1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/cdefs.h> 20 __FBSDID("$FreeBSD$"); 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mutex.h> 32 #include <sys/mbuf.h> 33 #include <sys/kernel.h> 34 #include <sys/socket.h> 35 #include <sys/systm.h> 36 #include <sys/malloc.h> 37 #include <sys/module.h> 38 #include <sys/bus.h> 39 #include <sys/endian.h> 40 #include <sys/linker.h> 41 #include <sys/firmware.h> 42 #include <sys/kdb.h> 43 44 #include <machine/bus.h> 45 #include <machine/resource.h> 46 #include <sys/rman.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_arp.h> 51 #include <net/ethernet.h> 52 #include <net/if_dl.h> 53 #include <net/if_media.h> 54 #include <net/if_types.h> 55 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/if_ether.h> 60 #include <netinet/ip.h> 61 62 #include <net80211/ieee80211_var.h> 63 #include <net80211/ieee80211_regdomain.h> 64 #include <net80211/ieee80211_radiotap.h> 65 #include <net80211/ieee80211_ratectl.h> 66 67 #include <dev/usb/usb.h> 68 #include <dev/usb/usbdi.h> 69 #include "usbdevs.h" 70 71 #define USB_DEBUG_VAR run_debug 72 #include <dev/usb/usb_debug.h> 73 74 #include "if_runreg.h" 75 #include "if_runvar.h" 76 77 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88 #endif 89 90 #define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const struct usb_device_id run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS2, USBN11), 140 RUN_DEV(AZUREWAVE, RT2870_1), 141 RUN_DEV(AZUREWAVE, RT2870_2), 142 RUN_DEV(AZUREWAVE, RT3070_1), 143 RUN_DEV(AZUREWAVE, RT3070_2), 144 RUN_DEV(AZUREWAVE, RT3070_3), 145 RUN_DEV(BELKIN, F5D8053V3), 146 RUN_DEV(BELKIN, F5D8055), 147 RUN_DEV(BELKIN, F6D4050V1), 148 RUN_DEV(BELKIN, RT2870_1), 149 RUN_DEV(BELKIN, RT2870_2), 150 RUN_DEV(CISCOLINKSYS2, RT3070), 151 RUN_DEV(CISCOLINKSYS3, RT3070), 152 RUN_DEV(CONCEPTRONIC2, RT2870_1), 153 RUN_DEV(CONCEPTRONIC2, RT2870_2), 154 RUN_DEV(CONCEPTRONIC2, RT2870_3), 155 RUN_DEV(CONCEPTRONIC2, RT2870_4), 156 RUN_DEV(CONCEPTRONIC2, RT2870_5), 157 RUN_DEV(CONCEPTRONIC2, RT2870_6), 158 RUN_DEV(CONCEPTRONIC2, RT2870_7), 159 RUN_DEV(CONCEPTRONIC2, RT2870_8), 160 RUN_DEV(CONCEPTRONIC2, RT3070_1), 161 RUN_DEV(CONCEPTRONIC2, RT3070_2), 162 RUN_DEV(CONCEPTRONIC2, VIGORN61), 163 RUN_DEV(COREGA, CGWLUSB300GNM), 164 RUN_DEV(COREGA, RT2870_1), 165 RUN_DEV(COREGA, RT2870_2), 166 RUN_DEV(COREGA, RT2870_3), 167 RUN_DEV(COREGA, RT3070), 168 RUN_DEV(CYBERTAN, RT2870), 169 RUN_DEV(DLINK, RT2870), 170 RUN_DEV(DLINK, RT3072), 171 RUN_DEV(DLINK2, DWA130), 172 RUN_DEV(DLINK2, RT2870_1), 173 RUN_DEV(DLINK2, RT2870_2), 174 RUN_DEV(DLINK2, RT3070_1), 175 RUN_DEV(DLINK2, RT3070_2), 176 RUN_DEV(DLINK2, RT3070_3), 177 RUN_DEV(DLINK2, RT3070_4), 178 RUN_DEV(DLINK2, RT3070_5), 179 RUN_DEV(DLINK2, RT3072), 180 RUN_DEV(DLINK2, RT3072_1), 181 RUN_DEV(EDIMAX, EW7717), 182 RUN_DEV(EDIMAX, EW7718), 183 RUN_DEV(EDIMAX, RT2870_1), 184 RUN_DEV(ENCORE, RT3070_1), 185 RUN_DEV(ENCORE, RT3070_2), 186 RUN_DEV(ENCORE, RT3070_3), 187 RUN_DEV(GIGABYTE, GNWB31N), 188 RUN_DEV(GIGABYTE, GNWB32L), 189 RUN_DEV(GIGABYTE, RT2870_1), 190 RUN_DEV(GIGASET, RT3070_1), 191 RUN_DEV(GIGASET, RT3070_2), 192 RUN_DEV(GUILLEMOT, HWNU300), 193 RUN_DEV(HAWKING, HWUN2), 194 RUN_DEV(HAWKING, RT2870_1), 195 RUN_DEV(HAWKING, RT2870_2), 196 RUN_DEV(HAWKING, RT3070), 197 RUN_DEV(IODATA, RT3072_1), 198 RUN_DEV(IODATA, RT3072_2), 199 RUN_DEV(IODATA, RT3072_3), 200 RUN_DEV(IODATA, RT3072_4), 201 RUN_DEV(LINKSYS4, RT3070), 202 RUN_DEV(LINKSYS4, WUSB100), 203 RUN_DEV(LINKSYS4, WUSB54GCV3), 204 RUN_DEV(LINKSYS4, WUSB600N), 205 RUN_DEV(LINKSYS4, WUSB600NV2), 206 RUN_DEV(LOGITEC, RT2870_1), 207 RUN_DEV(LOGITEC, RT2870_2), 208 RUN_DEV(LOGITEC, RT2870_3), 209 RUN_DEV(MELCO, RT2870_1), 210 RUN_DEV(MELCO, RT2870_2), 211 RUN_DEV(MELCO, WLIUCAG300N), 212 RUN_DEV(MELCO, WLIUCG300N), 213 RUN_DEV(MELCO, WLIUCGN), 214 RUN_DEV(MOTOROLA4, RT2770), 215 RUN_DEV(MOTOROLA4, RT3070), 216 RUN_DEV(MSI, RT3070_1), 217 RUN_DEV(MSI, RT3070_2), 218 RUN_DEV(MSI, RT3070_3), 219 RUN_DEV(MSI, RT3070_4), 220 RUN_DEV(MSI, RT3070_5), 221 RUN_DEV(MSI, RT3070_6), 222 RUN_DEV(MSI, RT3070_7), 223 RUN_DEV(MSI, RT3070_8), 224 RUN_DEV(MSI, RT3070_9), 225 RUN_DEV(MSI, RT3070_10), 226 RUN_DEV(MSI, RT3070_11), 227 RUN_DEV(OVISLINK, RT3072), 228 RUN_DEV(PARA, RT3070), 229 RUN_DEV(PEGATRON, RT2870), 230 RUN_DEV(PEGATRON, RT3070), 231 RUN_DEV(PEGATRON, RT3070_2), 232 RUN_DEV(PEGATRON, RT3070_3), 233 RUN_DEV(PHILIPS, RT2870), 234 RUN_DEV(PLANEX2, GWUS300MINIS), 235 RUN_DEV(PLANEX2, GWUSMICRON), 236 RUN_DEV(PLANEX2, RT2870), 237 RUN_DEV(PLANEX2, RT3070), 238 RUN_DEV(QCOM, RT2870), 239 RUN_DEV(QUANTA, RT3070), 240 RUN_DEV(RALINK, RT2070), 241 RUN_DEV(RALINK, RT2770), 242 RUN_DEV(RALINK, RT2870), 243 RUN_DEV(RALINK, RT3070), 244 RUN_DEV(RALINK, RT3071), 245 RUN_DEV(RALINK, RT3072), 246 RUN_DEV(RALINK, RT3370), 247 RUN_DEV(RALINK, RT3572), 248 RUN_DEV(RALINK, RT8070), 249 RUN_DEV(SAMSUNG2, RT2870_1), 250 RUN_DEV(SENAO, RT2870_1), 251 RUN_DEV(SENAO, RT2870_2), 252 RUN_DEV(SENAO, RT2870_3), 253 RUN_DEV(SENAO, RT2870_4), 254 RUN_DEV(SENAO, RT3070), 255 RUN_DEV(SENAO, RT3071), 256 RUN_DEV(SENAO, RT3072_1), 257 RUN_DEV(SENAO, RT3072_2), 258 RUN_DEV(SENAO, RT3072_3), 259 RUN_DEV(SENAO, RT3072_4), 260 RUN_DEV(SENAO, RT3072_5), 261 RUN_DEV(SITECOMEU, RT2770), 262 RUN_DEV(SITECOMEU, RT2870_1), 263 RUN_DEV(SITECOMEU, RT2870_2), 264 RUN_DEV(SITECOMEU, RT2870_3), 265 RUN_DEV(SITECOMEU, RT2870_4), 266 RUN_DEV(SITECOMEU, RT3070), 267 RUN_DEV(SITECOMEU, RT3070_2), 268 RUN_DEV(SITECOMEU, RT3070_3), 269 RUN_DEV(SITECOMEU, RT3070_4), 270 RUN_DEV(SITECOMEU, RT3071), 271 RUN_DEV(SITECOMEU, RT3072_1), 272 RUN_DEV(SITECOMEU, RT3072_2), 273 RUN_DEV(SITECOMEU, RT3072_3), 274 RUN_DEV(SITECOMEU, RT3072_4), 275 RUN_DEV(SITECOMEU, RT3072_5), 276 RUN_DEV(SITECOMEU, RT3072_6), 277 RUN_DEV(SITECOMEU, WL608), 278 RUN_DEV(SPARKLAN, RT2870_1), 279 RUN_DEV(SPARKLAN, RT3070), 280 RUN_DEV(SWEEX2, LW153), 281 RUN_DEV(SWEEX2, LW303), 282 RUN_DEV(SWEEX2, LW313), 283 RUN_DEV(TOSHIBA, RT3070), 284 RUN_DEV(UMEDIA, RT2870_1), 285 RUN_DEV(ZCOM, RT2870_1), 286 RUN_DEV(ZCOM, RT2870_2), 287 RUN_DEV(ZINWELL, RT2870_1), 288 RUN_DEV(ZINWELL, RT2870_2), 289 RUN_DEV(ZINWELL, RT3070), 290 RUN_DEV(ZINWELL, RT3072_1), 291 RUN_DEV(ZINWELL, RT3072_2), 292 RUN_DEV(ZYXEL, RT2870_1), 293 RUN_DEV(ZYXEL, RT2870_2), 294 #undef RUN_DEV 295 }; 296 297 MODULE_DEPEND(run, wlan, 1, 1, 1); 298 MODULE_DEPEND(run, usb, 1, 1, 1); 299 MODULE_DEPEND(run, firmware, 1, 1, 1); 300 301 static device_probe_t run_match; 302 static device_attach_t run_attach; 303 static device_detach_t run_detach; 304 305 static usb_callback_t run_bulk_rx_callback; 306 static usb_callback_t run_bulk_tx_callback0; 307 static usb_callback_t run_bulk_tx_callback1; 308 static usb_callback_t run_bulk_tx_callback2; 309 static usb_callback_t run_bulk_tx_callback3; 310 static usb_callback_t run_bulk_tx_callback4; 311 static usb_callback_t run_bulk_tx_callback5; 312 313 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 314 usb_error_t error, unsigned int index); 315 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 316 const char name[IFNAMSIZ], int unit, int opmode, int flags, 317 const uint8_t bssid[IEEE80211_ADDR_LEN], const uint8_t 318 mac[IEEE80211_ADDR_LEN]); 319 static void run_vap_delete(struct ieee80211vap *); 320 static void run_cmdq_cb(void *, int); 321 static void run_setup_tx_list(struct run_softc *, 322 struct run_endpoint_queue *); 323 static void run_unsetup_tx_list(struct run_softc *, 324 struct run_endpoint_queue *); 325 static int run_load_microcode(struct run_softc *); 326 static int run_reset(struct run_softc *); 327 static usb_error_t run_do_request(struct run_softc *, 328 struct usb_device_request *, void *); 329 static int run_read(struct run_softc *, uint16_t, uint32_t *); 330 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 331 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 332 static int run_write(struct run_softc *, uint16_t, uint32_t); 333 static int run_write_region_1(struct run_softc *, uint16_t, 334 const uint8_t *, int); 335 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 336 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 337 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 338 static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 339 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 340 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 341 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 342 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 343 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 344 static const char *run_get_rf(int); 345 static int run_read_eeprom(struct run_softc *); 346 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 347 const uint8_t mac[IEEE80211_ADDR_LEN]); 348 static int run_media_change(struct ifnet *); 349 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 350 static int run_wme_update(struct ieee80211com *); 351 static void run_wme_update_cb(void *); 352 static void run_key_update_begin(struct ieee80211vap *); 353 static void run_key_update_end(struct ieee80211vap *); 354 static void run_key_set_cb(void *); 355 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 356 const uint8_t mac[IEEE80211_ADDR_LEN]); 357 static void run_key_delete_cb(void *); 358 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 359 static void run_ratectl_to(void *); 360 static void run_ratectl_cb(void *, int); 361 static void run_drain_fifo(void *); 362 static void run_iter_func(void *, struct ieee80211_node *); 363 static void run_newassoc_cb(void *); 364 static void run_newassoc(struct ieee80211_node *, int); 365 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 366 static void run_tx_free(struct run_endpoint_queue *pq, 367 struct run_tx_data *, int); 368 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 369 static int run_tx(struct run_softc *, struct mbuf *, 370 struct ieee80211_node *); 371 static int run_tx_mgt(struct run_softc *, struct mbuf *, 372 struct ieee80211_node *); 373 static int run_sendprot(struct run_softc *, const struct mbuf *, 374 struct ieee80211_node *, int, int); 375 static int run_tx_param(struct run_softc *, struct mbuf *, 376 struct ieee80211_node *, 377 const struct ieee80211_bpf_params *); 378 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 379 const struct ieee80211_bpf_params *); 380 static void run_start(struct ifnet *); 381 static int run_ioctl(struct ifnet *, u_long, caddr_t); 382 static void run_set_agc(struct run_softc *, uint8_t); 383 static void run_select_chan_group(struct run_softc *, int); 384 static void run_set_rx_antenna(struct run_softc *, int); 385 static void run_rt2870_set_chan(struct run_softc *, u_int); 386 static void run_rt3070_set_chan(struct run_softc *, u_int); 387 static void run_rt3572_set_chan(struct run_softc *, u_int); 388 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 389 static void run_set_channel(struct ieee80211com *); 390 static void run_scan_start(struct ieee80211com *); 391 static void run_scan_end(struct ieee80211com *); 392 static void run_update_beacon(struct ieee80211vap *, int); 393 static void run_update_beacon_cb(void *); 394 static void run_updateprot(struct ieee80211com *); 395 static void run_usb_timeout_cb(void *); 396 static void run_reset_livelock(struct run_softc *); 397 static void run_enable_tsf_sync(struct run_softc *); 398 static void run_enable_mrr(struct run_softc *); 399 static void run_set_txpreamble(struct run_softc *); 400 static void run_set_basicrates(struct run_softc *); 401 static void run_set_leds(struct run_softc *, uint16_t); 402 static void run_set_bssid(struct run_softc *, const uint8_t *); 403 static void run_set_macaddr(struct run_softc *, const uint8_t *); 404 static void run_updateslot(struct ifnet *); 405 static void run_update_mcast(struct ifnet *); 406 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 407 static void run_update_promisc_locked(struct ifnet *); 408 static void run_update_promisc(struct ifnet *); 409 static int run_bbp_init(struct run_softc *); 410 static int run_rt3070_rf_init(struct run_softc *); 411 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 412 uint8_t *); 413 static void run_rt3070_rf_setup(struct run_softc *); 414 static int run_txrx_enable(struct run_softc *); 415 static void run_init(void *); 416 static void run_init_locked(struct run_softc *); 417 static void run_stop(void *); 418 static void run_delay(struct run_softc *, unsigned int); 419 420 static const struct { 421 uint16_t reg; 422 uint32_t val; 423 } rt2870_def_mac[] = { 424 RT2870_DEF_MAC 425 }; 426 427 static const struct { 428 uint8_t reg; 429 uint8_t val; 430 } rt2860_def_bbp[] = { 431 RT2860_DEF_BBP 432 }; 433 434 static const struct rfprog { 435 uint8_t chan; 436 uint32_t r1, r2, r3, r4; 437 } rt2860_rf2850[] = { 438 RT2860_RF2850 439 }; 440 441 struct { 442 uint8_t n, r, k; 443 } rt3070_freqs[] = { 444 RT3070_RF3052 445 }; 446 447 static const struct { 448 uint8_t reg; 449 uint8_t val; 450 } rt3070_def_rf[] = { 451 RT3070_DEF_RF 452 },rt3572_def_rf[] = { 453 RT3572_DEF_RF 454 }; 455 456 static const struct usb_config run_config[RUN_N_XFER] = { 457 [RUN_BULK_TX_BE] = { 458 .type = UE_BULK, 459 .endpoint = UE_ADDR_ANY, 460 .ep_index = 0, 461 .direction = UE_DIR_OUT, 462 .bufsize = RUN_MAX_TXSZ, 463 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 464 .callback = run_bulk_tx_callback0, 465 .timeout = 5000, /* ms */ 466 }, 467 [RUN_BULK_TX_BK] = { 468 .type = UE_BULK, 469 .endpoint = UE_ADDR_ANY, 470 .direction = UE_DIR_OUT, 471 .ep_index = 1, 472 .bufsize = RUN_MAX_TXSZ, 473 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 474 .callback = run_bulk_tx_callback1, 475 .timeout = 5000, /* ms */ 476 }, 477 [RUN_BULK_TX_VI] = { 478 .type = UE_BULK, 479 .endpoint = UE_ADDR_ANY, 480 .direction = UE_DIR_OUT, 481 .ep_index = 2, 482 .bufsize = RUN_MAX_TXSZ, 483 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 484 .callback = run_bulk_tx_callback2, 485 .timeout = 5000, /* ms */ 486 }, 487 [RUN_BULK_TX_VO] = { 488 .type = UE_BULK, 489 .endpoint = UE_ADDR_ANY, 490 .direction = UE_DIR_OUT, 491 .ep_index = 3, 492 .bufsize = RUN_MAX_TXSZ, 493 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 494 .callback = run_bulk_tx_callback3, 495 .timeout = 5000, /* ms */ 496 }, 497 [RUN_BULK_TX_HCCA] = { 498 .type = UE_BULK, 499 .endpoint = UE_ADDR_ANY, 500 .direction = UE_DIR_OUT, 501 .ep_index = 4, 502 .bufsize = RUN_MAX_TXSZ, 503 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 504 .callback = run_bulk_tx_callback4, 505 .timeout = 5000, /* ms */ 506 }, 507 [RUN_BULK_TX_PRIO] = { 508 .type = UE_BULK, 509 .endpoint = UE_ADDR_ANY, 510 .direction = UE_DIR_OUT, 511 .ep_index = 5, 512 .bufsize = RUN_MAX_TXSZ, 513 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 514 .callback = run_bulk_tx_callback5, 515 .timeout = 5000, /* ms */ 516 }, 517 [RUN_BULK_RX] = { 518 .type = UE_BULK, 519 .endpoint = UE_ADDR_ANY, 520 .direction = UE_DIR_IN, 521 .bufsize = RUN_MAX_RXSZ, 522 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 523 .callback = run_bulk_rx_callback, 524 } 525 }; 526 527 int 528 run_match(device_t self) 529 { 530 struct usb_attach_arg *uaa = device_get_ivars(self); 531 532 if (uaa->usb_mode != USB_MODE_HOST) 533 return (ENXIO); 534 if (uaa->info.bConfigIndex != 0) 535 return (ENXIO); 536 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 537 return (ENXIO); 538 539 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 540 } 541 542 static int 543 run_attach(device_t self) 544 { 545 struct run_softc *sc = device_get_softc(self); 546 struct usb_attach_arg *uaa = device_get_ivars(self); 547 struct ieee80211com *ic; 548 struct ifnet *ifp; 549 uint32_t ver; 550 int i, ntries, error; 551 uint8_t iface_index, bands; 552 553 device_set_usb_desc(self); 554 sc->sc_udev = uaa->device; 555 sc->sc_dev = self; 556 557 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 558 MTX_NETWORK_LOCK, MTX_DEF); 559 560 iface_index = RT2860_IFACE_INDEX; 561 562 error = usbd_transfer_setup(uaa->device, &iface_index, 563 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 564 if (error) { 565 device_printf(self, "could not allocate USB transfers, " 566 "err=%s\n", usbd_errstr(error)); 567 goto detach; 568 } 569 570 RUN_LOCK(sc); 571 572 /* wait for the chip to settle */ 573 for (ntries = 0; ntries < 100; ntries++) { 574 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 575 RUN_UNLOCK(sc); 576 goto detach; 577 } 578 if (ver != 0 && ver != 0xffffffff) 579 break; 580 run_delay(sc, 10); 581 } 582 if (ntries == 100) { 583 device_printf(sc->sc_dev, 584 "timeout waiting for NIC to initialize\n"); 585 RUN_UNLOCK(sc); 586 goto detach; 587 } 588 sc->mac_ver = ver >> 16; 589 sc->mac_rev = ver & 0xffff; 590 591 /* retrieve RF rev. no and various other things from EEPROM */ 592 run_read_eeprom(sc); 593 594 device_printf(sc->sc_dev, 595 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 596 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 597 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 598 599 if ((error = run_load_microcode(sc)) != 0) { 600 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 601 RUN_UNLOCK(sc); 602 goto detach; 603 } 604 605 RUN_UNLOCK(sc); 606 607 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 608 if(ifp == NULL){ 609 device_printf(sc->sc_dev, "can not if_alloc()\n"); 610 goto detach; 611 } 612 ic = ifp->if_l2com; 613 614 ifp->if_softc = sc; 615 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 616 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 617 ifp->if_init = run_init; 618 ifp->if_ioctl = run_ioctl; 619 ifp->if_start = run_start; 620 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 621 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 622 IFQ_SET_READY(&ifp->if_snd); 623 624 ic->ic_ifp = ifp; 625 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 626 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 627 628 /* set device capabilities */ 629 ic->ic_caps = 630 IEEE80211_C_STA | /* station mode supported */ 631 IEEE80211_C_MONITOR | /* monitor mode supported */ 632 IEEE80211_C_IBSS | 633 IEEE80211_C_HOSTAP | 634 IEEE80211_C_WDS | /* 4-address traffic works */ 635 IEEE80211_C_MBSS | 636 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 637 IEEE80211_C_SHSLOT | /* short slot time supported */ 638 IEEE80211_C_WME | /* WME */ 639 IEEE80211_C_WPA | /* WPA1|WPA2(RSN) */ 640 IEEE80211_C_RATECTL; /* use ratectl */ 641 642 ic->ic_cryptocaps = 643 IEEE80211_CRYPTO_WEP | 644 IEEE80211_CRYPTO_AES_CCM | 645 IEEE80211_CRYPTO_TKIPMIC | 646 IEEE80211_CRYPTO_TKIP; 647 648 ic->ic_flags |= IEEE80211_F_DATAPAD; 649 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 650 651 bands = 0; 652 setbit(&bands, IEEE80211_MODE_11B); 653 setbit(&bands, IEEE80211_MODE_11G); 654 ieee80211_init_channels(ic, NULL, &bands); 655 656 /* 657 * Do this by own because h/w supports 658 * more channels than ieee80211_init_channels() 659 */ 660 if (sc->rf_rev == RT2860_RF_2750 || 661 sc->rf_rev == RT2860_RF_2850 || 662 sc->rf_rev == RT3070_RF_3052) { 663 /* set supported .11a rates */ 664 for (i = 14; i < nitems(rt2860_rf2850); i++) { 665 uint8_t chan = rt2860_rf2850[i].chan; 666 ic->ic_channels[ic->ic_nchans].ic_freq = 667 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 668 ic->ic_channels[ic->ic_nchans].ic_ieee = chan; 669 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A; 670 ic->ic_channels[ic->ic_nchans].ic_extieee = 0; 671 ic->ic_nchans++; 672 } 673 } 674 675 ieee80211_ifattach(ic, sc->sc_bssid); 676 677 ic->ic_scan_start = run_scan_start; 678 ic->ic_scan_end = run_scan_end; 679 ic->ic_set_channel = run_set_channel; 680 ic->ic_node_alloc = run_node_alloc; 681 ic->ic_newassoc = run_newassoc; 682 //ic->ic_updateslot = run_updateslot; 683 ic->ic_update_mcast = run_update_mcast; 684 ic->ic_wme.wme_update = run_wme_update; 685 ic->ic_raw_xmit = run_raw_xmit; 686 ic->ic_update_promisc = run_update_promisc; 687 688 ic->ic_vap_create = run_vap_create; 689 ic->ic_vap_delete = run_vap_delete; 690 691 ieee80211_radiotap_attach(ic, 692 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 693 RUN_TX_RADIOTAP_PRESENT, 694 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 695 RUN_RX_RADIOTAP_PRESENT); 696 697 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 698 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 699 callout_init((struct callout *)&sc->ratectl_ch, 1); 700 701 if (bootverbose) 702 ieee80211_announce(ic); 703 704 return (0); 705 706 detach: 707 run_detach(self); 708 return (ENXIO); 709 } 710 711 static int 712 run_detach(device_t self) 713 { 714 struct run_softc *sc = device_get_softc(self); 715 struct ifnet *ifp = sc->sc_ifp; 716 struct ieee80211com *ic; 717 int i; 718 719 /* stop all USB transfers */ 720 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 721 722 RUN_LOCK(sc); 723 724 sc->ratectl_run = RUN_RATECTL_OFF; 725 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 726 727 /* free TX list, if any */ 728 for (i = 0; i != RUN_EP_QUEUES; i++) 729 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 730 RUN_UNLOCK(sc); 731 732 if (ifp) { 733 ic = ifp->if_l2com; 734 /* drain tasks */ 735 usb_callout_drain(&sc->ratectl_ch); 736 ieee80211_draintask(ic, &sc->cmdq_task); 737 ieee80211_draintask(ic, &sc->ratectl_task); 738 ieee80211_ifdetach(ic); 739 if_free(ifp); 740 } 741 742 mtx_destroy(&sc->sc_mtx); 743 744 return (0); 745 } 746 747 static struct ieee80211vap * 748 run_vap_create(struct ieee80211com *ic, 749 const char name[IFNAMSIZ], int unit, int opmode, int flags, 750 const uint8_t bssid[IEEE80211_ADDR_LEN], 751 const uint8_t mac[IEEE80211_ADDR_LEN]) 752 { 753 struct ifnet *ifp = ic->ic_ifp; 754 struct run_softc *sc = ifp->if_softc; 755 struct run_vap *rvp; 756 struct ieee80211vap *vap; 757 int i; 758 759 if (sc->rvp_cnt >= RUN_VAP_MAX) { 760 if_printf(ifp, "number of VAPs maxed out\n"); 761 return (NULL); 762 } 763 764 switch (opmode) { 765 case IEEE80211_M_STA: 766 /* enable s/w bmiss handling for sta mode */ 767 flags |= IEEE80211_CLONE_NOBEACONS; 768 /* fall though */ 769 case IEEE80211_M_IBSS: 770 case IEEE80211_M_MONITOR: 771 case IEEE80211_M_HOSTAP: 772 case IEEE80211_M_MBSS: 773 /* other than WDS vaps, only one at a time */ 774 if (!TAILQ_EMPTY(&ic->ic_vaps)) 775 return (NULL); 776 break; 777 case IEEE80211_M_WDS: 778 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 779 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 780 continue; 781 /* WDS vap's always share the local mac address. */ 782 flags &= ~IEEE80211_CLONE_BSSID; 783 break; 784 } 785 if (vap == NULL) { 786 if_printf(ifp, "wds only supported in ap mode\n"); 787 return (NULL); 788 } 789 break; 790 default: 791 if_printf(ifp, "unknown opmode %d\n", opmode); 792 return (NULL); 793 } 794 795 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 796 M_80211_VAP, M_NOWAIT | M_ZERO); 797 if (rvp == NULL) 798 return (NULL); 799 vap = &rvp->vap; 800 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 801 802 vap->iv_key_update_begin = run_key_update_begin; 803 vap->iv_key_update_end = run_key_update_end; 804 vap->iv_update_beacon = run_update_beacon; 805 vap->iv_max_aid = RT2870_WCID_MAX; 806 /* 807 * To delete the right key from h/w, we need wcid. 808 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 809 * and matching wcid will be written into there. So, cast 810 * some spells to remove 'const' from ieee80211_key{} 811 */ 812 vap->iv_key_delete = (void *)run_key_delete; 813 vap->iv_key_set = (void *)run_key_set; 814 815 /* override state transition machine */ 816 rvp->newstate = vap->iv_newstate; 817 vap->iv_newstate = run_newstate; 818 819 ieee80211_ratectl_init(vap); 820 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 821 822 /* complete setup */ 823 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 824 825 /* make sure id is always unique */ 826 for (i = 0; i < RUN_VAP_MAX; i++) { 827 if((sc->rvp_bmap & 1 << i) == 0){ 828 sc->rvp_bmap |= 1 << i; 829 rvp->rvp_id = i; 830 break; 831 } 832 } 833 if (sc->rvp_cnt++ == 0) 834 ic->ic_opmode = opmode; 835 836 if (opmode == IEEE80211_M_HOSTAP) 837 sc->cmdq_run = RUN_CMDQ_GO; 838 839 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 840 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 841 842 return (vap); 843 } 844 845 static void 846 run_vap_delete(struct ieee80211vap *vap) 847 { 848 struct run_vap *rvp = RUN_VAP(vap); 849 struct ifnet *ifp; 850 struct ieee80211com *ic; 851 struct run_softc *sc; 852 uint8_t rvp_id; 853 854 if (vap == NULL) 855 return; 856 857 ic = vap->iv_ic; 858 ifp = ic->ic_ifp; 859 860 sc = ifp->if_softc; 861 862 RUN_LOCK(sc); 863 864 rvp_id = rvp->rvp_id; 865 sc->ratectl_run &= ~(1 << rvp_id); 866 sc->rvp_bmap &= ~(1 << rvp_id); 867 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 868 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 869 --sc->rvp_cnt; 870 871 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 872 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 873 874 RUN_UNLOCK(sc); 875 876 ieee80211_ratectl_deinit(vap); 877 ieee80211_vap_detach(vap); 878 free(rvp, M_80211_VAP); 879 } 880 881 /* 882 * There are numbers of functions need to be called in context thread. 883 * Rather than creating taskqueue event for each of those functions, 884 * here is all-for-one taskqueue callback function. This function 885 * gurantees deferred functions are executed in the same order they 886 * were enqueued. 887 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 888 */ 889 static void 890 run_cmdq_cb(void *arg, int pending) 891 { 892 struct run_softc *sc = arg; 893 uint8_t i; 894 895 /* call cmdq[].func locked */ 896 RUN_LOCK(sc); 897 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 898 i = sc->cmdq_exec, pending--) { 899 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 900 if (sc->cmdq_run == RUN_CMDQ_GO) { 901 /* 902 * If arg0 is NULL, callback func needs more 903 * than one arg. So, pass ptr to cmdq struct. 904 */ 905 if (sc->cmdq[i].arg0) 906 sc->cmdq[i].func(sc->cmdq[i].arg0); 907 else 908 sc->cmdq[i].func(&sc->cmdq[i]); 909 } 910 sc->cmdq[i].arg0 = NULL; 911 sc->cmdq[i].func = NULL; 912 sc->cmdq_exec++; 913 sc->cmdq_exec &= RUN_CMDQ_MASQ; 914 } 915 RUN_UNLOCK(sc); 916 } 917 918 static void 919 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 920 { 921 struct run_tx_data *data; 922 923 memset(pq, 0, sizeof(*pq)); 924 925 STAILQ_INIT(&pq->tx_qh); 926 STAILQ_INIT(&pq->tx_fh); 927 928 for (data = &pq->tx_data[0]; 929 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 930 data->sc = sc; 931 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 932 } 933 pq->tx_nfree = RUN_TX_RING_COUNT; 934 } 935 936 static void 937 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 938 { 939 struct run_tx_data *data; 940 941 /* make sure any subsequent use of the queues will fail */ 942 pq->tx_nfree = 0; 943 STAILQ_INIT(&pq->tx_fh); 944 STAILQ_INIT(&pq->tx_qh); 945 946 /* free up all node references and mbufs */ 947 for (data = &pq->tx_data[0]; 948 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 949 if (data->m != NULL) { 950 m_freem(data->m); 951 data->m = NULL; 952 } 953 if (data->ni != NULL) { 954 ieee80211_free_node(data->ni); 955 data->ni = NULL; 956 } 957 } 958 } 959 960 int 961 run_load_microcode(struct run_softc *sc) 962 { 963 usb_device_request_t req; 964 const struct firmware *fw; 965 const u_char *base; 966 uint32_t tmp; 967 int ntries, error; 968 const uint64_t *temp; 969 uint64_t bytes; 970 971 RUN_UNLOCK(sc); 972 fw = firmware_get("runfw"); 973 RUN_LOCK(sc); 974 if (fw == NULL) { 975 device_printf(sc->sc_dev, 976 "failed loadfirmware of file %s\n", "runfw"); 977 return ENOENT; 978 } 979 980 if (fw->datasize != 8192) { 981 device_printf(sc->sc_dev, 982 "invalid firmware size (should be 8KB)\n"); 983 error = EINVAL; 984 goto fail; 985 } 986 987 /* 988 * RT3071/RT3072 use a different firmware 989 * run-rt2870 (8KB) contains both, 990 * first half (4KB) is for rt2870, 991 * last half is for rt3071. 992 */ 993 base = fw->data; 994 if ((sc->mac_ver) != 0x2860 && 995 (sc->mac_ver) != 0x2872 && 996 (sc->mac_ver) != 0x3070) { 997 base += 4096; 998 } 999 1000 /* cheap sanity check */ 1001 temp = fw->data; 1002 bytes = *temp; 1003 if (bytes != be64toh(0xffffff0210280210)) { 1004 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1005 error = EINVAL; 1006 goto fail; 1007 } 1008 1009 run_read(sc, RT2860_ASIC_VER_ID, &tmp); 1010 /* write microcode image */ 1011 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1012 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1013 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1014 1015 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1016 req.bRequest = RT2870_RESET; 1017 USETW(req.wValue, 8); 1018 USETW(req.wIndex, 0); 1019 USETW(req.wLength, 0); 1020 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) != 0) { 1021 device_printf(sc->sc_dev, "firmware reset failed\n"); 1022 goto fail; 1023 } 1024 1025 run_delay(sc, 10); 1026 1027 run_write(sc, RT2860_H2M_MAILBOX, 0); 1028 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1029 goto fail; 1030 1031 /* wait until microcontroller is ready */ 1032 for (ntries = 0; ntries < 1000; ntries++) { 1033 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1034 goto fail; 1035 } 1036 if (tmp & RT2860_MCU_READY) 1037 break; 1038 run_delay(sc, 10); 1039 } 1040 if (ntries == 1000) { 1041 device_printf(sc->sc_dev, 1042 "timeout waiting for MCU to initialize\n"); 1043 error = ETIMEDOUT; 1044 goto fail; 1045 } 1046 device_printf(sc->sc_dev, "firmware %s loaded\n", 1047 (base == fw->data) ? "RT2870" : "RT3071"); 1048 1049 fail: 1050 firmware_put(fw, FIRMWARE_UNLOAD); 1051 return (error); 1052 } 1053 1054 int 1055 run_reset(struct run_softc *sc) 1056 { 1057 usb_device_request_t req; 1058 1059 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1060 req.bRequest = RT2870_RESET; 1061 USETW(req.wValue, 1); 1062 USETW(req.wIndex, 0); 1063 USETW(req.wLength, 0); 1064 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1065 } 1066 1067 static usb_error_t 1068 run_do_request(struct run_softc *sc, 1069 struct usb_device_request *req, void *data) 1070 { 1071 usb_error_t err; 1072 int ntries = 10; 1073 1074 RUN_LOCK_ASSERT(sc, MA_OWNED); 1075 1076 while (ntries--) { 1077 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1078 req, data, 0, NULL, 250 /* ms */); 1079 if (err == 0) 1080 break; 1081 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1082 usbd_errstr(err)); 1083 run_delay(sc, 10); 1084 } 1085 return (err); 1086 } 1087 1088 static int 1089 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1090 { 1091 uint32_t tmp; 1092 int error; 1093 1094 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1095 if (error == 0) 1096 *val = le32toh(tmp); 1097 else 1098 *val = 0xffffffff; 1099 return (error); 1100 } 1101 1102 static int 1103 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1104 { 1105 usb_device_request_t req; 1106 1107 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1108 req.bRequest = RT2870_READ_REGION_1; 1109 USETW(req.wValue, 0); 1110 USETW(req.wIndex, reg); 1111 USETW(req.wLength, len); 1112 1113 return (run_do_request(sc, &req, buf)); 1114 } 1115 1116 static int 1117 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1118 { 1119 usb_device_request_t req; 1120 1121 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1122 req.bRequest = RT2870_WRITE_2; 1123 USETW(req.wValue, val); 1124 USETW(req.wIndex, reg); 1125 USETW(req.wLength, 0); 1126 1127 return (run_do_request(sc, &req, NULL)); 1128 } 1129 1130 static int 1131 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1132 { 1133 int error; 1134 1135 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1136 error = run_write_2(sc, reg + 2, val >> 16); 1137 return (error); 1138 } 1139 1140 static int 1141 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1142 int len) 1143 { 1144 #if 1 1145 int i, error = 0; 1146 /* 1147 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1148 * We thus issue multiple WRITE_2 commands instead. 1149 */ 1150 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1151 for (i = 0; i < len && error == 0; i += 2) 1152 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1153 return (error); 1154 #else 1155 usb_device_request_t req; 1156 1157 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1158 req.bRequest = RT2870_WRITE_REGION_1; 1159 USETW(req.wValue, 0); 1160 USETW(req.wIndex, reg); 1161 USETW(req.wLength, len); 1162 return (run_do_request(sc, &req, buf)); 1163 #endif 1164 } 1165 1166 static int 1167 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1168 { 1169 int i, error = 0; 1170 1171 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1172 for (i = 0; i < len && error == 0; i += 4) 1173 error = run_write(sc, reg + i, val); 1174 return (error); 1175 } 1176 1177 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1178 static int 1179 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1180 { 1181 uint32_t tmp; 1182 uint16_t reg; 1183 int error, ntries; 1184 1185 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1186 return (error); 1187 1188 addr *= 2; 1189 /*- 1190 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1191 * DATA0: F E D C 1192 * DATA1: B A 9 8 1193 * DATA2: 7 6 5 4 1194 * DATA3: 3 2 1 0 1195 */ 1196 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1197 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1198 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1199 for (ntries = 0; ntries < 100; ntries++) { 1200 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1201 return (error); 1202 if (!(tmp & RT3070_EFSROM_KICK)) 1203 break; 1204 run_delay(sc, 2); 1205 } 1206 if (ntries == 100) 1207 return (ETIMEDOUT); 1208 1209 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1210 *val = 0xffff; /* address not found */ 1211 return (0); 1212 } 1213 /* determine to which 32-bit register our 16-bit word belongs */ 1214 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1215 if ((error = run_read(sc, reg, &tmp)) != 0) 1216 return (error); 1217 1218 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1219 return (0); 1220 } 1221 1222 static int 1223 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1224 { 1225 usb_device_request_t req; 1226 uint16_t tmp; 1227 int error; 1228 1229 addr *= 2; 1230 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1231 req.bRequest = RT2870_EEPROM_READ; 1232 USETW(req.wValue, 0); 1233 USETW(req.wIndex, addr); 1234 USETW(req.wLength, sizeof tmp); 1235 1236 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1237 if (error == 0) 1238 *val = le16toh(tmp); 1239 else 1240 *val = 0xffff; 1241 return (error); 1242 } 1243 1244 static __inline int 1245 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1246 { 1247 /* either eFUSE ROM or EEPROM */ 1248 return sc->sc_srom_read(sc, addr, val); 1249 } 1250 1251 static int 1252 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 1253 { 1254 uint32_t tmp; 1255 int error, ntries; 1256 1257 for (ntries = 0; ntries < 10; ntries++) { 1258 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1259 return (error); 1260 if (!(tmp & RT2860_RF_REG_CTRL)) 1261 break; 1262 } 1263 if (ntries == 10) 1264 return (ETIMEDOUT); 1265 1266 /* RF registers are 24-bit on the RT2860 */ 1267 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 1268 (val & 0x3fffff) << 2 | (reg & 3); 1269 return (run_write(sc, RT2860_RF_CSR_CFG0, tmp)); 1270 } 1271 1272 static int 1273 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1274 { 1275 uint32_t tmp; 1276 int error, ntries; 1277 1278 for (ntries = 0; ntries < 100; ntries++) { 1279 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1280 return (error); 1281 if (!(tmp & RT3070_RF_KICK)) 1282 break; 1283 } 1284 if (ntries == 100) 1285 return (ETIMEDOUT); 1286 1287 tmp = RT3070_RF_KICK | reg << 8; 1288 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1289 return (error); 1290 1291 for (ntries = 0; ntries < 100; ntries++) { 1292 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1293 return (error); 1294 if (!(tmp & RT3070_RF_KICK)) 1295 break; 1296 } 1297 if (ntries == 100) 1298 return (ETIMEDOUT); 1299 1300 *val = tmp & 0xff; 1301 return (0); 1302 } 1303 1304 static int 1305 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1306 { 1307 uint32_t tmp; 1308 int error, ntries; 1309 1310 for (ntries = 0; ntries < 10; ntries++) { 1311 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1312 return (error); 1313 if (!(tmp & RT3070_RF_KICK)) 1314 break; 1315 } 1316 if (ntries == 10) 1317 return (ETIMEDOUT); 1318 1319 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1320 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1321 } 1322 1323 static int 1324 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1325 { 1326 uint32_t tmp; 1327 int ntries, error; 1328 1329 for (ntries = 0; ntries < 10; ntries++) { 1330 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1331 return (error); 1332 if (!(tmp & RT2860_BBP_CSR_KICK)) 1333 break; 1334 } 1335 if (ntries == 10) 1336 return (ETIMEDOUT); 1337 1338 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1339 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1340 return (error); 1341 1342 for (ntries = 0; ntries < 10; ntries++) { 1343 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1344 return (error); 1345 if (!(tmp & RT2860_BBP_CSR_KICK)) 1346 break; 1347 } 1348 if (ntries == 10) 1349 return (ETIMEDOUT); 1350 1351 *val = tmp & 0xff; 1352 return (0); 1353 } 1354 1355 static int 1356 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1357 { 1358 uint32_t tmp; 1359 int ntries, error; 1360 1361 for (ntries = 0; ntries < 10; ntries++) { 1362 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1363 return (error); 1364 if (!(tmp & RT2860_BBP_CSR_KICK)) 1365 break; 1366 } 1367 if (ntries == 10) 1368 return (ETIMEDOUT); 1369 1370 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1371 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1372 } 1373 1374 /* 1375 * Send a command to the 8051 microcontroller unit. 1376 */ 1377 static int 1378 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1379 { 1380 uint32_t tmp; 1381 int error, ntries; 1382 1383 for (ntries = 0; ntries < 100; ntries++) { 1384 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1385 return error; 1386 if (!(tmp & RT2860_H2M_BUSY)) 1387 break; 1388 } 1389 if (ntries == 100) 1390 return ETIMEDOUT; 1391 1392 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1393 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1394 error = run_write(sc, RT2860_HOST_CMD, cmd); 1395 return (error); 1396 } 1397 1398 /* 1399 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1400 * Used to adjust per-rate Tx power registers. 1401 */ 1402 static __inline uint32_t 1403 b4inc(uint32_t b32, int8_t delta) 1404 { 1405 int8_t i, b4; 1406 1407 for (i = 0; i < 8; i++) { 1408 b4 = b32 & 0xf; 1409 b4 += delta; 1410 if (b4 < 0) 1411 b4 = 0; 1412 else if (b4 > 0xf) 1413 b4 = 0xf; 1414 b32 = b32 >> 4 | b4 << 28; 1415 } 1416 return (b32); 1417 } 1418 1419 static const char * 1420 run_get_rf(int rev) 1421 { 1422 switch (rev) { 1423 case RT2860_RF_2820: return "RT2820"; 1424 case RT2860_RF_2850: return "RT2850"; 1425 case RT2860_RF_2720: return "RT2720"; 1426 case RT2860_RF_2750: return "RT2750"; 1427 case RT3070_RF_3020: return "RT3020"; 1428 case RT3070_RF_2020: return "RT2020"; 1429 case RT3070_RF_3021: return "RT3021"; 1430 case RT3070_RF_3022: return "RT3022"; 1431 case RT3070_RF_3052: return "RT3052"; 1432 } 1433 return ("unknown"); 1434 } 1435 1436 int 1437 run_read_eeprom(struct run_softc *sc) 1438 { 1439 int8_t delta_2ghz, delta_5ghz; 1440 uint32_t tmp; 1441 uint16_t val; 1442 int ridx, ant, i; 1443 1444 /* check whether the ROM is eFUSE ROM or EEPROM */ 1445 sc->sc_srom_read = run_eeprom_read_2; 1446 if (sc->mac_ver >= 0x3070) { 1447 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1448 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1449 if (tmp & RT3070_SEL_EFUSE) 1450 sc->sc_srom_read = run_efuse_read_2; 1451 } 1452 1453 /* read ROM version */ 1454 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1455 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1456 1457 /* read MAC address */ 1458 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1459 sc->sc_bssid[0] = val & 0xff; 1460 sc->sc_bssid[1] = val >> 8; 1461 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1462 sc->sc_bssid[2] = val & 0xff; 1463 sc->sc_bssid[3] = val >> 8; 1464 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1465 sc->sc_bssid[4] = val & 0xff; 1466 sc->sc_bssid[5] = val >> 8; 1467 1468 /* read vender BBP settings */ 1469 for (i = 0; i < 10; i++) { 1470 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1471 sc->bbp[i].val = val & 0xff; 1472 sc->bbp[i].reg = val >> 8; 1473 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1474 } 1475 if (sc->mac_ver >= 0x3071) { 1476 /* read vendor RF settings */ 1477 for (i = 0; i < 10; i++) { 1478 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val); 1479 sc->rf[i].val = val & 0xff; 1480 sc->rf[i].reg = val >> 8; 1481 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1482 sc->rf[i].val); 1483 } 1484 } 1485 1486 /* read RF frequency offset from EEPROM */ 1487 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1488 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1489 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1490 1491 if (val >> 8 != 0xff) { 1492 /* read LEDs operating mode */ 1493 sc->leds = val >> 8; 1494 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1495 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1496 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1497 } else { 1498 /* broken EEPROM, use default settings */ 1499 sc->leds = 0x01; 1500 sc->led[0] = 0x5555; 1501 sc->led[1] = 0x2221; 1502 sc->led[2] = 0x5627; /* differs from RT2860 */ 1503 } 1504 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1505 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1506 1507 /* read RF information */ 1508 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1509 if (val == 0xffff) { 1510 DPRINTF("invalid EEPROM antenna info, using default\n"); 1511 if (sc->mac_ver == 0x3572) { 1512 /* default to RF3052 2T2R */ 1513 sc->rf_rev = RT3070_RF_3052; 1514 sc->ntxchains = 2; 1515 sc->nrxchains = 2; 1516 } else if (sc->mac_ver >= 0x3070) { 1517 /* default to RF3020 1T1R */ 1518 sc->rf_rev = RT3070_RF_3020; 1519 sc->ntxchains = 1; 1520 sc->nrxchains = 1; 1521 } else { 1522 /* default to RF2820 1T2R */ 1523 sc->rf_rev = RT2860_RF_2820; 1524 sc->ntxchains = 1; 1525 sc->nrxchains = 2; 1526 } 1527 } else { 1528 sc->rf_rev = (val >> 8) & 0xf; 1529 sc->ntxchains = (val >> 4) & 0xf; 1530 sc->nrxchains = val & 0xf; 1531 } 1532 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1533 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1534 1535 /* check if RF supports automatic Tx access gain control */ 1536 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1537 DPRINTF("EEPROM CFG 0x%04x\n", val); 1538 /* check if driver should patch the DAC issue */ 1539 if ((val >> 8) != 0xff) 1540 sc->patch_dac = (val >> 15) & 1; 1541 if ((val & 0xff) != 0xff) { 1542 sc->ext_5ghz_lna = (val >> 3) & 1; 1543 sc->ext_2ghz_lna = (val >> 2) & 1; 1544 /* check if RF supports automatic Tx access gain control */ 1545 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1546 /* check if we have a hardware radio switch */ 1547 sc->rfswitch = val & 1; 1548 } 1549 1550 /* read power settings for 2GHz channels */ 1551 for (i = 0; i < 14; i += 2) { 1552 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1553 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1554 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1555 1556 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1557 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1558 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1559 } 1560 /* fix broken Tx power entries */ 1561 for (i = 0; i < 14; i++) { 1562 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1563 sc->txpow1[i] = 5; 1564 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1565 sc->txpow2[i] = 5; 1566 DPRINTF("chan %d: power1=%d, power2=%d\n", 1567 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1568 } 1569 /* read power settings for 5GHz channels */ 1570 for (i = 0; i < 40; i += 2) { 1571 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1572 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1573 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1574 1575 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1576 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1577 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1578 } 1579 /* fix broken Tx power entries */ 1580 for (i = 0; i < 40; i++) { 1581 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1582 sc->txpow1[14 + i] = 5; 1583 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1584 sc->txpow2[14 + i] = 5; 1585 DPRINTF("chan %d: power1=%d, power2=%d\n", 1586 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1587 sc->txpow2[14 + i]); 1588 } 1589 1590 /* read Tx power compensation for each Tx rate */ 1591 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1592 delta_2ghz = delta_5ghz = 0; 1593 if ((val & 0xff) != 0xff && (val & 0x80)) { 1594 delta_2ghz = val & 0xf; 1595 if (!(val & 0x40)) /* negative number */ 1596 delta_2ghz = -delta_2ghz; 1597 } 1598 val >>= 8; 1599 if ((val & 0xff) != 0xff && (val & 0x80)) { 1600 delta_5ghz = val & 0xf; 1601 if (!(val & 0x40)) /* negative number */ 1602 delta_5ghz = -delta_5ghz; 1603 } 1604 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1605 delta_2ghz, delta_5ghz); 1606 1607 for (ridx = 0; ridx < 5; ridx++) { 1608 uint32_t reg; 1609 1610 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1611 reg = val; 1612 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1613 reg |= (uint32_t)val << 16; 1614 1615 sc->txpow20mhz[ridx] = reg; 1616 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1617 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1618 1619 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1620 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1621 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1622 } 1623 1624 /* read RSSI offsets and LNA gains from EEPROM */ 1625 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1626 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1627 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1628 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1629 if (sc->mac_ver >= 0x3070) { 1630 /* 1631 * On RT3070 chips (limited to 2 Rx chains), this ROM 1632 * field contains the Tx mixer gain for the 2GHz band. 1633 */ 1634 if ((val & 0xff) != 0xff) 1635 sc->txmixgain_2ghz = val & 0x7; 1636 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1637 } else 1638 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1639 sc->lna[2] = val >> 8; /* channel group 2 */ 1640 1641 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1642 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1643 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1644 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1645 if (sc->mac_ver == 0x3572) { 1646 /* 1647 * On RT3572 chips (limited to 2 Rx chains), this ROM 1648 * field contains the Tx mixer gain for the 5GHz band. 1649 */ 1650 if ((val & 0xff) != 0xff) 1651 sc->txmixgain_5ghz = val & 0x7; 1652 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1653 } else 1654 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1655 sc->lna[3] = val >> 8; /* channel group 3 */ 1656 1657 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1658 sc->lna[0] = val & 0xff; /* channel group 0 */ 1659 sc->lna[1] = val >> 8; /* channel group 1 */ 1660 1661 /* fix broken 5GHz LNA entries */ 1662 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1663 DPRINTF("invalid LNA for channel group %d\n", 2); 1664 sc->lna[2] = sc->lna[1]; 1665 } 1666 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1667 DPRINTF("invalid LNA for channel group %d\n", 3); 1668 sc->lna[3] = sc->lna[1]; 1669 } 1670 1671 /* fix broken RSSI offset entries */ 1672 for (ant = 0; ant < 3; ant++) { 1673 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1674 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1675 ant + 1, sc->rssi_2ghz[ant]); 1676 sc->rssi_2ghz[ant] = 0; 1677 } 1678 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1679 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1680 ant + 1, sc->rssi_5ghz[ant]); 1681 sc->rssi_5ghz[ant] = 0; 1682 } 1683 } 1684 return (0); 1685 } 1686 1687 struct ieee80211_node * 1688 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1689 { 1690 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1691 } 1692 1693 static int 1694 run_media_change(struct ifnet *ifp) 1695 { 1696 struct ieee80211vap *vap = ifp->if_softc; 1697 struct ieee80211com *ic = vap->iv_ic; 1698 const struct ieee80211_txparam *tp; 1699 struct run_softc *sc = ic->ic_ifp->if_softc; 1700 struct run_node *rn = (void *)vap->iv_bss; 1701 uint8_t rate, ridx; 1702 int error; 1703 1704 RUN_LOCK(sc); 1705 1706 error = ieee80211_media_change(ifp); 1707 if (error != ENETRESET) { 1708 RUN_UNLOCK(sc); 1709 return (error); 1710 } 1711 1712 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1713 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1714 rate = ic->ic_sup_rates[ic->ic_curmode]. 1715 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1716 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1717 if (rt2860_rates[ridx].rate == rate) 1718 break; 1719 rn->fix_ridx = ridx; 1720 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1721 } 1722 1723 #if 0 1724 if ((ifp->if_flags & IFF_UP) && 1725 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1726 run_init_locked(sc); 1727 } 1728 #endif 1729 1730 RUN_UNLOCK(sc); 1731 1732 return (0); 1733 } 1734 1735 static int 1736 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1737 { 1738 const struct ieee80211_txparam *tp; 1739 struct ieee80211com *ic = vap->iv_ic; 1740 struct run_softc *sc = ic->ic_ifp->if_softc; 1741 struct run_vap *rvp = RUN_VAP(vap); 1742 enum ieee80211_state ostate; 1743 struct ieee80211_node *ni; 1744 uint32_t sta[3]; 1745 uint32_t tmp; 1746 uint8_t ratectl; 1747 uint8_t restart_ratectl = 0; 1748 uint8_t bid = 1 << rvp->rvp_id; 1749 1750 ostate = vap->iv_state; 1751 DPRINTF("%s -> %s\n", 1752 ieee80211_state_name[ostate], 1753 ieee80211_state_name[nstate]); 1754 1755 IEEE80211_UNLOCK(ic); 1756 RUN_LOCK(sc); 1757 1758 ratectl = sc->ratectl_run; /* remember current state */ 1759 sc->ratectl_run = RUN_RATECTL_OFF; 1760 usb_callout_stop(&sc->ratectl_ch); 1761 1762 if (ostate == IEEE80211_S_RUN) { 1763 /* turn link LED off */ 1764 run_set_leds(sc, RT2860_LED_RADIO); 1765 } 1766 1767 switch (nstate) { 1768 case IEEE80211_S_INIT: 1769 restart_ratectl = 1; 1770 1771 if (ostate != IEEE80211_S_RUN) 1772 break; 1773 1774 ratectl &= ~bid; 1775 sc->runbmap &= ~bid; 1776 1777 /* abort TSF synchronization if there is no vap running */ 1778 if (--sc->running == 0) { 1779 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1780 run_write(sc, RT2860_BCN_TIME_CFG, 1781 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1782 RT2860_TBTT_TIMER_EN)); 1783 } 1784 break; 1785 1786 1787 case IEEE80211_S_RUN: 1788 ni = vap->iv_bss; 1789 if (!(sc->runbmap & bid)) { 1790 if(sc->running++) 1791 restart_ratectl = 1; 1792 sc->runbmap |= bid; 1793 } 1794 1795 switch (vap->iv_opmode) { 1796 case IEEE80211_M_HOSTAP: 1797 case IEEE80211_M_MBSS: 1798 sc->ap_running |= bid; 1799 ic->ic_opmode = vap->iv_opmode; 1800 run_update_beacon_cb(vap); 1801 break; 1802 case IEEE80211_M_IBSS: 1803 sc->adhoc_running |= bid; 1804 if (!sc->ap_running) 1805 ic->ic_opmode = vap->iv_opmode; 1806 run_update_beacon_cb(vap); 1807 break; 1808 case IEEE80211_M_STA: 1809 sc->sta_running |= bid; 1810 if (!sc->ap_running && !sc->adhoc_running) 1811 ic->ic_opmode = vap->iv_opmode; 1812 1813 /* read statistic counters (clear on read) */ 1814 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1815 (uint8_t *)sta, sizeof sta); 1816 1817 break; 1818 default: 1819 ic->ic_opmode = vap->iv_opmode; 1820 break; 1821 } 1822 1823 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1824 run_updateslot(ic->ic_ifp); 1825 run_enable_mrr(sc); 1826 run_set_txpreamble(sc); 1827 run_set_basicrates(sc); 1828 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1829 run_set_bssid(sc, ni->ni_bssid); 1830 run_enable_tsf_sync(sc); 1831 1832 /* enable automatic rate adaptation */ 1833 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1834 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1835 ratectl |= bid; 1836 } 1837 1838 /* turn link LED on */ 1839 run_set_leds(sc, RT2860_LED_RADIO | 1840 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1841 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1842 1843 break; 1844 default: 1845 DPRINTFN(6, "undefined case\n"); 1846 break; 1847 } 1848 1849 /* restart amrr for running VAPs */ 1850 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1851 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1852 1853 RUN_UNLOCK(sc); 1854 IEEE80211_LOCK(ic); 1855 1856 return(rvp->newstate(vap, nstate, arg)); 1857 } 1858 1859 /* ARGSUSED */ 1860 static void 1861 run_wme_update_cb(void *arg) 1862 { 1863 struct ieee80211com *ic = arg; 1864 struct run_softc *sc = ic->ic_ifp->if_softc; 1865 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1866 int aci, error = 0; 1867 1868 RUN_LOCK_ASSERT(sc, MA_OWNED); 1869 1870 /* update MAC TX configuration registers */ 1871 for (aci = 0; aci < WME_NUM_AC; aci++) { 1872 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1873 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1874 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1875 wmesp->wme_params[aci].wmep_aifsn << 8 | 1876 wmesp->wme_params[aci].wmep_txopLimit); 1877 if (error) goto err; 1878 } 1879 1880 /* update SCH/DMA registers too */ 1881 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1882 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1883 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 1884 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 1885 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 1886 if (error) goto err; 1887 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 1888 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 1889 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 1890 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 1891 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 1892 if (error) goto err; 1893 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 1894 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 1895 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 1896 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 1897 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 1898 if (error) goto err; 1899 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 1900 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 1901 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 1902 if (error) goto err; 1903 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 1904 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 1905 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 1906 1907 err: 1908 if (error) 1909 DPRINTF("WME update failed\n"); 1910 1911 return; 1912 } 1913 1914 static int 1915 run_wme_update(struct ieee80211com *ic) 1916 { 1917 struct run_softc *sc = ic->ic_ifp->if_softc; 1918 1919 /* sometime called wothout lock */ 1920 if (mtx_owned(&ic->ic_comlock.mtx)) { 1921 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 1922 DPRINTF("cmdq_store=%d\n", i); 1923 sc->cmdq[i].func = run_wme_update_cb; 1924 sc->cmdq[i].arg0 = ic; 1925 ieee80211_runtask(ic, &sc->cmdq_task); 1926 return (0); 1927 } 1928 1929 RUN_LOCK(sc); 1930 run_wme_update_cb(ic); 1931 RUN_UNLOCK(sc); 1932 1933 /* return whatever, upper layer desn't care anyway */ 1934 return (0); 1935 } 1936 1937 static void 1938 run_key_update_begin(struct ieee80211vap *vap) 1939 { 1940 /* 1941 * To avoid out-of-order events, both run_key_set() and 1942 * _delete() are deferred and handled by run_cmdq_cb(). 1943 * So, there is nothing we need to do here. 1944 */ 1945 } 1946 1947 static void 1948 run_key_update_end(struct ieee80211vap *vap) 1949 { 1950 /* null */ 1951 } 1952 1953 static void 1954 run_key_set_cb(void *arg) 1955 { 1956 struct run_cmdq *cmdq = arg; 1957 struct ieee80211vap *vap = cmdq->arg1; 1958 struct ieee80211_key *k = cmdq->k; 1959 struct ieee80211com *ic = vap->iv_ic; 1960 struct run_softc *sc = ic->ic_ifp->if_softc; 1961 struct ieee80211_node *ni; 1962 uint32_t attr; 1963 uint16_t base, associd; 1964 uint8_t mode, wcid, iv[8]; 1965 1966 RUN_LOCK_ASSERT(sc, MA_OWNED); 1967 1968 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1969 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 1970 else 1971 ni = vap->iv_bss; 1972 associd = (ni != NULL) ? ni->ni_associd : 0; 1973 1974 /* map net80211 cipher to RT2860 security mode */ 1975 switch (k->wk_cipher->ic_cipher) { 1976 case IEEE80211_CIPHER_WEP: 1977 if(k->wk_keylen < 8) 1978 mode = RT2860_MODE_WEP40; 1979 else 1980 mode = RT2860_MODE_WEP104; 1981 break; 1982 case IEEE80211_CIPHER_TKIP: 1983 mode = RT2860_MODE_TKIP; 1984 break; 1985 case IEEE80211_CIPHER_AES_CCM: 1986 mode = RT2860_MODE_AES_CCMP; 1987 break; 1988 default: 1989 DPRINTF("undefined case\n"); 1990 return; 1991 } 1992 1993 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 1994 associd, k->wk_keyix, mode, 1995 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 1996 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 1997 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 1998 1999 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2000 wcid = 0; /* NB: update WCID0 for group keys */ 2001 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2002 } else { 2003 wcid = RUN_AID2WCID(associd); 2004 base = RT2860_PKEY(wcid); 2005 } 2006 2007 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2008 if(run_write_region_1(sc, base, k->wk_key, 16)) 2009 return; 2010 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2011 return; 2012 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2013 return; 2014 } else { 2015 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2016 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2017 return; 2018 } 2019 2020 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2021 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2022 /* set initial packet number in IV+EIV */ 2023 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2024 memset(iv, 0, sizeof iv); 2025 iv[3] = vap->iv_def_txkey << 6; 2026 } else { 2027 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2028 iv[0] = k->wk_keytsc >> 8; 2029 iv[1] = (iv[0] | 0x20) & 0x7f; 2030 iv[2] = k->wk_keytsc; 2031 } else /* CCMP */ { 2032 iv[0] = k->wk_keytsc; 2033 iv[1] = k->wk_keytsc >> 8; 2034 iv[2] = 0; 2035 } 2036 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2037 iv[4] = k->wk_keytsc >> 16; 2038 iv[5] = k->wk_keytsc >> 24; 2039 iv[6] = k->wk_keytsc >> 32; 2040 iv[7] = k->wk_keytsc >> 40; 2041 } 2042 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2043 return; 2044 } 2045 2046 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2047 /* install group key */ 2048 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2049 return; 2050 attr &= ~(0xf << (k->wk_keyix * 4)); 2051 attr |= mode << (k->wk_keyix * 4); 2052 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2053 return; 2054 } else { 2055 /* install pairwise key */ 2056 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2057 return; 2058 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2059 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2060 return; 2061 } 2062 2063 /* TODO create a pass-thru key entry? */ 2064 2065 /* need wcid to delete the right key later */ 2066 k->wk_pad = wcid; 2067 } 2068 2069 /* 2070 * Don't have to be deferred, but in order to keep order of 2071 * execution, i.e. with run_key_delete(), defer this and let 2072 * run_cmdq_cb() maintain the order. 2073 * 2074 * return 0 on error 2075 */ 2076 static int 2077 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2078 const uint8_t mac[IEEE80211_ADDR_LEN]) 2079 { 2080 struct ieee80211com *ic = vap->iv_ic; 2081 struct run_softc *sc = ic->ic_ifp->if_softc; 2082 uint32_t i; 2083 2084 i = RUN_CMDQ_GET(&sc->cmdq_store); 2085 DPRINTF("cmdq_store=%d\n", i); 2086 sc->cmdq[i].func = run_key_set_cb; 2087 sc->cmdq[i].arg0 = NULL; 2088 sc->cmdq[i].arg1 = vap; 2089 sc->cmdq[i].k = k; 2090 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2091 ieee80211_runtask(ic, &sc->cmdq_task); 2092 2093 /* 2094 * To make sure key will be set when hostapd 2095 * calls iv_key_set() before if_init(). 2096 */ 2097 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2098 RUN_LOCK(sc); 2099 sc->cmdq_key_set = RUN_CMDQ_GO; 2100 RUN_UNLOCK(sc); 2101 } 2102 2103 return (1); 2104 } 2105 2106 /* 2107 * If wlan is destroyed without being brought down i.e. without 2108 * wlan down or wpa_cli terminate, this function is called after 2109 * vap is gone. Don't refer it. 2110 */ 2111 static void 2112 run_key_delete_cb(void *arg) 2113 { 2114 struct run_cmdq *cmdq = arg; 2115 struct run_softc *sc = cmdq->arg1; 2116 struct ieee80211_key *k = &cmdq->key; 2117 uint32_t attr; 2118 uint8_t wcid; 2119 2120 RUN_LOCK_ASSERT(sc, MA_OWNED); 2121 2122 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2123 /* remove group key */ 2124 DPRINTF("removing group key\n"); 2125 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2126 attr &= ~(0xf << (k->wk_keyix * 4)); 2127 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2128 } else { 2129 /* remove pairwise key */ 2130 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2131 /* matching wcid was written to wk_pad in run_key_set() */ 2132 wcid = k->wk_pad; 2133 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2134 attr &= ~0xf; 2135 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2136 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2137 } 2138 2139 k->wk_pad = 0; 2140 } 2141 2142 /* 2143 * return 0 on error 2144 */ 2145 static int 2146 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2147 { 2148 struct ieee80211com *ic = vap->iv_ic; 2149 struct run_softc *sc = ic->ic_ifp->if_softc; 2150 struct ieee80211_key *k0; 2151 uint32_t i; 2152 2153 /* 2154 * When called back, key might be gone. So, make a copy 2155 * of some values need to delete keys before deferring. 2156 * But, because of LOR with node lock, cannot use lock here. 2157 * So, use atomic instead. 2158 */ 2159 i = RUN_CMDQ_GET(&sc->cmdq_store); 2160 DPRINTF("cmdq_store=%d\n", i); 2161 sc->cmdq[i].func = run_key_delete_cb; 2162 sc->cmdq[i].arg0 = NULL; 2163 sc->cmdq[i].arg1 = sc; 2164 k0 = &sc->cmdq[i].key; 2165 k0->wk_flags = k->wk_flags; 2166 k0->wk_keyix = k->wk_keyix; 2167 /* matching wcid was written to wk_pad in run_key_set() */ 2168 k0->wk_pad = k->wk_pad; 2169 ieee80211_runtask(ic, &sc->cmdq_task); 2170 return (1); /* return fake success */ 2171 2172 } 2173 2174 static void 2175 run_ratectl_to(void *arg) 2176 { 2177 struct run_softc *sc = arg; 2178 2179 /* do it in a process context, so it can go sleep */ 2180 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2181 /* next timeout will be rescheduled in the callback task */ 2182 } 2183 2184 /* ARGSUSED */ 2185 static void 2186 run_ratectl_cb(void *arg, int pending) 2187 { 2188 struct run_softc *sc = arg; 2189 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2190 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2191 2192 if (vap == NULL) 2193 return; 2194 2195 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2196 run_iter_func(sc, vap->iv_bss); 2197 else { 2198 /* 2199 * run_reset_livelock() doesn't do anything with AMRR, 2200 * but Ralink wants us to call it every 1 sec. So, we 2201 * piggyback here rather than creating another callout. 2202 * Livelock may occur only in HOSTAP or IBSS mode 2203 * (when h/w is sending beacons). 2204 */ 2205 RUN_LOCK(sc); 2206 run_reset_livelock(sc); 2207 /* just in case, there are some stats to drain */ 2208 run_drain_fifo(sc); 2209 RUN_UNLOCK(sc); 2210 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2211 } 2212 2213 if(sc->ratectl_run != RUN_RATECTL_OFF) 2214 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2215 } 2216 2217 static void 2218 run_drain_fifo(void *arg) 2219 { 2220 struct run_softc *sc = arg; 2221 struct ifnet *ifp = sc->sc_ifp; 2222 struct ieee80211_node *ni = sc->sc_ni[0]; /* make compiler happy */ 2223 uint32_t stat; 2224 int retrycnt = 0; 2225 uint8_t wcid, mcs, pid; 2226 2227 RUN_LOCK_ASSERT(sc, MA_OWNED); 2228 2229 for (;;) { 2230 /* drain Tx status FIFO (maxsize = 16) */ 2231 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2232 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2233 if (!(stat & RT2860_TXQ_VLD)) 2234 break; 2235 2236 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2237 2238 /* if no ACK was requested, no feedback is available */ 2239 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2240 wcid == 0) 2241 continue; 2242 2243 ni = sc->sc_ni[wcid]; 2244 if (ni->ni_rctls == NULL) 2245 continue; 2246 2247 /* update per-STA AMRR stats */ 2248 if (stat & RT2860_TXQ_OK) { 2249 /* 2250 * Check if there were retries, ie if the Tx 2251 * success rate is different from the requested 2252 * rate. Note that it works only because we do 2253 * not allow rate fallback from OFDM to CCK. 2254 */ 2255 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2256 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2257 if (mcs + 1 != pid) 2258 retrycnt = 1; 2259 ieee80211_ratectl_tx_complete(ni->ni_vap, ni, 2260 IEEE80211_RATECTL_TX_SUCCESS, 2261 &retrycnt, NULL); 2262 } else { 2263 retrycnt = 1; 2264 ieee80211_ratectl_tx_complete(ni->ni_vap, ni, 2265 IEEE80211_RATECTL_TX_FAILURE, 2266 &retrycnt, NULL); 2267 ifp->if_oerrors++; 2268 } 2269 } 2270 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2271 2272 sc->fifo_cnt = 0; 2273 } 2274 2275 static void 2276 run_iter_func(void *arg, struct ieee80211_node *ni) 2277 { 2278 struct run_softc *sc = arg; 2279 struct ieee80211vap *vap = ni->ni_vap; 2280 struct ieee80211com *ic = ni->ni_ic; 2281 struct ifnet *ifp = ic->ic_ifp; 2282 struct run_node *rn = (void *)ni; 2283 uint32_t sta[3]; 2284 int txcnt = 0, success = 0, retrycnt = 0; 2285 int error; 2286 2287 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2288 vap->iv_opmode == IEEE80211_M_STA)) { 2289 RUN_LOCK(sc); 2290 2291 /* read statistic counters (clear on read) and update AMRR state */ 2292 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2293 sizeof sta); 2294 if (error != 0) 2295 return; 2296 2297 DPRINTFN(3, "retrycnt=%d txcnt=%d failcnt=%d\n", 2298 le32toh(sta[1]) >> 16, le32toh(sta[1]) & 0xffff, 2299 le32toh(sta[0]) & 0xffff); 2300 2301 /* count failed TX as errors */ 2302 ifp->if_oerrors += le32toh(sta[0]) & 0xffff; 2303 2304 retrycnt = 2305 (le32toh(sta[0]) & 0xffff) + /* failed TX count */ 2306 (le32toh(sta[1]) >> 16); /* TX retransmission count */ 2307 2308 txcnt = 2309 retrycnt + 2310 (le32toh(sta[1]) & 0xffff); /* successful TX count */ 2311 2312 success = 2313 (le32toh(sta[1]) >> 16) + 2314 (le32toh(sta[1]) & 0xffff); 2315 2316 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, 2317 &retrycnt); 2318 2319 RUN_UNLOCK(sc); 2320 } 2321 2322 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2323 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2324 } 2325 2326 static void 2327 run_newassoc_cb(void *arg) 2328 { 2329 struct run_cmdq *cmdq = arg; 2330 struct ieee80211_node *ni = cmdq->arg1; 2331 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2332 uint8_t wcid = cmdq->wcid; 2333 2334 RUN_LOCK_ASSERT(sc, MA_OWNED); 2335 2336 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2337 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2338 } 2339 2340 static void 2341 run_newassoc(struct ieee80211_node *ni, int isnew) 2342 { 2343 struct run_node *rn = (void *)ni; 2344 struct ieee80211_rateset *rs = &ni->ni_rates; 2345 struct ieee80211vap *vap = ni->ni_vap; 2346 struct ieee80211com *ic = vap->iv_ic; 2347 struct run_softc *sc = ic->ic_ifp->if_softc; 2348 uint8_t rate; 2349 uint8_t ridx; 2350 uint8_t wcid = RUN_AID2WCID(ni->ni_associd); 2351 int i, j; 2352 2353 if (wcid > RT2870_WCID_MAX) { 2354 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2355 return; 2356 } 2357 2358 /* only interested in true associations */ 2359 if (isnew && ni->ni_associd != 0) { 2360 2361 /* 2362 * This function could is called though timeout function. 2363 * Need to defer. 2364 */ 2365 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2366 DPRINTF("cmdq_store=%d\n", cnt); 2367 sc->cmdq[cnt].func = run_newassoc_cb; 2368 sc->cmdq[cnt].arg0 = NULL; 2369 sc->cmdq[cnt].arg1 = ni; 2370 sc->cmdq[cnt].wcid = wcid; 2371 ieee80211_runtask(ic, &sc->cmdq_task); 2372 } 2373 2374 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2375 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2376 2377 ieee80211_ratectl_node_init(ni); 2378 sc->sc_ni[wcid] = ni; 2379 2380 for (i = 0; i < rs->rs_nrates; i++) { 2381 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2382 /* convert 802.11 rate to hardware rate index */ 2383 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2384 if (rt2860_rates[ridx].rate == rate) 2385 break; 2386 rn->ridx[i] = ridx; 2387 /* determine rate of control response frames */ 2388 for (j = i; j >= 0; j--) { 2389 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2390 rt2860_rates[rn->ridx[i]].phy == 2391 rt2860_rates[rn->ridx[j]].phy) 2392 break; 2393 } 2394 if (j >= 0) { 2395 rn->ctl_ridx[i] = rn->ridx[j]; 2396 } else { 2397 /* no basic rate found, use mandatory one */ 2398 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2399 } 2400 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2401 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2402 } 2403 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2404 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2405 if (rt2860_rates[ridx].rate == rate) 2406 break; 2407 rn->mgt_ridx = ridx; 2408 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2409 2410 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2411 } 2412 2413 /* 2414 * Return the Rx chain with the highest RSSI for a given frame. 2415 */ 2416 static __inline uint8_t 2417 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2418 { 2419 uint8_t rxchain = 0; 2420 2421 if (sc->nrxchains > 1) { 2422 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2423 rxchain = 1; 2424 if (sc->nrxchains > 2) 2425 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2426 rxchain = 2; 2427 } 2428 return (rxchain); 2429 } 2430 2431 static void 2432 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2433 { 2434 struct ifnet *ifp = sc->sc_ifp; 2435 struct ieee80211com *ic = ifp->if_l2com; 2436 struct ieee80211_frame *wh; 2437 struct ieee80211_node *ni; 2438 struct rt2870_rxd *rxd; 2439 struct rt2860_rxwi *rxwi; 2440 uint32_t flags; 2441 uint16_t len, phy; 2442 uint8_t ant, rssi; 2443 int8_t nf; 2444 2445 rxwi = mtod(m, struct rt2860_rxwi *); 2446 len = le16toh(rxwi->len) & 0xfff; 2447 if (__predict_false(len > dmalen)) { 2448 m_freem(m); 2449 ifp->if_ierrors++; 2450 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2451 return; 2452 } 2453 /* Rx descriptor is located at the end */ 2454 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2455 flags = le32toh(rxd->flags); 2456 2457 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2458 m_freem(m); 2459 ifp->if_ierrors++; 2460 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2461 return; 2462 } 2463 2464 m->m_data += sizeof(struct rt2860_rxwi); 2465 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi); 2466 2467 wh = mtod(m, struct ieee80211_frame *); 2468 2469 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2470 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2471 m->m_flags |= M_WEP; 2472 } 2473 2474 if (flags & RT2860_RX_L2PAD) { 2475 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2476 len += 2; 2477 } 2478 2479 ni = ieee80211_find_rxnode(ic, 2480 mtod(m, struct ieee80211_frame_min *)); 2481 2482 if (__predict_false(flags & RT2860_RX_MICERR)) { 2483 /* report MIC failures to net80211 for TKIP */ 2484 if (ni != NULL) 2485 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx); 2486 m_freem(m); 2487 ifp->if_ierrors++; 2488 DPRINTF("MIC error. Someone is lying.\n"); 2489 return; 2490 } 2491 2492 ant = run_maxrssi_chain(sc, rxwi); 2493 rssi = rxwi->rssi[ant]; 2494 nf = run_rssi2dbm(sc, rssi, ant); 2495 2496 m->m_pkthdr.rcvif = ifp; 2497 m->m_pkthdr.len = m->m_len = len; 2498 2499 if (ni != NULL) { 2500 (void)ieee80211_input(ni, m, rssi, nf); 2501 ieee80211_free_node(ni); 2502 } else { 2503 (void)ieee80211_input_all(ic, m, rssi, nf); 2504 } 2505 2506 if (__predict_false(ieee80211_radiotap_active(ic))) { 2507 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2508 2509 tap->wr_flags = 0; 2510 tap->wr_chan_freq = htole16(ic->ic_bsschan->ic_freq); 2511 tap->wr_chan_flags = htole16(ic->ic_bsschan->ic_flags); 2512 tap->wr_antsignal = rssi; 2513 tap->wr_antenna = ant; 2514 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2515 tap->wr_rate = 2; /* in case it can't be found below */ 2516 phy = le16toh(rxwi->phy); 2517 switch (phy & RT2860_PHY_MODE) { 2518 case RT2860_PHY_CCK: 2519 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2520 case 0: tap->wr_rate = 2; break; 2521 case 1: tap->wr_rate = 4; break; 2522 case 2: tap->wr_rate = 11; break; 2523 case 3: tap->wr_rate = 22; break; 2524 } 2525 if (phy & RT2860_PHY_SHPRE) 2526 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2527 break; 2528 case RT2860_PHY_OFDM: 2529 switch (phy & RT2860_PHY_MCS) { 2530 case 0: tap->wr_rate = 12; break; 2531 case 1: tap->wr_rate = 18; break; 2532 case 2: tap->wr_rate = 24; break; 2533 case 3: tap->wr_rate = 36; break; 2534 case 4: tap->wr_rate = 48; break; 2535 case 5: tap->wr_rate = 72; break; 2536 case 6: tap->wr_rate = 96; break; 2537 case 7: tap->wr_rate = 108; break; 2538 } 2539 break; 2540 } 2541 } 2542 } 2543 2544 static void 2545 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2546 { 2547 struct run_softc *sc = usbd_xfer_softc(xfer); 2548 struct ifnet *ifp = sc->sc_ifp; 2549 struct mbuf *m = NULL; 2550 struct mbuf *m0; 2551 uint32_t dmalen; 2552 int xferlen; 2553 2554 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2555 2556 switch (USB_GET_STATE(xfer)) { 2557 case USB_ST_TRANSFERRED: 2558 2559 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2560 2561 if (xferlen < sizeof (uint32_t) + 2562 sizeof (struct rt2860_rxwi) + sizeof (struct rt2870_rxd)) { 2563 DPRINTF("xfer too short %d\n", xferlen); 2564 goto tr_setup; 2565 } 2566 2567 m = sc->rx_m; 2568 sc->rx_m = NULL; 2569 2570 /* FALLTHROUGH */ 2571 case USB_ST_SETUP: 2572 tr_setup: 2573 if (sc->rx_m == NULL) { 2574 sc->rx_m = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, 2575 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2576 } 2577 if (sc->rx_m == NULL) { 2578 DPRINTF("could not allocate mbuf - idle with stall\n"); 2579 ifp->if_ierrors++; 2580 usbd_xfer_set_stall(xfer); 2581 usbd_xfer_set_frames(xfer, 0); 2582 } else { 2583 /* 2584 * Directly loading a mbuf cluster into DMA to 2585 * save some data copying. This works because 2586 * there is only one cluster. 2587 */ 2588 usbd_xfer_set_frame_data(xfer, 0, 2589 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2590 usbd_xfer_set_frames(xfer, 1); 2591 } 2592 usbd_transfer_submit(xfer); 2593 break; 2594 2595 default: /* Error */ 2596 if (error != USB_ERR_CANCELLED) { 2597 /* try to clear stall first */ 2598 usbd_xfer_set_stall(xfer); 2599 2600 if (error == USB_ERR_TIMEOUT) 2601 device_printf(sc->sc_dev, "device timeout\n"); 2602 2603 ifp->if_ierrors++; 2604 2605 goto tr_setup; 2606 } 2607 if (sc->rx_m != NULL) { 2608 m_freem(sc->rx_m); 2609 sc->rx_m = NULL; 2610 } 2611 break; 2612 } 2613 2614 if (m == NULL) 2615 return; 2616 2617 /* inputting all the frames must be last */ 2618 2619 RUN_UNLOCK(sc); 2620 2621 m->m_pkthdr.len = m->m_len = xferlen; 2622 2623 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2624 for(;;) { 2625 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2626 2627 if ((dmalen == 0) || ((dmalen & 3) != 0)) { 2628 DPRINTF("bad DMA length %u\n", dmalen); 2629 break; 2630 } 2631 if ((dmalen + 8) > xferlen) { 2632 DPRINTF("bad DMA length %u > %d\n", 2633 dmalen + 8, xferlen); 2634 break; 2635 } 2636 2637 /* If it is the last one or a single frame, we won't copy. */ 2638 if ((xferlen -= dmalen + 8) <= 8) { 2639 /* trim 32-bit DMA-len header */ 2640 m->m_data += 4; 2641 m->m_pkthdr.len = m->m_len -= 4; 2642 run_rx_frame(sc, m, dmalen); 2643 break; 2644 } 2645 2646 /* copy aggregated frames to another mbuf */ 2647 m0 = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 2648 if (__predict_false(m0 == NULL)) { 2649 DPRINTF("could not allocate mbuf\n"); 2650 ifp->if_ierrors++; 2651 break; 2652 } 2653 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2654 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2655 m0->m_pkthdr.len = m0->m_len = 2656 dmalen + sizeof(struct rt2870_rxd); 2657 run_rx_frame(sc, m0, dmalen); 2658 2659 /* update data ptr */ 2660 m->m_data += dmalen + 8; 2661 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2662 } 2663 2664 RUN_LOCK(sc); 2665 } 2666 2667 static void 2668 run_tx_free(struct run_endpoint_queue *pq, 2669 struct run_tx_data *data, int txerr) 2670 { 2671 if (data->m != NULL) { 2672 if (data->m->m_flags & M_TXCB) 2673 ieee80211_process_callback(data->ni, data->m, 2674 txerr ? ETIMEDOUT : 0); 2675 m_freem(data->m); 2676 data->m = NULL; 2677 2678 if (data->ni == NULL) { 2679 DPRINTF("no node\n"); 2680 } else { 2681 ieee80211_free_node(data->ni); 2682 data->ni = NULL; 2683 } 2684 } 2685 2686 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2687 pq->tx_nfree++; 2688 } 2689 2690 static void 2691 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index) 2692 { 2693 struct run_softc *sc = usbd_xfer_softc(xfer); 2694 struct ifnet *ifp = sc->sc_ifp; 2695 struct ieee80211com *ic = ifp->if_l2com; 2696 struct run_tx_data *data; 2697 struct ieee80211vap *vap = NULL; 2698 struct usb_page_cache *pc; 2699 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2700 struct mbuf *m; 2701 usb_frlength_t size; 2702 unsigned int len; 2703 int actlen; 2704 int sumlen; 2705 2706 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2707 2708 switch (USB_GET_STATE(xfer)) { 2709 case USB_ST_TRANSFERRED: 2710 DPRINTFN(11, "transfer complete: %d " 2711 "bytes @ index %d\n", actlen, index); 2712 2713 data = usbd_xfer_get_priv(xfer); 2714 2715 run_tx_free(pq, data, 0); 2716 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2717 2718 usbd_xfer_set_priv(xfer, NULL); 2719 2720 ifp->if_opackets++; 2721 2722 /* FALLTHROUGH */ 2723 case USB_ST_SETUP: 2724 tr_setup: 2725 data = STAILQ_FIRST(&pq->tx_qh); 2726 if (data == NULL) 2727 break; 2728 2729 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2730 2731 m = data->m; 2732 if (m->m_pkthdr.len > RUN_MAX_TXSZ) { 2733 DPRINTF("data overflow, %u bytes\n", 2734 m->m_pkthdr.len); 2735 2736 ifp->if_oerrors++; 2737 2738 run_tx_free(pq, data, 1); 2739 2740 goto tr_setup; 2741 } 2742 2743 pc = usbd_xfer_get_frame(xfer, 0); 2744 size = sizeof(data->desc); 2745 usbd_copy_in(pc, 0, &data->desc, size); 2746 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2747 2748 vap = data->ni->ni_vap; 2749 if (ieee80211_radiotap_active_vap(vap)) { 2750 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2751 struct rt2860_txwi *txwi = 2752 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2753 2754 tap->wt_flags = 0; 2755 tap->wt_rate = rt2860_rates[data->ridx].rate; 2756 tap->wt_chan_freq = htole16(vap->iv_bss->ni_chan->ic_freq); 2757 tap->wt_chan_flags = htole16(vap->iv_bss->ni_chan->ic_flags); 2758 tap->wt_hwqueue = index; 2759 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2760 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2761 2762 ieee80211_radiotap_tx(vap, m); 2763 } 2764 2765 /* align end on a 4-bytes boundary */ 2766 len = (size + IEEE80211_CRC_LEN + m->m_pkthdr.len + 3) & ~3; 2767 2768 DPRINTFN(11, "sending frame len=%u xferlen=%u @ index %d\n", 2769 m->m_pkthdr.len, len, index); 2770 2771 usbd_xfer_set_frame_len(xfer, 0, len); 2772 usbd_xfer_set_priv(xfer, data); 2773 2774 usbd_transfer_submit(xfer); 2775 2776 RUN_UNLOCK(sc); 2777 run_start(ifp); 2778 RUN_LOCK(sc); 2779 2780 break; 2781 2782 default: 2783 DPRINTF("USB transfer error, %s\n", 2784 usbd_errstr(error)); 2785 2786 data = usbd_xfer_get_priv(xfer); 2787 2788 ifp->if_oerrors++; 2789 2790 if (data != NULL) { 2791 if(data->ni != NULL) 2792 vap = data->ni->ni_vap; 2793 run_tx_free(pq, data, error); 2794 usbd_xfer_set_priv(xfer, NULL); 2795 } 2796 if (vap == NULL) 2797 vap = TAILQ_FIRST(&ic->ic_vaps); 2798 2799 if (error != USB_ERR_CANCELLED) { 2800 if (error == USB_ERR_TIMEOUT) { 2801 device_printf(sc->sc_dev, "device timeout\n"); 2802 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2803 DPRINTF("cmdq_store=%d\n", i); 2804 sc->cmdq[i].func = run_usb_timeout_cb; 2805 sc->cmdq[i].arg0 = vap; 2806 ieee80211_runtask(ic, &sc->cmdq_task); 2807 } 2808 2809 /* 2810 * Try to clear stall first, also if other 2811 * errors occur, hence clearing stall 2812 * introduces a 50 ms delay: 2813 */ 2814 usbd_xfer_set_stall(xfer); 2815 goto tr_setup; 2816 } 2817 break; 2818 } 2819 } 2820 2821 static void 2822 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2823 { 2824 run_bulk_tx_callbackN(xfer, error, 0); 2825 } 2826 2827 static void 2828 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2829 { 2830 run_bulk_tx_callbackN(xfer, error, 1); 2831 } 2832 2833 static void 2834 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2835 { 2836 run_bulk_tx_callbackN(xfer, error, 2); 2837 } 2838 2839 static void 2840 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2841 { 2842 run_bulk_tx_callbackN(xfer, error, 3); 2843 } 2844 2845 static void 2846 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2847 { 2848 run_bulk_tx_callbackN(xfer, error, 4); 2849 } 2850 2851 static void 2852 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 2853 { 2854 run_bulk_tx_callbackN(xfer, error, 5); 2855 } 2856 2857 static void 2858 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 2859 { 2860 struct mbuf *m = data->m; 2861 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2862 struct ieee80211vap *vap = data->ni->ni_vap; 2863 struct ieee80211_frame *wh; 2864 struct rt2870_txd *txd; 2865 struct rt2860_txwi *txwi; 2866 uint16_t xferlen; 2867 uint16_t mcs; 2868 uint8_t ridx = data->ridx; 2869 uint8_t pad; 2870 2871 /* get MCS code from rate index */ 2872 mcs = rt2860_rates[ridx].mcs; 2873 2874 xferlen = sizeof(*txwi) + m->m_pkthdr.len; 2875 2876 /* roundup to 32-bit alignment */ 2877 xferlen = (xferlen + 3) & ~3; 2878 2879 txd = (struct rt2870_txd *)&data->desc; 2880 txd->len = htole16(xferlen); 2881 2882 wh = mtod(m, struct ieee80211_frame *); 2883 2884 /* 2885 * Ether both are true or both are false, the header 2886 * are nicely aligned to 32-bit. So, no L2 padding. 2887 */ 2888 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 2889 pad = 0; 2890 else 2891 pad = 2; 2892 2893 /* setup TX Wireless Information */ 2894 txwi = (struct rt2860_txwi *)(txd + 1); 2895 txwi->len = htole16(m->m_pkthdr.len - pad); 2896 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2897 txwi->phy = htole16(RT2860_PHY_CCK); 2898 if (ridx != RT2860_RIDX_CCK1 && 2899 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2900 mcs |= RT2860_PHY_SHPRE; 2901 } else 2902 txwi->phy = htole16(RT2860_PHY_OFDM); 2903 txwi->phy |= htole16(mcs); 2904 2905 /* check if RTS/CTS or CTS-to-self protection is required */ 2906 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2907 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 2908 ((ic->ic_flags & IEEE80211_F_USEPROT) && 2909 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 2910 txwi->txop |= RT2860_TX_TXOP_HT; 2911 else 2912 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 2913 2914 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 2915 txwi->xflags |= RT2860_TX_NSEQ; 2916 } 2917 2918 /* This function must be called locked */ 2919 static int 2920 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2921 { 2922 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2923 struct ieee80211vap *vap = ni->ni_vap; 2924 struct ieee80211_frame *wh; 2925 struct ieee80211_channel *chan; 2926 const struct ieee80211_txparam *tp; 2927 struct run_node *rn = (void *)ni; 2928 struct run_tx_data *data; 2929 struct rt2870_txd *txd; 2930 struct rt2860_txwi *txwi; 2931 uint16_t qos; 2932 uint16_t dur; 2933 uint16_t qid; 2934 uint8_t type; 2935 uint8_t tid; 2936 uint8_t ridx; 2937 uint8_t ctl_ridx; 2938 uint8_t qflags; 2939 uint8_t xflags = 0; 2940 int hasqos; 2941 2942 RUN_LOCK_ASSERT(sc, MA_OWNED); 2943 2944 wh = mtod(m, struct ieee80211_frame *); 2945 2946 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2947 2948 /* 2949 * There are 7 bulk endpoints: 1 for RX 2950 * and 6 for TX (4 EDCAs + HCCA + Prio). 2951 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 2952 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 2953 */ 2954 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 2955 uint8_t *frm; 2956 2957 if(IEEE80211_HAS_ADDR4(wh)) 2958 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 2959 else 2960 frm =((struct ieee80211_qosframe *)wh)->i_qos; 2961 2962 qos = le16toh(*(const uint16_t *)frm); 2963 tid = qos & IEEE80211_QOS_TID; 2964 qid = TID_TO_WME_AC(tid); 2965 } else { 2966 qos = 0; 2967 tid = 0; 2968 qid = WME_AC_BE; 2969 } 2970 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 2971 2972 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 2973 qos, qid, tid, qflags); 2974 2975 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 2976 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2977 2978 /* pickup a rate index */ 2979 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2980 type != IEEE80211_FC0_TYPE_DATA) { 2981 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2982 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 2983 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2984 } else { 2985 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2986 ridx = rn->fix_ridx; 2987 else 2988 ridx = rn->amrr_ridx; 2989 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2990 } 2991 2992 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2993 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 2994 IEEE80211_QOS_ACKPOLICY_NOACK)) { 2995 xflags |= RT2860_TX_ACK; 2996 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2997 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 2998 else 2999 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3000 *(uint16_t *)wh->i_dur = htole16(dur); 3001 } 3002 3003 /* reserve slots for mgmt packets, just in case */ 3004 if (sc->sc_epq[qid].tx_nfree < 3) { 3005 DPRINTFN(10, "tx ring %d is full\n", qid); 3006 return (-1); 3007 } 3008 3009 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3010 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3011 sc->sc_epq[qid].tx_nfree--; 3012 3013 txd = (struct rt2870_txd *)&data->desc; 3014 txd->flags = qflags; 3015 txwi = (struct rt2860_txwi *)(txd + 1); 3016 txwi->xflags = xflags; 3017 txwi->wcid = IEEE80211_IS_MULTICAST(wh->i_addr1) ? 3018 0 : RUN_AID2WCID(ni->ni_associd); 3019 /* clear leftover garbage bits */ 3020 txwi->flags = 0; 3021 txwi->txop = 0; 3022 3023 data->m = m; 3024 data->ni = ni; 3025 data->ridx = ridx; 3026 3027 run_set_tx_desc(sc, data); 3028 3029 /* 3030 * The chip keeps track of 2 kind of Tx stats, 3031 * * TX_STAT_FIFO, for per WCID stats, and 3032 * * TX_STA_CNT0 for all-TX-in-one stats. 3033 * 3034 * To use FIFO stats, we need to store MCS into the driver-private 3035 * PacketID field. So that, we can tell whose stats when we read them. 3036 * We add 1 to the MCS because setting the PacketID field to 0 means 3037 * that we don't want feedback in TX_STAT_FIFO. 3038 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3039 * 3040 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3041 */ 3042 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3043 vap->iv_opmode == IEEE80211_M_MBSS) { 3044 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3045 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3046 3047 /* 3048 * Unlike PCI based devices, we don't get any interrupt from 3049 * USB devices, so we simulate FIFO-is-full interrupt here. 3050 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3051 * quickly get fulled. To prevent overflow, increment a counter on 3052 * every FIFO stat request, so we know how many slots are left. 3053 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3054 * are used only in those modes. 3055 * We just drain stats. AMRR gets updated every 1 sec by 3056 * run_ratectl_cb() via callout. 3057 * Call it early. Otherwise overflow. 3058 */ 3059 if (sc->fifo_cnt++ == 10) { 3060 /* 3061 * With multiple vaps or if_bridge, if_start() is called 3062 * with a non-sleepable lock, tcpinp. So, need to defer. 3063 */ 3064 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3065 DPRINTFN(6, "cmdq_store=%d\n", i); 3066 sc->cmdq[i].func = run_drain_fifo; 3067 sc->cmdq[i].arg0 = sc; 3068 ieee80211_runtask(ic, &sc->cmdq_task); 3069 } 3070 } 3071 3072 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3073 3074 usbd_transfer_start(sc->sc_xfer[qid]); 3075 3076 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len + 3077 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3078 rt2860_rates[ridx].rate, qid); 3079 3080 return (0); 3081 } 3082 3083 static int 3084 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3085 { 3086 struct ifnet *ifp = sc->sc_ifp; 3087 struct ieee80211com *ic = ifp->if_l2com; 3088 struct run_node *rn = (void *)ni; 3089 struct run_tx_data *data; 3090 struct ieee80211_frame *wh; 3091 struct rt2870_txd *txd; 3092 struct rt2860_txwi *txwi; 3093 uint16_t dur; 3094 uint8_t ridx = rn->mgt_ridx; 3095 uint8_t type; 3096 uint8_t xflags = 0; 3097 uint8_t wflags = 0; 3098 3099 RUN_LOCK_ASSERT(sc, MA_OWNED); 3100 3101 wh = mtod(m, struct ieee80211_frame *); 3102 3103 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3104 3105 /* tell hardware to add timestamp for probe responses */ 3106 if ((wh->i_fc[0] & 3107 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3108 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3109 wflags |= RT2860_TX_TS; 3110 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3111 xflags |= RT2860_TX_ACK; 3112 3113 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3114 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3115 *(uint16_t *)wh->i_dur = htole16(dur); 3116 } 3117 3118 if (sc->sc_epq[0].tx_nfree == 0) { 3119 /* let caller free mbuf */ 3120 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3121 return (EIO); 3122 } 3123 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3124 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3125 sc->sc_epq[0].tx_nfree--; 3126 3127 txd = (struct rt2870_txd *)&data->desc; 3128 txd->flags = RT2860_TX_QSEL_EDCA; 3129 txwi = (struct rt2860_txwi *)(txd + 1); 3130 txwi->wcid = 0xff; 3131 txwi->flags = wflags; 3132 txwi->xflags = xflags; 3133 txwi->txop = 0; /* clear leftover garbage bits */ 3134 3135 data->m = m; 3136 data->ni = ni; 3137 data->ridx = ridx; 3138 3139 run_set_tx_desc(sc, data); 3140 3141 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3142 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3143 rt2860_rates[ridx].rate); 3144 3145 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3146 3147 usbd_transfer_start(sc->sc_xfer[0]); 3148 3149 return (0); 3150 } 3151 3152 static int 3153 run_sendprot(struct run_softc *sc, 3154 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3155 { 3156 struct ieee80211com *ic = ni->ni_ic; 3157 struct ieee80211_frame *wh; 3158 struct run_tx_data *data; 3159 struct rt2870_txd *txd; 3160 struct rt2860_txwi *txwi; 3161 struct mbuf *mprot; 3162 int ridx; 3163 int protrate; 3164 int ackrate; 3165 int pktlen; 3166 int isshort; 3167 uint16_t dur; 3168 uint8_t type; 3169 uint8_t wflags = 0; 3170 uint8_t xflags = 0; 3171 3172 RUN_LOCK_ASSERT(sc, MA_OWNED); 3173 3174 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3175 ("protection %d", prot)); 3176 3177 wh = mtod(m, struct ieee80211_frame *); 3178 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3179 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3180 3181 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3182 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3183 3184 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3185 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3186 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3187 wflags = RT2860_TX_FRAG; 3188 3189 /* check that there are free slots before allocating the mbuf */ 3190 if (sc->sc_epq[0].tx_nfree == 0) { 3191 /* let caller free mbuf */ 3192 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3193 return (ENOBUFS); 3194 } 3195 3196 if (prot == IEEE80211_PROT_RTSCTS) { 3197 /* NB: CTS is the same size as an ACK */ 3198 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3199 xflags |= RT2860_TX_ACK; 3200 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3201 } else { 3202 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3203 } 3204 if (mprot == NULL) { 3205 sc->sc_ifp->if_oerrors++; 3206 DPRINTF("could not allocate mbuf\n"); 3207 return (ENOBUFS); 3208 } 3209 3210 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3211 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3212 sc->sc_epq[0].tx_nfree--; 3213 3214 txd = (struct rt2870_txd *)&data->desc; 3215 txd->flags = RT2860_TX_QSEL_EDCA; 3216 txwi = (struct rt2860_txwi *)(txd + 1); 3217 txwi->wcid = 0xff; 3218 txwi->flags = wflags; 3219 txwi->xflags = xflags; 3220 txwi->txop = 0; /* clear leftover garbage bits */ 3221 3222 data->m = mprot; 3223 data->ni = ieee80211_ref_node(ni); 3224 3225 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3226 if (rt2860_rates[ridx].rate == protrate) 3227 break; 3228 data->ridx = ridx; 3229 3230 run_set_tx_desc(sc, data); 3231 3232 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3233 m->m_pkthdr.len, rate); 3234 3235 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3236 3237 usbd_transfer_start(sc->sc_xfer[0]); 3238 3239 return (0); 3240 } 3241 3242 static int 3243 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3244 const struct ieee80211_bpf_params *params) 3245 { 3246 struct ieee80211com *ic = ni->ni_ic; 3247 struct ieee80211_frame *wh; 3248 struct run_tx_data *data; 3249 struct rt2870_txd *txd; 3250 struct rt2860_txwi *txwi; 3251 uint8_t type; 3252 uint8_t ridx; 3253 uint8_t rate; 3254 uint8_t opflags = 0; 3255 uint8_t xflags = 0; 3256 int error; 3257 3258 RUN_LOCK_ASSERT(sc, MA_OWNED); 3259 3260 KASSERT(params != NULL, ("no raw xmit params")); 3261 3262 wh = mtod(m, struct ieee80211_frame *); 3263 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3264 3265 rate = params->ibp_rate0; 3266 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3267 /* let caller free mbuf */ 3268 return (EINVAL); 3269 } 3270 3271 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3272 xflags |= RT2860_TX_ACK; 3273 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3274 error = run_sendprot(sc, m, ni, 3275 params->ibp_flags & IEEE80211_BPF_RTS ? 3276 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3277 rate); 3278 if (error) { 3279 /* let caller free mbuf */ 3280 return error; 3281 } 3282 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3283 } 3284 3285 if (sc->sc_epq[0].tx_nfree == 0) { 3286 /* let caller free mbuf */ 3287 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3288 DPRINTF("sending raw frame, but tx ring is full\n"); 3289 return (EIO); 3290 } 3291 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3292 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3293 sc->sc_epq[0].tx_nfree--; 3294 3295 txd = (struct rt2870_txd *)&data->desc; 3296 txd->flags = RT2860_TX_QSEL_EDCA; 3297 txwi = (struct rt2860_txwi *)(txd + 1); 3298 txwi->wcid = 0xff; 3299 txwi->xflags = xflags; 3300 txwi->txop = opflags; 3301 txwi->flags = 0; /* clear leftover garbage bits */ 3302 3303 data->m = m; 3304 data->ni = ni; 3305 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3306 if (rt2860_rates[ridx].rate == rate) 3307 break; 3308 data->ridx = ridx; 3309 3310 run_set_tx_desc(sc, data); 3311 3312 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3313 m->m_pkthdr.len, rate); 3314 3315 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3316 3317 usbd_transfer_start(sc->sc_xfer[0]); 3318 3319 return (0); 3320 } 3321 3322 static int 3323 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3324 const struct ieee80211_bpf_params *params) 3325 { 3326 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3327 struct run_softc *sc = ifp->if_softc; 3328 int error = 0; 3329 3330 RUN_LOCK(sc); 3331 3332 /* prevent management frames from being sent if we're not ready */ 3333 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3334 error = ENETDOWN; 3335 goto done; 3336 } 3337 3338 if (params == NULL) { 3339 /* tx mgt packet */ 3340 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3341 ifp->if_oerrors++; 3342 DPRINTF("mgt tx failed\n"); 3343 goto done; 3344 } 3345 } else { 3346 /* tx raw packet with param */ 3347 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3348 ifp->if_oerrors++; 3349 DPRINTF("tx with param failed\n"); 3350 goto done; 3351 } 3352 } 3353 3354 ifp->if_opackets++; 3355 3356 done: 3357 RUN_UNLOCK(sc); 3358 3359 if (error != 0) { 3360 if(m != NULL) 3361 m_freem(m); 3362 ieee80211_free_node(ni); 3363 } 3364 3365 return (error); 3366 } 3367 3368 static void 3369 run_start(struct ifnet *ifp) 3370 { 3371 struct run_softc *sc = ifp->if_softc; 3372 struct ieee80211_node *ni; 3373 struct mbuf *m; 3374 3375 RUN_LOCK(sc); 3376 3377 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3378 RUN_UNLOCK(sc); 3379 return; 3380 } 3381 3382 for (;;) { 3383 /* send data frames */ 3384 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3385 if (m == NULL) 3386 break; 3387 3388 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3389 if (run_tx(sc, m, ni) != 0) { 3390 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3391 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3392 break; 3393 } 3394 } 3395 3396 RUN_UNLOCK(sc); 3397 } 3398 3399 static int 3400 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3401 { 3402 struct run_softc *sc = ifp->if_softc; 3403 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3404 struct ifreq *ifr = (struct ifreq *) data; 3405 int startall = 0; 3406 int error = 0; 3407 3408 switch (cmd) { 3409 case SIOCSIFFLAGS: 3410 RUN_LOCK(sc); 3411 if (ifp->if_flags & IFF_UP) { 3412 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3413 startall = 1; 3414 run_init_locked(sc); 3415 } else 3416 run_update_promisc_locked(ifp); 3417 } else { 3418 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3419 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3420 run_stop(sc); 3421 } 3422 } 3423 RUN_UNLOCK(sc); 3424 if (startall) 3425 ieee80211_start_all(ic); 3426 break; 3427 case SIOCGIFMEDIA: 3428 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3429 break; 3430 case SIOCGIFADDR: 3431 error = ether_ioctl(ifp, cmd, data); 3432 break; 3433 default: 3434 error = EINVAL; 3435 break; 3436 } 3437 3438 return (error); 3439 } 3440 3441 static void 3442 run_set_agc(struct run_softc *sc, uint8_t agc) 3443 { 3444 uint8_t bbp; 3445 3446 if (sc->mac_ver == 0x3572) { 3447 run_bbp_read(sc, 27, &bbp); 3448 bbp &= ~(0x3 << 5); 3449 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3450 run_bbp_write(sc, 66, agc); 3451 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3452 run_bbp_write(sc, 66, agc); 3453 } else 3454 run_bbp_write(sc, 66, agc); 3455 } 3456 3457 static void 3458 run_select_chan_group(struct run_softc *sc, int group) 3459 { 3460 uint32_t tmp; 3461 uint8_t agc; 3462 3463 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3464 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3465 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3466 run_bbp_write(sc, 86, 0x00); 3467 3468 if (group == 0) { 3469 if (sc->ext_2ghz_lna) { 3470 run_bbp_write(sc, 82, 0x62); 3471 run_bbp_write(sc, 75, 0x46); 3472 } else { 3473 run_bbp_write(sc, 82, 0x84); 3474 run_bbp_write(sc, 75, 0x50); 3475 } 3476 } else { 3477 if (sc->mac_ver == 0x3572) 3478 run_bbp_write(sc, 82, 0x94); 3479 else 3480 run_bbp_write(sc, 82, 0xf2); 3481 if (sc->ext_5ghz_lna) 3482 run_bbp_write(sc, 75, 0x46); 3483 else 3484 run_bbp_write(sc, 75, 0x50); 3485 } 3486 3487 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3488 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3489 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3490 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3491 3492 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3493 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3494 if (sc->nrxchains > 1) 3495 tmp |= RT2860_LNA_PE1_EN; 3496 if (group == 0) { /* 2GHz */ 3497 tmp |= RT2860_PA_PE_G0_EN; 3498 if (sc->ntxchains > 1) 3499 tmp |= RT2860_PA_PE_G1_EN; 3500 } else { /* 5GHz */ 3501 tmp |= RT2860_PA_PE_A0_EN; 3502 if (sc->ntxchains > 1) 3503 tmp |= RT2860_PA_PE_A1_EN; 3504 } 3505 if (sc->mac_ver == 0x3572) { 3506 run_rt3070_rf_write(sc, 8, 0x00); 3507 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3508 run_rt3070_rf_write(sc, 8, 0x80); 3509 } else 3510 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3511 3512 /* set initial AGC value */ 3513 if (group == 0) { /* 2GHz band */ 3514 if (sc->mac_ver >= 0x3070) 3515 agc = 0x1c + sc->lna[0] * 2; 3516 else 3517 agc = 0x2e + sc->lna[0]; 3518 } else { /* 5GHz band */ 3519 if (sc->mac_ver == 0x3572) 3520 agc = 0x22 + (sc->lna[group] * 5) / 3; 3521 else 3522 agc = 0x32 + (sc->lna[group] * 5) / 3; 3523 } 3524 run_set_agc(sc, agc); 3525 } 3526 3527 static void 3528 run_rt2870_set_chan(struct run_softc *sc, uint32_t chan) 3529 { 3530 const struct rfprog *rfprog = rt2860_rf2850; 3531 uint32_t r2, r3, r4; 3532 int8_t txpow1, txpow2; 3533 int i; 3534 3535 /* find the settings for this channel (we know it exists) */ 3536 for (i = 0; rfprog[i].chan != chan; i++); 3537 3538 r2 = rfprog[i].r2; 3539 if (sc->ntxchains == 1) 3540 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 3541 if (sc->nrxchains == 1) 3542 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3543 else if (sc->nrxchains == 2) 3544 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 3545 3546 /* use Tx power values from EEPROM */ 3547 txpow1 = sc->txpow1[i]; 3548 txpow2 = sc->txpow2[i]; 3549 if (chan > 14) { 3550 if (txpow1 >= 0) 3551 txpow1 = txpow1 << 1 | 1; 3552 else 3553 txpow1 = (7 + txpow1) << 1; 3554 if (txpow2 >= 0) 3555 txpow2 = txpow2 << 1 | 1; 3556 else 3557 txpow2 = (7 + txpow2) << 1; 3558 } 3559 r3 = rfprog[i].r3 | txpow1 << 7; 3560 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 3561 3562 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3563 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3564 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3565 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3566 3567 run_delay(sc, 10); 3568 3569 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3570 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3571 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 3572 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3573 3574 run_delay(sc, 10); 3575 3576 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3577 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3578 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3579 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3580 } 3581 3582 static void 3583 run_rt3070_set_chan(struct run_softc *sc, uint32_t chan) 3584 { 3585 int8_t txpow1, txpow2; 3586 uint8_t rf; 3587 int i; 3588 3589 /* RT3070 is 2GHz only */ 3590 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n")); 3591 3592 /* find the settings for this channel (we know it exists) */ 3593 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3594 3595 /* use Tx power values from EEPROM */ 3596 txpow1 = sc->txpow1[i]; 3597 txpow2 = sc->txpow2[i]; 3598 3599 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3600 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3601 run_rt3070_rf_read(sc, 6, &rf); 3602 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3603 run_rt3070_rf_write(sc, 6, rf); 3604 3605 /* set Tx0 power */ 3606 run_rt3070_rf_read(sc, 12, &rf); 3607 rf = (rf & ~0x1f) | txpow1; 3608 run_rt3070_rf_write(sc, 12, rf); 3609 3610 /* set Tx1 power */ 3611 run_rt3070_rf_read(sc, 13, &rf); 3612 rf = (rf & ~0x1f) | txpow2; 3613 run_rt3070_rf_write(sc, 13, rf); 3614 3615 run_rt3070_rf_read(sc, 1, &rf); 3616 rf &= ~0xfc; 3617 if (sc->ntxchains == 1) 3618 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3619 else if (sc->ntxchains == 2) 3620 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3621 if (sc->nrxchains == 1) 3622 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3623 else if (sc->nrxchains == 2) 3624 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3625 run_rt3070_rf_write(sc, 1, rf); 3626 3627 /* set RF offset */ 3628 run_rt3070_rf_read(sc, 23, &rf); 3629 rf = (rf & ~0x7f) | sc->freq; 3630 run_rt3070_rf_write(sc, 23, rf); 3631 3632 /* program RF filter */ 3633 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3634 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3635 run_rt3070_rf_write(sc, 24, rf); 3636 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3637 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3638 run_rt3070_rf_write(sc, 31, rf); 3639 3640 /* enable RF tuning */ 3641 run_rt3070_rf_read(sc, 7, &rf); 3642 run_rt3070_rf_write(sc, 7, rf | 0x01); 3643 } 3644 3645 static void 3646 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3647 { 3648 int8_t txpow1, txpow2; 3649 uint32_t tmp; 3650 uint8_t rf; 3651 int i; 3652 3653 /* find the settings for this channel (we know it exists) */ 3654 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3655 3656 /* use Tx power values from EEPROM */ 3657 txpow1 = sc->txpow1[i]; 3658 txpow2 = sc->txpow2[i]; 3659 3660 if (chan <= 14) { 3661 run_bbp_write(sc, 25, sc->bbp25); 3662 run_bbp_write(sc, 26, sc->bbp26); 3663 } else { 3664 /* enable IQ phase correction */ 3665 run_bbp_write(sc, 25, 0x09); 3666 run_bbp_write(sc, 26, 0xff); 3667 } 3668 3669 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3670 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3671 run_rt3070_rf_read(sc, 6, &rf); 3672 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3673 rf |= (chan <= 14) ? 0x08 : 0x04; 3674 run_rt3070_rf_write(sc, 6, rf); 3675 3676 /* set PLL mode */ 3677 run_rt3070_rf_read(sc, 5, &rf); 3678 rf &= ~(0x08 | 0x04); 3679 rf |= (chan <= 14) ? 0x04 : 0x08; 3680 run_rt3070_rf_write(sc, 5, rf); 3681 3682 /* set Tx power for chain 0 */ 3683 if (chan <= 14) 3684 rf = 0x60 | txpow1; 3685 else 3686 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3687 run_rt3070_rf_write(sc, 12, rf); 3688 3689 /* set Tx power for chain 1 */ 3690 if (chan <= 14) 3691 rf = 0x60 | txpow2; 3692 else 3693 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3694 run_rt3070_rf_write(sc, 13, rf); 3695 3696 /* set Tx/Rx streams */ 3697 run_rt3070_rf_read(sc, 1, &rf); 3698 rf &= ~0xfc; 3699 if (sc->ntxchains == 1) 3700 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3701 else if (sc->ntxchains == 2) 3702 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3703 if (sc->nrxchains == 1) 3704 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3705 else if (sc->nrxchains == 2) 3706 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3707 run_rt3070_rf_write(sc, 1, rf); 3708 3709 /* set RF offset */ 3710 run_rt3070_rf_read(sc, 23, &rf); 3711 rf = (rf & ~0x7f) | sc->freq; 3712 run_rt3070_rf_write(sc, 23, rf); 3713 3714 /* program RF filter */ 3715 rf = sc->rf24_20mhz; 3716 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3717 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3718 3719 /* enable RF tuning */ 3720 run_rt3070_rf_read(sc, 7, &rf); 3721 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3722 run_rt3070_rf_write(sc, 7, rf); 3723 3724 /* TSSI */ 3725 rf = (chan <= 14) ? 0xc3 : 0xc0; 3726 run_rt3070_rf_write(sc, 9, rf); 3727 3728 /* set loop filter 1 */ 3729 run_rt3070_rf_write(sc, 10, 0xf1); 3730 /* set loop filter 2 */ 3731 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3732 3733 /* set tx_mx2_ic */ 3734 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3735 /* set tx_mx1_ic */ 3736 if (chan <= 14) 3737 rf = 0x48 | sc->txmixgain_2ghz; 3738 else 3739 rf = 0x78 | sc->txmixgain_5ghz; 3740 run_rt3070_rf_write(sc, 16, rf); 3741 3742 /* set tx_lo1 */ 3743 run_rt3070_rf_write(sc, 17, 0x23); 3744 /* set tx_lo2 */ 3745 if (chan <= 14) 3746 rf = 0x93; 3747 else if (chan <= 64) 3748 rf = 0xb7; 3749 else if (chan <= 128) 3750 rf = 0x74; 3751 else 3752 rf = 0x72; 3753 run_rt3070_rf_write(sc, 19, rf); 3754 3755 /* set rx_lo1 */ 3756 if (chan <= 14) 3757 rf = 0xb3; 3758 else if (chan <= 64) 3759 rf = 0xf6; 3760 else if (chan <= 128) 3761 rf = 0xf4; 3762 else 3763 rf = 0xf3; 3764 run_rt3070_rf_write(sc, 20, rf); 3765 3766 /* set pfd_delay */ 3767 if (chan <= 14) 3768 rf = 0x15; 3769 else if (chan <= 64) 3770 rf = 0x3d; 3771 else 3772 rf = 0x01; 3773 run_rt3070_rf_write(sc, 25, rf); 3774 3775 /* set rx_lo2 */ 3776 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 3777 /* set ldo_rf_vc */ 3778 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 3779 /* set drv_cc */ 3780 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 3781 3782 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3783 tmp &= ~0x8080; 3784 if (chan <= 14) 3785 tmp |= 0x80; 3786 run_write(sc, RT2860_GPIO_CTRL, tmp); 3787 3788 /* enable RF tuning */ 3789 run_rt3070_rf_read(sc, 7, &rf); 3790 run_rt3070_rf_write(sc, 7, rf | 0x01); 3791 3792 run_delay(sc, 2); 3793 } 3794 3795 static void 3796 run_set_rx_antenna(struct run_softc *sc, int aux) 3797 { 3798 uint32_t tmp; 3799 3800 if (aux) { 3801 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 3802 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3803 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 3804 } else { 3805 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 3806 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3807 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 3808 } 3809 } 3810 3811 static int 3812 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 3813 { 3814 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3815 uint32_t chan, group; 3816 3817 chan = ieee80211_chan2ieee(ic, c); 3818 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 3819 return (EINVAL); 3820 3821 if (sc->mac_ver == 0x3572) 3822 run_rt3572_set_chan(sc, chan); 3823 else if (sc->mac_ver >= 0x3070) 3824 run_rt3070_set_chan(sc, chan); 3825 else 3826 run_rt2870_set_chan(sc, chan); 3827 3828 /* determine channel group */ 3829 if (chan <= 14) 3830 group = 0; 3831 else if (chan <= 64) 3832 group = 1; 3833 else if (chan <= 128) 3834 group = 2; 3835 else 3836 group = 3; 3837 3838 /* XXX necessary only when group has changed! */ 3839 run_select_chan_group(sc, group); 3840 3841 run_delay(sc, 10); 3842 3843 return (0); 3844 } 3845 3846 static void 3847 run_set_channel(struct ieee80211com *ic) 3848 { 3849 struct run_softc *sc = ic->ic_ifp->if_softc; 3850 3851 RUN_LOCK(sc); 3852 run_set_chan(sc, ic->ic_curchan); 3853 RUN_UNLOCK(sc); 3854 3855 return; 3856 } 3857 3858 static void 3859 run_scan_start(struct ieee80211com *ic) 3860 { 3861 struct run_softc *sc = ic->ic_ifp->if_softc; 3862 uint32_t tmp; 3863 3864 RUN_LOCK(sc); 3865 3866 /* abort TSF synchronization */ 3867 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 3868 run_write(sc, RT2860_BCN_TIME_CFG, 3869 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 3870 RT2860_TBTT_TIMER_EN)); 3871 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 3872 3873 RUN_UNLOCK(sc); 3874 3875 return; 3876 } 3877 3878 static void 3879 run_scan_end(struct ieee80211com *ic) 3880 { 3881 struct run_softc *sc = ic->ic_ifp->if_softc; 3882 3883 RUN_LOCK(sc); 3884 3885 run_enable_tsf_sync(sc); 3886 /* XXX keep local copy */ 3887 run_set_bssid(sc, sc->sc_bssid); 3888 3889 RUN_UNLOCK(sc); 3890 3891 return; 3892 } 3893 3894 /* 3895 * Could be called from ieee80211_node_timeout() 3896 * (non-sleepable thread) 3897 */ 3898 static void 3899 run_update_beacon(struct ieee80211vap *vap, int item) 3900 { 3901 struct ieee80211com *ic = vap->iv_ic; 3902 struct run_softc *sc = ic->ic_ifp->if_softc; 3903 uint32_t i; 3904 3905 i = RUN_CMDQ_GET(&sc->cmdq_store); 3906 DPRINTF("cmdq_store=%d\n", i); 3907 sc->cmdq[i].func = run_update_beacon_cb; 3908 sc->cmdq[i].arg0 = vap; 3909 ieee80211_runtask(ic, &sc->cmdq_task); 3910 3911 return; 3912 } 3913 3914 static void 3915 run_update_beacon_cb(void *arg) 3916 { 3917 struct ieee80211vap *vap = arg; 3918 struct ieee80211com *ic = vap->iv_ic; 3919 struct run_softc *sc = ic->ic_ifp->if_softc; 3920 struct rt2860_txwi txwi; 3921 struct mbuf *m; 3922 uint8_t ridx; 3923 3924 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 3925 return; 3926 3927 if ((m = ieee80211_beacon_alloc(vap->iv_bss, &RUN_VAP(vap)->bo)) == NULL) 3928 return; 3929 3930 memset(&txwi, 0, sizeof txwi); 3931 txwi.wcid = 0xff; 3932 txwi.len = htole16(m->m_pkthdr.len); 3933 /* send beacons at the lowest available rate */ 3934 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3935 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3936 txwi.phy = htole16(rt2860_rates[ridx].mcs); 3937 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 3938 txwi.phy |= htole16(RT2860_PHY_OFDM); 3939 txwi.txop = RT2860_TX_TXOP_HT; 3940 txwi.flags = RT2860_TX_TS; 3941 txwi.xflags = RT2860_TX_NSEQ; 3942 3943 run_write_region_1(sc, RT2860_BCN_BASE(RUN_VAP(vap)->rvp_id), 3944 (uint8_t *)&txwi, sizeof txwi); 3945 run_write_region_1(sc, RT2860_BCN_BASE(RUN_VAP(vap)->rvp_id) + sizeof txwi, 3946 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */ 3947 3948 m_freem(m); 3949 3950 return; 3951 } 3952 3953 static void 3954 run_updateprot(struct ieee80211com *ic) 3955 { 3956 struct run_softc *sc = ic->ic_ifp->if_softc; 3957 uint32_t tmp; 3958 3959 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 3960 /* setup protection frame rate (MCS code) */ 3961 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 3962 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 3963 rt2860_rates[RT2860_RIDX_CCK11].mcs; 3964 3965 /* CCK frames don't require protection */ 3966 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 3967 if (ic->ic_flags & IEEE80211_F_USEPROT) { 3968 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 3969 tmp |= RT2860_PROT_CTRL_RTS_CTS; 3970 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 3971 tmp |= RT2860_PROT_CTRL_CTS; 3972 } 3973 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 3974 } 3975 3976 static void 3977 run_usb_timeout_cb(void *arg) 3978 { 3979 struct ieee80211vap *vap = arg; 3980 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 3981 3982 RUN_LOCK_ASSERT(sc, MA_OWNED); 3983 3984 if(vap->iv_state == IEEE80211_S_RUN && 3985 vap->iv_opmode != IEEE80211_M_STA) 3986 run_reset_livelock(sc); 3987 else if (vap->iv_state == IEEE80211_S_SCAN) { 3988 DPRINTF("timeout caused by scan\n"); 3989 /* cancel bgscan */ 3990 ieee80211_cancel_scan(vap); 3991 } else 3992 DPRINTF("timeout by unknown cause\n"); 3993 } 3994 3995 static void 3996 run_reset_livelock(struct run_softc *sc) 3997 { 3998 uint32_t tmp; 3999 4000 RUN_LOCK_ASSERT(sc, MA_OWNED); 4001 4002 /* 4003 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4004 * can run into a livelock and start sending CTS-to-self frames like 4005 * crazy if protection is enabled. Reset MAC/BBP for a while 4006 */ 4007 run_read(sc, RT2860_DEBUG, &tmp); 4008 DPRINTFN(3, "debug reg %08x\n", tmp); 4009 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4010 DPRINTF("CTS-to-self livelock detected\n"); 4011 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4012 run_delay(sc, 1); 4013 run_write(sc, RT2860_MAC_SYS_CTRL, 4014 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4015 } 4016 } 4017 4018 static void 4019 run_update_promisc_locked(struct ifnet *ifp) 4020 { 4021 struct run_softc *sc = ifp->if_softc; 4022 uint32_t tmp; 4023 4024 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4025 4026 tmp |= RT2860_DROP_UC_NOME; 4027 if (ifp->if_flags & IFF_PROMISC) 4028 tmp &= ~RT2860_DROP_UC_NOME; 4029 4030 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4031 4032 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4033 "entering" : "leaving"); 4034 } 4035 4036 static void 4037 run_update_promisc(struct ifnet *ifp) 4038 { 4039 struct run_softc *sc = ifp->if_softc; 4040 4041 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4042 return; 4043 4044 RUN_LOCK(sc); 4045 run_update_promisc_locked(ifp); 4046 RUN_UNLOCK(sc); 4047 } 4048 4049 static void 4050 run_enable_tsf_sync(struct run_softc *sc) 4051 { 4052 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4053 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4054 uint32_t tmp; 4055 4056 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode); 4057 4058 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4059 tmp &= ~0x1fffff; 4060 tmp |= vap->iv_bss->ni_intval * 16; 4061 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4062 4063 if (ic->ic_opmode == IEEE80211_M_STA) { 4064 /* 4065 * Local TSF is always updated with remote TSF on beacon 4066 * reception. 4067 */ 4068 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4069 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4070 tmp |= RT2860_BCN_TX_EN; 4071 /* 4072 * Local TSF is updated with remote TSF on beacon reception 4073 * only if the remote TSF is greater than local TSF. 4074 */ 4075 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4076 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4077 ic->ic_opmode == IEEE80211_M_MBSS) { 4078 tmp |= RT2860_BCN_TX_EN; 4079 /* SYNC with nobody */ 4080 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4081 } else { 4082 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4083 return; 4084 } 4085 4086 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4087 } 4088 4089 static void 4090 run_enable_mrr(struct run_softc *sc) 4091 { 4092 #define CCK(mcs) (mcs) 4093 #define OFDM(mcs) (1 << 3 | (mcs)) 4094 run_write(sc, RT2860_LG_FBK_CFG0, 4095 OFDM(6) << 28 | /* 54->48 */ 4096 OFDM(5) << 24 | /* 48->36 */ 4097 OFDM(4) << 20 | /* 36->24 */ 4098 OFDM(3) << 16 | /* 24->18 */ 4099 OFDM(2) << 12 | /* 18->12 */ 4100 OFDM(1) << 8 | /* 12-> 9 */ 4101 OFDM(0) << 4 | /* 9-> 6 */ 4102 OFDM(0)); /* 6-> 6 */ 4103 4104 run_write(sc, RT2860_LG_FBK_CFG1, 4105 CCK(2) << 12 | /* 11->5.5 */ 4106 CCK(1) << 8 | /* 5.5-> 2 */ 4107 CCK(0) << 4 | /* 2-> 1 */ 4108 CCK(0)); /* 1-> 1 */ 4109 #undef OFDM 4110 #undef CCK 4111 } 4112 4113 static void 4114 run_set_txpreamble(struct run_softc *sc) 4115 { 4116 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4117 uint32_t tmp; 4118 4119 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4120 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4121 tmp |= RT2860_CCK_SHORT_EN; 4122 else 4123 tmp &= ~RT2860_CCK_SHORT_EN; 4124 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4125 } 4126 4127 static void 4128 run_set_basicrates(struct run_softc *sc) 4129 { 4130 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4131 4132 /* set basic rates mask */ 4133 if (ic->ic_curmode == IEEE80211_MODE_11B) 4134 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4135 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4136 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4137 else /* 11g */ 4138 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4139 } 4140 4141 static void 4142 run_set_leds(struct run_softc *sc, uint16_t which) 4143 { 4144 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4145 which | (sc->leds & 0x7f)); 4146 } 4147 4148 static void 4149 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4150 { 4151 run_write(sc, RT2860_MAC_BSSID_DW0, 4152 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4153 run_write(sc, RT2860_MAC_BSSID_DW1, 4154 bssid[4] | bssid[5] << 8); 4155 } 4156 4157 static void 4158 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4159 { 4160 run_write(sc, RT2860_MAC_ADDR_DW0, 4161 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4162 run_write(sc, RT2860_MAC_ADDR_DW1, 4163 addr[4] | addr[5] << 8 | 0xff << 16); 4164 } 4165 4166 /* ARGSUSED */ 4167 static void 4168 run_updateslot(struct ifnet *ifp) 4169 { 4170 struct run_softc *sc = ifp->if_softc; 4171 struct ieee80211com *ic = ifp->if_l2com; 4172 uint32_t tmp; 4173 4174 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4175 tmp &= ~0xff; 4176 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4177 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4178 } 4179 4180 static void 4181 run_update_mcast(struct ifnet *ifp) 4182 { 4183 /* h/w filter supports getting everything or nothing */ 4184 ifp->if_flags |= IFF_ALLMULTI; 4185 } 4186 4187 static int8_t 4188 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4189 { 4190 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4191 struct ieee80211_channel *c = ic->ic_curchan; 4192 int delta; 4193 4194 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4195 uint32_t chan = ieee80211_chan2ieee(ic, c); 4196 delta = sc->rssi_5ghz[rxchain]; 4197 4198 /* determine channel group */ 4199 if (chan <= 64) 4200 delta -= sc->lna[1]; 4201 else if (chan <= 128) 4202 delta -= sc->lna[2]; 4203 else 4204 delta -= sc->lna[3]; 4205 } else 4206 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4207 4208 return (-12 - delta - rssi); 4209 } 4210 4211 static int 4212 run_bbp_init(struct run_softc *sc) 4213 { 4214 int i, error, ntries; 4215 uint8_t bbp0; 4216 4217 /* wait for BBP to wake up */ 4218 for (ntries = 0; ntries < 20; ntries++) { 4219 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4220 return error; 4221 if (bbp0 != 0 && bbp0 != 0xff) 4222 break; 4223 } 4224 if (ntries == 20) 4225 return (ETIMEDOUT); 4226 4227 /* initialize BBP registers to default values */ 4228 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 4229 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4230 rt2860_def_bbp[i].val); 4231 } 4232 4233 /* fix BBP84 for RT2860E */ 4234 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4235 run_bbp_write(sc, 84, 0x19); 4236 4237 if (sc->mac_ver >= 0x3070) { 4238 run_bbp_write(sc, 79, 0x13); 4239 run_bbp_write(sc, 80, 0x05); 4240 run_bbp_write(sc, 81, 0x33); 4241 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4242 run_bbp_write(sc, 69, 0x16); 4243 run_bbp_write(sc, 73, 0x12); 4244 } 4245 return (0); 4246 } 4247 4248 static int 4249 run_rt3070_rf_init(struct run_softc *sc) 4250 { 4251 uint32_t tmp; 4252 uint8_t rf, target, bbp4; 4253 int i; 4254 4255 run_rt3070_rf_read(sc, 30, &rf); 4256 /* toggle RF R30 bit 7 */ 4257 run_rt3070_rf_write(sc, 30, rf | 0x80); 4258 run_delay(sc, 10); 4259 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4260 4261 /* initialize RF registers to default value */ 4262 if (sc->mac_ver == 0x3572) { 4263 for (i = 0; i < nitems(rt3572_def_rf); i++) { 4264 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4265 rt3572_def_rf[i].val); 4266 } 4267 } else { 4268 for (i = 0; i < nitems(rt3070_def_rf); i++) { 4269 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4270 rt3070_def_rf[i].val); 4271 } 4272 } 4273 4274 if (sc->mac_ver == 0x3070) { 4275 /* change voltage from 1.2V to 1.35V for RT3070 */ 4276 run_read(sc, RT3070_LDO_CFG0, &tmp); 4277 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4278 run_write(sc, RT3070_LDO_CFG0, tmp); 4279 4280 } else if (sc->mac_ver == 0x3071) { 4281 run_rt3070_rf_read(sc, 6, &rf); 4282 run_rt3070_rf_write(sc, 6, rf | 0x40); 4283 run_rt3070_rf_write(sc, 31, 0x14); 4284 4285 run_read(sc, RT3070_LDO_CFG0, &tmp); 4286 tmp &= ~0x1f000000; 4287 if (sc->mac_rev < 0x0211) 4288 tmp |= 0x0d000000; /* 1.3V */ 4289 else 4290 tmp |= 0x01000000; /* 1.2V */ 4291 run_write(sc, RT3070_LDO_CFG0, tmp); 4292 4293 /* patch LNA_PE_G1 */ 4294 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4295 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4296 4297 } else if (sc->mac_ver == 0x3572) { 4298 run_rt3070_rf_read(sc, 6, &rf); 4299 run_rt3070_rf_write(sc, 6, rf | 0x40); 4300 4301 /* increase voltage from 1.2V to 1.35V */ 4302 run_read(sc, RT3070_LDO_CFG0, &tmp); 4303 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4304 run_write(sc, RT3070_LDO_CFG0, tmp); 4305 4306 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4307 run_delay(sc, 1); /* wait for 1msec */ 4308 /* decrease voltage back to 1.2V */ 4309 tmp = (tmp & ~0x1f000000) | 0x01000000; 4310 run_write(sc, RT3070_LDO_CFG0, tmp); 4311 } 4312 } 4313 4314 /* select 20MHz bandwidth */ 4315 run_rt3070_rf_read(sc, 31, &rf); 4316 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4317 4318 /* calibrate filter for 20MHz bandwidth */ 4319 sc->rf24_20mhz = 0x1f; /* default value */ 4320 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4321 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4322 4323 /* select 40MHz bandwidth */ 4324 run_bbp_read(sc, 4, &bbp4); 4325 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10); 4326 run_rt3070_rf_read(sc, 31, &rf); 4327 run_rt3070_rf_write(sc, 31, rf | 0x20); 4328 4329 /* calibrate filter for 40MHz bandwidth */ 4330 sc->rf24_40mhz = 0x2f; /* default value */ 4331 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4332 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4333 4334 /* go back to 20MHz bandwidth */ 4335 run_bbp_read(sc, 4, &bbp4); 4336 run_bbp_write(sc, 4, bbp4 & ~0x18); 4337 4338 if (sc->mac_ver == 0x3572) { 4339 /* save default BBP registers 25 and 26 values */ 4340 run_bbp_read(sc, 25, &sc->bbp25); 4341 run_bbp_read(sc, 26, &sc->bbp26); 4342 } else if (sc->mac_rev < 0x0211) 4343 run_rt3070_rf_write(sc, 27, 0x03); 4344 4345 run_read(sc, RT3070_OPT_14, &tmp); 4346 run_write(sc, RT3070_OPT_14, tmp | 1); 4347 4348 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4349 run_rt3070_rf_read(sc, 17, &rf); 4350 rf &= ~RT3070_TX_LO1; 4351 if ((sc->mac_ver == 0x3070 || 4352 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4353 !sc->ext_2ghz_lna) 4354 rf |= 0x20; /* fix for long range Rx issue */ 4355 if (sc->txmixgain_2ghz >= 1) 4356 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4357 run_rt3070_rf_write(sc, 17, rf); 4358 } 4359 4360 if (sc->mac_rev == 0x3071) { 4361 run_rt3070_rf_read(sc, 1, &rf); 4362 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4363 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4364 run_rt3070_rf_write(sc, 1, rf); 4365 4366 run_rt3070_rf_read(sc, 15, &rf); 4367 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4368 4369 run_rt3070_rf_read(sc, 20, &rf); 4370 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4371 4372 run_rt3070_rf_read(sc, 21, &rf); 4373 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4374 } 4375 4376 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4377 /* fix Tx to Rx IQ glitch by raising RF voltage */ 4378 run_rt3070_rf_read(sc, 27, &rf); 4379 rf &= ~0x77; 4380 if (sc->mac_rev < 0x0211) 4381 rf |= 0x03; 4382 run_rt3070_rf_write(sc, 27, rf); 4383 } 4384 return (0); 4385 } 4386 4387 static int 4388 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 4389 uint8_t *val) 4390 { 4391 uint8_t rf22, rf24; 4392 uint8_t bbp55_pb, bbp55_sb, delta; 4393 int ntries; 4394 4395 /* program filter */ 4396 run_rt3070_rf_read(sc, 24, &rf24); 4397 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 4398 run_rt3070_rf_write(sc, 24, rf24); 4399 4400 /* enable baseband loopback mode */ 4401 run_rt3070_rf_read(sc, 22, &rf22); 4402 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 4403 4404 /* set power and frequency of passband test tone */ 4405 run_bbp_write(sc, 24, 0x00); 4406 for (ntries = 0; ntries < 100; ntries++) { 4407 /* transmit test tone */ 4408 run_bbp_write(sc, 25, 0x90); 4409 run_delay(sc, 10); 4410 /* read received power */ 4411 run_bbp_read(sc, 55, &bbp55_pb); 4412 if (bbp55_pb != 0) 4413 break; 4414 } 4415 if (ntries == 100) 4416 return ETIMEDOUT; 4417 4418 /* set power and frequency of stopband test tone */ 4419 run_bbp_write(sc, 24, 0x06); 4420 for (ntries = 0; ntries < 100; ntries++) { 4421 /* transmit test tone */ 4422 run_bbp_write(sc, 25, 0x90); 4423 run_delay(sc, 10); 4424 /* read received power */ 4425 run_bbp_read(sc, 55, &bbp55_sb); 4426 4427 delta = bbp55_pb - bbp55_sb; 4428 if (delta > target) 4429 break; 4430 4431 /* reprogram filter */ 4432 rf24++; 4433 run_rt3070_rf_write(sc, 24, rf24); 4434 } 4435 if (ntries < 100) { 4436 if (rf24 != init) 4437 rf24--; /* backtrack */ 4438 *val = rf24; 4439 run_rt3070_rf_write(sc, 24, rf24); 4440 } 4441 4442 /* restore initial state */ 4443 run_bbp_write(sc, 24, 0x00); 4444 4445 /* disable baseband loopback mode */ 4446 run_rt3070_rf_read(sc, 22, &rf22); 4447 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 4448 4449 return (0); 4450 } 4451 4452 static void 4453 run_rt3070_rf_setup(struct run_softc *sc) 4454 { 4455 uint8_t bbp, rf; 4456 int i; 4457 4458 if (sc->mac_ver == 0x3572) { 4459 /* enable DC filter */ 4460 if (sc->mac_rev >= 0x0201) 4461 run_bbp_write(sc, 103, 0xc0); 4462 4463 run_bbp_read(sc, 138, &bbp); 4464 if (sc->ntxchains == 1) 4465 bbp |= 0x20; /* turn off DAC1 */ 4466 if (sc->nrxchains == 1) 4467 bbp &= ~0x02; /* turn off ADC1 */ 4468 run_bbp_write(sc, 138, bbp); 4469 4470 if (sc->mac_rev >= 0x0211) { 4471 /* improve power consumption */ 4472 run_bbp_read(sc, 31, &bbp); 4473 run_bbp_write(sc, 31, bbp & ~0x03); 4474 } 4475 4476 run_rt3070_rf_read(sc, 16, &rf); 4477 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 4478 run_rt3070_rf_write(sc, 16, rf); 4479 4480 } else if (sc->mac_ver == 0x3071) { 4481 /* enable DC filter */ 4482 if (sc->mac_rev >= 0x0201) 4483 run_bbp_write(sc, 103, 0xc0); 4484 4485 run_bbp_read(sc, 138, &bbp); 4486 if (sc->ntxchains == 1) 4487 bbp |= 0x20; /* turn off DAC1 */ 4488 if (sc->nrxchains == 1) 4489 bbp &= ~0x02; /* turn off ADC1 */ 4490 run_bbp_write(sc, 138, bbp); 4491 4492 if (sc->mac_rev >= 0x0211) { 4493 /* improve power consumption */ 4494 run_bbp_read(sc, 31, &bbp); 4495 run_bbp_write(sc, 31, bbp & ~0x03); 4496 } 4497 4498 run_write(sc, RT2860_TX_SW_CFG1, 0); 4499 if (sc->mac_rev < 0x0211) { 4500 run_write(sc, RT2860_TX_SW_CFG2, 4501 sc->patch_dac ? 0x2c : 0x0f); 4502 } else 4503 run_write(sc, RT2860_TX_SW_CFG2, 0); 4504 4505 } else if (sc->mac_ver == 0x3070) { 4506 if (sc->mac_rev >= 0x0201) { 4507 /* enable DC filter */ 4508 run_bbp_write(sc, 103, 0xc0); 4509 4510 /* improve power consumption */ 4511 run_bbp_read(sc, 31, &bbp); 4512 run_bbp_write(sc, 31, bbp & ~0x03); 4513 } 4514 4515 if (sc->mac_rev < 0x0211) { 4516 run_write(sc, RT2860_TX_SW_CFG1, 0); 4517 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 4518 } else 4519 run_write(sc, RT2860_TX_SW_CFG2, 0); 4520 } 4521 4522 /* initialize RF registers from ROM for >=RT3071*/ 4523 if (sc->mac_ver >= 0x3071) { 4524 for (i = 0; i < 10; i++) { 4525 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 4526 continue; 4527 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 4528 } 4529 } 4530 } 4531 4532 static int 4533 run_txrx_enable(struct run_softc *sc) 4534 { 4535 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4536 uint32_t tmp; 4537 int error, ntries; 4538 4539 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 4540 for (ntries = 0; ntries < 200; ntries++) { 4541 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 4542 return error; 4543 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4544 break; 4545 run_delay(sc, 50); 4546 } 4547 if (ntries == 200) 4548 return ETIMEDOUT; 4549 4550 run_delay(sc, 50); 4551 4552 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 4553 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4554 4555 /* enable Rx bulk aggregation (set timeout and limit) */ 4556 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 4557 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 4558 run_write(sc, RT2860_USB_DMA_CFG, tmp); 4559 4560 /* set Rx filter */ 4561 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 4562 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 4563 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 4564 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 4565 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 4566 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 4567 if (ic->ic_opmode == IEEE80211_M_STA) 4568 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 4569 } 4570 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4571 4572 run_write(sc, RT2860_MAC_SYS_CTRL, 4573 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4574 4575 return (0); 4576 } 4577 4578 static void 4579 run_init_locked(struct run_softc *sc) 4580 { 4581 struct ifnet *ifp = sc->sc_ifp; 4582 struct ieee80211com *ic = ifp->if_l2com; 4583 uint32_t tmp; 4584 uint8_t bbp1, bbp3; 4585 int i; 4586 int ridx; 4587 int ntries; 4588 4589 if (ic->ic_nrunning > 1) 4590 return; 4591 4592 run_stop(sc); 4593 4594 for (ntries = 0; ntries < 100; ntries++) { 4595 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 4596 goto fail; 4597 if (tmp != 0 && tmp != 0xffffffff) 4598 break; 4599 run_delay(sc, 10); 4600 } 4601 if (ntries == 100) 4602 goto fail; 4603 4604 for (i = 0; i != RUN_EP_QUEUES; i++) 4605 run_setup_tx_list(sc, &sc->sc_epq[i]); 4606 4607 run_set_macaddr(sc, IF_LLADDR(ifp)); 4608 4609 for (ntries = 0; ntries < 100; ntries++) { 4610 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 4611 goto fail; 4612 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4613 break; 4614 run_delay(sc, 10); 4615 } 4616 if (ntries == 100) { 4617 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 4618 goto fail; 4619 } 4620 tmp &= 0xff0; 4621 tmp |= RT2860_TX_WB_DDONE; 4622 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4623 4624 /* turn off PME_OEN to solve high-current issue */ 4625 run_read(sc, RT2860_SYS_CTRL, &tmp); 4626 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 4627 4628 run_write(sc, RT2860_MAC_SYS_CTRL, 4629 RT2860_BBP_HRST | RT2860_MAC_SRST); 4630 run_write(sc, RT2860_USB_DMA_CFG, 0); 4631 4632 if (run_reset(sc) != 0) { 4633 device_printf(sc->sc_dev, "could not reset chipset\n"); 4634 goto fail; 4635 } 4636 4637 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4638 4639 /* init Tx power for all Tx rates (from EEPROM) */ 4640 for (ridx = 0; ridx < 5; ridx++) { 4641 if (sc->txpow20mhz[ridx] == 0xffffffff) 4642 continue; 4643 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 4644 } 4645 4646 for (i = 0; i < nitems(rt2870_def_mac); i++) 4647 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 4648 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 4649 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 4650 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 4651 4652 if (sc->mac_ver >= 0x3070) { 4653 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 4654 run_write(sc, RT2860_TX_SW_CFG0, 4655 4 << RT2860_DLY_PAPE_EN_SHIFT); 4656 } 4657 4658 /* wait while MAC is busy */ 4659 for (ntries = 0; ntries < 100; ntries++) { 4660 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 4661 goto fail; 4662 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 4663 break; 4664 run_delay(sc, 10); 4665 } 4666 if (ntries == 100) 4667 goto fail; 4668 4669 /* clear Host to MCU mailbox */ 4670 run_write(sc, RT2860_H2M_BBPAGENT, 0); 4671 run_write(sc, RT2860_H2M_MAILBOX, 0); 4672 run_delay(sc, 10); 4673 4674 if (run_bbp_init(sc) != 0) { 4675 device_printf(sc->sc_dev, "could not initialize BBP\n"); 4676 goto fail; 4677 } 4678 4679 /* abort TSF synchronization */ 4680 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4681 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4682 RT2860_TBTT_TIMER_EN); 4683 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4684 4685 /* clear RX WCID search table */ 4686 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 4687 /* clear WCID attribute table */ 4688 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 4689 4690 /* hostapd sets a key before init. So, don't clear it. */ 4691 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 4692 /* clear shared key table */ 4693 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 4694 /* clear shared key mode */ 4695 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 4696 } 4697 4698 run_read(sc, RT2860_US_CYC_CNT, &tmp); 4699 tmp = (tmp & ~0xff) | 0x1e; 4700 run_write(sc, RT2860_US_CYC_CNT, tmp); 4701 4702 if (sc->mac_rev != 0x0101) 4703 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 4704 4705 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 4706 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 4707 4708 /* write vendor-specific BBP values (from EEPROM) */ 4709 for (i = 0; i < 10; i++) { 4710 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 4711 continue; 4712 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 4713 } 4714 4715 /* select Main antenna for 1T1R devices */ 4716 if (sc->rf_rev == RT3070_RF_3020) 4717 run_set_rx_antenna(sc, 0); 4718 4719 /* send LEDs operating mode to microcontroller */ 4720 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 4721 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 4722 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 4723 4724 if (sc->mac_ver >= 0x3070) 4725 run_rt3070_rf_init(sc); 4726 4727 /* disable non-existing Rx chains */ 4728 run_bbp_read(sc, 3, &bbp3); 4729 bbp3 &= ~(1 << 3 | 1 << 4); 4730 if (sc->nrxchains == 2) 4731 bbp3 |= 1 << 3; 4732 else if (sc->nrxchains == 3) 4733 bbp3 |= 1 << 4; 4734 run_bbp_write(sc, 3, bbp3); 4735 4736 /* disable non-existing Tx chains */ 4737 run_bbp_read(sc, 1, &bbp1); 4738 if (sc->ntxchains == 1) 4739 bbp1 &= ~(1 << 3 | 1 << 4); 4740 run_bbp_write(sc, 1, bbp1); 4741 4742 if (sc->mac_ver >= 0x3070) 4743 run_rt3070_rf_setup(sc); 4744 4745 /* select default channel */ 4746 run_set_chan(sc, ic->ic_curchan); 4747 4748 /* setup initial protection mode */ 4749 run_updateprot(ic); 4750 4751 /* turn radio LED on */ 4752 run_set_leds(sc, RT2860_LED_RADIO); 4753 4754 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4755 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4756 sc->cmdq_run = RUN_CMDQ_GO; 4757 4758 for (i = 0; i != RUN_N_XFER; i++) 4759 usbd_xfer_set_stall(sc->sc_xfer[i]); 4760 4761 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 4762 4763 if (run_txrx_enable(sc) != 0) 4764 goto fail; 4765 4766 return; 4767 4768 fail: 4769 run_stop(sc); 4770 } 4771 4772 static void 4773 run_init(void *arg) 4774 { 4775 struct run_softc *sc = arg; 4776 struct ifnet *ifp = sc->sc_ifp; 4777 struct ieee80211com *ic = ifp->if_l2com; 4778 4779 RUN_LOCK(sc); 4780 run_init_locked(sc); 4781 RUN_UNLOCK(sc); 4782 4783 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4784 ieee80211_start_all(ic); 4785 } 4786 4787 static void 4788 run_stop(void *arg) 4789 { 4790 struct run_softc *sc = (struct run_softc *)arg; 4791 struct ifnet *ifp = sc->sc_ifp; 4792 uint32_t tmp; 4793 int i; 4794 int ntries; 4795 4796 RUN_LOCK_ASSERT(sc, MA_OWNED); 4797 4798 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4799 run_set_leds(sc, 0); /* turn all LEDs off */ 4800 4801 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 4802 4803 sc->ratectl_run = RUN_RATECTL_OFF; 4804 sc->cmdq_run = sc->cmdq_key_set; 4805 4806 RUN_UNLOCK(sc); 4807 4808 for(i = 0; i < RUN_N_XFER; i++) 4809 usbd_transfer_drain(sc->sc_xfer[i]); 4810 4811 RUN_LOCK(sc); 4812 4813 if (sc->rx_m != NULL) { 4814 m_free(sc->rx_m); 4815 sc->rx_m = NULL; 4816 } 4817 4818 /* disable Tx/Rx */ 4819 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 4820 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4821 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 4822 4823 /* wait for pending Tx to complete */ 4824 for (ntries = 0; ntries < 100; ntries++) { 4825 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 4826 DPRINTF("Cannot read Tx queue count\n"); 4827 break; 4828 } 4829 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 4830 DPRINTF("All Tx cleared\n"); 4831 break; 4832 } 4833 run_delay(sc, 10); 4834 } 4835 if (ntries >= 100) 4836 DPRINTF("There are still pending Tx\n"); 4837 run_delay(sc, 10); 4838 run_write(sc, RT2860_USB_DMA_CFG, 0); 4839 4840 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4841 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4842 4843 for (i = 0; i != RUN_EP_QUEUES; i++) 4844 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 4845 4846 return; 4847 } 4848 4849 static void 4850 run_delay(struct run_softc *sc, unsigned int ms) 4851 { 4852 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 4853 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 4854 } 4855 4856 static device_method_t run_methods[] = { 4857 /* Device interface */ 4858 DEVMETHOD(device_probe, run_match), 4859 DEVMETHOD(device_attach, run_attach), 4860 DEVMETHOD(device_detach, run_detach), 4861 4862 { 0, 0 } 4863 }; 4864 4865 static driver_t run_driver = { 4866 "run", 4867 run_methods, 4868 sizeof(struct run_softc) 4869 }; 4870 4871 static devclass_t run_devclass; 4872 4873 DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0); 4874