direction = UE_DIR_OUT, 620 .ep_index = 1, 621 .bufsize = RUN_MAX_TXSZ, 622 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 623 .callback = run_bulk_tx_callback1, 624 .timeout = 5000, /* ms */ 625 }, 626 [RUN_BULK_TX_VI] = { 627 .type = UE_BULK, 628 .endpoint = UE_ADDR_ANY, 629 .direction = UE_DIR_OUT, 630 .ep_index = 2, 631 .bufsize = RUN_MAX_TXSZ, 632 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 633 .callback = run_bulk_tx_callback2, 634 .timeout = 5000, /* ms */ 635 }, 636 [RUN_BULK_TX_VO] = { 637 .type = UE_BULK, 638 .endpoint = UE_ADDR_ANY, 639 .direction = UE_DIR_OUT, 640 .ep_index = 3, 641 .bufsize = RUN_MAX_TXSZ, 642 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 643 .callback = run_bulk_tx_callback3, 644 .timeout = 5000, /* ms */ 645 }, 646 [RUN_BULK_TX_HCCA] = { 647 .type = UE_BULK, 648 .endpoint = UE_ADDR_ANY, 649 .direction = UE_DIR_OUT, 650 .ep_index = 4, 651 .bufsize = RUN_MAX_TXSZ, 652 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 653 .callback = run_bulk_tx_callback4, 654 .timeout = 5000, /* ms */ 655 }, 656 [RUN_BULK_TX_PRIO] = { 657 .type = UE_BULK, 658 .endpoint = UE_ADDR_ANY, 659 .direction = UE_DIR_OUT, 660 .ep_index = 5, 661 .bufsize = RUN_MAX_TXSZ, 662 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 663 .callback = run_bulk_tx_callback5, 664 .timeout = 5000, /* ms */ 665 }, 666 [RUN_BULK_RX] = { 667 .type = UE_BULK, 668 .endpoint = UE_ADDR_ANY, 669 .direction = UE_DIR_IN, 670 .bufsize = RUN_MAX_RXSZ, 671 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 672 .callback = run_bulk_rx_callback, 673 } 674 }; 675 676 static void 677 run_autoinst(void *arg, struct usb_device *udev, 678 struct usb_attach_arg *uaa) 679 { 680 struct usb_interface *iface; 681 struct usb_interface_descriptor *id; 682 683 if (uaa->dev_state != UAA_DEV_READY) 684 return; 685 686 iface = usbd_get_iface(udev, 0); 687 if (iface == NULL) 688 return; 689 id = iface->idesc; 690 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 691 return; 692 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 693 return; 694 695 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 696 uaa->dev_state = UAA_DEV_EJECTING; 697 } 698 699 static int 700 run_driver_loaded(struct module *mod, int what, void *arg) 701 { 702 switch (what) { 703 case MOD_LOAD: 704 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 705 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 706 break; 707 case MOD_UNLOAD: 708 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 709 break; 710 default: 711 return (EOPNOTSUPP); 712 } 713 return (0); 714 } 715 716 static int 717 run_match(device_t self) 718 { 719 struct usb_attach_arg *uaa = device_get_ivars(self); 720 721 if (uaa->usb_mode != USB_MODE_HOST) 722 return (ENXIO); 723 if (uaa->info.bConfigIndex != 0) 724 return (ENXIO); 725 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 726 return (ENXIO); 727 728 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 729 } 730 731 static int 732 run_attach(device_t self) 733 { 734 struct run_softc *sc = device_get_softc(self); 735 struct usb_attach_arg *uaa = device_get_ivars(self); 736 struct ieee80211com *ic = &sc->sc_ic; 737 uint32_t ver; 738 uint8_t iface_index; 739 int ntries, error; 740 741 device_set_usb_desc(self); 742 sc->sc_udev = uaa->device; 743 sc->sc_dev = self; 744 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 745 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 746 747 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 748 MTX_NETWORK_LOCK, MTX_DEF); 749 mbufq_init(&sc->sc_snd, ifqmaxlen); 750 751 iface_index = RT2860_IFACE_INDEX; 752 753 error = usbd_transfer_setup(uaa->device, &iface_index, 754 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 755 if (error) { 756 device_printf(self, "could not allocate USB transfers, " 757 "err=%s\n", usbd_errstr(error)); 758 goto detach; 759 } 760 761 RUN_LOCK(sc); 762 763 /* wait for the chip to settle */ 764 for (ntries = 0; ntries < 100; ntries++) { 765 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 766 RUN_UNLOCK(sc); 767 goto detach; 768 } 769 if (ver != 0 && ver != 0xffffffff) 770 break; 771 run_delay(sc, 10); 772 } 773 if (ntries == 100) { 774 device_printf(sc->sc_dev, 775 "timeout waiting for NIC to initialize\n"); 776 RUN_UNLOCK(sc); 777 goto detach; 778 } 779 sc->mac_ver = ver >> 16; 780 sc->mac_rev = ver & 0xffff; 781 782 /* retrieve RF rev. no and various other things from EEPROM */ 783 run_read_eeprom(sc); 784 785 device_printf(sc->sc_dev, 786 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 787 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 788 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 789 790 RUN_UNLOCK(sc); 791 792 ic->ic_softc = sc; 793 ic->ic_name = device_get_nameunit(self); 794 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 795 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 796 797 /* set device capabilities */ 798 ic->ic_caps = 799 IEEE80211_C_STA | /* station mode supported */ 800 IEEE80211_C_MONITOR | /* monitor mode supported */ 801 IEEE80211_C_IBSS | 802 IEEE80211_C_HOSTAP | 803 IEEE80211_C_WDS | /* 4-address traffic works */ 804 IEEE80211_C_MBSS | 805 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 806 IEEE80211_C_SHSLOT | /* short slot time supported */ 807 IEEE80211_C_WME | /* WME */ 808 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 809 810 ic->ic_cryptocaps = 811 IEEE80211_CRYPTO_WEP | 812 IEEE80211_CRYPTO_AES_CCM | 813 IEEE80211_CRYPTO_TKIPMIC | 814 IEEE80211_CRYPTO_TKIP; 815 816 ic->ic_flags |= IEEE80211_F_DATAPAD; 817 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 818 819 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 820 ic->ic_channels); 821 822 ieee80211_ifattach(ic); 823 824 ic->ic_scan_start = run_scan_start; 825 ic->ic_scan_end = run_scan_end; 826 ic->ic_set_channel = run_set_channel; 827 ic->ic_getradiocaps = run_getradiocaps; 828 ic->ic_node_alloc = run_node_alloc; 829 ic->ic_newassoc = run_newassoc; 830 ic->ic_updateslot = run_updateslot; 831 ic->ic_update_mcast = run_update_mcast; 832 ic->ic_wme.wme_update = run_wme_update; 833 ic->ic_raw_xmit = run_raw_xmit; 834 ic->ic_update_promisc = run_update_promisc; 835 ic->ic_vap_create = run_vap_create; 836 ic->ic_vap_delete = run_vap_delete; 837 ic->ic_transmit = run_transmit; 838 ic->ic_parent = run_parent; 839 840 ieee80211_radiotap_attach(ic, 841 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 842 RUN_TX_RADIOTAP_PRESENT, 843 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 844 RUN_RX_RADIOTAP_PRESENT); 845 846 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 847 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 848 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 849 850 if (bootverbose) 851 ieee80211_announce(ic); 852 853 return (0); 854 855 detach: 856 run_detach(self); 857 return (ENXIO); 858 } 859 860 static void 861 run_drain_mbufq(struct run_softc *sc) 862 { 863 struct mbuf *m; 864 struct ieee80211_node *ni; 865 866 RUN_LOCK_ASSERT(sc, MA_OWNED); 867 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 868 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 869 m->m_pkthdr.rcvif = NULL; 870 ieee80211_free_node(ni); 871 m_freem(m); 872 } 873 } 874 875 static int 876 run_detach(device_t self) 877 { 878 struct run_softc *sc = device_get_softc(self); 879 struct ieee80211com *ic = &sc->sc_ic; 880 int i; 881 882 RUN_LOCK(sc); 883 sc->sc_detached = 1; 884 RUN_UNLOCK(sc); 885 886 /* stop all USB transfers */ 887 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 888 889 RUN_LOCK(sc); 890 sc->ratectl_run = RUN_RATECTL_OFF; 891 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 892 893 /* free TX list, if any */ 894 for (i = 0; i != RUN_EP_QUEUES; i++) 895 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 896 897 /* Free TX queue */ 898 run_drain_mbufq(sc); 899 RUN_UNLOCK(sc); 900 901 if (sc->sc_ic.ic_softc == sc) { 902 /* drain tasks */ 903 usb_callout_drain(&sc->ratectl_ch); 904 ieee80211_draintask(ic, &sc->cmdq_task); 905 ieee80211_draintask(ic, &sc->ratectl_task); 906 ieee80211_ifdetach(ic); 907 } 908 909 mtx_destroy(&sc->sc_mtx); 910 911 return (0); 912 } 913 914 static struct ieee80211vap * 915 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 916 enum ieee80211_opmode opmode, int flags, 917 const uint8_t bssid[IEEE80211_ADDR_LEN], 918 const uint8_t mac[IEEE80211_ADDR_LEN]) 919 { 920 struct run_softc *sc = ic->ic_softc; 921 struct run_vap *rvp; 922 struct ieee80211vap *vap; 923 int i; 924 925 if (sc->rvp_cnt >= RUN_VAP_MAX) { 926 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 927 return (NULL); 928 } 929 930 switch (opmode) { 931 case IEEE80211_M_STA: 932 /* enable s/w bmiss handling for sta mode */ 933 flags |= IEEE80211_CLONE_NOBEACONS; 934 /* fall though */ 935 case IEEE80211_M_IBSS: 936 case IEEE80211_M_MONITOR: 937 case IEEE80211_M_HOSTAP: 938 case IEEE80211_M_MBSS: 939 /* other than WDS vaps, only one at a time */ 940 if (!TAILQ_EMPTY(&ic->ic_vaps)) 941 return (NULL); 942 break; 943 case IEEE80211_M_WDS: 944 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 945 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 946 continue; 947 /* WDS vap's always share the local mac address. */ 948 flags &= ~IEEE80211_CLONE_BSSID; 949 break; 950 } 951 if (vap == NULL) { 952 device_printf(sc->sc_dev, 953 "wds only supported in ap mode\n"); 954 return (NULL); 955 } 956 break; 957 default: 958 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 959 return (NULL); 960 } 961 962 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 963 vap = &rvp->vap; 964 965 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 966 bssid) != 0) { 967 /* out of memory */ 968 free(rvp, M_80211_VAP); 969 return (NULL); 970 } 971 972 vap->iv_update_beacon = run_update_beacon; 973 vap->iv_max_aid = RT2870_WCID_MAX; 974 /* 975 * To delete the right key from h/w, we need wcid. 976 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 977 * and matching wcid will be written into there. So, cast 978 * some spells to remove 'const' from ieee80211_key{} 979 */ 980 vap->iv_key_delete = (void *)run_key_delete; 981 vap->iv_key_set = (void *)run_key_set; 982 983 /* override state transition machine */ 984 rvp->newstate = vap->iv_newstate; 985 vap->iv_newstate = run_newstate; 986 if (opmode == IEEE80211_M_IBSS) { 987 rvp->recv_mgmt = vap->iv_recv_mgmt; 988 vap->iv_recv_mgmt = run_recv_mgmt; 989 } 990 991 ieee80211_ratectl_init(vap); 992 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 993 994 /* complete setup */ 995 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 996 mac); 997 998 /* make sure id is always unique */ 999 for (i = 0; i < RUN_VAP_MAX; i++) { 1000 if((sc->rvp_bmap & 1 << i) == 0){ 1001 sc->rvp_bmap |= 1 << i; 1002 rvp->rvp_id = i; 1003 break; 1004 } 1005 } 1006 if (sc->rvp_cnt++ == 0) 1007 ic->ic_opmode = opmode; 1008 1009 if (opmode == IEEE80211_M_HOSTAP) 1010 sc->cmdq_run = RUN_CMDQ_GO; 1011 1012 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1013 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1014 1015 return (vap); 1016 } 1017 1018 static void 1019 run_vap_delete(struct ieee80211vap *vap) 1020 { 1021 struct run_vap *rvp = RUN_VAP(vap); 1022 struct ieee80211com *ic; 1023 struct run_softc *sc; 1024 uint8_t rvp_id; 1025 1026 if (vap == NULL) 1027 return; 1028 1029 ic = vap->iv_ic; 1030 sc = ic->ic_softc; 1031 1032 RUN_LOCK(sc); 1033 1034 m_freem(rvp->beacon_mbuf); 1035 rvp->beacon_mbuf = NULL; 1036 1037 rvp_id = rvp->rvp_id; 1038 sc->ratectl_run &= ~(1 << rvp_id); 1039 sc->rvp_bmap &= ~(1 << rvp_id); 1040 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1041 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1042 --sc->rvp_cnt; 1043 1044 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1045 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1046 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1047 1048 RUN_UNLOCK(sc); 1049 1050 ieee80211_ratectl_deinit(vap); 1051 ieee80211_vap_detach(vap); 1052 free(rvp, M_80211_VAP); 1053 } 1054 1055 /* 1056 * There are numbers of functions need to be called in context thread. 1057 * Rather than creating taskqueue event for each of those functions, 1058 * here is all-for-one taskqueue callback function. This function 1059 * guarantees deferred functions are executed in the same order they 1060 * were enqueued. 1061 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1062 */ 1063 static void 1064 run_cmdq_cb(void *arg, int pending) 1065 { 1066 struct run_softc *sc = arg; 1067 uint8_t i; 1068 1069 /* call cmdq[].func locked */ 1070 RUN_LOCK(sc); 1071 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1072 i = sc->cmdq_exec, pending--) { 1073 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1074 i, pending); 1075 if (sc->cmdq_run == RUN_CMDQ_GO) { 1076 /* 1077 * If arg0 is NULL, callback func needs more 1078 * than one arg. So, pass ptr to cmdq struct. 1079 */ 1080 if (sc->cmdq[i].arg0) 1081 sc->cmdq[i].func(sc->cmdq[i].arg0); 1082 else 1083 sc->cmdq[i].func(&sc->cmdq[i]); 1084 } 1085 sc->cmdq[i].arg0 = NULL; 1086 sc->cmdq[i].func = NULL; 1087 sc->cmdq_exec++; 1088 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1089 } 1090 RUN_UNLOCK(sc); 1091 } 1092 1093 static void 1094 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1095 { 1096 struct run_tx_data *data; 1097 1098 memset(pq, 0, sizeof(*pq)); 1099 1100 STAILQ_INIT(&pq->tx_qh); 1101 STAILQ_INIT(&pq->tx_fh); 1102 1103 for (data = &pq->tx_data[0]; 1104 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1105 data->sc = sc; 1106 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1107 } 1108 pq->tx_nfree = RUN_TX_RING_COUNT; 1109 } 1110 1111 static void 1112 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1113 { 1114 struct run_tx_data *data; 1115 1116 /* make sure any subsequent use of the queues will fail */ 1117 pq->tx_nfree = 0; 1118 STAILQ_INIT(&pq->tx_fh); 1119 STAILQ_INIT(&pq->tx_qh); 1120 1121 /* free up all node references and mbufs */ 1122 for (data = &pq->tx_data[0]; 1123 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1124 if (data->m != NULL) { 1125 m_freem(data->m); 1126 data->m = NULL; 1127 } 1128 if (data->ni != NULL) { 1129 ieee80211_free_node(data->ni); 1130 data->ni = NULL; 1131 } 1132 } 1133 } 1134 1135 static int 1136 run_load_microcode(struct run_softc *sc) 1137 { 1138 usb_device_request_t req; 1139 const struct firmware *fw; 1140 const u_char *base; 1141 uint32_t tmp; 1142 int ntries, error; 1143 const uint64_t *temp; 1144 uint64_t bytes; 1145 1146 RUN_UNLOCK(sc); 1147 fw = firmware_get("runfw"); 1148 RUN_LOCK(sc); 1149 if (fw == NULL) { 1150 device_printf(sc->sc_dev, 1151 "failed loadfirmware of file %s\n", "runfw"); 1152 return ENOENT; 1153 } 1154 1155 if (fw->datasize != 8192) { 1156 device_printf(sc->sc_dev, 1157 "invalid firmware size (should be 8KB)\n"); 1158 error = EINVAL; 1159 goto fail; 1160 } 1161 1162 /* 1163 * RT3071/RT3072 use a different firmware 1164 * run-rt2870 (8KB) contains both, 1165 * first half (4KB) is for rt2870, 1166 * last half is for rt3071. 1167 */ 1168 base = fw->data; 1169 if ((sc->mac_ver) != 0x2860 && 1170 (sc->mac_ver) != 0x2872 && 1171 (sc->mac_ver) != 0x3070) { 1172 base += 4096; 1173 } 1174 1175 /* cheap sanity check */ 1176 temp = fw->data; 1177 bytes = *temp; 1178 if (bytes != be64toh(0xffffff0210280210ULL)) { 1179 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1180 error = EINVAL; 1181 goto fail; 1182 } 1183 1184 /* write microcode image */ 1185 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1186 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1187 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1188 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1189 } 1190 1191 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1192 req.bRequest = RT2870_RESET; 1193 USETW(req.wValue, 8); 1194 USETW(req.wIndex, 0); 1195 USETW(req.wLength, 0); 1196 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1197 != 0) { 1198 device_printf(sc->sc_dev, "firmware reset failed\n"); 1199 goto fail; 1200 } 1201 1202 run_delay(sc, 10); 1203 1204 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1205 run_write(sc, RT2860_H2M_MAILBOX, 0); 1206 run_write(sc, RT2860_H2M_INTSRC, 0); 1207 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1208 goto fail; 1209 1210 /* wait until microcontroller is ready */ 1211 for (ntries = 0; ntries < 1000; ntries++) { 1212 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1213 goto fail; 1214 if (tmp & RT2860_MCU_READY) 1215 break; 1216 run_delay(sc, 10); 1217 } 1218 if (ntries == 1000) { 1219 device_printf(sc->sc_dev, 1220 "timeout waiting for MCU to initialize\n"); 1221 error = ETIMEDOUT; 1222 goto fail; 1223 } 1224 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1225 (base == fw->data) ? "RT2870" : "RT3071", 1226 *(base + 4092), *(base + 4093)); 1227 1228 fail: 1229 firmware_put(fw, FIRMWARE_UNLOAD); 1230 return (error); 1231 } 1232 1233 static int 1234 run_reset(struct run_softc *sc) 1235 { 1236 usb_device_request_t req; 1237 1238 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1239 req.bRequest = RT2870_RESET; 1240 USETW(req.wValue, 1); 1241 USETW(req.wIndex, 0); 1242 USETW(req.wLength, 0); 1243 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1244 } 1245 1246 static usb_error_t 1247 run_do_request(struct run_softc *sc, 1248 struct usb_device_request *req, void *data) 1249 { 1250 usb_error_t err; 1251 int ntries = 10; 1252 1253 RUN_LOCK_ASSERT(sc, MA_OWNED); 1254 1255 while (ntries--) { 1256 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1257 req, data, 0, NULL, 250 /* ms */); 1258 if (err == 0) 1259 break; 1260 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1261 "Control request failed, %s (retrying)\n", 1262 usbd_errstr(err)); 1263 run_delay(sc, 10); 1264 } 1265 return (err); 1266 } 1267 1268 static int 1269 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1270 { 1271 uint32_t tmp; 1272 int error; 1273 1274 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1275 if (error == 0) 1276 *val = le32toh(tmp); 1277 else 1278 *val = 0xffffffff; 1279 return (error); 1280 } 1281 1282 static int 1283 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1284 { 1285 usb_device_request_t req; 1286 1287 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1288 req.bRequest = RT2870_READ_REGION_1; 1289 USETW(req.wValue, 0); 1290 USETW(req.wIndex, reg); 1291 USETW(req.wLength, len); 1292 1293 return (run_do_request(sc, &req, buf)); 1294 } 1295 1296 static int 1297 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1298 { 1299 usb_device_request_t req; 1300 1301 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1302 req.bRequest = RT2870_WRITE_2; 1303 USETW(req.wValue, val); 1304 USETW(req.wIndex, reg); 1305 USETW(req.wLength, 0); 1306 1307 return (run_do_request(sc, &req, NULL)); 1308 } 1309 1310 static int 1311 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1312 { 1313 int error; 1314 1315 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1316 error = run_write_2(sc, reg + 2, val >> 16); 1317 return (error); 1318 } 1319 1320 static int 1321 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1322 int len) 1323 { 1324 #if 1 1325 int i, error = 0; 1326 /* 1327 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1328 * We thus issue multiple WRITE_2 commands instead. 1329 */ 1330 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1331 for (i = 0; i < len && error == 0; i += 2) 1332 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1333 return (error); 1334 #else 1335 usb_device_request_t req; 1336 int error = 0; 1337 1338 /* 1339 * NOTE: It appears the WRITE_REGION_1 command cannot be 1340 * passed a huge amount of data, which will crash the 1341 * firmware. Limit amount of data passed to 64-bytes at a 1342 * time. 1343 */ 1344 while (len > 0) { 1345 int delta = 64; 1346 if (delta > len) 1347 delta = len; 1348 1349 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1350 req.bRequest = RT2870_WRITE_REGION_1; 1351 USETW(req.wValue, 0); 1352 USETW(req.wIndex, reg); 1353 USETW(req.wLength, delta); 1354 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1355 if (error != 0) 1356 break; 1357 reg += delta; 1358 buf += delta; 1359 len -= delta; 1360 } 1361 return (error); 1362 #endif 1363 } 1364 1365 static int 1366 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1367 { 1368 int i, error = 0; 1369 1370 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1371 for (i = 0; i < len && error == 0; i += 4) 1372 error = run_write(sc, reg + i, val); 1373 return (error); 1374 } 1375 1376 static int 1377 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1378 { 1379 uint32_t tmp; 1380 uint16_t reg; 1381 int error, ntries; 1382 1383 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1384 return (error); 1385 1386 if (count == 2) 1387 addr *= 2; 1388 /*- 1389 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1390 * DATA0: F E D C 1391 * DATA1: B A 9 8 1392 * DATA2: 7 6 5 4 1393 * DATA3: 3 2 1 0 1394 */ 1395 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1396 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1397 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1398 for (ntries = 0; ntries < 100; ntries++) { 1399 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1400 return (error); 1401 if (!(tmp & RT3070_EFSROM_KICK)) 1402 break; 1403 run_delay(sc, 2); 1404 } 1405 if (ntries == 100) 1406 return (ETIMEDOUT); 1407 1408 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1409 *val = 0xffff; /* address not found */ 1410 return (0); 1411 } 1412 /* determine to which 32-bit register our 16-bit word belongs */ 1413 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1414 if ((error = run_read(sc, reg, &tmp)) != 0) 1415 return (error); 1416 1417 tmp >>= (8 * (addr & 0x3)); 1418 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1419 1420 return (0); 1421 } 1422 1423 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1424 static int 1425 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426 { 1427 return (run_efuse_read(sc, addr, val, 2)); 1428 } 1429 1430 static int 1431 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1432 { 1433 usb_device_request_t req; 1434 uint16_t tmp; 1435 int error; 1436 1437 addr *= 2; 1438 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1439 req.bRequest = RT2870_EEPROM_READ; 1440 USETW(req.wValue, 0); 1441 USETW(req.wIndex, addr); 1442 USETW(req.wLength, sizeof(tmp)); 1443 1444 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1445 if (error == 0) 1446 *val = le16toh(tmp); 1447 else 1448 *val = 0xffff; 1449 return (error); 1450 } 1451 1452 static __inline int 1453 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1454 { 1455 /* either eFUSE ROM or EEPROM */ 1456 return sc->sc_srom_read(sc, addr, val); 1457 } 1458 1459 static int 1460 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1461 { 1462 uint32_t tmp; 1463 int error, ntries; 1464 1465 for (ntries = 0; ntries < 10; ntries++) { 1466 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1467 return (error); 1468 if (!(tmp & RT2860_RF_REG_CTRL)) 1469 break; 1470 } 1471 if (ntries == 10) 1472 return (ETIMEDOUT); 1473 1474 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1475 } 1476 1477 static int 1478 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1479 { 1480 uint32_t tmp; 1481 int error, ntries; 1482 1483 for (ntries = 0; ntries < 100; ntries++) { 1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1485 return (error); 1486 if (!(tmp & RT3070_RF_KICK)) 1487 break; 1488 } 1489 if (ntries == 100) 1490 return (ETIMEDOUT); 1491 1492 tmp = RT3070_RF_KICK | reg << 8; 1493 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1494 return (error); 1495 1496 for (ntries = 0; ntries < 100; ntries++) { 1497 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1498 return (error); 1499 if (!(tmp & RT3070_RF_KICK)) 1500 break; 1501 } 1502 if (ntries == 100) 1503 return (ETIMEDOUT); 1504 1505 *val = tmp & 0xff; 1506 return (0); 1507 } 1508 1509 static int 1510 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1511 { 1512 uint32_t tmp; 1513 int error, ntries; 1514 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1517 return (error); 1518 if (!(tmp & RT3070_RF_KICK)) 1519 break; 1520 } 1521 if (ntries == 10) 1522 return (ETIMEDOUT); 1523 1524 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1525 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1526 } 1527 1528 static int 1529 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1530 { 1531 uint32_t tmp; 1532 int ntries, error; 1533 1534 for (ntries = 0; ntries < 10; ntries++) { 1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1536 return (error); 1537 if (!(tmp & RT2860_BBP_CSR_KICK)) 1538 break; 1539 } 1540 if (ntries == 10) 1541 return (ETIMEDOUT); 1542 1543 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1544 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1545 return (error); 1546 1547 for (ntries = 0; ntries < 10; ntries++) { 1548 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1549 return (error); 1550 if (!(tmp & RT2860_BBP_CSR_KICK)) 1551 break; 1552 } 1553 if (ntries == 10) 1554 return (ETIMEDOUT); 1555 1556 *val = tmp & 0xff; 1557 return (0); 1558 } 1559 1560 static int 1561 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1562 { 1563 uint32_t tmp; 1564 int ntries, error; 1565 1566 for (ntries = 0; ntries < 10; ntries++) { 1567 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1568 return (error); 1569 if (!(tmp & RT2860_BBP_CSR_KICK)) 1570 break; 1571 } 1572 if (ntries == 10) 1573 return (ETIMEDOUT); 1574 1575 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1576 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1577 } 1578 1579 /* 1580 * Send a command to the 8051 microcontroller unit. 1581 */ 1582 static int 1583 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1584 { 1585 uint32_t tmp; 1586 int error, ntries; 1587 1588 for (ntries = 0; ntries < 100; ntries++) { 1589 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1590 return error; 1591 if (!(tmp & RT2860_H2M_BUSY)) 1592 break; 1593 } 1594 if (ntries == 100) 1595 return ETIMEDOUT; 1596 1597 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1598 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1599 error = run_write(sc, RT2860_HOST_CMD, cmd); 1600 return (error); 1601 } 1602 1603 /* 1604 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1605 * Used to adjust per-rate Tx power registers. 1606 */ 1607 static __inline uint32_t 1608 b4inc(uint32_t b32, int8_t delta) 1609 { 1610 int8_t i, b4; 1611 1612 for (i = 0; i < 8; i++) { 1613 b4 = b32 & 0xf; 1614 b4 += delta; 1615 if (b4 < 0) 1616 b4 = 0; 1617 else if (b4 > 0xf) 1618 b4 = 0xf; 1619 b32 = b32 >> 4 | b4 << 28; 1620 } 1621 return (b32); 1622 } 1623 1624 static const char * 1625 run_get_rf(uint16_t rev) 1626 { 1627 switch (rev) { 1628 case RT2860_RF_2820: return "RT2820"; 1629 case RT2860_RF_2850: return "RT2850"; 1630 case RT2860_RF_2720: return "RT2720"; 1631 case RT2860_RF_2750: return "RT2750"; 1632 case RT3070_RF_3020: return "RT3020"; 1633 case RT3070_RF_2020: return "RT2020"; 1634 case RT3070_RF_3021: return "RT3021"; 1635 case RT3070_RF_3022: return "RT3022"; 1636 case RT3070_RF_3052: return "RT3052"; 1637 case RT3593_RF_3053: return "RT3053"; 1638 case RT5592_RF_5592: return "RT5592"; 1639 case RT5390_RF_5370: return "RT5370"; 1640 case RT5390_RF_5372: return "RT5372"; 1641 } 1642 return ("unknown"); 1643 } 1644 1645 static void 1646 run_rt3593_get_txpower(struct run_softc *sc) 1647 { 1648 uint16_t addr, val; 1649 int i; 1650 1651 /* Read power settings for 2GHz channels. */ 1652 for (i = 0; i < 14; i += 2) { 1653 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1654 RT2860_EEPROM_PWR2GHZ_BASE1; 1655 run_srom_read(sc, addr + i / 2, &val); 1656 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1657 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1658 1659 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1660 RT2860_EEPROM_PWR2GHZ_BASE2; 1661 run_srom_read(sc, addr + i / 2, &val); 1662 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1670 } 1671 } 1672 /* Fix broken Tx power entries. */ 1673 for (i = 0; i < 14; i++) { 1674 if (sc->txpow1[i] > 31) 1675 sc->txpow1[i] = 5; 1676 if (sc->txpow2[i] > 31) 1677 sc->txpow2[i] = 5; 1678 if (sc->ntxchains == 3) { 1679 if (sc->txpow3[i] > 31) 1680 sc->txpow3[i] = 5; 1681 } 1682 } 1683 /* Read power settings for 5GHz channels. */ 1684 for (i = 0; i < 40; i += 2) { 1685 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1686 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1687 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1688 1689 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1690 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1691 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1692 1693 if (sc->ntxchains == 3) { 1694 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1695 &val); 1696 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1697 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1698 } 1699 } 1700 } 1701 1702 static void 1703 run_get_txpower(struct run_softc *sc) 1704 { 1705 uint16_t val; 1706 int i; 1707 1708 /* Read power settings for 2GHz channels. */ 1709 for (i = 0; i < 14; i += 2) { 1710 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1711 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1712 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1713 1714 if (sc->mac_ver != 0x5390) { 1715 run_srom_read(sc, 1716 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1717 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1718 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1719 } 1720 } 1721 /* Fix broken Tx power entries. */ 1722 for (i = 0; i < 14; i++) { 1723 if (sc->mac_ver >= 0x5390) { 1724 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1725 sc->txpow1[i] = 5; 1726 } else { 1727 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1728 sc->txpow1[i] = 5; 1729 } 1730 if (sc->mac_ver > 0x5390) { 1731 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1732 sc->txpow2[i] = 5; 1733 } else if (sc->mac_ver < 0x5390) { 1734 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1735 sc->txpow2[i] = 5; 1736 } 1737 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1738 "chan %d: power1=%d, power2=%d\n", 1739 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1740 } 1741 /* Read power settings for 5GHz channels. */ 1742 for (i = 0; i < 40; i += 2) { 1743 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1744 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1745 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1746 1747 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1748 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1749 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1750 } 1751 /* Fix broken Tx power entries. */ 1752 for (i = 0; i < 40; i++ ) { 1753 if (sc->mac_ver != 0x5592) { 1754 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1755 sc->txpow1[14 + i] = 5; 1756 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1757 sc->txpow2[14 + i] = 5; 1758 } 1759 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1760 "chan %d: power1=%d, power2=%d\n", 1761 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1762 sc->txpow2[14 + i]); 1763 } 1764 } 1765 1766 static int 1767 run_read_eeprom(struct run_softc *sc) 1768 { 1769 struct ieee80211com *ic = &sc->sc_ic; 1770 int8_t delta_2ghz, delta_5ghz; 1771 uint32_t tmp; 1772 uint16_t val; 1773 int ridx, ant, i; 1774 1775 /* check whether the ROM is eFUSE ROM or EEPROM */ 1776 sc->sc_srom_read = run_eeprom_read_2; 1777 if (sc->mac_ver >= 0x3070) { 1778 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1779 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1780 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1781 sc->sc_srom_read = run_efuse_read_2; 1782 } 1783 1784 /* read ROM version */ 1785 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1786 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1787 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1788 1789 /* read MAC address */ 1790 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1791 ic->ic_macaddr[0] = val & 0xff; 1792 ic->ic_macaddr[1] = val >> 8; 1793 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1794 ic->ic_macaddr[2] = val & 0xff; 1795 ic->ic_macaddr[3] = val >> 8; 1796 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1797 ic->ic_macaddr[4] = val & 0xff; 1798 ic->ic_macaddr[5] = val >> 8; 1799 1800 if (sc->mac_ver < 0x3593) { 1801 /* read vender BBP settings */ 1802 for (i = 0; i < 10; i++) { 1803 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1804 sc->bbp[i].val = val & 0xff; 1805 sc->bbp[i].reg = val >> 8; 1806 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1807 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1808 } 1809 if (sc->mac_ver >= 0x3071) { 1810 /* read vendor RF settings */ 1811 for (i = 0; i < 10; i++) { 1812 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1813 &val); 1814 sc->rf[i].val = val & 0xff; 1815 sc->rf[i].reg = val >> 8; 1816 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1817 sc->rf[i].reg, sc->rf[i].val); 1818 } 1819 } 1820 } 1821 1822 /* read RF frequency offset from EEPROM */ 1823 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1824 RT3593_EEPROM_FREQ, &val); 1825 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1826 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1827 sc->freq & 0xff); 1828 1829 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1830 RT3593_EEPROM_FREQ_LEDS, &val); 1831 if (val >> 8 != 0xff) { 1832 /* read LEDs operating mode */ 1833 sc->leds = val >> 8; 1834 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1835 RT3593_EEPROM_LED1, &sc->led[0]); 1836 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1837 RT3593_EEPROM_LED2, &sc->led[1]); 1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1839 RT3593_EEPROM_LED3, &sc->led[2]); 1840 } else { 1841 /* broken EEPROM, use default settings */ 1842 sc->leds = 0x01; 1843 sc->led[0] = 0x5555; 1844 sc->led[1] = 0x2221; 1845 sc->led[2] = 0x5627; /* differs from RT2860 */ 1846 } 1847 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1848 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1849 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1850 1851 /* read RF information */ 1852 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1853 run_srom_read(sc, 0x00, &val); 1854 else 1855 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1856 1857 if (val == 0xffff) { 1858 device_printf(sc->sc_dev, 1859 "invalid EEPROM antenna info, using default\n"); 1860 if (sc->mac_ver == 0x3572) { 1861 /* default to RF3052 2T2R */ 1862 sc->rf_rev = RT3070_RF_3052; 1863 sc->ntxchains = 2; 1864 sc->nrxchains = 2; 1865 } else if (sc->mac_ver >= 0x3070) { 1866 /* default to RF3020 1T1R */ 1867 sc->rf_rev = RT3070_RF_3020; 1868 sc->ntxchains = 1; 1869 sc->nrxchains = 1; 1870 } else { 1871 /* default to RF2820 1T2R */ 1872 sc->rf_rev = RT2860_RF_2820; 1873 sc->ntxchains = 1; 1874 sc->nrxchains = 2; 1875 } 1876 } else { 1877 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1878 sc->rf_rev = val; 1879 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1880 } else 1881 sc->rf_rev = (val >> 8) & 0xf; 1882 sc->ntxchains = (val >> 4) & 0xf; 1883 sc->nrxchains = val & 0xf; 1884 } 1885 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1886 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1887 1888 /* check if RF supports automatic Tx access gain control */ 1889 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1890 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1891 /* check if driver should patch the DAC issue */ 1892 if ((val >> 8) != 0xff) 1893 sc->patch_dac = (val >> 15) & 1; 1894 if ((val & 0xff) != 0xff) { 1895 sc->ext_5ghz_lna = (val >> 3) & 1; 1896 sc->ext_2ghz_lna = (val >> 2) & 1; 1897 /* check if RF supports automatic Tx access gain control */ 1898 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1899 /* check if we have a hardware radio switch */ 1900 sc->rfswitch = val & 1; 1901 } 1902 1903 /* Read Tx power settings. */ 1904 if (sc->mac_ver == 0x3593) 1905 run_rt3593_get_txpower(sc); 1906 else 1907 run_get_txpower(sc); 1908 1909 /* read Tx power compensation for each Tx rate */ 1910 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1911 delta_2ghz = delta_5ghz = 0; 1912 if ((val & 0xff) != 0xff && (val & 0x80)) { 1913 delta_2ghz = val & 0xf; 1914 if (!(val & 0x40)) /* negative number */ 1915 delta_2ghz = -delta_2ghz; 1916 } 1917 val >>= 8; 1918 if ((val & 0xff) != 0xff && (val & 0x80)) { 1919 delta_5ghz = val & 0xf; 1920 if (!(val & 0x40)) /* negative number */ 1921 delta_5ghz = -delta_5ghz; 1922 } 1923 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1924 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1925 1926 for (ridx = 0; ridx < 5; ridx++) { 1927 uint32_t reg; 1928 1929 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1930 reg = val; 1931 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1932 reg |= (uint32_t)val << 16; 1933 1934 sc->txpow20mhz[ridx] = reg; 1935 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1936 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1937 1938 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1939 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1940 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1941 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1942 } 1943 1944 /* Read RSSI offsets and LNA gains from EEPROM. */ 1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1946 RT3593_EEPROM_RSSI1_2GHZ, &val); 1947 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1948 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1949 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1950 RT3593_EEPROM_RSSI2_2GHZ, &val); 1951 if (sc->mac_ver >= 0x3070) { 1952 if (sc->mac_ver == 0x3593) { 1953 sc->txmixgain_2ghz = 0; 1954 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1955 } else { 1956 /* 1957 * On RT3070 chips (limited to 2 Rx chains), this ROM 1958 * field contains the Tx mixer gain for the 2GHz band. 1959 */ 1960 if ((val & 0xff) != 0xff) 1961 sc->txmixgain_2ghz = val & 0x7; 1962 } 1963 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1964 sc->txmixgain_2ghz); 1965 } else 1966 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1967 if (sc->mac_ver == 0x3593) 1968 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1969 sc->lna[2] = val >> 8; /* channel group 2 */ 1970 1971 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1972 RT3593_EEPROM_RSSI1_5GHZ, &val); 1973 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1974 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1975 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1976 RT3593_EEPROM_RSSI2_5GHZ, &val); 1977 if (sc->mac_ver == 0x3572) { 1978 /* 1979 * On RT3572 chips (limited to 2 Rx chains), this ROM 1980 * field contains the Tx mixer gain for the 5GHz band. 1981 */ 1982 if ((val & 0xff) != 0xff) 1983 sc->txmixgain_5ghz = val & 0x7; 1984 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1985 sc->txmixgain_5ghz); 1986 } else 1987 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1988 if (sc->mac_ver == 0x3593) { 1989 sc->txmixgain_5ghz = 0; 1990 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1991 } 1992 sc->lna[3] = val >> 8; /* channel group 3 */ 1993 1994 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1995 RT3593_EEPROM_LNA, &val); 1996 sc->lna[0] = val & 0xff; /* channel group 0 */ 1997 sc->lna[1] = val >> 8; /* channel group 1 */ 1998 1999 /* fix broken 5GHz LNA entries */ 2000 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2001 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2002 "invalid LNA for channel group %d\n", 2); 2003 sc->lna[2] = sc->lna[1]; 2004 } 2005 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2006 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2007 "invalid LNA for channel group %d\n", 3); 2008 sc->lna[3] = sc->lna[1]; 2009 } 2010 2011 /* fix broken RSSI offset entries */ 2012 for (ant = 0; ant < 3; ant++) { 2013 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2014 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2015 "invalid RSSI%d offset: %d (2GHz)\n", 2016 ant + 1, sc->rssi_2ghz[ant]); 2017 sc->rssi_2ghz[ant] = 0; 2018 } 2019 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2020 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2021 "invalid RSSI%d offset: %d (5GHz)\n", 2022 ant + 1, sc->rssi_5ghz[ant]); 2023 sc->rssi_5ghz[ant] = 0; 2024 } 2025 } 2026 return (0); 2027 } 2028 2029 static struct ieee80211_node * 2030 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2031 { 2032 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 2033 } 2034 2035 static int 2036 run_media_change(struct ifnet *ifp) 2037 { 2038 struct ieee80211vap *vap = ifp->if_softc; 2039 struct ieee80211com *ic = vap->iv_ic; 2040 const struct ieee80211_txparam *tp; 2041 struct run_softc *sc = ic->ic_softc; 2042 uint8_t rate, ridx; 2043 int error; 2044 2045 RUN_LOCK(sc); 2046 2047 error = ieee80211_media_change(ifp); 2048 if (error != ENETRESET) { 2049 RUN_UNLOCK(sc); 2050 return (error); 2051 } 2052 2053 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2054 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2055 struct ieee80211_node *ni; 2056 struct run_node *rn; 2057 2058 rate = ic->ic_sup_rates[ic->ic_curmode]. 2059 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2060 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2061 if (rt2860_rates[ridx].rate == rate) 2062 break; 2063 ni = ieee80211_ref_node(vap->iv_bss); 2064 rn = RUN_NODE(ni); 2065 rn->fix_ridx = ridx; 2066 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2067 rate, rn->fix_ridx); 2068 ieee80211_free_node(ni); 2069 } 2070 2071 #if 0 2072 if ((ifp->if_flags & IFF_UP) && 2073 (ifp->if_drv_flags & RUN_RUNNING)){ 2074 run_init_locked(sc); 2075 } 2076 #endif 2077 2078 RUN_UNLOCK(sc); 2079 2080 return (0); 2081 } 2082 2083 static int 2084 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2085 { 2086 const struct ieee80211_txparam *tp; 2087 struct ieee80211com *ic = vap->iv_ic; 2088 struct run_softc *sc = ic->ic_softc; 2089 struct run_vap *rvp = RUN_VAP(vap); 2090 enum ieee80211_state ostate; 2091 uint32_t sta[3]; 2092 uint32_t tmp; 2093 uint8_t ratectl; 2094 uint8_t restart_ratectl = 0; 2095 uint8_t bid = 1 << rvp->rvp_id; 2096 2097 ostate = vap->iv_state; 2098 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2099 ieee80211_state_name[ostate], 2100 ieee80211_state_name[nstate]); 2101 2102 IEEE80211_UNLOCK(ic); 2103 RUN_LOCK(sc); 2104 2105 ratectl = sc->ratectl_run; /* remember current state */ 2106 sc->ratectl_run = RUN_RATECTL_OFF; 2107 usb_callout_stop(&sc->ratectl_ch); 2108 2109 if (ostate == IEEE80211_S_RUN) { 2110 /* turn link LED off */ 2111 run_set_leds(sc, RT2860_LED_RADIO); 2112 } 2113 2114 switch (nstate) { 2115 case IEEE80211_S_INIT: 2116 restart_ratectl = 1; 2117 2118 if (ostate != IEEE80211_S_RUN) 2119 break; 2120 2121 ratectl &= ~bid; 2122 sc->runbmap &= ~bid; 2123 2124 /* abort TSF synchronization if there is no vap running */ 2125 if (--sc->running == 0) { 2126 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2127 run_write(sc, RT2860_BCN_TIME_CFG, 2128 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2129 RT2860_TBTT_TIMER_EN)); 2130 } 2131 break; 2132 2133 case IEEE80211_S_RUN: 2134 if (!(sc->runbmap & bid)) { 2135 if(sc->running++) 2136 restart_ratectl = 1; 2137 sc->runbmap |= bid; 2138 } 2139 2140 m_freem(rvp->beacon_mbuf); 2141 rvp->beacon_mbuf = NULL; 2142 2143 switch (vap->iv_opmode) { 2144 case IEEE80211_M_HOSTAP: 2145 case IEEE80211_M_MBSS: 2146 sc->ap_running |= bid; 2147 ic->ic_opmode = vap->iv_opmode; 2148 run_update_beacon_cb(vap); 2149 break; 2150 case IEEE80211_M_IBSS: 2151 sc->adhoc_running |= bid; 2152 if (!sc->ap_running) 2153 ic->ic_opmode = vap->iv_opmode; 2154 run_update_beacon_cb(vap); 2155 break; 2156 case IEEE80211_M_STA: 2157 sc->sta_running |= bid; 2158 if (!sc->ap_running && !sc->adhoc_running) 2159 ic->ic_opmode = vap->iv_opmode; 2160 2161 /* read statistic counters (clear on read) */ 2162 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2163 (uint8_t *)sta, sizeof sta); 2164 2165 break; 2166 default: 2167 ic->ic_opmode = vap->iv_opmode; 2168 break; 2169 } 2170 2171 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2172 struct ieee80211_node *ni; 2173 2174 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2175 RUN_UNLOCK(sc); 2176 IEEE80211_LOCK(ic); 2177 return (-1); 2178 } 2179 run_updateslot(ic); 2180 run_enable_mrr(sc); 2181 run_set_txpreamble(sc); 2182 run_set_basicrates(sc); 2183 ni = ieee80211_ref_node(vap->iv_bss); 2184 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2185 run_set_bssid(sc, sc->sc_bssid); 2186 ieee80211_free_node(ni); 2187 run_enable_tsf_sync(sc); 2188 2189 /* enable automatic rate adaptation */ 2190 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2191 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2192 ratectl |= bid; 2193 } else 2194 run_enable_tsf(sc); 2195 2196 /* turn link LED on */ 2197 run_set_leds(sc, RT2860_LED_RADIO | 2198 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2199 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2200 2201 break; 2202 default: 2203 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2204 break; 2205 } 2206 2207 /* restart amrr for running VAPs */ 2208 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2209 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2210 2211 RUN_UNLOCK(sc); 2212 IEEE80211_LOCK(ic); 2213 2214 return(rvp->newstate(vap, nstate, arg)); 2215 } 2216 2217 static int 2218 run_wme_update(struct ieee80211com *ic) 2219 { 2220 struct chanAccParams chp; 2221 struct run_softc *sc = ic->ic_softc; 2222 const struct wmeParams *ac; 2223 int aci, error = 0; 2224 2225 ieee80211_wme_ic_getparams(ic, &chp); 2226 ac = chp.cap_wmeParams; 2227 2228 /* update MAC TX configuration registers */ 2229 RUN_LOCK(sc); 2230 for (aci = 0; aci < WME_NUM_AC; aci++) { 2231 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2232 ac[aci].wmep_logcwmax << 16 | 2233 ac[aci].wmep_logcwmin << 12 | 2234 ac[aci].wmep_aifsn << 8 | 2235 ac[aci].wmep_txopLimit); 2236 if (error) goto err; 2237 } 2238 2239 /* update SCH/DMA registers too */ 2240 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2241 ac[WME_AC_VO].wmep_aifsn << 12 | 2242 ac[WME_AC_VI].wmep_aifsn << 8 | 2243 ac[WME_AC_BK].wmep_aifsn << 4 | 2244 ac[WME_AC_BE].wmep_aifsn); 2245 if (error) goto err; 2246 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2247 ac[WME_AC_VO].wmep_logcwmin << 12 | 2248 ac[WME_AC_VI].wmep_logcwmin << 8 | 2249 ac[WME_AC_BK].wmep_logcwmin << 4 | 2250 ac[WME_AC_BE].wmep_logcwmin); 2251 if (error) goto err; 2252 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2253 ac[WME_AC_VO].wmep_logcwmax << 12 | 2254 ac[WME_AC_VI].wmep_logcwmax << 8 | 2255 ac[WME_AC_BK].wmep_logcwmax << 4 | 2256 ac[WME_AC_BE].wmep_logcwmax); 2257 if (error) goto err; 2258 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2259 ac[WME_AC_BK].wmep_txopLimit << 16 | 2260 ac[WME_AC_BE].wmep_txopLimit); 2261 if (error) goto err; 2262 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2263 ac[WME_AC_VO].wmep_txopLimit << 16 | 2264 ac[WME_AC_VI].wmep_txopLimit); 2265 2266 err: 2267 RUN_UNLOCK(sc); 2268 if (error) 2269 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2270 2271 return (error); 2272 } 2273 2274 static void 2275 run_key_set_cb(void *arg) 2276 { 2277 struct run_cmdq *cmdq = arg; 2278 struct ieee80211vap *vap = cmdq->arg1; 2279 struct ieee80211_key *k = cmdq->k; 2280 struct ieee80211com *ic = vap->iv_ic; 2281 struct run_softc *sc = ic->ic_softc; 2282 struct ieee80211_node *ni; 2283 u_int cipher = k->wk_cipher->ic_cipher; 2284 uint32_t attr; 2285 uint16_t base, associd; 2286 uint8_t mode, wcid, iv[8]; 2287 2288 RUN_LOCK_ASSERT(sc, MA_OWNED); 2289 2290 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2291 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2292 else 2293 ni = vap->iv_bss; 2294 associd = (ni != NULL) ? ni->ni_associd : 0; 2295 2296 /* map net80211 cipher to RT2860 security mode */ 2297 switch (cipher) { 2298 case IEEE80211_CIPHER_WEP: 2299 if(k->wk_keylen < 8) 2300 mode = RT2860_MODE_WEP40; 2301 else 2302 mode = RT2860_MODE_WEP104; 2303 break; 2304 case IEEE80211_CIPHER_TKIP: 2305 mode = RT2860_MODE_TKIP; 2306 break; 2307 case IEEE80211_CIPHER_AES_CCM: 2308 mode = RT2860_MODE_AES_CCMP; 2309 break; 2310 default: 2311 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2312 return; 2313 } 2314 2315 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2316 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2317 associd, k->wk_keyix, mode, 2318 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2319 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2320 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2321 2322 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2323 wcid = 0; /* NB: update WCID0 for group keys */ 2324 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2325 } else { 2326 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2327 1 : RUN_AID2WCID(associd); 2328 base = RT2860_PKEY(wcid); 2329 } 2330 2331 if (cipher == IEEE80211_CIPHER_TKIP) { 2332 if(run_write_region_1(sc, base, k->wk_key, 16)) 2333 return; 2334 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2335 return; 2336 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2337 return; 2338 } else { 2339 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2340 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2341 return; 2342 } 2343 2344 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2345 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2346 /* set initial packet number in IV+EIV */ 2347 if (cipher == IEEE80211_CIPHER_WEP) { 2348 memset(iv, 0, sizeof iv); 2349 iv[3] = vap->iv_def_txkey << 6; 2350 } else { 2351 if (cipher == IEEE80211_CIPHER_TKIP) { 2352 iv[0] = k->wk_keytsc >> 8; 2353 iv[1] = (iv[0] | 0x20) & 0x7f; 2354 iv[2] = k->wk_keytsc; 2355 } else /* CCMP */ { 2356 iv[0] = k->wk_keytsc; 2357 iv[1] = k->wk_keytsc >> 8; 2358 iv[2] = 0; 2359 } 2360 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2361 iv[4] = k->wk_keytsc >> 16; 2362 iv[5] = k->wk_keytsc >> 24; 2363 iv[6] = k->wk_keytsc >> 32; 2364 iv[7] = k->wk_keytsc >> 40; 2365 } 2366 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2367 return; 2368 } 2369 2370 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2371 /* install group key */ 2372 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2373 return; 2374 attr &= ~(0xf << (k->wk_keyix * 4)); 2375 attr |= mode << (k->wk_keyix * 4); 2376 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2377 return; 2378 } else { 2379 /* install pairwise key */ 2380 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2381 return; 2382 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2383 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2384 return; 2385 } 2386 2387 /* TODO create a pass-thru key entry? */ 2388 2389 /* need wcid to delete the right key later */ 2390 k->wk_pad = wcid; 2391 } 2392 2393 /* 2394 * Don't have to be deferred, but in order to keep order of 2395 * execution, i.e. with run_key_delete(), defer this and let 2396 * run_cmdq_cb() maintain the order. 2397 * 2398 * return 0 on error 2399 */ 2400 static int 2401 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2402 { 2403 struct ieee80211com *ic = vap->iv_ic; 2404 struct run_softc *sc = ic->ic_softc; 2405 uint32_t i; 2406 2407 i = RUN_CMDQ_GET(&sc->cmdq_store); 2408 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2409 sc->cmdq[i].func = run_key_set_cb; 2410 sc->cmdq[i].arg0 = NULL; 2411 sc->cmdq[i].arg1 = vap; 2412 sc->cmdq[i].k = k; 2413 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2414 ieee80211_runtask(ic, &sc->cmdq_task); 2415 2416 /* 2417 * To make sure key will be set when hostapd 2418 * calls iv_key_set() before if_init(). 2419 */ 2420 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2421 RUN_LOCK(sc); 2422 sc->cmdq_key_set = RUN_CMDQ_GO; 2423 RUN_UNLOCK(sc); 2424 } 2425 2426 return (1); 2427 } 2428 2429 /* 2430 * If wlan is destroyed without being brought down i.e. without 2431 * wlan down or wpa_cli terminate, this function is called after 2432 * vap is gone. Don't refer it. 2433 */ 2434 static void 2435 run_key_delete_cb(void *arg) 2436 { 2437 struct run_cmdq *cmdq = arg; 2438 struct run_softc *sc = cmdq->arg1; 2439 struct ieee80211_key *k = &cmdq->key; 2440 uint32_t attr; 2441 uint8_t wcid; 2442 2443 RUN_LOCK_ASSERT(sc, MA_OWNED); 2444 2445 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2446 /* remove group key */ 2447 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2448 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2449 attr &= ~(0xf << (k->wk_keyix * 4)); 2450 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2451 } else { 2452 /* remove pairwise key */ 2453 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2454 "removing key for wcid %x\n", k->wk_pad); 2455 /* matching wcid was written to wk_pad in run_key_set() */ 2456 wcid = k->wk_pad; 2457 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2458 attr &= ~0xf; 2459 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2460 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2461 } 2462 2463 k->wk_pad = 0; 2464 } 2465 2466 /* 2467 * return 0 on error 2468 */ 2469 static int 2470 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2471 { 2472 struct ieee80211com *ic = vap->iv_ic; 2473 struct run_softc *sc = ic->ic_softc; 2474 struct ieee80211_key *k0; 2475 uint32_t i; 2476 2477 /* 2478 * When called back, key might be gone. So, make a copy 2479 * of some values need to delete keys before deferring. 2480 * But, because of LOR with node lock, cannot use lock here. 2481 * So, use atomic instead. 2482 */ 2483 i = RUN_CMDQ_GET(&sc->cmdq_store); 2484 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2485 sc->cmdq[i].func = run_key_delete_cb; 2486 sc->cmdq[i].arg0 = NULL; 2487 sc->cmdq[i].arg1 = sc; 2488 k0 = &sc->cmdq[i].key; 2489 k0->wk_flags = k->wk_flags; 2490 k0->wk_keyix = k->wk_keyix; 2491 /* matching wcid was written to wk_pad in run_key_set() */ 2492 k0->wk_pad = k->wk_pad; 2493 ieee80211_runtask(ic, &sc->cmdq_task); 2494 return (1); /* return fake success */ 2495 2496 } 2497 2498 static void 2499 run_ratectl_to(void *arg) 2500 { 2501 struct run_softc *sc = arg; 2502 2503 /* do it in a process context, so it can go sleep */ 2504 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2505 /* next timeout will be rescheduled in the callback task */ 2506 } 2507 2508 /* ARGSUSED */ 2509 static void 2510 run_ratectl_cb(void *arg, int pending) 2511 { 2512 struct run_softc *sc = arg; 2513 struct ieee80211com *ic = &sc->sc_ic; 2514 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2515 2516 if (vap == NULL) 2517 return; 2518 2519 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2520 /* 2521 * run_reset_livelock() doesn't do anything with AMRR, 2522 * but Ralink wants us to call it every 1 sec. So, we 2523 * piggyback here rather than creating another callout. 2524 * Livelock may occur only in HOSTAP or IBSS mode 2525 * (when h/w is sending beacons). 2526 */ 2527 RUN_LOCK(sc); 2528 run_reset_livelock(sc); 2529 /* just in case, there are some stats to drain */ 2530 run_drain_fifo(sc); 2531 RUN_UNLOCK(sc); 2532 } 2533 2534 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2535 2536 RUN_LOCK(sc); 2537 if(sc->ratectl_run != RUN_RATECTL_OFF) 2538 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2539 RUN_UNLOCK(sc); 2540 } 2541 2542 static void 2543 run_drain_fifo(void *arg) 2544 { 2545 struct run_softc *sc = arg; 2546 uint32_t stat; 2547 uint16_t (*wstat)[3]; 2548 uint8_t wcid, mcs, pid; 2549 int8_t retry; 2550 2551 RUN_LOCK_ASSERT(sc, MA_OWNED); 2552 2553 for (;;) { 2554 /* drain Tx status FIFO (maxsize = 16) */ 2555 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2556 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2557 if (!(stat & RT2860_TXQ_VLD)) 2558 break; 2559 2560 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2561 2562 /* if no ACK was requested, no feedback is available */ 2563 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2564 wcid == 0) 2565 continue; 2566 2567 /* 2568 * Even though each stat is Tx-complete-status like format, 2569 * the device can poll stats. Because there is no guarantee 2570 * that the referring node is still around when read the stats. 2571 * So that, if we use ieee80211_ratectl_tx_update(), we will 2572 * have hard time not to refer already freed node. 2573 * 2574 * To eliminate such page faults, we poll stats in softc. 2575 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2576 */ 2577 wstat = &(sc->wcid_stats[wcid]); 2578 (*wstat)[RUN_TXCNT]++; 2579 if (stat & RT2860_TXQ_OK) 2580 (*wstat)[RUN_SUCCESS]++; 2581 else 2582 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2583 /* 2584 * Check if there were retries, ie if the Tx success rate is 2585 * different from the requested rate. Note that it works only 2586 * because we do not allow rate fallback from OFDM to CCK. 2587 */ 2588 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2589 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2590 if ((retry = pid -1 - mcs) > 0) { 2591 (*wstat)[RUN_TXCNT] += retry; 2592 (*wstat)[RUN_RETRY] += retry; 2593 } 2594 } 2595 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2596 2597 sc->fifo_cnt = 0; 2598 } 2599 2600 static void 2601 run_iter_func(void *arg, struct ieee80211_node *ni) 2602 { 2603 struct run_softc *sc = arg; 2604 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2605 struct ieee80211vap *vap = ni->ni_vap; 2606 struct run_node *rn = RUN_NODE(ni); 2607 union run_stats sta[2]; 2608 uint16_t (*wstat)[3]; 2609 int error; 2610 2611 RUN_LOCK(sc); 2612 2613 /* Check for special case */ 2614 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2615 ni != vap->iv_bss) 2616 goto fail; 2617 2618 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2619 IEEE80211_RATECTL_TX_STATS_RETRIES; 2620 txs->ni = ni; 2621 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2622 vap->iv_opmode == IEEE80211_M_STA)) { 2623 /* read statistic counters (clear on read) and update AMRR state */ 2624 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2625 sizeof sta); 2626 if (error != 0) 2627 goto fail; 2628 2629 /* count failed TX as errors */ 2630 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2631 le16toh(sta[0].error.fail)); 2632 2633 txs->nretries = le16toh(sta[1].tx.retry); 2634 txs->nsuccess = le16toh(sta[1].tx.success); 2635 /* nretries??? */ 2636 txs->nframes = txs->nretries + txs->nsuccess + 2637 le16toh(sta[0].error.fail); 2638 2639 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2640 "retrycnt=%d success=%d failcnt=%d\n", 2641 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2642 } else { 2643 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2644 2645 if (wstat == &(sc->wcid_stats[0]) || 2646 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2647 goto fail; 2648 2649 txs->nretries = (*wstat)[RUN_RETRY]; 2650 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2651 txs->nframes = (*wstat)[RUN_TXCNT]; 2652 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2653 "retrycnt=%d txcnt=%d success=%d\n", 2654 txs->nretries, txs->nframes, txs->nsuccess); 2655 2656 memset(wstat, 0, sizeof(*wstat)); 2657 } 2658 2659 ieee80211_ratectl_tx_update(vap, txs); 2660 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2661 2662 fail: 2663 RUN_UNLOCK(sc); 2664 2665 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2666 } 2667 2668 static void 2669 run_newassoc_cb(void *arg) 2670 { 2671 struct run_cmdq *cmdq = arg; 2672 struct ieee80211_node *ni = cmdq->arg1; 2673 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2674 uint8_t wcid = cmdq->wcid; 2675 2676 RUN_LOCK_ASSERT(sc, MA_OWNED); 2677 2678 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2679 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2680 2681 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2682 } 2683 2684 static void 2685 run_newassoc(struct ieee80211_node *ni, int isnew) 2686 { 2687 struct run_node *rn = RUN_NODE(ni); 2688 struct ieee80211_rateset *rs = &ni->ni_rates; 2689 struct ieee80211vap *vap = ni->ni_vap; 2690 struct ieee80211com *ic = vap->iv_ic; 2691 struct run_softc *sc = ic->ic_softc; 2692 uint8_t rate; 2693 uint8_t ridx; 2694 uint8_t wcid; 2695 int i, j; 2696 2697 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2698 1 : RUN_AID2WCID(ni->ni_associd); 2699 2700 if (wcid > RT2870_WCID_MAX) { 2701 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2702 return; 2703 } 2704 2705 /* only interested in true associations */ 2706 if (isnew && ni->ni_associd != 0) { 2707 2708 /* 2709 * This function could is called though timeout function. 2710 * Need to defer. 2711 */ 2712 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2713 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2714 sc->cmdq[cnt].func = run_newassoc_cb; 2715 sc->cmdq[cnt].arg0 = NULL; 2716 sc->cmdq[cnt].arg1 = ni; 2717 sc->cmdq[cnt].wcid = wcid; 2718 ieee80211_runtask(ic, &sc->cmdq_task); 2719 } 2720 2721 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2722 "new assoc isnew=%d associd=%x addr=%s\n", 2723 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2724 2725 for (i = 0; i < rs->rs_nrates; i++) { 2726 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2727 /* convert 802.11 rate to hardware rate index */ 2728 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2729 if (rt2860_rates[ridx].rate == rate) 2730 break; 2731 rn->ridx[i] = ridx; 2732 /* determine rate of control response frames */ 2733 for (j = i; j >= 0; j--) { 2734 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2735 rt2860_rates[rn->ridx[i]].phy == 2736 rt2860_rates[rn->ridx[j]].phy) 2737 break; 2738 } 2739 if (j >= 0) { 2740 rn->ctl_ridx[i] = rn->ridx[j]; 2741 } else { 2742 /* no basic rate found, use mandatory one */ 2743 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2744 } 2745 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2746 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2747 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2748 } 2749 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2750 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2751 if (rt2860_rates[ridx].rate == rate) 2752 break; 2753 rn->mgt_ridx = ridx; 2754 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2755 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2756 2757 RUN_LOCK(sc); 2758 if(sc->ratectl_run != RUN_RATECTL_OFF) 2759 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2760 RUN_UNLOCK(sc); 2761 } 2762 2763 /* 2764 * Return the Rx chain with the highest RSSI for a given frame. 2765 */ 2766 static __inline uint8_t 2767 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2768 { 2769 uint8_t rxchain = 0; 2770 2771 if (sc->nrxchains > 1) { 2772 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2773 rxchain = 1; 2774 if (sc->nrxchains > 2) 2775 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2776 rxchain = 2; 2777 } 2778 return (rxchain); 2779 } 2780 2781 static void 2782 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2783 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2784 { 2785 struct ieee80211vap *vap = ni->ni_vap; 2786 struct run_softc *sc = vap->iv_ic->ic_softc; 2787 struct run_vap *rvp = RUN_VAP(vap); 2788 uint64_t ni_tstamp, rx_tstamp; 2789 2790 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2791 2792 if (vap->iv_state == IEEE80211_S_RUN && 2793 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2794 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2795 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2796 RUN_LOCK(sc); 2797 run_get_tsf(sc, &rx_tstamp); 2798 RUN_UNLOCK(sc); 2799 rx_tstamp = le64toh(rx_tstamp); 2800 2801 if (ni_tstamp >= rx_tstamp) { 2802 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2803 "ibss merge, tsf %ju tstamp %ju\n", 2804 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2805 (void) ieee80211_ibss_merge(ni); 2806 } 2807 } 2808 } 2809 2810 static void 2811 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2812 { 2813 struct ieee80211com *ic = &sc->sc_ic; 2814 struct ieee80211_frame *wh; 2815 struct ieee80211_node *ni; 2816 struct rt2870_rxd *rxd; 2817 struct rt2860_rxwi *rxwi; 2818 uint32_t flags; 2819 uint16_t len, rxwisize; 2820 uint8_t ant, rssi; 2821 int8_t nf; 2822 2823 rxwi = mtod(m, struct rt2860_rxwi *); 2824 len = le16toh(rxwi->len) & 0xfff; 2825 rxwisize = sizeof(struct rt2860_rxwi); 2826 if (sc->mac_ver == 0x5592) 2827 rxwisize += sizeof(uint64_t); 2828 else if (sc->mac_ver == 0x3593) 2829 rxwisize += sizeof(uint32_t); 2830 if (__predict_false(len > dmalen)) { 2831 m_freem(m); 2832 counter_u64_add(ic->ic_ierrors, 1); 2833 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2834 "bad RXWI length %u > %u\n", len, dmalen); 2835 return; 2836 } 2837 /* Rx descriptor is located at the end */ 2838 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2839 flags = le32toh(rxd->flags); 2840 2841 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2842 m_freem(m); 2843 counter_u64_add(ic->ic_ierrors, 1); 2844 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2845 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2846 return; 2847 } 2848 2849 m->m_data += rxwisize; 2850 m->m_pkthdr.len = m->m_len -= rxwisize; 2851 2852 wh = mtod(m, struct ieee80211_frame *); 2853 2854 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2855 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2856 m->m_flags |= M_WEP; 2857 } 2858 2859 if (flags & RT2860_RX_L2PAD) { 2860 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2861 "received RT2860_RX_L2PAD frame\n"); 2862 len += 2; 2863 } 2864 2865 ni = ieee80211_find_rxnode(ic, 2866 mtod(m, struct ieee80211_frame_min *)); 2867 2868 if (__predict_false(flags & RT2860_RX_MICERR)) { 2869 /* report MIC failures to net80211 for TKIP */ 2870 if (ni != NULL) 2871 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2872 rxwi->keyidx); 2873 m_freem(m); 2874 counter_u64_add(ic->ic_ierrors, 1); 2875 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2876 "MIC error. Someone is lying.\n"); 2877 return; 2878 } 2879 2880 ant = run_maxrssi_chain(sc, rxwi); 2881 rssi = rxwi->rssi[ant]; 2882 nf = run_rssi2dbm(sc, rssi, ant); 2883 2884 m->m_pkthdr.len = m->m_len = len; 2885 2886 if (__predict_false(ieee80211_radiotap_active(ic))) { 2887 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2888 uint16_t phy; 2889 2890 tap->wr_flags = 0; 2891 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2892 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2893 tap->wr_antsignal = rssi; 2894 tap->wr_antenna = ant; 2895 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2896 tap->wr_rate = 2; /* in case it can't be found below */ 2897 RUN_LOCK(sc); 2898 run_get_tsf(sc, &tap->wr_tsf); 2899 RUN_UNLOCK(sc); 2900 phy = le16toh(rxwi->phy); 2901 switch (phy & RT2860_PHY_MODE) { 2902 case RT2860_PHY_CCK: 2903 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2904 case 0: tap->wr_rate = 2; break; 2905 case 1: tap->wr_rate = 4; break; 2906 case 2: tap->wr_rate = 11; break; 2907 case 3: tap->wr_rate = 22; break; 2908 } 2909 if (phy & RT2860_PHY_SHPRE) 2910 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2911 break; 2912 case RT2860_PHY_OFDM: 2913 switch (phy & RT2860_PHY_MCS) { 2914 case 0: tap->wr_rate = 12; break; 2915 case 1: tap->wr_rate = 18; break; 2916 case 2: tap->wr_rate = 24; break; 2917 case 3: tap->wr_rate = 36; break; 2918 case 4: tap->wr_rate = 48; break; 2919 case 5: tap->wr_rate = 72; break; 2920 case 6: tap->wr_rate = 96; break; 2921 case 7: tap->wr_rate = 108; break; 2922 } 2923 break; 2924 } 2925 } 2926 2927 if (ni != NULL) { 2928 (void)ieee80211_input(ni, m, rssi, nf); 2929 ieee80211_free_node(ni); 2930 } else { 2931 (void)ieee80211_input_all(ic, m, rssi, nf); 2932 } 2933 } 2934 2935 static void 2936 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2937 { 2938 struct run_softc *sc = usbd_xfer_softc(xfer); 2939 struct ieee80211com *ic = &sc->sc_ic; 2940 struct mbuf *m = NULL; 2941 struct mbuf *m0; 2942 uint32_t dmalen; 2943 uint16_t rxwisize; 2944 int xferlen; 2945 2946 rxwisize = sizeof(struct rt2860_rxwi); 2947 if (sc->mac_ver == 0x5592) 2948 rxwisize += sizeof(uint64_t); 2949 else if (sc->mac_ver == 0x3593) 2950 rxwisize += sizeof(uint32_t); 2951 2952 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2953 2954 switch (USB_GET_STATE(xfer)) { 2955 case USB_ST_TRANSFERRED: 2956 2957 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2958 "rx done, actlen=%d\n", xferlen); 2959 2960 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2961 sizeof(struct rt2870_rxd))) { 2962 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2963 "xfer too short %d\n", xferlen); 2964 goto tr_setup; 2965 } 2966 2967 m = sc->rx_m; 2968 sc->rx_m = NULL; 2969 2970 /* FALLTHROUGH */ 2971 case USB_ST_SETUP: 2972 tr_setup: 2973 if (sc->rx_m == NULL) { 2974 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2975 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2976 } 2977 if (sc->rx_m == NULL) { 2978 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2979 "could not allocate mbuf - idle with stall\n"); 2980 counter_u64_add(ic->ic_ierrors, 1); 2981 usbd_xfer_set_stall(xfer); 2982 usbd_xfer_set_frames(xfer, 0); 2983 } else { 2984 /* 2985 * Directly loading a mbuf cluster into DMA to 2986 * save some data copying. This works because 2987 * there is only one cluster. 2988 */ 2989 usbd_xfer_set_frame_data(xfer, 0, 2990 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2991 usbd_xfer_set_frames(xfer, 1); 2992 } 2993 usbd_transfer_submit(xfer); 2994 break; 2995 2996 default: /* Error */ 2997 if (error != USB_ERR_CANCELLED) { 2998 /* try to clear stall first */ 2999 usbd_xfer_set_stall(xfer); 3000 if (error == USB_ERR_TIMEOUT) 3001 device_printf(sc->sc_dev, "device timeout\n"); 3002 counter_u64_add(ic->ic_ierrors, 1); 3003 goto tr_setup; 3004 } 3005 if (sc->rx_m != NULL) { 3006 m_freem(sc->rx_m); 3007 sc->rx_m = NULL; 3008 } 3009 break; 3010 } 3011 3012 if (m == NULL) 3013 return; 3014 3015 /* inputting all the frames must be last */ 3016 3017 RUN_UNLOCK(sc); 3018 3019 m->m_pkthdr.len = m->m_len = xferlen; 3020 3021 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3022 for(;;) { 3023 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3024 3025 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3026 ((dmalen & 3) != 0)) { 3027 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3028 "bad DMA length %u\n", dmalen); 3029 break; 3030 } 3031 if ((dmalen + 8) > (uint32_t)xferlen) { 3032 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3033 "bad DMA length %u > %d\n", 3034 dmalen + 8, xferlen); 3035 break; 3036 } 3037 3038 /* If it is the last one or a single frame, we won't copy. */ 3039 if ((xferlen -= dmalen + 8) <= 8) { 3040 /* trim 32-bit DMA-len header */ 3041 m->m_data += 4; 3042 m->m_pkthdr.len = m->m_len -= 4; 3043 run_rx_frame(sc, m, dmalen); 3044 m = NULL; /* don't free source buffer */ 3045 break; 3046 } 3047 3048 /* copy aggregated frames to another mbuf */ 3049 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3050 if (__predict_false(m0 == NULL)) { 3051 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3052 "could not allocate mbuf\n"); 3053 counter_u64_add(ic->ic_ierrors, 1); 3054 break; 3055 } 3056 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3057 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3058 m0->m_pkthdr.len = m0->m_len = 3059 dmalen + sizeof(struct rt2870_rxd); 3060 run_rx_frame(sc, m0, dmalen); 3061 3062 /* update data ptr */ 3063 m->m_data += dmalen + 8; 3064 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3065 } 3066 3067 /* make sure we free the source buffer, if any */ 3068 m_freem(m); 3069 3070 RUN_LOCK(sc); 3071 } 3072 3073 static void 3074 run_tx_free(struct run_endpoint_queue *pq, 3075 struct run_tx_data *data, int txerr) 3076 { 3077 3078 ieee80211_tx_complete(data->ni, data->m, txerr); 3079 3080 data->m = NULL; 3081 data->ni = NULL; 3082 3083 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3084 pq->tx_nfree++; 3085 } 3086 3087 static void 3088 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3089 { 3090 struct run_softc *sc = usbd_xfer_softc(xfer); 3091 struct ieee80211com *ic = &sc->sc_ic; 3092 struct run_tx_data *data; 3093 struct ieee80211vap *vap = NULL; 3094 struct usb_page_cache *pc; 3095 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3096 struct mbuf *m; 3097 usb_frlength_t size; 3098 int actlen; 3099 int sumlen; 3100 3101 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3102 3103 switch (USB_GET_STATE(xfer)) { 3104 case USB_ST_TRANSFERRED: 3105 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3106 "transfer complete: %d bytes @ index %d\n", actlen, index); 3107 3108 data = usbd_xfer_get_priv(xfer); 3109 run_tx_free(pq, data, 0); 3110 usbd_xfer_set_priv(xfer, NULL); 3111 3112 /* FALLTHROUGH */ 3113 case USB_ST_SETUP: 3114 tr_setup: 3115 data = STAILQ_FIRST(&pq->tx_qh); 3116 if (data == NULL) 3117 break; 3118 3119 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3120 3121 m = data->m; 3122 size = (sc->mac_ver == 0x5592) ? 3123 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3124 if ((m->m_pkthdr.len + 3125 size + 3 + 8) > RUN_MAX_TXSZ) { 3126 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3127 "data overflow, %u bytes\n", m->m_pkthdr.len); 3128 run_tx_free(pq, data, 1); 3129 goto tr_setup; 3130 } 3131 3132 pc = usbd_xfer_get_frame(xfer, 0); 3133 usbd_copy_in(pc, 0, &data->desc, size); 3134 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3135 size += m->m_pkthdr.len; 3136 /* 3137 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3138 * 4-byte padding), and be sure to zero those trailing 3139 * bytes: 3140 */ 3141 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3142 size += ((-size) & 3) + 8; 3143 3144 vap = data->ni->ni_vap; 3145 if (ieee80211_radiotap_active_vap(vap)) { 3146 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3147 struct rt2860_txwi *txwi = 3148 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3149 tap->wt_flags = 0; 3150 tap->wt_rate = rt2860_rates[data->ridx].rate; 3151 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3152 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3153 tap->wt_hwqueue = index; 3154 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3155 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3156 3157 ieee80211_radiotap_tx(vap, m); 3158 } 3159 3160 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3161 "sending frame len=%u/%u @ index %d\n", 3162 m->m_pkthdr.len, size, index); 3163 3164 usbd_xfer_set_frame_len(xfer, 0, size); 3165 usbd_xfer_set_priv(xfer, data); 3166 usbd_transfer_submit(xfer); 3167 run_start(sc); 3168 3169 break; 3170 3171 default: 3172 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3173 "USB transfer error, %s\n", usbd_errstr(error)); 3174 3175 data = usbd_xfer_get_priv(xfer); 3176 3177 if (data != NULL) { 3178 if(data->ni != NULL) 3179 vap = data->ni->ni_vap; 3180 run_tx_free(pq, data, error); 3181 usbd_xfer_set_priv(xfer, NULL); 3182 } 3183 3184 if (vap == NULL) 3185 vap = TAILQ_FIRST(&ic->ic_vaps); 3186 3187 if (error != USB_ERR_CANCELLED) { 3188 if (error == USB_ERR_TIMEOUT) { 3189 device_printf(sc->sc_dev, "device timeout\n"); 3190 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3191 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3192 "cmdq_store=%d\n", i); 3193 sc->cmdq[i].func = run_usb_timeout_cb; 3194 sc->cmdq[i].arg0 = vap; 3195 ieee80211_runtask(ic, &sc->cmdq_task); 3196 } 3197 3198 /* 3199 * Try to clear stall first, also if other 3200 * errors occur, hence clearing stall 3201 * introduces a 50 ms delay: 3202 */ 3203 usbd_xfer_set_stall(xfer); 3204 goto tr_setup; 3205 } 3206 break; 3207 } 3208 } 3209 3210 static void 3211 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3212 { 3213 run_bulk_tx_callbackN(xfer, error, 0); 3214 } 3215 3216 static void 3217 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3218 { 3219 run_bulk_tx_callbackN(xfer, error, 1); 3220 } 3221 3222 static void 3223 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3224 { 3225 run_bulk_tx_callbackN(xfer, error, 2); 3226 } 3227 3228 static void 3229 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3230 { 3231 run_bulk_tx_callbackN(xfer, error, 3); 3232 } 3233 3234 static void 3235 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3236 { 3237 run_bulk_tx_callbackN(xfer, error, 4); 3238 } 3239 3240 static void 3241 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3242 { 3243 run_bulk_tx_callbackN(xfer, error, 5); 3244 } 3245 3246 static void 3247 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3248 { 3249 struct mbuf *m = data->m; 3250 struct ieee80211com *ic = &sc->sc_ic; 3251 struct ieee80211vap *vap = data->ni->ni_vap; 3252 struct ieee80211_frame *wh; 3253 struct rt2870_txd *txd; 3254 struct rt2860_txwi *txwi; 3255 uint16_t xferlen, txwisize; 3256 uint16_t mcs; 3257 uint8_t ridx = data->ridx; 3258 uint8_t pad; 3259 3260 /* get MCS code from rate index */ 3261 mcs = rt2860_rates[ridx].mcs; 3262 3263 txwisize = (sc->mac_ver == 0x5592) ? 3264 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3265 xferlen = txwisize + m->m_pkthdr.len; 3266 3267 /* roundup to 32-bit alignment */ 3268 xferlen = (xferlen + 3) & ~3; 3269 3270 txd = (struct rt2870_txd *)&data->desc; 3271 txd->len = htole16(xferlen); 3272 3273 wh = mtod(m, struct ieee80211_frame *); 3274 3275 /* 3276 * Ether both are true or both are false, the header 3277 * are nicely aligned to 32-bit. So, no L2 padding. 3278 */ 3279 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3280 pad = 0; 3281 else 3282 pad = 2; 3283 3284 /* setup TX Wireless Information */ 3285 txwi = (struct rt2860_txwi *)(txd + 1); 3286 txwi->len = htole16(m->m_pkthdr.len - pad); 3287 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3288 mcs |= RT2860_PHY_CCK; 3289 if (ridx != RT2860_RIDX_CCK1 && 3290 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3291 mcs |= RT2860_PHY_SHPRE; 3292 } else 3293 mcs |= RT2860_PHY_OFDM; 3294 txwi->phy = htole16(mcs); 3295 3296 /* check if RTS/CTS or CTS-to-self protection is required */ 3297 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3298 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3299 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3300 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3301 txwi->txop |= RT2860_TX_TXOP_HT; 3302 else 3303 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3304 3305 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3306 txwi->xflags |= RT2860_TX_NSEQ; 3307 } 3308 3309 /* This function must be called locked */ 3310 static int 3311 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3312 { 3313 struct ieee80211com *ic = &sc->sc_ic; 3314 struct ieee80211vap *vap = ni->ni_vap; 3315 struct ieee80211_frame *wh; 3316 const struct ieee80211_txparam *tp = ni->ni_txparms; 3317 struct run_node *rn = RUN_NODE(ni); 3318 struct run_tx_data *data; 3319 struct rt2870_txd *txd; 3320 struct rt2860_txwi *txwi; 3321 uint16_t qos; 3322 uint16_t dur; 3323 uint16_t qid; 3324 uint8_t type; 3325 uint8_t tid; 3326 uint8_t ridx; 3327 uint8_t ctl_ridx; 3328 uint8_t qflags; 3329 uint8_t xflags = 0; 3330 int hasqos; 3331 3332 RUN_LOCK_ASSERT(sc, MA_OWNED); 3333 3334 wh = mtod(m, struct ieee80211_frame *); 3335 3336 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3337 3338 /* 3339 * There are 7 bulk endpoints: 1 for RX 3340 * and 6 for TX (4 EDCAs + HCCA + Prio). 3341 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3342 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3343 */ 3344 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3345 uint8_t *frm; 3346 3347 if(IEEE80211_HAS_ADDR4(wh)) 3348 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3349 else 3350 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3351 3352 qos = le16toh(*(const uint16_t *)frm); 3353 tid = qos & IEEE80211_QOS_TID; 3354 qid = TID_TO_WME_AC(tid); 3355 } else { 3356 qos = 0; 3357 tid = 0; 3358 qid = WME_AC_BE; 3359 } 3360 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3361 3362 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3363 qos, qid, tid, qflags); 3364 3365 /* pickup a rate index */ 3366 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3367 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3368 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3369 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3370 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3371 } else { 3372 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3373 ridx = rn->fix_ridx; 3374 else 3375 ridx = rn->amrr_ridx; 3376 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3377 } 3378 3379 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3380 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3381 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3382 xflags |= RT2860_TX_ACK; 3383 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3384 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3385 else 3386 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3387 USETW(wh->i_dur, dur); 3388 } 3389 3390 /* reserve slots for mgmt packets, just in case */ 3391 if (sc->sc_epq[qid].tx_nfree < 3) { 3392 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3393 return (-1); 3394 } 3395 3396 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3397 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3398 sc->sc_epq[qid].tx_nfree--; 3399 3400 txd = (struct rt2870_txd *)&data->desc; 3401 txd->flags = qflags; 3402 txwi = (struct rt2860_txwi *)(txd + 1); 3403 txwi->xflags = xflags; 3404 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3405 txwi->wcid = 0; 3406 else 3407 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3408 1 : RUN_AID2WCID(ni->ni_associd); 3409 3410 /* clear leftover garbage bits */ 3411 txwi->flags = 0; 3412 txwi->txop = 0; 3413 3414 data->m = m; 3415 data->ni = ni; 3416 data->ridx = ridx; 3417 3418 run_set_tx_desc(sc, data); 3419 3420 /* 3421 * The chip keeps track of 2 kind of Tx stats, 3422 * * TX_STAT_FIFO, for per WCID stats, and 3423 * * TX_STA_CNT0 for all-TX-in-one stats. 3424 * 3425 * To use FIFO stats, we need to store MCS into the driver-private 3426 * PacketID field. So that, we can tell whose stats when we read them. 3427 * We add 1 to the MCS because setting the PacketID field to 0 means 3428 * that we don't want feedback in TX_STAT_FIFO. 3429 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3430 * 3431 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3432 */ 3433 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3434 vap->iv_opmode == IEEE80211_M_MBSS) { 3435 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3436 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3437 3438 /* 3439 * Unlike PCI based devices, we don't get any interrupt from 3440 * USB devices, so we simulate FIFO-is-full interrupt here. 3441 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3442 * quickly get fulled. To prevent overflow, increment a counter on 3443 * every FIFO stat request, so we know how many slots are left. 3444 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3445 * are used only in those modes. 3446 * We just drain stats. AMRR gets updated every 1 sec by 3447 * run_ratectl_cb() via callout. 3448 * Call it early. Otherwise overflow. 3449 */ 3450 if (sc->fifo_cnt++ == 10) { 3451 /* 3452 * With multiple vaps or if_bridge, if_start() is called 3453 * with a non-sleepable lock, tcpinp. So, need to defer. 3454 */ 3455 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3456 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3457 sc->cmdq[i].func = run_drain_fifo; 3458 sc->cmdq[i].arg0 = sc; 3459 ieee80211_runtask(ic, &sc->cmdq_task); 3460 } 3461 } 3462 3463 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3464 3465 usbd_transfer_start(sc->sc_xfer[qid]); 3466 3467 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3468 "sending data frame len=%d rate=%d qid=%d\n", 3469 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3470 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3471 3472 return (0); 3473 } 3474 3475 static int 3476 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3477 { 3478 struct ieee80211com *ic = &sc->sc_ic; 3479 struct run_node *rn = RUN_NODE(ni); 3480 struct run_tx_data *data; 3481 struct ieee80211_frame *wh; 3482 struct rt2870_txd *txd; 3483 struct rt2860_txwi *txwi; 3484 uint16_t dur; 3485 uint8_t ridx = rn->mgt_ridx; 3486 uint8_t type; 3487 uint8_t xflags = 0; 3488 uint8_t wflags = 0; 3489 3490 RUN_LOCK_ASSERT(sc, MA_OWNED); 3491 3492 wh = mtod(m, struct ieee80211_frame *); 3493 3494 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3495 3496 /* tell hardware to add timestamp for probe responses */ 3497 if ((wh->i_fc[0] & 3498 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3499 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3500 wflags |= RT2860_TX_TS; 3501 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3502 xflags |= RT2860_TX_ACK; 3503 3504 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3505 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3506 USETW(wh->i_dur, dur); 3507 } 3508 3509 if (sc->sc_epq[0].tx_nfree == 0) 3510 /* let caller free mbuf */ 3511 return (EIO); 3512 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3513 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3514 sc->sc_epq[0].tx_nfree--; 3515 3516 txd = (struct rt2870_txd *)&data->desc; 3517 txd->flags = RT2860_TX_QSEL_EDCA; 3518 txwi = (struct rt2860_txwi *)(txd + 1); 3519 txwi->wcid = 0xff; 3520 txwi->flags = wflags; 3521 txwi->xflags = xflags; 3522 txwi->txop = 0; /* clear leftover garbage bits */ 3523 3524 data->m = m; 3525 data->ni = ni; 3526 data->ridx = ridx; 3527 3528 run_set_tx_desc(sc, data); 3529 3530 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3531 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3532 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3533 3534 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3535 3536 usbd_transfer_start(sc->sc_xfer[0]); 3537 3538 return (0); 3539 } 3540 3541 static int 3542 run_sendprot(struct run_softc *sc, 3543 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3544 { 3545 struct ieee80211com *ic = ni->ni_ic; 3546 struct ieee80211_frame *wh; 3547 struct run_tx_data *data; 3548 struct rt2870_txd *txd; 3549 struct rt2860_txwi *txwi; 3550 struct mbuf *mprot; 3551 int ridx; 3552 int protrate; 3553 int ackrate; 3554 int pktlen; 3555 int isshort; 3556 uint16_t dur; 3557 uint8_t type; 3558 uint8_t wflags = 0; 3559 uint8_t xflags = 0; 3560 3561 RUN_LOCK_ASSERT(sc, MA_OWNED); 3562 3563 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3564 ("protection %d", prot)); 3565 3566 wh = mtod(m, struct ieee80211_frame *); 3567 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3568 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3569 3570 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3571 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3572 3573 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3574 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3575 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3576 wflags = RT2860_TX_FRAG; 3577 3578 /* check that there are free slots before allocating the mbuf */ 3579 if (sc->sc_epq[0].tx_nfree == 0) 3580 /* let caller free mbuf */ 3581 return (ENOBUFS); 3582 3583 if (prot == IEEE80211_PROT_RTSCTS) { 3584 /* NB: CTS is the same size as an ACK */ 3585 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3586 xflags |= RT2860_TX_ACK; 3587 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3588 } else { 3589 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3590 } 3591 if (mprot == NULL) { 3592 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3593 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3594 return (ENOBUFS); 3595 } 3596 3597 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3598 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3599 sc->sc_epq[0].tx_nfree--; 3600 3601 txd = (struct rt2870_txd *)&data->desc; 3602 txd->flags = RT2860_TX_QSEL_EDCA; 3603 txwi = (struct rt2860_txwi *)(txd + 1); 3604 txwi->wcid = 0xff; 3605 txwi->flags = wflags; 3606 txwi->xflags = xflags; 3607 txwi->txop = 0; /* clear leftover garbage bits */ 3608 3609 data->m = mprot; 3610 data->ni = ieee80211_ref_node(ni); 3611 3612 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3613 if (rt2860_rates[ridx].rate == protrate) 3614 break; 3615 data->ridx = ridx; 3616 3617 run_set_tx_desc(sc, data); 3618 3619 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3620 m->m_pkthdr.len, rate); 3621 3622 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3623 3624 usbd_transfer_start(sc->sc_xfer[0]); 3625 3626 return (0); 3627 } 3628 3629 static int 3630 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3631 const struct ieee80211_bpf_params *params) 3632 { 3633 struct ieee80211com *ic = ni->ni_ic; 3634 struct ieee80211_frame *wh; 3635 struct run_tx_data *data; 3636 struct rt2870_txd *txd; 3637 struct rt2860_txwi *txwi; 3638 uint8_t type; 3639 uint8_t ridx; 3640 uint8_t rate; 3641 uint8_t opflags = 0; 3642 uint8_t xflags = 0; 3643 int error; 3644 3645 RUN_LOCK_ASSERT(sc, MA_OWNED); 3646 3647 KASSERT(params != NULL, ("no raw xmit params")); 3648 3649 wh = mtod(m, struct ieee80211_frame *); 3650 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3651 3652 rate = params->ibp_rate0; 3653 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3654 /* let caller free mbuf */ 3655 return (EINVAL); 3656 } 3657 3658 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3659 xflags |= RT2860_TX_ACK; 3660 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3661 error = run_sendprot(sc, m, ni, 3662 params->ibp_flags & IEEE80211_BPF_RTS ? 3663 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3664 rate); 3665 if (error) { 3666 /* let caller free mbuf */ 3667 return error; 3668 } 3669 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3670 } 3671 3672 if (sc->sc_epq[0].tx_nfree == 0) { 3673 /* let caller free mbuf */ 3674 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3675 "sending raw frame, but tx ring is full\n"); 3676 return (EIO); 3677 } 3678 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3679 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3680 sc->sc_epq[0].tx_nfree--; 3681 3682 txd = (struct rt2870_txd *)&data->desc; 3683 txd->flags = RT2860_TX_QSEL_EDCA; 3684 txwi = (struct rt2860_txwi *)(txd + 1); 3685 txwi->wcid = 0xff; 3686 txwi->xflags = xflags; 3687 txwi->txop = opflags; 3688 txwi->flags = 0; /* clear leftover garbage bits */ 3689 3690 data->m = m; 3691 data->ni = ni; 3692 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3693 if (rt2860_rates[ridx].rate == rate) 3694 break; 3695 data->ridx = ridx; 3696 3697 run_set_tx_desc(sc, data); 3698 3699 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3700 m->m_pkthdr.len, rate); 3701 3702 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3703 3704 usbd_transfer_start(sc->sc_xfer[0]); 3705 3706 return (0); 3707 } 3708 3709 static int 3710 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3711 const struct ieee80211_bpf_params *params) 3712 { 3713 struct run_softc *sc = ni->ni_ic->ic_softc; 3714 int error = 0; 3715 3716 RUN_LOCK(sc); 3717 3718 /* prevent management frames from being sent if we're not ready */ 3719 if (!(sc->sc_flags & RUN_RUNNING)) { 3720 error = ENETDOWN; 3721 goto done; 3722 } 3723 3724 if (params == NULL) { 3725 /* tx mgt packet */ 3726 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3727 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3728 goto done; 3729 } 3730 } else { 3731 /* tx raw packet with param */ 3732 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3733 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3734 goto done; 3735 } 3736 } 3737 3738 done: 3739 RUN_UNLOCK(sc); 3740 3741 if (error != 0) { 3742 if(m != NULL) 3743 m_freem(m); 3744 } 3745 3746 return (error); 3747 } 3748 3749 static int 3750 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3751 { 3752 struct run_softc *sc = ic->ic_softc; 3753 int error; 3754 3755 RUN_LOCK(sc); 3756 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3757 RUN_UNLOCK(sc); 3758 return (ENXIO); 3759 } 3760 error = mbufq_enqueue(&sc->sc_snd, m); 3761 if (error) { 3762 RUN_UNLOCK(sc); 3763 return (error); 3764 } 3765 run_start(sc); 3766 RUN_UNLOCK(sc); 3767 3768 return (0); 3769 } 3770 3771 static void 3772 run_start(struct run_softc *sc) 3773 { 3774 struct ieee80211_node *ni; 3775 struct mbuf *m; 3776 3777 RUN_LOCK_ASSERT(sc, MA_OWNED); 3778 3779 if ((sc->sc_flags & RUN_RUNNING) == 0) 3780 return; 3781 3782 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3783 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3784 if (run_tx(sc, m, ni) != 0) { 3785 mbufq_prepend(&sc->sc_snd, m); 3786 break; 3787 } 3788 } 3789 } 3790 3791 static void 3792 run_parent(struct ieee80211com *ic) 3793 { 3794 struct run_softc *sc = ic->ic_softc; 3795 int startall = 0; 3796 3797 RUN_LOCK(sc); 3798 if (sc->sc_detached) { 3799 RUN_UNLOCK(sc); 3800 return; 3801 } 3802 3803 if (ic->ic_nrunning > 0) { 3804 if (!(sc->sc_flags & RUN_RUNNING)) { 3805 startall = 1; 3806 run_init_locked(sc); 3807 } else 3808 run_update_promisc_locked(sc); 3809 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3810 run_stop(sc); 3811 RUN_UNLOCK(sc); 3812 if (startall) 3813 ieee80211_start_all(ic); 3814 } 3815 3816 static void 3817 run_iq_calib(struct run_softc *sc, u_int chan) 3818 { 3819 uint16_t val; 3820 3821 /* Tx0 IQ gain. */ 3822 run_bbp_write(sc, 158, 0x2c); 3823 if (chan <= 14) 3824 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3825 else if (chan <= 64) { 3826 run_efuse_read(sc, 3827 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3828 &val, 1); 3829 } else if (chan <= 138) { 3830 run_efuse_read(sc, 3831 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3832 &val, 1); 3833 } else if (chan <= 165) { 3834 run_efuse_read(sc, 3835 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3836 &val, 1); 3837 } else 3838 val = 0; 3839 run_bbp_write(sc, 159, val); 3840 3841 /* Tx0 IQ phase. */ 3842 run_bbp_write(sc, 158, 0x2d); 3843 if (chan <= 14) { 3844 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3845 &val, 1); 3846 } else if (chan <= 64) { 3847 run_efuse_read(sc, 3848 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3849 &val, 1); 3850 } else if (chan <= 138) { 3851 run_efuse_read(sc, 3852 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3853 &val, 1); 3854 } else if (chan <= 165) { 3855 run_efuse_read(sc, 3856 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3857 &val, 1); 3858 } else 3859 val = 0; 3860 run_bbp_write(sc, 159, val); 3861 3862 /* Tx1 IQ gain. */ 3863 run_bbp_write(sc, 158, 0x4a); 3864 if (chan <= 14) { 3865 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3866 &val, 1); 3867 } else if (chan <= 64) { 3868 run_efuse_read(sc, 3869 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3870 &val, 1); 3871 } else if (chan <= 138) { 3872 run_efuse_read(sc, 3873 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3874 &val, 1); 3875 } else if (chan <= 165) { 3876 run_efuse_read(sc, 3877 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3878 &val, 1); 3879 } else 3880 val = 0; 3881 run_bbp_write(sc, 159, val); 3882 3883 /* Tx1 IQ phase. */ 3884 run_bbp_write(sc, 158, 0x4b); 3885 if (chan <= 14) { 3886 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3887 &val, 1); 3888 } else if (chan <= 64) { 3889 run_efuse_read(sc, 3890 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3891 &val, 1); 3892 } else if (chan <= 138) { 3893 run_efuse_read(sc, 3894 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3895 &val, 1); 3896 } else if (chan <= 165) { 3897 run_efuse_read(sc, 3898 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3899 &val, 1); 3900 } else 3901 val = 0; 3902 run_bbp_write(sc, 159, val); 3903 3904 /* RF IQ compensation control. */ 3905 run_bbp_write(sc, 158, 0x04); 3906 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3907 &val, 1); 3908 run_bbp_write(sc, 159, val); 3909 3910 /* RF IQ imbalance compensation control. */ 3911 run_bbp_write(sc, 158, 0x03); 3912 run_efuse_read(sc, 3913 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3914 run_bbp_write(sc, 159, val); 3915 } 3916 3917 static void 3918 run_set_agc(struct run_softc *sc, uint8_t agc) 3919 { 3920 uint8_t bbp; 3921 3922 if (sc->mac_ver == 0x3572) { 3923 run_bbp_read(sc, 27, &bbp); 3924 bbp &= ~(0x3 << 5); 3925 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3926 run_bbp_write(sc, 66, agc); 3927 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3928 run_bbp_write(sc, 66, agc); 3929 } else 3930 run_bbp_write(sc, 66, agc); 3931 } 3932 3933 static void 3934 run_select_chan_group(struct run_softc *sc, int group) 3935 { 3936 uint32_t tmp; 3937 uint8_t agc; 3938 3939 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3940 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3941 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3942 if (sc->mac_ver < 0x3572) 3943 run_bbp_write(sc, 86, 0x00); 3944 3945 if (sc->mac_ver == 0x3593) { 3946 run_bbp_write(sc, 77, 0x98); 3947 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3948 } 3949 3950 if (group == 0) { 3951 if (sc->ext_2ghz_lna) { 3952 if (sc->mac_ver >= 0x5390) 3953 run_bbp_write(sc, 75, 0x52); 3954 else { 3955 run_bbp_write(sc, 82, 0x62); 3956 run_bbp_write(sc, 75, 0x46); 3957 } 3958 } else { 3959 if (sc->mac_ver == 0x5592) { 3960 run_bbp_write(sc, 79, 0x1c); 3961 run_bbp_write(sc, 80, 0x0e); 3962 run_bbp_write(sc, 81, 0x3a); 3963 run_bbp_write(sc, 82, 0x62); 3964 3965 run_bbp_write(sc, 195, 0x80); 3966 run_bbp_write(sc, 196, 0xe0); 3967 run_bbp_write(sc, 195, 0x81); 3968 run_bbp_write(sc, 196, 0x1f); 3969 run_bbp_write(sc, 195, 0x82); 3970 run_bbp_write(sc, 196, 0x38); 3971 run_bbp_write(sc, 195, 0x83); 3972 run_bbp_write(sc, 196, 0x32); 3973 run_bbp_write(sc, 195, 0x85); 3974 run_bbp_write(sc, 196, 0x28); 3975 run_bbp_write(sc, 195, 0x86); 3976 run_bbp_write(sc, 196, 0x19); 3977 } else if (sc->mac_ver >= 0x5390) 3978 run_bbp_write(sc, 75, 0x50); 3979 else { 3980 run_bbp_write(sc, 82, 3981 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3982 run_bbp_write(sc, 75, 0x50); 3983 } 3984 } 3985 } else { 3986 if (sc->mac_ver == 0x5592) { 3987 run_bbp_write(sc, 79, 0x18); 3988 run_bbp_write(sc, 80, 0x08); 3989 run_bbp_write(sc, 81, 0x38); 3990 run_bbp_write(sc, 82, 0x92); 3991 3992 run_bbp_write(sc, 195, 0x80); 3993 run_bbp_write(sc, 196, 0xf0); 3994 run_bbp_write(sc, 195, 0x81); 3995 run_bbp_write(sc, 196, 0x1e); 3996 run_bbp_write(sc, 195, 0x82); 3997 run_bbp_write(sc, 196, 0x28); 3998 run_bbp_write(sc, 195, 0x83); 3999 run_bbp_write(sc, 196, 0x20); 4000 run_bbp_write(sc, 195, 0x85); 4001 run_bbp_write(sc, 196, 0x7f); 4002 run_bbp_write(sc, 195, 0x86); 4003 run_bbp_write(sc, 196, 0x7f); 4004 } else if (sc->mac_ver == 0x3572) 4005 run_bbp_write(sc, 82, 0x94); 4006 else 4007 run_bbp_write(sc, 82, 4008 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4009 if (sc->ext_5ghz_lna) 4010 run_bbp_write(sc, 75, 0x46); 4011 else 4012 run_bbp_write(sc, 75, 0x50); 4013 } 4014 4015 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4016 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4017 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4018 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4019 4020 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4021 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4022 if (sc->mac_ver == 0x3593) 4023 tmp |= 1 << 29 | 1 << 28; 4024 if (sc->nrxchains > 1) 4025 tmp |= RT2860_LNA_PE1_EN; 4026 if (group == 0) { /* 2GHz */ 4027 tmp |= RT2860_PA_PE_G0_EN; 4028 if (sc->ntxchains > 1) 4029 tmp |= RT2860_PA_PE_G1_EN; 4030 if (sc->mac_ver == 0x3593) { 4031 if (sc->ntxchains > 2) 4032 tmp |= 1 << 25; 4033 } 4034 } else { /* 5GHz */ 4035 tmp |= RT2860_PA_PE_A0_EN; 4036 if (sc->ntxchains > 1) 4037 tmp |= RT2860_PA_PE_A1_EN; 4038 } 4039 if (sc->mac_ver == 0x3572) { 4040 run_rt3070_rf_write(sc, 8, 0x00); 4041 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4042 run_rt3070_rf_write(sc, 8, 0x80); 4043 } else 4044 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4045 4046 if (sc->mac_ver == 0x5592) { 4047 run_bbp_write(sc, 195, 0x8d); 4048 run_bbp_write(sc, 196, 0x1a); 4049 } 4050 4051 if (sc->mac_ver == 0x3593) { 4052 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4053 tmp &= ~0x01010000; 4054 if (group == 0) 4055 tmp |= 0x00010000; 4056 tmp = (tmp & ~0x00009090) | 0x00000090; 4057 run_write(sc, RT2860_GPIO_CTRL, tmp); 4058 } 4059 4060 /* set initial AGC value */ 4061 if (group == 0) { /* 2GHz band */ 4062 if (sc->mac_ver >= 0x3070) 4063 agc = 0x1c + sc->lna[0] * 2; 4064 else 4065 agc = 0x2e + sc->lna[0]; 4066 } else { /* 5GHz band */ 4067 if (sc->mac_ver == 0x5592) 4068 agc = 0x24 + sc->lna[group] * 2; 4069 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4070 agc = 0x22 + (sc->lna[group] * 5) / 3; 4071 else 4072 agc = 0x32 + (sc->lna[group] * 5) / 3; 4073 } 4074 run_set_agc(sc, agc); 4075 } 4076 4077 static void 4078 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4079 { 4080 const struct rfprog *rfprog = rt2860_rf2850; 4081 uint32_t r2, r3, r4; 4082 int8_t txpow1, txpow2; 4083 int i; 4084 4085 /* find the settings for this channel (we know it exists) */ 4086 for (i = 0; rfprog[i].chan != chan; i++); 4087 4088 r2 = rfprog[i].r2; 4089 if (sc->ntxchains == 1) 4090 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4091 if (sc->nrxchains == 1) 4092 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4093 else if (sc->nrxchains == 2) 4094 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4095 4096 /* use Tx power values from EEPROM */ 4097 txpow1 = sc->txpow1[i]; 4098 txpow2 = sc->txpow2[i]; 4099 4100 /* Initialize RF R3 and R4. */ 4101 r3 = rfprog[i].r3 & 0xffffc1ff; 4102 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4103 if (chan > 14) { 4104 if (txpow1 >= 0) { 4105 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4106 r3 |= (txpow1 << 10) | (1 << 9); 4107 } else { 4108 txpow1 += 7; 4109 4110 /* txpow1 is not possible larger than 15. */ 4111 r3 |= (txpow1 << 10); 4112 } 4113 if (txpow2 >= 0) { 4114 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4115 r4 |= (txpow2 << 7) | (1 << 6); 4116 } else { 4117 txpow2 += 7; 4118 r4 |= (txpow2 << 7); 4119 } 4120 } else { 4121 /* Set Tx0 power. */ 4122 r3 |= (txpow1 << 9); 4123 4124 /* Set frequency offset and Tx1 power. */ 4125 r4 |= (txpow2 << 6); 4126 } 4127 4128 run_rt2870_rf_write(sc, rfprog[i].r1); 4129 run_rt2870_rf_write(sc, r2); 4130 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4131 run_rt2870_rf_write(sc, r4); 4132 4133 run_delay(sc, 10); 4134 4135 run_rt2870_rf_write(sc, rfprog[i].r1); 4136 run_rt2870_rf_write(sc, r2); 4137 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4138 run_rt2870_rf_write(sc, r4); 4139 4140 run_delay(sc, 10); 4141 4142 run_rt2870_rf_write(sc, rfprog[i].r1); 4143 run_rt2870_rf_write(sc, r2); 4144 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4145 run_rt2870_rf_write(sc, r4); 4146 } 4147 4148 static void 4149 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4150 { 4151 int8_t txpow1, txpow2; 4152 uint8_t rf; 4153 int i; 4154 4155 /* find the settings for this channel (we know it exists) */ 4156 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4157 4158 /* use Tx power values from EEPROM */ 4159 txpow1 = sc->txpow1[i]; 4160 txpow2 = sc->txpow2[i]; 4161 4162 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4163 4164 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4165 run_rt3070_rf_read(sc, 3, &rf); 4166 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4167 run_rt3070_rf_write(sc, 3, rf); 4168 4169 run_rt3070_rf_read(sc, 6, &rf); 4170 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4171 run_rt3070_rf_write(sc, 6, rf); 4172 4173 /* set Tx0 power */ 4174 run_rt3070_rf_read(sc, 12, &rf); 4175 rf = (rf & ~0x1f) | txpow1; 4176 run_rt3070_rf_write(sc, 12, rf); 4177 4178 /* set Tx1 power */ 4179 run_rt3070_rf_read(sc, 13, &rf); 4180 rf = (rf & ~0x1f) | txpow2; 4181 run_rt3070_rf_write(sc, 13, rf); 4182 4183 run_rt3070_rf_read(sc, 1, &rf); 4184 rf &= ~0xfc; 4185 if (sc->ntxchains == 1) 4186 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4187 else if (sc->ntxchains == 2) 4188 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4189 if (sc->nrxchains == 1) 4190 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4191 else if (sc->nrxchains == 2) 4192 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4193 run_rt3070_rf_write(sc, 1, rf); 4194 4195 /* set RF offset */ 4196 run_rt3070_rf_read(sc, 23, &rf); 4197 rf = (rf & ~0x7f) | sc->freq; 4198 run_rt3070_rf_write(sc, 23, rf); 4199 4200 /* program RF filter */ 4201 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4202 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4203 run_rt3070_rf_write(sc, 24, rf); 4204 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4205 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4206 run_rt3070_rf_write(sc, 31, rf); 4207 4208 /* enable RF tuning */ 4209 run_rt3070_rf_read(sc, 7, &rf); 4210 run_rt3070_rf_write(sc, 7, rf | 0x01); 4211 } 4212 4213 static void 4214 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4215 { 4216 int8_t txpow1, txpow2; 4217 uint32_t tmp; 4218 uint8_t rf; 4219 int i; 4220 4221 /* find the settings for this channel (we know it exists) */ 4222 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4223 4224 /* use Tx power values from EEPROM */ 4225 txpow1 = sc->txpow1[i]; 4226 txpow2 = sc->txpow2[i]; 4227 4228 if (chan <= 14) { 4229 run_bbp_write(sc, 25, sc->bbp25); 4230 run_bbp_write(sc, 26, sc->bbp26); 4231 } else { 4232 /* enable IQ phase correction */ 4233 run_bbp_write(sc, 25, 0x09); 4234 run_bbp_write(sc, 26, 0xff); 4235 } 4236 4237 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4238 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4239 run_rt3070_rf_read(sc, 6, &rf); 4240 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4241 rf |= (chan <= 14) ? 0x08 : 0x04; 4242 run_rt3070_rf_write(sc, 6, rf); 4243 4244 /* set PLL mode */ 4245 run_rt3070_rf_read(sc, 5, &rf); 4246 rf &= ~(0x08 | 0x04); 4247 rf |= (chan <= 14) ? 0x04 : 0x08; 4248 run_rt3070_rf_write(sc, 5, rf); 4249 4250 /* set Tx power for chain 0 */ 4251 if (chan <= 14) 4252 rf = 0x60 | txpow1; 4253 else 4254 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4255 run_rt3070_rf_write(sc, 12, rf); 4256 4257 /* set Tx power for chain 1 */ 4258 if (chan <= 14) 4259 rf = 0x60 | txpow2; 4260 else 4261 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4262 run_rt3070_rf_write(sc, 13, rf); 4263 4264 /* set Tx/Rx streams */ 4265 run_rt3070_rf_read(sc, 1, &rf); 4266 rf &= ~0xfc; 4267 if (sc->ntxchains == 1) 4268 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4269 else if (sc->ntxchains == 2) 4270 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4271 if (sc->nrxchains == 1) 4272 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4273 else if (sc->nrxchains == 2) 4274 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4275 run_rt3070_rf_write(sc, 1, rf); 4276 4277 /* set RF offset */ 4278 run_rt3070_rf_read(sc, 23, &rf); 4279 rf = (rf & ~0x7f) | sc->freq; 4280 run_rt3070_rf_write(sc, 23, rf); 4281 4282 /* program RF filter */ 4283 rf = sc->rf24_20mhz; 4284 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4285 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4286 4287 /* enable RF tuning */ 4288 run_rt3070_rf_read(sc, 7, &rf); 4289 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4290 run_rt3070_rf_write(sc, 7, rf); 4291 4292 /* TSSI */ 4293 rf = (chan <= 14) ? 0xc3 : 0xc0; 4294 run_rt3070_rf_write(sc, 9, rf); 4295 4296 /* set loop filter 1 */ 4297 run_rt3070_rf_write(sc, 10, 0xf1); 4298 /* set loop filter 2 */ 4299 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4300 4301 /* set tx_mx2_ic */ 4302 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4303 /* set tx_mx1_ic */ 4304 if (chan <= 14) 4305 rf = 0x48 | sc->txmixgain_2ghz; 4306 else 4307 rf = 0x78 | sc->txmixgain_5ghz; 4308 run_rt3070_rf_write(sc, 16, rf); 4309 4310 /* set tx_lo1 */ 4311 run_rt3070_rf_write(sc, 17, 0x23); 4312 /* set tx_lo2 */ 4313 if (chan <= 14) 4314 rf = 0x93; 4315 else if (chan <= 64) 4316 rf = 0xb7; 4317 else if (chan <= 128) 4318 rf = 0x74; 4319 else 4320 rf = 0x72; 4321 run_rt3070_rf_write(sc, 19, rf); 4322 4323 /* set rx_lo1 */ 4324 if (chan <= 14) 4325 rf = 0xb3; 4326 else if (chan <= 64) 4327 rf = 0xf6; 4328 else if (chan <= 128) 4329 rf = 0xf4; 4330 else 4331 rf = 0xf3; 4332 run_rt3070_rf_write(sc, 20, rf); 4333 4334 /* set pfd_delay */ 4335 if (chan <= 14) 4336 rf = 0x15; 4337 else if (chan <= 64) 4338 rf = 0x3d; 4339 else 4340 rf = 0x01; 4341 run_rt3070_rf_write(sc, 25, rf); 4342 4343 /* set rx_lo2 */ 4344 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4345 /* set ldo_rf_vc */ 4346 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4347 /* set drv_cc */ 4348 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4349 4350 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4351 tmp &= ~0x8080; 4352 if (chan <= 14) 4353 tmp |= 0x80; 4354 run_write(sc, RT2860_GPIO_CTRL, tmp); 4355 4356 /* enable RF tuning */ 4357 run_rt3070_rf_read(sc, 7, &rf); 4358 run_rt3070_rf_write(sc, 7, rf | 0x01); 4359 4360 run_delay(sc, 2); 4361 } 4362 4363 static void 4364 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4365 { 4366 int8_t txpow1, txpow2, txpow3; 4367 uint8_t h20mhz, rf; 4368 int i; 4369 4370 /* find the settings for this channel (we know it exists) */ 4371 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4372 4373 /* use Tx power values from EEPROM */ 4374 txpow1 = sc->txpow1[i]; 4375 txpow2 = sc->txpow2[i]; 4376 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4377 4378 if (chan <= 14) { 4379 run_bbp_write(sc, 25, sc->bbp25); 4380 run_bbp_write(sc, 26, sc->bbp26); 4381 } else { 4382 /* Enable IQ phase correction. */ 4383 run_bbp_write(sc, 25, 0x09); 4384 run_bbp_write(sc, 26, 0xff); 4385 } 4386 4387 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4388 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4389 run_rt3070_rf_read(sc, 11, &rf); 4390 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4391 run_rt3070_rf_write(sc, 11, rf); 4392 4393 /* Set pll_idoh. */ 4394 run_rt3070_rf_read(sc, 11, &rf); 4395 rf &= ~0x4c; 4396 rf |= (chan <= 14) ? 0x44 : 0x48; 4397 run_rt3070_rf_write(sc, 11, rf); 4398 4399 if (chan <= 14) 4400 rf = txpow1 & 0x1f; 4401 else 4402 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4403 run_rt3070_rf_write(sc, 53, rf); 4404 4405 if (chan <= 14) 4406 rf = txpow2 & 0x1f; 4407 else 4408 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4409 run_rt3070_rf_write(sc, 55, rf); 4410 4411 if (chan <= 14) 4412 rf = txpow3 & 0x1f; 4413 else 4414 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4415 run_rt3070_rf_write(sc, 54, rf); 4416 4417 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4418 if (sc->ntxchains == 3) 4419 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4420 else 4421 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4422 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4423 run_rt3070_rf_write(sc, 1, rf); 4424 4425 run_adjust_freq_offset(sc); 4426 4427 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4428 4429 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4430 run_rt3070_rf_read(sc, 30, &rf); 4431 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4432 run_rt3070_rf_write(sc, 30, rf); 4433 4434 run_rt3070_rf_read(sc, 36, &rf); 4435 if (chan <= 14) 4436 rf |= 0x80; 4437 else 4438 rf &= ~0x80; 4439 run_rt3070_rf_write(sc, 36, rf); 4440 4441 /* Set vcolo_bs. */ 4442 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4443 /* Set pfd_delay. */ 4444 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4445 4446 /* Set vco bias current control. */ 4447 run_rt3070_rf_read(sc, 6, &rf); 4448 rf &= ~0xc0; 4449 if (chan <= 14) 4450 rf |= 0x40; 4451 else if (chan <= 128) 4452 rf |= 0x80; 4453 else 4454 rf |= 0x40; 4455 run_rt3070_rf_write(sc, 6, rf); 4456 4457 run_rt3070_rf_read(sc, 30, &rf); 4458 rf = (rf & ~0x18) | 0x10; 4459 run_rt3070_rf_write(sc, 30, rf); 4460 4461 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4462 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4463 4464 run_rt3070_rf_read(sc, 51, &rf); 4465 rf = (rf & ~0x03) | 0x01; 4466 run_rt3070_rf_write(sc, 51, rf); 4467 /* Set tx_mx1_cc. */ 4468 run_rt3070_rf_read(sc, 51, &rf); 4469 rf &= ~0x1c; 4470 rf |= (chan <= 14) ? 0x14 : 0x10; 4471 run_rt3070_rf_write(sc, 51, rf); 4472 /* Set tx_mx1_ic. */ 4473 run_rt3070_rf_read(sc, 51, &rf); 4474 rf &= ~0xe0; 4475 rf |= (chan <= 14) ? 0x60 : 0x40; 4476 run_rt3070_rf_write(sc, 51, rf); 4477 /* Set tx_lo1_ic. */ 4478 run_rt3070_rf_read(sc, 49, &rf); 4479 rf &= ~0x1c; 4480 rf |= (chan <= 14) ? 0x0c : 0x08; 4481 run_rt3070_rf_write(sc, 49, rf); 4482 /* Set tx_lo1_en. */ 4483 run_rt3070_rf_read(sc, 50, &rf); 4484 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4485 /* Set drv_cc. */ 4486 run_rt3070_rf_read(sc, 57, &rf); 4487 rf &= ~0xfc; 4488 rf |= (chan <= 14) ? 0x6c : 0x3c; 4489 run_rt3070_rf_write(sc, 57, rf); 4490 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4491 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4492 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4493 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4494 /* Enable VCO calibration. */ 4495 run_rt3070_rf_read(sc, 3, &rf); 4496 rf &= ~RT5390_VCOCAL; 4497 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4498 run_rt3070_rf_write(sc, 3, rf); 4499 4500 if (chan <= 14) 4501 rf = 0x23; 4502 else if (chan <= 64) 4503 rf = 0x36; 4504 else if (chan <= 128) 4505 rf = 0x32; 4506 else 4507 rf = 0x30; 4508 run_rt3070_rf_write(sc, 39, rf); 4509 if (chan <= 14) 4510 rf = 0xbb; 4511 else if (chan <= 64) 4512 rf = 0xeb; 4513 else if (chan <= 128) 4514 rf = 0xb3; 4515 else 4516 rf = 0x9b; 4517 run_rt3070_rf_write(sc, 45, rf); 4518 4519 /* Set FEQ/AEQ control. */ 4520 run_bbp_write(sc, 105, 0x34); 4521 } 4522 4523 static void 4524 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4525 { 4526 int8_t txpow1, txpow2; 4527 uint8_t rf; 4528 int i; 4529 4530 /* find the settings for this channel (we know it exists) */ 4531 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4532 4533 /* use Tx power values from EEPROM */ 4534 txpow1 = sc->txpow1[i]; 4535 txpow2 = sc->txpow2[i]; 4536 4537 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4538 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4539 run_rt3070_rf_read(sc, 11, &rf); 4540 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4541 run_rt3070_rf_write(sc, 11, rf); 4542 4543 run_rt3070_rf_read(sc, 49, &rf); 4544 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4545 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4546 if ((rf & 0x3f) > 0x27) 4547 rf = (rf & ~0x3f) | 0x27; 4548 run_rt3070_rf_write(sc, 49, rf); 4549 4550 if (sc->mac_ver == 0x5392) { 4551 run_rt3070_rf_read(sc, 50, &rf); 4552 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4553 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4554 if ((rf & 0x3f) > 0x27) 4555 rf = (rf & ~0x3f) | 0x27; 4556 run_rt3070_rf_write(sc, 50, rf); 4557 } 4558 4559 run_rt3070_rf_read(sc, 1, &rf); 4560 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4561 if (sc->mac_ver == 0x5392) 4562 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4563 run_rt3070_rf_write(sc, 1, rf); 4564 4565 if (sc->mac_ver != 0x5392) { 4566 run_rt3070_rf_read(sc, 2, &rf); 4567 rf |= 0x80; 4568 run_rt3070_rf_write(sc, 2, rf); 4569 run_delay(sc, 10); 4570 rf &= 0x7f; 4571 run_rt3070_rf_write(sc, 2, rf); 4572 } 4573 4574 run_adjust_freq_offset(sc); 4575 4576 if (sc->mac_ver == 0x5392) { 4577 /* Fix for RT5392C. */ 4578 if (sc->mac_rev >= 0x0223) { 4579 if (chan <= 4) 4580 rf = 0x0f; 4581 else if (chan >= 5 && chan <= 7) 4582 rf = 0x0e; 4583 else 4584 rf = 0x0d; 4585 run_rt3070_rf_write(sc, 23, rf); 4586 4587 if (chan <= 4) 4588 rf = 0x0c; 4589 else if (chan == 5) 4590 rf = 0x0b; 4591 else if (chan >= 6 && chan <= 7) 4592 rf = 0x0a; 4593 else if (chan >= 8 && chan <= 10) 4594 rf = 0x09; 4595 else 4596 rf = 0x08; 4597 run_rt3070_rf_write(sc, 59, rf); 4598 } else { 4599 if (chan <= 11) 4600 rf = 0x0f; 4601 else 4602 rf = 0x0b; 4603 run_rt3070_rf_write(sc, 59, rf); 4604 } 4605 } else { 4606 /* Fix for RT5390F. */ 4607 if (sc->mac_rev >= 0x0502) { 4608 if (chan <= 11) 4609 rf = 0x43; 4610 else 4611 rf = 0x23; 4612 run_rt3070_rf_write(sc, 55, rf); 4613 4614 if (chan <= 11) 4615 rf = 0x0f; 4616 else if (chan == 12) 4617 rf = 0x0d; 4618 else 4619 rf = 0x0b; 4620 run_rt3070_rf_write(sc, 59, rf); 4621 } else { 4622 run_rt3070_rf_write(sc, 55, 0x44); 4623 run_rt3070_rf_write(sc, 59, 0x8f); 4624 } 4625 } 4626 4627 /* Enable VCO calibration. */ 4628 run_rt3070_rf_read(sc, 3, &rf); 4629 rf |= RT5390_VCOCAL; 4630 run_rt3070_rf_write(sc, 3, rf); 4631 } 4632 4633 static void 4634 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4635 { 4636 const struct rt5592_freqs *freqs; 4637 uint32_t tmp; 4638 uint8_t reg, rf, txpow_bound; 4639 int8_t txpow1, txpow2; 4640 int i; 4641 4642 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4643 freqs = (tmp & RT5592_SEL_XTAL) ? 4644 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4645 4646 /* find the settings for this channel (we know it exists) */ 4647 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4648 4649 /* use Tx power values from EEPROM */ 4650 txpow1 = sc->txpow1[i]; 4651 txpow2 = sc->txpow2[i]; 4652 4653 run_read(sc, RT3070_LDO_CFG0, &tmp); 4654 tmp &= ~0x1c000000; 4655 if (chan > 14) 4656 tmp |= 0x14000000; 4657 run_write(sc, RT3070_LDO_CFG0, tmp); 4658 4659 /* N setting. */ 4660 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4661 run_rt3070_rf_read(sc, 9, &rf); 4662 rf &= ~(1 << 4); 4663 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4664 run_rt3070_rf_write(sc, 9, rf); 4665 4666 /* K setting. */ 4667 run_rt3070_rf_read(sc, 9, &rf); 4668 rf &= ~0x0f; 4669 rf |= (freqs->k & 0x0f); 4670 run_rt3070_rf_write(sc, 9, rf); 4671 4672 /* Mode setting. */ 4673 run_rt3070_rf_read(sc, 11, &rf); 4674 rf &= ~0x0c; 4675 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4676 run_rt3070_rf_write(sc, 11, rf); 4677 run_rt3070_rf_read(sc, 9, &rf); 4678 rf &= ~(1 << 7); 4679 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4680 run_rt3070_rf_write(sc, 9, rf); 4681 4682 /* R setting. */ 4683 run_rt3070_rf_read(sc, 11, &rf); 4684 rf &= ~0x03; 4685 rf |= (freqs->r - 0x1); 4686 run_rt3070_rf_write(sc, 11, rf); 4687 4688 if (chan <= 14) { 4689 /* Initialize RF registers for 2GHZ. */ 4690 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4691 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4692 rt5592_2ghz_def_rf[i].val); 4693 } 4694 4695 rf = (chan <= 10) ? 0x07 : 0x06; 4696 run_rt3070_rf_write(sc, 23, rf); 4697 run_rt3070_rf_write(sc, 59, rf); 4698 4699 run_rt3070_rf_write(sc, 55, 0x43); 4700 4701 /* 4702 * RF R49/R50 Tx power ALC code. 4703 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4704 */ 4705 reg = 2; 4706 txpow_bound = 0x27; 4707 } else { 4708 /* Initialize RF registers for 5GHZ. */ 4709 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4710 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4711 rt5592_5ghz_def_rf[i].val); 4712 } 4713 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4714 if (chan >= rt5592_chan_5ghz[i].firstchan && 4715 chan <= rt5592_chan_5ghz[i].lastchan) { 4716 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4717 rt5592_chan_5ghz[i].val); 4718 } 4719 } 4720 4721 /* 4722 * RF R49/R50 Tx power ALC code. 4723 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4724 */ 4725 reg = 3; 4726 txpow_bound = 0x2b; 4727 } 4728 4729 /* RF R49 ch0 Tx power ALC code. */ 4730 run_rt3070_rf_read(sc, 49, &rf); 4731 rf &= ~0xc0; 4732 rf |= (reg << 6); 4733 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4734 if ((rf & 0x3f) > txpow_bound) 4735 rf = (rf & ~0x3f) | txpow_bound; 4736 run_rt3070_rf_write(sc, 49, rf); 4737 4738 /* RF R50 ch1 Tx power ALC code. */ 4739 run_rt3070_rf_read(sc, 50, &rf); 4740 rf &= ~(1 << 7 | 1 << 6); 4741 rf |= (reg << 6); 4742 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4743 if ((rf & 0x3f) > txpow_bound) 4744 rf = (rf & ~0x3f) | txpow_bound; 4745 run_rt3070_rf_write(sc, 50, rf); 4746 4747 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4748 run_rt3070_rf_read(sc, 1, &rf); 4749 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4750 if (sc->ntxchains > 1) 4751 rf |= RT3070_TX1_PD; 4752 if (sc->nrxchains > 1) 4753 rf |= RT3070_RX1_PD; 4754 run_rt3070_rf_write(sc, 1, rf); 4755 4756 run_rt3070_rf_write(sc, 6, 0xe4); 4757 4758 run_rt3070_rf_write(sc, 30, 0x10); 4759 run_rt3070_rf_write(sc, 31, 0x80); 4760 run_rt3070_rf_write(sc, 32, 0x80); 4761 4762 run_adjust_freq_offset(sc); 4763 4764 /* Enable VCO calibration. */ 4765 run_rt3070_rf_read(sc, 3, &rf); 4766 rf |= RT5390_VCOCAL; 4767 run_rt3070_rf_write(sc, 3, rf); 4768 } 4769 4770 static void 4771 run_set_rx_antenna(struct run_softc *sc, int aux) 4772 { 4773 uint32_t tmp; 4774 uint8_t bbp152; 4775 4776 if (aux) { 4777 if (sc->rf_rev == RT5390_RF_5370) { 4778 run_bbp_read(sc, 152, &bbp152); 4779 run_bbp_write(sc, 152, bbp152 & ~0x80); 4780 } else { 4781 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4782 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4783 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4784 } 4785 } else { 4786 if (sc->rf_rev == RT5390_RF_5370) { 4787 run_bbp_read(sc, 152, &bbp152); 4788 run_bbp_write(sc, 152, bbp152 | 0x80); 4789 } else { 4790 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4791 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4792 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4793 } 4794 } 4795 } 4796 4797 static int 4798 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4799 { 4800 struct ieee80211com *ic = &sc->sc_ic; 4801 u_int chan, group; 4802 4803 chan = ieee80211_chan2ieee(ic, c); 4804 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4805 return (EINVAL); 4806 4807 if (sc->mac_ver == 0x5592) 4808 run_rt5592_set_chan(sc, chan); 4809 else if (sc->mac_ver >= 0x5390) 4810 run_rt5390_set_chan(sc, chan); 4811 else if (sc->mac_ver == 0x3593) 4812 run_rt3593_set_chan(sc, chan); 4813 else if (sc->mac_ver == 0x3572) 4814 run_rt3572_set_chan(sc, chan); 4815 else if (sc->mac_ver >= 0x3070) 4816 run_rt3070_set_chan(sc, chan); 4817 else 4818 run_rt2870_set_chan(sc, chan); 4819 4820 /* determine channel group */ 4821 if (chan <= 14) 4822 group = 0; 4823 else if (chan <= 64) 4824 group = 1; 4825 else if (chan <= 128) 4826 group = 2; 4827 else 4828 group = 3; 4829 4830 /* XXX necessary only when group has changed! */ 4831 run_select_chan_group(sc, group); 4832 4833 run_delay(sc, 10); 4834 4835 /* Perform IQ calibration. */ 4836 if (sc->mac_ver >= 0x5392) 4837 run_iq_calib(sc, chan); 4838 4839 return (0); 4840 } 4841 4842 static void 4843 run_set_channel(struct ieee80211com *ic) 4844 { 4845 struct run_softc *sc = ic->ic_softc; 4846 4847 RUN_LOCK(sc); 4848 run_set_chan(sc, ic->ic_curchan); 4849 RUN_UNLOCK(sc); 4850 4851 return; 4852 } 4853 4854 static void 4855 run_getradiocaps(struct ieee80211com *ic, 4856 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4857 { 4858 struct run_softc *sc = ic->ic_softc; 4859 uint8_t bands[IEEE80211_MODE_BYTES]; 4860 4861 memset(bands, 0, sizeof(bands)); 4862 setbit(bands, IEEE80211_MODE_11B); 4863 setbit(bands, IEEE80211_MODE_11G); 4864 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4865 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4866 4867 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4868 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4869 sc->rf_rev == RT5592_RF_5592) { 4870 setbit(bands, IEEE80211_MODE_11A); 4871 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4872 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4873 } 4874 } 4875 4876 static void 4877 run_scan_start(struct ieee80211com *ic) 4878 { 4879 struct run_softc *sc = ic->ic_softc; 4880 uint32_t tmp; 4881 4882 RUN_LOCK(sc); 4883 4884 /* abort TSF synchronization */ 4885 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4886 run_write(sc, RT2860_BCN_TIME_CFG, 4887 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4888 RT2860_TBTT_TIMER_EN)); 4889 run_set_bssid(sc, ieee80211broadcastaddr); 4890 4891 RUN_UNLOCK(sc); 4892 4893 return; 4894 } 4895 4896 static void 4897 run_scan_end(struct ieee80211com *ic) 4898 { 4899 struct run_softc *sc = ic->ic_softc; 4900 4901 RUN_LOCK(sc); 4902 4903 run_enable_tsf_sync(sc); 4904 run_set_bssid(sc, sc->sc_bssid); 4905 4906 RUN_UNLOCK(sc); 4907 4908 return; 4909 } 4910 4911 /* 4912 * Could be called from ieee80211_node_timeout() 4913 * (non-sleepable thread) 4914 */ 4915 static void 4916 run_update_beacon(struct ieee80211vap *vap, int item) 4917 { 4918 struct ieee80211com *ic = vap->iv_ic; 4919 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4920 struct ieee80211_node *ni = vap->iv_bss; 4921 struct run_softc *sc = ic->ic_softc; 4922 struct run_vap *rvp = RUN_VAP(vap); 4923 int mcast = 0; 4924 uint32_t i; 4925 4926 switch (item) { 4927 case IEEE80211_BEACON_ERP: 4928 run_updateslot(ic); 4929 break; 4930 case IEEE80211_BEACON_HTINFO: 4931 run_updateprot(ic); 4932 break; 4933 case IEEE80211_BEACON_TIM: 4934 mcast = 1; /*TODO*/ 4935 break; 4936 default: 4937 break; 4938 } 4939 4940 setbit(bo->bo_flags, item); 4941 if (rvp->beacon_mbuf == NULL) { 4942 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4943 if (rvp->beacon_mbuf == NULL) 4944 return; 4945 } 4946 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4947 4948 i = RUN_CMDQ_GET(&sc->cmdq_store); 4949 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4950 sc->cmdq[i].func = run_update_beacon_cb; 4951 sc->cmdq[i].arg0 = vap; 4952 ieee80211_runtask(ic, &sc->cmdq_task); 4953 4954 return; 4955 } 4956 4957 static void 4958 run_update_beacon_cb(void *arg) 4959 { 4960 struct ieee80211vap *vap = arg; 4961 struct ieee80211_node *ni = vap->iv_bss; 4962 struct run_vap *rvp = RUN_VAP(vap); 4963 struct ieee80211com *ic = vap->iv_ic; 4964 struct run_softc *sc = ic->ic_softc; 4965 struct rt2860_txwi txwi; 4966 struct mbuf *m; 4967 uint16_t txwisize; 4968 uint8_t ridx; 4969 4970 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4971 return; 4972 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4973 return; 4974 4975 /* 4976 * No need to call ieee80211_beacon_update(), run_update_beacon() 4977 * is taking care of appropriate calls. 4978 */ 4979 if (rvp->beacon_mbuf == NULL) { 4980 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4981 if (rvp->beacon_mbuf == NULL) 4982 return; 4983 } 4984 m = rvp->beacon_mbuf; 4985 4986 memset(&txwi, 0, sizeof(txwi)); 4987 txwi.wcid = 0xff; 4988 txwi.len = htole16(m->m_pkthdr.len); 4989 4990 /* send beacons at the lowest available rate */ 4991 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4992 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4993 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4994 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4995 txwi.phy |= htole16(RT2860_PHY_OFDM); 4996 txwi.txop = RT2860_TX_TXOP_HT; 4997 txwi.flags = RT2860_TX_TS; 4998 txwi.xflags = RT2860_TX_NSEQ; 4999 5000 txwisize = (sc->mac_ver == 0x5592) ? 5001 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 5002 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 5003 txwisize); 5004 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 5005 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5006 } 5007 5008 static void 5009 run_updateprot(struct ieee80211com *ic) 5010 { 5011 struct run_softc *sc = ic->ic_softc; 5012 uint32_t i; 5013 5014 i = RUN_CMDQ_GET(&sc->cmdq_store); 5015 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5016 sc->cmdq[i].func = run_updateprot_cb; 5017 sc->cmdq[i].arg0 = ic; 5018 ieee80211_runtask(ic, &sc->cmdq_task); 5019 } 5020 5021 static void 5022 run_updateprot_cb(void *arg) 5023 { 5024 struct ieee80211com *ic = arg; 5025 struct run_softc *sc = ic->ic_softc; 5026 uint32_t tmp; 5027 5028 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5029 /* setup protection frame rate (MCS code) */ 5030 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5031 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5032 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5033 5034 /* CCK frames don't require protection */ 5035 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5036 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5037 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5038 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5039 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5040 tmp |= RT2860_PROT_CTRL_CTS; 5041 } 5042 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5043 } 5044 5045 static void 5046 run_usb_timeout_cb(void *arg) 5047 { 5048 struct ieee80211vap *vap = arg; 5049 struct run_softc *sc = vap->iv_ic->ic_softc; 5050 5051 RUN_LOCK_ASSERT(sc, MA_OWNED); 5052 5053 if(vap->iv_state == IEEE80211_S_RUN && 5054 vap->iv_opmode != IEEE80211_M_STA) 5055 run_reset_livelock(sc); 5056 else if (vap->iv_state == IEEE80211_S_SCAN) { 5057 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5058 "timeout caused by scan\n"); 5059 /* cancel bgscan */ 5060 ieee80211_cancel_scan(vap); 5061 } else 5062 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5063 "timeout by unknown cause\n"); 5064 } 5065 5066 static void 5067 run_reset_livelock(struct run_softc *sc) 5068 { 5069 uint32_t tmp; 5070 5071 RUN_LOCK_ASSERT(sc, MA_OWNED); 5072 5073 /* 5074 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5075 * can run into a livelock and start sending CTS-to-self frames like 5076 * crazy if protection is enabled. Reset MAC/BBP for a while 5077 */ 5078 run_read(sc, RT2860_DEBUG, &tmp); 5079 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5080 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5081 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5082 "CTS-to-self livelock detected\n"); 5083 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5084 run_delay(sc, 1); 5085 run_write(sc, RT2860_MAC_SYS_CTRL, 5086 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5087 } 5088 } 5089 5090 static void 5091 run_update_promisc_locked(struct run_softc *sc) 5092 { 5093 uint32_t tmp; 5094 5095 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5096 5097 tmp |= RT2860_DROP_UC_NOME; 5098 if (sc->sc_ic.ic_promisc > 0) 5099 tmp &= ~RT2860_DROP_UC_NOME; 5100 5101 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5102 5103 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5104 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5105 } 5106 5107 static void 5108 run_update_promisc(struct ieee80211com *ic) 5109 { 5110 struct run_softc *sc = ic->ic_softc; 5111 5112 if ((sc->sc_flags & RUN_RUNNING) == 0) 5113 return; 5114 5115 RUN_LOCK(sc); 5116 run_update_promisc_locked(sc); 5117 RUN_UNLOCK(sc); 5118 } 5119 5120 static void 5121 run_enable_tsf_sync(struct run_softc *sc) 5122 { 5123 struct ieee80211com *ic = &sc->sc_ic; 5124 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5125 uint32_t tmp; 5126 5127 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5128 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5129 5130 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5131 tmp &= ~0x1fffff; 5132 tmp |= vap->iv_bss->ni_intval * 16; 5133 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5134 5135 if (ic->ic_opmode == IEEE80211_M_STA) { 5136 /* 5137 * Local TSF is always updated with remote TSF on beacon 5138 * reception. 5139 */ 5140 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5141 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5142 tmp |= RT2860_BCN_TX_EN; 5143 /* 5144 * Local TSF is updated with remote TSF on beacon reception 5145 * only if the remote TSF is greater than local TSF. 5146 */ 5147 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5148 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5149 ic->ic_opmode == IEEE80211_M_MBSS) { 5150 tmp |= RT2860_BCN_TX_EN; 5151 /* SYNC with nobody */ 5152 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5153 } else { 5154 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5155 "Enabling TSF failed. undefined opmode\n"); 5156 return; 5157 } 5158 5159 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5160 } 5161 5162 static void 5163 run_enable_tsf(struct run_softc *sc) 5164 { 5165 uint32_t tmp; 5166 5167 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5168 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5169 tmp |= RT2860_TSF_TIMER_EN; 5170 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5171 } 5172 } 5173 5174 static void 5175 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5176 { 5177 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5178 sizeof(*buf)); 5179 } 5180 5181 static void 5182 run_enable_mrr(struct run_softc *sc) 5183 { 5184 #define CCK(mcs) (mcs) 5185 #define OFDM(mcs) (1 << 3 | (mcs)) 5186 run_write(sc, RT2860_LG_FBK_CFG0, 5187 OFDM(6) << 28 | /* 54->48 */ 5188 OFDM(5) << 24 | /* 48->36 */ 5189 OFDM(4) << 20 | /* 36->24 */ 5190 OFDM(3) << 16 | /* 24->18 */ 5191 OFDM(2) << 12 | /* 18->12 */ 5192 OFDM(1) << 8 | /* 12-> 9 */ 5193 OFDM(0) << 4 | /* 9-> 6 */ 5194 OFDM(0)); /* 6-> 6 */ 5195 5196 run_write(sc, RT2860_LG_FBK_CFG1, 5197 CCK(2) << 12 | /* 11->5.5 */ 5198 CCK(1) << 8 | /* 5.5-> 2 */ 5199 CCK(0) << 4 | /* 2-> 1 */ 5200 CCK(0)); /* 1-> 1 */ 5201 #undef OFDM 5202 #undef CCK 5203 } 5204 5205 static void 5206 run_set_txpreamble(struct run_softc *sc) 5207 { 5208 struct ieee80211com *ic = &sc->sc_ic; 5209 uint32_t tmp; 5210 5211 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5212 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5213 tmp |= RT2860_CCK_SHORT_EN; 5214 else 5215 tmp &= ~RT2860_CCK_SHORT_EN; 5216 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5217 } 5218 5219 static void 5220 run_set_basicrates(struct run_softc *sc) 5221 { 5222 struct ieee80211com *ic = &sc->sc_ic; 5223 5224 /* set basic rates mask */ 5225 if (ic->ic_curmode == IEEE80211_MODE_11B) 5226 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5227 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5228 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5229 else /* 11g */ 5230 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5231 } 5232 5233 static void 5234 run_set_leds(struct run_softc *sc, uint16_t which) 5235 { 5236 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5237 which | (sc->leds & 0x7f)); 5238 } 5239 5240 static void 5241 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5242 { 5243 run_write(sc, RT2860_MAC_BSSID_DW0, 5244 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5245 run_write(sc, RT2860_MAC_BSSID_DW1, 5246 bssid[4] | bssid[5] << 8); 5247 } 5248 5249 static void 5250 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5251 { 5252 run_write(sc, RT2860_MAC_ADDR_DW0, 5253 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5254 run_write(sc, RT2860_MAC_ADDR_DW1, 5255 addr[4] | addr[5] << 8 | 0xff << 16); 5256 } 5257 5258 static void 5259 run_updateslot(struct ieee80211com *ic) 5260 { 5261 struct run_softc *sc = ic->ic_softc; 5262 uint32_t i; 5263 5264 i = RUN_CMDQ_GET(&sc->cmdq_store); 5265 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5266 sc->cmdq[i].func = run_updateslot_cb; 5267 sc->cmdq[i].arg0 = ic; 5268 ieee80211_runtask(ic, &sc->cmdq_task); 5269 5270 return; 5271 } 5272 5273 /* ARGSUSED */ 5274 static void 5275 run_updateslot_cb(void *arg) 5276 { 5277 struct ieee80211com *ic = arg; 5278 struct run_softc *sc = ic->ic_softc; 5279 uint32_t tmp; 5280 5281 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5282 tmp &= ~0xff; 5283 tmp |= IEEE80211_GET_SLOTTIME(ic); 5284 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5285 } 5286 5287 static void 5288 run_update_mcast(struct ieee80211com *ic) 5289 { 5290 } 5291 5292 static int8_t 5293 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5294 { 5295 struct ieee80211com *ic = &sc->sc_ic; 5296 struct ieee80211_channel *c = ic->ic_curchan; 5297 int delta; 5298 5299 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5300 u_int chan = ieee80211_chan2ieee(ic, c); 5301 delta = sc->rssi_5ghz[rxchain]; 5302 5303 /* determine channel group */ 5304 if (chan <= 64) 5305 delta -= sc->lna[1]; 5306 else if (chan <= 128) 5307 delta -= sc->lna[2]; 5308 else 5309 delta -= sc->lna[3]; 5310 } else 5311 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5312 5313 return (-12 - delta - rssi); 5314 } 5315 5316 static void 5317 run_rt5390_bbp_init(struct run_softc *sc) 5318 { 5319 u_int i; 5320 uint8_t bbp; 5321 5322 /* Apply maximum likelihood detection for 2 stream case. */ 5323 run_bbp_read(sc, 105, &bbp); 5324 if (sc->nrxchains > 1) 5325 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5326 5327 /* Avoid data lost and CRC error. */ 5328 run_bbp_read(sc, 4, &bbp); 5329 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5330 5331 if (sc->mac_ver == 0x5592) { 5332 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5333 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5334 rt5592_def_bbp[i].val); 5335 } 5336 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5337 run_bbp_write(sc, 195, i + 0x80); 5338 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5339 } 5340 } else { 5341 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5342 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5343 rt5390_def_bbp[i].val); 5344 } 5345 } 5346 if (sc->mac_ver == 0x5392) { 5347 run_bbp_write(sc, 88, 0x90); 5348 run_bbp_write(sc, 95, 0x9a); 5349 run_bbp_write(sc, 98, 0x12); 5350 run_bbp_write(sc, 106, 0x12); 5351 run_bbp_write(sc, 134, 0xd0); 5352 run_bbp_write(sc, 135, 0xf6); 5353 run_bbp_write(sc, 148, 0x84); 5354 } 5355 5356 run_bbp_read(sc, 152, &bbp); 5357 run_bbp_write(sc, 152, bbp | 0x80); 5358 5359 /* Fix BBP254 for RT5592C. */ 5360 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5361 run_bbp_read(sc, 254, &bbp); 5362 run_bbp_write(sc, 254, bbp | 0x80); 5363 } 5364 5365 /* Disable hardware antenna diversity. */ 5366 if (sc->mac_ver == 0x5390) 5367 run_bbp_write(sc, 154, 0); 5368 5369 /* Initialize Rx CCK/OFDM frequency offset report. */ 5370 run_bbp_write(sc, 142, 1); 5371 run_bbp_write(sc, 143, 57); 5372 } 5373 5374 static int 5375 run_bbp_init(struct run_softc *sc) 5376 { 5377 int i, error, ntries; 5378 uint8_t bbp0; 5379 5380 /* wait for BBP to wake up */ 5381 for (ntries = 0; ntries < 20; ntries++) { 5382 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5383 return error; 5384 if (bbp0 != 0 && bbp0 != 0xff) 5385 break; 5386 } 5387 if (ntries == 20) 5388 return (ETIMEDOUT); 5389 5390 /* initialize BBP registers to default values */ 5391 if (sc->mac_ver >= 0x5390) 5392 run_rt5390_bbp_init(sc); 5393 else { 5394 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5395 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5396 rt2860_def_bbp[i].val); 5397 } 5398 } 5399 5400 if (sc->mac_ver == 0x3593) { 5401 run_bbp_write(sc, 79, 0x13); 5402 run_bbp_write(sc, 80, 0x05); 5403 run_bbp_write(sc, 81, 0x33); 5404 run_bbp_write(sc, 86, 0x46); 5405 run_bbp_write(sc, 137, 0x0f); 5406 } 5407 5408 /* fix BBP84 for RT2860E */ 5409 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5410 run_bbp_write(sc, 84, 0x19); 5411 5412 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5413 sc->mac_ver != 0x5592)) { 5414 run_bbp_write(sc, 79, 0x13); 5415 run_bbp_write(sc, 80, 0x05); 5416 run_bbp_write(sc, 81, 0x33); 5417 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5418 run_bbp_write(sc, 69, 0x16); 5419 run_bbp_write(sc, 73, 0x12); 5420 } 5421 return (0); 5422 } 5423 5424 static int 5425 run_rt3070_rf_init(struct run_softc *sc) 5426 { 5427 uint32_t tmp; 5428 uint8_t bbp4, mingain, rf, target; 5429 u_int i; 5430 5431 run_rt3070_rf_read(sc, 30, &rf); 5432 /* toggle RF R30 bit 7 */ 5433 run_rt3070_rf_write(sc, 30, rf | 0x80); 5434 run_delay(sc, 10); 5435 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5436 5437 /* initialize RF registers to default value */ 5438 if (sc->mac_ver == 0x3572) { 5439 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5440 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5441 rt3572_def_rf[i].val); 5442 } 5443 } else { 5444 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5445 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5446 rt3070_def_rf[i].val); 5447 } 5448 } 5449 5450 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5451 /* 5452 * Change voltage from 1.2V to 1.35V for RT3070. 5453 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5454 * in RT3070(F). 5455 */ 5456 run_read(sc, RT3070_LDO_CFG0, &tmp); 5457 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5458 run_write(sc, RT3070_LDO_CFG0, tmp); 5459 5460 } else if (sc->mac_ver == 0x3071) { 5461 run_rt3070_rf_read(sc, 6, &rf); 5462 run_rt3070_rf_write(sc, 6, rf | 0x40); 5463 run_rt3070_rf_write(sc, 31, 0x14); 5464 5465 run_read(sc, RT3070_LDO_CFG0, &tmp); 5466 tmp &= ~0x1f000000; 5467 if (sc->mac_rev < 0x0211) 5468 tmp |= 0x0d000000; /* 1.3V */ 5469 else 5470 tmp |= 0x01000000; /* 1.2V */ 5471 run_write(sc, RT3070_LDO_CFG0, tmp); 5472 5473 /* patch LNA_PE_G1 */ 5474 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5475 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5476 5477 } else if (sc->mac_ver == 0x3572) { 5478 run_rt3070_rf_read(sc, 6, &rf); 5479 run_rt3070_rf_write(sc, 6, rf | 0x40); 5480 5481 /* increase voltage from 1.2V to 1.35V */ 5482 run_read(sc, RT3070_LDO_CFG0, &tmp); 5483 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5484 run_write(sc, RT3070_LDO_CFG0, tmp); 5485 5486 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5487 run_delay(sc, 1); /* wait for 1msec */ 5488 /* decrease voltage back to 1.2V */ 5489 tmp = (tmp & ~0x1f000000) | 0x01000000; 5490 run_write(sc, RT3070_LDO_CFG0, tmp); 5491 } 5492 } 5493 5494 /* select 20MHz bandwidth */ 5495 run_rt3070_rf_read(sc, 31, &rf); 5496 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5497 5498 /* calibrate filter for 20MHz bandwidth */ 5499 sc->rf24_20mhz = 0x1f; /* default value */ 5500 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5501 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5502 5503 /* select 40MHz bandwidth */ 5504 run_bbp_read(sc, 4, &bbp4); 5505 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5506 run_rt3070_rf_read(sc, 31, &rf); 5507 run_rt3070_rf_write(sc, 31, rf | 0x20); 5508 5509 /* calibrate filter for 40MHz bandwidth */ 5510 sc->rf24_40mhz = 0x2f; /* default value */ 5511 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5512 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5513 5514 /* go back to 20MHz bandwidth */ 5515 run_bbp_read(sc, 4, &bbp4); 5516 run_bbp_write(sc, 4, bbp4 & ~0x18); 5517 5518 if (sc->mac_ver == 0x3572) { 5519 /* save default BBP registers 25 and 26 values */ 5520 run_bbp_read(sc, 25, &sc->bbp25); 5521 run_bbp_read(sc, 26, &sc->bbp26); 5522 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5523 run_rt3070_rf_write(sc, 27, 0x03); 5524 5525 run_read(sc, RT3070_OPT_14, &tmp); 5526 run_write(sc, RT3070_OPT_14, tmp | 1); 5527 5528 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5529 run_rt3070_rf_read(sc, 17, &rf); 5530 rf &= ~RT3070_TX_LO1; 5531 if ((sc->mac_ver == 0x3070 || 5532 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5533 !sc->ext_2ghz_lna) 5534 rf |= 0x20; /* fix for long range Rx issue */ 5535 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5536 if (sc->txmixgain_2ghz >= mingain) 5537 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5538 run_rt3070_rf_write(sc, 17, rf); 5539 } 5540 5541 if (sc->mac_ver == 0x3071) { 5542 run_rt3070_rf_read(sc, 1, &rf); 5543 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5544 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5545 run_rt3070_rf_write(sc, 1, rf); 5546 5547 run_rt3070_rf_read(sc, 15, &rf); 5548 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5549 5550 run_rt3070_rf_read(sc, 20, &rf); 5551 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5552 5553 run_rt3070_rf_read(sc, 21, &rf); 5554 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5555 } 5556 5557 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5558 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5559 run_rt3070_rf_read(sc, 27, &rf); 5560 rf &= ~0x77; 5561 if (sc->mac_rev < 0x0211) 5562 rf |= 0x03; 5563 run_rt3070_rf_write(sc, 27, rf); 5564 } 5565 return (0); 5566 } 5567 5568 static void 5569 run_rt3593_rf_init(struct run_softc *sc) 5570 { 5571 uint32_t tmp; 5572 uint8_t rf; 5573 u_int i; 5574 5575 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5576 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5577 tmp &= ~(1 << 4 | 1 << 7); 5578 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5579 5580 /* Initialize RF registers to default value. */ 5581 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5582 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5583 rt3593_def_rf[i].val); 5584 } 5585 5586 /* Toggle RF R2 to initiate calibration. */ 5587 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5588 5589 /* Initialize RF frequency offset. */ 5590 run_adjust_freq_offset(sc); 5591 5592 run_rt3070_rf_read(sc, 18, &rf); 5593 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5594 5595 /* 5596 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5597 * decrease voltage back to 1.2V. 5598 */ 5599 run_read(sc, RT3070_LDO_CFG0, &tmp); 5600 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5601 run_write(sc, RT3070_LDO_CFG0, tmp); 5602 run_delay(sc, 1); 5603 tmp = (tmp & ~0x1f000000) | 0x01000000; 5604 run_write(sc, RT3070_LDO_CFG0, tmp); 5605 5606 sc->rf24_20mhz = 0x1f; 5607 sc->rf24_40mhz = 0x2f; 5608 5609 /* Save default BBP registers 25 and 26 values. */ 5610 run_bbp_read(sc, 25, &sc->bbp25); 5611 run_bbp_read(sc, 26, &sc->bbp26); 5612 5613 run_read(sc, RT3070_OPT_14, &tmp); 5614 run_write(sc, RT3070_OPT_14, tmp | 1); 5615 } 5616 5617 static void 5618 run_rt5390_rf_init(struct run_softc *sc) 5619 { 5620 uint32_t tmp; 5621 uint8_t rf; 5622 u_int i; 5623 5624 /* Toggle RF R2 to initiate calibration. */ 5625 if (sc->mac_ver == 0x5390) { 5626 run_rt3070_rf_read(sc, 2, &rf); 5627 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5628 run_delay(sc, 10); 5629 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5630 } else { 5631 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5632 run_delay(sc, 10); 5633 } 5634 5635 /* Initialize RF registers to default value. */ 5636 if (sc->mac_ver == 0x5592) { 5637 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5638 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5639 rt5592_def_rf[i].val); 5640 } 5641 /* Initialize RF frequency offset. */ 5642 run_adjust_freq_offset(sc); 5643 } else if (sc->mac_ver == 0x5392) { 5644 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5645 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5646 rt5392_def_rf[i].val); 5647 } 5648 if (sc->mac_rev >= 0x0223) { 5649 run_rt3070_rf_write(sc, 23, 0x0f); 5650 run_rt3070_rf_write(sc, 24, 0x3e); 5651 run_rt3070_rf_write(sc, 51, 0x32); 5652 run_rt3070_rf_write(sc, 53, 0x22); 5653 run_rt3070_rf_write(sc, 56, 0xc1); 5654 run_rt3070_rf_write(sc, 59, 0x0f); 5655 } 5656 } else { 5657 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5658 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5659 rt5390_def_rf[i].val); 5660 } 5661 if (sc->mac_rev >= 0x0502) { 5662 run_rt3070_rf_write(sc, 6, 0xe0); 5663 run_rt3070_rf_write(sc, 25, 0x80); 5664 run_rt3070_rf_write(sc, 46, 0x73); 5665 run_rt3070_rf_write(sc, 53, 0x00); 5666 run_rt3070_rf_write(sc, 56, 0x42); 5667 run_rt3070_rf_write(sc, 61, 0xd1); 5668 } 5669 } 5670 5671 sc->rf24_20mhz = 0x1f; /* default value */ 5672 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5673 5674 if (sc->mac_rev < 0x0211) 5675 run_rt3070_rf_write(sc, 27, 0x3); 5676 5677 run_read(sc, RT3070_OPT_14, &tmp); 5678 run_write(sc, RT3070_OPT_14, tmp | 1); 5679 } 5680 5681 static int 5682 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5683 uint8_t *val) 5684 { 5685 uint8_t rf22, rf24; 5686 uint8_t bbp55_pb, bbp55_sb, delta; 5687 int ntries; 5688 5689 /* program filter */ 5690 run_rt3070_rf_read(sc, 24, &rf24); 5691 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5692 run_rt3070_rf_write(sc, 24, rf24); 5693 5694 /* enable baseband loopback mode */ 5695 run_rt3070_rf_read(sc, 22, &rf22); 5696 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5697 5698 /* set power and frequency of passband test tone */ 5699 run_bbp_write(sc, 24, 0x00); 5700 for (ntries = 0; ntries < 100; ntries++) { 5701 /* transmit test tone */ 5702 run_bbp_write(sc, 25, 0x90); 5703 run_delay(sc, 10); 5704 /* read received power */ 5705 run_bbp_read(sc, 55, &bbp55_pb); 5706 if (bbp55_pb != 0) 5707 break; 5708 } 5709 if (ntries == 100) 5710 return (ETIMEDOUT); 5711 5712 /* set power and frequency of stopband test tone */ 5713 run_bbp_write(sc, 24, 0x06); 5714 for (ntries = 0; ntries < 100; ntries++) { 5715 /* transmit test tone */ 5716 run_bbp_write(sc, 25, 0x90); 5717 run_delay(sc, 10); 5718 /* read received power */ 5719 run_bbp_read(sc, 55, &bbp55_sb); 5720 5721 delta = bbp55_pb - bbp55_sb; 5722 if (delta > target) 5723 break; 5724 5725 /* reprogram filter */ 5726 rf24++; 5727 run_rt3070_rf_write(sc, 24, rf24); 5728 } 5729 if (ntries < 100) { 5730 if (rf24 != init) 5731 rf24--; /* backtrack */ 5732 *val = rf24; 5733 run_rt3070_rf_write(sc, 24, rf24); 5734 } 5735 5736 /* restore initial state */ 5737 run_bbp_write(sc, 24, 0x00); 5738 5739 /* disable baseband loopback mode */ 5740 run_rt3070_rf_read(sc, 22, &rf22); 5741 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5742 5743 return (0); 5744 } 5745 5746 static void 5747 run_rt3070_rf_setup(struct run_softc *sc) 5748 { 5749 uint8_t bbp, rf; 5750 int i; 5751 5752 if (sc->mac_ver == 0x3572) { 5753 /* enable DC filter */ 5754 if (sc->mac_rev >= 0x0201) 5755 run_bbp_write(sc, 103, 0xc0); 5756 5757 run_bbp_read(sc, 138, &bbp); 5758 if (sc->ntxchains == 1) 5759 bbp |= 0x20; /* turn off DAC1 */ 5760 if (sc->nrxchains == 1) 5761 bbp &= ~0x02; /* turn off ADC1 */ 5762 run_bbp_write(sc, 138, bbp); 5763 5764 if (sc->mac_rev >= 0x0211) { 5765 /* improve power consumption */ 5766 run_bbp_read(sc, 31, &bbp); 5767 run_bbp_write(sc, 31, bbp & ~0x03); 5768 } 5769 5770 run_rt3070_rf_read(sc, 16, &rf); 5771 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5772 run_rt3070_rf_write(sc, 16, rf); 5773 5774 } else if (sc->mac_ver == 0x3071) { 5775 if (sc->mac_rev >= 0x0211) { 5776 /* enable DC filter */ 5777 run_bbp_write(sc, 103, 0xc0); 5778 5779 /* improve power consumption */ 5780 run_bbp_read(sc, 31, &bbp); 5781 run_bbp_write(sc, 31, bbp & ~0x03); 5782 } 5783 5784 run_bbp_read(sc, 138, &bbp); 5785 if (sc->ntxchains == 1) 5786 bbp |= 0x20; /* turn off DAC1 */ 5787 if (sc->nrxchains == 1) 5788 bbp &= ~0x02; /* turn off ADC1 */ 5789 run_bbp_write(sc, 138, bbp); 5790 5791 run_write(sc, RT2860_TX_SW_CFG1, 0); 5792 if (sc->mac_rev < 0x0211) { 5793 run_write(sc, RT2860_TX_SW_CFG2, 5794 sc->patch_dac ? 0x2c : 0x0f); 5795 } else 5796 run_write(sc, RT2860_TX_SW_CFG2, 0); 5797 5798 } else if (sc->mac_ver == 0x3070) { 5799 if (sc->mac_rev >= 0x0201) { 5800 /* enable DC filter */ 5801 run_bbp_write(sc, 103, 0xc0); 5802 5803 /* improve power consumption */ 5804 run_bbp_read(sc, 31, &bbp); 5805 run_bbp_write(sc, 31, bbp & ~0x03); 5806 } 5807 5808 if (sc->mac_rev < 0x0201) { 5809 run_write(sc, RT2860_TX_SW_CFG1, 0); 5810 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5811 } else 5812 run_write(sc, RT2860_TX_SW_CFG2, 0); 5813 } 5814 5815 /* initialize RF registers from ROM for >=RT3071*/ 5816 if (sc->mac_ver >= 0x3071) { 5817 for (i = 0; i < 10; i++) { 5818 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5819 continue; 5820 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5821 } 5822 } 5823 } 5824 5825 static void 5826 run_rt3593_rf_setup(struct run_softc *sc) 5827 { 5828 uint8_t bbp, rf; 5829 5830 if (sc->mac_rev >= 0x0211) { 5831 /* Enable DC filter. */ 5832 run_bbp_write(sc, 103, 0xc0); 5833 } 5834 run_write(sc, RT2860_TX_SW_CFG1, 0); 5835 if (sc->mac_rev < 0x0211) { 5836 run_write(sc, RT2860_TX_SW_CFG2, 5837 sc->patch_dac ? 0x2c : 0x0f); 5838 } else 5839 run_write(sc, RT2860_TX_SW_CFG2, 0); 5840 5841 run_rt3070_rf_read(sc, 50, &rf); 5842 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5843 5844 run_rt3070_rf_read(sc, 51, &rf); 5845 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5846 ((sc->txmixgain_2ghz & 0x07) << 2); 5847 run_rt3070_rf_write(sc, 51, rf); 5848 5849 run_rt3070_rf_read(sc, 38, &rf); 5850 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5851 5852 run_rt3070_rf_read(sc, 39, &rf); 5853 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5854 5855 run_rt3070_rf_read(sc, 1, &rf); 5856 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5857 5858 run_rt3070_rf_read(sc, 30, &rf); 5859 rf = (rf & ~0x18) | 0x10; 5860 run_rt3070_rf_write(sc, 30, rf); 5861 5862 /* Apply maximum likelihood detection for 2 stream case. */ 5863 run_bbp_read(sc, 105, &bbp); 5864 if (sc->nrxchains > 1) 5865 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5866 5867 /* Avoid data lost and CRC error. */ 5868 run_bbp_read(sc, 4, &bbp); 5869 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5870 5871 run_bbp_write(sc, 92, 0x02); 5872 run_bbp_write(sc, 82, 0x82); 5873 run_bbp_write(sc, 106, 0x05); 5874 run_bbp_write(sc, 104, 0x92); 5875 run_bbp_write(sc, 88, 0x90); 5876 run_bbp_write(sc, 148, 0xc8); 5877 run_bbp_write(sc, 47, 0x48); 5878 run_bbp_write(sc, 120, 0x50); 5879 5880 run_bbp_write(sc, 163, 0x9d); 5881 5882 /* SNR mapping. */ 5883 run_bbp_write(sc, 142, 0x06); 5884 run_bbp_write(sc, 143, 0xa0); 5885 run_bbp_write(sc, 142, 0x07); 5886 run_bbp_write(sc, 143, 0xa1); 5887 run_bbp_write(sc, 142, 0x08); 5888 run_bbp_write(sc, 143, 0xa2); 5889 5890 run_bbp_write(sc, 31, 0x08); 5891 run_bbp_write(sc, 68, 0x0b); 5892 run_bbp_write(sc, 105, 0x04); 5893 } 5894 5895 static void 5896 run_rt5390_rf_setup(struct run_softc *sc) 5897 { 5898 uint8_t bbp, rf; 5899 5900 if (sc->mac_rev >= 0x0211) { 5901 /* Enable DC filter. */ 5902 run_bbp_write(sc, 103, 0xc0); 5903 5904 if (sc->mac_ver != 0x5592) { 5905 /* Improve power consumption. */ 5906 run_bbp_read(sc, 31, &bbp); 5907 run_bbp_write(sc, 31, bbp & ~0x03); 5908 } 5909 } 5910 5911 run_bbp_read(sc, 138, &bbp); 5912 if (sc->ntxchains == 1) 5913 bbp |= 0x20; /* turn off DAC1 */ 5914 if (sc->nrxchains == 1) 5915 bbp &= ~0x02; /* turn off ADC1 */ 5916 run_bbp_write(sc, 138, bbp); 5917 5918 run_rt3070_rf_read(sc, 38, &rf); 5919 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5920 5921 run_rt3070_rf_read(sc, 39, &rf); 5922 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5923 5924 /* Avoid data lost and CRC error. */ 5925 run_bbp_read(sc, 4, &bbp); 5926 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5927 5928 run_rt3070_rf_read(sc, 30, &rf); 5929 rf = (rf & ~0x18) | 0x10; 5930 run_rt3070_rf_write(sc, 30, rf); 5931 5932 if (sc->mac_ver != 0x5592) { 5933 run_write(sc, RT2860_TX_SW_CFG1, 0); 5934 if (sc->mac_rev < 0x0211) { 5935 run_write(sc, RT2860_TX_SW_CFG2, 5936 sc->patch_dac ? 0x2c : 0x0f); 5937 } else 5938 run_write(sc, RT2860_TX_SW_CFG2, 0); 5939 } 5940 } 5941 5942 static int 5943 run_txrx_enable(struct run_softc *sc) 5944 { 5945 struct ieee80211com *ic = &sc->sc_ic; 5946 uint32_t tmp; 5947 int error, ntries; 5948 5949 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5950 for (ntries = 0; ntries < 200; ntries++) { 5951 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5952 return (error); 5953 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5954 break; 5955 run_delay(sc, 50); 5956 } 5957 if (ntries == 200) 5958 return (ETIMEDOUT); 5959 5960 run_delay(sc, 50); 5961 5962 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5963 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5964 5965 /* enable Rx bulk aggregation (set timeout and limit) */ 5966 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5967 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5968 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5969 5970 /* set Rx filter */ 5971 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5972 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5973 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5974 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5975 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5976 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5977 if (ic->ic_opmode == IEEE80211_M_STA) 5978 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5979 } 5980 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5981 5982 run_write(sc, RT2860_MAC_SYS_CTRL, 5983 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5984 5985 return (0); 5986 } 5987 5988 static void 5989 run_adjust_freq_offset(struct run_softc *sc) 5990 { 5991 uint8_t rf, tmp; 5992 5993 run_rt3070_rf_read(sc, 17, &rf); 5994 tmp = rf; 5995 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5996 rf = MIN(rf, 0x5f); 5997 5998 if (tmp != rf) 5999 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6000 } 6001 6002 static void 6003 run_init_locked(struct run_softc *sc) 6004 { 6005 struct ieee80211com *ic = &sc->sc_ic; 6006 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6007 uint32_t tmp; 6008 uint8_t bbp1, bbp3; 6009 int i; 6010 int ridx; 6011 int ntries; 6012 6013 if (ic->ic_nrunning > 1) 6014 return; 6015 6016 run_stop(sc); 6017 6018 if (run_load_microcode(sc) != 0) { 6019 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6020 goto fail; 6021 } 6022 6023 for (ntries = 0; ntries < 100; ntries++) { 6024 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6025 goto fail; 6026 if (tmp != 0 && tmp != 0xffffffff) 6027 break; 6028 run_delay(sc, 10); 6029 } 6030 if (ntries == 100) 6031 goto fail; 6032 6033 for (i = 0; i != RUN_EP_QUEUES; i++) 6034 run_setup_tx_list(sc, &sc->sc_epq[i]); 6035 6036 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6037 6038 for (ntries = 0; ntries < 100; ntries++) { 6039 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6040 goto fail; 6041 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6042 break; 6043 run_delay(sc, 10); 6044 } 6045 if (ntries == 100) { 6046 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6047 goto fail; 6048 } 6049 tmp &= 0xff0; 6050 tmp |= RT2860_TX_WB_DDONE; 6051 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6052 6053 /* turn off PME_OEN to solve high-current issue */ 6054 run_read(sc, RT2860_SYS_CTRL, &tmp); 6055 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6056 6057 run_write(sc, RT2860_MAC_SYS_CTRL, 6058 RT2860_BBP_HRST | RT2860_MAC_SRST); 6059 run_write(sc, RT2860_USB_DMA_CFG, 0); 6060 6061 if (run_reset(sc) != 0) { 6062 device_printf(sc->sc_dev, "could not reset chipset\n"); 6063 goto fail; 6064 } 6065 6066 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6067 6068 /* init Tx power for all Tx rates (from EEPROM) */ 6069 for (ridx = 0; ridx < 5; ridx++) { 6070 if (sc->txpow20mhz[ridx] == 0xffffffff) 6071 continue; 6072 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6073 } 6074 6075 for (i = 0; i < nitems(rt2870_def_mac); i++) 6076 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6077 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6078 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6079 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6080 6081 if (sc->mac_ver >= 0x5390) { 6082 run_write(sc, RT2860_TX_SW_CFG0, 6083 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6084 if (sc->mac_ver >= 0x5392) { 6085 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6086 if (sc->mac_ver == 0x5592) { 6087 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6088 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6089 } else { 6090 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6091 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6092 } 6093 } 6094 } else if (sc->mac_ver == 0x3593) { 6095 run_write(sc, RT2860_TX_SW_CFG0, 6096 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6097 } else if (sc->mac_ver >= 0x3070) { 6098 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6099 run_write(sc, RT2860_TX_SW_CFG0, 6100 4 << RT2860_DLY_PAPE_EN_SHIFT); 6101 } 6102 6103 /* wait while MAC is busy */ 6104 for (ntries = 0; ntries < 100; ntries++) { 6105 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6106 goto fail; 6107 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6108 break; 6109 run_delay(sc, 10); 6110 } 6111 if (ntries == 100) 6112 goto fail; 6113 6114 /* clear Host to MCU mailbox */ 6115 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6116 run_write(sc, RT2860_H2M_MAILBOX, 0); 6117 run_delay(sc, 10); 6118 6119 if (run_bbp_init(sc) != 0) { 6120 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6121 goto fail; 6122 } 6123 6124 /* abort TSF synchronization */ 6125 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6126 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6127 RT2860_TBTT_TIMER_EN); 6128 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6129 6130 /* clear RX WCID search table */ 6131 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6132 /* clear WCID attribute table */ 6133 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6134 6135 /* hostapd sets a key before init. So, don't clear it. */ 6136 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6137 /* clear shared key table */ 6138 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6139 /* clear shared key mode */ 6140 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6141 } 6142 6143 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6144 tmp = (tmp & ~0xff) | 0x1e; 6145 run_write(sc, RT2860_US_CYC_CNT, tmp); 6146 6147 if (sc->mac_rev != 0x0101) 6148 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6149 6150 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6151 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6152 6153 /* write vendor-specific BBP values (from EEPROM) */ 6154 if (sc->mac_ver < 0x3593) { 6155 for (i = 0; i < 10; i++) { 6156 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6157 continue; 6158 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6159 } 6160 } 6161 6162 /* select Main antenna for 1T1R devices */ 6163 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6164 run_set_rx_antenna(sc, 0); 6165 6166 /* send LEDs operating mode to microcontroller */ 6167 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6168 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6169 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6170 6171 if (sc->mac_ver >= 0x5390) 6172 run_rt5390_rf_init(sc); 6173 else if (sc->mac_ver == 0x3593) 6174 run_rt3593_rf_init(sc); 6175 else if (sc->mac_ver >= 0x3070) 6176 run_rt3070_rf_init(sc); 6177 6178 /* disable non-existing Rx chains */ 6179 run_bbp_read(sc, 3, &bbp3); 6180 bbp3 &= ~(1 << 3 | 1 << 4); 6181 if (sc->nrxchains == 2) 6182 bbp3 |= 1 << 3; 6183 else if (sc->nrxchains == 3) 6184 bbp3 |= 1 << 4; 6185 run_bbp_write(sc, 3, bbp3); 6186 6187 /* disable non-existing Tx chains */ 6188 run_bbp_read(sc, 1, &bbp1); 6189 if (sc->ntxchains == 1) 6190 bbp1 &= ~(1 << 3 | 1 << 4); 6191 run_bbp_write(sc, 1, bbp1); 6192 6193 if (sc->mac_ver >= 0x5390) 6194 run_rt5390_rf_setup(sc); 6195 else if (sc->mac_ver == 0x3593) 6196 run_rt3593_rf_setup(sc); 6197 else if (sc->mac_ver >= 0x3070) 6198 run_rt3070_rf_setup(sc); 6199 6200 /* select default channel */ 6201 run_set_chan(sc, ic->ic_curchan); 6202 6203 /* setup initial protection mode */ 6204 run_updateprot_cb(ic); 6205 6206 /* turn radio LED on */ 6207 run_set_leds(sc, RT2860_LED_RADIO); 6208 6209 sc->sc_flags |= RUN_RUNNING; 6210 sc->cmdq_run = RUN_CMDQ_GO; 6211 6212 for (i = 0; i != RUN_N_XFER; i++) 6213 usbd_xfer_set_stall(sc->sc_xfer[i]); 6214 6215 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6216 6217 if (run_txrx_enable(sc) != 0) 6218 goto fail; 6219 6220 return; 6221 6222 fail: 6223 run_stop(sc); 6224 } 6225 6226 static void 6227 run_stop(void *arg) 6228 { 6229 struct run_softc *sc = (struct run_softc *)arg; 6230 uint32_t tmp; 6231 int i; 6232 int ntries; 6233 6234 RUN_LOCK_ASSERT(sc, MA_OWNED); 6235 6236 if (sc->sc_flags & RUN_RUNNING) 6237 run_set_leds(sc, 0); /* turn all LEDs off */ 6238 6239 sc->sc_flags &= ~RUN_RUNNING; 6240 6241 sc->ratectl_run = RUN_RATECTL_OFF; 6242 sc->cmdq_run = sc->cmdq_key_set; 6243 6244 RUN_UNLOCK(sc); 6245 6246 for(i = 0; i < RUN_N_XFER; i++) 6247 usbd_transfer_drain(sc->sc_xfer[i]); 6248 6249 RUN_LOCK(sc); 6250 6251 run_drain_mbufq(sc); 6252 6253 if (sc->rx_m != NULL) { 6254 m_free(sc->rx_m); 6255 sc->rx_m = NULL; 6256 } 6257 6258 /* Disable Tx/Rx DMA. */ 6259 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6260 return; 6261 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6262 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6263 6264 for (ntries = 0; ntries < 100; ntries++) { 6265 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6266 return; 6267 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6268 break; 6269 run_delay(sc, 10); 6270 } 6271 if (ntries == 100) { 6272 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6273 return; 6274 } 6275 6276 /* disable Tx/Rx */ 6277 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6278 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6279 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6280 6281 /* wait for pending Tx to complete */ 6282 for (ntries = 0; ntries < 100; ntries++) { 6283 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6284 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6285 "Cannot read Tx queue count\n"); 6286 break; 6287 } 6288 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6289 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6290 "All Tx cleared\n"); 6291 break; 6292 } 6293 run_delay(sc, 10); 6294 } 6295 if (ntries >= 100) 6296 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6297 "There are still pending Tx\n"); 6298 run_delay(sc, 10); 6299 run_write(sc, RT2860_USB_DMA_CFG, 0); 6300 6301 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6302 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6303 6304 for (i = 0; i != RUN_EP_QUEUES; i++) 6305 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6306 } 6307 6308 static void 6309 run_delay(struct run_softc *sc, u_int ms) 6310 { 6311 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6312 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6313 } 6314 6315 static device_method_t run_methods[] = { 6316 /* Device interface */ 6317 DEVMETHOD(device_probe, run_match), 6318 DEVMETHOD(device_attach, run_attach), 6319 DEVMETHOD(device_detach, run_detach), 6320 DEVMETHOD_END 6321 }; 6322 6323 static driver_t run_driver = { 6324 .name = "run", 6325 .methods = run_methods, 6326 .size = sizeof(struct run_softc) 6327 }; 6328 6329 static devclass_t run_devclass; 6330 6331 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6332 MODULE_DEPEND(run, wlan, 1, 1, 1); 6333 MODULE_DEPEND(run, usb, 1, 1, 1); 6334 MODULE_DEPEND(run, firmware, 1, 1, 1); 6335 MODULE_VERSION(run, 1); 6336 USB_PNP_HOST_INFO(run_devs); 6337