1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_key_set_cb(void *); 385 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 386 static void run_key_delete_cb(void *); 387 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 388 static void run_ratectl_to(void *); 389 static void run_ratectl_cb(void *, int); 390 static void run_drain_fifo(void *); 391 static void run_iter_func(void *, struct ieee80211_node *); 392 static void run_newassoc_cb(void *); 393 static void run_newassoc(struct ieee80211_node *, int); 394 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 395 const struct ieee80211_rx_stats *, int, int); 396 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 397 static void run_tx_free(struct run_endpoint_queue *pq, 398 struct run_tx_data *, int); 399 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 400 static int run_tx(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402 static int run_tx_mgt(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_sendprot(struct run_softc *, const struct mbuf *, 405 struct ieee80211_node *, int, int); 406 static int run_tx_param(struct run_softc *, struct mbuf *, 407 struct ieee80211_node *, 408 const struct ieee80211_bpf_params *); 409 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 410 const struct ieee80211_bpf_params *); 411 static int run_transmit(struct ieee80211com *, struct mbuf *); 412 static void run_start(struct run_softc *); 413 static void run_parent(struct ieee80211com *); 414 static void run_iq_calib(struct run_softc *, u_int); 415 static void run_set_agc(struct run_softc *, uint8_t); 416 static void run_select_chan_group(struct run_softc *, int); 417 static void run_set_rx_antenna(struct run_softc *, int); 418 static void run_rt2870_set_chan(struct run_softc *, u_int); 419 static void run_rt3070_set_chan(struct run_softc *, u_int); 420 static void run_rt3572_set_chan(struct run_softc *, u_int); 421 static void run_rt3593_set_chan(struct run_softc *, u_int); 422 static void run_rt5390_set_chan(struct run_softc *, u_int); 423 static void run_rt5592_set_chan(struct run_softc *, u_int); 424 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 425 static void run_set_channel(struct ieee80211com *); 426 static void run_scan_start(struct ieee80211com *); 427 static void run_scan_end(struct ieee80211com *); 428 static void run_update_beacon(struct ieee80211vap *, int); 429 static void run_update_beacon_cb(void *); 430 static void run_updateprot(struct ieee80211com *); 431 static void run_updateprot_cb(void *); 432 static void run_usb_timeout_cb(void *); 433 static void run_reset_livelock(struct run_softc *); 434 static void run_enable_tsf_sync(struct run_softc *); 435 static void run_enable_tsf(struct run_softc *); 436 static void run_get_tsf(struct run_softc *, uint64_t *); 437 static void run_enable_mrr(struct run_softc *); 438 static void run_set_txpreamble(struct run_softc *); 439 static void run_set_basicrates(struct run_softc *); 440 static void run_set_leds(struct run_softc *, uint16_t); 441 static void run_set_bssid(struct run_softc *, const uint8_t *); 442 static void run_set_macaddr(struct run_softc *, const uint8_t *); 443 static void run_updateslot(struct ieee80211com *); 444 static void run_updateslot_cb(void *); 445 static void run_update_mcast(struct ieee80211com *); 446 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 447 static void run_update_promisc_locked(struct run_softc *); 448 static void run_update_promisc(struct ieee80211com *); 449 static void run_rt5390_bbp_init(struct run_softc *); 450 static int run_bbp_init(struct run_softc *); 451 static int run_rt3070_rf_init(struct run_softc *); 452 static void run_rt3593_rf_init(struct run_softc *); 453 static void run_rt5390_rf_init(struct run_softc *); 454 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 455 uint8_t *); 456 static void run_rt3070_rf_setup(struct run_softc *); 457 static void run_rt3593_rf_setup(struct run_softc *); 458 static void run_rt5390_rf_setup(struct run_softc *); 459 static int run_txrx_enable(struct run_softc *); 460 static void run_adjust_freq_offset(struct run_softc *); 461 static void run_init_locked(struct run_softc *); 462 static void run_stop(void *); 463 static void run_delay(struct run_softc *, u_int); 464 465 static eventhandler_tag run_etag; 466 467 static const struct rt2860_rate { 468 uint8_t rate; 469 uint8_t mcs; 470 enum ieee80211_phytype phy; 471 uint8_t ctl_ridx; 472 uint16_t sp_ack_dur; 473 uint16_t lp_ack_dur; 474 } rt2860_rates[] = { 475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 487 }; 488 489 static const struct { 490 uint16_t reg; 491 uint32_t val; 492 } rt2870_def_mac[] = { 493 RT2870_DEF_MAC 494 }; 495 496 static const struct { 497 uint8_t reg; 498 uint8_t val; 499 } rt2860_def_bbp[] = { 500 RT2860_DEF_BBP 501 },rt5390_def_bbp[] = { 502 RT5390_DEF_BBP 503 },rt5592_def_bbp[] = { 504 RT5592_DEF_BBP 505 }; 506 507 /* 508 * Default values for BBP register R196 for RT5592. 509 */ 510 static const uint8_t rt5592_bbp_r196[] = { 511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 519 0x2e, 0x36, 0x30, 0x6e 520 }; 521 522 static const struct rfprog { 523 uint8_t chan; 524 uint32_t r1, r2, r3, r4; 525 } rt2860_rf2850[] = { 526 RT2860_RF2850 527 }; 528 529 struct { 530 uint8_t n, r, k; 531 } rt3070_freqs[] = { 532 RT3070_RF3052 533 }; 534 535 static const struct rt5592_freqs { 536 uint16_t n; 537 uint8_t k, m, r; 538 } rt5592_freqs_20mhz[] = { 539 RT5592_RF5592_20MHZ 540 },rt5592_freqs_40mhz[] = { 541 RT5592_RF5592_40MHZ 542 }; 543 544 static const struct { 545 uint8_t reg; 546 uint8_t val; 547 } rt3070_def_rf[] = { 548 RT3070_DEF_RF 549 },rt3572_def_rf[] = { 550 RT3572_DEF_RF 551 },rt3593_def_rf[] = { 552 RT3593_DEF_RF 553 },rt5390_def_rf[] = { 554 RT5390_DEF_RF 555 },rt5392_def_rf[] = { 556 RT5392_DEF_RF 557 },rt5592_def_rf[] = { 558 RT5592_DEF_RF 559 },rt5592_2ghz_def_rf[] = { 560 RT5592_2GHZ_DEF_RF 561 },rt5592_5ghz_def_rf[] = { 562 RT5592_5GHZ_DEF_RF 563 }; 564 565 static const struct { 566 u_int firstchan; 567 u_int lastchan; 568 uint8_t reg; 569 uint8_t val; 570 } rt5592_chan_5ghz[] = { 571 RT5592_CHAN_5GHZ 572 }; 573 574 static const struct usb_config run_config[RUN_N_XFER] = { 575 [RUN_BULK_TX_BE] = { 576 .type = UE_BULK, 577 .endpoint = UE_ADDR_ANY, 578 .ep_index = 0, 579 .direction = UE_DIR_OUT, 580 .bufsize = RUN_MAX_TXSZ, 581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 582 .callback = run_bulk_tx_callback0, 583 .timeout = 5000, /* ms */ 584 }, 585 [RUN_BULK_TX_BK] = { 586 .type = UE_BULK, 587 .endpoint = UE_ADDR_ANY, 588 .direction = UE_DIR_OUT, 589 .ep_index = 1, 590 .bufsize = RUN_MAX_TXSZ, 591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 592 .callback = run_bulk_tx_callback1, 593 .timeout = 5000, /* ms */ 594 }, 595 [RUN_BULK_TX_VI] = { 596 .type = UE_BULK, 597 .endpoint = UE_ADDR_ANY, 598 .direction = UE_DIR_OUT, 599 .ep_index = 2, 600 .bufsize = RUN_MAX_TXSZ, 601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 602 .callback = run_bulk_tx_callback2, 603 .timeout = 5000, /* ms */ 604 }, 605 [RUN_BULK_TX_VO] = { 606 .type = UE_BULK, 607 .endpoint = UE_ADDR_ANY, 608 .direction = UE_DIR_OUT, 609 .ep_index = 3, 610 .bufsize = RUN_MAX_TXSZ, 611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 612 .callback = run_bulk_tx_callback3, 613 .timeout = 5000, /* ms */ 614 }, 615 [RUN_BULK_TX_HCCA] = { 616 .type = UE_BULK, 617 .endpoint = UE_ADDR_ANY, 618 .direction = UE_DIR_OUT, 619 .ep_index = 4, 620 .bufsize = RUN_MAX_TXSZ, 621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 622 .callback = run_bulk_tx_callback4, 623 .timeout = 5000, /* ms */ 624 }, 625 [RUN_BULK_TX_PRIO] = { 626 .type = UE_BULK, 627 .endpoint = UE_ADDR_ANY, 628 .direction = UE_DIR_OUT, 629 .ep_index = 5, 630 .bufsize = RUN_MAX_TXSZ, 631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 632 .callback = run_bulk_tx_callback5, 633 .timeout = 5000, /* ms */ 634 }, 635 [RUN_BULK_RX] = { 636 .type = UE_BULK, 637 .endpoint = UE_ADDR_ANY, 638 .direction = UE_DIR_IN, 639 .bufsize = RUN_MAX_RXSZ, 640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 641 .callback = run_bulk_rx_callback, 642 } 643 }; 644 645 static void 646 run_autoinst(void *arg, struct usb_device *udev, 647 struct usb_attach_arg *uaa) 648 { 649 struct usb_interface *iface; 650 struct usb_interface_descriptor *id; 651 652 if (uaa->dev_state != UAA_DEV_READY) 653 return; 654 655 iface = usbd_get_iface(udev, 0); 656 if (iface == NULL) 657 return; 658 id = iface->idesc; 659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 660 return; 661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 662 return; 663 664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 665 uaa->dev_state = UAA_DEV_EJECTING; 666 } 667 668 static int 669 run_driver_loaded(struct module *mod, int what, void *arg) 670 { 671 switch (what) { 672 case MOD_LOAD: 673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 675 break; 676 case MOD_UNLOAD: 677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 678 break; 679 default: 680 return (EOPNOTSUPP); 681 } 682 return (0); 683 } 684 685 static int 686 run_match(device_t self) 687 { 688 struct usb_attach_arg *uaa = device_get_ivars(self); 689 690 if (uaa->usb_mode != USB_MODE_HOST) 691 return (ENXIO); 692 if (uaa->info.bConfigIndex != 0) 693 return (ENXIO); 694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 695 return (ENXIO); 696 697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 698 } 699 700 static int 701 run_attach(device_t self) 702 { 703 struct run_softc *sc = device_get_softc(self); 704 struct usb_attach_arg *uaa = device_get_ivars(self); 705 struct ieee80211com *ic = &sc->sc_ic; 706 uint32_t ver; 707 uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; 708 uint8_t iface_index; 709 int ntries, error; 710 711 device_set_usb_desc(self); 712 sc->sc_udev = uaa->device; 713 sc->sc_dev = self; 714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 716 717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 718 MTX_NETWORK_LOCK, MTX_DEF); 719 mbufq_init(&sc->sc_snd, ifqmaxlen); 720 721 iface_index = RT2860_IFACE_INDEX; 722 723 error = usbd_transfer_setup(uaa->device, &iface_index, 724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 725 if (error) { 726 device_printf(self, "could not allocate USB transfers, " 727 "err=%s\n", usbd_errstr(error)); 728 goto detach; 729 } 730 731 RUN_LOCK(sc); 732 733 /* wait for the chip to settle */ 734 for (ntries = 0; ntries < 100; ntries++) { 735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 736 RUN_UNLOCK(sc); 737 goto detach; 738 } 739 if (ver != 0 && ver != 0xffffffff) 740 break; 741 run_delay(sc, 10); 742 } 743 if (ntries == 100) { 744 device_printf(sc->sc_dev, 745 "timeout waiting for NIC to initialize\n"); 746 RUN_UNLOCK(sc); 747 goto detach; 748 } 749 sc->mac_ver = ver >> 16; 750 sc->mac_rev = ver & 0xffff; 751 752 /* retrieve RF rev. no and various other things from EEPROM */ 753 run_read_eeprom(sc); 754 755 device_printf(sc->sc_dev, 756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 759 760 RUN_UNLOCK(sc); 761 762 ic->ic_softc = sc; 763 ic->ic_name = device_get_nameunit(self); 764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 766 767 /* set device capabilities */ 768 ic->ic_caps = 769 IEEE80211_C_STA | /* station mode supported */ 770 IEEE80211_C_MONITOR | /* monitor mode supported */ 771 IEEE80211_C_IBSS | 772 IEEE80211_C_HOSTAP | 773 IEEE80211_C_WDS | /* 4-address traffic works */ 774 IEEE80211_C_MBSS | 775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 776 IEEE80211_C_SHSLOT | /* short slot time supported */ 777 IEEE80211_C_WME | /* WME */ 778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 779 780 ic->ic_cryptocaps = 781 IEEE80211_CRYPTO_WEP | 782 IEEE80211_CRYPTO_AES_CCM | 783 IEEE80211_CRYPTO_TKIPMIC | 784 IEEE80211_CRYPTO_TKIP; 785 786 ic->ic_flags |= IEEE80211_F_DATAPAD; 787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 788 789 memset(bands, 0, sizeof(bands)); 790 setbit(bands, IEEE80211_MODE_11B); 791 setbit(bands, IEEE80211_MODE_11G); 792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 794 sc->rf_rev == RT5592_RF_5592) 795 setbit(bands, IEEE80211_MODE_11A); 796 ieee80211_init_channels(ic, NULL, bands); 797 798 ieee80211_ifattach(ic); 799 800 ic->ic_scan_start = run_scan_start; 801 ic->ic_scan_end = run_scan_end; 802 ic->ic_set_channel = run_set_channel; 803 ic->ic_node_alloc = run_node_alloc; 804 ic->ic_newassoc = run_newassoc; 805 ic->ic_updateslot = run_updateslot; 806 ic->ic_update_mcast = run_update_mcast; 807 ic->ic_wme.wme_update = run_wme_update; 808 ic->ic_raw_xmit = run_raw_xmit; 809 ic->ic_update_promisc = run_update_promisc; 810 ic->ic_vap_create = run_vap_create; 811 ic->ic_vap_delete = run_vap_delete; 812 ic->ic_transmit = run_transmit; 813 ic->ic_parent = run_parent; 814 815 ieee80211_radiotap_attach(ic, 816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 817 RUN_TX_RADIOTAP_PRESENT, 818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 819 RUN_RX_RADIOTAP_PRESENT); 820 821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 824 825 if (bootverbose) 826 ieee80211_announce(ic); 827 828 return (0); 829 830 detach: 831 run_detach(self); 832 return (ENXIO); 833 } 834 835 static void 836 run_drain_mbufq(struct run_softc *sc) 837 { 838 struct mbuf *m; 839 struct ieee80211_node *ni; 840 841 RUN_LOCK_ASSERT(sc, MA_OWNED); 842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 844 m->m_pkthdr.rcvif = NULL; 845 ieee80211_free_node(ni); 846 m_freem(m); 847 } 848 } 849 850 static int 851 run_detach(device_t self) 852 { 853 struct run_softc *sc = device_get_softc(self); 854 struct ieee80211com *ic = &sc->sc_ic; 855 int i; 856 857 RUN_LOCK(sc); 858 sc->sc_detached = 1; 859 RUN_UNLOCK(sc); 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 872 /* Free TX queue */ 873 run_drain_mbufq(sc); 874 RUN_UNLOCK(sc); 875 876 if (sc->sc_ic.ic_softc == sc) { 877 /* drain tasks */ 878 usb_callout_drain(&sc->ratectl_ch); 879 ieee80211_draintask(ic, &sc->cmdq_task); 880 ieee80211_draintask(ic, &sc->ratectl_task); 881 ieee80211_ifdetach(ic); 882 } 883 884 mtx_destroy(&sc->sc_mtx); 885 886 return (0); 887 } 888 889 static struct ieee80211vap * 890 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 891 enum ieee80211_opmode opmode, int flags, 892 const uint8_t bssid[IEEE80211_ADDR_LEN], 893 const uint8_t mac[IEEE80211_ADDR_LEN]) 894 { 895 struct run_softc *sc = ic->ic_softc; 896 struct run_vap *rvp; 897 struct ieee80211vap *vap; 898 int i; 899 900 if (sc->rvp_cnt >= RUN_VAP_MAX) { 901 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 902 return (NULL); 903 } 904 905 switch (opmode) { 906 case IEEE80211_M_STA: 907 /* enable s/w bmiss handling for sta mode */ 908 flags |= IEEE80211_CLONE_NOBEACONS; 909 /* fall though */ 910 case IEEE80211_M_IBSS: 911 case IEEE80211_M_MONITOR: 912 case IEEE80211_M_HOSTAP: 913 case IEEE80211_M_MBSS: 914 /* other than WDS vaps, only one at a time */ 915 if (!TAILQ_EMPTY(&ic->ic_vaps)) 916 return (NULL); 917 break; 918 case IEEE80211_M_WDS: 919 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 920 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 921 continue; 922 /* WDS vap's always share the local mac address. */ 923 flags &= ~IEEE80211_CLONE_BSSID; 924 break; 925 } 926 if (vap == NULL) { 927 device_printf(sc->sc_dev, 928 "wds only supported in ap mode\n"); 929 return (NULL); 930 } 931 break; 932 default: 933 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 934 return (NULL); 935 } 936 937 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 938 vap = &rvp->vap; 939 940 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 941 bssid) != 0) { 942 /* out of memory */ 943 free(rvp, M_80211_VAP); 944 return (NULL); 945 } 946 947 vap->iv_update_beacon = run_update_beacon; 948 vap->iv_max_aid = RT2870_WCID_MAX; 949 /* 950 * To delete the right key from h/w, we need wcid. 951 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 952 * and matching wcid will be written into there. So, cast 953 * some spells to remove 'const' from ieee80211_key{} 954 */ 955 vap->iv_key_delete = (void *)run_key_delete; 956 vap->iv_key_set = (void *)run_key_set; 957 958 /* override state transition machine */ 959 rvp->newstate = vap->iv_newstate; 960 vap->iv_newstate = run_newstate; 961 if (opmode == IEEE80211_M_IBSS) { 962 rvp->recv_mgmt = vap->iv_recv_mgmt; 963 vap->iv_recv_mgmt = run_recv_mgmt; 964 } 965 966 ieee80211_ratectl_init(vap); 967 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 968 969 /* complete setup */ 970 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 971 mac); 972 973 /* make sure id is always unique */ 974 for (i = 0; i < RUN_VAP_MAX; i++) { 975 if((sc->rvp_bmap & 1 << i) == 0){ 976 sc->rvp_bmap |= 1 << i; 977 rvp->rvp_id = i; 978 break; 979 } 980 } 981 if (sc->rvp_cnt++ == 0) 982 ic->ic_opmode = opmode; 983 984 if (opmode == IEEE80211_M_HOSTAP) 985 sc->cmdq_run = RUN_CMDQ_GO; 986 987 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 988 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 989 990 return (vap); 991 } 992 993 static void 994 run_vap_delete(struct ieee80211vap *vap) 995 { 996 struct run_vap *rvp = RUN_VAP(vap); 997 struct ieee80211com *ic; 998 struct run_softc *sc; 999 uint8_t rvp_id; 1000 1001 if (vap == NULL) 1002 return; 1003 1004 ic = vap->iv_ic; 1005 sc = ic->ic_softc; 1006 1007 RUN_LOCK(sc); 1008 1009 m_freem(rvp->beacon_mbuf); 1010 rvp->beacon_mbuf = NULL; 1011 1012 rvp_id = rvp->rvp_id; 1013 sc->ratectl_run &= ~(1 << rvp_id); 1014 sc->rvp_bmap &= ~(1 << rvp_id); 1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1017 --sc->rvp_cnt; 1018 1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1021 1022 RUN_UNLOCK(sc); 1023 1024 ieee80211_ratectl_deinit(vap); 1025 ieee80211_vap_detach(vap); 1026 free(rvp, M_80211_VAP); 1027 } 1028 1029 /* 1030 * There are numbers of functions need to be called in context thread. 1031 * Rather than creating taskqueue event for each of those functions, 1032 * here is all-for-one taskqueue callback function. This function 1033 * gurantees deferred functions are executed in the same order they 1034 * were enqueued. 1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1036 */ 1037 static void 1038 run_cmdq_cb(void *arg, int pending) 1039 { 1040 struct run_softc *sc = arg; 1041 uint8_t i; 1042 1043 /* call cmdq[].func locked */ 1044 RUN_LOCK(sc); 1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1046 i = sc->cmdq_exec, pending--) { 1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1048 if (sc->cmdq_run == RUN_CMDQ_GO) { 1049 /* 1050 * If arg0 is NULL, callback func needs more 1051 * than one arg. So, pass ptr to cmdq struct. 1052 */ 1053 if (sc->cmdq[i].arg0) 1054 sc->cmdq[i].func(sc->cmdq[i].arg0); 1055 else 1056 sc->cmdq[i].func(&sc->cmdq[i]); 1057 } 1058 sc->cmdq[i].arg0 = NULL; 1059 sc->cmdq[i].func = NULL; 1060 sc->cmdq_exec++; 1061 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1062 } 1063 RUN_UNLOCK(sc); 1064 } 1065 1066 static void 1067 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1068 { 1069 struct run_tx_data *data; 1070 1071 memset(pq, 0, sizeof(*pq)); 1072 1073 STAILQ_INIT(&pq->tx_qh); 1074 STAILQ_INIT(&pq->tx_fh); 1075 1076 for (data = &pq->tx_data[0]; 1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1078 data->sc = sc; 1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1080 } 1081 pq->tx_nfree = RUN_TX_RING_COUNT; 1082 } 1083 1084 static void 1085 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1086 { 1087 struct run_tx_data *data; 1088 1089 /* make sure any subsequent use of the queues will fail */ 1090 pq->tx_nfree = 0; 1091 STAILQ_INIT(&pq->tx_fh); 1092 STAILQ_INIT(&pq->tx_qh); 1093 1094 /* free up all node references and mbufs */ 1095 for (data = &pq->tx_data[0]; 1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1097 if (data->m != NULL) { 1098 m_freem(data->m); 1099 data->m = NULL; 1100 } 1101 if (data->ni != NULL) { 1102 ieee80211_free_node(data->ni); 1103 data->ni = NULL; 1104 } 1105 } 1106 } 1107 1108 static int 1109 run_load_microcode(struct run_softc *sc) 1110 { 1111 usb_device_request_t req; 1112 const struct firmware *fw; 1113 const u_char *base; 1114 uint32_t tmp; 1115 int ntries, error; 1116 const uint64_t *temp; 1117 uint64_t bytes; 1118 1119 RUN_UNLOCK(sc); 1120 fw = firmware_get("runfw"); 1121 RUN_LOCK(sc); 1122 if (fw == NULL) { 1123 device_printf(sc->sc_dev, 1124 "failed loadfirmware of file %s\n", "runfw"); 1125 return ENOENT; 1126 } 1127 1128 if (fw->datasize != 8192) { 1129 device_printf(sc->sc_dev, 1130 "invalid firmware size (should be 8KB)\n"); 1131 error = EINVAL; 1132 goto fail; 1133 } 1134 1135 /* 1136 * RT3071/RT3072 use a different firmware 1137 * run-rt2870 (8KB) contains both, 1138 * first half (4KB) is for rt2870, 1139 * last half is for rt3071. 1140 */ 1141 base = fw->data; 1142 if ((sc->mac_ver) != 0x2860 && 1143 (sc->mac_ver) != 0x2872 && 1144 (sc->mac_ver) != 0x3070) { 1145 base += 4096; 1146 } 1147 1148 /* cheap sanity check */ 1149 temp = fw->data; 1150 bytes = *temp; 1151 if (bytes != be64toh(0xffffff0210280210ULL)) { 1152 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1153 error = EINVAL; 1154 goto fail; 1155 } 1156 1157 /* write microcode image */ 1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1162 } 1163 1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1165 req.bRequest = RT2870_RESET; 1166 USETW(req.wValue, 8); 1167 USETW(req.wIndex, 0); 1168 USETW(req.wLength, 0); 1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1170 != 0) { 1171 device_printf(sc->sc_dev, "firmware reset failed\n"); 1172 goto fail; 1173 } 1174 1175 run_delay(sc, 10); 1176 1177 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1178 run_write(sc, RT2860_H2M_MAILBOX, 0); 1179 run_write(sc, RT2860_H2M_INTSRC, 0); 1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1181 goto fail; 1182 1183 /* wait until microcontroller is ready */ 1184 for (ntries = 0; ntries < 1000; ntries++) { 1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1186 goto fail; 1187 if (tmp & RT2860_MCU_READY) 1188 break; 1189 run_delay(sc, 10); 1190 } 1191 if (ntries == 1000) { 1192 device_printf(sc->sc_dev, 1193 "timeout waiting for MCU to initialize\n"); 1194 error = ETIMEDOUT; 1195 goto fail; 1196 } 1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1198 (base == fw->data) ? "RT2870" : "RT3071", 1199 *(base + 4092), *(base + 4093)); 1200 1201 fail: 1202 firmware_put(fw, FIRMWARE_UNLOAD); 1203 return (error); 1204 } 1205 1206 static int 1207 run_reset(struct run_softc *sc) 1208 { 1209 usb_device_request_t req; 1210 1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1212 req.bRequest = RT2870_RESET; 1213 USETW(req.wValue, 1); 1214 USETW(req.wIndex, 0); 1215 USETW(req.wLength, 0); 1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1217 } 1218 1219 static usb_error_t 1220 run_do_request(struct run_softc *sc, 1221 struct usb_device_request *req, void *data) 1222 { 1223 usb_error_t err; 1224 int ntries = 10; 1225 1226 RUN_LOCK_ASSERT(sc, MA_OWNED); 1227 1228 while (ntries--) { 1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1230 req, data, 0, NULL, 250 /* ms */); 1231 if (err == 0) 1232 break; 1233 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1234 usbd_errstr(err)); 1235 run_delay(sc, 10); 1236 } 1237 return (err); 1238 } 1239 1240 static int 1241 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1242 { 1243 uint32_t tmp; 1244 int error; 1245 1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1247 if (error == 0) 1248 *val = le32toh(tmp); 1249 else 1250 *val = 0xffffffff; 1251 return (error); 1252 } 1253 1254 static int 1255 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1256 { 1257 usb_device_request_t req; 1258 1259 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1260 req.bRequest = RT2870_READ_REGION_1; 1261 USETW(req.wValue, 0); 1262 USETW(req.wIndex, reg); 1263 USETW(req.wLength, len); 1264 1265 return (run_do_request(sc, &req, buf)); 1266 } 1267 1268 static int 1269 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1270 { 1271 usb_device_request_t req; 1272 1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1274 req.bRequest = RT2870_WRITE_2; 1275 USETW(req.wValue, val); 1276 USETW(req.wIndex, reg); 1277 USETW(req.wLength, 0); 1278 1279 return (run_do_request(sc, &req, NULL)); 1280 } 1281 1282 static int 1283 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1284 { 1285 int error; 1286 1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1288 error = run_write_2(sc, reg + 2, val >> 16); 1289 return (error); 1290 } 1291 1292 static int 1293 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1294 int len) 1295 { 1296 #if 1 1297 int i, error = 0; 1298 /* 1299 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1300 * We thus issue multiple WRITE_2 commands instead. 1301 */ 1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1303 for (i = 0; i < len && error == 0; i += 2) 1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1305 return (error); 1306 #else 1307 usb_device_request_t req; 1308 int error = 0; 1309 1310 /* 1311 * NOTE: It appears the WRITE_REGION_1 command cannot be 1312 * passed a huge amount of data, which will crash the 1313 * firmware. Limit amount of data passed to 64-bytes at a 1314 * time. 1315 */ 1316 while (len > 0) { 1317 int delta = 64; 1318 if (delta > len) 1319 delta = len; 1320 1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1322 req.bRequest = RT2870_WRITE_REGION_1; 1323 USETW(req.wValue, 0); 1324 USETW(req.wIndex, reg); 1325 USETW(req.wLength, delta); 1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1327 if (error != 0) 1328 break; 1329 reg += delta; 1330 buf += delta; 1331 len -= delta; 1332 } 1333 return (error); 1334 #endif 1335 } 1336 1337 static int 1338 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1339 { 1340 int i, error = 0; 1341 1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1343 for (i = 0; i < len && error == 0; i += 4) 1344 error = run_write(sc, reg + i, val); 1345 return (error); 1346 } 1347 1348 static int 1349 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1350 { 1351 uint32_t tmp; 1352 uint16_t reg; 1353 int error, ntries; 1354 1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1356 return (error); 1357 1358 if (count == 2) 1359 addr *= 2; 1360 /*- 1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1362 * DATA0: F E D C 1363 * DATA1: B A 9 8 1364 * DATA2: 7 6 5 4 1365 * DATA3: 3 2 1 0 1366 */ 1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1369 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1370 for (ntries = 0; ntries < 100; ntries++) { 1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1372 return (error); 1373 if (!(tmp & RT3070_EFSROM_KICK)) 1374 break; 1375 run_delay(sc, 2); 1376 } 1377 if (ntries == 100) 1378 return (ETIMEDOUT); 1379 1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1381 *val = 0xffff; /* address not found */ 1382 return (0); 1383 } 1384 /* determine to which 32-bit register our 16-bit word belongs */ 1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1386 if ((error = run_read(sc, reg, &tmp)) != 0) 1387 return (error); 1388 1389 tmp >>= (8 * (addr & 0x3)); 1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1391 1392 return (0); 1393 } 1394 1395 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1396 static int 1397 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1398 { 1399 return (run_efuse_read(sc, addr, val, 2)); 1400 } 1401 1402 static int 1403 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1404 { 1405 usb_device_request_t req; 1406 uint16_t tmp; 1407 int error; 1408 1409 addr *= 2; 1410 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1411 req.bRequest = RT2870_EEPROM_READ; 1412 USETW(req.wValue, 0); 1413 USETW(req.wIndex, addr); 1414 USETW(req.wLength, sizeof(tmp)); 1415 1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1417 if (error == 0) 1418 *val = le16toh(tmp); 1419 else 1420 *val = 0xffff; 1421 return (error); 1422 } 1423 1424 static __inline int 1425 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426 { 1427 /* either eFUSE ROM or EEPROM */ 1428 return sc->sc_srom_read(sc, addr, val); 1429 } 1430 1431 static int 1432 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1433 { 1434 uint32_t tmp; 1435 int error, ntries; 1436 1437 for (ntries = 0; ntries < 10; ntries++) { 1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1439 return (error); 1440 if (!(tmp & RT2860_RF_REG_CTRL)) 1441 break; 1442 } 1443 if (ntries == 10) 1444 return (ETIMEDOUT); 1445 1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1447 } 1448 1449 static int 1450 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1451 { 1452 uint32_t tmp; 1453 int error, ntries; 1454 1455 for (ntries = 0; ntries < 100; ntries++) { 1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1457 return (error); 1458 if (!(tmp & RT3070_RF_KICK)) 1459 break; 1460 } 1461 if (ntries == 100) 1462 return (ETIMEDOUT); 1463 1464 tmp = RT3070_RF_KICK | reg << 8; 1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1466 return (error); 1467 1468 for (ntries = 0; ntries < 100; ntries++) { 1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1470 return (error); 1471 if (!(tmp & RT3070_RF_KICK)) 1472 break; 1473 } 1474 if (ntries == 100) 1475 return (ETIMEDOUT); 1476 1477 *val = tmp & 0xff; 1478 return (0); 1479 } 1480 1481 static int 1482 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1483 { 1484 uint32_t tmp; 1485 int error, ntries; 1486 1487 for (ntries = 0; ntries < 10; ntries++) { 1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1489 return (error); 1490 if (!(tmp & RT3070_RF_KICK)) 1491 break; 1492 } 1493 if (ntries == 10) 1494 return (ETIMEDOUT); 1495 1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1498 } 1499 1500 static int 1501 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1502 { 1503 uint32_t tmp; 1504 int ntries, error; 1505 1506 for (ntries = 0; ntries < 10; ntries++) { 1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1508 return (error); 1509 if (!(tmp & RT2860_BBP_CSR_KICK)) 1510 break; 1511 } 1512 if (ntries == 10) 1513 return (ETIMEDOUT); 1514 1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1517 return (error); 1518 1519 for (ntries = 0; ntries < 10; ntries++) { 1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1521 return (error); 1522 if (!(tmp & RT2860_BBP_CSR_KICK)) 1523 break; 1524 } 1525 if (ntries == 10) 1526 return (ETIMEDOUT); 1527 1528 *val = tmp & 0xff; 1529 return (0); 1530 } 1531 1532 static int 1533 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1534 { 1535 uint32_t tmp; 1536 int ntries, error; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_BBP_CSR_KICK)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1549 } 1550 1551 /* 1552 * Send a command to the 8051 microcontroller unit. 1553 */ 1554 static int 1555 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1556 { 1557 uint32_t tmp; 1558 int error, ntries; 1559 1560 for (ntries = 0; ntries < 100; ntries++) { 1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1562 return error; 1563 if (!(tmp & RT2860_H2M_BUSY)) 1564 break; 1565 } 1566 if (ntries == 100) 1567 return ETIMEDOUT; 1568 1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1571 error = run_write(sc, RT2860_HOST_CMD, cmd); 1572 return (error); 1573 } 1574 1575 /* 1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1577 * Used to adjust per-rate Tx power registers. 1578 */ 1579 static __inline uint32_t 1580 b4inc(uint32_t b32, int8_t delta) 1581 { 1582 int8_t i, b4; 1583 1584 for (i = 0; i < 8; i++) { 1585 b4 = b32 & 0xf; 1586 b4 += delta; 1587 if (b4 < 0) 1588 b4 = 0; 1589 else if (b4 > 0xf) 1590 b4 = 0xf; 1591 b32 = b32 >> 4 | b4 << 28; 1592 } 1593 return (b32); 1594 } 1595 1596 static const char * 1597 run_get_rf(uint16_t rev) 1598 { 1599 switch (rev) { 1600 case RT2860_RF_2820: return "RT2820"; 1601 case RT2860_RF_2850: return "RT2850"; 1602 case RT2860_RF_2720: return "RT2720"; 1603 case RT2860_RF_2750: return "RT2750"; 1604 case RT3070_RF_3020: return "RT3020"; 1605 case RT3070_RF_2020: return "RT2020"; 1606 case RT3070_RF_3021: return "RT3021"; 1607 case RT3070_RF_3022: return "RT3022"; 1608 case RT3070_RF_3052: return "RT3052"; 1609 case RT3593_RF_3053: return "RT3053"; 1610 case RT5592_RF_5592: return "RT5592"; 1611 case RT5390_RF_5370: return "RT5370"; 1612 case RT5390_RF_5372: return "RT5372"; 1613 } 1614 return ("unknown"); 1615 } 1616 1617 static void 1618 run_rt3593_get_txpower(struct run_softc *sc) 1619 { 1620 uint16_t addr, val; 1621 int i; 1622 1623 /* Read power settings for 2GHz channels. */ 1624 for (i = 0; i < 14; i += 2) { 1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1626 RT2860_EEPROM_PWR2GHZ_BASE1; 1627 run_srom_read(sc, addr + i / 2, &val); 1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1629 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1630 1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1632 RT2860_EEPROM_PWR2GHZ_BASE2; 1633 run_srom_read(sc, addr + i / 2, &val); 1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1635 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1636 1637 if (sc->ntxchains == 3) { 1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1639 &val); 1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1641 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1642 } 1643 } 1644 /* Fix broken Tx power entries. */ 1645 for (i = 0; i < 14; i++) { 1646 if (sc->txpow1[i] > 31) 1647 sc->txpow1[i] = 5; 1648 if (sc->txpow2[i] > 31) 1649 sc->txpow2[i] = 5; 1650 if (sc->ntxchains == 3) { 1651 if (sc->txpow3[i] > 31) 1652 sc->txpow3[i] = 5; 1653 } 1654 } 1655 /* Read power settings for 5GHz channels. */ 1656 for (i = 0; i < 40; i += 2) { 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1660 1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1670 } 1671 } 1672 } 1673 1674 static void 1675 run_get_txpower(struct run_softc *sc) 1676 { 1677 uint16_t val; 1678 int i; 1679 1680 /* Read power settings for 2GHz channels. */ 1681 for (i = 0; i < 14; i += 2) { 1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1684 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1685 1686 if (sc->mac_ver != 0x5390) { 1687 run_srom_read(sc, 1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1690 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1691 } 1692 } 1693 /* Fix broken Tx power entries. */ 1694 for (i = 0; i < 14; i++) { 1695 if (sc->mac_ver >= 0x5390) { 1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1697 sc->txpow1[i] = 5; 1698 } else { 1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1700 sc->txpow1[i] = 5; 1701 } 1702 if (sc->mac_ver > 0x5390) { 1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1704 sc->txpow2[i] = 5; 1705 } else if (sc->mac_ver < 0x5390) { 1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1707 sc->txpow2[i] = 5; 1708 } 1709 DPRINTF("chan %d: power1=%d, power2=%d\n", 1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1711 } 1712 /* Read power settings for 5GHz channels. */ 1713 for (i = 0; i < 40; i += 2) { 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1717 1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1720 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1721 } 1722 /* Fix broken Tx power entries. */ 1723 for (i = 0; i < 40; i++ ) { 1724 if (sc->mac_ver != 0x5592) { 1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1726 sc->txpow1[14 + i] = 5; 1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1728 sc->txpow2[14 + i] = 5; 1729 } 1730 DPRINTF("chan %d: power1=%d, power2=%d\n", 1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1732 sc->txpow2[14 + i]); 1733 } 1734 } 1735 1736 static int 1737 run_read_eeprom(struct run_softc *sc) 1738 { 1739 struct ieee80211com *ic = &sc->sc_ic; 1740 int8_t delta_2ghz, delta_5ghz; 1741 uint32_t tmp; 1742 uint16_t val; 1743 int ridx, ant, i; 1744 1745 /* check whether the ROM is eFUSE ROM or EEPROM */ 1746 sc->sc_srom_read = run_eeprom_read_2; 1747 if (sc->mac_ver >= 0x3070) { 1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1751 sc->sc_srom_read = run_efuse_read_2; 1752 } 1753 1754 /* read ROM version */ 1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1757 1758 /* read MAC address */ 1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1760 ic->ic_macaddr[0] = val & 0xff; 1761 ic->ic_macaddr[1] = val >> 8; 1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1763 ic->ic_macaddr[2] = val & 0xff; 1764 ic->ic_macaddr[3] = val >> 8; 1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1766 ic->ic_macaddr[4] = val & 0xff; 1767 ic->ic_macaddr[5] = val >> 8; 1768 1769 if (sc->mac_ver < 0x3593) { 1770 /* read vender BBP settings */ 1771 for (i = 0; i < 10; i++) { 1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1773 sc->bbp[i].val = val & 0xff; 1774 sc->bbp[i].reg = val >> 8; 1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1776 sc->bbp[i].val); 1777 } 1778 if (sc->mac_ver >= 0x3071) { 1779 /* read vendor RF settings */ 1780 for (i = 0; i < 10; i++) { 1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1782 &val); 1783 sc->rf[i].val = val & 0xff; 1784 sc->rf[i].reg = val >> 8; 1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1786 sc->rf[i].val); 1787 } 1788 } 1789 } 1790 1791 /* read RF frequency offset from EEPROM */ 1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1793 RT3593_EEPROM_FREQ, &val); 1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1796 1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1798 RT3593_EEPROM_FREQ_LEDS, &val); 1799 if (val >> 8 != 0xff) { 1800 /* read LEDs operating mode */ 1801 sc->leds = val >> 8; 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1803 RT3593_EEPROM_LED1, &sc->led[0]); 1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1805 RT3593_EEPROM_LED2, &sc->led[1]); 1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1807 RT3593_EEPROM_LED3, &sc->led[2]); 1808 } else { 1809 /* broken EEPROM, use default settings */ 1810 sc->leds = 0x01; 1811 sc->led[0] = 0x5555; 1812 sc->led[1] = 0x2221; 1813 sc->led[2] = 0x5627; /* differs from RT2860 */ 1814 } 1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1817 1818 /* read RF information */ 1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1820 run_srom_read(sc, 0x00, &val); 1821 else 1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1823 1824 if (val == 0xffff) { 1825 device_printf(sc->sc_dev, 1826 "invalid EEPROM antenna info, using default\n"); 1827 DPRINTF("invalid EEPROM antenna info, using default\n"); 1828 if (sc->mac_ver == 0x3572) { 1829 /* default to RF3052 2T2R */ 1830 sc->rf_rev = RT3070_RF_3052; 1831 sc->ntxchains = 2; 1832 sc->nrxchains = 2; 1833 } else if (sc->mac_ver >= 0x3070) { 1834 /* default to RF3020 1T1R */ 1835 sc->rf_rev = RT3070_RF_3020; 1836 sc->ntxchains = 1; 1837 sc->nrxchains = 1; 1838 } else { 1839 /* default to RF2820 1T2R */ 1840 sc->rf_rev = RT2860_RF_2820; 1841 sc->ntxchains = 1; 1842 sc->nrxchains = 2; 1843 } 1844 } else { 1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1846 sc->rf_rev = val; 1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1848 } else 1849 sc->rf_rev = (val >> 8) & 0xf; 1850 sc->ntxchains = (val >> 4) & 0xf; 1851 sc->nrxchains = val & 0xf; 1852 } 1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1854 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1855 1856 /* check if RF supports automatic Tx access gain control */ 1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1858 DPRINTF("EEPROM CFG 0x%04x\n", val); 1859 /* check if driver should patch the DAC issue */ 1860 if ((val >> 8) != 0xff) 1861 sc->patch_dac = (val >> 15) & 1; 1862 if ((val & 0xff) != 0xff) { 1863 sc->ext_5ghz_lna = (val >> 3) & 1; 1864 sc->ext_2ghz_lna = (val >> 2) & 1; 1865 /* check if RF supports automatic Tx access gain control */ 1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1867 /* check if we have a hardware radio switch */ 1868 sc->rfswitch = val & 1; 1869 } 1870 1871 /* Read Tx power settings. */ 1872 if (sc->mac_ver == 0x3593) 1873 run_rt3593_get_txpower(sc); 1874 else 1875 run_get_txpower(sc); 1876 1877 /* read Tx power compensation for each Tx rate */ 1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1879 delta_2ghz = delta_5ghz = 0; 1880 if ((val & 0xff) != 0xff && (val & 0x80)) { 1881 delta_2ghz = val & 0xf; 1882 if (!(val & 0x40)) /* negative number */ 1883 delta_2ghz = -delta_2ghz; 1884 } 1885 val >>= 8; 1886 if ((val & 0xff) != 0xff && (val & 0x80)) { 1887 delta_5ghz = val & 0xf; 1888 if (!(val & 0x40)) /* negative number */ 1889 delta_5ghz = -delta_5ghz; 1890 } 1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1892 delta_2ghz, delta_5ghz); 1893 1894 for (ridx = 0; ridx < 5; ridx++) { 1895 uint32_t reg; 1896 1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1898 reg = val; 1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1900 reg |= (uint32_t)val << 16; 1901 1902 sc->txpow20mhz[ridx] = reg; 1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1905 1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1909 } 1910 1911 /* Read RSSI offsets and LNA gains from EEPROM. */ 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1913 RT3593_EEPROM_RSSI1_2GHZ, &val); 1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1917 RT3593_EEPROM_RSSI2_2GHZ, &val); 1918 if (sc->mac_ver >= 0x3070) { 1919 if (sc->mac_ver == 0x3593) { 1920 sc->txmixgain_2ghz = 0; 1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1922 } else { 1923 /* 1924 * On RT3070 chips (limited to 2 Rx chains), this ROM 1925 * field contains the Tx mixer gain for the 2GHz band. 1926 */ 1927 if ((val & 0xff) != 0xff) 1928 sc->txmixgain_2ghz = val & 0x7; 1929 } 1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1931 } else 1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1933 if (sc->mac_ver == 0x3593) 1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1935 sc->lna[2] = val >> 8; /* channel group 2 */ 1936 1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1938 RT3593_EEPROM_RSSI1_5GHZ, &val); 1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1942 RT3593_EEPROM_RSSI2_5GHZ, &val); 1943 if (sc->mac_ver == 0x3572) { 1944 /* 1945 * On RT3572 chips (limited to 2 Rx chains), this ROM 1946 * field contains the Tx mixer gain for the 5GHz band. 1947 */ 1948 if ((val & 0xff) != 0xff) 1949 sc->txmixgain_5ghz = val & 0x7; 1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1951 } else 1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1953 if (sc->mac_ver == 0x3593) { 1954 sc->txmixgain_5ghz = 0; 1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1956 } 1957 sc->lna[3] = val >> 8; /* channel group 3 */ 1958 1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1960 RT3593_EEPROM_LNA, &val); 1961 sc->lna[0] = val & 0xff; /* channel group 0 */ 1962 sc->lna[1] = val >> 8; /* channel group 1 */ 1963 1964 /* fix broken 5GHz LNA entries */ 1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1966 DPRINTF("invalid LNA for channel group %d\n", 2); 1967 sc->lna[2] = sc->lna[1]; 1968 } 1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1970 DPRINTF("invalid LNA for channel group %d\n", 3); 1971 sc->lna[3] = sc->lna[1]; 1972 } 1973 1974 /* fix broken RSSI offset entries */ 1975 for (ant = 0; ant < 3; ant++) { 1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1978 ant + 1, sc->rssi_2ghz[ant]); 1979 sc->rssi_2ghz[ant] = 0; 1980 } 1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1983 ant + 1, sc->rssi_5ghz[ant]); 1984 sc->rssi_5ghz[ant] = 0; 1985 } 1986 } 1987 return (0); 1988 } 1989 1990 static struct ieee80211_node * 1991 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1992 { 1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1994 } 1995 1996 static int 1997 run_media_change(struct ifnet *ifp) 1998 { 1999 struct ieee80211vap *vap = ifp->if_softc; 2000 struct ieee80211com *ic = vap->iv_ic; 2001 const struct ieee80211_txparam *tp; 2002 struct run_softc *sc = ic->ic_softc; 2003 uint8_t rate, ridx; 2004 int error; 2005 2006 RUN_LOCK(sc); 2007 2008 error = ieee80211_media_change(ifp); 2009 if (error != ENETRESET) { 2010 RUN_UNLOCK(sc); 2011 return (error); 2012 } 2013 2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2016 struct ieee80211_node *ni; 2017 struct run_node *rn; 2018 2019 rate = ic->ic_sup_rates[ic->ic_curmode]. 2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2022 if (rt2860_rates[ridx].rate == rate) 2023 break; 2024 ni = ieee80211_ref_node(vap->iv_bss); 2025 rn = RUN_NODE(ni); 2026 rn->fix_ridx = ridx; 2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2028 ieee80211_free_node(ni); 2029 } 2030 2031 #if 0 2032 if ((ifp->if_flags & IFF_UP) && 2033 (ifp->if_drv_flags & RUN_RUNNING)){ 2034 run_init_locked(sc); 2035 } 2036 #endif 2037 2038 RUN_UNLOCK(sc); 2039 2040 return (0); 2041 } 2042 2043 static int 2044 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2045 { 2046 const struct ieee80211_txparam *tp; 2047 struct ieee80211com *ic = vap->iv_ic; 2048 struct run_softc *sc = ic->ic_softc; 2049 struct run_vap *rvp = RUN_VAP(vap); 2050 enum ieee80211_state ostate; 2051 uint32_t sta[3]; 2052 uint32_t tmp; 2053 uint8_t ratectl; 2054 uint8_t restart_ratectl = 0; 2055 uint8_t bid = 1 << rvp->rvp_id; 2056 2057 ostate = vap->iv_state; 2058 DPRINTF("%s -> %s\n", 2059 ieee80211_state_name[ostate], 2060 ieee80211_state_name[nstate]); 2061 2062 IEEE80211_UNLOCK(ic); 2063 RUN_LOCK(sc); 2064 2065 ratectl = sc->ratectl_run; /* remember current state */ 2066 sc->ratectl_run = RUN_RATECTL_OFF; 2067 usb_callout_stop(&sc->ratectl_ch); 2068 2069 if (ostate == IEEE80211_S_RUN) { 2070 /* turn link LED off */ 2071 run_set_leds(sc, RT2860_LED_RADIO); 2072 } 2073 2074 switch (nstate) { 2075 case IEEE80211_S_INIT: 2076 restart_ratectl = 1; 2077 2078 if (ostate != IEEE80211_S_RUN) 2079 break; 2080 2081 ratectl &= ~bid; 2082 sc->runbmap &= ~bid; 2083 2084 /* abort TSF synchronization if there is no vap running */ 2085 if (--sc->running == 0) { 2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2087 run_write(sc, RT2860_BCN_TIME_CFG, 2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2089 RT2860_TBTT_TIMER_EN)); 2090 } 2091 break; 2092 2093 case IEEE80211_S_RUN: 2094 if (!(sc->runbmap & bid)) { 2095 if(sc->running++) 2096 restart_ratectl = 1; 2097 sc->runbmap |= bid; 2098 } 2099 2100 m_freem(rvp->beacon_mbuf); 2101 rvp->beacon_mbuf = NULL; 2102 2103 switch (vap->iv_opmode) { 2104 case IEEE80211_M_HOSTAP: 2105 case IEEE80211_M_MBSS: 2106 sc->ap_running |= bid; 2107 ic->ic_opmode = vap->iv_opmode; 2108 run_update_beacon_cb(vap); 2109 break; 2110 case IEEE80211_M_IBSS: 2111 sc->adhoc_running |= bid; 2112 if (!sc->ap_running) 2113 ic->ic_opmode = vap->iv_opmode; 2114 run_update_beacon_cb(vap); 2115 break; 2116 case IEEE80211_M_STA: 2117 sc->sta_running |= bid; 2118 if (!sc->ap_running && !sc->adhoc_running) 2119 ic->ic_opmode = vap->iv_opmode; 2120 2121 /* read statistic counters (clear on read) */ 2122 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2123 (uint8_t *)sta, sizeof sta); 2124 2125 break; 2126 default: 2127 ic->ic_opmode = vap->iv_opmode; 2128 break; 2129 } 2130 2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2132 struct ieee80211_node *ni; 2133 2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2135 RUN_UNLOCK(sc); 2136 IEEE80211_LOCK(ic); 2137 return (-1); 2138 } 2139 run_updateslot(ic); 2140 run_enable_mrr(sc); 2141 run_set_txpreamble(sc); 2142 run_set_basicrates(sc); 2143 ni = ieee80211_ref_node(vap->iv_bss); 2144 IEEE80211_ADDR_COPY(ic->ic_macaddr, ni->ni_bssid); 2145 run_set_bssid(sc, ni->ni_bssid); 2146 ieee80211_free_node(ni); 2147 run_enable_tsf_sync(sc); 2148 2149 /* enable automatic rate adaptation */ 2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2152 ratectl |= bid; 2153 } else 2154 run_enable_tsf(sc); 2155 2156 /* turn link LED on */ 2157 run_set_leds(sc, RT2860_LED_RADIO | 2158 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2159 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2160 2161 break; 2162 default: 2163 DPRINTFN(6, "undefined case\n"); 2164 break; 2165 } 2166 2167 /* restart amrr for running VAPs */ 2168 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2169 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2170 2171 RUN_UNLOCK(sc); 2172 IEEE80211_LOCK(ic); 2173 2174 return(rvp->newstate(vap, nstate, arg)); 2175 } 2176 2177 static int 2178 run_wme_update(struct ieee80211com *ic) 2179 { 2180 struct run_softc *sc = ic->ic_softc; 2181 const struct wmeParams *ac = 2182 ic->ic_wme.wme_chanParams.cap_wmeParams; 2183 int aci, error = 0; 2184 2185 /* update MAC TX configuration registers */ 2186 RUN_LOCK(sc); 2187 for (aci = 0; aci < WME_NUM_AC; aci++) { 2188 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2189 ac[aci].wmep_logcwmax << 16 | 2190 ac[aci].wmep_logcwmin << 12 | 2191 ac[aci].wmep_aifsn << 8 | 2192 ac[aci].wmep_txopLimit); 2193 if (error) goto err; 2194 } 2195 2196 /* update SCH/DMA registers too */ 2197 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2198 ac[WME_AC_VO].wmep_aifsn << 12 | 2199 ac[WME_AC_VI].wmep_aifsn << 8 | 2200 ac[WME_AC_BK].wmep_aifsn << 4 | 2201 ac[WME_AC_BE].wmep_aifsn); 2202 if (error) goto err; 2203 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2204 ac[WME_AC_VO].wmep_logcwmin << 12 | 2205 ac[WME_AC_VI].wmep_logcwmin << 8 | 2206 ac[WME_AC_BK].wmep_logcwmin << 4 | 2207 ac[WME_AC_BE].wmep_logcwmin); 2208 if (error) goto err; 2209 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2210 ac[WME_AC_VO].wmep_logcwmax << 12 | 2211 ac[WME_AC_VI].wmep_logcwmax << 8 | 2212 ac[WME_AC_BK].wmep_logcwmax << 4 | 2213 ac[WME_AC_BE].wmep_logcwmax); 2214 if (error) goto err; 2215 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2216 ac[WME_AC_BK].wmep_txopLimit << 16 | 2217 ac[WME_AC_BE].wmep_txopLimit); 2218 if (error) goto err; 2219 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2220 ac[WME_AC_VO].wmep_txopLimit << 16 | 2221 ac[WME_AC_VI].wmep_txopLimit); 2222 2223 err: 2224 RUN_UNLOCK(sc); 2225 if (error) 2226 DPRINTF("WME update failed\n"); 2227 2228 return (error); 2229 } 2230 2231 static void 2232 run_key_set_cb(void *arg) 2233 { 2234 struct run_cmdq *cmdq = arg; 2235 struct ieee80211vap *vap = cmdq->arg1; 2236 struct ieee80211_key *k = cmdq->k; 2237 struct ieee80211com *ic = vap->iv_ic; 2238 struct run_softc *sc = ic->ic_softc; 2239 struct ieee80211_node *ni; 2240 u_int cipher = k->wk_cipher->ic_cipher; 2241 uint32_t attr; 2242 uint16_t base, associd; 2243 uint8_t mode, wcid, iv[8]; 2244 2245 RUN_LOCK_ASSERT(sc, MA_OWNED); 2246 2247 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2248 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2249 else 2250 ni = vap->iv_bss; 2251 associd = (ni != NULL) ? ni->ni_associd : 0; 2252 2253 /* map net80211 cipher to RT2860 security mode */ 2254 switch (cipher) { 2255 case IEEE80211_CIPHER_WEP: 2256 if(k->wk_keylen < 8) 2257 mode = RT2860_MODE_WEP40; 2258 else 2259 mode = RT2860_MODE_WEP104; 2260 break; 2261 case IEEE80211_CIPHER_TKIP: 2262 mode = RT2860_MODE_TKIP; 2263 break; 2264 case IEEE80211_CIPHER_AES_CCM: 2265 mode = RT2860_MODE_AES_CCMP; 2266 break; 2267 default: 2268 DPRINTF("undefined case\n"); 2269 return; 2270 } 2271 2272 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2273 associd, k->wk_keyix, mode, 2274 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2275 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2276 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2277 2278 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2279 wcid = 0; /* NB: update WCID0 for group keys */ 2280 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2281 } else { 2282 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2283 1 : RUN_AID2WCID(associd); 2284 base = RT2860_PKEY(wcid); 2285 } 2286 2287 if (cipher == IEEE80211_CIPHER_TKIP) { 2288 if(run_write_region_1(sc, base, k->wk_key, 16)) 2289 return; 2290 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2291 return; 2292 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2293 return; 2294 } else { 2295 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2296 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2297 return; 2298 } 2299 2300 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2301 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2302 /* set initial packet number in IV+EIV */ 2303 if (cipher == IEEE80211_CIPHER_WEP) { 2304 memset(iv, 0, sizeof iv); 2305 iv[3] = vap->iv_def_txkey << 6; 2306 } else { 2307 if (cipher == IEEE80211_CIPHER_TKIP) { 2308 iv[0] = k->wk_keytsc >> 8; 2309 iv[1] = (iv[0] | 0x20) & 0x7f; 2310 iv[2] = k->wk_keytsc; 2311 } else /* CCMP */ { 2312 iv[0] = k->wk_keytsc; 2313 iv[1] = k->wk_keytsc >> 8; 2314 iv[2] = 0; 2315 } 2316 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2317 iv[4] = k->wk_keytsc >> 16; 2318 iv[5] = k->wk_keytsc >> 24; 2319 iv[6] = k->wk_keytsc >> 32; 2320 iv[7] = k->wk_keytsc >> 40; 2321 } 2322 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2323 return; 2324 } 2325 2326 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2327 /* install group key */ 2328 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2329 return; 2330 attr &= ~(0xf << (k->wk_keyix * 4)); 2331 attr |= mode << (k->wk_keyix * 4); 2332 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2333 return; 2334 } else { 2335 /* install pairwise key */ 2336 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2337 return; 2338 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2339 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2340 return; 2341 } 2342 2343 /* TODO create a pass-thru key entry? */ 2344 2345 /* need wcid to delete the right key later */ 2346 k->wk_pad = wcid; 2347 } 2348 2349 /* 2350 * Don't have to be deferred, but in order to keep order of 2351 * execution, i.e. with run_key_delete(), defer this and let 2352 * run_cmdq_cb() maintain the order. 2353 * 2354 * return 0 on error 2355 */ 2356 static int 2357 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2358 { 2359 struct ieee80211com *ic = vap->iv_ic; 2360 struct run_softc *sc = ic->ic_softc; 2361 uint32_t i; 2362 2363 i = RUN_CMDQ_GET(&sc->cmdq_store); 2364 DPRINTF("cmdq_store=%d\n", i); 2365 sc->cmdq[i].func = run_key_set_cb; 2366 sc->cmdq[i].arg0 = NULL; 2367 sc->cmdq[i].arg1 = vap; 2368 sc->cmdq[i].k = k; 2369 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2370 ieee80211_runtask(ic, &sc->cmdq_task); 2371 2372 /* 2373 * To make sure key will be set when hostapd 2374 * calls iv_key_set() before if_init(). 2375 */ 2376 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2377 RUN_LOCK(sc); 2378 sc->cmdq_key_set = RUN_CMDQ_GO; 2379 RUN_UNLOCK(sc); 2380 } 2381 2382 return (1); 2383 } 2384 2385 /* 2386 * If wlan is destroyed without being brought down i.e. without 2387 * wlan down or wpa_cli terminate, this function is called after 2388 * vap is gone. Don't refer it. 2389 */ 2390 static void 2391 run_key_delete_cb(void *arg) 2392 { 2393 struct run_cmdq *cmdq = arg; 2394 struct run_softc *sc = cmdq->arg1; 2395 struct ieee80211_key *k = &cmdq->key; 2396 uint32_t attr; 2397 uint8_t wcid; 2398 2399 RUN_LOCK_ASSERT(sc, MA_OWNED); 2400 2401 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2402 /* remove group key */ 2403 DPRINTF("removing group key\n"); 2404 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2405 attr &= ~(0xf << (k->wk_keyix * 4)); 2406 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2407 } else { 2408 /* remove pairwise key */ 2409 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2410 /* matching wcid was written to wk_pad in run_key_set() */ 2411 wcid = k->wk_pad; 2412 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2413 attr &= ~0xf; 2414 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2415 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2416 } 2417 2418 k->wk_pad = 0; 2419 } 2420 2421 /* 2422 * return 0 on error 2423 */ 2424 static int 2425 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2426 { 2427 struct ieee80211com *ic = vap->iv_ic; 2428 struct run_softc *sc = ic->ic_softc; 2429 struct ieee80211_key *k0; 2430 uint32_t i; 2431 2432 /* 2433 * When called back, key might be gone. So, make a copy 2434 * of some values need to delete keys before deferring. 2435 * But, because of LOR with node lock, cannot use lock here. 2436 * So, use atomic instead. 2437 */ 2438 i = RUN_CMDQ_GET(&sc->cmdq_store); 2439 DPRINTF("cmdq_store=%d\n", i); 2440 sc->cmdq[i].func = run_key_delete_cb; 2441 sc->cmdq[i].arg0 = NULL; 2442 sc->cmdq[i].arg1 = sc; 2443 k0 = &sc->cmdq[i].key; 2444 k0->wk_flags = k->wk_flags; 2445 k0->wk_keyix = k->wk_keyix; 2446 /* matching wcid was written to wk_pad in run_key_set() */ 2447 k0->wk_pad = k->wk_pad; 2448 ieee80211_runtask(ic, &sc->cmdq_task); 2449 return (1); /* return fake success */ 2450 2451 } 2452 2453 static void 2454 run_ratectl_to(void *arg) 2455 { 2456 struct run_softc *sc = arg; 2457 2458 /* do it in a process context, so it can go sleep */ 2459 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2460 /* next timeout will be rescheduled in the callback task */ 2461 } 2462 2463 /* ARGSUSED */ 2464 static void 2465 run_ratectl_cb(void *arg, int pending) 2466 { 2467 struct run_softc *sc = arg; 2468 struct ieee80211com *ic = &sc->sc_ic; 2469 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2470 2471 if (vap == NULL) 2472 return; 2473 2474 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2475 /* 2476 * run_reset_livelock() doesn't do anything with AMRR, 2477 * but Ralink wants us to call it every 1 sec. So, we 2478 * piggyback here rather than creating another callout. 2479 * Livelock may occur only in HOSTAP or IBSS mode 2480 * (when h/w is sending beacons). 2481 */ 2482 RUN_LOCK(sc); 2483 run_reset_livelock(sc); 2484 /* just in case, there are some stats to drain */ 2485 run_drain_fifo(sc); 2486 RUN_UNLOCK(sc); 2487 } 2488 2489 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2490 2491 RUN_LOCK(sc); 2492 if(sc->ratectl_run != RUN_RATECTL_OFF) 2493 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2494 RUN_UNLOCK(sc); 2495 } 2496 2497 static void 2498 run_drain_fifo(void *arg) 2499 { 2500 struct run_softc *sc = arg; 2501 uint32_t stat; 2502 uint16_t (*wstat)[3]; 2503 uint8_t wcid, mcs, pid; 2504 int8_t retry; 2505 2506 RUN_LOCK_ASSERT(sc, MA_OWNED); 2507 2508 for (;;) { 2509 /* drain Tx status FIFO (maxsize = 16) */ 2510 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2511 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2512 if (!(stat & RT2860_TXQ_VLD)) 2513 break; 2514 2515 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2516 2517 /* if no ACK was requested, no feedback is available */ 2518 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2519 wcid == 0) 2520 continue; 2521 2522 /* 2523 * Even though each stat is Tx-complete-status like format, 2524 * the device can poll stats. Because there is no guarantee 2525 * that the referring node is still around when read the stats. 2526 * So that, if we use ieee80211_ratectl_tx_update(), we will 2527 * have hard time not to refer already freed node. 2528 * 2529 * To eliminate such page faults, we poll stats in softc. 2530 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2531 */ 2532 wstat = &(sc->wcid_stats[wcid]); 2533 (*wstat)[RUN_TXCNT]++; 2534 if (stat & RT2860_TXQ_OK) 2535 (*wstat)[RUN_SUCCESS]++; 2536 else 2537 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2538 /* 2539 * Check if there were retries, ie if the Tx success rate is 2540 * different from the requested rate. Note that it works only 2541 * because we do not allow rate fallback from OFDM to CCK. 2542 */ 2543 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2544 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2545 if ((retry = pid -1 - mcs) > 0) { 2546 (*wstat)[RUN_TXCNT] += retry; 2547 (*wstat)[RUN_RETRY] += retry; 2548 } 2549 } 2550 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2551 2552 sc->fifo_cnt = 0; 2553 } 2554 2555 static void 2556 run_iter_func(void *arg, struct ieee80211_node *ni) 2557 { 2558 struct run_softc *sc = arg; 2559 struct ieee80211vap *vap = ni->ni_vap; 2560 struct run_node *rn = RUN_NODE(ni); 2561 union run_stats sta[2]; 2562 uint16_t (*wstat)[3]; 2563 int txcnt, success, retrycnt, error; 2564 2565 RUN_LOCK(sc); 2566 2567 /* Check for special case */ 2568 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2569 ni != vap->iv_bss) 2570 goto fail; 2571 2572 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2573 vap->iv_opmode == IEEE80211_M_STA)) { 2574 /* read statistic counters (clear on read) and update AMRR state */ 2575 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2576 sizeof sta); 2577 if (error != 0) 2578 goto fail; 2579 2580 /* count failed TX as errors */ 2581 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2582 le16toh(sta[0].error.fail)); 2583 2584 retrycnt = le16toh(sta[1].tx.retry); 2585 success = le16toh(sta[1].tx.success); 2586 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2587 2588 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2589 retrycnt, success, le16toh(sta[0].error.fail)); 2590 } else { 2591 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2592 2593 if (wstat == &(sc->wcid_stats[0]) || 2594 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2595 goto fail; 2596 2597 txcnt = (*wstat)[RUN_TXCNT]; 2598 success = (*wstat)[RUN_SUCCESS]; 2599 retrycnt = (*wstat)[RUN_RETRY]; 2600 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2601 retrycnt, txcnt, success); 2602 2603 memset(wstat, 0, sizeof(*wstat)); 2604 } 2605 2606 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2607 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2608 2609 fail: 2610 RUN_UNLOCK(sc); 2611 2612 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2613 } 2614 2615 static void 2616 run_newassoc_cb(void *arg) 2617 { 2618 struct run_cmdq *cmdq = arg; 2619 struct ieee80211_node *ni = cmdq->arg1; 2620 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2621 uint8_t wcid = cmdq->wcid; 2622 2623 RUN_LOCK_ASSERT(sc, MA_OWNED); 2624 2625 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2626 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2627 2628 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2629 } 2630 2631 static void 2632 run_newassoc(struct ieee80211_node *ni, int isnew) 2633 { 2634 struct run_node *rn = RUN_NODE(ni); 2635 struct ieee80211_rateset *rs = &ni->ni_rates; 2636 struct ieee80211vap *vap = ni->ni_vap; 2637 struct ieee80211com *ic = vap->iv_ic; 2638 struct run_softc *sc = ic->ic_softc; 2639 uint8_t rate; 2640 uint8_t ridx; 2641 uint8_t wcid; 2642 int i, j; 2643 2644 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2645 1 : RUN_AID2WCID(ni->ni_associd); 2646 2647 if (wcid > RT2870_WCID_MAX) { 2648 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2649 return; 2650 } 2651 2652 /* only interested in true associations */ 2653 if (isnew && ni->ni_associd != 0) { 2654 2655 /* 2656 * This function could is called though timeout function. 2657 * Need to defer. 2658 */ 2659 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2660 DPRINTF("cmdq_store=%d\n", cnt); 2661 sc->cmdq[cnt].func = run_newassoc_cb; 2662 sc->cmdq[cnt].arg0 = NULL; 2663 sc->cmdq[cnt].arg1 = ni; 2664 sc->cmdq[cnt].wcid = wcid; 2665 ieee80211_runtask(ic, &sc->cmdq_task); 2666 } 2667 2668 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2669 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2670 2671 for (i = 0; i < rs->rs_nrates; i++) { 2672 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2673 /* convert 802.11 rate to hardware rate index */ 2674 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2675 if (rt2860_rates[ridx].rate == rate) 2676 break; 2677 rn->ridx[i] = ridx; 2678 /* determine rate of control response frames */ 2679 for (j = i; j >= 0; j--) { 2680 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2681 rt2860_rates[rn->ridx[i]].phy == 2682 rt2860_rates[rn->ridx[j]].phy) 2683 break; 2684 } 2685 if (j >= 0) { 2686 rn->ctl_ridx[i] = rn->ridx[j]; 2687 } else { 2688 /* no basic rate found, use mandatory one */ 2689 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2690 } 2691 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2692 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2693 } 2694 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2695 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2696 if (rt2860_rates[ridx].rate == rate) 2697 break; 2698 rn->mgt_ridx = ridx; 2699 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2700 2701 RUN_LOCK(sc); 2702 if(sc->ratectl_run != RUN_RATECTL_OFF) 2703 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2704 RUN_UNLOCK(sc); 2705 } 2706 2707 /* 2708 * Return the Rx chain with the highest RSSI for a given frame. 2709 */ 2710 static __inline uint8_t 2711 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2712 { 2713 uint8_t rxchain = 0; 2714 2715 if (sc->nrxchains > 1) { 2716 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2717 rxchain = 1; 2718 if (sc->nrxchains > 2) 2719 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2720 rxchain = 2; 2721 } 2722 return (rxchain); 2723 } 2724 2725 static void 2726 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2727 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2728 { 2729 struct ieee80211vap *vap = ni->ni_vap; 2730 struct run_softc *sc = vap->iv_ic->ic_softc; 2731 struct run_vap *rvp = RUN_VAP(vap); 2732 uint64_t ni_tstamp, rx_tstamp; 2733 2734 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2735 2736 if (vap->iv_state == IEEE80211_S_RUN && 2737 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2738 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2739 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2740 RUN_LOCK(sc); 2741 run_get_tsf(sc, &rx_tstamp); 2742 RUN_UNLOCK(sc); 2743 rx_tstamp = le64toh(rx_tstamp); 2744 2745 if (ni_tstamp >= rx_tstamp) { 2746 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2747 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2748 (void) ieee80211_ibss_merge(ni); 2749 } 2750 } 2751 } 2752 2753 static void 2754 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2755 { 2756 struct ieee80211com *ic = &sc->sc_ic; 2757 struct ieee80211_frame *wh; 2758 struct ieee80211_node *ni; 2759 struct rt2870_rxd *rxd; 2760 struct rt2860_rxwi *rxwi; 2761 uint32_t flags; 2762 uint16_t len, rxwisize; 2763 uint8_t ant, rssi; 2764 int8_t nf; 2765 2766 rxwi = mtod(m, struct rt2860_rxwi *); 2767 len = le16toh(rxwi->len) & 0xfff; 2768 rxwisize = sizeof(struct rt2860_rxwi); 2769 if (sc->mac_ver == 0x5592) 2770 rxwisize += sizeof(uint64_t); 2771 else if (sc->mac_ver == 0x3593) 2772 rxwisize += sizeof(uint32_t); 2773 if (__predict_false(len > dmalen)) { 2774 m_freem(m); 2775 counter_u64_add(ic->ic_ierrors, 1); 2776 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2777 return; 2778 } 2779 /* Rx descriptor is located at the end */ 2780 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2781 flags = le32toh(rxd->flags); 2782 2783 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2784 m_freem(m); 2785 counter_u64_add(ic->ic_ierrors, 1); 2786 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2787 return; 2788 } 2789 2790 m->m_data += rxwisize; 2791 m->m_pkthdr.len = m->m_len -= rxwisize; 2792 2793 wh = mtod(m, struct ieee80211_frame *); 2794 2795 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2796 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2797 m->m_flags |= M_WEP; 2798 } 2799 2800 if (flags & RT2860_RX_L2PAD) { 2801 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2802 len += 2; 2803 } 2804 2805 ni = ieee80211_find_rxnode(ic, 2806 mtod(m, struct ieee80211_frame_min *)); 2807 2808 if (__predict_false(flags & RT2860_RX_MICERR)) { 2809 /* report MIC failures to net80211 for TKIP */ 2810 if (ni != NULL) 2811 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2812 rxwi->keyidx); 2813 m_freem(m); 2814 counter_u64_add(ic->ic_ierrors, 1); 2815 DPRINTF("MIC error. Someone is lying.\n"); 2816 return; 2817 } 2818 2819 ant = run_maxrssi_chain(sc, rxwi); 2820 rssi = rxwi->rssi[ant]; 2821 nf = run_rssi2dbm(sc, rssi, ant); 2822 2823 m->m_pkthdr.len = m->m_len = len; 2824 2825 if (__predict_false(ieee80211_radiotap_active(ic))) { 2826 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2827 uint16_t phy; 2828 2829 tap->wr_flags = 0; 2830 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2831 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2832 tap->wr_antsignal = rssi; 2833 tap->wr_antenna = ant; 2834 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2835 tap->wr_rate = 2; /* in case it can't be found below */ 2836 run_get_tsf(sc, &tap->wr_tsf); 2837 phy = le16toh(rxwi->phy); 2838 switch (phy & RT2860_PHY_MODE) { 2839 case RT2860_PHY_CCK: 2840 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2841 case 0: tap->wr_rate = 2; break; 2842 case 1: tap->wr_rate = 4; break; 2843 case 2: tap->wr_rate = 11; break; 2844 case 3: tap->wr_rate = 22; break; 2845 } 2846 if (phy & RT2860_PHY_SHPRE) 2847 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2848 break; 2849 case RT2860_PHY_OFDM: 2850 switch (phy & RT2860_PHY_MCS) { 2851 case 0: tap->wr_rate = 12; break; 2852 case 1: tap->wr_rate = 18; break; 2853 case 2: tap->wr_rate = 24; break; 2854 case 3: tap->wr_rate = 36; break; 2855 case 4: tap->wr_rate = 48; break; 2856 case 5: tap->wr_rate = 72; break; 2857 case 6: tap->wr_rate = 96; break; 2858 case 7: tap->wr_rate = 108; break; 2859 } 2860 break; 2861 } 2862 } 2863 2864 if (ni != NULL) { 2865 (void)ieee80211_input(ni, m, rssi, nf); 2866 ieee80211_free_node(ni); 2867 } else { 2868 (void)ieee80211_input_all(ic, m, rssi, nf); 2869 } 2870 } 2871 2872 static void 2873 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2874 { 2875 struct run_softc *sc = usbd_xfer_softc(xfer); 2876 struct ieee80211com *ic = &sc->sc_ic; 2877 struct mbuf *m = NULL; 2878 struct mbuf *m0; 2879 uint32_t dmalen; 2880 uint16_t rxwisize; 2881 int xferlen; 2882 2883 rxwisize = sizeof(struct rt2860_rxwi); 2884 if (sc->mac_ver == 0x5592) 2885 rxwisize += sizeof(uint64_t); 2886 else if (sc->mac_ver == 0x3593) 2887 rxwisize += sizeof(uint32_t); 2888 2889 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2890 2891 switch (USB_GET_STATE(xfer)) { 2892 case USB_ST_TRANSFERRED: 2893 2894 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2895 2896 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2897 sizeof(struct rt2870_rxd))) { 2898 DPRINTF("xfer too short %d\n", xferlen); 2899 goto tr_setup; 2900 } 2901 2902 m = sc->rx_m; 2903 sc->rx_m = NULL; 2904 2905 /* FALLTHROUGH */ 2906 case USB_ST_SETUP: 2907 tr_setup: 2908 if (sc->rx_m == NULL) { 2909 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2910 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2911 } 2912 if (sc->rx_m == NULL) { 2913 DPRINTF("could not allocate mbuf - idle with stall\n"); 2914 counter_u64_add(ic->ic_ierrors, 1); 2915 usbd_xfer_set_stall(xfer); 2916 usbd_xfer_set_frames(xfer, 0); 2917 } else { 2918 /* 2919 * Directly loading a mbuf cluster into DMA to 2920 * save some data copying. This works because 2921 * there is only one cluster. 2922 */ 2923 usbd_xfer_set_frame_data(xfer, 0, 2924 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2925 usbd_xfer_set_frames(xfer, 1); 2926 } 2927 usbd_transfer_submit(xfer); 2928 break; 2929 2930 default: /* Error */ 2931 if (error != USB_ERR_CANCELLED) { 2932 /* try to clear stall first */ 2933 usbd_xfer_set_stall(xfer); 2934 if (error == USB_ERR_TIMEOUT) 2935 device_printf(sc->sc_dev, "device timeout\n"); 2936 counter_u64_add(ic->ic_ierrors, 1); 2937 goto tr_setup; 2938 } 2939 if (sc->rx_m != NULL) { 2940 m_freem(sc->rx_m); 2941 sc->rx_m = NULL; 2942 } 2943 break; 2944 } 2945 2946 if (m == NULL) 2947 return; 2948 2949 /* inputting all the frames must be last */ 2950 2951 RUN_UNLOCK(sc); 2952 2953 m->m_pkthdr.len = m->m_len = xferlen; 2954 2955 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2956 for(;;) { 2957 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2958 2959 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2960 ((dmalen & 3) != 0)) { 2961 DPRINTF("bad DMA length %u\n", dmalen); 2962 break; 2963 } 2964 if ((dmalen + 8) > (uint32_t)xferlen) { 2965 DPRINTF("bad DMA length %u > %d\n", 2966 dmalen + 8, xferlen); 2967 break; 2968 } 2969 2970 /* If it is the last one or a single frame, we won't copy. */ 2971 if ((xferlen -= dmalen + 8) <= 8) { 2972 /* trim 32-bit DMA-len header */ 2973 m->m_data += 4; 2974 m->m_pkthdr.len = m->m_len -= 4; 2975 run_rx_frame(sc, m, dmalen); 2976 m = NULL; /* don't free source buffer */ 2977 break; 2978 } 2979 2980 /* copy aggregated frames to another mbuf */ 2981 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2982 if (__predict_false(m0 == NULL)) { 2983 DPRINTF("could not allocate mbuf\n"); 2984 counter_u64_add(ic->ic_ierrors, 1); 2985 break; 2986 } 2987 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2988 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2989 m0->m_pkthdr.len = m0->m_len = 2990 dmalen + sizeof(struct rt2870_rxd); 2991 run_rx_frame(sc, m0, dmalen); 2992 2993 /* update data ptr */ 2994 m->m_data += dmalen + 8; 2995 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2996 } 2997 2998 /* make sure we free the source buffer, if any */ 2999 m_freem(m); 3000 3001 RUN_LOCK(sc); 3002 } 3003 3004 static void 3005 run_tx_free(struct run_endpoint_queue *pq, 3006 struct run_tx_data *data, int txerr) 3007 { 3008 3009 ieee80211_tx_complete(data->ni, data->m, txerr); 3010 3011 data->m = NULL; 3012 data->ni = NULL; 3013 3014 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3015 pq->tx_nfree++; 3016 } 3017 3018 static void 3019 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3020 { 3021 struct run_softc *sc = usbd_xfer_softc(xfer); 3022 struct ieee80211com *ic = &sc->sc_ic; 3023 struct run_tx_data *data; 3024 struct ieee80211vap *vap = NULL; 3025 struct usb_page_cache *pc; 3026 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3027 struct mbuf *m; 3028 usb_frlength_t size; 3029 int actlen; 3030 int sumlen; 3031 3032 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3033 3034 switch (USB_GET_STATE(xfer)) { 3035 case USB_ST_TRANSFERRED: 3036 DPRINTFN(11, "transfer complete: %d " 3037 "bytes @ index %d\n", actlen, index); 3038 3039 data = usbd_xfer_get_priv(xfer); 3040 run_tx_free(pq, data, 0); 3041 usbd_xfer_set_priv(xfer, NULL); 3042 3043 /* FALLTHROUGH */ 3044 case USB_ST_SETUP: 3045 tr_setup: 3046 data = STAILQ_FIRST(&pq->tx_qh); 3047 if (data == NULL) 3048 break; 3049 3050 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3051 3052 m = data->m; 3053 size = (sc->mac_ver == 0x5592) ? 3054 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3055 if ((m->m_pkthdr.len + 3056 size + 3 + 8) > RUN_MAX_TXSZ) { 3057 DPRINTF("data overflow, %u bytes\n", 3058 m->m_pkthdr.len); 3059 run_tx_free(pq, data, 1); 3060 goto tr_setup; 3061 } 3062 3063 pc = usbd_xfer_get_frame(xfer, 0); 3064 usbd_copy_in(pc, 0, &data->desc, size); 3065 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3066 size += m->m_pkthdr.len; 3067 /* 3068 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3069 * 4-byte padding), and be sure to zero those trailing 3070 * bytes: 3071 */ 3072 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3073 size += ((-size) & 3) + 8; 3074 3075 vap = data->ni->ni_vap; 3076 if (ieee80211_radiotap_active_vap(vap)) { 3077 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3078 struct rt2860_txwi *txwi = 3079 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3080 tap->wt_flags = 0; 3081 tap->wt_rate = rt2860_rates[data->ridx].rate; 3082 run_get_tsf(sc, &tap->wt_tsf); 3083 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3084 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3085 tap->wt_hwqueue = index; 3086 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3087 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3088 3089 ieee80211_radiotap_tx(vap, m); 3090 } 3091 3092 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3093 m->m_pkthdr.len, size, index); 3094 3095 usbd_xfer_set_frame_len(xfer, 0, size); 3096 usbd_xfer_set_priv(xfer, data); 3097 usbd_transfer_submit(xfer); 3098 run_start(sc); 3099 3100 break; 3101 3102 default: 3103 DPRINTF("USB transfer error, %s\n", 3104 usbd_errstr(error)); 3105 3106 data = usbd_xfer_get_priv(xfer); 3107 3108 if (data != NULL) { 3109 if(data->ni != NULL) 3110 vap = data->ni->ni_vap; 3111 run_tx_free(pq, data, error); 3112 usbd_xfer_set_priv(xfer, NULL); 3113 } 3114 3115 if (vap == NULL) 3116 vap = TAILQ_FIRST(&ic->ic_vaps); 3117 3118 if (error != USB_ERR_CANCELLED) { 3119 if (error == USB_ERR_TIMEOUT) { 3120 device_printf(sc->sc_dev, "device timeout\n"); 3121 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3122 DPRINTF("cmdq_store=%d\n", i); 3123 sc->cmdq[i].func = run_usb_timeout_cb; 3124 sc->cmdq[i].arg0 = vap; 3125 ieee80211_runtask(ic, &sc->cmdq_task); 3126 } 3127 3128 /* 3129 * Try to clear stall first, also if other 3130 * errors occur, hence clearing stall 3131 * introduces a 50 ms delay: 3132 */ 3133 usbd_xfer_set_stall(xfer); 3134 goto tr_setup; 3135 } 3136 break; 3137 } 3138 } 3139 3140 static void 3141 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3142 { 3143 run_bulk_tx_callbackN(xfer, error, 0); 3144 } 3145 3146 static void 3147 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3148 { 3149 run_bulk_tx_callbackN(xfer, error, 1); 3150 } 3151 3152 static void 3153 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3154 { 3155 run_bulk_tx_callbackN(xfer, error, 2); 3156 } 3157 3158 static void 3159 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3160 { 3161 run_bulk_tx_callbackN(xfer, error, 3); 3162 } 3163 3164 static void 3165 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3166 { 3167 run_bulk_tx_callbackN(xfer, error, 4); 3168 } 3169 3170 static void 3171 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3172 { 3173 run_bulk_tx_callbackN(xfer, error, 5); 3174 } 3175 3176 static void 3177 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3178 { 3179 struct mbuf *m = data->m; 3180 struct ieee80211com *ic = &sc->sc_ic; 3181 struct ieee80211vap *vap = data->ni->ni_vap; 3182 struct ieee80211_frame *wh; 3183 struct rt2870_txd *txd; 3184 struct rt2860_txwi *txwi; 3185 uint16_t xferlen, txwisize; 3186 uint16_t mcs; 3187 uint8_t ridx = data->ridx; 3188 uint8_t pad; 3189 3190 /* get MCS code from rate index */ 3191 mcs = rt2860_rates[ridx].mcs; 3192 3193 txwisize = (sc->mac_ver == 0x5592) ? 3194 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3195 xferlen = txwisize + m->m_pkthdr.len; 3196 3197 /* roundup to 32-bit alignment */ 3198 xferlen = (xferlen + 3) & ~3; 3199 3200 txd = (struct rt2870_txd *)&data->desc; 3201 txd->len = htole16(xferlen); 3202 3203 wh = mtod(m, struct ieee80211_frame *); 3204 3205 /* 3206 * Ether both are true or both are false, the header 3207 * are nicely aligned to 32-bit. So, no L2 padding. 3208 */ 3209 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3210 pad = 0; 3211 else 3212 pad = 2; 3213 3214 /* setup TX Wireless Information */ 3215 txwi = (struct rt2860_txwi *)(txd + 1); 3216 txwi->len = htole16(m->m_pkthdr.len - pad); 3217 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3218 mcs |= RT2860_PHY_CCK; 3219 if (ridx != RT2860_RIDX_CCK1 && 3220 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3221 mcs |= RT2860_PHY_SHPRE; 3222 } else 3223 mcs |= RT2860_PHY_OFDM; 3224 txwi->phy = htole16(mcs); 3225 3226 /* check if RTS/CTS or CTS-to-self protection is required */ 3227 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3228 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3229 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3230 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3231 txwi->txop |= RT2860_TX_TXOP_HT; 3232 else 3233 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3234 3235 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3236 txwi->xflags |= RT2860_TX_NSEQ; 3237 } 3238 3239 /* This function must be called locked */ 3240 static int 3241 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3242 { 3243 struct ieee80211com *ic = &sc->sc_ic; 3244 struct ieee80211vap *vap = ni->ni_vap; 3245 struct ieee80211_frame *wh; 3246 struct ieee80211_channel *chan; 3247 const struct ieee80211_txparam *tp; 3248 struct run_node *rn = RUN_NODE(ni); 3249 struct run_tx_data *data; 3250 struct rt2870_txd *txd; 3251 struct rt2860_txwi *txwi; 3252 uint16_t qos; 3253 uint16_t dur; 3254 uint16_t qid; 3255 uint8_t type; 3256 uint8_t tid; 3257 uint8_t ridx; 3258 uint8_t ctl_ridx; 3259 uint8_t qflags; 3260 uint8_t xflags = 0; 3261 int hasqos; 3262 3263 RUN_LOCK_ASSERT(sc, MA_OWNED); 3264 3265 wh = mtod(m, struct ieee80211_frame *); 3266 3267 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3268 3269 /* 3270 * There are 7 bulk endpoints: 1 for RX 3271 * and 6 for TX (4 EDCAs + HCCA + Prio). 3272 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3273 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3274 */ 3275 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3276 uint8_t *frm; 3277 3278 if(IEEE80211_HAS_ADDR4(wh)) 3279 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3280 else 3281 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3282 3283 qos = le16toh(*(const uint16_t *)frm); 3284 tid = qos & IEEE80211_QOS_TID; 3285 qid = TID_TO_WME_AC(tid); 3286 } else { 3287 qos = 0; 3288 tid = 0; 3289 qid = WME_AC_BE; 3290 } 3291 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3292 3293 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3294 qos, qid, tid, qflags); 3295 3296 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3297 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3298 3299 /* pickup a rate index */ 3300 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3301 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3302 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3303 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3304 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3305 } else { 3306 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3307 ridx = rn->fix_ridx; 3308 else 3309 ridx = rn->amrr_ridx; 3310 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3311 } 3312 3313 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3314 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3315 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3316 xflags |= RT2860_TX_ACK; 3317 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3318 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3319 else 3320 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3321 USETW(wh->i_dur, dur); 3322 } 3323 3324 /* reserve slots for mgmt packets, just in case */ 3325 if (sc->sc_epq[qid].tx_nfree < 3) { 3326 DPRINTFN(10, "tx ring %d is full\n", qid); 3327 return (-1); 3328 } 3329 3330 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3331 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3332 sc->sc_epq[qid].tx_nfree--; 3333 3334 txd = (struct rt2870_txd *)&data->desc; 3335 txd->flags = qflags; 3336 txwi = (struct rt2860_txwi *)(txd + 1); 3337 txwi->xflags = xflags; 3338 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3339 txwi->wcid = 0; 3340 else 3341 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3342 1 : RUN_AID2WCID(ni->ni_associd); 3343 3344 /* clear leftover garbage bits */ 3345 txwi->flags = 0; 3346 txwi->txop = 0; 3347 3348 data->m = m; 3349 data->ni = ni; 3350 data->ridx = ridx; 3351 3352 run_set_tx_desc(sc, data); 3353 3354 /* 3355 * The chip keeps track of 2 kind of Tx stats, 3356 * * TX_STAT_FIFO, for per WCID stats, and 3357 * * TX_STA_CNT0 for all-TX-in-one stats. 3358 * 3359 * To use FIFO stats, we need to store MCS into the driver-private 3360 * PacketID field. So that, we can tell whose stats when we read them. 3361 * We add 1 to the MCS because setting the PacketID field to 0 means 3362 * that we don't want feedback in TX_STAT_FIFO. 3363 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3364 * 3365 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3366 */ 3367 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3368 vap->iv_opmode == IEEE80211_M_MBSS) { 3369 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3370 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3371 3372 /* 3373 * Unlike PCI based devices, we don't get any interrupt from 3374 * USB devices, so we simulate FIFO-is-full interrupt here. 3375 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3376 * quickly get fulled. To prevent overflow, increment a counter on 3377 * every FIFO stat request, so we know how many slots are left. 3378 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3379 * are used only in those modes. 3380 * We just drain stats. AMRR gets updated every 1 sec by 3381 * run_ratectl_cb() via callout. 3382 * Call it early. Otherwise overflow. 3383 */ 3384 if (sc->fifo_cnt++ == 10) { 3385 /* 3386 * With multiple vaps or if_bridge, if_start() is called 3387 * with a non-sleepable lock, tcpinp. So, need to defer. 3388 */ 3389 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3390 DPRINTFN(6, "cmdq_store=%d\n", i); 3391 sc->cmdq[i].func = run_drain_fifo; 3392 sc->cmdq[i].arg0 = sc; 3393 ieee80211_runtask(ic, &sc->cmdq_task); 3394 } 3395 } 3396 3397 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3398 3399 usbd_transfer_start(sc->sc_xfer[qid]); 3400 3401 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3402 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3403 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3404 3405 return (0); 3406 } 3407 3408 static int 3409 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3410 { 3411 struct ieee80211com *ic = &sc->sc_ic; 3412 struct run_node *rn = RUN_NODE(ni); 3413 struct run_tx_data *data; 3414 struct ieee80211_frame *wh; 3415 struct rt2870_txd *txd; 3416 struct rt2860_txwi *txwi; 3417 uint16_t dur; 3418 uint8_t ridx = rn->mgt_ridx; 3419 uint8_t type; 3420 uint8_t xflags = 0; 3421 uint8_t wflags = 0; 3422 3423 RUN_LOCK_ASSERT(sc, MA_OWNED); 3424 3425 wh = mtod(m, struct ieee80211_frame *); 3426 3427 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3428 3429 /* tell hardware to add timestamp for probe responses */ 3430 if ((wh->i_fc[0] & 3431 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3432 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3433 wflags |= RT2860_TX_TS; 3434 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3435 xflags |= RT2860_TX_ACK; 3436 3437 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3438 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3439 USETW(wh->i_dur, dur); 3440 } 3441 3442 if (sc->sc_epq[0].tx_nfree == 0) 3443 /* let caller free mbuf */ 3444 return (EIO); 3445 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3446 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3447 sc->sc_epq[0].tx_nfree--; 3448 3449 txd = (struct rt2870_txd *)&data->desc; 3450 txd->flags = RT2860_TX_QSEL_EDCA; 3451 txwi = (struct rt2860_txwi *)(txd + 1); 3452 txwi->wcid = 0xff; 3453 txwi->flags = wflags; 3454 txwi->xflags = xflags; 3455 txwi->txop = 0; /* clear leftover garbage bits */ 3456 3457 data->m = m; 3458 data->ni = ni; 3459 data->ridx = ridx; 3460 3461 run_set_tx_desc(sc, data); 3462 3463 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3464 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3465 rt2860_rates[ridx].rate); 3466 3467 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3468 3469 usbd_transfer_start(sc->sc_xfer[0]); 3470 3471 return (0); 3472 } 3473 3474 static int 3475 run_sendprot(struct run_softc *sc, 3476 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3477 { 3478 struct ieee80211com *ic = ni->ni_ic; 3479 struct ieee80211_frame *wh; 3480 struct run_tx_data *data; 3481 struct rt2870_txd *txd; 3482 struct rt2860_txwi *txwi; 3483 struct mbuf *mprot; 3484 int ridx; 3485 int protrate; 3486 int ackrate; 3487 int pktlen; 3488 int isshort; 3489 uint16_t dur; 3490 uint8_t type; 3491 uint8_t wflags = 0; 3492 uint8_t xflags = 0; 3493 3494 RUN_LOCK_ASSERT(sc, MA_OWNED); 3495 3496 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3497 ("protection %d", prot)); 3498 3499 wh = mtod(m, struct ieee80211_frame *); 3500 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3501 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3502 3503 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3504 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3505 3506 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3507 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3508 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3509 wflags = RT2860_TX_FRAG; 3510 3511 /* check that there are free slots before allocating the mbuf */ 3512 if (sc->sc_epq[0].tx_nfree == 0) 3513 /* let caller free mbuf */ 3514 return (ENOBUFS); 3515 3516 if (prot == IEEE80211_PROT_RTSCTS) { 3517 /* NB: CTS is the same size as an ACK */ 3518 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3519 xflags |= RT2860_TX_ACK; 3520 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3521 } else { 3522 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3523 } 3524 if (mprot == NULL) { 3525 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3526 DPRINTF("could not allocate mbuf\n"); 3527 return (ENOBUFS); 3528 } 3529 3530 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3531 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3532 sc->sc_epq[0].tx_nfree--; 3533 3534 txd = (struct rt2870_txd *)&data->desc; 3535 txd->flags = RT2860_TX_QSEL_EDCA; 3536 txwi = (struct rt2860_txwi *)(txd + 1); 3537 txwi->wcid = 0xff; 3538 txwi->flags = wflags; 3539 txwi->xflags = xflags; 3540 txwi->txop = 0; /* clear leftover garbage bits */ 3541 3542 data->m = mprot; 3543 data->ni = ieee80211_ref_node(ni); 3544 3545 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3546 if (rt2860_rates[ridx].rate == protrate) 3547 break; 3548 data->ridx = ridx; 3549 3550 run_set_tx_desc(sc, data); 3551 3552 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3553 m->m_pkthdr.len, rate); 3554 3555 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3556 3557 usbd_transfer_start(sc->sc_xfer[0]); 3558 3559 return (0); 3560 } 3561 3562 static int 3563 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3564 const struct ieee80211_bpf_params *params) 3565 { 3566 struct ieee80211com *ic = ni->ni_ic; 3567 struct ieee80211_frame *wh; 3568 struct run_tx_data *data; 3569 struct rt2870_txd *txd; 3570 struct rt2860_txwi *txwi; 3571 uint8_t type; 3572 uint8_t ridx; 3573 uint8_t rate; 3574 uint8_t opflags = 0; 3575 uint8_t xflags = 0; 3576 int error; 3577 3578 RUN_LOCK_ASSERT(sc, MA_OWNED); 3579 3580 KASSERT(params != NULL, ("no raw xmit params")); 3581 3582 wh = mtod(m, struct ieee80211_frame *); 3583 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3584 3585 rate = params->ibp_rate0; 3586 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3587 /* let caller free mbuf */ 3588 return (EINVAL); 3589 } 3590 3591 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3592 xflags |= RT2860_TX_ACK; 3593 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3594 error = run_sendprot(sc, m, ni, 3595 params->ibp_flags & IEEE80211_BPF_RTS ? 3596 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3597 rate); 3598 if (error) { 3599 /* let caller free mbuf */ 3600 return error; 3601 } 3602 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3603 } 3604 3605 if (sc->sc_epq[0].tx_nfree == 0) { 3606 /* let caller free mbuf */ 3607 DPRINTF("sending raw frame, but tx ring is full\n"); 3608 return (EIO); 3609 } 3610 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3611 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3612 sc->sc_epq[0].tx_nfree--; 3613 3614 txd = (struct rt2870_txd *)&data->desc; 3615 txd->flags = RT2860_TX_QSEL_EDCA; 3616 txwi = (struct rt2860_txwi *)(txd + 1); 3617 txwi->wcid = 0xff; 3618 txwi->xflags = xflags; 3619 txwi->txop = opflags; 3620 txwi->flags = 0; /* clear leftover garbage bits */ 3621 3622 data->m = m; 3623 data->ni = ni; 3624 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3625 if (rt2860_rates[ridx].rate == rate) 3626 break; 3627 data->ridx = ridx; 3628 3629 run_set_tx_desc(sc, data); 3630 3631 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3632 m->m_pkthdr.len, rate); 3633 3634 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3635 3636 usbd_transfer_start(sc->sc_xfer[0]); 3637 3638 return (0); 3639 } 3640 3641 static int 3642 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3643 const struct ieee80211_bpf_params *params) 3644 { 3645 struct run_softc *sc = ni->ni_ic->ic_softc; 3646 int error = 0; 3647 3648 RUN_LOCK(sc); 3649 3650 /* prevent management frames from being sent if we're not ready */ 3651 if (!(sc->sc_flags & RUN_RUNNING)) { 3652 error = ENETDOWN; 3653 goto done; 3654 } 3655 3656 if (params == NULL) { 3657 /* tx mgt packet */ 3658 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3659 DPRINTF("mgt tx failed\n"); 3660 goto done; 3661 } 3662 } else { 3663 /* tx raw packet with param */ 3664 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3665 DPRINTF("tx with param failed\n"); 3666 goto done; 3667 } 3668 } 3669 3670 done: 3671 RUN_UNLOCK(sc); 3672 3673 if (error != 0) { 3674 if(m != NULL) 3675 m_freem(m); 3676 } 3677 3678 return (error); 3679 } 3680 3681 static int 3682 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3683 { 3684 struct run_softc *sc = ic->ic_softc; 3685 int error; 3686 3687 RUN_LOCK(sc); 3688 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3689 RUN_UNLOCK(sc); 3690 return (ENXIO); 3691 } 3692 error = mbufq_enqueue(&sc->sc_snd, m); 3693 if (error) { 3694 RUN_UNLOCK(sc); 3695 return (error); 3696 } 3697 run_start(sc); 3698 RUN_UNLOCK(sc); 3699 3700 return (0); 3701 } 3702 3703 static void 3704 run_start(struct run_softc *sc) 3705 { 3706 struct ieee80211_node *ni; 3707 struct mbuf *m; 3708 3709 RUN_LOCK_ASSERT(sc, MA_OWNED); 3710 3711 if ((sc->sc_flags & RUN_RUNNING) == 0) 3712 return; 3713 3714 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3715 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3716 if (run_tx(sc, m, ni) != 0) { 3717 mbufq_prepend(&sc->sc_snd, m); 3718 break; 3719 } 3720 } 3721 } 3722 3723 static void 3724 run_parent(struct ieee80211com *ic) 3725 { 3726 struct run_softc *sc = ic->ic_softc; 3727 int startall = 0; 3728 3729 RUN_LOCK(sc); 3730 if (sc->sc_detached) { 3731 RUN_UNLOCK(sc); 3732 return; 3733 } 3734 3735 if (ic->ic_nrunning > 0) { 3736 if (!(sc->sc_flags & RUN_RUNNING)) { 3737 startall = 1; 3738 run_init_locked(sc); 3739 } else 3740 run_update_promisc_locked(sc); 3741 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3742 run_stop(sc); 3743 RUN_UNLOCK(sc); 3744 if (startall) 3745 ieee80211_start_all(ic); 3746 } 3747 3748 static void 3749 run_iq_calib(struct run_softc *sc, u_int chan) 3750 { 3751 uint16_t val; 3752 3753 /* Tx0 IQ gain. */ 3754 run_bbp_write(sc, 158, 0x2c); 3755 if (chan <= 14) 3756 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3757 else if (chan <= 64) { 3758 run_efuse_read(sc, 3759 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3760 &val, 1); 3761 } else if (chan <= 138) { 3762 run_efuse_read(sc, 3763 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3764 &val, 1); 3765 } else if (chan <= 165) { 3766 run_efuse_read(sc, 3767 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3768 &val, 1); 3769 } else 3770 val = 0; 3771 run_bbp_write(sc, 159, val); 3772 3773 /* Tx0 IQ phase. */ 3774 run_bbp_write(sc, 158, 0x2d); 3775 if (chan <= 14) { 3776 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3777 &val, 1); 3778 } else if (chan <= 64) { 3779 run_efuse_read(sc, 3780 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3781 &val, 1); 3782 } else if (chan <= 138) { 3783 run_efuse_read(sc, 3784 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3785 &val, 1); 3786 } else if (chan <= 165) { 3787 run_efuse_read(sc, 3788 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3789 &val, 1); 3790 } else 3791 val = 0; 3792 run_bbp_write(sc, 159, val); 3793 3794 /* Tx1 IQ gain. */ 3795 run_bbp_write(sc, 158, 0x4a); 3796 if (chan <= 14) { 3797 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3798 &val, 1); 3799 } else if (chan <= 64) { 3800 run_efuse_read(sc, 3801 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3802 &val, 1); 3803 } else if (chan <= 138) { 3804 run_efuse_read(sc, 3805 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3806 &val, 1); 3807 } else if (chan <= 165) { 3808 run_efuse_read(sc, 3809 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3810 &val, 1); 3811 } else 3812 val = 0; 3813 run_bbp_write(sc, 159, val); 3814 3815 /* Tx1 IQ phase. */ 3816 run_bbp_write(sc, 158, 0x4b); 3817 if (chan <= 14) { 3818 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3819 &val, 1); 3820 } else if (chan <= 64) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3823 &val, 1); 3824 } else if (chan <= 138) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3827 &val, 1); 3828 } else if (chan <= 165) { 3829 run_efuse_read(sc, 3830 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3831 &val, 1); 3832 } else 3833 val = 0; 3834 run_bbp_write(sc, 159, val); 3835 3836 /* RF IQ compensation control. */ 3837 run_bbp_write(sc, 158, 0x04); 3838 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3839 &val, 1); 3840 run_bbp_write(sc, 159, val); 3841 3842 /* RF IQ imbalance compensation control. */ 3843 run_bbp_write(sc, 158, 0x03); 3844 run_efuse_read(sc, 3845 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3846 run_bbp_write(sc, 159, val); 3847 } 3848 3849 static void 3850 run_set_agc(struct run_softc *sc, uint8_t agc) 3851 { 3852 uint8_t bbp; 3853 3854 if (sc->mac_ver == 0x3572) { 3855 run_bbp_read(sc, 27, &bbp); 3856 bbp &= ~(0x3 << 5); 3857 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3858 run_bbp_write(sc, 66, agc); 3859 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3860 run_bbp_write(sc, 66, agc); 3861 } else 3862 run_bbp_write(sc, 66, agc); 3863 } 3864 3865 static void 3866 run_select_chan_group(struct run_softc *sc, int group) 3867 { 3868 uint32_t tmp; 3869 uint8_t agc; 3870 3871 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3872 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3873 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3874 if (sc->mac_ver < 0x3572) 3875 run_bbp_write(sc, 86, 0x00); 3876 3877 if (sc->mac_ver == 0x3593) { 3878 run_bbp_write(sc, 77, 0x98); 3879 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3880 } 3881 3882 if (group == 0) { 3883 if (sc->ext_2ghz_lna) { 3884 if (sc->mac_ver >= 0x5390) 3885 run_bbp_write(sc, 75, 0x52); 3886 else { 3887 run_bbp_write(sc, 82, 0x62); 3888 run_bbp_write(sc, 75, 0x46); 3889 } 3890 } else { 3891 if (sc->mac_ver == 0x5592) { 3892 run_bbp_write(sc, 79, 0x1c); 3893 run_bbp_write(sc, 80, 0x0e); 3894 run_bbp_write(sc, 81, 0x3a); 3895 run_bbp_write(sc, 82, 0x62); 3896 3897 run_bbp_write(sc, 195, 0x80); 3898 run_bbp_write(sc, 196, 0xe0); 3899 run_bbp_write(sc, 195, 0x81); 3900 run_bbp_write(sc, 196, 0x1f); 3901 run_bbp_write(sc, 195, 0x82); 3902 run_bbp_write(sc, 196, 0x38); 3903 run_bbp_write(sc, 195, 0x83); 3904 run_bbp_write(sc, 196, 0x32); 3905 run_bbp_write(sc, 195, 0x85); 3906 run_bbp_write(sc, 196, 0x28); 3907 run_bbp_write(sc, 195, 0x86); 3908 run_bbp_write(sc, 196, 0x19); 3909 } else if (sc->mac_ver >= 0x5390) 3910 run_bbp_write(sc, 75, 0x50); 3911 else { 3912 run_bbp_write(sc, 82, 3913 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3914 run_bbp_write(sc, 75, 0x50); 3915 } 3916 } 3917 } else { 3918 if (sc->mac_ver == 0x5592) { 3919 run_bbp_write(sc, 79, 0x18); 3920 run_bbp_write(sc, 80, 0x08); 3921 run_bbp_write(sc, 81, 0x38); 3922 run_bbp_write(sc, 82, 0x92); 3923 3924 run_bbp_write(sc, 195, 0x80); 3925 run_bbp_write(sc, 196, 0xf0); 3926 run_bbp_write(sc, 195, 0x81); 3927 run_bbp_write(sc, 196, 0x1e); 3928 run_bbp_write(sc, 195, 0x82); 3929 run_bbp_write(sc, 196, 0x28); 3930 run_bbp_write(sc, 195, 0x83); 3931 run_bbp_write(sc, 196, 0x20); 3932 run_bbp_write(sc, 195, 0x85); 3933 run_bbp_write(sc, 196, 0x7f); 3934 run_bbp_write(sc, 195, 0x86); 3935 run_bbp_write(sc, 196, 0x7f); 3936 } else if (sc->mac_ver == 0x3572) 3937 run_bbp_write(sc, 82, 0x94); 3938 else 3939 run_bbp_write(sc, 82, 3940 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3941 if (sc->ext_5ghz_lna) 3942 run_bbp_write(sc, 75, 0x46); 3943 else 3944 run_bbp_write(sc, 75, 0x50); 3945 } 3946 3947 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3948 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3949 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3950 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3951 3952 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3953 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3954 if (sc->mac_ver == 0x3593) 3955 tmp |= 1 << 29 | 1 << 28; 3956 if (sc->nrxchains > 1) 3957 tmp |= RT2860_LNA_PE1_EN; 3958 if (group == 0) { /* 2GHz */ 3959 tmp |= RT2860_PA_PE_G0_EN; 3960 if (sc->ntxchains > 1) 3961 tmp |= RT2860_PA_PE_G1_EN; 3962 if (sc->mac_ver == 0x3593) { 3963 if (sc->ntxchains > 2) 3964 tmp |= 1 << 25; 3965 } 3966 } else { /* 5GHz */ 3967 tmp |= RT2860_PA_PE_A0_EN; 3968 if (sc->ntxchains > 1) 3969 tmp |= RT2860_PA_PE_A1_EN; 3970 } 3971 if (sc->mac_ver == 0x3572) { 3972 run_rt3070_rf_write(sc, 8, 0x00); 3973 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3974 run_rt3070_rf_write(sc, 8, 0x80); 3975 } else 3976 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3977 3978 if (sc->mac_ver == 0x5592) { 3979 run_bbp_write(sc, 195, 0x8d); 3980 run_bbp_write(sc, 196, 0x1a); 3981 } 3982 3983 if (sc->mac_ver == 0x3593) { 3984 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3985 tmp &= ~0x01010000; 3986 if (group == 0) 3987 tmp |= 0x00010000; 3988 tmp = (tmp & ~0x00009090) | 0x00000090; 3989 run_write(sc, RT2860_GPIO_CTRL, tmp); 3990 } 3991 3992 /* set initial AGC value */ 3993 if (group == 0) { /* 2GHz band */ 3994 if (sc->mac_ver >= 0x3070) 3995 agc = 0x1c + sc->lna[0] * 2; 3996 else 3997 agc = 0x2e + sc->lna[0]; 3998 } else { /* 5GHz band */ 3999 if (sc->mac_ver == 0x5592) 4000 agc = 0x24 + sc->lna[group] * 2; 4001 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4002 agc = 0x22 + (sc->lna[group] * 5) / 3; 4003 else 4004 agc = 0x32 + (sc->lna[group] * 5) / 3; 4005 } 4006 run_set_agc(sc, agc); 4007 } 4008 4009 static void 4010 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4011 { 4012 const struct rfprog *rfprog = rt2860_rf2850; 4013 uint32_t r2, r3, r4; 4014 int8_t txpow1, txpow2; 4015 int i; 4016 4017 /* find the settings for this channel (we know it exists) */ 4018 for (i = 0; rfprog[i].chan != chan; i++); 4019 4020 r2 = rfprog[i].r2; 4021 if (sc->ntxchains == 1) 4022 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4023 if (sc->nrxchains == 1) 4024 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4025 else if (sc->nrxchains == 2) 4026 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4027 4028 /* use Tx power values from EEPROM */ 4029 txpow1 = sc->txpow1[i]; 4030 txpow2 = sc->txpow2[i]; 4031 4032 /* Initialize RF R3 and R4. */ 4033 r3 = rfprog[i].r3 & 0xffffc1ff; 4034 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4035 if (chan > 14) { 4036 if (txpow1 >= 0) { 4037 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4038 r3 |= (txpow1 << 10) | (1 << 9); 4039 } else { 4040 txpow1 += 7; 4041 4042 /* txpow1 is not possible larger than 15. */ 4043 r3 |= (txpow1 << 10); 4044 } 4045 if (txpow2 >= 0) { 4046 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4047 r4 |= (txpow2 << 7) | (1 << 6); 4048 } else { 4049 txpow2 += 7; 4050 r4 |= (txpow2 << 7); 4051 } 4052 } else { 4053 /* Set Tx0 power. */ 4054 r3 |= (txpow1 << 9); 4055 4056 /* Set frequency offset and Tx1 power. */ 4057 r4 |= (txpow2 << 6); 4058 } 4059 4060 run_rt2870_rf_write(sc, rfprog[i].r1); 4061 run_rt2870_rf_write(sc, r2); 4062 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4063 run_rt2870_rf_write(sc, r4); 4064 4065 run_delay(sc, 10); 4066 4067 run_rt2870_rf_write(sc, rfprog[i].r1); 4068 run_rt2870_rf_write(sc, r2); 4069 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4070 run_rt2870_rf_write(sc, r4); 4071 4072 run_delay(sc, 10); 4073 4074 run_rt2870_rf_write(sc, rfprog[i].r1); 4075 run_rt2870_rf_write(sc, r2); 4076 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4077 run_rt2870_rf_write(sc, r4); 4078 } 4079 4080 static void 4081 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4082 { 4083 int8_t txpow1, txpow2; 4084 uint8_t rf; 4085 int i; 4086 4087 /* find the settings for this channel (we know it exists) */ 4088 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4089 4090 /* use Tx power values from EEPROM */ 4091 txpow1 = sc->txpow1[i]; 4092 txpow2 = sc->txpow2[i]; 4093 4094 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4095 4096 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4097 run_rt3070_rf_read(sc, 3, &rf); 4098 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4099 run_rt3070_rf_write(sc, 3, rf); 4100 4101 run_rt3070_rf_read(sc, 6, &rf); 4102 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4103 run_rt3070_rf_write(sc, 6, rf); 4104 4105 /* set Tx0 power */ 4106 run_rt3070_rf_read(sc, 12, &rf); 4107 rf = (rf & ~0x1f) | txpow1; 4108 run_rt3070_rf_write(sc, 12, rf); 4109 4110 /* set Tx1 power */ 4111 run_rt3070_rf_read(sc, 13, &rf); 4112 rf = (rf & ~0x1f) | txpow2; 4113 run_rt3070_rf_write(sc, 13, rf); 4114 4115 run_rt3070_rf_read(sc, 1, &rf); 4116 rf &= ~0xfc; 4117 if (sc->ntxchains == 1) 4118 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4119 else if (sc->ntxchains == 2) 4120 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4121 if (sc->nrxchains == 1) 4122 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4123 else if (sc->nrxchains == 2) 4124 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4125 run_rt3070_rf_write(sc, 1, rf); 4126 4127 /* set RF offset */ 4128 run_rt3070_rf_read(sc, 23, &rf); 4129 rf = (rf & ~0x7f) | sc->freq; 4130 run_rt3070_rf_write(sc, 23, rf); 4131 4132 /* program RF filter */ 4133 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4134 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4135 run_rt3070_rf_write(sc, 24, rf); 4136 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4137 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4138 run_rt3070_rf_write(sc, 31, rf); 4139 4140 /* enable RF tuning */ 4141 run_rt3070_rf_read(sc, 7, &rf); 4142 run_rt3070_rf_write(sc, 7, rf | 0x01); 4143 } 4144 4145 static void 4146 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4147 { 4148 int8_t txpow1, txpow2; 4149 uint32_t tmp; 4150 uint8_t rf; 4151 int i; 4152 4153 /* find the settings for this channel (we know it exists) */ 4154 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4155 4156 /* use Tx power values from EEPROM */ 4157 txpow1 = sc->txpow1[i]; 4158 txpow2 = sc->txpow2[i]; 4159 4160 if (chan <= 14) { 4161 run_bbp_write(sc, 25, sc->bbp25); 4162 run_bbp_write(sc, 26, sc->bbp26); 4163 } else { 4164 /* enable IQ phase correction */ 4165 run_bbp_write(sc, 25, 0x09); 4166 run_bbp_write(sc, 26, 0xff); 4167 } 4168 4169 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4170 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4171 run_rt3070_rf_read(sc, 6, &rf); 4172 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4173 rf |= (chan <= 14) ? 0x08 : 0x04; 4174 run_rt3070_rf_write(sc, 6, rf); 4175 4176 /* set PLL mode */ 4177 run_rt3070_rf_read(sc, 5, &rf); 4178 rf &= ~(0x08 | 0x04); 4179 rf |= (chan <= 14) ? 0x04 : 0x08; 4180 run_rt3070_rf_write(sc, 5, rf); 4181 4182 /* set Tx power for chain 0 */ 4183 if (chan <= 14) 4184 rf = 0x60 | txpow1; 4185 else 4186 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4187 run_rt3070_rf_write(sc, 12, rf); 4188 4189 /* set Tx power for chain 1 */ 4190 if (chan <= 14) 4191 rf = 0x60 | txpow2; 4192 else 4193 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4194 run_rt3070_rf_write(sc, 13, rf); 4195 4196 /* set Tx/Rx streams */ 4197 run_rt3070_rf_read(sc, 1, &rf); 4198 rf &= ~0xfc; 4199 if (sc->ntxchains == 1) 4200 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4201 else if (sc->ntxchains == 2) 4202 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4203 if (sc->nrxchains == 1) 4204 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4205 else if (sc->nrxchains == 2) 4206 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4207 run_rt3070_rf_write(sc, 1, rf); 4208 4209 /* set RF offset */ 4210 run_rt3070_rf_read(sc, 23, &rf); 4211 rf = (rf & ~0x7f) | sc->freq; 4212 run_rt3070_rf_write(sc, 23, rf); 4213 4214 /* program RF filter */ 4215 rf = sc->rf24_20mhz; 4216 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4217 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4218 4219 /* enable RF tuning */ 4220 run_rt3070_rf_read(sc, 7, &rf); 4221 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4222 run_rt3070_rf_write(sc, 7, rf); 4223 4224 /* TSSI */ 4225 rf = (chan <= 14) ? 0xc3 : 0xc0; 4226 run_rt3070_rf_write(sc, 9, rf); 4227 4228 /* set loop filter 1 */ 4229 run_rt3070_rf_write(sc, 10, 0xf1); 4230 /* set loop filter 2 */ 4231 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4232 4233 /* set tx_mx2_ic */ 4234 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4235 /* set tx_mx1_ic */ 4236 if (chan <= 14) 4237 rf = 0x48 | sc->txmixgain_2ghz; 4238 else 4239 rf = 0x78 | sc->txmixgain_5ghz; 4240 run_rt3070_rf_write(sc, 16, rf); 4241 4242 /* set tx_lo1 */ 4243 run_rt3070_rf_write(sc, 17, 0x23); 4244 /* set tx_lo2 */ 4245 if (chan <= 14) 4246 rf = 0x93; 4247 else if (chan <= 64) 4248 rf = 0xb7; 4249 else if (chan <= 128) 4250 rf = 0x74; 4251 else 4252 rf = 0x72; 4253 run_rt3070_rf_write(sc, 19, rf); 4254 4255 /* set rx_lo1 */ 4256 if (chan <= 14) 4257 rf = 0xb3; 4258 else if (chan <= 64) 4259 rf = 0xf6; 4260 else if (chan <= 128) 4261 rf = 0xf4; 4262 else 4263 rf = 0xf3; 4264 run_rt3070_rf_write(sc, 20, rf); 4265 4266 /* set pfd_delay */ 4267 if (chan <= 14) 4268 rf = 0x15; 4269 else if (chan <= 64) 4270 rf = 0x3d; 4271 else 4272 rf = 0x01; 4273 run_rt3070_rf_write(sc, 25, rf); 4274 4275 /* set rx_lo2 */ 4276 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4277 /* set ldo_rf_vc */ 4278 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4279 /* set drv_cc */ 4280 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4281 4282 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4283 tmp &= ~0x8080; 4284 if (chan <= 14) 4285 tmp |= 0x80; 4286 run_write(sc, RT2860_GPIO_CTRL, tmp); 4287 4288 /* enable RF tuning */ 4289 run_rt3070_rf_read(sc, 7, &rf); 4290 run_rt3070_rf_write(sc, 7, rf | 0x01); 4291 4292 run_delay(sc, 2); 4293 } 4294 4295 static void 4296 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4297 { 4298 int8_t txpow1, txpow2, txpow3; 4299 uint8_t h20mhz, rf; 4300 int i; 4301 4302 /* find the settings for this channel (we know it exists) */ 4303 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4304 4305 /* use Tx power values from EEPROM */ 4306 txpow1 = sc->txpow1[i]; 4307 txpow2 = sc->txpow2[i]; 4308 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4309 4310 if (chan <= 14) { 4311 run_bbp_write(sc, 25, sc->bbp25); 4312 run_bbp_write(sc, 26, sc->bbp26); 4313 } else { 4314 /* Enable IQ phase correction. */ 4315 run_bbp_write(sc, 25, 0x09); 4316 run_bbp_write(sc, 26, 0xff); 4317 } 4318 4319 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4320 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4321 run_rt3070_rf_read(sc, 11, &rf); 4322 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4323 run_rt3070_rf_write(sc, 11, rf); 4324 4325 /* Set pll_idoh. */ 4326 run_rt3070_rf_read(sc, 11, &rf); 4327 rf &= ~0x4c; 4328 rf |= (chan <= 14) ? 0x44 : 0x48; 4329 run_rt3070_rf_write(sc, 11, rf); 4330 4331 if (chan <= 14) 4332 rf = txpow1 & 0x1f; 4333 else 4334 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4335 run_rt3070_rf_write(sc, 53, rf); 4336 4337 if (chan <= 14) 4338 rf = txpow2 & 0x1f; 4339 else 4340 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4341 run_rt3070_rf_write(sc, 55, rf); 4342 4343 if (chan <= 14) 4344 rf = txpow3 & 0x1f; 4345 else 4346 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4347 run_rt3070_rf_write(sc, 54, rf); 4348 4349 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4350 if (sc->ntxchains == 3) 4351 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4352 else 4353 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4354 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4355 run_rt3070_rf_write(sc, 1, rf); 4356 4357 run_adjust_freq_offset(sc); 4358 4359 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4360 4361 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4362 run_rt3070_rf_read(sc, 30, &rf); 4363 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4364 run_rt3070_rf_write(sc, 30, rf); 4365 4366 run_rt3070_rf_read(sc, 36, &rf); 4367 if (chan <= 14) 4368 rf |= 0x80; 4369 else 4370 rf &= ~0x80; 4371 run_rt3070_rf_write(sc, 36, rf); 4372 4373 /* Set vcolo_bs. */ 4374 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4375 /* Set pfd_delay. */ 4376 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4377 4378 /* Set vco bias current control. */ 4379 run_rt3070_rf_read(sc, 6, &rf); 4380 rf &= ~0xc0; 4381 if (chan <= 14) 4382 rf |= 0x40; 4383 else if (chan <= 128) 4384 rf |= 0x80; 4385 else 4386 rf |= 0x40; 4387 run_rt3070_rf_write(sc, 6, rf); 4388 4389 run_rt3070_rf_read(sc, 30, &rf); 4390 rf = (rf & ~0x18) | 0x10; 4391 run_rt3070_rf_write(sc, 30, rf); 4392 4393 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4394 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4395 4396 run_rt3070_rf_read(sc, 51, &rf); 4397 rf = (rf & ~0x03) | 0x01; 4398 run_rt3070_rf_write(sc, 51, rf); 4399 /* Set tx_mx1_cc. */ 4400 run_rt3070_rf_read(sc, 51, &rf); 4401 rf &= ~0x1c; 4402 rf |= (chan <= 14) ? 0x14 : 0x10; 4403 run_rt3070_rf_write(sc, 51, rf); 4404 /* Set tx_mx1_ic. */ 4405 run_rt3070_rf_read(sc, 51, &rf); 4406 rf &= ~0xe0; 4407 rf |= (chan <= 14) ? 0x60 : 0x40; 4408 run_rt3070_rf_write(sc, 51, rf); 4409 /* Set tx_lo1_ic. */ 4410 run_rt3070_rf_read(sc, 49, &rf); 4411 rf &= ~0x1c; 4412 rf |= (chan <= 14) ? 0x0c : 0x08; 4413 run_rt3070_rf_write(sc, 49, rf); 4414 /* Set tx_lo1_en. */ 4415 run_rt3070_rf_read(sc, 50, &rf); 4416 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4417 /* Set drv_cc. */ 4418 run_rt3070_rf_read(sc, 57, &rf); 4419 rf &= ~0xfc; 4420 rf |= (chan <= 14) ? 0x6c : 0x3c; 4421 run_rt3070_rf_write(sc, 57, rf); 4422 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4423 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4424 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4425 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4426 /* Enable VCO calibration. */ 4427 run_rt3070_rf_read(sc, 3, &rf); 4428 rf &= ~RT5390_VCOCAL; 4429 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4430 run_rt3070_rf_write(sc, 3, rf); 4431 4432 if (chan <= 14) 4433 rf = 0x23; 4434 else if (chan <= 64) 4435 rf = 0x36; 4436 else if (chan <= 128) 4437 rf = 0x32; 4438 else 4439 rf = 0x30; 4440 run_rt3070_rf_write(sc, 39, rf); 4441 if (chan <= 14) 4442 rf = 0xbb; 4443 else if (chan <= 64) 4444 rf = 0xeb; 4445 else if (chan <= 128) 4446 rf = 0xb3; 4447 else 4448 rf = 0x9b; 4449 run_rt3070_rf_write(sc, 45, rf); 4450 4451 /* Set FEQ/AEQ control. */ 4452 run_bbp_write(sc, 105, 0x34); 4453 } 4454 4455 static void 4456 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4457 { 4458 int8_t txpow1, txpow2; 4459 uint8_t rf; 4460 int i; 4461 4462 /* find the settings for this channel (we know it exists) */ 4463 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4464 4465 /* use Tx power values from EEPROM */ 4466 txpow1 = sc->txpow1[i]; 4467 txpow2 = sc->txpow2[i]; 4468 4469 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4470 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4471 run_rt3070_rf_read(sc, 11, &rf); 4472 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4473 run_rt3070_rf_write(sc, 11, rf); 4474 4475 run_rt3070_rf_read(sc, 49, &rf); 4476 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4477 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4478 if ((rf & 0x3f) > 0x27) 4479 rf = (rf & ~0x3f) | 0x27; 4480 run_rt3070_rf_write(sc, 49, rf); 4481 4482 if (sc->mac_ver == 0x5392) { 4483 run_rt3070_rf_read(sc, 50, &rf); 4484 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4485 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4486 if ((rf & 0x3f) > 0x27) 4487 rf = (rf & ~0x3f) | 0x27; 4488 run_rt3070_rf_write(sc, 50, rf); 4489 } 4490 4491 run_rt3070_rf_read(sc, 1, &rf); 4492 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4493 if (sc->mac_ver == 0x5392) 4494 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4495 run_rt3070_rf_write(sc, 1, rf); 4496 4497 if (sc->mac_ver != 0x5392) { 4498 run_rt3070_rf_read(sc, 2, &rf); 4499 rf |= 0x80; 4500 run_rt3070_rf_write(sc, 2, rf); 4501 run_delay(sc, 10); 4502 rf &= 0x7f; 4503 run_rt3070_rf_write(sc, 2, rf); 4504 } 4505 4506 run_adjust_freq_offset(sc); 4507 4508 if (sc->mac_ver == 0x5392) { 4509 /* Fix for RT5392C. */ 4510 if (sc->mac_rev >= 0x0223) { 4511 if (chan <= 4) 4512 rf = 0x0f; 4513 else if (chan >= 5 && chan <= 7) 4514 rf = 0x0e; 4515 else 4516 rf = 0x0d; 4517 run_rt3070_rf_write(sc, 23, rf); 4518 4519 if (chan <= 4) 4520 rf = 0x0c; 4521 else if (chan == 5) 4522 rf = 0x0b; 4523 else if (chan >= 6 && chan <= 7) 4524 rf = 0x0a; 4525 else if (chan >= 8 && chan <= 10) 4526 rf = 0x09; 4527 else 4528 rf = 0x08; 4529 run_rt3070_rf_write(sc, 59, rf); 4530 } else { 4531 if (chan <= 11) 4532 rf = 0x0f; 4533 else 4534 rf = 0x0b; 4535 run_rt3070_rf_write(sc, 59, rf); 4536 } 4537 } else { 4538 /* Fix for RT5390F. */ 4539 if (sc->mac_rev >= 0x0502) { 4540 if (chan <= 11) 4541 rf = 0x43; 4542 else 4543 rf = 0x23; 4544 run_rt3070_rf_write(sc, 55, rf); 4545 4546 if (chan <= 11) 4547 rf = 0x0f; 4548 else if (chan == 12) 4549 rf = 0x0d; 4550 else 4551 rf = 0x0b; 4552 run_rt3070_rf_write(sc, 59, rf); 4553 } else { 4554 run_rt3070_rf_write(sc, 55, 0x44); 4555 run_rt3070_rf_write(sc, 59, 0x8f); 4556 } 4557 } 4558 4559 /* Enable VCO calibration. */ 4560 run_rt3070_rf_read(sc, 3, &rf); 4561 rf |= RT5390_VCOCAL; 4562 run_rt3070_rf_write(sc, 3, rf); 4563 } 4564 4565 static void 4566 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4567 { 4568 const struct rt5592_freqs *freqs; 4569 uint32_t tmp; 4570 uint8_t reg, rf, txpow_bound; 4571 int8_t txpow1, txpow2; 4572 int i; 4573 4574 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4575 freqs = (tmp & RT5592_SEL_XTAL) ? 4576 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4577 4578 /* find the settings for this channel (we know it exists) */ 4579 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4580 4581 /* use Tx power values from EEPROM */ 4582 txpow1 = sc->txpow1[i]; 4583 txpow2 = sc->txpow2[i]; 4584 4585 run_read(sc, RT3070_LDO_CFG0, &tmp); 4586 tmp &= ~0x1c000000; 4587 if (chan > 14) 4588 tmp |= 0x14000000; 4589 run_write(sc, RT3070_LDO_CFG0, tmp); 4590 4591 /* N setting. */ 4592 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4593 run_rt3070_rf_read(sc, 9, &rf); 4594 rf &= ~(1 << 4); 4595 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4596 run_rt3070_rf_write(sc, 9, rf); 4597 4598 /* K setting. */ 4599 run_rt3070_rf_read(sc, 9, &rf); 4600 rf &= ~0x0f; 4601 rf |= (freqs->k & 0x0f); 4602 run_rt3070_rf_write(sc, 9, rf); 4603 4604 /* Mode setting. */ 4605 run_rt3070_rf_read(sc, 11, &rf); 4606 rf &= ~0x0c; 4607 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4608 run_rt3070_rf_write(sc, 11, rf); 4609 run_rt3070_rf_read(sc, 9, &rf); 4610 rf &= ~(1 << 7); 4611 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4612 run_rt3070_rf_write(sc, 9, rf); 4613 4614 /* R setting. */ 4615 run_rt3070_rf_read(sc, 11, &rf); 4616 rf &= ~0x03; 4617 rf |= (freqs->r - 0x1); 4618 run_rt3070_rf_write(sc, 11, rf); 4619 4620 if (chan <= 14) { 4621 /* Initialize RF registers for 2GHZ. */ 4622 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4623 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4624 rt5592_2ghz_def_rf[i].val); 4625 } 4626 4627 rf = (chan <= 10) ? 0x07 : 0x06; 4628 run_rt3070_rf_write(sc, 23, rf); 4629 run_rt3070_rf_write(sc, 59, rf); 4630 4631 run_rt3070_rf_write(sc, 55, 0x43); 4632 4633 /* 4634 * RF R49/R50 Tx power ALC code. 4635 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4636 */ 4637 reg = 2; 4638 txpow_bound = 0x27; 4639 } else { 4640 /* Initialize RF registers for 5GHZ. */ 4641 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4642 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4643 rt5592_5ghz_def_rf[i].val); 4644 } 4645 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4646 if (chan >= rt5592_chan_5ghz[i].firstchan && 4647 chan <= rt5592_chan_5ghz[i].lastchan) { 4648 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4649 rt5592_chan_5ghz[i].val); 4650 } 4651 } 4652 4653 /* 4654 * RF R49/R50 Tx power ALC code. 4655 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4656 */ 4657 reg = 3; 4658 txpow_bound = 0x2b; 4659 } 4660 4661 /* RF R49 ch0 Tx power ALC code. */ 4662 run_rt3070_rf_read(sc, 49, &rf); 4663 rf &= ~0xc0; 4664 rf |= (reg << 6); 4665 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4666 if ((rf & 0x3f) > txpow_bound) 4667 rf = (rf & ~0x3f) | txpow_bound; 4668 run_rt3070_rf_write(sc, 49, rf); 4669 4670 /* RF R50 ch1 Tx power ALC code. */ 4671 run_rt3070_rf_read(sc, 50, &rf); 4672 rf &= ~(1 << 7 | 1 << 6); 4673 rf |= (reg << 6); 4674 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4675 if ((rf & 0x3f) > txpow_bound) 4676 rf = (rf & ~0x3f) | txpow_bound; 4677 run_rt3070_rf_write(sc, 50, rf); 4678 4679 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4680 run_rt3070_rf_read(sc, 1, &rf); 4681 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4682 if (sc->ntxchains > 1) 4683 rf |= RT3070_TX1_PD; 4684 if (sc->nrxchains > 1) 4685 rf |= RT3070_RX1_PD; 4686 run_rt3070_rf_write(sc, 1, rf); 4687 4688 run_rt3070_rf_write(sc, 6, 0xe4); 4689 4690 run_rt3070_rf_write(sc, 30, 0x10); 4691 run_rt3070_rf_write(sc, 31, 0x80); 4692 run_rt3070_rf_write(sc, 32, 0x80); 4693 4694 run_adjust_freq_offset(sc); 4695 4696 /* Enable VCO calibration. */ 4697 run_rt3070_rf_read(sc, 3, &rf); 4698 rf |= RT5390_VCOCAL; 4699 run_rt3070_rf_write(sc, 3, rf); 4700 } 4701 4702 static void 4703 run_set_rx_antenna(struct run_softc *sc, int aux) 4704 { 4705 uint32_t tmp; 4706 uint8_t bbp152; 4707 4708 if (aux) { 4709 if (sc->rf_rev == RT5390_RF_5370) { 4710 run_bbp_read(sc, 152, &bbp152); 4711 run_bbp_write(sc, 152, bbp152 & ~0x80); 4712 } else { 4713 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4714 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4715 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4716 } 4717 } else { 4718 if (sc->rf_rev == RT5390_RF_5370) { 4719 run_bbp_read(sc, 152, &bbp152); 4720 run_bbp_write(sc, 152, bbp152 | 0x80); 4721 } else { 4722 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4723 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4724 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4725 } 4726 } 4727 } 4728 4729 static int 4730 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4731 { 4732 struct ieee80211com *ic = &sc->sc_ic; 4733 u_int chan, group; 4734 4735 chan = ieee80211_chan2ieee(ic, c); 4736 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4737 return (EINVAL); 4738 4739 if (sc->mac_ver == 0x5592) 4740 run_rt5592_set_chan(sc, chan); 4741 else if (sc->mac_ver >= 0x5390) 4742 run_rt5390_set_chan(sc, chan); 4743 else if (sc->mac_ver == 0x3593) 4744 run_rt3593_set_chan(sc, chan); 4745 else if (sc->mac_ver == 0x3572) 4746 run_rt3572_set_chan(sc, chan); 4747 else if (sc->mac_ver >= 0x3070) 4748 run_rt3070_set_chan(sc, chan); 4749 else 4750 run_rt2870_set_chan(sc, chan); 4751 4752 /* determine channel group */ 4753 if (chan <= 14) 4754 group = 0; 4755 else if (chan <= 64) 4756 group = 1; 4757 else if (chan <= 128) 4758 group = 2; 4759 else 4760 group = 3; 4761 4762 /* XXX necessary only when group has changed! */ 4763 run_select_chan_group(sc, group); 4764 4765 run_delay(sc, 10); 4766 4767 /* Perform IQ calibration. */ 4768 if (sc->mac_ver >= 0x5392) 4769 run_iq_calib(sc, chan); 4770 4771 return (0); 4772 } 4773 4774 static void 4775 run_set_channel(struct ieee80211com *ic) 4776 { 4777 struct run_softc *sc = ic->ic_softc; 4778 4779 RUN_LOCK(sc); 4780 run_set_chan(sc, ic->ic_curchan); 4781 RUN_UNLOCK(sc); 4782 4783 return; 4784 } 4785 4786 static void 4787 run_scan_start(struct ieee80211com *ic) 4788 { 4789 struct run_softc *sc = ic->ic_softc; 4790 uint32_t tmp; 4791 4792 RUN_LOCK(sc); 4793 4794 /* abort TSF synchronization */ 4795 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4796 run_write(sc, RT2860_BCN_TIME_CFG, 4797 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4798 RT2860_TBTT_TIMER_EN)); 4799 run_set_bssid(sc, ieee80211broadcastaddr); 4800 4801 RUN_UNLOCK(sc); 4802 4803 return; 4804 } 4805 4806 static void 4807 run_scan_end(struct ieee80211com *ic) 4808 { 4809 struct run_softc *sc = ic->ic_softc; 4810 4811 RUN_LOCK(sc); 4812 4813 run_enable_tsf_sync(sc); 4814 /* XXX keep local copy */ 4815 run_set_bssid(sc, ic->ic_macaddr); 4816 4817 RUN_UNLOCK(sc); 4818 4819 return; 4820 } 4821 4822 /* 4823 * Could be called from ieee80211_node_timeout() 4824 * (non-sleepable thread) 4825 */ 4826 static void 4827 run_update_beacon(struct ieee80211vap *vap, int item) 4828 { 4829 struct ieee80211com *ic = vap->iv_ic; 4830 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4831 struct ieee80211_node *ni = vap->iv_bss; 4832 struct run_softc *sc = ic->ic_softc; 4833 struct run_vap *rvp = RUN_VAP(vap); 4834 int mcast = 0; 4835 uint32_t i; 4836 4837 switch (item) { 4838 case IEEE80211_BEACON_ERP: 4839 run_updateslot(ic); 4840 break; 4841 case IEEE80211_BEACON_HTINFO: 4842 run_updateprot(ic); 4843 break; 4844 case IEEE80211_BEACON_TIM: 4845 mcast = 1; /*TODO*/ 4846 break; 4847 default: 4848 break; 4849 } 4850 4851 setbit(bo->bo_flags, item); 4852 if (rvp->beacon_mbuf == NULL) { 4853 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4854 if (rvp->beacon_mbuf == NULL) 4855 return; 4856 } 4857 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4858 4859 i = RUN_CMDQ_GET(&sc->cmdq_store); 4860 DPRINTF("cmdq_store=%d\n", i); 4861 sc->cmdq[i].func = run_update_beacon_cb; 4862 sc->cmdq[i].arg0 = vap; 4863 ieee80211_runtask(ic, &sc->cmdq_task); 4864 4865 return; 4866 } 4867 4868 static void 4869 run_update_beacon_cb(void *arg) 4870 { 4871 struct ieee80211vap *vap = arg; 4872 struct ieee80211_node *ni = vap->iv_bss; 4873 struct run_vap *rvp = RUN_VAP(vap); 4874 struct ieee80211com *ic = vap->iv_ic; 4875 struct run_softc *sc = ic->ic_softc; 4876 struct rt2860_txwi txwi; 4877 struct mbuf *m; 4878 uint16_t txwisize; 4879 uint8_t ridx; 4880 4881 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4882 return; 4883 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4884 return; 4885 4886 /* 4887 * No need to call ieee80211_beacon_update(), run_update_beacon() 4888 * is taking care of apropriate calls. 4889 */ 4890 if (rvp->beacon_mbuf == NULL) { 4891 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4892 if (rvp->beacon_mbuf == NULL) 4893 return; 4894 } 4895 m = rvp->beacon_mbuf; 4896 4897 memset(&txwi, 0, sizeof(txwi)); 4898 txwi.wcid = 0xff; 4899 txwi.len = htole16(m->m_pkthdr.len); 4900 4901 /* send beacons at the lowest available rate */ 4902 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4903 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4904 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4905 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4906 txwi.phy |= htole16(RT2860_PHY_OFDM); 4907 txwi.txop = RT2860_TX_TXOP_HT; 4908 txwi.flags = RT2860_TX_TS; 4909 txwi.xflags = RT2860_TX_NSEQ; 4910 4911 txwisize = (sc->mac_ver == 0x5592) ? 4912 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4913 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4914 txwisize); 4915 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4916 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4917 } 4918 4919 static void 4920 run_updateprot(struct ieee80211com *ic) 4921 { 4922 struct run_softc *sc = ic->ic_softc; 4923 uint32_t i; 4924 4925 i = RUN_CMDQ_GET(&sc->cmdq_store); 4926 DPRINTF("cmdq_store=%d\n", i); 4927 sc->cmdq[i].func = run_updateprot_cb; 4928 sc->cmdq[i].arg0 = ic; 4929 ieee80211_runtask(ic, &sc->cmdq_task); 4930 } 4931 4932 static void 4933 run_updateprot_cb(void *arg) 4934 { 4935 struct ieee80211com *ic = arg; 4936 struct run_softc *sc = ic->ic_softc; 4937 uint32_t tmp; 4938 4939 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4940 /* setup protection frame rate (MCS code) */ 4941 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4942 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4943 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4944 4945 /* CCK frames don't require protection */ 4946 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4947 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4948 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4949 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4950 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4951 tmp |= RT2860_PROT_CTRL_CTS; 4952 } 4953 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4954 } 4955 4956 static void 4957 run_usb_timeout_cb(void *arg) 4958 { 4959 struct ieee80211vap *vap = arg; 4960 struct run_softc *sc = vap->iv_ic->ic_softc; 4961 4962 RUN_LOCK_ASSERT(sc, MA_OWNED); 4963 4964 if(vap->iv_state == IEEE80211_S_RUN && 4965 vap->iv_opmode != IEEE80211_M_STA) 4966 run_reset_livelock(sc); 4967 else if (vap->iv_state == IEEE80211_S_SCAN) { 4968 DPRINTF("timeout caused by scan\n"); 4969 /* cancel bgscan */ 4970 ieee80211_cancel_scan(vap); 4971 } else 4972 DPRINTF("timeout by unknown cause\n"); 4973 } 4974 4975 static void 4976 run_reset_livelock(struct run_softc *sc) 4977 { 4978 uint32_t tmp; 4979 4980 RUN_LOCK_ASSERT(sc, MA_OWNED); 4981 4982 /* 4983 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4984 * can run into a livelock and start sending CTS-to-self frames like 4985 * crazy if protection is enabled. Reset MAC/BBP for a while 4986 */ 4987 run_read(sc, RT2860_DEBUG, &tmp); 4988 DPRINTFN(3, "debug reg %08x\n", tmp); 4989 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4990 DPRINTF("CTS-to-self livelock detected\n"); 4991 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4992 run_delay(sc, 1); 4993 run_write(sc, RT2860_MAC_SYS_CTRL, 4994 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4995 } 4996 } 4997 4998 static void 4999 run_update_promisc_locked(struct run_softc *sc) 5000 { 5001 uint32_t tmp; 5002 5003 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5004 5005 tmp |= RT2860_DROP_UC_NOME; 5006 if (sc->sc_ic.ic_promisc > 0) 5007 tmp &= ~RT2860_DROP_UC_NOME; 5008 5009 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5010 5011 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5012 "entering" : "leaving"); 5013 } 5014 5015 static void 5016 run_update_promisc(struct ieee80211com *ic) 5017 { 5018 struct run_softc *sc = ic->ic_softc; 5019 5020 if ((sc->sc_flags & RUN_RUNNING) == 0) 5021 return; 5022 5023 RUN_LOCK(sc); 5024 run_update_promisc_locked(sc); 5025 RUN_UNLOCK(sc); 5026 } 5027 5028 static void 5029 run_enable_tsf_sync(struct run_softc *sc) 5030 { 5031 struct ieee80211com *ic = &sc->sc_ic; 5032 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5033 uint32_t tmp; 5034 5035 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5036 ic->ic_opmode); 5037 5038 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5039 tmp &= ~0x1fffff; 5040 tmp |= vap->iv_bss->ni_intval * 16; 5041 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5042 5043 if (ic->ic_opmode == IEEE80211_M_STA) { 5044 /* 5045 * Local TSF is always updated with remote TSF on beacon 5046 * reception. 5047 */ 5048 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5049 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5050 tmp |= RT2860_BCN_TX_EN; 5051 /* 5052 * Local TSF is updated with remote TSF on beacon reception 5053 * only if the remote TSF is greater than local TSF. 5054 */ 5055 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5056 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5057 ic->ic_opmode == IEEE80211_M_MBSS) { 5058 tmp |= RT2860_BCN_TX_EN; 5059 /* SYNC with nobody */ 5060 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5061 } else { 5062 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5063 return; 5064 } 5065 5066 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5067 } 5068 5069 static void 5070 run_enable_tsf(struct run_softc *sc) 5071 { 5072 uint32_t tmp; 5073 5074 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5075 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5076 tmp |= RT2860_TSF_TIMER_EN; 5077 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5078 } 5079 } 5080 5081 static void 5082 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5083 { 5084 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5085 sizeof(*buf)); 5086 } 5087 5088 static void 5089 run_enable_mrr(struct run_softc *sc) 5090 { 5091 #define CCK(mcs) (mcs) 5092 #define OFDM(mcs) (1 << 3 | (mcs)) 5093 run_write(sc, RT2860_LG_FBK_CFG0, 5094 OFDM(6) << 28 | /* 54->48 */ 5095 OFDM(5) << 24 | /* 48->36 */ 5096 OFDM(4) << 20 | /* 36->24 */ 5097 OFDM(3) << 16 | /* 24->18 */ 5098 OFDM(2) << 12 | /* 18->12 */ 5099 OFDM(1) << 8 | /* 12-> 9 */ 5100 OFDM(0) << 4 | /* 9-> 6 */ 5101 OFDM(0)); /* 6-> 6 */ 5102 5103 run_write(sc, RT2860_LG_FBK_CFG1, 5104 CCK(2) << 12 | /* 11->5.5 */ 5105 CCK(1) << 8 | /* 5.5-> 2 */ 5106 CCK(0) << 4 | /* 2-> 1 */ 5107 CCK(0)); /* 1-> 1 */ 5108 #undef OFDM 5109 #undef CCK 5110 } 5111 5112 static void 5113 run_set_txpreamble(struct run_softc *sc) 5114 { 5115 struct ieee80211com *ic = &sc->sc_ic; 5116 uint32_t tmp; 5117 5118 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5119 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5120 tmp |= RT2860_CCK_SHORT_EN; 5121 else 5122 tmp &= ~RT2860_CCK_SHORT_EN; 5123 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5124 } 5125 5126 static void 5127 run_set_basicrates(struct run_softc *sc) 5128 { 5129 struct ieee80211com *ic = &sc->sc_ic; 5130 5131 /* set basic rates mask */ 5132 if (ic->ic_curmode == IEEE80211_MODE_11B) 5133 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5134 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5135 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5136 else /* 11g */ 5137 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5138 } 5139 5140 static void 5141 run_set_leds(struct run_softc *sc, uint16_t which) 5142 { 5143 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5144 which | (sc->leds & 0x7f)); 5145 } 5146 5147 static void 5148 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5149 { 5150 run_write(sc, RT2860_MAC_BSSID_DW0, 5151 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5152 run_write(sc, RT2860_MAC_BSSID_DW1, 5153 bssid[4] | bssid[5] << 8); 5154 } 5155 5156 static void 5157 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5158 { 5159 run_write(sc, RT2860_MAC_ADDR_DW0, 5160 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5161 run_write(sc, RT2860_MAC_ADDR_DW1, 5162 addr[4] | addr[5] << 8 | 0xff << 16); 5163 } 5164 5165 static void 5166 run_updateslot(struct ieee80211com *ic) 5167 { 5168 struct run_softc *sc = ic->ic_softc; 5169 uint32_t i; 5170 5171 i = RUN_CMDQ_GET(&sc->cmdq_store); 5172 DPRINTF("cmdq_store=%d\n", i); 5173 sc->cmdq[i].func = run_updateslot_cb; 5174 sc->cmdq[i].arg0 = ic; 5175 ieee80211_runtask(ic, &sc->cmdq_task); 5176 5177 return; 5178 } 5179 5180 /* ARGSUSED */ 5181 static void 5182 run_updateslot_cb(void *arg) 5183 { 5184 struct ieee80211com *ic = arg; 5185 struct run_softc *sc = ic->ic_softc; 5186 uint32_t tmp; 5187 5188 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5189 tmp &= ~0xff; 5190 tmp |= IEEE80211_GET_SLOTTIME(ic); 5191 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5192 } 5193 5194 static void 5195 run_update_mcast(struct ieee80211com *ic) 5196 { 5197 } 5198 5199 static int8_t 5200 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5201 { 5202 struct ieee80211com *ic = &sc->sc_ic; 5203 struct ieee80211_channel *c = ic->ic_curchan; 5204 int delta; 5205 5206 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5207 u_int chan = ieee80211_chan2ieee(ic, c); 5208 delta = sc->rssi_5ghz[rxchain]; 5209 5210 /* determine channel group */ 5211 if (chan <= 64) 5212 delta -= sc->lna[1]; 5213 else if (chan <= 128) 5214 delta -= sc->lna[2]; 5215 else 5216 delta -= sc->lna[3]; 5217 } else 5218 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5219 5220 return (-12 - delta - rssi); 5221 } 5222 5223 static void 5224 run_rt5390_bbp_init(struct run_softc *sc) 5225 { 5226 int i; 5227 uint8_t bbp; 5228 5229 /* Apply maximum likelihood detection for 2 stream case. */ 5230 run_bbp_read(sc, 105, &bbp); 5231 if (sc->nrxchains > 1) 5232 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5233 5234 /* Avoid data lost and CRC error. */ 5235 run_bbp_read(sc, 4, &bbp); 5236 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5237 5238 if (sc->mac_ver == 0x5592) { 5239 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5240 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5241 rt5592_def_bbp[i].val); 5242 } 5243 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5244 run_bbp_write(sc, 195, i + 0x80); 5245 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5246 } 5247 } else { 5248 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5249 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5250 rt5390_def_bbp[i].val); 5251 } 5252 } 5253 if (sc->mac_ver == 0x5392) { 5254 run_bbp_write(sc, 88, 0x90); 5255 run_bbp_write(sc, 95, 0x9a); 5256 run_bbp_write(sc, 98, 0x12); 5257 run_bbp_write(sc, 106, 0x12); 5258 run_bbp_write(sc, 134, 0xd0); 5259 run_bbp_write(sc, 135, 0xf6); 5260 run_bbp_write(sc, 148, 0x84); 5261 } 5262 5263 run_bbp_read(sc, 152, &bbp); 5264 run_bbp_write(sc, 152, bbp | 0x80); 5265 5266 /* Fix BBP254 for RT5592C. */ 5267 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5268 run_bbp_read(sc, 254, &bbp); 5269 run_bbp_write(sc, 254, bbp | 0x80); 5270 } 5271 5272 /* Disable hardware antenna diversity. */ 5273 if (sc->mac_ver == 0x5390) 5274 run_bbp_write(sc, 154, 0); 5275 5276 /* Initialize Rx CCK/OFDM frequency offset report. */ 5277 run_bbp_write(sc, 142, 1); 5278 run_bbp_write(sc, 143, 57); 5279 } 5280 5281 static int 5282 run_bbp_init(struct run_softc *sc) 5283 { 5284 int i, error, ntries; 5285 uint8_t bbp0; 5286 5287 /* wait for BBP to wake up */ 5288 for (ntries = 0; ntries < 20; ntries++) { 5289 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5290 return error; 5291 if (bbp0 != 0 && bbp0 != 0xff) 5292 break; 5293 } 5294 if (ntries == 20) 5295 return (ETIMEDOUT); 5296 5297 /* initialize BBP registers to default values */ 5298 if (sc->mac_ver >= 0x5390) 5299 run_rt5390_bbp_init(sc); 5300 else { 5301 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5302 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5303 rt2860_def_bbp[i].val); 5304 } 5305 } 5306 5307 if (sc->mac_ver == 0x3593) { 5308 run_bbp_write(sc, 79, 0x13); 5309 run_bbp_write(sc, 80, 0x05); 5310 run_bbp_write(sc, 81, 0x33); 5311 run_bbp_write(sc, 86, 0x46); 5312 run_bbp_write(sc, 137, 0x0f); 5313 } 5314 5315 /* fix BBP84 for RT2860E */ 5316 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5317 run_bbp_write(sc, 84, 0x19); 5318 5319 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5320 sc->mac_ver != 0x5592)) { 5321 run_bbp_write(sc, 79, 0x13); 5322 run_bbp_write(sc, 80, 0x05); 5323 run_bbp_write(sc, 81, 0x33); 5324 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5325 run_bbp_write(sc, 69, 0x16); 5326 run_bbp_write(sc, 73, 0x12); 5327 } 5328 return (0); 5329 } 5330 5331 static int 5332 run_rt3070_rf_init(struct run_softc *sc) 5333 { 5334 uint32_t tmp; 5335 uint8_t bbp4, mingain, rf, target; 5336 int i; 5337 5338 run_rt3070_rf_read(sc, 30, &rf); 5339 /* toggle RF R30 bit 7 */ 5340 run_rt3070_rf_write(sc, 30, rf | 0x80); 5341 run_delay(sc, 10); 5342 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5343 5344 /* initialize RF registers to default value */ 5345 if (sc->mac_ver == 0x3572) { 5346 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5347 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5348 rt3572_def_rf[i].val); 5349 } 5350 } else { 5351 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5352 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5353 rt3070_def_rf[i].val); 5354 } 5355 } 5356 5357 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5358 /* 5359 * Change voltage from 1.2V to 1.35V for RT3070. 5360 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5361 * in RT3070(F). 5362 */ 5363 run_read(sc, RT3070_LDO_CFG0, &tmp); 5364 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5365 run_write(sc, RT3070_LDO_CFG0, tmp); 5366 5367 } else if (sc->mac_ver == 0x3071) { 5368 run_rt3070_rf_read(sc, 6, &rf); 5369 run_rt3070_rf_write(sc, 6, rf | 0x40); 5370 run_rt3070_rf_write(sc, 31, 0x14); 5371 5372 run_read(sc, RT3070_LDO_CFG0, &tmp); 5373 tmp &= ~0x1f000000; 5374 if (sc->mac_rev < 0x0211) 5375 tmp |= 0x0d000000; /* 1.3V */ 5376 else 5377 tmp |= 0x01000000; /* 1.2V */ 5378 run_write(sc, RT3070_LDO_CFG0, tmp); 5379 5380 /* patch LNA_PE_G1 */ 5381 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5382 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5383 5384 } else if (sc->mac_ver == 0x3572) { 5385 run_rt3070_rf_read(sc, 6, &rf); 5386 run_rt3070_rf_write(sc, 6, rf | 0x40); 5387 5388 /* increase voltage from 1.2V to 1.35V */ 5389 run_read(sc, RT3070_LDO_CFG0, &tmp); 5390 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5391 run_write(sc, RT3070_LDO_CFG0, tmp); 5392 5393 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5394 run_delay(sc, 1); /* wait for 1msec */ 5395 /* decrease voltage back to 1.2V */ 5396 tmp = (tmp & ~0x1f000000) | 0x01000000; 5397 run_write(sc, RT3070_LDO_CFG0, tmp); 5398 } 5399 } 5400 5401 /* select 20MHz bandwidth */ 5402 run_rt3070_rf_read(sc, 31, &rf); 5403 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5404 5405 /* calibrate filter for 20MHz bandwidth */ 5406 sc->rf24_20mhz = 0x1f; /* default value */ 5407 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5408 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5409 5410 /* select 40MHz bandwidth */ 5411 run_bbp_read(sc, 4, &bbp4); 5412 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5413 run_rt3070_rf_read(sc, 31, &rf); 5414 run_rt3070_rf_write(sc, 31, rf | 0x20); 5415 5416 /* calibrate filter for 40MHz bandwidth */ 5417 sc->rf24_40mhz = 0x2f; /* default value */ 5418 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5419 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5420 5421 /* go back to 20MHz bandwidth */ 5422 run_bbp_read(sc, 4, &bbp4); 5423 run_bbp_write(sc, 4, bbp4 & ~0x18); 5424 5425 if (sc->mac_ver == 0x3572) { 5426 /* save default BBP registers 25 and 26 values */ 5427 run_bbp_read(sc, 25, &sc->bbp25); 5428 run_bbp_read(sc, 26, &sc->bbp26); 5429 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5430 run_rt3070_rf_write(sc, 27, 0x03); 5431 5432 run_read(sc, RT3070_OPT_14, &tmp); 5433 run_write(sc, RT3070_OPT_14, tmp | 1); 5434 5435 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5436 run_rt3070_rf_read(sc, 17, &rf); 5437 rf &= ~RT3070_TX_LO1; 5438 if ((sc->mac_ver == 0x3070 || 5439 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5440 !sc->ext_2ghz_lna) 5441 rf |= 0x20; /* fix for long range Rx issue */ 5442 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5443 if (sc->txmixgain_2ghz >= mingain) 5444 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5445 run_rt3070_rf_write(sc, 17, rf); 5446 } 5447 5448 if (sc->mac_ver == 0x3071) { 5449 run_rt3070_rf_read(sc, 1, &rf); 5450 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5451 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5452 run_rt3070_rf_write(sc, 1, rf); 5453 5454 run_rt3070_rf_read(sc, 15, &rf); 5455 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5456 5457 run_rt3070_rf_read(sc, 20, &rf); 5458 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5459 5460 run_rt3070_rf_read(sc, 21, &rf); 5461 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5462 } 5463 5464 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5465 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5466 run_rt3070_rf_read(sc, 27, &rf); 5467 rf &= ~0x77; 5468 if (sc->mac_rev < 0x0211) 5469 rf |= 0x03; 5470 run_rt3070_rf_write(sc, 27, rf); 5471 } 5472 return (0); 5473 } 5474 5475 static void 5476 run_rt3593_rf_init(struct run_softc *sc) 5477 { 5478 uint32_t tmp; 5479 uint8_t rf; 5480 int i; 5481 5482 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5483 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5484 tmp &= ~(1 << 4 | 1 << 7); 5485 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5486 5487 /* Initialize RF registers to default value. */ 5488 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5489 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5490 rt3593_def_rf[i].val); 5491 } 5492 5493 /* Toggle RF R2 to initiate calibration. */ 5494 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5495 5496 /* Initialize RF frequency offset. */ 5497 run_adjust_freq_offset(sc); 5498 5499 run_rt3070_rf_read(sc, 18, &rf); 5500 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5501 5502 /* 5503 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5504 * decrease voltage back to 1.2V. 5505 */ 5506 run_read(sc, RT3070_LDO_CFG0, &tmp); 5507 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5508 run_write(sc, RT3070_LDO_CFG0, tmp); 5509 run_delay(sc, 1); 5510 tmp = (tmp & ~0x1f000000) | 0x01000000; 5511 run_write(sc, RT3070_LDO_CFG0, tmp); 5512 5513 sc->rf24_20mhz = 0x1f; 5514 sc->rf24_40mhz = 0x2f; 5515 5516 /* Save default BBP registers 25 and 26 values. */ 5517 run_bbp_read(sc, 25, &sc->bbp25); 5518 run_bbp_read(sc, 26, &sc->bbp26); 5519 5520 run_read(sc, RT3070_OPT_14, &tmp); 5521 run_write(sc, RT3070_OPT_14, tmp | 1); 5522 } 5523 5524 static void 5525 run_rt5390_rf_init(struct run_softc *sc) 5526 { 5527 uint32_t tmp; 5528 uint8_t rf; 5529 int i; 5530 5531 /* Toggle RF R2 to initiate calibration. */ 5532 if (sc->mac_ver == 0x5390) { 5533 run_rt3070_rf_read(sc, 2, &rf); 5534 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5535 run_delay(sc, 10); 5536 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5537 } else { 5538 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5539 run_delay(sc, 10); 5540 } 5541 5542 /* Initialize RF registers to default value. */ 5543 if (sc->mac_ver == 0x5592) { 5544 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5545 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5546 rt5592_def_rf[i].val); 5547 } 5548 /* Initialize RF frequency offset. */ 5549 run_adjust_freq_offset(sc); 5550 } else if (sc->mac_ver == 0x5392) { 5551 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5552 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5553 rt5392_def_rf[i].val); 5554 } 5555 if (sc->mac_rev >= 0x0223) { 5556 run_rt3070_rf_write(sc, 23, 0x0f); 5557 run_rt3070_rf_write(sc, 24, 0x3e); 5558 run_rt3070_rf_write(sc, 51, 0x32); 5559 run_rt3070_rf_write(sc, 53, 0x22); 5560 run_rt3070_rf_write(sc, 56, 0xc1); 5561 run_rt3070_rf_write(sc, 59, 0x0f); 5562 } 5563 } else { 5564 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5565 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5566 rt5390_def_rf[i].val); 5567 } 5568 if (sc->mac_rev >= 0x0502) { 5569 run_rt3070_rf_write(sc, 6, 0xe0); 5570 run_rt3070_rf_write(sc, 25, 0x80); 5571 run_rt3070_rf_write(sc, 46, 0x73); 5572 run_rt3070_rf_write(sc, 53, 0x00); 5573 run_rt3070_rf_write(sc, 56, 0x42); 5574 run_rt3070_rf_write(sc, 61, 0xd1); 5575 } 5576 } 5577 5578 sc->rf24_20mhz = 0x1f; /* default value */ 5579 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5580 5581 if (sc->mac_rev < 0x0211) 5582 run_rt3070_rf_write(sc, 27, 0x3); 5583 5584 run_read(sc, RT3070_OPT_14, &tmp); 5585 run_write(sc, RT3070_OPT_14, tmp | 1); 5586 } 5587 5588 static int 5589 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5590 uint8_t *val) 5591 { 5592 uint8_t rf22, rf24; 5593 uint8_t bbp55_pb, bbp55_sb, delta; 5594 int ntries; 5595 5596 /* program filter */ 5597 run_rt3070_rf_read(sc, 24, &rf24); 5598 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5599 run_rt3070_rf_write(sc, 24, rf24); 5600 5601 /* enable baseband loopback mode */ 5602 run_rt3070_rf_read(sc, 22, &rf22); 5603 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5604 5605 /* set power and frequency of passband test tone */ 5606 run_bbp_write(sc, 24, 0x00); 5607 for (ntries = 0; ntries < 100; ntries++) { 5608 /* transmit test tone */ 5609 run_bbp_write(sc, 25, 0x90); 5610 run_delay(sc, 10); 5611 /* read received power */ 5612 run_bbp_read(sc, 55, &bbp55_pb); 5613 if (bbp55_pb != 0) 5614 break; 5615 } 5616 if (ntries == 100) 5617 return (ETIMEDOUT); 5618 5619 /* set power and frequency of stopband test tone */ 5620 run_bbp_write(sc, 24, 0x06); 5621 for (ntries = 0; ntries < 100; ntries++) { 5622 /* transmit test tone */ 5623 run_bbp_write(sc, 25, 0x90); 5624 run_delay(sc, 10); 5625 /* read received power */ 5626 run_bbp_read(sc, 55, &bbp55_sb); 5627 5628 delta = bbp55_pb - bbp55_sb; 5629 if (delta > target) 5630 break; 5631 5632 /* reprogram filter */ 5633 rf24++; 5634 run_rt3070_rf_write(sc, 24, rf24); 5635 } 5636 if (ntries < 100) { 5637 if (rf24 != init) 5638 rf24--; /* backtrack */ 5639 *val = rf24; 5640 run_rt3070_rf_write(sc, 24, rf24); 5641 } 5642 5643 /* restore initial state */ 5644 run_bbp_write(sc, 24, 0x00); 5645 5646 /* disable baseband loopback mode */ 5647 run_rt3070_rf_read(sc, 22, &rf22); 5648 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5649 5650 return (0); 5651 } 5652 5653 static void 5654 run_rt3070_rf_setup(struct run_softc *sc) 5655 { 5656 uint8_t bbp, rf; 5657 int i; 5658 5659 if (sc->mac_ver == 0x3572) { 5660 /* enable DC filter */ 5661 if (sc->mac_rev >= 0x0201) 5662 run_bbp_write(sc, 103, 0xc0); 5663 5664 run_bbp_read(sc, 138, &bbp); 5665 if (sc->ntxchains == 1) 5666 bbp |= 0x20; /* turn off DAC1 */ 5667 if (sc->nrxchains == 1) 5668 bbp &= ~0x02; /* turn off ADC1 */ 5669 run_bbp_write(sc, 138, bbp); 5670 5671 if (sc->mac_rev >= 0x0211) { 5672 /* improve power consumption */ 5673 run_bbp_read(sc, 31, &bbp); 5674 run_bbp_write(sc, 31, bbp & ~0x03); 5675 } 5676 5677 run_rt3070_rf_read(sc, 16, &rf); 5678 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5679 run_rt3070_rf_write(sc, 16, rf); 5680 5681 } else if (sc->mac_ver == 0x3071) { 5682 if (sc->mac_rev >= 0x0211) { 5683 /* enable DC filter */ 5684 run_bbp_write(sc, 103, 0xc0); 5685 5686 /* improve power consumption */ 5687 run_bbp_read(sc, 31, &bbp); 5688 run_bbp_write(sc, 31, bbp & ~0x03); 5689 } 5690 5691 run_bbp_read(sc, 138, &bbp); 5692 if (sc->ntxchains == 1) 5693 bbp |= 0x20; /* turn off DAC1 */ 5694 if (sc->nrxchains == 1) 5695 bbp &= ~0x02; /* turn off ADC1 */ 5696 run_bbp_write(sc, 138, bbp); 5697 5698 run_write(sc, RT2860_TX_SW_CFG1, 0); 5699 if (sc->mac_rev < 0x0211) { 5700 run_write(sc, RT2860_TX_SW_CFG2, 5701 sc->patch_dac ? 0x2c : 0x0f); 5702 } else 5703 run_write(sc, RT2860_TX_SW_CFG2, 0); 5704 5705 } else if (sc->mac_ver == 0x3070) { 5706 if (sc->mac_rev >= 0x0201) { 5707 /* enable DC filter */ 5708 run_bbp_write(sc, 103, 0xc0); 5709 5710 /* improve power consumption */ 5711 run_bbp_read(sc, 31, &bbp); 5712 run_bbp_write(sc, 31, bbp & ~0x03); 5713 } 5714 5715 if (sc->mac_rev < 0x0201) { 5716 run_write(sc, RT2860_TX_SW_CFG1, 0); 5717 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5718 } else 5719 run_write(sc, RT2860_TX_SW_CFG2, 0); 5720 } 5721 5722 /* initialize RF registers from ROM for >=RT3071*/ 5723 if (sc->mac_ver >= 0x3071) { 5724 for (i = 0; i < 10; i++) { 5725 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5726 continue; 5727 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5728 } 5729 } 5730 } 5731 5732 static void 5733 run_rt3593_rf_setup(struct run_softc *sc) 5734 { 5735 uint8_t bbp, rf; 5736 5737 if (sc->mac_rev >= 0x0211) { 5738 /* Enable DC filter. */ 5739 run_bbp_write(sc, 103, 0xc0); 5740 } 5741 run_write(sc, RT2860_TX_SW_CFG1, 0); 5742 if (sc->mac_rev < 0x0211) { 5743 run_write(sc, RT2860_TX_SW_CFG2, 5744 sc->patch_dac ? 0x2c : 0x0f); 5745 } else 5746 run_write(sc, RT2860_TX_SW_CFG2, 0); 5747 5748 run_rt3070_rf_read(sc, 50, &rf); 5749 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5750 5751 run_rt3070_rf_read(sc, 51, &rf); 5752 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5753 ((sc->txmixgain_2ghz & 0x07) << 2); 5754 run_rt3070_rf_write(sc, 51, rf); 5755 5756 run_rt3070_rf_read(sc, 38, &rf); 5757 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5758 5759 run_rt3070_rf_read(sc, 39, &rf); 5760 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5761 5762 run_rt3070_rf_read(sc, 1, &rf); 5763 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5764 5765 run_rt3070_rf_read(sc, 30, &rf); 5766 rf = (rf & ~0x18) | 0x10; 5767 run_rt3070_rf_write(sc, 30, rf); 5768 5769 /* Apply maximum likelihood detection for 2 stream case. */ 5770 run_bbp_read(sc, 105, &bbp); 5771 if (sc->nrxchains > 1) 5772 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5773 5774 /* Avoid data lost and CRC error. */ 5775 run_bbp_read(sc, 4, &bbp); 5776 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5777 5778 run_bbp_write(sc, 92, 0x02); 5779 run_bbp_write(sc, 82, 0x82); 5780 run_bbp_write(sc, 106, 0x05); 5781 run_bbp_write(sc, 104, 0x92); 5782 run_bbp_write(sc, 88, 0x90); 5783 run_bbp_write(sc, 148, 0xc8); 5784 run_bbp_write(sc, 47, 0x48); 5785 run_bbp_write(sc, 120, 0x50); 5786 5787 run_bbp_write(sc, 163, 0x9d); 5788 5789 /* SNR mapping. */ 5790 run_bbp_write(sc, 142, 0x06); 5791 run_bbp_write(sc, 143, 0xa0); 5792 run_bbp_write(sc, 142, 0x07); 5793 run_bbp_write(sc, 143, 0xa1); 5794 run_bbp_write(sc, 142, 0x08); 5795 run_bbp_write(sc, 143, 0xa2); 5796 5797 run_bbp_write(sc, 31, 0x08); 5798 run_bbp_write(sc, 68, 0x0b); 5799 run_bbp_write(sc, 105, 0x04); 5800 } 5801 5802 static void 5803 run_rt5390_rf_setup(struct run_softc *sc) 5804 { 5805 uint8_t bbp, rf; 5806 5807 if (sc->mac_rev >= 0x0211) { 5808 /* Enable DC filter. */ 5809 run_bbp_write(sc, 103, 0xc0); 5810 5811 if (sc->mac_ver != 0x5592) { 5812 /* Improve power consumption. */ 5813 run_bbp_read(sc, 31, &bbp); 5814 run_bbp_write(sc, 31, bbp & ~0x03); 5815 } 5816 } 5817 5818 run_bbp_read(sc, 138, &bbp); 5819 if (sc->ntxchains == 1) 5820 bbp |= 0x20; /* turn off DAC1 */ 5821 if (sc->nrxchains == 1) 5822 bbp &= ~0x02; /* turn off ADC1 */ 5823 run_bbp_write(sc, 138, bbp); 5824 5825 run_rt3070_rf_read(sc, 38, &rf); 5826 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5827 5828 run_rt3070_rf_read(sc, 39, &rf); 5829 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5830 5831 /* Avoid data lost and CRC error. */ 5832 run_bbp_read(sc, 4, &bbp); 5833 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5834 5835 run_rt3070_rf_read(sc, 30, &rf); 5836 rf = (rf & ~0x18) | 0x10; 5837 run_rt3070_rf_write(sc, 30, rf); 5838 5839 if (sc->mac_ver != 0x5592) { 5840 run_write(sc, RT2860_TX_SW_CFG1, 0); 5841 if (sc->mac_rev < 0x0211) { 5842 run_write(sc, RT2860_TX_SW_CFG2, 5843 sc->patch_dac ? 0x2c : 0x0f); 5844 } else 5845 run_write(sc, RT2860_TX_SW_CFG2, 0); 5846 } 5847 } 5848 5849 static int 5850 run_txrx_enable(struct run_softc *sc) 5851 { 5852 struct ieee80211com *ic = &sc->sc_ic; 5853 uint32_t tmp; 5854 int error, ntries; 5855 5856 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5857 for (ntries = 0; ntries < 200; ntries++) { 5858 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5859 return (error); 5860 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5861 break; 5862 run_delay(sc, 50); 5863 } 5864 if (ntries == 200) 5865 return (ETIMEDOUT); 5866 5867 run_delay(sc, 50); 5868 5869 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5870 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5871 5872 /* enable Rx bulk aggregation (set timeout and limit) */ 5873 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5874 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5875 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5876 5877 /* set Rx filter */ 5878 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5879 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5880 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5881 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5882 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5883 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5884 if (ic->ic_opmode == IEEE80211_M_STA) 5885 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5886 } 5887 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5888 5889 run_write(sc, RT2860_MAC_SYS_CTRL, 5890 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5891 5892 return (0); 5893 } 5894 5895 static void 5896 run_adjust_freq_offset(struct run_softc *sc) 5897 { 5898 uint8_t rf, tmp; 5899 5900 run_rt3070_rf_read(sc, 17, &rf); 5901 tmp = rf; 5902 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5903 rf = MIN(rf, 0x5f); 5904 5905 if (tmp != rf) 5906 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5907 } 5908 5909 static void 5910 run_init_locked(struct run_softc *sc) 5911 { 5912 struct ieee80211com *ic = &sc->sc_ic; 5913 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5914 uint32_t tmp; 5915 uint8_t bbp1, bbp3; 5916 int i; 5917 int ridx; 5918 int ntries; 5919 5920 if (ic->ic_nrunning > 1) 5921 return; 5922 5923 run_stop(sc); 5924 5925 if (run_load_microcode(sc) != 0) { 5926 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5927 goto fail; 5928 } 5929 5930 for (ntries = 0; ntries < 100; ntries++) { 5931 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5932 goto fail; 5933 if (tmp != 0 && tmp != 0xffffffff) 5934 break; 5935 run_delay(sc, 10); 5936 } 5937 if (ntries == 100) 5938 goto fail; 5939 5940 for (i = 0; i != RUN_EP_QUEUES; i++) 5941 run_setup_tx_list(sc, &sc->sc_epq[i]); 5942 5943 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5944 5945 for (ntries = 0; ntries < 100; ntries++) { 5946 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5947 goto fail; 5948 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5949 break; 5950 run_delay(sc, 10); 5951 } 5952 if (ntries == 100) { 5953 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5954 goto fail; 5955 } 5956 tmp &= 0xff0; 5957 tmp |= RT2860_TX_WB_DDONE; 5958 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5959 5960 /* turn off PME_OEN to solve high-current issue */ 5961 run_read(sc, RT2860_SYS_CTRL, &tmp); 5962 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5963 5964 run_write(sc, RT2860_MAC_SYS_CTRL, 5965 RT2860_BBP_HRST | RT2860_MAC_SRST); 5966 run_write(sc, RT2860_USB_DMA_CFG, 0); 5967 5968 if (run_reset(sc) != 0) { 5969 device_printf(sc->sc_dev, "could not reset chipset\n"); 5970 goto fail; 5971 } 5972 5973 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5974 5975 /* init Tx power for all Tx rates (from EEPROM) */ 5976 for (ridx = 0; ridx < 5; ridx++) { 5977 if (sc->txpow20mhz[ridx] == 0xffffffff) 5978 continue; 5979 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5980 } 5981 5982 for (i = 0; i < nitems(rt2870_def_mac); i++) 5983 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5984 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5985 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5986 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5987 5988 if (sc->mac_ver >= 0x5390) { 5989 run_write(sc, RT2860_TX_SW_CFG0, 5990 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5991 if (sc->mac_ver >= 0x5392) { 5992 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5993 if (sc->mac_ver == 0x5592) { 5994 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5995 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5996 } else { 5997 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5998 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5999 } 6000 } 6001 } else if (sc->mac_ver == 0x3593) { 6002 run_write(sc, RT2860_TX_SW_CFG0, 6003 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6004 } else if (sc->mac_ver >= 0x3070) { 6005 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6006 run_write(sc, RT2860_TX_SW_CFG0, 6007 4 << RT2860_DLY_PAPE_EN_SHIFT); 6008 } 6009 6010 /* wait while MAC is busy */ 6011 for (ntries = 0; ntries < 100; ntries++) { 6012 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6013 goto fail; 6014 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6015 break; 6016 run_delay(sc, 10); 6017 } 6018 if (ntries == 100) 6019 goto fail; 6020 6021 /* clear Host to MCU mailbox */ 6022 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6023 run_write(sc, RT2860_H2M_MAILBOX, 0); 6024 run_delay(sc, 10); 6025 6026 if (run_bbp_init(sc) != 0) { 6027 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6028 goto fail; 6029 } 6030 6031 /* abort TSF synchronization */ 6032 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6033 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6034 RT2860_TBTT_TIMER_EN); 6035 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6036 6037 /* clear RX WCID search table */ 6038 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6039 /* clear WCID attribute table */ 6040 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6041 6042 /* hostapd sets a key before init. So, don't clear it. */ 6043 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6044 /* clear shared key table */ 6045 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6046 /* clear shared key mode */ 6047 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6048 } 6049 6050 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6051 tmp = (tmp & ~0xff) | 0x1e; 6052 run_write(sc, RT2860_US_CYC_CNT, tmp); 6053 6054 if (sc->mac_rev != 0x0101) 6055 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6056 6057 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6058 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6059 6060 /* write vendor-specific BBP values (from EEPROM) */ 6061 if (sc->mac_ver < 0x3593) { 6062 for (i = 0; i < 10; i++) { 6063 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6064 continue; 6065 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6066 } 6067 } 6068 6069 /* select Main antenna for 1T1R devices */ 6070 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6071 run_set_rx_antenna(sc, 0); 6072 6073 /* send LEDs operating mode to microcontroller */ 6074 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6075 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6076 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6077 6078 if (sc->mac_ver >= 0x5390) 6079 run_rt5390_rf_init(sc); 6080 else if (sc->mac_ver == 0x3593) 6081 run_rt3593_rf_init(sc); 6082 else if (sc->mac_ver >= 0x3070) 6083 run_rt3070_rf_init(sc); 6084 6085 /* disable non-existing Rx chains */ 6086 run_bbp_read(sc, 3, &bbp3); 6087 bbp3 &= ~(1 << 3 | 1 << 4); 6088 if (sc->nrxchains == 2) 6089 bbp3 |= 1 << 3; 6090 else if (sc->nrxchains == 3) 6091 bbp3 |= 1 << 4; 6092 run_bbp_write(sc, 3, bbp3); 6093 6094 /* disable non-existing Tx chains */ 6095 run_bbp_read(sc, 1, &bbp1); 6096 if (sc->ntxchains == 1) 6097 bbp1 &= ~(1 << 3 | 1 << 4); 6098 run_bbp_write(sc, 1, bbp1); 6099 6100 if (sc->mac_ver >= 0x5390) 6101 run_rt5390_rf_setup(sc); 6102 else if (sc->mac_ver == 0x3593) 6103 run_rt3593_rf_setup(sc); 6104 else if (sc->mac_ver >= 0x3070) 6105 run_rt3070_rf_setup(sc); 6106 6107 /* select default channel */ 6108 run_set_chan(sc, ic->ic_curchan); 6109 6110 /* setup initial protection mode */ 6111 run_updateprot_cb(ic); 6112 6113 /* turn radio LED on */ 6114 run_set_leds(sc, RT2860_LED_RADIO); 6115 6116 sc->sc_flags |= RUN_RUNNING; 6117 sc->cmdq_run = RUN_CMDQ_GO; 6118 6119 for (i = 0; i != RUN_N_XFER; i++) 6120 usbd_xfer_set_stall(sc->sc_xfer[i]); 6121 6122 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6123 6124 if (run_txrx_enable(sc) != 0) 6125 goto fail; 6126 6127 return; 6128 6129 fail: 6130 run_stop(sc); 6131 } 6132 6133 static void 6134 run_stop(void *arg) 6135 { 6136 struct run_softc *sc = (struct run_softc *)arg; 6137 uint32_t tmp; 6138 int i; 6139 int ntries; 6140 6141 RUN_LOCK_ASSERT(sc, MA_OWNED); 6142 6143 if (sc->sc_flags & RUN_RUNNING) 6144 run_set_leds(sc, 0); /* turn all LEDs off */ 6145 6146 sc->sc_flags &= ~RUN_RUNNING; 6147 6148 sc->ratectl_run = RUN_RATECTL_OFF; 6149 sc->cmdq_run = sc->cmdq_key_set; 6150 6151 RUN_UNLOCK(sc); 6152 6153 for(i = 0; i < RUN_N_XFER; i++) 6154 usbd_transfer_drain(sc->sc_xfer[i]); 6155 6156 RUN_LOCK(sc); 6157 6158 run_drain_mbufq(sc); 6159 6160 if (sc->rx_m != NULL) { 6161 m_free(sc->rx_m); 6162 sc->rx_m = NULL; 6163 } 6164 6165 /* Disable Tx/Rx DMA. */ 6166 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6167 return; 6168 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6169 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6170 6171 for (ntries = 0; ntries < 100; ntries++) { 6172 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6173 return; 6174 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6175 break; 6176 run_delay(sc, 10); 6177 } 6178 if (ntries == 100) { 6179 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6180 return; 6181 } 6182 6183 /* disable Tx/Rx */ 6184 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6185 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6186 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6187 6188 /* wait for pending Tx to complete */ 6189 for (ntries = 0; ntries < 100; ntries++) { 6190 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6191 DPRINTF("Cannot read Tx queue count\n"); 6192 break; 6193 } 6194 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6195 DPRINTF("All Tx cleared\n"); 6196 break; 6197 } 6198 run_delay(sc, 10); 6199 } 6200 if (ntries >= 100) 6201 DPRINTF("There are still pending Tx\n"); 6202 run_delay(sc, 10); 6203 run_write(sc, RT2860_USB_DMA_CFG, 0); 6204 6205 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6206 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6207 6208 for (i = 0; i != RUN_EP_QUEUES; i++) 6209 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6210 } 6211 6212 static void 6213 run_delay(struct run_softc *sc, u_int ms) 6214 { 6215 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6216 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6217 } 6218 6219 static device_method_t run_methods[] = { 6220 /* Device interface */ 6221 DEVMETHOD(device_probe, run_match), 6222 DEVMETHOD(device_attach, run_attach), 6223 DEVMETHOD(device_detach, run_detach), 6224 DEVMETHOD_END 6225 }; 6226 6227 static driver_t run_driver = { 6228 .name = "run", 6229 .methods = run_methods, 6230 .size = sizeof(struct run_softc) 6231 }; 6232 6233 static devclass_t run_devclass; 6234 6235 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6236 MODULE_DEPEND(run, wlan, 1, 1, 1); 6237 MODULE_DEPEND(run, usb, 1, 1, 1); 6238 MODULE_DEPEND(run, firmware, 1, 1, 1); 6239 MODULE_VERSION(run, 1); 6240 USB_PNP_HOST_INFO(run_devs); 6241