1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/cdefs.h> 20 __FBSDID("$FreeBSD$"); 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mutex.h> 32 #include <sys/mbuf.h> 33 #include <sys/kernel.h> 34 #include <sys/socket.h> 35 #include <sys/systm.h> 36 #include <sys/malloc.h> 37 #include <sys/module.h> 38 #include <sys/bus.h> 39 #include <sys/endian.h> 40 #include <sys/linker.h> 41 #include <sys/firmware.h> 42 #include <sys/kdb.h> 43 44 #include <machine/bus.h> 45 #include <machine/resource.h> 46 #include <sys/rman.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_arp.h> 51 #include <net/ethernet.h> 52 #include <net/if_dl.h> 53 #include <net/if_media.h> 54 #include <net/if_types.h> 55 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/if_ether.h> 60 #include <netinet/ip.h> 61 62 #include <net80211/ieee80211_var.h> 63 #include <net80211/ieee80211_regdomain.h> 64 #include <net80211/ieee80211_radiotap.h> 65 #include <net80211/ieee80211_ratectl.h> 66 67 #include <dev/usb/usb.h> 68 #include <dev/usb/usbdi.h> 69 #include "usbdevs.h" 70 71 #define USB_DEBUG_VAR run_debug 72 #include <dev/usb/usb_debug.h> 73 74 #include <dev/usb/wlan/if_runreg.h> 75 #include <dev/usb/wlan/if_runvar.h> 76 77 #define N(_a) ((int)(sizeof((_a)) / sizeof((_a)[0]))) 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88 #endif 89 90 #define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS, USB_N53), 140 RUN_DEV(ASUS2, USBN11), 141 RUN_DEV(AZUREWAVE, RT2870_1), 142 RUN_DEV(AZUREWAVE, RT2870_2), 143 RUN_DEV(AZUREWAVE, RT3070_1), 144 RUN_DEV(AZUREWAVE, RT3070_2), 145 RUN_DEV(AZUREWAVE, RT3070_3), 146 RUN_DEV(BELKIN, F5D8053V3), 147 RUN_DEV(BELKIN, F5D8055), 148 RUN_DEV(BELKIN, F5D8055V2), 149 RUN_DEV(BELKIN, F6D4050V1), 150 RUN_DEV(BELKIN, RT2870_1), 151 RUN_DEV(BELKIN, RT2870_2), 152 RUN_DEV(CISCOLINKSYS, AE1000), 153 RUN_DEV(CISCOLINKSYS2, RT3070), 154 RUN_DEV(CISCOLINKSYS3, RT3070), 155 RUN_DEV(CONCEPTRONIC2, RT2870_1), 156 RUN_DEV(CONCEPTRONIC2, RT2870_2), 157 RUN_DEV(CONCEPTRONIC2, RT2870_3), 158 RUN_DEV(CONCEPTRONIC2, RT2870_4), 159 RUN_DEV(CONCEPTRONIC2, RT2870_5), 160 RUN_DEV(CONCEPTRONIC2, RT2870_6), 161 RUN_DEV(CONCEPTRONIC2, RT2870_7), 162 RUN_DEV(CONCEPTRONIC2, RT2870_8), 163 RUN_DEV(CONCEPTRONIC2, RT3070_1), 164 RUN_DEV(CONCEPTRONIC2, RT3070_2), 165 RUN_DEV(CONCEPTRONIC2, VIGORN61), 166 RUN_DEV(COREGA, CGWLUSB300GNM), 167 RUN_DEV(COREGA, RT2870_1), 168 RUN_DEV(COREGA, RT2870_2), 169 RUN_DEV(COREGA, RT2870_3), 170 RUN_DEV(COREGA, RT3070), 171 RUN_DEV(CYBERTAN, RT2870), 172 RUN_DEV(DLINK, RT2870), 173 RUN_DEV(DLINK, RT3072), 174 RUN_DEV(DLINK2, DWA130), 175 RUN_DEV(DLINK2, RT2870_1), 176 RUN_DEV(DLINK2, RT2870_2), 177 RUN_DEV(DLINK2, RT3070_1), 178 RUN_DEV(DLINK2, RT3070_2), 179 RUN_DEV(DLINK2, RT3070_3), 180 RUN_DEV(DLINK2, RT3070_4), 181 RUN_DEV(DLINK2, RT3070_5), 182 RUN_DEV(DLINK2, RT3072), 183 RUN_DEV(DLINK2, RT3072_1), 184 RUN_DEV(EDIMAX, EW7717), 185 RUN_DEV(EDIMAX, EW7718), 186 RUN_DEV(EDIMAX, RT2870_1), 187 RUN_DEV(ENCORE, RT3070_1), 188 RUN_DEV(ENCORE, RT3070_2), 189 RUN_DEV(ENCORE, RT3070_3), 190 RUN_DEV(GIGABYTE, GNWB31N), 191 RUN_DEV(GIGABYTE, GNWB32L), 192 RUN_DEV(GIGABYTE, RT2870_1), 193 RUN_DEV(GIGASET, RT3070_1), 194 RUN_DEV(GIGASET, RT3070_2), 195 RUN_DEV(GUILLEMOT, HWNU300), 196 RUN_DEV(HAWKING, HWUN2), 197 RUN_DEV(HAWKING, RT2870_1), 198 RUN_DEV(HAWKING, RT2870_2), 199 RUN_DEV(HAWKING, RT3070), 200 RUN_DEV(IODATA, RT3072_1), 201 RUN_DEV(IODATA, RT3072_2), 202 RUN_DEV(IODATA, RT3072_3), 203 RUN_DEV(IODATA, RT3072_4), 204 RUN_DEV(LINKSYS4, RT3070), 205 RUN_DEV(LINKSYS4, WUSB100), 206 RUN_DEV(LINKSYS4, WUSB54GCV3), 207 RUN_DEV(LINKSYS4, WUSB600N), 208 RUN_DEV(LINKSYS4, WUSB600NV2), 209 RUN_DEV(LOGITEC, RT2870_1), 210 RUN_DEV(LOGITEC, RT2870_2), 211 RUN_DEV(LOGITEC, RT2870_3), 212 RUN_DEV(LOGITEC, LANW300NU2), 213 RUN_DEV(LOGITEC, LANW150NU2), 214 RUN_DEV(MELCO, RT2870_1), 215 RUN_DEV(MELCO, RT2870_2), 216 RUN_DEV(MELCO, WLIUCAG300N), 217 RUN_DEV(MELCO, WLIUCG300N), 218 RUN_DEV(MELCO, WLIUCG301N), 219 RUN_DEV(MELCO, WLIUCGN), 220 RUN_DEV(MELCO, WLIUCGNM), 221 RUN_DEV(MELCO, WLIUCGNM2), 222 RUN_DEV(MOTOROLA4, RT2770), 223 RUN_DEV(MOTOROLA4, RT3070), 224 RUN_DEV(MSI, RT3070_1), 225 RUN_DEV(MSI, RT3070_2), 226 RUN_DEV(MSI, RT3070_3), 227 RUN_DEV(MSI, RT3070_4), 228 RUN_DEV(MSI, RT3070_5), 229 RUN_DEV(MSI, RT3070_6), 230 RUN_DEV(MSI, RT3070_7), 231 RUN_DEV(MSI, RT3070_8), 232 RUN_DEV(MSI, RT3070_9), 233 RUN_DEV(MSI, RT3070_10), 234 RUN_DEV(MSI, RT3070_11), 235 RUN_DEV(OVISLINK, RT3072), 236 RUN_DEV(PARA, RT3070), 237 RUN_DEV(PEGATRON, RT2870), 238 RUN_DEV(PEGATRON, RT3070), 239 RUN_DEV(PEGATRON, RT3070_2), 240 RUN_DEV(PEGATRON, RT3070_3), 241 RUN_DEV(PHILIPS, RT2870), 242 RUN_DEV(PLANEX2, GWUS300MINIS), 243 RUN_DEV(PLANEX2, GWUSMICRON), 244 RUN_DEV(PLANEX2, RT2870), 245 RUN_DEV(PLANEX2, RT3070), 246 RUN_DEV(QCOM, RT2870), 247 RUN_DEV(QUANTA, RT3070), 248 RUN_DEV(RALINK, RT2070), 249 RUN_DEV(RALINK, RT2770), 250 RUN_DEV(RALINK, RT2870), 251 RUN_DEV(RALINK, RT3070), 252 RUN_DEV(RALINK, RT3071), 253 RUN_DEV(RALINK, RT3072), 254 RUN_DEV(RALINK, RT3370), 255 RUN_DEV(RALINK, RT3572), 256 RUN_DEV(RALINK, RT8070), 257 RUN_DEV(SAMSUNG, WIS09ABGN), 258 RUN_DEV(SAMSUNG2, RT2870_1), 259 RUN_DEV(SENAO, RT2870_1), 260 RUN_DEV(SENAO, RT2870_2), 261 RUN_DEV(SENAO, RT2870_3), 262 RUN_DEV(SENAO, RT2870_4), 263 RUN_DEV(SENAO, RT3070), 264 RUN_DEV(SENAO, RT3071), 265 RUN_DEV(SENAO, RT3072_1), 266 RUN_DEV(SENAO, RT3072_2), 267 RUN_DEV(SENAO, RT3072_3), 268 RUN_DEV(SENAO, RT3072_4), 269 RUN_DEV(SENAO, RT3072_5), 270 RUN_DEV(SITECOMEU, RT2770), 271 RUN_DEV(SITECOMEU, RT2870_1), 272 RUN_DEV(SITECOMEU, RT2870_2), 273 RUN_DEV(SITECOMEU, RT2870_3), 274 RUN_DEV(SITECOMEU, RT2870_4), 275 RUN_DEV(SITECOMEU, RT3070), 276 RUN_DEV(SITECOMEU, RT3070_2), 277 RUN_DEV(SITECOMEU, RT3070_3), 278 RUN_DEV(SITECOMEU, RT3070_4), 279 RUN_DEV(SITECOMEU, RT3071), 280 RUN_DEV(SITECOMEU, RT3072_1), 281 RUN_DEV(SITECOMEU, RT3072_2), 282 RUN_DEV(SITECOMEU, RT3072_3), 283 RUN_DEV(SITECOMEU, RT3072_4), 284 RUN_DEV(SITECOMEU, RT3072_5), 285 RUN_DEV(SITECOMEU, RT3072_6), 286 RUN_DEV(SITECOMEU, WL608), 287 RUN_DEV(SPARKLAN, RT2870_1), 288 RUN_DEV(SPARKLAN, RT3070), 289 RUN_DEV(SWEEX2, LW153), 290 RUN_DEV(SWEEX2, LW303), 291 RUN_DEV(SWEEX2, LW313), 292 RUN_DEV(TOSHIBA, RT3070), 293 RUN_DEV(UMEDIA, RT2870_1), 294 RUN_DEV(ZCOM, RT2870_1), 295 RUN_DEV(ZCOM, RT2870_2), 296 RUN_DEV(ZINWELL, RT2870_1), 297 RUN_DEV(ZINWELL, RT2870_2), 298 RUN_DEV(ZINWELL, RT3070), 299 RUN_DEV(ZINWELL, RT3072_1), 300 RUN_DEV(ZINWELL, RT3072_2), 301 RUN_DEV(ZYXEL, RT2870_1), 302 RUN_DEV(ZYXEL, RT2870_2), 303 #undef RUN_DEV 304 }; 305 306 static device_probe_t run_match; 307 static device_attach_t run_attach; 308 static device_detach_t run_detach; 309 310 static usb_callback_t run_bulk_rx_callback; 311 static usb_callback_t run_bulk_tx_callback0; 312 static usb_callback_t run_bulk_tx_callback1; 313 static usb_callback_t run_bulk_tx_callback2; 314 static usb_callback_t run_bulk_tx_callback3; 315 static usb_callback_t run_bulk_tx_callback4; 316 static usb_callback_t run_bulk_tx_callback5; 317 318 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 319 usb_error_t error, unsigned int index); 320 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 321 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 322 const uint8_t [IEEE80211_ADDR_LEN], 323 const uint8_t [IEEE80211_ADDR_LEN]); 324 static void run_vap_delete(struct ieee80211vap *); 325 static void run_cmdq_cb(void *, int); 326 static void run_setup_tx_list(struct run_softc *, 327 struct run_endpoint_queue *); 328 static void run_unsetup_tx_list(struct run_softc *, 329 struct run_endpoint_queue *); 330 static int run_load_microcode(struct run_softc *); 331 static int run_reset(struct run_softc *); 332 static usb_error_t run_do_request(struct run_softc *, 333 struct usb_device_request *, void *); 334 static int run_read(struct run_softc *, uint16_t, uint32_t *); 335 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 336 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 337 static int run_write(struct run_softc *, uint16_t, uint32_t); 338 static int run_write_region_1(struct run_softc *, uint16_t, 339 const uint8_t *, int); 340 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 341 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 342 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 343 static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 344 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 345 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 346 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 347 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 348 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 349 static const char *run_get_rf(int); 350 static int run_read_eeprom(struct run_softc *); 351 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 352 const uint8_t mac[IEEE80211_ADDR_LEN]); 353 static int run_media_change(struct ifnet *); 354 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 355 static int run_wme_update(struct ieee80211com *); 356 static void run_wme_update_cb(void *); 357 static void run_key_update_begin(struct ieee80211vap *); 358 static void run_key_update_end(struct ieee80211vap *); 359 static void run_key_set_cb(void *); 360 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 361 const uint8_t mac[IEEE80211_ADDR_LEN]); 362 static void run_key_delete_cb(void *); 363 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 364 static void run_ratectl_to(void *); 365 static void run_ratectl_cb(void *, int); 366 static void run_drain_fifo(void *); 367 static void run_iter_func(void *, struct ieee80211_node *); 368 static void run_newassoc_cb(void *); 369 static void run_newassoc(struct ieee80211_node *, int); 370 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 371 static void run_tx_free(struct run_endpoint_queue *pq, 372 struct run_tx_data *, int); 373 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 374 static int run_tx(struct run_softc *, struct mbuf *, 375 struct ieee80211_node *); 376 static int run_tx_mgt(struct run_softc *, struct mbuf *, 377 struct ieee80211_node *); 378 static int run_sendprot(struct run_softc *, const struct mbuf *, 379 struct ieee80211_node *, int, int); 380 static int run_tx_param(struct run_softc *, struct mbuf *, 381 struct ieee80211_node *, 382 const struct ieee80211_bpf_params *); 383 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 384 const struct ieee80211_bpf_params *); 385 static void run_start(struct ifnet *); 386 static int run_ioctl(struct ifnet *, u_long, caddr_t); 387 static void run_set_agc(struct run_softc *, uint8_t); 388 static void run_select_chan_group(struct run_softc *, int); 389 static void run_set_rx_antenna(struct run_softc *, int); 390 static void run_rt2870_set_chan(struct run_softc *, u_int); 391 static void run_rt3070_set_chan(struct run_softc *, u_int); 392 static void run_rt3572_set_chan(struct run_softc *, u_int); 393 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 394 static void run_set_channel(struct ieee80211com *); 395 static void run_scan_start(struct ieee80211com *); 396 static void run_scan_end(struct ieee80211com *); 397 static void run_update_beacon(struct ieee80211vap *, int); 398 static void run_update_beacon_cb(void *); 399 static void run_updateprot(struct ieee80211com *); 400 static void run_updateprot_cb(void *); 401 static void run_usb_timeout_cb(void *); 402 static void run_reset_livelock(struct run_softc *); 403 static void run_enable_tsf_sync(struct run_softc *); 404 static void run_enable_mrr(struct run_softc *); 405 static void run_set_txpreamble(struct run_softc *); 406 static void run_set_basicrates(struct run_softc *); 407 static void run_set_leds(struct run_softc *, uint16_t); 408 static void run_set_bssid(struct run_softc *, const uint8_t *); 409 static void run_set_macaddr(struct run_softc *, const uint8_t *); 410 static void run_updateslot(struct ifnet *); 411 static void run_updateslot_cb(void *); 412 static void run_update_mcast(struct ifnet *); 413 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 414 static void run_update_promisc_locked(struct ifnet *); 415 static void run_update_promisc(struct ifnet *); 416 static int run_bbp_init(struct run_softc *); 417 static int run_rt3070_rf_init(struct run_softc *); 418 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 419 uint8_t *); 420 static void run_rt3070_rf_setup(struct run_softc *); 421 static int run_txrx_enable(struct run_softc *); 422 static void run_init(void *); 423 static void run_init_locked(struct run_softc *); 424 static void run_stop(void *); 425 static void run_delay(struct run_softc *, unsigned int); 426 427 static const struct { 428 uint16_t reg; 429 uint32_t val; 430 } rt2870_def_mac[] = { 431 RT2870_DEF_MAC 432 }; 433 434 static const struct { 435 uint8_t reg; 436 uint8_t val; 437 } rt2860_def_bbp[] = { 438 RT2860_DEF_BBP 439 }; 440 441 static const struct rfprog { 442 uint8_t chan; 443 uint32_t r1, r2, r3, r4; 444 } rt2860_rf2850[] = { 445 RT2860_RF2850 446 }; 447 448 struct { 449 uint8_t n, r, k; 450 } rt3070_freqs[] = { 451 RT3070_RF3052 452 }; 453 454 static const struct { 455 uint8_t reg; 456 uint8_t val; 457 } rt3070_def_rf[] = { 458 RT3070_DEF_RF 459 },rt3572_def_rf[] = { 460 RT3572_DEF_RF 461 }; 462 463 static const struct usb_config run_config[RUN_N_XFER] = { 464 [RUN_BULK_TX_BE] = { 465 .type = UE_BULK, 466 .endpoint = UE_ADDR_ANY, 467 .ep_index = 0, 468 .direction = UE_DIR_OUT, 469 .bufsize = RUN_MAX_TXSZ, 470 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 471 .callback = run_bulk_tx_callback0, 472 .timeout = 5000, /* ms */ 473 }, 474 [RUN_BULK_TX_BK] = { 475 .type = UE_BULK, 476 .endpoint = UE_ADDR_ANY, 477 .direction = UE_DIR_OUT, 478 .ep_index = 1, 479 .bufsize = RUN_MAX_TXSZ, 480 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 481 .callback = run_bulk_tx_callback1, 482 .timeout = 5000, /* ms */ 483 }, 484 [RUN_BULK_TX_VI] = { 485 .type = UE_BULK, 486 .endpoint = UE_ADDR_ANY, 487 .direction = UE_DIR_OUT, 488 .ep_index = 2, 489 .bufsize = RUN_MAX_TXSZ, 490 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 491 .callback = run_bulk_tx_callback2, 492 .timeout = 5000, /* ms */ 493 }, 494 [RUN_BULK_TX_VO] = { 495 .type = UE_BULK, 496 .endpoint = UE_ADDR_ANY, 497 .direction = UE_DIR_OUT, 498 .ep_index = 3, 499 .bufsize = RUN_MAX_TXSZ, 500 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 501 .callback = run_bulk_tx_callback3, 502 .timeout = 5000, /* ms */ 503 }, 504 [RUN_BULK_TX_HCCA] = { 505 .type = UE_BULK, 506 .endpoint = UE_ADDR_ANY, 507 .direction = UE_DIR_OUT, 508 .ep_index = 4, 509 .bufsize = RUN_MAX_TXSZ, 510 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 511 .callback = run_bulk_tx_callback4, 512 .timeout = 5000, /* ms */ 513 }, 514 [RUN_BULK_TX_PRIO] = { 515 .type = UE_BULK, 516 .endpoint = UE_ADDR_ANY, 517 .direction = UE_DIR_OUT, 518 .ep_index = 5, 519 .bufsize = RUN_MAX_TXSZ, 520 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 521 .callback = run_bulk_tx_callback5, 522 .timeout = 5000, /* ms */ 523 }, 524 [RUN_BULK_RX] = { 525 .type = UE_BULK, 526 .endpoint = UE_ADDR_ANY, 527 .direction = UE_DIR_IN, 528 .bufsize = RUN_MAX_RXSZ, 529 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 530 .callback = run_bulk_rx_callback, 531 } 532 }; 533 534 static int 535 run_match(device_t self) 536 { 537 struct usb_attach_arg *uaa = device_get_ivars(self); 538 539 if (uaa->usb_mode != USB_MODE_HOST) 540 return (ENXIO); 541 if (uaa->info.bConfigIndex != 0) 542 return (ENXIO); 543 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 544 return (ENXIO); 545 546 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 547 } 548 549 static int 550 run_attach(device_t self) 551 { 552 struct run_softc *sc = device_get_softc(self); 553 struct usb_attach_arg *uaa = device_get_ivars(self); 554 struct ieee80211com *ic; 555 struct ifnet *ifp; 556 uint32_t ver; 557 int i, ntries, error; 558 uint8_t iface_index, bands; 559 560 device_set_usb_desc(self); 561 sc->sc_udev = uaa->device; 562 sc->sc_dev = self; 563 564 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 565 MTX_NETWORK_LOCK, MTX_DEF); 566 567 iface_index = RT2860_IFACE_INDEX; 568 569 error = usbd_transfer_setup(uaa->device, &iface_index, 570 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 571 if (error) { 572 device_printf(self, "could not allocate USB transfers, " 573 "err=%s\n", usbd_errstr(error)); 574 goto detach; 575 } 576 577 RUN_LOCK(sc); 578 579 /* wait for the chip to settle */ 580 for (ntries = 0; ntries < 100; ntries++) { 581 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 582 RUN_UNLOCK(sc); 583 goto detach; 584 } 585 if (ver != 0 && ver != 0xffffffff) 586 break; 587 run_delay(sc, 10); 588 } 589 if (ntries == 100) { 590 device_printf(sc->sc_dev, 591 "timeout waiting for NIC to initialize\n"); 592 RUN_UNLOCK(sc); 593 goto detach; 594 } 595 sc->mac_ver = ver >> 16; 596 sc->mac_rev = ver & 0xffff; 597 598 /* retrieve RF rev. no and various other things from EEPROM */ 599 run_read_eeprom(sc); 600 601 device_printf(sc->sc_dev, 602 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 603 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 604 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 605 606 RUN_UNLOCK(sc); 607 608 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 609 if (ifp == NULL) { 610 device_printf(sc->sc_dev, "can not if_alloc()\n"); 611 goto detach; 612 } 613 ic = ifp->if_l2com; 614 615 ifp->if_softc = sc; 616 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 617 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 618 ifp->if_init = run_init; 619 ifp->if_ioctl = run_ioctl; 620 ifp->if_start = run_start; 621 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 622 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 623 IFQ_SET_READY(&ifp->if_snd); 624 625 ic->ic_ifp = ifp; 626 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 627 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 628 629 /* set device capabilities */ 630 ic->ic_caps = 631 IEEE80211_C_STA | /* station mode supported */ 632 IEEE80211_C_MONITOR | /* monitor mode supported */ 633 IEEE80211_C_IBSS | 634 IEEE80211_C_HOSTAP | 635 IEEE80211_C_WDS | /* 4-address traffic works */ 636 IEEE80211_C_MBSS | 637 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 638 IEEE80211_C_SHSLOT | /* short slot time supported */ 639 IEEE80211_C_WME | /* WME */ 640 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 641 642 ic->ic_cryptocaps = 643 IEEE80211_CRYPTO_WEP | 644 IEEE80211_CRYPTO_AES_CCM | 645 IEEE80211_CRYPTO_TKIPMIC | 646 IEEE80211_CRYPTO_TKIP; 647 648 ic->ic_flags |= IEEE80211_F_DATAPAD; 649 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 650 651 bands = 0; 652 setbit(&bands, IEEE80211_MODE_11B); 653 setbit(&bands, IEEE80211_MODE_11G); 654 ieee80211_init_channels(ic, NULL, &bands); 655 656 /* 657 * Do this by own because h/w supports 658 * more channels than ieee80211_init_channels() 659 */ 660 if (sc->rf_rev == RT2860_RF_2750 || 661 sc->rf_rev == RT2860_RF_2850 || 662 sc->rf_rev == RT3070_RF_3052) { 663 /* set supported .11a rates */ 664 for (i = 14; i < N(rt2860_rf2850); i++) { 665 uint8_t chan = rt2860_rf2850[i].chan; 666 ic->ic_channels[ic->ic_nchans].ic_freq = 667 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 668 ic->ic_channels[ic->ic_nchans].ic_ieee = chan; 669 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A; 670 ic->ic_channels[ic->ic_nchans].ic_extieee = 0; 671 ic->ic_nchans++; 672 } 673 } 674 675 ieee80211_ifattach(ic, sc->sc_bssid); 676 677 ic->ic_scan_start = run_scan_start; 678 ic->ic_scan_end = run_scan_end; 679 ic->ic_set_channel = run_set_channel; 680 ic->ic_node_alloc = run_node_alloc; 681 ic->ic_newassoc = run_newassoc; 682 ic->ic_updateslot = run_updateslot; 683 ic->ic_update_mcast = run_update_mcast; 684 ic->ic_wme.wme_update = run_wme_update; 685 ic->ic_raw_xmit = run_raw_xmit; 686 ic->ic_update_promisc = run_update_promisc; 687 688 ic->ic_vap_create = run_vap_create; 689 ic->ic_vap_delete = run_vap_delete; 690 691 ieee80211_radiotap_attach(ic, 692 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 693 RUN_TX_RADIOTAP_PRESENT, 694 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 695 RUN_RX_RADIOTAP_PRESENT); 696 697 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 698 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 699 callout_init((struct callout *)&sc->ratectl_ch, 1); 700 701 if (bootverbose) 702 ieee80211_announce(ic); 703 704 return (0); 705 706 detach: 707 run_detach(self); 708 return (ENXIO); 709 } 710 711 static int 712 run_detach(device_t self) 713 { 714 struct run_softc *sc = device_get_softc(self); 715 struct ifnet *ifp = sc->sc_ifp; 716 struct ieee80211com *ic; 717 int i; 718 719 RUN_LOCK(sc); 720 sc->sc_detached = 1; 721 RUN_UNLOCK(sc); 722 723 /* stop all USB transfers */ 724 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 725 726 RUN_LOCK(sc); 727 sc->ratectl_run = RUN_RATECTL_OFF; 728 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 729 730 /* free TX list, if any */ 731 for (i = 0; i != RUN_EP_QUEUES; i++) 732 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 733 RUN_UNLOCK(sc); 734 735 if (ifp) { 736 ic = ifp->if_l2com; 737 /* drain tasks */ 738 usb_callout_drain(&sc->ratectl_ch); 739 ieee80211_draintask(ic, &sc->cmdq_task); 740 ieee80211_draintask(ic, &sc->ratectl_task); 741 ieee80211_ifdetach(ic); 742 if_free(ifp); 743 } 744 745 mtx_destroy(&sc->sc_mtx); 746 747 return (0); 748 } 749 750 static struct ieee80211vap * 751 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 752 enum ieee80211_opmode opmode, int flags, 753 const uint8_t bssid[IEEE80211_ADDR_LEN], 754 const uint8_t mac[IEEE80211_ADDR_LEN]) 755 { 756 struct ifnet *ifp = ic->ic_ifp; 757 struct run_softc *sc = ifp->if_softc; 758 struct run_vap *rvp; 759 struct ieee80211vap *vap; 760 int i; 761 762 if (sc->rvp_cnt >= RUN_VAP_MAX) { 763 if_printf(ifp, "number of VAPs maxed out\n"); 764 return (NULL); 765 } 766 767 switch (opmode) { 768 case IEEE80211_M_STA: 769 /* enable s/w bmiss handling for sta mode */ 770 flags |= IEEE80211_CLONE_NOBEACONS; 771 /* fall though */ 772 case IEEE80211_M_IBSS: 773 case IEEE80211_M_MONITOR: 774 case IEEE80211_M_HOSTAP: 775 case IEEE80211_M_MBSS: 776 /* other than WDS vaps, only one at a time */ 777 if (!TAILQ_EMPTY(&ic->ic_vaps)) 778 return (NULL); 779 break; 780 case IEEE80211_M_WDS: 781 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 782 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 783 continue; 784 /* WDS vap's always share the local mac address. */ 785 flags &= ~IEEE80211_CLONE_BSSID; 786 break; 787 } 788 if (vap == NULL) { 789 if_printf(ifp, "wds only supported in ap mode\n"); 790 return (NULL); 791 } 792 break; 793 default: 794 if_printf(ifp, "unknown opmode %d\n", opmode); 795 return (NULL); 796 } 797 798 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 799 M_80211_VAP, M_NOWAIT | M_ZERO); 800 if (rvp == NULL) 801 return (NULL); 802 vap = &rvp->vap; 803 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 804 805 vap->iv_key_update_begin = run_key_update_begin; 806 vap->iv_key_update_end = run_key_update_end; 807 vap->iv_update_beacon = run_update_beacon; 808 vap->iv_max_aid = RT2870_WCID_MAX; 809 /* 810 * To delete the right key from h/w, we need wcid. 811 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 812 * and matching wcid will be written into there. So, cast 813 * some spells to remove 'const' from ieee80211_key{} 814 */ 815 vap->iv_key_delete = (void *)run_key_delete; 816 vap->iv_key_set = (void *)run_key_set; 817 818 /* override state transition machine */ 819 rvp->newstate = vap->iv_newstate; 820 vap->iv_newstate = run_newstate; 821 822 ieee80211_ratectl_init(vap); 823 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 824 825 /* complete setup */ 826 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 827 828 /* make sure id is always unique */ 829 for (i = 0; i < RUN_VAP_MAX; i++) { 830 if((sc->rvp_bmap & 1 << i) == 0){ 831 sc->rvp_bmap |= 1 << i; 832 rvp->rvp_id = i; 833 break; 834 } 835 } 836 if (sc->rvp_cnt++ == 0) 837 ic->ic_opmode = opmode; 838 839 if (opmode == IEEE80211_M_HOSTAP) 840 sc->cmdq_run = RUN_CMDQ_GO; 841 842 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 843 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 844 845 return (vap); 846 } 847 848 static void 849 run_vap_delete(struct ieee80211vap *vap) 850 { 851 struct run_vap *rvp = RUN_VAP(vap); 852 struct ifnet *ifp; 853 struct ieee80211com *ic; 854 struct run_softc *sc; 855 uint8_t rvp_id; 856 857 if (vap == NULL) 858 return; 859 860 ic = vap->iv_ic; 861 ifp = ic->ic_ifp; 862 863 sc = ifp->if_softc; 864 865 RUN_LOCK(sc); 866 867 m_freem(rvp->beacon_mbuf); 868 rvp->beacon_mbuf = NULL; 869 870 rvp_id = rvp->rvp_id; 871 sc->ratectl_run &= ~(1 << rvp_id); 872 sc->rvp_bmap &= ~(1 << rvp_id); 873 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 874 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 875 --sc->rvp_cnt; 876 877 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 878 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 879 880 RUN_UNLOCK(sc); 881 882 ieee80211_ratectl_deinit(vap); 883 ieee80211_vap_detach(vap); 884 free(rvp, M_80211_VAP); 885 } 886 887 /* 888 * There are numbers of functions need to be called in context thread. 889 * Rather than creating taskqueue event for each of those functions, 890 * here is all-for-one taskqueue callback function. This function 891 * gurantees deferred functions are executed in the same order they 892 * were enqueued. 893 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 894 */ 895 static void 896 run_cmdq_cb(void *arg, int pending) 897 { 898 struct run_softc *sc = arg; 899 uint8_t i; 900 901 /* call cmdq[].func locked */ 902 RUN_LOCK(sc); 903 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 904 i = sc->cmdq_exec, pending--) { 905 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 906 if (sc->cmdq_run == RUN_CMDQ_GO) { 907 /* 908 * If arg0 is NULL, callback func needs more 909 * than one arg. So, pass ptr to cmdq struct. 910 */ 911 if (sc->cmdq[i].arg0) 912 sc->cmdq[i].func(sc->cmdq[i].arg0); 913 else 914 sc->cmdq[i].func(&sc->cmdq[i]); 915 } 916 sc->cmdq[i].arg0 = NULL; 917 sc->cmdq[i].func = NULL; 918 sc->cmdq_exec++; 919 sc->cmdq_exec &= RUN_CMDQ_MASQ; 920 } 921 RUN_UNLOCK(sc); 922 } 923 924 static void 925 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 926 { 927 struct run_tx_data *data; 928 929 memset(pq, 0, sizeof(*pq)); 930 931 STAILQ_INIT(&pq->tx_qh); 932 STAILQ_INIT(&pq->tx_fh); 933 934 for (data = &pq->tx_data[0]; 935 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 936 data->sc = sc; 937 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 938 } 939 pq->tx_nfree = RUN_TX_RING_COUNT; 940 } 941 942 static void 943 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 944 { 945 struct run_tx_data *data; 946 947 /* make sure any subsequent use of the queues will fail */ 948 pq->tx_nfree = 0; 949 STAILQ_INIT(&pq->tx_fh); 950 STAILQ_INIT(&pq->tx_qh); 951 952 /* free up all node references and mbufs */ 953 for (data = &pq->tx_data[0]; 954 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 955 if (data->m != NULL) { 956 m_freem(data->m); 957 data->m = NULL; 958 } 959 if (data->ni != NULL) { 960 ieee80211_free_node(data->ni); 961 data->ni = NULL; 962 } 963 } 964 } 965 966 static int 967 run_load_microcode(struct run_softc *sc) 968 { 969 usb_device_request_t req; 970 const struct firmware *fw; 971 const u_char *base; 972 uint32_t tmp; 973 int ntries, error; 974 const uint64_t *temp; 975 uint64_t bytes; 976 977 RUN_UNLOCK(sc); 978 fw = firmware_get("runfw"); 979 RUN_LOCK(sc); 980 if (fw == NULL) { 981 device_printf(sc->sc_dev, 982 "failed loadfirmware of file %s\n", "runfw"); 983 return ENOENT; 984 } 985 986 if (fw->datasize != 8192) { 987 device_printf(sc->sc_dev, 988 "invalid firmware size (should be 8KB)\n"); 989 error = EINVAL; 990 goto fail; 991 } 992 993 /* 994 * RT3071/RT3072 use a different firmware 995 * run-rt2870 (8KB) contains both, 996 * first half (4KB) is for rt2870, 997 * last half is for rt3071. 998 */ 999 base = fw->data; 1000 if ((sc->mac_ver) != 0x2860 && 1001 (sc->mac_ver) != 0x2872 && 1002 (sc->mac_ver) != 0x3070) { 1003 base += 4096; 1004 } 1005 1006 /* cheap sanity check */ 1007 temp = fw->data; 1008 bytes = *temp; 1009 if (bytes != be64toh(0xffffff0210280210)) { 1010 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1011 error = EINVAL; 1012 goto fail; 1013 } 1014 1015 run_read(sc, RT2860_ASIC_VER_ID, &tmp); 1016 /* write microcode image */ 1017 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1018 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1019 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1020 1021 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1022 req.bRequest = RT2870_RESET; 1023 USETW(req.wValue, 8); 1024 USETW(req.wIndex, 0); 1025 USETW(req.wLength, 0); 1026 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1027 != 0) { 1028 device_printf(sc->sc_dev, "firmware reset failed\n"); 1029 goto fail; 1030 } 1031 1032 run_delay(sc, 10); 1033 1034 run_write(sc, RT2860_H2M_MAILBOX, 0); 1035 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1036 goto fail; 1037 1038 /* wait until microcontroller is ready */ 1039 for (ntries = 0; ntries < 1000; ntries++) { 1040 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1041 goto fail; 1042 } 1043 if (tmp & RT2860_MCU_READY) 1044 break; 1045 run_delay(sc, 10); 1046 } 1047 if (ntries == 1000) { 1048 device_printf(sc->sc_dev, 1049 "timeout waiting for MCU to initialize\n"); 1050 error = ETIMEDOUT; 1051 goto fail; 1052 } 1053 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1054 (base == fw->data) ? "RT2870" : "RT3071", 1055 *(base + 4092), *(base + 4093)); 1056 1057 fail: 1058 firmware_put(fw, FIRMWARE_UNLOAD); 1059 return (error); 1060 } 1061 1062 int 1063 run_reset(struct run_softc *sc) 1064 { 1065 usb_device_request_t req; 1066 1067 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1068 req.bRequest = RT2870_RESET; 1069 USETW(req.wValue, 1); 1070 USETW(req.wIndex, 0); 1071 USETW(req.wLength, 0); 1072 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1073 } 1074 1075 static usb_error_t 1076 run_do_request(struct run_softc *sc, 1077 struct usb_device_request *req, void *data) 1078 { 1079 usb_error_t err; 1080 int ntries = 10; 1081 1082 RUN_LOCK_ASSERT(sc, MA_OWNED); 1083 1084 while (ntries--) { 1085 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1086 req, data, 0, NULL, 250 /* ms */); 1087 if (err == 0) 1088 break; 1089 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1090 usbd_errstr(err)); 1091 run_delay(sc, 10); 1092 } 1093 return (err); 1094 } 1095 1096 static int 1097 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1098 { 1099 uint32_t tmp; 1100 int error; 1101 1102 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1103 if (error == 0) 1104 *val = le32toh(tmp); 1105 else 1106 *val = 0xffffffff; 1107 return (error); 1108 } 1109 1110 static int 1111 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1112 { 1113 usb_device_request_t req; 1114 1115 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1116 req.bRequest = RT2870_READ_REGION_1; 1117 USETW(req.wValue, 0); 1118 USETW(req.wIndex, reg); 1119 USETW(req.wLength, len); 1120 1121 return (run_do_request(sc, &req, buf)); 1122 } 1123 1124 static int 1125 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1126 { 1127 usb_device_request_t req; 1128 1129 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1130 req.bRequest = RT2870_WRITE_2; 1131 USETW(req.wValue, val); 1132 USETW(req.wIndex, reg); 1133 USETW(req.wLength, 0); 1134 1135 return (run_do_request(sc, &req, NULL)); 1136 } 1137 1138 static int 1139 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1140 { 1141 int error; 1142 1143 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1144 error = run_write_2(sc, reg + 2, val >> 16); 1145 return (error); 1146 } 1147 1148 static int 1149 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1150 int len) 1151 { 1152 #if 1 1153 int i, error = 0; 1154 /* 1155 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1156 * We thus issue multiple WRITE_2 commands instead. 1157 */ 1158 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1159 for (i = 0; i < len && error == 0; i += 2) 1160 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1161 return (error); 1162 #else 1163 usb_device_request_t req; 1164 1165 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1166 req.bRequest = RT2870_WRITE_REGION_1; 1167 USETW(req.wValue, 0); 1168 USETW(req.wIndex, reg); 1169 USETW(req.wLength, len); 1170 return (run_do_request(sc, &req, buf)); 1171 #endif 1172 } 1173 1174 static int 1175 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1176 { 1177 int i, error = 0; 1178 1179 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1180 for (i = 0; i < len && error == 0; i += 4) 1181 error = run_write(sc, reg + i, val); 1182 return (error); 1183 } 1184 1185 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1186 static int 1187 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1188 { 1189 uint32_t tmp; 1190 uint16_t reg; 1191 int error, ntries; 1192 1193 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1194 return (error); 1195 1196 addr *= 2; 1197 /*- 1198 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1199 * DATA0: F E D C 1200 * DATA1: B A 9 8 1201 * DATA2: 7 6 5 4 1202 * DATA3: 3 2 1 0 1203 */ 1204 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1205 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1206 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1207 for (ntries = 0; ntries < 100; ntries++) { 1208 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1209 return (error); 1210 if (!(tmp & RT3070_EFSROM_KICK)) 1211 break; 1212 run_delay(sc, 2); 1213 } 1214 if (ntries == 100) 1215 return (ETIMEDOUT); 1216 1217 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1218 *val = 0xffff; /* address not found */ 1219 return (0); 1220 } 1221 /* determine to which 32-bit register our 16-bit word belongs */ 1222 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1223 if ((error = run_read(sc, reg, &tmp)) != 0) 1224 return (error); 1225 1226 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1227 return (0); 1228 } 1229 1230 static int 1231 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1232 { 1233 usb_device_request_t req; 1234 uint16_t tmp; 1235 int error; 1236 1237 addr *= 2; 1238 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1239 req.bRequest = RT2870_EEPROM_READ; 1240 USETW(req.wValue, 0); 1241 USETW(req.wIndex, addr); 1242 USETW(req.wLength, sizeof tmp); 1243 1244 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1245 if (error == 0) 1246 *val = le16toh(tmp); 1247 else 1248 *val = 0xffff; 1249 return (error); 1250 } 1251 1252 static __inline int 1253 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1254 { 1255 /* either eFUSE ROM or EEPROM */ 1256 return sc->sc_srom_read(sc, addr, val); 1257 } 1258 1259 static int 1260 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 1261 { 1262 uint32_t tmp; 1263 int error, ntries; 1264 1265 for (ntries = 0; ntries < 10; ntries++) { 1266 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1267 return (error); 1268 if (!(tmp & RT2860_RF_REG_CTRL)) 1269 break; 1270 } 1271 if (ntries == 10) 1272 return (ETIMEDOUT); 1273 1274 /* RF registers are 24-bit on the RT2860 */ 1275 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 1276 (val & 0x3fffff) << 2 | (reg & 3); 1277 return (run_write(sc, RT2860_RF_CSR_CFG0, tmp)); 1278 } 1279 1280 static int 1281 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1282 { 1283 uint32_t tmp; 1284 int error, ntries; 1285 1286 for (ntries = 0; ntries < 100; ntries++) { 1287 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1288 return (error); 1289 if (!(tmp & RT3070_RF_KICK)) 1290 break; 1291 } 1292 if (ntries == 100) 1293 return (ETIMEDOUT); 1294 1295 tmp = RT3070_RF_KICK | reg << 8; 1296 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1297 return (error); 1298 1299 for (ntries = 0; ntries < 100; ntries++) { 1300 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1301 return (error); 1302 if (!(tmp & RT3070_RF_KICK)) 1303 break; 1304 } 1305 if (ntries == 100) 1306 return (ETIMEDOUT); 1307 1308 *val = tmp & 0xff; 1309 return (0); 1310 } 1311 1312 static int 1313 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1314 { 1315 uint32_t tmp; 1316 int error, ntries; 1317 1318 for (ntries = 0; ntries < 10; ntries++) { 1319 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1320 return (error); 1321 if (!(tmp & RT3070_RF_KICK)) 1322 break; 1323 } 1324 if (ntries == 10) 1325 return (ETIMEDOUT); 1326 1327 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1328 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1329 } 1330 1331 static int 1332 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1333 { 1334 uint32_t tmp; 1335 int ntries, error; 1336 1337 for (ntries = 0; ntries < 10; ntries++) { 1338 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1339 return (error); 1340 if (!(tmp & RT2860_BBP_CSR_KICK)) 1341 break; 1342 } 1343 if (ntries == 10) 1344 return (ETIMEDOUT); 1345 1346 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1347 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1348 return (error); 1349 1350 for (ntries = 0; ntries < 10; ntries++) { 1351 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1352 return (error); 1353 if (!(tmp & RT2860_BBP_CSR_KICK)) 1354 break; 1355 } 1356 if (ntries == 10) 1357 return (ETIMEDOUT); 1358 1359 *val = tmp & 0xff; 1360 return (0); 1361 } 1362 1363 static int 1364 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1365 { 1366 uint32_t tmp; 1367 int ntries, error; 1368 1369 for (ntries = 0; ntries < 10; ntries++) { 1370 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1371 return (error); 1372 if (!(tmp & RT2860_BBP_CSR_KICK)) 1373 break; 1374 } 1375 if (ntries == 10) 1376 return (ETIMEDOUT); 1377 1378 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1379 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1380 } 1381 1382 /* 1383 * Send a command to the 8051 microcontroller unit. 1384 */ 1385 static int 1386 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1387 { 1388 uint32_t tmp; 1389 int error, ntries; 1390 1391 for (ntries = 0; ntries < 100; ntries++) { 1392 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1393 return error; 1394 if (!(tmp & RT2860_H2M_BUSY)) 1395 break; 1396 } 1397 if (ntries == 100) 1398 return ETIMEDOUT; 1399 1400 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1401 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1402 error = run_write(sc, RT2860_HOST_CMD, cmd); 1403 return (error); 1404 } 1405 1406 /* 1407 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1408 * Used to adjust per-rate Tx power registers. 1409 */ 1410 static __inline uint32_t 1411 b4inc(uint32_t b32, int8_t delta) 1412 { 1413 int8_t i, b4; 1414 1415 for (i = 0; i < 8; i++) { 1416 b4 = b32 & 0xf; 1417 b4 += delta; 1418 if (b4 < 0) 1419 b4 = 0; 1420 else if (b4 > 0xf) 1421 b4 = 0xf; 1422 b32 = b32 >> 4 | b4 << 28; 1423 } 1424 return (b32); 1425 } 1426 1427 static const char * 1428 run_get_rf(int rev) 1429 { 1430 switch (rev) { 1431 case RT2860_RF_2820: return "RT2820"; 1432 case RT2860_RF_2850: return "RT2850"; 1433 case RT2860_RF_2720: return "RT2720"; 1434 case RT2860_RF_2750: return "RT2750"; 1435 case RT3070_RF_3020: return "RT3020"; 1436 case RT3070_RF_2020: return "RT2020"; 1437 case RT3070_RF_3021: return "RT3021"; 1438 case RT3070_RF_3022: return "RT3022"; 1439 case RT3070_RF_3052: return "RT3052"; 1440 } 1441 return ("unknown"); 1442 } 1443 1444 int 1445 run_read_eeprom(struct run_softc *sc) 1446 { 1447 int8_t delta_2ghz, delta_5ghz; 1448 uint32_t tmp; 1449 uint16_t val; 1450 int ridx, ant, i; 1451 1452 /* check whether the ROM is eFUSE ROM or EEPROM */ 1453 sc->sc_srom_read = run_eeprom_read_2; 1454 if (sc->mac_ver >= 0x3070) { 1455 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1456 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1457 if (tmp & RT3070_SEL_EFUSE) 1458 sc->sc_srom_read = run_efuse_read_2; 1459 } 1460 1461 /* read ROM version */ 1462 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1463 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1464 1465 /* read MAC address */ 1466 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1467 sc->sc_bssid[0] = val & 0xff; 1468 sc->sc_bssid[1] = val >> 8; 1469 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1470 sc->sc_bssid[2] = val & 0xff; 1471 sc->sc_bssid[3] = val >> 8; 1472 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1473 sc->sc_bssid[4] = val & 0xff; 1474 sc->sc_bssid[5] = val >> 8; 1475 1476 /* read vender BBP settings */ 1477 for (i = 0; i < 10; i++) { 1478 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1479 sc->bbp[i].val = val & 0xff; 1480 sc->bbp[i].reg = val >> 8; 1481 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1482 } 1483 if (sc->mac_ver >= 0x3071) { 1484 /* read vendor RF settings */ 1485 for (i = 0; i < 10; i++) { 1486 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val); 1487 sc->rf[i].val = val & 0xff; 1488 sc->rf[i].reg = val >> 8; 1489 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1490 sc->rf[i].val); 1491 } 1492 } 1493 1494 /* read RF frequency offset from EEPROM */ 1495 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1496 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1497 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1498 1499 if (val >> 8 != 0xff) { 1500 /* read LEDs operating mode */ 1501 sc->leds = val >> 8; 1502 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1503 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1504 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1505 } else { 1506 /* broken EEPROM, use default settings */ 1507 sc->leds = 0x01; 1508 sc->led[0] = 0x5555; 1509 sc->led[1] = 0x2221; 1510 sc->led[2] = 0x5627; /* differs from RT2860 */ 1511 } 1512 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1513 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1514 1515 /* read RF information */ 1516 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1517 if (val == 0xffff) { 1518 DPRINTF("invalid EEPROM antenna info, using default\n"); 1519 if (sc->mac_ver == 0x3572) { 1520 /* default to RF3052 2T2R */ 1521 sc->rf_rev = RT3070_RF_3052; 1522 sc->ntxchains = 2; 1523 sc->nrxchains = 2; 1524 } else if (sc->mac_ver >= 0x3070) { 1525 /* default to RF3020 1T1R */ 1526 sc->rf_rev = RT3070_RF_3020; 1527 sc->ntxchains = 1; 1528 sc->nrxchains = 1; 1529 } else { 1530 /* default to RF2820 1T2R */ 1531 sc->rf_rev = RT2860_RF_2820; 1532 sc->ntxchains = 1; 1533 sc->nrxchains = 2; 1534 } 1535 } else { 1536 sc->rf_rev = (val >> 8) & 0xf; 1537 sc->ntxchains = (val >> 4) & 0xf; 1538 sc->nrxchains = val & 0xf; 1539 } 1540 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1541 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1542 1543 /* check if RF supports automatic Tx access gain control */ 1544 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1545 DPRINTF("EEPROM CFG 0x%04x\n", val); 1546 /* check if driver should patch the DAC issue */ 1547 if ((val >> 8) != 0xff) 1548 sc->patch_dac = (val >> 15) & 1; 1549 if ((val & 0xff) != 0xff) { 1550 sc->ext_5ghz_lna = (val >> 3) & 1; 1551 sc->ext_2ghz_lna = (val >> 2) & 1; 1552 /* check if RF supports automatic Tx access gain control */ 1553 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1554 /* check if we have a hardware radio switch */ 1555 sc->rfswitch = val & 1; 1556 } 1557 1558 /* read power settings for 2GHz channels */ 1559 for (i = 0; i < 14; i += 2) { 1560 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1561 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1562 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1563 1564 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1565 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1566 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1567 } 1568 /* fix broken Tx power entries */ 1569 for (i = 0; i < 14; i++) { 1570 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1571 sc->txpow1[i] = 5; 1572 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1573 sc->txpow2[i] = 5; 1574 DPRINTF("chan %d: power1=%d, power2=%d\n", 1575 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1576 } 1577 /* read power settings for 5GHz channels */ 1578 for (i = 0; i < 40; i += 2) { 1579 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1580 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1581 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1582 1583 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1584 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1585 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1586 } 1587 /* fix broken Tx power entries */ 1588 for (i = 0; i < 40; i++) { 1589 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1590 sc->txpow1[14 + i] = 5; 1591 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1592 sc->txpow2[14 + i] = 5; 1593 DPRINTF("chan %d: power1=%d, power2=%d\n", 1594 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1595 sc->txpow2[14 + i]); 1596 } 1597 1598 /* read Tx power compensation for each Tx rate */ 1599 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1600 delta_2ghz = delta_5ghz = 0; 1601 if ((val & 0xff) != 0xff && (val & 0x80)) { 1602 delta_2ghz = val & 0xf; 1603 if (!(val & 0x40)) /* negative number */ 1604 delta_2ghz = -delta_2ghz; 1605 } 1606 val >>= 8; 1607 if ((val & 0xff) != 0xff && (val & 0x80)) { 1608 delta_5ghz = val & 0xf; 1609 if (!(val & 0x40)) /* negative number */ 1610 delta_5ghz = -delta_5ghz; 1611 } 1612 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1613 delta_2ghz, delta_5ghz); 1614 1615 for (ridx = 0; ridx < 5; ridx++) { 1616 uint32_t reg; 1617 1618 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1619 reg = val; 1620 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1621 reg |= (uint32_t)val << 16; 1622 1623 sc->txpow20mhz[ridx] = reg; 1624 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1625 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1626 1627 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1628 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1629 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1630 } 1631 1632 /* read RSSI offsets and LNA gains from EEPROM */ 1633 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1634 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1635 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1636 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1637 if (sc->mac_ver >= 0x3070) { 1638 /* 1639 * On RT3070 chips (limited to 2 Rx chains), this ROM 1640 * field contains the Tx mixer gain for the 2GHz band. 1641 */ 1642 if ((val & 0xff) != 0xff) 1643 sc->txmixgain_2ghz = val & 0x7; 1644 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1645 } else 1646 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1647 sc->lna[2] = val >> 8; /* channel group 2 */ 1648 1649 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1650 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1651 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1652 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1653 if (sc->mac_ver == 0x3572) { 1654 /* 1655 * On RT3572 chips (limited to 2 Rx chains), this ROM 1656 * field contains the Tx mixer gain for the 5GHz band. 1657 */ 1658 if ((val & 0xff) != 0xff) 1659 sc->txmixgain_5ghz = val & 0x7; 1660 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1661 } else 1662 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1663 sc->lna[3] = val >> 8; /* channel group 3 */ 1664 1665 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1666 sc->lna[0] = val & 0xff; /* channel group 0 */ 1667 sc->lna[1] = val >> 8; /* channel group 1 */ 1668 1669 /* fix broken 5GHz LNA entries */ 1670 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1671 DPRINTF("invalid LNA for channel group %d\n", 2); 1672 sc->lna[2] = sc->lna[1]; 1673 } 1674 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1675 DPRINTF("invalid LNA for channel group %d\n", 3); 1676 sc->lna[3] = sc->lna[1]; 1677 } 1678 1679 /* fix broken RSSI offset entries */ 1680 for (ant = 0; ant < 3; ant++) { 1681 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1682 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1683 ant + 1, sc->rssi_2ghz[ant]); 1684 sc->rssi_2ghz[ant] = 0; 1685 } 1686 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1687 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1688 ant + 1, sc->rssi_5ghz[ant]); 1689 sc->rssi_5ghz[ant] = 0; 1690 } 1691 } 1692 return (0); 1693 } 1694 1695 static struct ieee80211_node * 1696 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1697 { 1698 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1699 } 1700 1701 static int 1702 run_media_change(struct ifnet *ifp) 1703 { 1704 struct ieee80211vap *vap = ifp->if_softc; 1705 struct ieee80211com *ic = vap->iv_ic; 1706 const struct ieee80211_txparam *tp; 1707 struct run_softc *sc = ic->ic_ifp->if_softc; 1708 uint8_t rate, ridx; 1709 int error; 1710 1711 RUN_LOCK(sc); 1712 1713 error = ieee80211_media_change(ifp); 1714 if (error != ENETRESET) { 1715 RUN_UNLOCK(sc); 1716 return (error); 1717 } 1718 1719 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1720 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1721 struct ieee80211_node *ni; 1722 struct run_node *rn; 1723 1724 rate = ic->ic_sup_rates[ic->ic_curmode]. 1725 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1726 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1727 if (rt2860_rates[ridx].rate == rate) 1728 break; 1729 ni = ieee80211_ref_node(vap->iv_bss); 1730 rn = (struct run_node *)ni; 1731 rn->fix_ridx = ridx; 1732 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1733 ieee80211_free_node(ni); 1734 } 1735 1736 #if 0 1737 if ((ifp->if_flags & IFF_UP) && 1738 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1739 run_init_locked(sc); 1740 } 1741 #endif 1742 1743 RUN_UNLOCK(sc); 1744 1745 return (0); 1746 } 1747 1748 static int 1749 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1750 { 1751 const struct ieee80211_txparam *tp; 1752 struct ieee80211com *ic = vap->iv_ic; 1753 struct run_softc *sc = ic->ic_ifp->if_softc; 1754 struct run_vap *rvp = RUN_VAP(vap); 1755 enum ieee80211_state ostate; 1756 uint32_t sta[3]; 1757 uint32_t tmp; 1758 uint8_t ratectl; 1759 uint8_t restart_ratectl = 0; 1760 uint8_t bid = 1 << rvp->rvp_id; 1761 1762 ostate = vap->iv_state; 1763 DPRINTF("%s -> %s\n", 1764 ieee80211_state_name[ostate], 1765 ieee80211_state_name[nstate]); 1766 1767 IEEE80211_UNLOCK(ic); 1768 RUN_LOCK(sc); 1769 1770 ratectl = sc->ratectl_run; /* remember current state */ 1771 sc->ratectl_run = RUN_RATECTL_OFF; 1772 usb_callout_stop(&sc->ratectl_ch); 1773 1774 if (ostate == IEEE80211_S_RUN) { 1775 /* turn link LED off */ 1776 run_set_leds(sc, RT2860_LED_RADIO); 1777 } 1778 1779 switch (nstate) { 1780 case IEEE80211_S_INIT: 1781 restart_ratectl = 1; 1782 1783 if (ostate != IEEE80211_S_RUN) 1784 break; 1785 1786 ratectl &= ~bid; 1787 sc->runbmap &= ~bid; 1788 1789 /* abort TSF synchronization if there is no vap running */ 1790 if (--sc->running == 0) { 1791 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1792 run_write(sc, RT2860_BCN_TIME_CFG, 1793 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1794 RT2860_TBTT_TIMER_EN)); 1795 } 1796 break; 1797 1798 case IEEE80211_S_RUN: 1799 if (!(sc->runbmap & bid)) { 1800 if(sc->running++) 1801 restart_ratectl = 1; 1802 sc->runbmap |= bid; 1803 } 1804 1805 m_freem(rvp->beacon_mbuf); 1806 rvp->beacon_mbuf = NULL; 1807 1808 switch (vap->iv_opmode) { 1809 case IEEE80211_M_HOSTAP: 1810 case IEEE80211_M_MBSS: 1811 sc->ap_running |= bid; 1812 ic->ic_opmode = vap->iv_opmode; 1813 run_update_beacon_cb(vap); 1814 break; 1815 case IEEE80211_M_IBSS: 1816 sc->adhoc_running |= bid; 1817 if (!sc->ap_running) 1818 ic->ic_opmode = vap->iv_opmode; 1819 run_update_beacon_cb(vap); 1820 break; 1821 case IEEE80211_M_STA: 1822 sc->sta_running |= bid; 1823 if (!sc->ap_running && !sc->adhoc_running) 1824 ic->ic_opmode = vap->iv_opmode; 1825 1826 /* read statistic counters (clear on read) */ 1827 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1828 (uint8_t *)sta, sizeof sta); 1829 1830 break; 1831 default: 1832 ic->ic_opmode = vap->iv_opmode; 1833 break; 1834 } 1835 1836 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1837 struct ieee80211_node *ni; 1838 1839 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 1840 RUN_UNLOCK(sc); 1841 IEEE80211_LOCK(ic); 1842 return (-1); 1843 } 1844 run_updateslot(ic->ic_ifp); 1845 run_enable_mrr(sc); 1846 run_set_txpreamble(sc); 1847 run_set_basicrates(sc); 1848 ni = ieee80211_ref_node(vap->iv_bss); 1849 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1850 run_set_bssid(sc, ni->ni_bssid); 1851 ieee80211_free_node(ni); 1852 run_enable_tsf_sync(sc); 1853 1854 /* enable automatic rate adaptation */ 1855 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1856 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1857 ratectl |= bid; 1858 } 1859 1860 /* turn link LED on */ 1861 run_set_leds(sc, RT2860_LED_RADIO | 1862 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1863 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1864 1865 break; 1866 default: 1867 DPRINTFN(6, "undefined case\n"); 1868 break; 1869 } 1870 1871 /* restart amrr for running VAPs */ 1872 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1873 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1874 1875 RUN_UNLOCK(sc); 1876 IEEE80211_LOCK(ic); 1877 1878 return(rvp->newstate(vap, nstate, arg)); 1879 } 1880 1881 /* ARGSUSED */ 1882 static void 1883 run_wme_update_cb(void *arg) 1884 { 1885 struct ieee80211com *ic = arg; 1886 struct run_softc *sc = ic->ic_ifp->if_softc; 1887 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1888 int aci, error = 0; 1889 1890 RUN_LOCK_ASSERT(sc, MA_OWNED); 1891 1892 /* update MAC TX configuration registers */ 1893 for (aci = 0; aci < WME_NUM_AC; aci++) { 1894 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1895 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1896 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1897 wmesp->wme_params[aci].wmep_aifsn << 8 | 1898 wmesp->wme_params[aci].wmep_txopLimit); 1899 if (error) goto err; 1900 } 1901 1902 /* update SCH/DMA registers too */ 1903 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1904 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1905 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 1906 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 1907 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 1908 if (error) goto err; 1909 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 1910 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 1911 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 1912 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 1913 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 1914 if (error) goto err; 1915 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 1916 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 1917 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 1918 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 1919 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 1920 if (error) goto err; 1921 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 1922 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 1923 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 1924 if (error) goto err; 1925 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 1926 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 1927 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 1928 1929 err: 1930 if (error) 1931 DPRINTF("WME update failed\n"); 1932 1933 return; 1934 } 1935 1936 static int 1937 run_wme_update(struct ieee80211com *ic) 1938 { 1939 struct run_softc *sc = ic->ic_ifp->if_softc; 1940 1941 /* sometime called wothout lock */ 1942 if (mtx_owned(&ic->ic_comlock.mtx)) { 1943 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 1944 DPRINTF("cmdq_store=%d\n", i); 1945 sc->cmdq[i].func = run_wme_update_cb; 1946 sc->cmdq[i].arg0 = ic; 1947 ieee80211_runtask(ic, &sc->cmdq_task); 1948 return (0); 1949 } 1950 1951 RUN_LOCK(sc); 1952 run_wme_update_cb(ic); 1953 RUN_UNLOCK(sc); 1954 1955 /* return whatever, upper layer desn't care anyway */ 1956 return (0); 1957 } 1958 1959 static void 1960 run_key_update_begin(struct ieee80211vap *vap) 1961 { 1962 /* 1963 * To avoid out-of-order events, both run_key_set() and 1964 * _delete() are deferred and handled by run_cmdq_cb(). 1965 * So, there is nothing we need to do here. 1966 */ 1967 } 1968 1969 static void 1970 run_key_update_end(struct ieee80211vap *vap) 1971 { 1972 /* null */ 1973 } 1974 1975 static void 1976 run_key_set_cb(void *arg) 1977 { 1978 struct run_cmdq *cmdq = arg; 1979 struct ieee80211vap *vap = cmdq->arg1; 1980 struct ieee80211_key *k = cmdq->k; 1981 struct ieee80211com *ic = vap->iv_ic; 1982 struct run_softc *sc = ic->ic_ifp->if_softc; 1983 struct ieee80211_node *ni; 1984 uint32_t attr; 1985 uint16_t base, associd; 1986 uint8_t mode, wcid, iv[8]; 1987 1988 RUN_LOCK_ASSERT(sc, MA_OWNED); 1989 1990 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1991 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 1992 else 1993 ni = vap->iv_bss; 1994 associd = (ni != NULL) ? ni->ni_associd : 0; 1995 1996 /* map net80211 cipher to RT2860 security mode */ 1997 switch (k->wk_cipher->ic_cipher) { 1998 case IEEE80211_CIPHER_WEP: 1999 if(k->wk_keylen < 8) 2000 mode = RT2860_MODE_WEP40; 2001 else 2002 mode = RT2860_MODE_WEP104; 2003 break; 2004 case IEEE80211_CIPHER_TKIP: 2005 mode = RT2860_MODE_TKIP; 2006 break; 2007 case IEEE80211_CIPHER_AES_CCM: 2008 mode = RT2860_MODE_AES_CCMP; 2009 break; 2010 default: 2011 DPRINTF("undefined case\n"); 2012 return; 2013 } 2014 2015 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2016 associd, k->wk_keyix, mode, 2017 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2018 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2019 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2020 2021 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2022 wcid = 0; /* NB: update WCID0 for group keys */ 2023 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2024 } else { 2025 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2026 1 : RUN_AID2WCID(associd); 2027 base = RT2860_PKEY(wcid); 2028 } 2029 2030 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2031 if(run_write_region_1(sc, base, k->wk_key, 16)) 2032 return; 2033 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2034 return; 2035 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2036 return; 2037 } else { 2038 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2039 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2040 return; 2041 } 2042 2043 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2044 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2045 /* set initial packet number in IV+EIV */ 2046 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2047 memset(iv, 0, sizeof iv); 2048 iv[3] = vap->iv_def_txkey << 6; 2049 } else { 2050 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2051 iv[0] = k->wk_keytsc >> 8; 2052 iv[1] = (iv[0] | 0x20) & 0x7f; 2053 iv[2] = k->wk_keytsc; 2054 } else /* CCMP */ { 2055 iv[0] = k->wk_keytsc; 2056 iv[1] = k->wk_keytsc >> 8; 2057 iv[2] = 0; 2058 } 2059 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2060 iv[4] = k->wk_keytsc >> 16; 2061 iv[5] = k->wk_keytsc >> 24; 2062 iv[6] = k->wk_keytsc >> 32; 2063 iv[7] = k->wk_keytsc >> 40; 2064 } 2065 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2066 return; 2067 } 2068 2069 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2070 /* install group key */ 2071 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2072 return; 2073 attr &= ~(0xf << (k->wk_keyix * 4)); 2074 attr |= mode << (k->wk_keyix * 4); 2075 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2076 return; 2077 } else { 2078 /* install pairwise key */ 2079 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2080 return; 2081 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2082 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2083 return; 2084 } 2085 2086 /* TODO create a pass-thru key entry? */ 2087 2088 /* need wcid to delete the right key later */ 2089 k->wk_pad = wcid; 2090 } 2091 2092 /* 2093 * Don't have to be deferred, but in order to keep order of 2094 * execution, i.e. with run_key_delete(), defer this and let 2095 * run_cmdq_cb() maintain the order. 2096 * 2097 * return 0 on error 2098 */ 2099 static int 2100 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2101 const uint8_t mac[IEEE80211_ADDR_LEN]) 2102 { 2103 struct ieee80211com *ic = vap->iv_ic; 2104 struct run_softc *sc = ic->ic_ifp->if_softc; 2105 uint32_t i; 2106 2107 i = RUN_CMDQ_GET(&sc->cmdq_store); 2108 DPRINTF("cmdq_store=%d\n", i); 2109 sc->cmdq[i].func = run_key_set_cb; 2110 sc->cmdq[i].arg0 = NULL; 2111 sc->cmdq[i].arg1 = vap; 2112 sc->cmdq[i].k = k; 2113 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2114 ieee80211_runtask(ic, &sc->cmdq_task); 2115 2116 /* 2117 * To make sure key will be set when hostapd 2118 * calls iv_key_set() before if_init(). 2119 */ 2120 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2121 RUN_LOCK(sc); 2122 sc->cmdq_key_set = RUN_CMDQ_GO; 2123 RUN_UNLOCK(sc); 2124 } 2125 2126 return (1); 2127 } 2128 2129 /* 2130 * If wlan is destroyed without being brought down i.e. without 2131 * wlan down or wpa_cli terminate, this function is called after 2132 * vap is gone. Don't refer it. 2133 */ 2134 static void 2135 run_key_delete_cb(void *arg) 2136 { 2137 struct run_cmdq *cmdq = arg; 2138 struct run_softc *sc = cmdq->arg1; 2139 struct ieee80211_key *k = &cmdq->key; 2140 uint32_t attr; 2141 uint8_t wcid; 2142 2143 RUN_LOCK_ASSERT(sc, MA_OWNED); 2144 2145 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2146 /* remove group key */ 2147 DPRINTF("removing group key\n"); 2148 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2149 attr &= ~(0xf << (k->wk_keyix * 4)); 2150 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2151 } else { 2152 /* remove pairwise key */ 2153 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2154 /* matching wcid was written to wk_pad in run_key_set() */ 2155 wcid = k->wk_pad; 2156 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2157 attr &= ~0xf; 2158 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2159 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2160 } 2161 2162 k->wk_pad = 0; 2163 } 2164 2165 /* 2166 * return 0 on error 2167 */ 2168 static int 2169 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2170 { 2171 struct ieee80211com *ic = vap->iv_ic; 2172 struct run_softc *sc = ic->ic_ifp->if_softc; 2173 struct ieee80211_key *k0; 2174 uint32_t i; 2175 2176 /* 2177 * When called back, key might be gone. So, make a copy 2178 * of some values need to delete keys before deferring. 2179 * But, because of LOR with node lock, cannot use lock here. 2180 * So, use atomic instead. 2181 */ 2182 i = RUN_CMDQ_GET(&sc->cmdq_store); 2183 DPRINTF("cmdq_store=%d\n", i); 2184 sc->cmdq[i].func = run_key_delete_cb; 2185 sc->cmdq[i].arg0 = NULL; 2186 sc->cmdq[i].arg1 = sc; 2187 k0 = &sc->cmdq[i].key; 2188 k0->wk_flags = k->wk_flags; 2189 k0->wk_keyix = k->wk_keyix; 2190 /* matching wcid was written to wk_pad in run_key_set() */ 2191 k0->wk_pad = k->wk_pad; 2192 ieee80211_runtask(ic, &sc->cmdq_task); 2193 return (1); /* return fake success */ 2194 2195 } 2196 2197 static void 2198 run_ratectl_to(void *arg) 2199 { 2200 struct run_softc *sc = arg; 2201 2202 /* do it in a process context, so it can go sleep */ 2203 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2204 /* next timeout will be rescheduled in the callback task */ 2205 } 2206 2207 /* ARGSUSED */ 2208 static void 2209 run_ratectl_cb(void *arg, int pending) 2210 { 2211 struct run_softc *sc = arg; 2212 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2213 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2214 2215 if (vap == NULL) 2216 return; 2217 2218 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2219 run_iter_func(sc, vap->iv_bss); 2220 else { 2221 /* 2222 * run_reset_livelock() doesn't do anything with AMRR, 2223 * but Ralink wants us to call it every 1 sec. So, we 2224 * piggyback here rather than creating another callout. 2225 * Livelock may occur only in HOSTAP or IBSS mode 2226 * (when h/w is sending beacons). 2227 */ 2228 RUN_LOCK(sc); 2229 run_reset_livelock(sc); 2230 /* just in case, there are some stats to drain */ 2231 run_drain_fifo(sc); 2232 RUN_UNLOCK(sc); 2233 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2234 } 2235 2236 if(sc->ratectl_run != RUN_RATECTL_OFF) 2237 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2238 } 2239 2240 static void 2241 run_drain_fifo(void *arg) 2242 { 2243 struct run_softc *sc = arg; 2244 struct ifnet *ifp = sc->sc_ifp; 2245 uint32_t stat; 2246 uint16_t (*wstat)[3]; 2247 uint8_t wcid, mcs, pid; 2248 int8_t retry; 2249 2250 RUN_LOCK_ASSERT(sc, MA_OWNED); 2251 2252 for (;;) { 2253 /* drain Tx status FIFO (maxsize = 16) */ 2254 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2255 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2256 if (!(stat & RT2860_TXQ_VLD)) 2257 break; 2258 2259 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2260 2261 /* if no ACK was requested, no feedback is available */ 2262 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2263 wcid == 0) 2264 continue; 2265 2266 /* 2267 * Even though each stat is Tx-complete-status like format, 2268 * the device can poll stats. Because there is no guarantee 2269 * that the referring node is still around when read the stats. 2270 * So that, if we use ieee80211_ratectl_tx_update(), we will 2271 * have hard time not to refer already freed node. 2272 * 2273 * To eliminate such page faults, we poll stats in softc. 2274 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2275 */ 2276 wstat = &(sc->wcid_stats[wcid]); 2277 (*wstat)[RUN_TXCNT]++; 2278 if (stat & RT2860_TXQ_OK) 2279 (*wstat)[RUN_SUCCESS]++; 2280 else 2281 ifp->if_oerrors++; 2282 /* 2283 * Check if there were retries, ie if the Tx success rate is 2284 * different from the requested rate. Note that it works only 2285 * because we do not allow rate fallback from OFDM to CCK. 2286 */ 2287 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2288 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2289 if ((retry = pid -1 - mcs) > 0) { 2290 (*wstat)[RUN_TXCNT] += retry; 2291 (*wstat)[RUN_RETRY] += retry; 2292 } 2293 } 2294 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2295 2296 sc->fifo_cnt = 0; 2297 } 2298 2299 static void 2300 run_iter_func(void *arg, struct ieee80211_node *ni) 2301 { 2302 struct run_softc *sc = arg; 2303 struct ieee80211vap *vap = ni->ni_vap; 2304 struct ieee80211com *ic = ni->ni_ic; 2305 struct ifnet *ifp = ic->ic_ifp; 2306 struct run_node *rn = (void *)ni; 2307 union run_stats sta[2]; 2308 uint16_t (*wstat)[3]; 2309 int txcnt, success, retrycnt, error; 2310 2311 RUN_LOCK(sc); 2312 2313 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2314 vap->iv_opmode == IEEE80211_M_STA)) { 2315 /* read statistic counters (clear on read) and update AMRR state */ 2316 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2317 sizeof sta); 2318 if (error != 0) 2319 goto fail; 2320 2321 /* count failed TX as errors */ 2322 ifp->if_oerrors += le16toh(sta[0].error.fail); 2323 2324 retrycnt = le16toh(sta[1].tx.retry); 2325 success = le16toh(sta[1].tx.success); 2326 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2327 2328 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2329 retrycnt, success, le16toh(sta[0].error.fail)); 2330 } else { 2331 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2332 2333 if (wstat == &(sc->wcid_stats[0]) || 2334 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2335 goto fail; 2336 2337 txcnt = (*wstat)[RUN_TXCNT]; 2338 success = (*wstat)[RUN_SUCCESS]; 2339 retrycnt = (*wstat)[RUN_RETRY]; 2340 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2341 retrycnt, txcnt, success); 2342 2343 memset(wstat, 0, sizeof(*wstat)); 2344 } 2345 2346 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2347 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2348 2349 fail: 2350 RUN_UNLOCK(sc); 2351 2352 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2353 } 2354 2355 static void 2356 run_newassoc_cb(void *arg) 2357 { 2358 struct run_cmdq *cmdq = arg; 2359 struct ieee80211_node *ni = cmdq->arg1; 2360 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2361 uint8_t wcid = cmdq->wcid; 2362 2363 RUN_LOCK_ASSERT(sc, MA_OWNED); 2364 2365 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2366 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2367 2368 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2369 } 2370 2371 static void 2372 run_newassoc(struct ieee80211_node *ni, int isnew) 2373 { 2374 struct run_node *rn = (void *)ni; 2375 struct ieee80211_rateset *rs = &ni->ni_rates; 2376 struct ieee80211vap *vap = ni->ni_vap; 2377 struct ieee80211com *ic = vap->iv_ic; 2378 struct run_softc *sc = ic->ic_ifp->if_softc; 2379 uint8_t rate; 2380 uint8_t ridx; 2381 uint8_t wcid; 2382 int i, j; 2383 2384 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2385 1 : RUN_AID2WCID(ni->ni_associd); 2386 2387 if (wcid > RT2870_WCID_MAX) { 2388 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2389 return; 2390 } 2391 2392 /* only interested in true associations */ 2393 if (isnew && ni->ni_associd != 0) { 2394 2395 /* 2396 * This function could is called though timeout function. 2397 * Need to defer. 2398 */ 2399 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2400 DPRINTF("cmdq_store=%d\n", cnt); 2401 sc->cmdq[cnt].func = run_newassoc_cb; 2402 sc->cmdq[cnt].arg0 = NULL; 2403 sc->cmdq[cnt].arg1 = ni; 2404 sc->cmdq[cnt].wcid = wcid; 2405 ieee80211_runtask(ic, &sc->cmdq_task); 2406 } 2407 2408 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2409 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2410 2411 for (i = 0; i < rs->rs_nrates; i++) { 2412 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2413 /* convert 802.11 rate to hardware rate index */ 2414 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2415 if (rt2860_rates[ridx].rate == rate) 2416 break; 2417 rn->ridx[i] = ridx; 2418 /* determine rate of control response frames */ 2419 for (j = i; j >= 0; j--) { 2420 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2421 rt2860_rates[rn->ridx[i]].phy == 2422 rt2860_rates[rn->ridx[j]].phy) 2423 break; 2424 } 2425 if (j >= 0) { 2426 rn->ctl_ridx[i] = rn->ridx[j]; 2427 } else { 2428 /* no basic rate found, use mandatory one */ 2429 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2430 } 2431 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2432 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2433 } 2434 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2435 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2436 if (rt2860_rates[ridx].rate == rate) 2437 break; 2438 rn->mgt_ridx = ridx; 2439 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2440 2441 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2442 } 2443 2444 /* 2445 * Return the Rx chain with the highest RSSI for a given frame. 2446 */ 2447 static __inline uint8_t 2448 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2449 { 2450 uint8_t rxchain = 0; 2451 2452 if (sc->nrxchains > 1) { 2453 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2454 rxchain = 1; 2455 if (sc->nrxchains > 2) 2456 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2457 rxchain = 2; 2458 } 2459 return (rxchain); 2460 } 2461 2462 static void 2463 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2464 { 2465 struct ifnet *ifp = sc->sc_ifp; 2466 struct ieee80211com *ic = ifp->if_l2com; 2467 struct ieee80211_frame *wh; 2468 struct ieee80211_node *ni; 2469 struct rt2870_rxd *rxd; 2470 struct rt2860_rxwi *rxwi; 2471 uint32_t flags; 2472 uint16_t len, phy; 2473 uint8_t ant, rssi; 2474 int8_t nf; 2475 2476 rxwi = mtod(m, struct rt2860_rxwi *); 2477 len = le16toh(rxwi->len) & 0xfff; 2478 if (__predict_false(len > dmalen)) { 2479 m_freem(m); 2480 ifp->if_ierrors++; 2481 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2482 return; 2483 } 2484 /* Rx descriptor is located at the end */ 2485 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2486 flags = le32toh(rxd->flags); 2487 2488 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2489 m_freem(m); 2490 ifp->if_ierrors++; 2491 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2492 return; 2493 } 2494 2495 m->m_data += sizeof(struct rt2860_rxwi); 2496 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi); 2497 2498 wh = mtod(m, struct ieee80211_frame *); 2499 2500 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2501 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2502 m->m_flags |= M_WEP; 2503 } 2504 2505 if (flags & RT2860_RX_L2PAD) { 2506 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2507 len += 2; 2508 } 2509 2510 ni = ieee80211_find_rxnode(ic, 2511 mtod(m, struct ieee80211_frame_min *)); 2512 2513 if (__predict_false(flags & RT2860_RX_MICERR)) { 2514 /* report MIC failures to net80211 for TKIP */ 2515 if (ni != NULL) 2516 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx); 2517 m_freem(m); 2518 ifp->if_ierrors++; 2519 DPRINTF("MIC error. Someone is lying.\n"); 2520 return; 2521 } 2522 2523 ant = run_maxrssi_chain(sc, rxwi); 2524 rssi = rxwi->rssi[ant]; 2525 nf = run_rssi2dbm(sc, rssi, ant); 2526 2527 m->m_pkthdr.rcvif = ifp; 2528 m->m_pkthdr.len = m->m_len = len; 2529 2530 if (ni != NULL) { 2531 (void)ieee80211_input(ni, m, rssi, nf); 2532 ieee80211_free_node(ni); 2533 } else { 2534 (void)ieee80211_input_all(ic, m, rssi, nf); 2535 } 2536 2537 if (__predict_false(ieee80211_radiotap_active(ic))) { 2538 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2539 2540 tap->wr_flags = 0; 2541 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2542 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2543 tap->wr_antsignal = rssi; 2544 tap->wr_antenna = ant; 2545 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2546 tap->wr_rate = 2; /* in case it can't be found below */ 2547 phy = le16toh(rxwi->phy); 2548 switch (phy & RT2860_PHY_MODE) { 2549 case RT2860_PHY_CCK: 2550 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2551 case 0: tap->wr_rate = 2; break; 2552 case 1: tap->wr_rate = 4; break; 2553 case 2: tap->wr_rate = 11; break; 2554 case 3: tap->wr_rate = 22; break; 2555 } 2556 if (phy & RT2860_PHY_SHPRE) 2557 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2558 break; 2559 case RT2860_PHY_OFDM: 2560 switch (phy & RT2860_PHY_MCS) { 2561 case 0: tap->wr_rate = 12; break; 2562 case 1: tap->wr_rate = 18; break; 2563 case 2: tap->wr_rate = 24; break; 2564 case 3: tap->wr_rate = 36; break; 2565 case 4: tap->wr_rate = 48; break; 2566 case 5: tap->wr_rate = 72; break; 2567 case 6: tap->wr_rate = 96; break; 2568 case 7: tap->wr_rate = 108; break; 2569 } 2570 break; 2571 } 2572 } 2573 } 2574 2575 static void 2576 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2577 { 2578 struct run_softc *sc = usbd_xfer_softc(xfer); 2579 struct ifnet *ifp = sc->sc_ifp; 2580 struct mbuf *m = NULL; 2581 struct mbuf *m0; 2582 uint32_t dmalen; 2583 int xferlen; 2584 2585 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2586 2587 switch (USB_GET_STATE(xfer)) { 2588 case USB_ST_TRANSFERRED: 2589 2590 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2591 2592 if (xferlen < (int)(sizeof(uint32_t) + 2593 sizeof(struct rt2860_rxwi) + sizeof(struct rt2870_rxd))) { 2594 DPRINTF("xfer too short %d\n", xferlen); 2595 goto tr_setup; 2596 } 2597 2598 m = sc->rx_m; 2599 sc->rx_m = NULL; 2600 2601 /* FALLTHROUGH */ 2602 case USB_ST_SETUP: 2603 tr_setup: 2604 if (sc->rx_m == NULL) { 2605 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2606 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2607 } 2608 if (sc->rx_m == NULL) { 2609 DPRINTF("could not allocate mbuf - idle with stall\n"); 2610 ifp->if_ierrors++; 2611 usbd_xfer_set_stall(xfer); 2612 usbd_xfer_set_frames(xfer, 0); 2613 } else { 2614 /* 2615 * Directly loading a mbuf cluster into DMA to 2616 * save some data copying. This works because 2617 * there is only one cluster. 2618 */ 2619 usbd_xfer_set_frame_data(xfer, 0, 2620 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2621 usbd_xfer_set_frames(xfer, 1); 2622 } 2623 usbd_transfer_submit(xfer); 2624 break; 2625 2626 default: /* Error */ 2627 if (error != USB_ERR_CANCELLED) { 2628 /* try to clear stall first */ 2629 usbd_xfer_set_stall(xfer); 2630 2631 if (error == USB_ERR_TIMEOUT) 2632 device_printf(sc->sc_dev, "device timeout\n"); 2633 2634 ifp->if_ierrors++; 2635 2636 goto tr_setup; 2637 } 2638 if (sc->rx_m != NULL) { 2639 m_freem(sc->rx_m); 2640 sc->rx_m = NULL; 2641 } 2642 break; 2643 } 2644 2645 if (m == NULL) 2646 return; 2647 2648 /* inputting all the frames must be last */ 2649 2650 RUN_UNLOCK(sc); 2651 2652 m->m_pkthdr.len = m->m_len = xferlen; 2653 2654 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2655 for(;;) { 2656 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2657 2658 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2659 ((dmalen & 3) != 0)) { 2660 DPRINTF("bad DMA length %u\n", dmalen); 2661 break; 2662 } 2663 if ((dmalen + 8) > (uint32_t)xferlen) { 2664 DPRINTF("bad DMA length %u > %d\n", 2665 dmalen + 8, xferlen); 2666 break; 2667 } 2668 2669 /* If it is the last one or a single frame, we won't copy. */ 2670 if ((xferlen -= dmalen + 8) <= 8) { 2671 /* trim 32-bit DMA-len header */ 2672 m->m_data += 4; 2673 m->m_pkthdr.len = m->m_len -= 4; 2674 run_rx_frame(sc, m, dmalen); 2675 break; 2676 } 2677 2678 /* copy aggregated frames to another mbuf */ 2679 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2680 if (__predict_false(m0 == NULL)) { 2681 DPRINTF("could not allocate mbuf\n"); 2682 ifp->if_ierrors++; 2683 break; 2684 } 2685 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2686 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2687 m0->m_pkthdr.len = m0->m_len = 2688 dmalen + sizeof(struct rt2870_rxd); 2689 run_rx_frame(sc, m0, dmalen); 2690 2691 /* update data ptr */ 2692 m->m_data += dmalen + 8; 2693 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2694 } 2695 2696 RUN_LOCK(sc); 2697 } 2698 2699 static void 2700 run_tx_free(struct run_endpoint_queue *pq, 2701 struct run_tx_data *data, int txerr) 2702 { 2703 if (data->m != NULL) { 2704 if (data->m->m_flags & M_TXCB) 2705 ieee80211_process_callback(data->ni, data->m, 2706 txerr ? ETIMEDOUT : 0); 2707 m_freem(data->m); 2708 data->m = NULL; 2709 2710 if (data->ni == NULL) { 2711 DPRINTF("no node\n"); 2712 } else { 2713 ieee80211_free_node(data->ni); 2714 data->ni = NULL; 2715 } 2716 } 2717 2718 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2719 pq->tx_nfree++; 2720 } 2721 2722 static void 2723 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index) 2724 { 2725 struct run_softc *sc = usbd_xfer_softc(xfer); 2726 struct ifnet *ifp = sc->sc_ifp; 2727 struct ieee80211com *ic = ifp->if_l2com; 2728 struct run_tx_data *data; 2729 struct ieee80211vap *vap = NULL; 2730 struct usb_page_cache *pc; 2731 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2732 struct mbuf *m; 2733 usb_frlength_t size; 2734 int actlen; 2735 int sumlen; 2736 2737 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2738 2739 switch (USB_GET_STATE(xfer)) { 2740 case USB_ST_TRANSFERRED: 2741 DPRINTFN(11, "transfer complete: %d " 2742 "bytes @ index %d\n", actlen, index); 2743 2744 data = usbd_xfer_get_priv(xfer); 2745 2746 run_tx_free(pq, data, 0); 2747 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2748 2749 usbd_xfer_set_priv(xfer, NULL); 2750 2751 ifp->if_opackets++; 2752 2753 /* FALLTHROUGH */ 2754 case USB_ST_SETUP: 2755 tr_setup: 2756 data = STAILQ_FIRST(&pq->tx_qh); 2757 if (data == NULL) 2758 break; 2759 2760 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2761 2762 m = data->m; 2763 if ((m->m_pkthdr.len + 2764 sizeof(data->desc) + 3 + 8) > RUN_MAX_TXSZ) { 2765 DPRINTF("data overflow, %u bytes\n", 2766 m->m_pkthdr.len); 2767 2768 ifp->if_oerrors++; 2769 2770 run_tx_free(pq, data, 1); 2771 2772 goto tr_setup; 2773 } 2774 2775 pc = usbd_xfer_get_frame(xfer, 0); 2776 size = sizeof(data->desc); 2777 usbd_copy_in(pc, 0, &data->desc, size); 2778 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2779 size += m->m_pkthdr.len; 2780 /* 2781 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 2782 * 4-byte padding), and be sure to zero those trailing 2783 * bytes: 2784 */ 2785 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 2786 size += ((-size) & 3) + 8; 2787 2788 vap = data->ni->ni_vap; 2789 if (ieee80211_radiotap_active_vap(vap)) { 2790 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2791 struct rt2860_txwi *txwi = 2792 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2793 2794 tap->wt_flags = 0; 2795 tap->wt_rate = rt2860_rates[data->ridx].rate; 2796 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2797 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2798 tap->wt_hwqueue = index; 2799 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2800 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2801 2802 ieee80211_radiotap_tx(vap, m); 2803 } 2804 2805 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 2806 m->m_pkthdr.len, size, index); 2807 2808 usbd_xfer_set_frame_len(xfer, 0, size); 2809 usbd_xfer_set_priv(xfer, data); 2810 2811 usbd_transfer_submit(xfer); 2812 2813 RUN_UNLOCK(sc); 2814 run_start(ifp); 2815 RUN_LOCK(sc); 2816 2817 break; 2818 2819 default: 2820 DPRINTF("USB transfer error, %s\n", 2821 usbd_errstr(error)); 2822 2823 data = usbd_xfer_get_priv(xfer); 2824 2825 ifp->if_oerrors++; 2826 2827 if (data != NULL) { 2828 if(data->ni != NULL) 2829 vap = data->ni->ni_vap; 2830 run_tx_free(pq, data, error); 2831 usbd_xfer_set_priv(xfer, NULL); 2832 } 2833 if (vap == NULL) 2834 vap = TAILQ_FIRST(&ic->ic_vaps); 2835 2836 if (error != USB_ERR_CANCELLED) { 2837 if (error == USB_ERR_TIMEOUT) { 2838 device_printf(sc->sc_dev, "device timeout\n"); 2839 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2840 DPRINTF("cmdq_store=%d\n", i); 2841 sc->cmdq[i].func = run_usb_timeout_cb; 2842 sc->cmdq[i].arg0 = vap; 2843 ieee80211_runtask(ic, &sc->cmdq_task); 2844 } 2845 2846 /* 2847 * Try to clear stall first, also if other 2848 * errors occur, hence clearing stall 2849 * introduces a 50 ms delay: 2850 */ 2851 usbd_xfer_set_stall(xfer); 2852 goto tr_setup; 2853 } 2854 break; 2855 } 2856 } 2857 2858 static void 2859 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2860 { 2861 run_bulk_tx_callbackN(xfer, error, 0); 2862 } 2863 2864 static void 2865 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2866 { 2867 run_bulk_tx_callbackN(xfer, error, 1); 2868 } 2869 2870 static void 2871 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2872 { 2873 run_bulk_tx_callbackN(xfer, error, 2); 2874 } 2875 2876 static void 2877 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2878 { 2879 run_bulk_tx_callbackN(xfer, error, 3); 2880 } 2881 2882 static void 2883 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2884 { 2885 run_bulk_tx_callbackN(xfer, error, 4); 2886 } 2887 2888 static void 2889 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 2890 { 2891 run_bulk_tx_callbackN(xfer, error, 5); 2892 } 2893 2894 static void 2895 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 2896 { 2897 struct mbuf *m = data->m; 2898 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2899 struct ieee80211vap *vap = data->ni->ni_vap; 2900 struct ieee80211_frame *wh; 2901 struct rt2870_txd *txd; 2902 struct rt2860_txwi *txwi; 2903 uint16_t xferlen; 2904 uint16_t mcs; 2905 uint8_t ridx = data->ridx; 2906 uint8_t pad; 2907 2908 /* get MCS code from rate index */ 2909 mcs = rt2860_rates[ridx].mcs; 2910 2911 xferlen = sizeof(*txwi) + m->m_pkthdr.len; 2912 2913 /* roundup to 32-bit alignment */ 2914 xferlen = (xferlen + 3) & ~3; 2915 2916 txd = (struct rt2870_txd *)&data->desc; 2917 txd->len = htole16(xferlen); 2918 2919 wh = mtod(m, struct ieee80211_frame *); 2920 2921 /* 2922 * Ether both are true or both are false, the header 2923 * are nicely aligned to 32-bit. So, no L2 padding. 2924 */ 2925 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 2926 pad = 0; 2927 else 2928 pad = 2; 2929 2930 /* setup TX Wireless Information */ 2931 txwi = (struct rt2860_txwi *)(txd + 1); 2932 txwi->len = htole16(m->m_pkthdr.len - pad); 2933 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2934 txwi->phy = htole16(RT2860_PHY_CCK); 2935 if (ridx != RT2860_RIDX_CCK1 && 2936 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2937 mcs |= RT2860_PHY_SHPRE; 2938 } else 2939 txwi->phy = htole16(RT2860_PHY_OFDM); 2940 txwi->phy |= htole16(mcs); 2941 2942 /* check if RTS/CTS or CTS-to-self protection is required */ 2943 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2944 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 2945 ((ic->ic_flags & IEEE80211_F_USEPROT) && 2946 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 2947 txwi->txop |= RT2860_TX_TXOP_HT; 2948 else 2949 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 2950 2951 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 2952 txwi->xflags |= RT2860_TX_NSEQ; 2953 } 2954 2955 /* This function must be called locked */ 2956 static int 2957 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2958 { 2959 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2960 struct ieee80211vap *vap = ni->ni_vap; 2961 struct ieee80211_frame *wh; 2962 struct ieee80211_channel *chan; 2963 const struct ieee80211_txparam *tp; 2964 struct run_node *rn = (void *)ni; 2965 struct run_tx_data *data; 2966 struct rt2870_txd *txd; 2967 struct rt2860_txwi *txwi; 2968 uint16_t qos; 2969 uint16_t dur; 2970 uint16_t qid; 2971 uint8_t type; 2972 uint8_t tid; 2973 uint8_t ridx; 2974 uint8_t ctl_ridx; 2975 uint8_t qflags; 2976 uint8_t xflags = 0; 2977 int hasqos; 2978 2979 RUN_LOCK_ASSERT(sc, MA_OWNED); 2980 2981 wh = mtod(m, struct ieee80211_frame *); 2982 2983 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2984 2985 /* 2986 * There are 7 bulk endpoints: 1 for RX 2987 * and 6 for TX (4 EDCAs + HCCA + Prio). 2988 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 2989 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 2990 */ 2991 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 2992 uint8_t *frm; 2993 2994 if(IEEE80211_HAS_ADDR4(wh)) 2995 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 2996 else 2997 frm =((struct ieee80211_qosframe *)wh)->i_qos; 2998 2999 qos = le16toh(*(const uint16_t *)frm); 3000 tid = qos & IEEE80211_QOS_TID; 3001 qid = TID_TO_WME_AC(tid); 3002 } else { 3003 qos = 0; 3004 tid = 0; 3005 qid = WME_AC_BE; 3006 } 3007 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3008 3009 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3010 qos, qid, tid, qflags); 3011 3012 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3013 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3014 3015 /* pickup a rate index */ 3016 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3017 type != IEEE80211_FC0_TYPE_DATA) { 3018 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3019 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3020 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3021 } else { 3022 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3023 ridx = rn->fix_ridx; 3024 else 3025 ridx = rn->amrr_ridx; 3026 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3027 } 3028 3029 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3030 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3031 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3032 xflags |= RT2860_TX_ACK; 3033 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3034 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3035 else 3036 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3037 *(uint16_t *)wh->i_dur = htole16(dur); 3038 } 3039 3040 /* reserve slots for mgmt packets, just in case */ 3041 if (sc->sc_epq[qid].tx_nfree < 3) { 3042 DPRINTFN(10, "tx ring %d is full\n", qid); 3043 return (-1); 3044 } 3045 3046 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3047 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3048 sc->sc_epq[qid].tx_nfree--; 3049 3050 txd = (struct rt2870_txd *)&data->desc; 3051 txd->flags = qflags; 3052 txwi = (struct rt2860_txwi *)(txd + 1); 3053 txwi->xflags = xflags; 3054 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3055 txwi->wcid = 0; 3056 } else { 3057 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3058 1 : RUN_AID2WCID(ni->ni_associd); 3059 } 3060 /* clear leftover garbage bits */ 3061 txwi->flags = 0; 3062 txwi->txop = 0; 3063 3064 data->m = m; 3065 data->ni = ni; 3066 data->ridx = ridx; 3067 3068 run_set_tx_desc(sc, data); 3069 3070 /* 3071 * The chip keeps track of 2 kind of Tx stats, 3072 * * TX_STAT_FIFO, for per WCID stats, and 3073 * * TX_STA_CNT0 for all-TX-in-one stats. 3074 * 3075 * To use FIFO stats, we need to store MCS into the driver-private 3076 * PacketID field. So that, we can tell whose stats when we read them. 3077 * We add 1 to the MCS because setting the PacketID field to 0 means 3078 * that we don't want feedback in TX_STAT_FIFO. 3079 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3080 * 3081 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3082 */ 3083 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3084 vap->iv_opmode == IEEE80211_M_MBSS) { 3085 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3086 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3087 3088 /* 3089 * Unlike PCI based devices, we don't get any interrupt from 3090 * USB devices, so we simulate FIFO-is-full interrupt here. 3091 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3092 * quickly get fulled. To prevent overflow, increment a counter on 3093 * every FIFO stat request, so we know how many slots are left. 3094 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3095 * are used only in those modes. 3096 * We just drain stats. AMRR gets updated every 1 sec by 3097 * run_ratectl_cb() via callout. 3098 * Call it early. Otherwise overflow. 3099 */ 3100 if (sc->fifo_cnt++ == 10) { 3101 /* 3102 * With multiple vaps or if_bridge, if_start() is called 3103 * with a non-sleepable lock, tcpinp. So, need to defer. 3104 */ 3105 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3106 DPRINTFN(6, "cmdq_store=%d\n", i); 3107 sc->cmdq[i].func = run_drain_fifo; 3108 sc->cmdq[i].arg0 = sc; 3109 ieee80211_runtask(ic, &sc->cmdq_task); 3110 } 3111 } 3112 3113 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3114 3115 usbd_transfer_start(sc->sc_xfer[qid]); 3116 3117 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len + 3118 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3119 rt2860_rates[ridx].rate, qid); 3120 3121 return (0); 3122 } 3123 3124 static int 3125 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3126 { 3127 struct ifnet *ifp = sc->sc_ifp; 3128 struct ieee80211com *ic = ifp->if_l2com; 3129 struct run_node *rn = (void *)ni; 3130 struct run_tx_data *data; 3131 struct ieee80211_frame *wh; 3132 struct rt2870_txd *txd; 3133 struct rt2860_txwi *txwi; 3134 uint16_t dur; 3135 uint8_t ridx = rn->mgt_ridx; 3136 uint8_t type; 3137 uint8_t xflags = 0; 3138 uint8_t wflags = 0; 3139 3140 RUN_LOCK_ASSERT(sc, MA_OWNED); 3141 3142 wh = mtod(m, struct ieee80211_frame *); 3143 3144 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3145 3146 /* tell hardware to add timestamp for probe responses */ 3147 if ((wh->i_fc[0] & 3148 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3149 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3150 wflags |= RT2860_TX_TS; 3151 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3152 xflags |= RT2860_TX_ACK; 3153 3154 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3155 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3156 *(uint16_t *)wh->i_dur = htole16(dur); 3157 } 3158 3159 if (sc->sc_epq[0].tx_nfree == 0) { 3160 /* let caller free mbuf */ 3161 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3162 return (EIO); 3163 } 3164 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3165 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3166 sc->sc_epq[0].tx_nfree--; 3167 3168 txd = (struct rt2870_txd *)&data->desc; 3169 txd->flags = RT2860_TX_QSEL_EDCA; 3170 txwi = (struct rt2860_txwi *)(txd + 1); 3171 txwi->wcid = 0xff; 3172 txwi->flags = wflags; 3173 txwi->xflags = xflags; 3174 txwi->txop = 0; /* clear leftover garbage bits */ 3175 3176 data->m = m; 3177 data->ni = ni; 3178 data->ridx = ridx; 3179 3180 run_set_tx_desc(sc, data); 3181 3182 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3183 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3184 rt2860_rates[ridx].rate); 3185 3186 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3187 3188 usbd_transfer_start(sc->sc_xfer[0]); 3189 3190 return (0); 3191 } 3192 3193 static int 3194 run_sendprot(struct run_softc *sc, 3195 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3196 { 3197 struct ieee80211com *ic = ni->ni_ic; 3198 struct ieee80211_frame *wh; 3199 struct run_tx_data *data; 3200 struct rt2870_txd *txd; 3201 struct rt2860_txwi *txwi; 3202 struct mbuf *mprot; 3203 int ridx; 3204 int protrate; 3205 int ackrate; 3206 int pktlen; 3207 int isshort; 3208 uint16_t dur; 3209 uint8_t type; 3210 uint8_t wflags = 0; 3211 uint8_t xflags = 0; 3212 3213 RUN_LOCK_ASSERT(sc, MA_OWNED); 3214 3215 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3216 ("protection %d", prot)); 3217 3218 wh = mtod(m, struct ieee80211_frame *); 3219 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3220 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3221 3222 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3223 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3224 3225 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3226 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3227 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3228 wflags = RT2860_TX_FRAG; 3229 3230 /* check that there are free slots before allocating the mbuf */ 3231 if (sc->sc_epq[0].tx_nfree == 0) { 3232 /* let caller free mbuf */ 3233 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3234 return (ENOBUFS); 3235 } 3236 3237 if (prot == IEEE80211_PROT_RTSCTS) { 3238 /* NB: CTS is the same size as an ACK */ 3239 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3240 xflags |= RT2860_TX_ACK; 3241 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3242 } else { 3243 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3244 } 3245 if (mprot == NULL) { 3246 sc->sc_ifp->if_oerrors++; 3247 DPRINTF("could not allocate mbuf\n"); 3248 return (ENOBUFS); 3249 } 3250 3251 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3252 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3253 sc->sc_epq[0].tx_nfree--; 3254 3255 txd = (struct rt2870_txd *)&data->desc; 3256 txd->flags = RT2860_TX_QSEL_EDCA; 3257 txwi = (struct rt2860_txwi *)(txd + 1); 3258 txwi->wcid = 0xff; 3259 txwi->flags = wflags; 3260 txwi->xflags = xflags; 3261 txwi->txop = 0; /* clear leftover garbage bits */ 3262 3263 data->m = mprot; 3264 data->ni = ieee80211_ref_node(ni); 3265 3266 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3267 if (rt2860_rates[ridx].rate == protrate) 3268 break; 3269 data->ridx = ridx; 3270 3271 run_set_tx_desc(sc, data); 3272 3273 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3274 m->m_pkthdr.len, rate); 3275 3276 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3277 3278 usbd_transfer_start(sc->sc_xfer[0]); 3279 3280 return (0); 3281 } 3282 3283 static int 3284 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3285 const struct ieee80211_bpf_params *params) 3286 { 3287 struct ieee80211com *ic = ni->ni_ic; 3288 struct ieee80211_frame *wh; 3289 struct run_tx_data *data; 3290 struct rt2870_txd *txd; 3291 struct rt2860_txwi *txwi; 3292 uint8_t type; 3293 uint8_t ridx; 3294 uint8_t rate; 3295 uint8_t opflags = 0; 3296 uint8_t xflags = 0; 3297 int error; 3298 3299 RUN_LOCK_ASSERT(sc, MA_OWNED); 3300 3301 KASSERT(params != NULL, ("no raw xmit params")); 3302 3303 wh = mtod(m, struct ieee80211_frame *); 3304 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3305 3306 rate = params->ibp_rate0; 3307 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3308 /* let caller free mbuf */ 3309 return (EINVAL); 3310 } 3311 3312 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3313 xflags |= RT2860_TX_ACK; 3314 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3315 error = run_sendprot(sc, m, ni, 3316 params->ibp_flags & IEEE80211_BPF_RTS ? 3317 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3318 rate); 3319 if (error) { 3320 /* let caller free mbuf */ 3321 return error; 3322 } 3323 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3324 } 3325 3326 if (sc->sc_epq[0].tx_nfree == 0) { 3327 /* let caller free mbuf */ 3328 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3329 DPRINTF("sending raw frame, but tx ring is full\n"); 3330 return (EIO); 3331 } 3332 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3333 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3334 sc->sc_epq[0].tx_nfree--; 3335 3336 txd = (struct rt2870_txd *)&data->desc; 3337 txd->flags = RT2860_TX_QSEL_EDCA; 3338 txwi = (struct rt2860_txwi *)(txd + 1); 3339 txwi->wcid = 0xff; 3340 txwi->xflags = xflags; 3341 txwi->txop = opflags; 3342 txwi->flags = 0; /* clear leftover garbage bits */ 3343 3344 data->m = m; 3345 data->ni = ni; 3346 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3347 if (rt2860_rates[ridx].rate == rate) 3348 break; 3349 data->ridx = ridx; 3350 3351 run_set_tx_desc(sc, data); 3352 3353 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3354 m->m_pkthdr.len, rate); 3355 3356 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3357 3358 usbd_transfer_start(sc->sc_xfer[0]); 3359 3360 return (0); 3361 } 3362 3363 static int 3364 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3365 const struct ieee80211_bpf_params *params) 3366 { 3367 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3368 struct run_softc *sc = ifp->if_softc; 3369 int error = 0; 3370 3371 RUN_LOCK(sc); 3372 3373 /* prevent management frames from being sent if we're not ready */ 3374 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3375 error = ENETDOWN; 3376 goto done; 3377 } 3378 3379 if (params == NULL) { 3380 /* tx mgt packet */ 3381 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3382 ifp->if_oerrors++; 3383 DPRINTF("mgt tx failed\n"); 3384 goto done; 3385 } 3386 } else { 3387 /* tx raw packet with param */ 3388 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3389 ifp->if_oerrors++; 3390 DPRINTF("tx with param failed\n"); 3391 goto done; 3392 } 3393 } 3394 3395 ifp->if_opackets++; 3396 3397 done: 3398 RUN_UNLOCK(sc); 3399 3400 if (error != 0) { 3401 if(m != NULL) 3402 m_freem(m); 3403 ieee80211_free_node(ni); 3404 } 3405 3406 return (error); 3407 } 3408 3409 static void 3410 run_start(struct ifnet *ifp) 3411 { 3412 struct run_softc *sc = ifp->if_softc; 3413 struct ieee80211_node *ni; 3414 struct mbuf *m; 3415 3416 RUN_LOCK(sc); 3417 3418 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3419 RUN_UNLOCK(sc); 3420 return; 3421 } 3422 3423 for (;;) { 3424 /* send data frames */ 3425 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3426 if (m == NULL) 3427 break; 3428 3429 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3430 if (run_tx(sc, m, ni) != 0) { 3431 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3432 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3433 break; 3434 } 3435 } 3436 3437 RUN_UNLOCK(sc); 3438 } 3439 3440 static int 3441 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3442 { 3443 struct run_softc *sc = ifp->if_softc; 3444 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3445 struct ifreq *ifr = (struct ifreq *) data; 3446 int startall = 0; 3447 int error; 3448 3449 RUN_LOCK(sc); 3450 error = sc->sc_detached ? ENXIO : 0; 3451 RUN_UNLOCK(sc); 3452 if (error) 3453 return (error); 3454 3455 switch (cmd) { 3456 case SIOCSIFFLAGS: 3457 RUN_LOCK(sc); 3458 if (ifp->if_flags & IFF_UP) { 3459 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3460 startall = 1; 3461 run_init_locked(sc); 3462 } else 3463 run_update_promisc_locked(ifp); 3464 } else { 3465 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3466 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3467 run_stop(sc); 3468 } 3469 } 3470 RUN_UNLOCK(sc); 3471 if (startall) 3472 ieee80211_start_all(ic); 3473 break; 3474 case SIOCGIFMEDIA: 3475 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3476 break; 3477 case SIOCGIFADDR: 3478 error = ether_ioctl(ifp, cmd, data); 3479 break; 3480 default: 3481 error = EINVAL; 3482 break; 3483 } 3484 3485 return (error); 3486 } 3487 3488 static void 3489 run_set_agc(struct run_softc *sc, uint8_t agc) 3490 { 3491 uint8_t bbp; 3492 3493 if (sc->mac_ver == 0x3572) { 3494 run_bbp_read(sc, 27, &bbp); 3495 bbp &= ~(0x3 << 5); 3496 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3497 run_bbp_write(sc, 66, agc); 3498 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3499 run_bbp_write(sc, 66, agc); 3500 } else 3501 run_bbp_write(sc, 66, agc); 3502 } 3503 3504 static void 3505 run_select_chan_group(struct run_softc *sc, int group) 3506 { 3507 uint32_t tmp; 3508 uint8_t agc; 3509 3510 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3511 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3512 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3513 run_bbp_write(sc, 86, 0x00); 3514 3515 if (group == 0) { 3516 if (sc->ext_2ghz_lna) { 3517 run_bbp_write(sc, 82, 0x62); 3518 run_bbp_write(sc, 75, 0x46); 3519 } else { 3520 run_bbp_write(sc, 82, 0x84); 3521 run_bbp_write(sc, 75, 0x50); 3522 } 3523 } else { 3524 if (sc->mac_ver == 0x3572) 3525 run_bbp_write(sc, 82, 0x94); 3526 else 3527 run_bbp_write(sc, 82, 0xf2); 3528 if (sc->ext_5ghz_lna) 3529 run_bbp_write(sc, 75, 0x46); 3530 else 3531 run_bbp_write(sc, 75, 0x50); 3532 } 3533 3534 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3535 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3536 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3537 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3538 3539 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3540 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3541 if (sc->nrxchains > 1) 3542 tmp |= RT2860_LNA_PE1_EN; 3543 if (group == 0) { /* 2GHz */ 3544 tmp |= RT2860_PA_PE_G0_EN; 3545 if (sc->ntxchains > 1) 3546 tmp |= RT2860_PA_PE_G1_EN; 3547 } else { /* 5GHz */ 3548 tmp |= RT2860_PA_PE_A0_EN; 3549 if (sc->ntxchains > 1) 3550 tmp |= RT2860_PA_PE_A1_EN; 3551 } 3552 if (sc->mac_ver == 0x3572) { 3553 run_rt3070_rf_write(sc, 8, 0x00); 3554 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3555 run_rt3070_rf_write(sc, 8, 0x80); 3556 } else 3557 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3558 3559 /* set initial AGC value */ 3560 if (group == 0) { /* 2GHz band */ 3561 if (sc->mac_ver >= 0x3070) 3562 agc = 0x1c + sc->lna[0] * 2; 3563 else 3564 agc = 0x2e + sc->lna[0]; 3565 } else { /* 5GHz band */ 3566 if (sc->mac_ver == 0x3572) 3567 agc = 0x22 + (sc->lna[group] * 5) / 3; 3568 else 3569 agc = 0x32 + (sc->lna[group] * 5) / 3; 3570 } 3571 run_set_agc(sc, agc); 3572 } 3573 3574 static void 3575 run_rt2870_set_chan(struct run_softc *sc, uint32_t chan) 3576 { 3577 const struct rfprog *rfprog = rt2860_rf2850; 3578 uint32_t r2, r3, r4; 3579 int8_t txpow1, txpow2; 3580 int i; 3581 3582 /* find the settings for this channel (we know it exists) */ 3583 for (i = 0; rfprog[i].chan != chan; i++); 3584 3585 r2 = rfprog[i].r2; 3586 if (sc->ntxchains == 1) 3587 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 3588 if (sc->nrxchains == 1) 3589 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3590 else if (sc->nrxchains == 2) 3591 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 3592 3593 /* use Tx power values from EEPROM */ 3594 txpow1 = sc->txpow1[i]; 3595 txpow2 = sc->txpow2[i]; 3596 if (chan > 14) { 3597 if (txpow1 >= 0) 3598 txpow1 = txpow1 << 1 | 1; 3599 else 3600 txpow1 = (7 + txpow1) << 1; 3601 if (txpow2 >= 0) 3602 txpow2 = txpow2 << 1 | 1; 3603 else 3604 txpow2 = (7 + txpow2) << 1; 3605 } 3606 r3 = rfprog[i].r3 | txpow1 << 7; 3607 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 3608 3609 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3610 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3611 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3612 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3613 3614 run_delay(sc, 10); 3615 3616 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3617 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3618 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 3619 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3620 3621 run_delay(sc, 10); 3622 3623 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3624 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3625 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3626 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3627 } 3628 3629 static void 3630 run_rt3070_set_chan(struct run_softc *sc, uint32_t chan) 3631 { 3632 int8_t txpow1, txpow2; 3633 uint8_t rf; 3634 int i; 3635 3636 /* RT3070 is 2GHz only */ 3637 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n")); 3638 3639 /* find the settings for this channel (we know it exists) */ 3640 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3641 3642 /* use Tx power values from EEPROM */ 3643 txpow1 = sc->txpow1[i]; 3644 txpow2 = sc->txpow2[i]; 3645 3646 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3647 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3648 run_rt3070_rf_read(sc, 6, &rf); 3649 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3650 run_rt3070_rf_write(sc, 6, rf); 3651 3652 /* set Tx0 power */ 3653 run_rt3070_rf_read(sc, 12, &rf); 3654 rf = (rf & ~0x1f) | txpow1; 3655 run_rt3070_rf_write(sc, 12, rf); 3656 3657 /* set Tx1 power */ 3658 run_rt3070_rf_read(sc, 13, &rf); 3659 rf = (rf & ~0x1f) | txpow2; 3660 run_rt3070_rf_write(sc, 13, rf); 3661 3662 run_rt3070_rf_read(sc, 1, &rf); 3663 rf &= ~0xfc; 3664 if (sc->ntxchains == 1) 3665 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3666 else if (sc->ntxchains == 2) 3667 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3668 if (sc->nrxchains == 1) 3669 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3670 else if (sc->nrxchains == 2) 3671 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3672 run_rt3070_rf_write(sc, 1, rf); 3673 3674 /* set RF offset */ 3675 run_rt3070_rf_read(sc, 23, &rf); 3676 rf = (rf & ~0x7f) | sc->freq; 3677 run_rt3070_rf_write(sc, 23, rf); 3678 3679 /* program RF filter */ 3680 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3681 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3682 run_rt3070_rf_write(sc, 24, rf); 3683 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3684 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3685 run_rt3070_rf_write(sc, 31, rf); 3686 3687 /* enable RF tuning */ 3688 run_rt3070_rf_read(sc, 7, &rf); 3689 run_rt3070_rf_write(sc, 7, rf | 0x01); 3690 } 3691 3692 static void 3693 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3694 { 3695 int8_t txpow1, txpow2; 3696 uint32_t tmp; 3697 uint8_t rf; 3698 int i; 3699 3700 /* find the settings for this channel (we know it exists) */ 3701 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3702 3703 /* use Tx power values from EEPROM */ 3704 txpow1 = sc->txpow1[i]; 3705 txpow2 = sc->txpow2[i]; 3706 3707 if (chan <= 14) { 3708 run_bbp_write(sc, 25, sc->bbp25); 3709 run_bbp_write(sc, 26, sc->bbp26); 3710 } else { 3711 /* enable IQ phase correction */ 3712 run_bbp_write(sc, 25, 0x09); 3713 run_bbp_write(sc, 26, 0xff); 3714 } 3715 3716 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3717 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3718 run_rt3070_rf_read(sc, 6, &rf); 3719 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3720 rf |= (chan <= 14) ? 0x08 : 0x04; 3721 run_rt3070_rf_write(sc, 6, rf); 3722 3723 /* set PLL mode */ 3724 run_rt3070_rf_read(sc, 5, &rf); 3725 rf &= ~(0x08 | 0x04); 3726 rf |= (chan <= 14) ? 0x04 : 0x08; 3727 run_rt3070_rf_write(sc, 5, rf); 3728 3729 /* set Tx power for chain 0 */ 3730 if (chan <= 14) 3731 rf = 0x60 | txpow1; 3732 else 3733 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3734 run_rt3070_rf_write(sc, 12, rf); 3735 3736 /* set Tx power for chain 1 */ 3737 if (chan <= 14) 3738 rf = 0x60 | txpow2; 3739 else 3740 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3741 run_rt3070_rf_write(sc, 13, rf); 3742 3743 /* set Tx/Rx streams */ 3744 run_rt3070_rf_read(sc, 1, &rf); 3745 rf &= ~0xfc; 3746 if (sc->ntxchains == 1) 3747 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3748 else if (sc->ntxchains == 2) 3749 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3750 if (sc->nrxchains == 1) 3751 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3752 else if (sc->nrxchains == 2) 3753 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3754 run_rt3070_rf_write(sc, 1, rf); 3755 3756 /* set RF offset */ 3757 run_rt3070_rf_read(sc, 23, &rf); 3758 rf = (rf & ~0x7f) | sc->freq; 3759 run_rt3070_rf_write(sc, 23, rf); 3760 3761 /* program RF filter */ 3762 rf = sc->rf24_20mhz; 3763 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3764 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3765 3766 /* enable RF tuning */ 3767 run_rt3070_rf_read(sc, 7, &rf); 3768 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3769 run_rt3070_rf_write(sc, 7, rf); 3770 3771 /* TSSI */ 3772 rf = (chan <= 14) ? 0xc3 : 0xc0; 3773 run_rt3070_rf_write(sc, 9, rf); 3774 3775 /* set loop filter 1 */ 3776 run_rt3070_rf_write(sc, 10, 0xf1); 3777 /* set loop filter 2 */ 3778 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3779 3780 /* set tx_mx2_ic */ 3781 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3782 /* set tx_mx1_ic */ 3783 if (chan <= 14) 3784 rf = 0x48 | sc->txmixgain_2ghz; 3785 else 3786 rf = 0x78 | sc->txmixgain_5ghz; 3787 run_rt3070_rf_write(sc, 16, rf); 3788 3789 /* set tx_lo1 */ 3790 run_rt3070_rf_write(sc, 17, 0x23); 3791 /* set tx_lo2 */ 3792 if (chan <= 14) 3793 rf = 0x93; 3794 else if (chan <= 64) 3795 rf = 0xb7; 3796 else if (chan <= 128) 3797 rf = 0x74; 3798 else 3799 rf = 0x72; 3800 run_rt3070_rf_write(sc, 19, rf); 3801 3802 /* set rx_lo1 */ 3803 if (chan <= 14) 3804 rf = 0xb3; 3805 else if (chan <= 64) 3806 rf = 0xf6; 3807 else if (chan <= 128) 3808 rf = 0xf4; 3809 else 3810 rf = 0xf3; 3811 run_rt3070_rf_write(sc, 20, rf); 3812 3813 /* set pfd_delay */ 3814 if (chan <= 14) 3815 rf = 0x15; 3816 else if (chan <= 64) 3817 rf = 0x3d; 3818 else 3819 rf = 0x01; 3820 run_rt3070_rf_write(sc, 25, rf); 3821 3822 /* set rx_lo2 */ 3823 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 3824 /* set ldo_rf_vc */ 3825 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 3826 /* set drv_cc */ 3827 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 3828 3829 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3830 tmp &= ~0x8080; 3831 if (chan <= 14) 3832 tmp |= 0x80; 3833 run_write(sc, RT2860_GPIO_CTRL, tmp); 3834 3835 /* enable RF tuning */ 3836 run_rt3070_rf_read(sc, 7, &rf); 3837 run_rt3070_rf_write(sc, 7, rf | 0x01); 3838 3839 run_delay(sc, 2); 3840 } 3841 3842 static void 3843 run_set_rx_antenna(struct run_softc *sc, int aux) 3844 { 3845 uint32_t tmp; 3846 3847 if (aux) { 3848 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 3849 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3850 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 3851 } else { 3852 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 3853 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3854 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 3855 } 3856 } 3857 3858 static int 3859 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 3860 { 3861 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3862 uint32_t chan, group; 3863 3864 chan = ieee80211_chan2ieee(ic, c); 3865 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 3866 return (EINVAL); 3867 3868 if (sc->mac_ver == 0x3572) 3869 run_rt3572_set_chan(sc, chan); 3870 else if (sc->mac_ver >= 0x3070) 3871 run_rt3070_set_chan(sc, chan); 3872 else 3873 run_rt2870_set_chan(sc, chan); 3874 3875 /* determine channel group */ 3876 if (chan <= 14) 3877 group = 0; 3878 else if (chan <= 64) 3879 group = 1; 3880 else if (chan <= 128) 3881 group = 2; 3882 else 3883 group = 3; 3884 3885 /* XXX necessary only when group has changed! */ 3886 run_select_chan_group(sc, group); 3887 3888 run_delay(sc, 10); 3889 3890 return (0); 3891 } 3892 3893 static void 3894 run_set_channel(struct ieee80211com *ic) 3895 { 3896 struct run_softc *sc = ic->ic_ifp->if_softc; 3897 3898 RUN_LOCK(sc); 3899 run_set_chan(sc, ic->ic_curchan); 3900 RUN_UNLOCK(sc); 3901 3902 return; 3903 } 3904 3905 static void 3906 run_scan_start(struct ieee80211com *ic) 3907 { 3908 struct run_softc *sc = ic->ic_ifp->if_softc; 3909 uint32_t tmp; 3910 3911 RUN_LOCK(sc); 3912 3913 /* abort TSF synchronization */ 3914 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 3915 run_write(sc, RT2860_BCN_TIME_CFG, 3916 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 3917 RT2860_TBTT_TIMER_EN)); 3918 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 3919 3920 RUN_UNLOCK(sc); 3921 3922 return; 3923 } 3924 3925 static void 3926 run_scan_end(struct ieee80211com *ic) 3927 { 3928 struct run_softc *sc = ic->ic_ifp->if_softc; 3929 3930 RUN_LOCK(sc); 3931 3932 run_enable_tsf_sync(sc); 3933 /* XXX keep local copy */ 3934 run_set_bssid(sc, sc->sc_bssid); 3935 3936 RUN_UNLOCK(sc); 3937 3938 return; 3939 } 3940 3941 /* 3942 * Could be called from ieee80211_node_timeout() 3943 * (non-sleepable thread) 3944 */ 3945 static void 3946 run_update_beacon(struct ieee80211vap *vap, int item) 3947 { 3948 struct ieee80211com *ic = vap->iv_ic; 3949 struct run_softc *sc = ic->ic_ifp->if_softc; 3950 struct run_vap *rvp = RUN_VAP(vap); 3951 int mcast = 0; 3952 uint32_t i; 3953 3954 KASSERT(vap != NULL, ("no beacon")); 3955 3956 switch (item) { 3957 case IEEE80211_BEACON_ERP: 3958 run_updateslot(ic->ic_ifp); 3959 break; 3960 case IEEE80211_BEACON_HTINFO: 3961 run_updateprot(ic); 3962 break; 3963 case IEEE80211_BEACON_TIM: 3964 mcast = 1; /*TODO*/ 3965 break; 3966 default: 3967 break; 3968 } 3969 3970 setbit(rvp->bo.bo_flags, item); 3971 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 3972 3973 i = RUN_CMDQ_GET(&sc->cmdq_store); 3974 DPRINTF("cmdq_store=%d\n", i); 3975 sc->cmdq[i].func = run_update_beacon_cb; 3976 sc->cmdq[i].arg0 = vap; 3977 ieee80211_runtask(ic, &sc->cmdq_task); 3978 3979 return; 3980 } 3981 3982 static void 3983 run_update_beacon_cb(void *arg) 3984 { 3985 struct ieee80211vap *vap = arg; 3986 struct run_vap *rvp = RUN_VAP(vap); 3987 struct ieee80211com *ic = vap->iv_ic; 3988 struct run_softc *sc = ic->ic_ifp->if_softc; 3989 struct rt2860_txwi txwi; 3990 struct mbuf *m; 3991 uint8_t ridx; 3992 3993 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 3994 return; 3995 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 3996 return; 3997 3998 /* 3999 * No need to call ieee80211_beacon_update(), run_update_beacon() 4000 * is taking care of apropriate calls. 4001 */ 4002 if (rvp->beacon_mbuf == NULL) { 4003 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4004 &rvp->bo); 4005 if (rvp->beacon_mbuf == NULL) 4006 return; 4007 } 4008 m = rvp->beacon_mbuf; 4009 4010 memset(&txwi, 0, sizeof txwi); 4011 txwi.wcid = 0xff; 4012 txwi.len = htole16(m->m_pkthdr.len); 4013 /* send beacons at the lowest available rate */ 4014 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4015 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4016 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4017 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4018 txwi.phy |= htole16(RT2860_PHY_OFDM); 4019 txwi.txop = RT2860_TX_TXOP_HT; 4020 txwi.flags = RT2860_TX_TS; 4021 txwi.xflags = RT2860_TX_NSEQ; 4022 4023 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), 4024 (uint8_t *)&txwi, sizeof txwi); 4025 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + sizeof txwi, 4026 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */ 4027 4028 return; 4029 } 4030 4031 static void 4032 run_updateprot(struct ieee80211com *ic) 4033 { 4034 struct run_softc *sc = ic->ic_ifp->if_softc; 4035 uint32_t i; 4036 4037 i = RUN_CMDQ_GET(&sc->cmdq_store); 4038 DPRINTF("cmdq_store=%d\n", i); 4039 sc->cmdq[i].func = run_updateprot_cb; 4040 sc->cmdq[i].arg0 = ic; 4041 ieee80211_runtask(ic, &sc->cmdq_task); 4042 } 4043 4044 static void 4045 run_updateprot_cb(void *arg) 4046 { 4047 struct ieee80211com *ic = arg; 4048 struct run_softc *sc = ic->ic_ifp->if_softc; 4049 uint32_t tmp; 4050 4051 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4052 /* setup protection frame rate (MCS code) */ 4053 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4054 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4055 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4056 4057 /* CCK frames don't require protection */ 4058 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4059 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4060 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4061 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4062 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4063 tmp |= RT2860_PROT_CTRL_CTS; 4064 } 4065 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4066 } 4067 4068 static void 4069 run_usb_timeout_cb(void *arg) 4070 { 4071 struct ieee80211vap *vap = arg; 4072 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4073 4074 RUN_LOCK_ASSERT(sc, MA_OWNED); 4075 4076 if(vap->iv_state == IEEE80211_S_RUN && 4077 vap->iv_opmode != IEEE80211_M_STA) 4078 run_reset_livelock(sc); 4079 else if (vap->iv_state == IEEE80211_S_SCAN) { 4080 DPRINTF("timeout caused by scan\n"); 4081 /* cancel bgscan */ 4082 ieee80211_cancel_scan(vap); 4083 } else 4084 DPRINTF("timeout by unknown cause\n"); 4085 } 4086 4087 static void 4088 run_reset_livelock(struct run_softc *sc) 4089 { 4090 uint32_t tmp; 4091 4092 RUN_LOCK_ASSERT(sc, MA_OWNED); 4093 4094 /* 4095 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4096 * can run into a livelock and start sending CTS-to-self frames like 4097 * crazy if protection is enabled. Reset MAC/BBP for a while 4098 */ 4099 run_read(sc, RT2860_DEBUG, &tmp); 4100 DPRINTFN(3, "debug reg %08x\n", tmp); 4101 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4102 DPRINTF("CTS-to-self livelock detected\n"); 4103 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4104 run_delay(sc, 1); 4105 run_write(sc, RT2860_MAC_SYS_CTRL, 4106 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4107 } 4108 } 4109 4110 static void 4111 run_update_promisc_locked(struct ifnet *ifp) 4112 { 4113 struct run_softc *sc = ifp->if_softc; 4114 uint32_t tmp; 4115 4116 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4117 4118 tmp |= RT2860_DROP_UC_NOME; 4119 if (ifp->if_flags & IFF_PROMISC) 4120 tmp &= ~RT2860_DROP_UC_NOME; 4121 4122 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4123 4124 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4125 "entering" : "leaving"); 4126 } 4127 4128 static void 4129 run_update_promisc(struct ifnet *ifp) 4130 { 4131 struct run_softc *sc = ifp->if_softc; 4132 4133 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4134 return; 4135 4136 RUN_LOCK(sc); 4137 run_update_promisc_locked(ifp); 4138 RUN_UNLOCK(sc); 4139 } 4140 4141 static void 4142 run_enable_tsf_sync(struct run_softc *sc) 4143 { 4144 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4145 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4146 uint32_t tmp; 4147 4148 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode); 4149 4150 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4151 tmp &= ~0x1fffff; 4152 tmp |= vap->iv_bss->ni_intval * 16; 4153 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4154 4155 if (ic->ic_opmode == IEEE80211_M_STA) { 4156 /* 4157 * Local TSF is always updated with remote TSF on beacon 4158 * reception. 4159 */ 4160 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4161 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4162 tmp |= RT2860_BCN_TX_EN; 4163 /* 4164 * Local TSF is updated with remote TSF on beacon reception 4165 * only if the remote TSF is greater than local TSF. 4166 */ 4167 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4168 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4169 ic->ic_opmode == IEEE80211_M_MBSS) { 4170 tmp |= RT2860_BCN_TX_EN; 4171 /* SYNC with nobody */ 4172 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4173 } else { 4174 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4175 return; 4176 } 4177 4178 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4179 } 4180 4181 static void 4182 run_enable_mrr(struct run_softc *sc) 4183 { 4184 #define CCK(mcs) (mcs) 4185 #define OFDM(mcs) (1 << 3 | (mcs)) 4186 run_write(sc, RT2860_LG_FBK_CFG0, 4187 OFDM(6) << 28 | /* 54->48 */ 4188 OFDM(5) << 24 | /* 48->36 */ 4189 OFDM(4) << 20 | /* 36->24 */ 4190 OFDM(3) << 16 | /* 24->18 */ 4191 OFDM(2) << 12 | /* 18->12 */ 4192 OFDM(1) << 8 | /* 12-> 9 */ 4193 OFDM(0) << 4 | /* 9-> 6 */ 4194 OFDM(0)); /* 6-> 6 */ 4195 4196 run_write(sc, RT2860_LG_FBK_CFG1, 4197 CCK(2) << 12 | /* 11->5.5 */ 4198 CCK(1) << 8 | /* 5.5-> 2 */ 4199 CCK(0) << 4 | /* 2-> 1 */ 4200 CCK(0)); /* 1-> 1 */ 4201 #undef OFDM 4202 #undef CCK 4203 } 4204 4205 static void 4206 run_set_txpreamble(struct run_softc *sc) 4207 { 4208 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4209 uint32_t tmp; 4210 4211 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4212 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4213 tmp |= RT2860_CCK_SHORT_EN; 4214 else 4215 tmp &= ~RT2860_CCK_SHORT_EN; 4216 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4217 } 4218 4219 static void 4220 run_set_basicrates(struct run_softc *sc) 4221 { 4222 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4223 4224 /* set basic rates mask */ 4225 if (ic->ic_curmode == IEEE80211_MODE_11B) 4226 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4227 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4228 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4229 else /* 11g */ 4230 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4231 } 4232 4233 static void 4234 run_set_leds(struct run_softc *sc, uint16_t which) 4235 { 4236 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4237 which | (sc->leds & 0x7f)); 4238 } 4239 4240 static void 4241 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4242 { 4243 run_write(sc, RT2860_MAC_BSSID_DW0, 4244 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4245 run_write(sc, RT2860_MAC_BSSID_DW1, 4246 bssid[4] | bssid[5] << 8); 4247 } 4248 4249 static void 4250 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4251 { 4252 run_write(sc, RT2860_MAC_ADDR_DW0, 4253 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4254 run_write(sc, RT2860_MAC_ADDR_DW1, 4255 addr[4] | addr[5] << 8 | 0xff << 16); 4256 } 4257 4258 static void 4259 run_updateslot(struct ifnet *ifp) 4260 { 4261 struct run_softc *sc = ifp->if_softc; 4262 struct ieee80211com *ic = ifp->if_l2com; 4263 uint32_t i; 4264 4265 i = RUN_CMDQ_GET(&sc->cmdq_store); 4266 DPRINTF("cmdq_store=%d\n", i); 4267 sc->cmdq[i].func = run_updateslot_cb; 4268 sc->cmdq[i].arg0 = ifp; 4269 ieee80211_runtask(ic, &sc->cmdq_task); 4270 4271 return; 4272 } 4273 4274 /* ARGSUSED */ 4275 static void 4276 run_updateslot_cb(void *arg) 4277 { 4278 struct ifnet *ifp = arg; 4279 struct run_softc *sc = ifp->if_softc; 4280 struct ieee80211com *ic = ifp->if_l2com; 4281 uint32_t tmp; 4282 4283 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4284 tmp &= ~0xff; 4285 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4286 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4287 } 4288 4289 static void 4290 run_update_mcast(struct ifnet *ifp) 4291 { 4292 /* h/w filter supports getting everything or nothing */ 4293 ifp->if_flags |= IFF_ALLMULTI; 4294 } 4295 4296 static int8_t 4297 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4298 { 4299 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4300 struct ieee80211_channel *c = ic->ic_curchan; 4301 int delta; 4302 4303 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4304 uint32_t chan = ieee80211_chan2ieee(ic, c); 4305 delta = sc->rssi_5ghz[rxchain]; 4306 4307 /* determine channel group */ 4308 if (chan <= 64) 4309 delta -= sc->lna[1]; 4310 else if (chan <= 128) 4311 delta -= sc->lna[2]; 4312 else 4313 delta -= sc->lna[3]; 4314 } else 4315 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4316 4317 return (-12 - delta - rssi); 4318 } 4319 4320 static int 4321 run_bbp_init(struct run_softc *sc) 4322 { 4323 int i, error, ntries; 4324 uint8_t bbp0; 4325 4326 /* wait for BBP to wake up */ 4327 for (ntries = 0; ntries < 20; ntries++) { 4328 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4329 return error; 4330 if (bbp0 != 0 && bbp0 != 0xff) 4331 break; 4332 } 4333 if (ntries == 20) 4334 return (ETIMEDOUT); 4335 4336 /* initialize BBP registers to default values */ 4337 for (i = 0; i < N(rt2860_def_bbp); i++) { 4338 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4339 rt2860_def_bbp[i].val); 4340 } 4341 4342 /* fix BBP84 for RT2860E */ 4343 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4344 run_bbp_write(sc, 84, 0x19); 4345 4346 if (sc->mac_ver >= 0x3070) { 4347 run_bbp_write(sc, 79, 0x13); 4348 run_bbp_write(sc, 80, 0x05); 4349 run_bbp_write(sc, 81, 0x33); 4350 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4351 run_bbp_write(sc, 69, 0x16); 4352 run_bbp_write(sc, 73, 0x12); 4353 } 4354 return (0); 4355 } 4356 4357 static int 4358 run_rt3070_rf_init(struct run_softc *sc) 4359 { 4360 uint32_t tmp; 4361 uint8_t rf, target, bbp4; 4362 int i; 4363 4364 run_rt3070_rf_read(sc, 30, &rf); 4365 /* toggle RF R30 bit 7 */ 4366 run_rt3070_rf_write(sc, 30, rf | 0x80); 4367 run_delay(sc, 10); 4368 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4369 4370 /* initialize RF registers to default value */ 4371 if (sc->mac_ver == 0x3572) { 4372 for (i = 0; i < N(rt3572_def_rf); i++) { 4373 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4374 rt3572_def_rf[i].val); 4375 } 4376 } else { 4377 for (i = 0; i < N(rt3070_def_rf); i++) { 4378 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4379 rt3070_def_rf[i].val); 4380 } 4381 } 4382 4383 if (sc->mac_ver == 0x3070) { 4384 /* change voltage from 1.2V to 1.35V for RT3070 */ 4385 run_read(sc, RT3070_LDO_CFG0, &tmp); 4386 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4387 run_write(sc, RT3070_LDO_CFG0, tmp); 4388 4389 } else if (sc->mac_ver == 0x3071) { 4390 run_rt3070_rf_read(sc, 6, &rf); 4391 run_rt3070_rf_write(sc, 6, rf | 0x40); 4392 run_rt3070_rf_write(sc, 31, 0x14); 4393 4394 run_read(sc, RT3070_LDO_CFG0, &tmp); 4395 tmp &= ~0x1f000000; 4396 if (sc->mac_rev < 0x0211) 4397 tmp |= 0x0d000000; /* 1.3V */ 4398 else 4399 tmp |= 0x01000000; /* 1.2V */ 4400 run_write(sc, RT3070_LDO_CFG0, tmp); 4401 4402 /* patch LNA_PE_G1 */ 4403 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4404 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4405 4406 } else if (sc->mac_ver == 0x3572) { 4407 run_rt3070_rf_read(sc, 6, &rf); 4408 run_rt3070_rf_write(sc, 6, rf | 0x40); 4409 4410 /* increase voltage from 1.2V to 1.35V */ 4411 run_read(sc, RT3070_LDO_CFG0, &tmp); 4412 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4413 run_write(sc, RT3070_LDO_CFG0, tmp); 4414 4415 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4416 run_delay(sc, 1); /* wait for 1msec */ 4417 /* decrease voltage back to 1.2V */ 4418 tmp = (tmp & ~0x1f000000) | 0x01000000; 4419 run_write(sc, RT3070_LDO_CFG0, tmp); 4420 } 4421 } 4422 4423 /* select 20MHz bandwidth */ 4424 run_rt3070_rf_read(sc, 31, &rf); 4425 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4426 4427 /* calibrate filter for 20MHz bandwidth */ 4428 sc->rf24_20mhz = 0x1f; /* default value */ 4429 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4430 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4431 4432 /* select 40MHz bandwidth */ 4433 run_bbp_read(sc, 4, &bbp4); 4434 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10); 4435 run_rt3070_rf_read(sc, 31, &rf); 4436 run_rt3070_rf_write(sc, 31, rf | 0x20); 4437 4438 /* calibrate filter for 40MHz bandwidth */ 4439 sc->rf24_40mhz = 0x2f; /* default value */ 4440 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4441 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4442 4443 /* go back to 20MHz bandwidth */ 4444 run_bbp_read(sc, 4, &bbp4); 4445 run_bbp_write(sc, 4, bbp4 & ~0x18); 4446 4447 if (sc->mac_ver == 0x3572) { 4448 /* save default BBP registers 25 and 26 values */ 4449 run_bbp_read(sc, 25, &sc->bbp25); 4450 run_bbp_read(sc, 26, &sc->bbp26); 4451 } else if (sc->mac_rev < 0x0211) 4452 run_rt3070_rf_write(sc, 27, 0x03); 4453 4454 run_read(sc, RT3070_OPT_14, &tmp); 4455 run_write(sc, RT3070_OPT_14, tmp | 1); 4456 4457 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4458 run_rt3070_rf_read(sc, 17, &rf); 4459 rf &= ~RT3070_TX_LO1; 4460 if ((sc->mac_ver == 0x3070 || 4461 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4462 !sc->ext_2ghz_lna) 4463 rf |= 0x20; /* fix for long range Rx issue */ 4464 if (sc->txmixgain_2ghz >= 1) 4465 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4466 run_rt3070_rf_write(sc, 17, rf); 4467 } 4468 4469 if (sc->mac_rev == 0x3071) { 4470 run_rt3070_rf_read(sc, 1, &rf); 4471 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4472 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4473 run_rt3070_rf_write(sc, 1, rf); 4474 4475 run_rt3070_rf_read(sc, 15, &rf); 4476 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4477 4478 run_rt3070_rf_read(sc, 20, &rf); 4479 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4480 4481 run_rt3070_rf_read(sc, 21, &rf); 4482 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4483 } 4484 4485 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4486 /* fix Tx to Rx IQ glitch by raising RF voltage */ 4487 run_rt3070_rf_read(sc, 27, &rf); 4488 rf &= ~0x77; 4489 if (sc->mac_rev < 0x0211) 4490 rf |= 0x03; 4491 run_rt3070_rf_write(sc, 27, rf); 4492 } 4493 return (0); 4494 } 4495 4496 static int 4497 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 4498 uint8_t *val) 4499 { 4500 uint8_t rf22, rf24; 4501 uint8_t bbp55_pb, bbp55_sb, delta; 4502 int ntries; 4503 4504 /* program filter */ 4505 run_rt3070_rf_read(sc, 24, &rf24); 4506 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 4507 run_rt3070_rf_write(sc, 24, rf24); 4508 4509 /* enable baseband loopback mode */ 4510 run_rt3070_rf_read(sc, 22, &rf22); 4511 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 4512 4513 /* set power and frequency of passband test tone */ 4514 run_bbp_write(sc, 24, 0x00); 4515 for (ntries = 0; ntries < 100; ntries++) { 4516 /* transmit test tone */ 4517 run_bbp_write(sc, 25, 0x90); 4518 run_delay(sc, 10); 4519 /* read received power */ 4520 run_bbp_read(sc, 55, &bbp55_pb); 4521 if (bbp55_pb != 0) 4522 break; 4523 } 4524 if (ntries == 100) 4525 return ETIMEDOUT; 4526 4527 /* set power and frequency of stopband test tone */ 4528 run_bbp_write(sc, 24, 0x06); 4529 for (ntries = 0; ntries < 100; ntries++) { 4530 /* transmit test tone */ 4531 run_bbp_write(sc, 25, 0x90); 4532 run_delay(sc, 10); 4533 /* read received power */ 4534 run_bbp_read(sc, 55, &bbp55_sb); 4535 4536 delta = bbp55_pb - bbp55_sb; 4537 if (delta > target) 4538 break; 4539 4540 /* reprogram filter */ 4541 rf24++; 4542 run_rt3070_rf_write(sc, 24, rf24); 4543 } 4544 if (ntries < 100) { 4545 if (rf24 != init) 4546 rf24--; /* backtrack */ 4547 *val = rf24; 4548 run_rt3070_rf_write(sc, 24, rf24); 4549 } 4550 4551 /* restore initial state */ 4552 run_bbp_write(sc, 24, 0x00); 4553 4554 /* disable baseband loopback mode */ 4555 run_rt3070_rf_read(sc, 22, &rf22); 4556 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 4557 4558 return (0); 4559 } 4560 4561 static void 4562 run_rt3070_rf_setup(struct run_softc *sc) 4563 { 4564 uint8_t bbp, rf; 4565 int i; 4566 4567 if (sc->mac_ver == 0x3572) { 4568 /* enable DC filter */ 4569 if (sc->mac_rev >= 0x0201) 4570 run_bbp_write(sc, 103, 0xc0); 4571 4572 run_bbp_read(sc, 138, &bbp); 4573 if (sc->ntxchains == 1) 4574 bbp |= 0x20; /* turn off DAC1 */ 4575 if (sc->nrxchains == 1) 4576 bbp &= ~0x02; /* turn off ADC1 */ 4577 run_bbp_write(sc, 138, bbp); 4578 4579 if (sc->mac_rev >= 0x0211) { 4580 /* improve power consumption */ 4581 run_bbp_read(sc, 31, &bbp); 4582 run_bbp_write(sc, 31, bbp & ~0x03); 4583 } 4584 4585 run_rt3070_rf_read(sc, 16, &rf); 4586 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 4587 run_rt3070_rf_write(sc, 16, rf); 4588 4589 } else if (sc->mac_ver == 0x3071) { 4590 /* enable DC filter */ 4591 if (sc->mac_rev >= 0x0201) 4592 run_bbp_write(sc, 103, 0xc0); 4593 4594 run_bbp_read(sc, 138, &bbp); 4595 if (sc->ntxchains == 1) 4596 bbp |= 0x20; /* turn off DAC1 */ 4597 if (sc->nrxchains == 1) 4598 bbp &= ~0x02; /* turn off ADC1 */ 4599 run_bbp_write(sc, 138, bbp); 4600 4601 if (sc->mac_rev >= 0x0211) { 4602 /* improve power consumption */ 4603 run_bbp_read(sc, 31, &bbp); 4604 run_bbp_write(sc, 31, bbp & ~0x03); 4605 } 4606 4607 run_write(sc, RT2860_TX_SW_CFG1, 0); 4608 if (sc->mac_rev < 0x0211) { 4609 run_write(sc, RT2860_TX_SW_CFG2, 4610 sc->patch_dac ? 0x2c : 0x0f); 4611 } else 4612 run_write(sc, RT2860_TX_SW_CFG2, 0); 4613 4614 } else if (sc->mac_ver == 0x3070) { 4615 if (sc->mac_rev >= 0x0201) { 4616 /* enable DC filter */ 4617 run_bbp_write(sc, 103, 0xc0); 4618 4619 /* improve power consumption */ 4620 run_bbp_read(sc, 31, &bbp); 4621 run_bbp_write(sc, 31, bbp & ~0x03); 4622 } 4623 4624 if (sc->mac_rev < 0x0211) { 4625 run_write(sc, RT2860_TX_SW_CFG1, 0); 4626 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 4627 } else 4628 run_write(sc, RT2860_TX_SW_CFG2, 0); 4629 } 4630 4631 /* initialize RF registers from ROM for >=RT3071*/ 4632 if (sc->mac_ver >= 0x3071) { 4633 for (i = 0; i < 10; i++) { 4634 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 4635 continue; 4636 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 4637 } 4638 } 4639 } 4640 4641 static int 4642 run_txrx_enable(struct run_softc *sc) 4643 { 4644 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4645 uint32_t tmp; 4646 int error, ntries; 4647 4648 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 4649 for (ntries = 0; ntries < 200; ntries++) { 4650 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 4651 return error; 4652 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4653 break; 4654 run_delay(sc, 50); 4655 } 4656 if (ntries == 200) 4657 return ETIMEDOUT; 4658 4659 run_delay(sc, 50); 4660 4661 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 4662 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4663 4664 /* enable Rx bulk aggregation (set timeout and limit) */ 4665 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 4666 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 4667 run_write(sc, RT2860_USB_DMA_CFG, tmp); 4668 4669 /* set Rx filter */ 4670 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 4671 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 4672 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 4673 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 4674 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 4675 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 4676 if (ic->ic_opmode == IEEE80211_M_STA) 4677 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 4678 } 4679 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4680 4681 run_write(sc, RT2860_MAC_SYS_CTRL, 4682 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4683 4684 return (0); 4685 } 4686 4687 static void 4688 run_init_locked(struct run_softc *sc) 4689 { 4690 struct ifnet *ifp = sc->sc_ifp; 4691 struct ieee80211com *ic = ifp->if_l2com; 4692 uint32_t tmp; 4693 uint8_t bbp1, bbp3; 4694 int i; 4695 int ridx; 4696 int ntries; 4697 4698 if (ic->ic_nrunning > 1) 4699 return; 4700 4701 run_stop(sc); 4702 4703 if (run_load_microcode(sc) != 0) { 4704 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 4705 goto fail; 4706 } 4707 4708 for (ntries = 0; ntries < 100; ntries++) { 4709 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 4710 goto fail; 4711 if (tmp != 0 && tmp != 0xffffffff) 4712 break; 4713 run_delay(sc, 10); 4714 } 4715 if (ntries == 100) 4716 goto fail; 4717 4718 for (i = 0; i != RUN_EP_QUEUES; i++) 4719 run_setup_tx_list(sc, &sc->sc_epq[i]); 4720 4721 run_set_macaddr(sc, IF_LLADDR(ifp)); 4722 4723 for (ntries = 0; ntries < 100; ntries++) { 4724 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 4725 goto fail; 4726 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4727 break; 4728 run_delay(sc, 10); 4729 } 4730 if (ntries == 100) { 4731 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 4732 goto fail; 4733 } 4734 tmp &= 0xff0; 4735 tmp |= RT2860_TX_WB_DDONE; 4736 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4737 4738 /* turn off PME_OEN to solve high-current issue */ 4739 run_read(sc, RT2860_SYS_CTRL, &tmp); 4740 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 4741 4742 run_write(sc, RT2860_MAC_SYS_CTRL, 4743 RT2860_BBP_HRST | RT2860_MAC_SRST); 4744 run_write(sc, RT2860_USB_DMA_CFG, 0); 4745 4746 if (run_reset(sc) != 0) { 4747 device_printf(sc->sc_dev, "could not reset chipset\n"); 4748 goto fail; 4749 } 4750 4751 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4752 4753 /* init Tx power for all Tx rates (from EEPROM) */ 4754 for (ridx = 0; ridx < 5; ridx++) { 4755 if (sc->txpow20mhz[ridx] == 0xffffffff) 4756 continue; 4757 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 4758 } 4759 4760 for (i = 0; i < N(rt2870_def_mac); i++) 4761 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 4762 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 4763 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 4764 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 4765 4766 if (sc->mac_ver >= 0x3070) { 4767 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 4768 run_write(sc, RT2860_TX_SW_CFG0, 4769 4 << RT2860_DLY_PAPE_EN_SHIFT); 4770 } 4771 4772 /* wait while MAC is busy */ 4773 for (ntries = 0; ntries < 100; ntries++) { 4774 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 4775 goto fail; 4776 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 4777 break; 4778 run_delay(sc, 10); 4779 } 4780 if (ntries == 100) 4781 goto fail; 4782 4783 /* clear Host to MCU mailbox */ 4784 run_write(sc, RT2860_H2M_BBPAGENT, 0); 4785 run_write(sc, RT2860_H2M_MAILBOX, 0); 4786 run_delay(sc, 10); 4787 4788 if (run_bbp_init(sc) != 0) { 4789 device_printf(sc->sc_dev, "could not initialize BBP\n"); 4790 goto fail; 4791 } 4792 4793 /* abort TSF synchronization */ 4794 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4795 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4796 RT2860_TBTT_TIMER_EN); 4797 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4798 4799 /* clear RX WCID search table */ 4800 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 4801 /* clear WCID attribute table */ 4802 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 4803 4804 /* hostapd sets a key before init. So, don't clear it. */ 4805 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 4806 /* clear shared key table */ 4807 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 4808 /* clear shared key mode */ 4809 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 4810 } 4811 4812 run_read(sc, RT2860_US_CYC_CNT, &tmp); 4813 tmp = (tmp & ~0xff) | 0x1e; 4814 run_write(sc, RT2860_US_CYC_CNT, tmp); 4815 4816 if (sc->mac_rev != 0x0101) 4817 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 4818 4819 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 4820 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 4821 4822 /* write vendor-specific BBP values (from EEPROM) */ 4823 for (i = 0; i < 10; i++) { 4824 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 4825 continue; 4826 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 4827 } 4828 4829 /* select Main antenna for 1T1R devices */ 4830 if (sc->rf_rev == RT3070_RF_3020) 4831 run_set_rx_antenna(sc, 0); 4832 4833 /* send LEDs operating mode to microcontroller */ 4834 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 4835 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 4836 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 4837 4838 if (sc->mac_ver >= 0x3070) 4839 run_rt3070_rf_init(sc); 4840 4841 /* disable non-existing Rx chains */ 4842 run_bbp_read(sc, 3, &bbp3); 4843 bbp3 &= ~(1 << 3 | 1 << 4); 4844 if (sc->nrxchains == 2) 4845 bbp3 |= 1 << 3; 4846 else if (sc->nrxchains == 3) 4847 bbp3 |= 1 << 4; 4848 run_bbp_write(sc, 3, bbp3); 4849 4850 /* disable non-existing Tx chains */ 4851 run_bbp_read(sc, 1, &bbp1); 4852 if (sc->ntxchains == 1) 4853 bbp1 &= ~(1 << 3 | 1 << 4); 4854 run_bbp_write(sc, 1, bbp1); 4855 4856 if (sc->mac_ver >= 0x3070) 4857 run_rt3070_rf_setup(sc); 4858 4859 /* select default channel */ 4860 run_set_chan(sc, ic->ic_curchan); 4861 4862 /* setup initial protection mode */ 4863 run_updateprot_cb(ic); 4864 4865 /* turn radio LED on */ 4866 run_set_leds(sc, RT2860_LED_RADIO); 4867 4868 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4869 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4870 sc->cmdq_run = RUN_CMDQ_GO; 4871 4872 for (i = 0; i != RUN_N_XFER; i++) 4873 usbd_xfer_set_stall(sc->sc_xfer[i]); 4874 4875 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 4876 4877 if (run_txrx_enable(sc) != 0) 4878 goto fail; 4879 4880 return; 4881 4882 fail: 4883 run_stop(sc); 4884 } 4885 4886 static void 4887 run_init(void *arg) 4888 { 4889 struct run_softc *sc = arg; 4890 struct ifnet *ifp = sc->sc_ifp; 4891 struct ieee80211com *ic = ifp->if_l2com; 4892 4893 RUN_LOCK(sc); 4894 run_init_locked(sc); 4895 RUN_UNLOCK(sc); 4896 4897 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4898 ieee80211_start_all(ic); 4899 } 4900 4901 static void 4902 run_stop(void *arg) 4903 { 4904 struct run_softc *sc = (struct run_softc *)arg; 4905 struct ifnet *ifp = sc->sc_ifp; 4906 uint32_t tmp; 4907 int i; 4908 int ntries; 4909 4910 RUN_LOCK_ASSERT(sc, MA_OWNED); 4911 4912 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4913 run_set_leds(sc, 0); /* turn all LEDs off */ 4914 4915 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 4916 4917 sc->ratectl_run = RUN_RATECTL_OFF; 4918 sc->cmdq_run = sc->cmdq_key_set; 4919 4920 RUN_UNLOCK(sc); 4921 4922 for(i = 0; i < RUN_N_XFER; i++) 4923 usbd_transfer_drain(sc->sc_xfer[i]); 4924 4925 RUN_LOCK(sc); 4926 4927 if (sc->rx_m != NULL) { 4928 m_free(sc->rx_m); 4929 sc->rx_m = NULL; 4930 } 4931 4932 /* disable Tx/Rx */ 4933 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 4934 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4935 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 4936 4937 /* wait for pending Tx to complete */ 4938 for (ntries = 0; ntries < 100; ntries++) { 4939 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 4940 DPRINTF("Cannot read Tx queue count\n"); 4941 break; 4942 } 4943 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 4944 DPRINTF("All Tx cleared\n"); 4945 break; 4946 } 4947 run_delay(sc, 10); 4948 } 4949 if (ntries >= 100) 4950 DPRINTF("There are still pending Tx\n"); 4951 run_delay(sc, 10); 4952 run_write(sc, RT2860_USB_DMA_CFG, 0); 4953 4954 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4955 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4956 4957 for (i = 0; i != RUN_EP_QUEUES; i++) 4958 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 4959 4960 return; 4961 } 4962 4963 static void 4964 run_delay(struct run_softc *sc, unsigned int ms) 4965 { 4966 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 4967 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 4968 } 4969 4970 static device_method_t run_methods[] = { 4971 /* Device interface */ 4972 DEVMETHOD(device_probe, run_match), 4973 DEVMETHOD(device_attach, run_attach), 4974 DEVMETHOD(device_detach, run_detach), 4975 DEVMETHOD_END 4976 }; 4977 4978 static driver_t run_driver = { 4979 .name = "run", 4980 .methods = run_methods, 4981 .size = sizeof(struct run_softc) 4982 }; 4983 4984 static devclass_t run_devclass; 4985 4986 DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0); 4987 MODULE_DEPEND(run, wlan, 1, 1, 1); 4988 MODULE_DEPEND(run, usb, 1, 1, 1); 4989 MODULE_DEPEND(run, firmware, 1, 1, 1); 4990 MODULE_VERSION(run, 1); 4991