1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/lock.h> 34 #include <sys/mutex.h> 35 #include <sys/mbuf.h> 36 #include <sys/kernel.h> 37 #include <sys/socket.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/module.h> 41 #include <sys/bus.h> 42 #include <sys/endian.h> 43 #include <sys/linker.h> 44 #include <sys/firmware.h> 45 #include <sys/kdb.h> 46 47 #include <machine/bus.h> 48 #include <machine/resource.h> 49 #include <sys/rman.h> 50 51 #include <net/bpf.h> 52 #include <net/if.h> 53 #include <net/if_var.h> 54 #include <net/if_arp.h> 55 #include <net/ethernet.h> 56 #include <net/if_dl.h> 57 #include <net/if_media.h> 58 #include <net/if_types.h> 59 60 #include <netinet/in.h> 61 #include <netinet/in_systm.h> 62 #include <netinet/in_var.h> 63 #include <netinet/if_ether.h> 64 #include <netinet/ip.h> 65 66 #include <net80211/ieee80211_var.h> 67 #include <net80211/ieee80211_regdomain.h> 68 #include <net80211/ieee80211_radiotap.h> 69 #include <net80211/ieee80211_ratectl.h> 70 71 #include <dev/usb/usb.h> 72 #include <dev/usb/usbdi.h> 73 #include "usbdevs.h" 74 75 #define USB_DEBUG_VAR run_debug 76 #include <dev/usb/usb_debug.h> 77 #include <dev/usb/usb_msctest.h> 78 79 #include <dev/usb/wlan/if_runreg.h> 80 #include <dev/usb/wlan/if_runvar.h> 81 82 #ifdef USB_DEBUG 83 #define RUN_DEBUG 84 #endif 85 86 #ifdef RUN_DEBUG 87 int run_debug = 0; 88 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 89 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 90 "run debug level"); 91 92 enum { 93 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 94 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 95 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 96 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 97 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 98 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 99 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 100 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 101 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 102 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 103 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 104 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 105 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 106 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 107 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 108 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 109 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 110 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 111 RUN_DEBUG_ANY = 0xffffffff 112 }; 113 114 #define RUN_DPRINTF(_sc, _m, ...) do { \ 115 if (run_debug & (_m)) \ 116 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 117 } while(0) 118 #else 119 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 120 #endif 121 122 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 123 124 /* 125 * Because of LOR in run_key_delete(), use atomic instead. 126 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 127 */ 128 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 129 130 static const STRUCT_USB_HOST_ID run_devs[] = { 131 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 132 #define RUN_DEV_EJECT(v,p) \ 133 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 134 #define RUN_EJECT 1 135 RUN_DEV(ABOCOM, RT2770), 136 RUN_DEV(ABOCOM, RT2870), 137 RUN_DEV(ABOCOM, RT3070), 138 RUN_DEV(ABOCOM, RT3071), 139 RUN_DEV(ABOCOM, RT3072), 140 RUN_DEV(ABOCOM2, RT2870_1), 141 RUN_DEV(ACCTON, RT2770), 142 RUN_DEV(ACCTON, RT2870_1), 143 RUN_DEV(ACCTON, RT2870_2), 144 RUN_DEV(ACCTON, RT2870_3), 145 RUN_DEV(ACCTON, RT2870_4), 146 RUN_DEV(ACCTON, RT2870_5), 147 RUN_DEV(ACCTON, RT3070), 148 RUN_DEV(ACCTON, RT3070_1), 149 RUN_DEV(ACCTON, RT3070_2), 150 RUN_DEV(ACCTON, RT3070_3), 151 RUN_DEV(ACCTON, RT3070_4), 152 RUN_DEV(ACCTON, RT3070_5), 153 RUN_DEV(AIRTIES, RT3070), 154 RUN_DEV(ALLWIN, RT2070), 155 RUN_DEV(ALLWIN, RT2770), 156 RUN_DEV(ALLWIN, RT2870), 157 RUN_DEV(ALLWIN, RT3070), 158 RUN_DEV(ALLWIN, RT3071), 159 RUN_DEV(ALLWIN, RT3072), 160 RUN_DEV(ALLWIN, RT3572), 161 RUN_DEV(AMIGO, RT2870_1), 162 RUN_DEV(AMIGO, RT2870_2), 163 RUN_DEV(AMIT, CGWLUSB2GNR), 164 RUN_DEV(AMIT, RT2870_1), 165 RUN_DEV(AMIT2, RT2870), 166 RUN_DEV(ASUS, RT2870_1), 167 RUN_DEV(ASUS, RT2870_2), 168 RUN_DEV(ASUS, RT2870_3), 169 RUN_DEV(ASUS, RT2870_4), 170 RUN_DEV(ASUS, RT2870_5), 171 RUN_DEV(ASUS, USBN13), 172 RUN_DEV(ASUS, RT3070_1), 173 RUN_DEV(ASUS, USBN66), 174 RUN_DEV(ASUS, USB_N53), 175 RUN_DEV(ASUS2, USBN11), 176 RUN_DEV(AZUREWAVE, RT2870_1), 177 RUN_DEV(AZUREWAVE, RT2870_2), 178 RUN_DEV(AZUREWAVE, RT3070_1), 179 RUN_DEV(AZUREWAVE, RT3070_2), 180 RUN_DEV(AZUREWAVE, RT3070_3), 181 RUN_DEV(BELKIN, F9L1103), 182 RUN_DEV(BELKIN, F5D8053V3), 183 RUN_DEV(BELKIN, F5D8055), 184 RUN_DEV(BELKIN, F5D8055V2), 185 RUN_DEV(BELKIN, F6D4050V1), 186 RUN_DEV(BELKIN, F6D4050V2), 187 RUN_DEV(BELKIN, RT2870_1), 188 RUN_DEV(BELKIN, RT2870_2), 189 RUN_DEV(CISCOLINKSYS, AE1000), 190 RUN_DEV(CISCOLINKSYS2, RT3070), 191 RUN_DEV(CISCOLINKSYS3, RT3070), 192 RUN_DEV(CONCEPTRONIC2, RT2870_1), 193 RUN_DEV(CONCEPTRONIC2, RT2870_2), 194 RUN_DEV(CONCEPTRONIC2, RT2870_3), 195 RUN_DEV(CONCEPTRONIC2, RT2870_4), 196 RUN_DEV(CONCEPTRONIC2, RT2870_5), 197 RUN_DEV(CONCEPTRONIC2, RT2870_6), 198 RUN_DEV(CONCEPTRONIC2, RT2870_7), 199 RUN_DEV(CONCEPTRONIC2, RT2870_8), 200 RUN_DEV(CONCEPTRONIC2, RT3070_1), 201 RUN_DEV(CONCEPTRONIC2, RT3070_2), 202 RUN_DEV(CONCEPTRONIC2, VIGORN61), 203 RUN_DEV(COREGA, CGWLUSB300GNM), 204 RUN_DEV(COREGA, RT2870_1), 205 RUN_DEV(COREGA, RT2870_2), 206 RUN_DEV(COREGA, RT2870_3), 207 RUN_DEV(COREGA, RT3070), 208 RUN_DEV(CYBERTAN, RT2870), 209 RUN_DEV(DLINK, RT2870), 210 RUN_DEV(DLINK, RT3072), 211 RUN_DEV(DLINK, DWA125A3), 212 RUN_DEV(DLINK, DWA127), 213 RUN_DEV(DLINK, DWA140B3), 214 RUN_DEV(DLINK, DWA160B2), 215 RUN_DEV(DLINK, DWA140D1), 216 RUN_DEV(DLINK, DWA162), 217 RUN_DEV(DLINK2, DWA130), 218 RUN_DEV(DLINK2, RT2870_1), 219 RUN_DEV(DLINK2, RT2870_2), 220 RUN_DEV(DLINK2, RT3070_1), 221 RUN_DEV(DLINK2, RT3070_2), 222 RUN_DEV(DLINK2, RT3070_3), 223 RUN_DEV(DLINK2, RT3070_4), 224 RUN_DEV(DLINK2, RT3070_5), 225 RUN_DEV(DLINK2, RT3072), 226 RUN_DEV(DLINK2, RT3072_1), 227 RUN_DEV(EDIMAX, EW7717), 228 RUN_DEV(EDIMAX, EW7718), 229 RUN_DEV(EDIMAX, EW7733UND), 230 RUN_DEV(EDIMAX, RT2870_1), 231 RUN_DEV(ENCORE, RT3070_1), 232 RUN_DEV(ENCORE, RT3070_2), 233 RUN_DEV(ENCORE, RT3070_3), 234 RUN_DEV(GIGABYTE, GNWB31N), 235 RUN_DEV(GIGABYTE, GNWB32L), 236 RUN_DEV(GIGABYTE, RT2870_1), 237 RUN_DEV(GIGASET, RT3070_1), 238 RUN_DEV(GIGASET, RT3070_2), 239 RUN_DEV(GUILLEMOT, HWNU300), 240 RUN_DEV(HAWKING, HWUN2), 241 RUN_DEV(HAWKING, RT2870_1), 242 RUN_DEV(HAWKING, RT2870_2), 243 RUN_DEV(HAWKING, RT3070), 244 RUN_DEV(IODATA, RT3072_1), 245 RUN_DEV(IODATA, RT3072_2), 246 RUN_DEV(IODATA, RT3072_3), 247 RUN_DEV(IODATA, RT3072_4), 248 RUN_DEV(LINKSYS4, RT3070), 249 RUN_DEV(LINKSYS4, WUSB100), 250 RUN_DEV(LINKSYS4, WUSB54GCV3), 251 RUN_DEV(LINKSYS4, WUSB600N), 252 RUN_DEV(LINKSYS4, WUSB600NV2), 253 RUN_DEV(LOGITEC, RT2870_1), 254 RUN_DEV(LOGITEC, RT2870_2), 255 RUN_DEV(LOGITEC, RT2870_3), 256 RUN_DEV(LOGITEC, LANW300NU2), 257 RUN_DEV(LOGITEC, LANW150NU2), 258 RUN_DEV(LOGITEC, LANW300NU2S), 259 RUN_DEV(MELCO, WLIUCG300HP), 260 RUN_DEV(MELCO, RT2870_2), 261 RUN_DEV(MELCO, WLIUCAG300N), 262 RUN_DEV(MELCO, WLIUCG300N), 263 RUN_DEV(MELCO, WLIUCG301N), 264 RUN_DEV(MELCO, WLIUCGN), 265 RUN_DEV(MELCO, WLIUCGNM), 266 RUN_DEV(MELCO, WLIUCG300HPV1), 267 RUN_DEV(MELCO, WLIUCGNM2), 268 RUN_DEV(MOTOROLA4, RT2770), 269 RUN_DEV(MOTOROLA4, RT3070), 270 RUN_DEV(MSI, RT3070_1), 271 RUN_DEV(MSI, RT3070_2), 272 RUN_DEV(MSI, RT3070_3), 273 RUN_DEV(MSI, RT3070_4), 274 RUN_DEV(MSI, RT3070_5), 275 RUN_DEV(MSI, RT3070_6), 276 RUN_DEV(MSI, RT3070_7), 277 RUN_DEV(MSI, RT3070_8), 278 RUN_DEV(MSI, RT3070_9), 279 RUN_DEV(MSI, RT3070_10), 280 RUN_DEV(MSI, RT3070_11), 281 RUN_DEV(NETGEAR, WNDA4100), 282 RUN_DEV(OVISLINK, RT3072), 283 RUN_DEV(PARA, RT3070), 284 RUN_DEV(PEGATRON, RT2870), 285 RUN_DEV(PEGATRON, RT3070), 286 RUN_DEV(PEGATRON, RT3070_2), 287 RUN_DEV(PEGATRON, RT3070_3), 288 RUN_DEV(PHILIPS, RT2870), 289 RUN_DEV(PLANEX2, GWUS300MINIS), 290 RUN_DEV(PLANEX2, GWUSMICRON), 291 RUN_DEV(PLANEX2, RT2870), 292 RUN_DEV(PLANEX2, RT3070), 293 RUN_DEV(QCOM, RT2870), 294 RUN_DEV(QUANTA, RT3070), 295 RUN_DEV(RALINK, RT2070), 296 RUN_DEV(RALINK, RT2770), 297 RUN_DEV(RALINK, RT2870), 298 RUN_DEV(RALINK, RT3070), 299 RUN_DEV(RALINK, RT3071), 300 RUN_DEV(RALINK, RT3072), 301 RUN_DEV(RALINK, RT3370), 302 RUN_DEV(RALINK, RT3572), 303 RUN_DEV(RALINK, RT3573), 304 RUN_DEV(RALINK, RT5370), 305 RUN_DEV(RALINK, RT5372), 306 RUN_DEV(RALINK, RT5572), 307 RUN_DEV(RALINK, RT8070), 308 RUN_DEV(SAMSUNG, WIS09ABGN), 309 RUN_DEV(SAMSUNG2, RT2870_1), 310 RUN_DEV(SENAO, RT2870_1), 311 RUN_DEV(SENAO, RT2870_2), 312 RUN_DEV(SENAO, RT2870_3), 313 RUN_DEV(SENAO, RT2870_4), 314 RUN_DEV(SENAO, RT3070), 315 RUN_DEV(SENAO, RT3071), 316 RUN_DEV(SENAO, RT3072_1), 317 RUN_DEV(SENAO, RT3072_2), 318 RUN_DEV(SENAO, RT3072_3), 319 RUN_DEV(SENAO, RT3072_4), 320 RUN_DEV(SENAO, RT3072_5), 321 RUN_DEV(SITECOMEU, RT2770), 322 RUN_DEV(SITECOMEU, RT2870_1), 323 RUN_DEV(SITECOMEU, RT2870_2), 324 RUN_DEV(SITECOMEU, RT2870_3), 325 RUN_DEV(SITECOMEU, RT2870_4), 326 RUN_DEV(SITECOMEU, RT3070), 327 RUN_DEV(SITECOMEU, RT3070_2), 328 RUN_DEV(SITECOMEU, RT3070_3), 329 RUN_DEV(SITECOMEU, RT3070_4), 330 RUN_DEV(SITECOMEU, RT3071), 331 RUN_DEV(SITECOMEU, RT3072_1), 332 RUN_DEV(SITECOMEU, RT3072_2), 333 RUN_DEV(SITECOMEU, RT3072_3), 334 RUN_DEV(SITECOMEU, RT3072_4), 335 RUN_DEV(SITECOMEU, RT3072_5), 336 RUN_DEV(SITECOMEU, RT3072_6), 337 RUN_DEV(SITECOMEU, WL608), 338 RUN_DEV(SPARKLAN, RT2870_1), 339 RUN_DEV(SPARKLAN, RT3070), 340 RUN_DEV(SWEEX2, LW153), 341 RUN_DEV(SWEEX2, LW303), 342 RUN_DEV(SWEEX2, LW313), 343 RUN_DEV(TOSHIBA, RT3070), 344 RUN_DEV(UMEDIA, RT2870_1), 345 RUN_DEV(ZCOM, RT2870_1), 346 RUN_DEV(ZCOM, RT2870_2), 347 RUN_DEV(ZINWELL, RT2870_1), 348 RUN_DEV(ZINWELL, RT2870_2), 349 RUN_DEV(ZINWELL, RT3070), 350 RUN_DEV(ZINWELL, RT3072_1), 351 RUN_DEV(ZINWELL, RT3072_2), 352 RUN_DEV(ZYXEL, RT2870_1), 353 RUN_DEV(ZYXEL, RT2870_2), 354 RUN_DEV(ZYXEL, RT3070), 355 RUN_DEV_EJECT(ZYXEL, NWD2705), 356 RUN_DEV_EJECT(RALINK, RT_STOR), 357 #undef RUN_DEV_EJECT 358 #undef RUN_DEV 359 }; 360 361 static device_probe_t run_match; 362 static device_attach_t run_attach; 363 static device_detach_t run_detach; 364 365 static usb_callback_t run_bulk_rx_callback; 366 static usb_callback_t run_bulk_tx_callback0; 367 static usb_callback_t run_bulk_tx_callback1; 368 static usb_callback_t run_bulk_tx_callback2; 369 static usb_callback_t run_bulk_tx_callback3; 370 static usb_callback_t run_bulk_tx_callback4; 371 static usb_callback_t run_bulk_tx_callback5; 372 373 static void run_autoinst(void *, struct usb_device *, 374 struct usb_attach_arg *); 375 static int run_driver_loaded(struct module *, int, void *); 376 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 377 usb_error_t error, u_int index); 378 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 379 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 380 const uint8_t [IEEE80211_ADDR_LEN], 381 const uint8_t [IEEE80211_ADDR_LEN]); 382 static void run_vap_delete(struct ieee80211vap *); 383 static void run_cmdq_cb(void *, int); 384 static void run_setup_tx_list(struct run_softc *, 385 struct run_endpoint_queue *); 386 static void run_unsetup_tx_list(struct run_softc *, 387 struct run_endpoint_queue *); 388 static int run_load_microcode(struct run_softc *); 389 static int run_reset(struct run_softc *); 390 static usb_error_t run_do_request(struct run_softc *, 391 struct usb_device_request *, void *); 392 static int run_read(struct run_softc *, uint16_t, uint32_t *); 393 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 394 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 395 static int run_write(struct run_softc *, uint16_t, uint32_t); 396 static int run_write_region_1(struct run_softc *, uint16_t, 397 const uint8_t *, int); 398 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 399 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 400 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 401 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 402 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 403 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 404 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 405 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 406 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 407 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 408 static const char *run_get_rf(uint16_t); 409 static void run_rt3593_get_txpower(struct run_softc *); 410 static void run_get_txpower(struct run_softc *); 411 static int run_read_eeprom(struct run_softc *); 412 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 413 const uint8_t mac[IEEE80211_ADDR_LEN]); 414 static int run_media_change(struct ifnet *); 415 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 416 static int run_wme_update(struct ieee80211com *); 417 static void run_key_set_cb(void *); 418 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 419 static void run_key_delete_cb(void *); 420 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 421 static void run_ratectl_to(void *); 422 static void run_ratectl_cb(void *, int); 423 static void run_drain_fifo(void *); 424 static void run_iter_func(void *, struct ieee80211_node *); 425 static void run_newassoc_cb(void *); 426 static void run_newassoc(struct ieee80211_node *, int); 427 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 428 const struct ieee80211_rx_stats *, int, int); 429 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 430 static void run_tx_free(struct run_endpoint_queue *pq, 431 struct run_tx_data *, int); 432 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 433 static int run_tx(struct run_softc *, struct mbuf *, 434 struct ieee80211_node *); 435 static int run_tx_mgt(struct run_softc *, struct mbuf *, 436 struct ieee80211_node *); 437 static int run_sendprot(struct run_softc *, const struct mbuf *, 438 struct ieee80211_node *, int, int); 439 static int run_tx_param(struct run_softc *, struct mbuf *, 440 struct ieee80211_node *, 441 const struct ieee80211_bpf_params *); 442 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 443 const struct ieee80211_bpf_params *); 444 static int run_transmit(struct ieee80211com *, struct mbuf *); 445 static void run_start(struct run_softc *); 446 static void run_parent(struct ieee80211com *); 447 static void run_iq_calib(struct run_softc *, u_int); 448 static void run_set_agc(struct run_softc *, uint8_t); 449 static void run_select_chan_group(struct run_softc *, int); 450 static void run_set_rx_antenna(struct run_softc *, int); 451 static void run_rt2870_set_chan(struct run_softc *, u_int); 452 static void run_rt3070_set_chan(struct run_softc *, u_int); 453 static void run_rt3572_set_chan(struct run_softc *, u_int); 454 static void run_rt3593_set_chan(struct run_softc *, u_int); 455 static void run_rt5390_set_chan(struct run_softc *, u_int); 456 static void run_rt5592_set_chan(struct run_softc *, u_int); 457 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 458 static void run_set_channel(struct ieee80211com *); 459 static void run_getradiocaps(struct ieee80211com *, int, int *, 460 struct ieee80211_channel[]); 461 static void run_scan_start(struct ieee80211com *); 462 static void run_scan_end(struct ieee80211com *); 463 static void run_update_beacon(struct ieee80211vap *, int); 464 static void run_update_beacon_cb(void *); 465 static void run_updateprot(struct ieee80211com *); 466 static void run_updateprot_cb(void *); 467 static void run_usb_timeout_cb(void *); 468 static void run_reset_livelock(struct run_softc *); 469 static void run_enable_tsf_sync(struct run_softc *); 470 static void run_enable_tsf(struct run_softc *); 471 static void run_get_tsf(struct run_softc *, uint64_t *); 472 static void run_enable_mrr(struct run_softc *); 473 static void run_set_txpreamble(struct run_softc *); 474 static void run_set_basicrates(struct run_softc *); 475 static void run_set_leds(struct run_softc *, uint16_t); 476 static void run_set_bssid(struct run_softc *, const uint8_t *); 477 static void run_set_macaddr(struct run_softc *, const uint8_t *); 478 static void run_updateslot(struct ieee80211com *); 479 static void run_updateslot_cb(void *); 480 static void run_update_mcast(struct ieee80211com *); 481 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 482 static void run_update_promisc_locked(struct run_softc *); 483 static void run_update_promisc(struct ieee80211com *); 484 static void run_rt5390_bbp_init(struct run_softc *); 485 static int run_bbp_init(struct run_softc *); 486 static int run_rt3070_rf_init(struct run_softc *); 487 static void run_rt3593_rf_init(struct run_softc *); 488 static void run_rt5390_rf_init(struct run_softc *); 489 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 490 uint8_t *); 491 static void run_rt3070_rf_setup(struct run_softc *); 492 static void run_rt3593_rf_setup(struct run_softc *); 493 static void run_rt5390_rf_setup(struct run_softc *); 494 static int run_txrx_enable(struct run_softc *); 495 static void run_adjust_freq_offset(struct run_softc *); 496 static void run_init_locked(struct run_softc *); 497 static void run_stop(void *); 498 static void run_delay(struct run_softc *, u_int); 499 500 static eventhandler_tag run_etag; 501 502 static const struct rt2860_rate { 503 uint8_t rate; 504 uint8_t mcs; 505 enum ieee80211_phytype phy; 506 uint8_t ctl_ridx; 507 uint16_t sp_ack_dur; 508 uint16_t lp_ack_dur; 509 } rt2860_rates[] = { 510 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 511 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 512 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 513 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 514 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 515 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 516 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 517 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 518 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 519 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 520 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 521 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 522 }; 523 524 static const struct { 525 uint16_t reg; 526 uint32_t val; 527 } rt2870_def_mac[] = { 528 RT2870_DEF_MAC 529 }; 530 531 static const struct { 532 uint8_t reg; 533 uint8_t val; 534 } rt2860_def_bbp[] = { 535 RT2860_DEF_BBP 536 },rt5390_def_bbp[] = { 537 RT5390_DEF_BBP 538 },rt5592_def_bbp[] = { 539 RT5592_DEF_BBP 540 }; 541 542 /* 543 * Default values for BBP register R196 for RT5592. 544 */ 545 static const uint8_t rt5592_bbp_r196[] = { 546 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 547 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 548 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 549 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 550 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 551 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 552 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 553 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 554 0x2e, 0x36, 0x30, 0x6e 555 }; 556 557 static const struct rfprog { 558 uint8_t chan; 559 uint32_t r1, r2, r3, r4; 560 } rt2860_rf2850[] = { 561 RT2860_RF2850 562 }; 563 564 struct { 565 uint8_t n, r, k; 566 } rt3070_freqs[] = { 567 RT3070_RF3052 568 }; 569 570 static const struct rt5592_freqs { 571 uint16_t n; 572 uint8_t k, m, r; 573 } rt5592_freqs_20mhz[] = { 574 RT5592_RF5592_20MHZ 575 },rt5592_freqs_40mhz[] = { 576 RT5592_RF5592_40MHZ 577 }; 578 579 static const struct { 580 uint8_t reg; 581 uint8_t val; 582 } rt3070_def_rf[] = { 583 RT3070_DEF_RF 584 },rt3572_def_rf[] = { 585 RT3572_DEF_RF 586 },rt3593_def_rf[] = { 587 RT3593_DEF_RF 588 },rt5390_def_rf[] = { 589 RT5390_DEF_RF 590 },rt5392_def_rf[] = { 591 RT5392_DEF_RF 592 },rt5592_def_rf[] = { 593 RT5592_DEF_RF 594 },rt5592_2ghz_def_rf[] = { 595 RT5592_2GHZ_DEF_RF 596 },rt5592_5ghz_def_rf[] = { 597 RT5592_5GHZ_DEF_RF 598 }; 599 600 static const struct { 601 u_int firstchan; 602 u_int lastchan; 603 uint8_t reg; 604 uint8_t val; 605 } rt5592_chan_5ghz[] = { 606 RT5592_CHAN_5GHZ 607 }; 608 609 static const struct usb_config run_config[RUN_N_XFER] = { 610 [RUN_BULK_TX_BE] = { 611 .type = UE_BULK, 612 .endpoint = UE_ADDR_ANY, 613 .ep_index = 0, 614 .direction = UE_DIR_OUT, 615 .bufsize = RUN_MAX_TXSZ, 616 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 617 .callback = run_bulk_tx_callback0, 618 .timeout = 5000, /* ms */ 619 }, 620 [RUN_BULK_TX_BK] = { 621 .type = UE_BULK, 622 .endpoint = UE_ADDR_ANY, 623 .direction = UE_DIR_OUT, 624 .ep_index = 1, 625 .bufsize = RUN_MAX_TXSZ, 626 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 627 .callback = run_bulk_tx_callback1, 628 .timeout = 5000, /* ms */ 629 }, 630 [RUN_BULK_TX_VI] = { 631 .type = UE_BULK, 632 .endpoint = UE_ADDR_ANY, 633 .direction = UE_DIR_OUT, 634 .ep_index = 2, 635 .bufsize = RUN_MAX_TXSZ, 636 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 637 .callback = run_bulk_tx_callback2, 638 .timeout = 5000, /* ms */ 639 }, 640 [RUN_BULK_TX_VO] = { 641 .type = UE_BULK, 642 .endpoint = UE_ADDR_ANY, 643 .direction = UE_DIR_OUT, 644 .ep_index = 3, 645 .bufsize = RUN_MAX_TXSZ, 646 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 647 .callback = run_bulk_tx_callback3, 648 .timeout = 5000, /* ms */ 649 }, 650 [RUN_BULK_TX_HCCA] = { 651 .type = UE_BULK, 652 .endpoint = UE_ADDR_ANY, 653 .direction = UE_DIR_OUT, 654 .ep_index = 4, 655 .bufsize = RUN_MAX_TXSZ, 656 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 657 .callback = run_bulk_tx_callback4, 658 .timeout = 5000, /* ms */ 659 }, 660 [RUN_BULK_TX_PRIO] = { 661 .type = UE_BULK, 662 .endpoint = UE_ADDR_ANY, 663 .direction = UE_DIR_OUT, 664 .ep_index = 5, 665 .bufsize = RUN_MAX_TXSZ, 666 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 667 .callback = run_bulk_tx_callback5, 668 .timeout = 5000, /* ms */ 669 }, 670 [RUN_BULK_RX] = { 671 .type = UE_BULK, 672 .endpoint = UE_ADDR_ANY, 673 .direction = UE_DIR_IN, 674 .bufsize = RUN_MAX_RXSZ, 675 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 676 .callback = run_bulk_rx_callback, 677 } 678 }; 679 680 static void 681 run_autoinst(void *arg, struct usb_device *udev, 682 struct usb_attach_arg *uaa) 683 { 684 struct usb_interface *iface; 685 struct usb_interface_descriptor *id; 686 687 if (uaa->dev_state != UAA_DEV_READY) 688 return; 689 690 iface = usbd_get_iface(udev, 0); 691 if (iface == NULL) 692 return; 693 id = iface->idesc; 694 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 695 return; 696 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 697 return; 698 699 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 700 uaa->dev_state = UAA_DEV_EJECTING; 701 } 702 703 static int 704 run_driver_loaded(struct module *mod, int what, void *arg) 705 { 706 switch (what) { 707 case MOD_LOAD: 708 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 709 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 710 break; 711 case MOD_UNLOAD: 712 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 713 break; 714 default: 715 return (EOPNOTSUPP); 716 } 717 return (0); 718 } 719 720 static int 721 run_match(device_t self) 722 { 723 struct usb_attach_arg *uaa = device_get_ivars(self); 724 725 if (uaa->usb_mode != USB_MODE_HOST) 726 return (ENXIO); 727 if (uaa->info.bConfigIndex != 0) 728 return (ENXIO); 729 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 730 return (ENXIO); 731 732 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 733 } 734 735 static int 736 run_attach(device_t self) 737 { 738 struct run_softc *sc = device_get_softc(self); 739 struct usb_attach_arg *uaa = device_get_ivars(self); 740 struct ieee80211com *ic = &sc->sc_ic; 741 uint32_t ver; 742 uint8_t iface_index; 743 int ntries, error; 744 745 device_set_usb_desc(self); 746 sc->sc_udev = uaa->device; 747 sc->sc_dev = self; 748 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 749 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 750 751 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 752 MTX_NETWORK_LOCK, MTX_DEF); 753 mbufq_init(&sc->sc_snd, ifqmaxlen); 754 755 iface_index = RT2860_IFACE_INDEX; 756 757 error = usbd_transfer_setup(uaa->device, &iface_index, 758 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 759 if (error) { 760 device_printf(self, "could not allocate USB transfers, " 761 "err=%s\n", usbd_errstr(error)); 762 goto detach; 763 } 764 765 RUN_LOCK(sc); 766 767 /* wait for the chip to settle */ 768 for (ntries = 0; ntries < 100; ntries++) { 769 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 770 RUN_UNLOCK(sc); 771 goto detach; 772 } 773 if (ver != 0 && ver != 0xffffffff) 774 break; 775 run_delay(sc, 10); 776 } 777 if (ntries == 100) { 778 device_printf(sc->sc_dev, 779 "timeout waiting for NIC to initialize\n"); 780 RUN_UNLOCK(sc); 781 goto detach; 782 } 783 sc->mac_ver = ver >> 16; 784 sc->mac_rev = ver & 0xffff; 785 786 /* retrieve RF rev. no and various other things from EEPROM */ 787 run_read_eeprom(sc); 788 789 device_printf(sc->sc_dev, 790 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 791 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 792 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 793 794 RUN_UNLOCK(sc); 795 796 ic->ic_softc = sc; 797 ic->ic_name = device_get_nameunit(self); 798 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 799 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 800 801 /* set device capabilities */ 802 ic->ic_caps = 803 IEEE80211_C_STA | /* station mode supported */ 804 IEEE80211_C_MONITOR | /* monitor mode supported */ 805 IEEE80211_C_IBSS | 806 IEEE80211_C_HOSTAP | 807 IEEE80211_C_WDS | /* 4-address traffic works */ 808 IEEE80211_C_MBSS | 809 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 810 IEEE80211_C_SHSLOT | /* short slot time supported */ 811 IEEE80211_C_WME | /* WME */ 812 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 813 814 ic->ic_cryptocaps = 815 IEEE80211_CRYPTO_WEP | 816 IEEE80211_CRYPTO_AES_CCM | 817 IEEE80211_CRYPTO_TKIPMIC | 818 IEEE80211_CRYPTO_TKIP; 819 820 ic->ic_flags |= IEEE80211_F_DATAPAD; 821 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 822 823 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 824 ic->ic_channels); 825 826 ieee80211_ifattach(ic); 827 828 ic->ic_scan_start = run_scan_start; 829 ic->ic_scan_end = run_scan_end; 830 ic->ic_set_channel = run_set_channel; 831 ic->ic_getradiocaps = run_getradiocaps; 832 ic->ic_node_alloc = run_node_alloc; 833 ic->ic_newassoc = run_newassoc; 834 ic->ic_updateslot = run_updateslot; 835 ic->ic_update_mcast = run_update_mcast; 836 ic->ic_wme.wme_update = run_wme_update; 837 ic->ic_raw_xmit = run_raw_xmit; 838 ic->ic_update_promisc = run_update_promisc; 839 ic->ic_vap_create = run_vap_create; 840 ic->ic_vap_delete = run_vap_delete; 841 ic->ic_transmit = run_transmit; 842 ic->ic_parent = run_parent; 843 844 ieee80211_radiotap_attach(ic, 845 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 846 RUN_TX_RADIOTAP_PRESENT, 847 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 848 RUN_RX_RADIOTAP_PRESENT); 849 850 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 851 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 852 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 853 854 if (bootverbose) 855 ieee80211_announce(ic); 856 857 return (0); 858 859 detach: 860 run_detach(self); 861 return (ENXIO); 862 } 863 864 static void 865 run_drain_mbufq(struct run_softc *sc) 866 { 867 struct mbuf *m; 868 struct ieee80211_node *ni; 869 870 RUN_LOCK_ASSERT(sc, MA_OWNED); 871 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 872 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 873 m->m_pkthdr.rcvif = NULL; 874 ieee80211_free_node(ni); 875 m_freem(m); 876 } 877 } 878 879 static int 880 run_detach(device_t self) 881 { 882 struct run_softc *sc = device_get_softc(self); 883 struct ieee80211com *ic = &sc->sc_ic; 884 int i; 885 886 RUN_LOCK(sc); 887 sc->sc_detached = 1; 888 RUN_UNLOCK(sc); 889 890 /* stop all USB transfers */ 891 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 892 893 RUN_LOCK(sc); 894 sc->ratectl_run = RUN_RATECTL_OFF; 895 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 896 897 /* free TX list, if any */ 898 for (i = 0; i != RUN_EP_QUEUES; i++) 899 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 900 901 /* Free TX queue */ 902 run_drain_mbufq(sc); 903 RUN_UNLOCK(sc); 904 905 if (sc->sc_ic.ic_softc == sc) { 906 /* drain tasks */ 907 usb_callout_drain(&sc->ratectl_ch); 908 ieee80211_draintask(ic, &sc->cmdq_task); 909 ieee80211_draintask(ic, &sc->ratectl_task); 910 ieee80211_ifdetach(ic); 911 } 912 913 mtx_destroy(&sc->sc_mtx); 914 915 return (0); 916 } 917 918 static struct ieee80211vap * 919 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 920 enum ieee80211_opmode opmode, int flags, 921 const uint8_t bssid[IEEE80211_ADDR_LEN], 922 const uint8_t mac[IEEE80211_ADDR_LEN]) 923 { 924 struct run_softc *sc = ic->ic_softc; 925 struct run_vap *rvp; 926 struct ieee80211vap *vap; 927 int i; 928 929 if (sc->rvp_cnt >= RUN_VAP_MAX) { 930 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 931 return (NULL); 932 } 933 934 switch (opmode) { 935 case IEEE80211_M_STA: 936 /* enable s/w bmiss handling for sta mode */ 937 flags |= IEEE80211_CLONE_NOBEACONS; 938 /* fall though */ 939 case IEEE80211_M_IBSS: 940 case IEEE80211_M_MONITOR: 941 case IEEE80211_M_HOSTAP: 942 case IEEE80211_M_MBSS: 943 /* other than WDS vaps, only one at a time */ 944 if (!TAILQ_EMPTY(&ic->ic_vaps)) 945 return (NULL); 946 break; 947 case IEEE80211_M_WDS: 948 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 949 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 950 continue; 951 /* WDS vap's always share the local mac address. */ 952 flags &= ~IEEE80211_CLONE_BSSID; 953 break; 954 } 955 if (vap == NULL) { 956 device_printf(sc->sc_dev, 957 "wds only supported in ap mode\n"); 958 return (NULL); 959 } 960 break; 961 default: 962 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 963 return (NULL); 964 } 965 966 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 967 vap = &rvp->vap; 968 969 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 970 bssid) != 0) { 971 /* out of memory */ 972 free(rvp, M_80211_VAP); 973 return (NULL); 974 } 975 976 vap->iv_update_beacon = run_update_beacon; 977 vap->iv_max_aid = RT2870_WCID_MAX; 978 /* 979 * To delete the right key from h/w, we need wcid. 980 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 981 * and matching wcid will be written into there. So, cast 982 * some spells to remove 'const' from ieee80211_key{} 983 */ 984 vap->iv_key_delete = (void *)run_key_delete; 985 vap->iv_key_set = (void *)run_key_set; 986 987 /* override state transition machine */ 988 rvp->newstate = vap->iv_newstate; 989 vap->iv_newstate = run_newstate; 990 if (opmode == IEEE80211_M_IBSS) { 991 rvp->recv_mgmt = vap->iv_recv_mgmt; 992 vap->iv_recv_mgmt = run_recv_mgmt; 993 } 994 995 ieee80211_ratectl_init(vap); 996 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 997 998 /* complete setup */ 999 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 1000 mac); 1001 1002 /* make sure id is always unique */ 1003 for (i = 0; i < RUN_VAP_MAX; i++) { 1004 if((sc->rvp_bmap & 1 << i) == 0){ 1005 sc->rvp_bmap |= 1 << i; 1006 rvp->rvp_id = i; 1007 break; 1008 } 1009 } 1010 if (sc->rvp_cnt++ == 0) 1011 ic->ic_opmode = opmode; 1012 1013 if (opmode == IEEE80211_M_HOSTAP) 1014 sc->cmdq_run = RUN_CMDQ_GO; 1015 1016 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1017 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1018 1019 return (vap); 1020 } 1021 1022 static void 1023 run_vap_delete(struct ieee80211vap *vap) 1024 { 1025 struct run_vap *rvp = RUN_VAP(vap); 1026 struct ieee80211com *ic; 1027 struct run_softc *sc; 1028 uint8_t rvp_id; 1029 1030 if (vap == NULL) 1031 return; 1032 1033 ic = vap->iv_ic; 1034 sc = ic->ic_softc; 1035 1036 RUN_LOCK(sc); 1037 1038 m_freem(rvp->beacon_mbuf); 1039 rvp->beacon_mbuf = NULL; 1040 1041 rvp_id = rvp->rvp_id; 1042 sc->ratectl_run &= ~(1 << rvp_id); 1043 sc->rvp_bmap &= ~(1 << rvp_id); 1044 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1045 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1046 --sc->rvp_cnt; 1047 1048 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1049 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1050 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1051 1052 RUN_UNLOCK(sc); 1053 1054 ieee80211_ratectl_deinit(vap); 1055 ieee80211_vap_detach(vap); 1056 free(rvp, M_80211_VAP); 1057 } 1058 1059 /* 1060 * There are numbers of functions need to be called in context thread. 1061 * Rather than creating taskqueue event for each of those functions, 1062 * here is all-for-one taskqueue callback function. This function 1063 * guarantees deferred functions are executed in the same order they 1064 * were enqueued. 1065 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1066 */ 1067 static void 1068 run_cmdq_cb(void *arg, int pending) 1069 { 1070 struct run_softc *sc = arg; 1071 uint8_t i; 1072 1073 /* call cmdq[].func locked */ 1074 RUN_LOCK(sc); 1075 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1076 i = sc->cmdq_exec, pending--) { 1077 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1078 i, pending); 1079 if (sc->cmdq_run == RUN_CMDQ_GO) { 1080 /* 1081 * If arg0 is NULL, callback func needs more 1082 * than one arg. So, pass ptr to cmdq struct. 1083 */ 1084 if (sc->cmdq[i].arg0) 1085 sc->cmdq[i].func(sc->cmdq[i].arg0); 1086 else 1087 sc->cmdq[i].func(&sc->cmdq[i]); 1088 } 1089 sc->cmdq[i].arg0 = NULL; 1090 sc->cmdq[i].func = NULL; 1091 sc->cmdq_exec++; 1092 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1093 } 1094 RUN_UNLOCK(sc); 1095 } 1096 1097 static void 1098 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1099 { 1100 struct run_tx_data *data; 1101 1102 memset(pq, 0, sizeof(*pq)); 1103 1104 STAILQ_INIT(&pq->tx_qh); 1105 STAILQ_INIT(&pq->tx_fh); 1106 1107 for (data = &pq->tx_data[0]; 1108 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1109 data->sc = sc; 1110 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1111 } 1112 pq->tx_nfree = RUN_TX_RING_COUNT; 1113 } 1114 1115 static void 1116 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1117 { 1118 struct run_tx_data *data; 1119 1120 /* make sure any subsequent use of the queues will fail */ 1121 pq->tx_nfree = 0; 1122 STAILQ_INIT(&pq->tx_fh); 1123 STAILQ_INIT(&pq->tx_qh); 1124 1125 /* free up all node references and mbufs */ 1126 for (data = &pq->tx_data[0]; 1127 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1128 if (data->m != NULL) { 1129 m_freem(data->m); 1130 data->m = NULL; 1131 } 1132 if (data->ni != NULL) { 1133 ieee80211_free_node(data->ni); 1134 data->ni = NULL; 1135 } 1136 } 1137 } 1138 1139 static int 1140 run_load_microcode(struct run_softc *sc) 1141 { 1142 usb_device_request_t req; 1143 const struct firmware *fw; 1144 const u_char *base; 1145 uint32_t tmp; 1146 int ntries, error; 1147 const uint64_t *temp; 1148 uint64_t bytes; 1149 1150 RUN_UNLOCK(sc); 1151 fw = firmware_get("runfw"); 1152 RUN_LOCK(sc); 1153 if (fw == NULL) { 1154 device_printf(sc->sc_dev, 1155 "failed loadfirmware of file %s\n", "runfw"); 1156 return ENOENT; 1157 } 1158 1159 if (fw->datasize != 8192) { 1160 device_printf(sc->sc_dev, 1161 "invalid firmware size (should be 8KB)\n"); 1162 error = EINVAL; 1163 goto fail; 1164 } 1165 1166 /* 1167 * RT3071/RT3072 use a different firmware 1168 * run-rt2870 (8KB) contains both, 1169 * first half (4KB) is for rt2870, 1170 * last half is for rt3071. 1171 */ 1172 base = fw->data; 1173 if ((sc->mac_ver) != 0x2860 && 1174 (sc->mac_ver) != 0x2872 && 1175 (sc->mac_ver) != 0x3070) { 1176 base += 4096; 1177 } 1178 1179 /* cheap sanity check */ 1180 temp = fw->data; 1181 bytes = *temp; 1182 if (bytes != be64toh(0xffffff0210280210ULL)) { 1183 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1184 error = EINVAL; 1185 goto fail; 1186 } 1187 1188 /* write microcode image */ 1189 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1190 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1191 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1192 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1193 } 1194 1195 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1196 req.bRequest = RT2870_RESET; 1197 USETW(req.wValue, 8); 1198 USETW(req.wIndex, 0); 1199 USETW(req.wLength, 0); 1200 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1201 != 0) { 1202 device_printf(sc->sc_dev, "firmware reset failed\n"); 1203 goto fail; 1204 } 1205 1206 run_delay(sc, 10); 1207 1208 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1209 run_write(sc, RT2860_H2M_MAILBOX, 0); 1210 run_write(sc, RT2860_H2M_INTSRC, 0); 1211 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1212 goto fail; 1213 1214 /* wait until microcontroller is ready */ 1215 for (ntries = 0; ntries < 1000; ntries++) { 1216 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1217 goto fail; 1218 if (tmp & RT2860_MCU_READY) 1219 break; 1220 run_delay(sc, 10); 1221 } 1222 if (ntries == 1000) { 1223 device_printf(sc->sc_dev, 1224 "timeout waiting for MCU to initialize\n"); 1225 error = ETIMEDOUT; 1226 goto fail; 1227 } 1228 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1229 (base == fw->data) ? "RT2870" : "RT3071", 1230 *(base + 4092), *(base + 4093)); 1231 1232 fail: 1233 firmware_put(fw, FIRMWARE_UNLOAD); 1234 return (error); 1235 } 1236 1237 static int 1238 run_reset(struct run_softc *sc) 1239 { 1240 usb_device_request_t req; 1241 1242 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1243 req.bRequest = RT2870_RESET; 1244 USETW(req.wValue, 1); 1245 USETW(req.wIndex, 0); 1246 USETW(req.wLength, 0); 1247 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1248 } 1249 1250 static usb_error_t 1251 run_do_request(struct run_softc *sc, 1252 struct usb_device_request *req, void *data) 1253 { 1254 usb_error_t err; 1255 int ntries = 10; 1256 1257 RUN_LOCK_ASSERT(sc, MA_OWNED); 1258 1259 while (ntries--) { 1260 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1261 req, data, 0, NULL, 250 /* ms */); 1262 if (err == 0) 1263 break; 1264 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1265 "Control request failed, %s (retrying)\n", 1266 usbd_errstr(err)); 1267 run_delay(sc, 10); 1268 } 1269 return (err); 1270 } 1271 1272 static int 1273 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1274 { 1275 uint32_t tmp; 1276 int error; 1277 1278 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1279 if (error == 0) 1280 *val = le32toh(tmp); 1281 else 1282 *val = 0xffffffff; 1283 return (error); 1284 } 1285 1286 static int 1287 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1288 { 1289 usb_device_request_t req; 1290 1291 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1292 req.bRequest = RT2870_READ_REGION_1; 1293 USETW(req.wValue, 0); 1294 USETW(req.wIndex, reg); 1295 USETW(req.wLength, len); 1296 1297 return (run_do_request(sc, &req, buf)); 1298 } 1299 1300 static int 1301 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1302 { 1303 usb_device_request_t req; 1304 1305 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1306 req.bRequest = RT2870_WRITE_2; 1307 USETW(req.wValue, val); 1308 USETW(req.wIndex, reg); 1309 USETW(req.wLength, 0); 1310 1311 return (run_do_request(sc, &req, NULL)); 1312 } 1313 1314 static int 1315 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1316 { 1317 int error; 1318 1319 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1320 error = run_write_2(sc, reg + 2, val >> 16); 1321 return (error); 1322 } 1323 1324 static int 1325 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1326 int len) 1327 { 1328 #if 1 1329 int i, error = 0; 1330 /* 1331 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1332 * We thus issue multiple WRITE_2 commands instead. 1333 */ 1334 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1335 for (i = 0; i < len && error == 0; i += 2) 1336 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1337 return (error); 1338 #else 1339 usb_device_request_t req; 1340 int error = 0; 1341 1342 /* 1343 * NOTE: It appears the WRITE_REGION_1 command cannot be 1344 * passed a huge amount of data, which will crash the 1345 * firmware. Limit amount of data passed to 64-bytes at a 1346 * time. 1347 */ 1348 while (len > 0) { 1349 int delta = 64; 1350 if (delta > len) 1351 delta = len; 1352 1353 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1354 req.bRequest = RT2870_WRITE_REGION_1; 1355 USETW(req.wValue, 0); 1356 USETW(req.wIndex, reg); 1357 USETW(req.wLength, delta); 1358 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1359 if (error != 0) 1360 break; 1361 reg += delta; 1362 buf += delta; 1363 len -= delta; 1364 } 1365 return (error); 1366 #endif 1367 } 1368 1369 static int 1370 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1371 { 1372 int i, error = 0; 1373 1374 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1375 for (i = 0; i < len && error == 0; i += 4) 1376 error = run_write(sc, reg + i, val); 1377 return (error); 1378 } 1379 1380 static int 1381 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1382 { 1383 uint32_t tmp; 1384 uint16_t reg; 1385 int error, ntries; 1386 1387 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1388 return (error); 1389 1390 if (count == 2) 1391 addr *= 2; 1392 /*- 1393 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1394 * DATA0: F E D C 1395 * DATA1: B A 9 8 1396 * DATA2: 7 6 5 4 1397 * DATA3: 3 2 1 0 1398 */ 1399 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1400 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1401 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1402 for (ntries = 0; ntries < 100; ntries++) { 1403 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1404 return (error); 1405 if (!(tmp & RT3070_EFSROM_KICK)) 1406 break; 1407 run_delay(sc, 2); 1408 } 1409 if (ntries == 100) 1410 return (ETIMEDOUT); 1411 1412 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1413 *val = 0xffff; /* address not found */ 1414 return (0); 1415 } 1416 /* determine to which 32-bit register our 16-bit word belongs */ 1417 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1418 if ((error = run_read(sc, reg, &tmp)) != 0) 1419 return (error); 1420 1421 tmp >>= (8 * (addr & 0x3)); 1422 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1423 1424 return (0); 1425 } 1426 1427 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1428 static int 1429 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1430 { 1431 return (run_efuse_read(sc, addr, val, 2)); 1432 } 1433 1434 static int 1435 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1436 { 1437 usb_device_request_t req; 1438 uint16_t tmp; 1439 int error; 1440 1441 addr *= 2; 1442 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1443 req.bRequest = RT2870_EEPROM_READ; 1444 USETW(req.wValue, 0); 1445 USETW(req.wIndex, addr); 1446 USETW(req.wLength, sizeof(tmp)); 1447 1448 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1449 if (error == 0) 1450 *val = le16toh(tmp); 1451 else 1452 *val = 0xffff; 1453 return (error); 1454 } 1455 1456 static __inline int 1457 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1458 { 1459 /* either eFUSE ROM or EEPROM */ 1460 return sc->sc_srom_read(sc, addr, val); 1461 } 1462 1463 static int 1464 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1465 { 1466 uint32_t tmp; 1467 int error, ntries; 1468 1469 for (ntries = 0; ntries < 10; ntries++) { 1470 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1471 return (error); 1472 if (!(tmp & RT2860_RF_REG_CTRL)) 1473 break; 1474 } 1475 if (ntries == 10) 1476 return (ETIMEDOUT); 1477 1478 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1479 } 1480 1481 static int 1482 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1483 { 1484 uint32_t tmp; 1485 int error, ntries; 1486 1487 for (ntries = 0; ntries < 100; ntries++) { 1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1489 return (error); 1490 if (!(tmp & RT3070_RF_KICK)) 1491 break; 1492 } 1493 if (ntries == 100) 1494 return (ETIMEDOUT); 1495 1496 tmp = RT3070_RF_KICK | reg << 8; 1497 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1498 return (error); 1499 1500 for (ntries = 0; ntries < 100; ntries++) { 1501 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1502 return (error); 1503 if (!(tmp & RT3070_RF_KICK)) 1504 break; 1505 } 1506 if (ntries == 100) 1507 return (ETIMEDOUT); 1508 1509 *val = tmp & 0xff; 1510 return (0); 1511 } 1512 1513 static int 1514 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1515 { 1516 uint32_t tmp; 1517 int error, ntries; 1518 1519 for (ntries = 0; ntries < 10; ntries++) { 1520 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1521 return (error); 1522 if (!(tmp & RT3070_RF_KICK)) 1523 break; 1524 } 1525 if (ntries == 10) 1526 return (ETIMEDOUT); 1527 1528 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1529 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1530 } 1531 1532 static int 1533 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1534 { 1535 uint32_t tmp; 1536 int ntries, error; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_BBP_CSR_KICK)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1548 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1549 return (error); 1550 1551 for (ntries = 0; ntries < 10; ntries++) { 1552 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1553 return (error); 1554 if (!(tmp & RT2860_BBP_CSR_KICK)) 1555 break; 1556 } 1557 if (ntries == 10) 1558 return (ETIMEDOUT); 1559 1560 *val = tmp & 0xff; 1561 return (0); 1562 } 1563 1564 static int 1565 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1566 { 1567 uint32_t tmp; 1568 int ntries, error; 1569 1570 for (ntries = 0; ntries < 10; ntries++) { 1571 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1572 return (error); 1573 if (!(tmp & RT2860_BBP_CSR_KICK)) 1574 break; 1575 } 1576 if (ntries == 10) 1577 return (ETIMEDOUT); 1578 1579 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1580 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1581 } 1582 1583 /* 1584 * Send a command to the 8051 microcontroller unit. 1585 */ 1586 static int 1587 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1588 { 1589 uint32_t tmp; 1590 int error, ntries; 1591 1592 for (ntries = 0; ntries < 100; ntries++) { 1593 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1594 return error; 1595 if (!(tmp & RT2860_H2M_BUSY)) 1596 break; 1597 } 1598 if (ntries == 100) 1599 return ETIMEDOUT; 1600 1601 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1602 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1603 error = run_write(sc, RT2860_HOST_CMD, cmd); 1604 return (error); 1605 } 1606 1607 /* 1608 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1609 * Used to adjust per-rate Tx power registers. 1610 */ 1611 static __inline uint32_t 1612 b4inc(uint32_t b32, int8_t delta) 1613 { 1614 int8_t i, b4; 1615 1616 for (i = 0; i < 8; i++) { 1617 b4 = b32 & 0xf; 1618 b4 += delta; 1619 if (b4 < 0) 1620 b4 = 0; 1621 else if (b4 > 0xf) 1622 b4 = 0xf; 1623 b32 = b32 >> 4 | b4 << 28; 1624 } 1625 return (b32); 1626 } 1627 1628 static const char * 1629 run_get_rf(uint16_t rev) 1630 { 1631 switch (rev) { 1632 case RT2860_RF_2820: return "RT2820"; 1633 case RT2860_RF_2850: return "RT2850"; 1634 case RT2860_RF_2720: return "RT2720"; 1635 case RT2860_RF_2750: return "RT2750"; 1636 case RT3070_RF_3020: return "RT3020"; 1637 case RT3070_RF_2020: return "RT2020"; 1638 case RT3070_RF_3021: return "RT3021"; 1639 case RT3070_RF_3022: return "RT3022"; 1640 case RT3070_RF_3052: return "RT3052"; 1641 case RT3593_RF_3053: return "RT3053"; 1642 case RT5592_RF_5592: return "RT5592"; 1643 case RT5390_RF_5370: return "RT5370"; 1644 case RT5390_RF_5372: return "RT5372"; 1645 } 1646 return ("unknown"); 1647 } 1648 1649 static void 1650 run_rt3593_get_txpower(struct run_softc *sc) 1651 { 1652 uint16_t addr, val; 1653 int i; 1654 1655 /* Read power settings for 2GHz channels. */ 1656 for (i = 0; i < 14; i += 2) { 1657 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1658 RT2860_EEPROM_PWR2GHZ_BASE1; 1659 run_srom_read(sc, addr + i / 2, &val); 1660 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1661 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1662 1663 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1664 RT2860_EEPROM_PWR2GHZ_BASE2; 1665 run_srom_read(sc, addr + i / 2, &val); 1666 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1667 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1668 1669 if (sc->ntxchains == 3) { 1670 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1671 &val); 1672 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1673 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1674 } 1675 } 1676 /* Fix broken Tx power entries. */ 1677 for (i = 0; i < 14; i++) { 1678 if (sc->txpow1[i] > 31) 1679 sc->txpow1[i] = 5; 1680 if (sc->txpow2[i] > 31) 1681 sc->txpow2[i] = 5; 1682 if (sc->ntxchains == 3) { 1683 if (sc->txpow3[i] > 31) 1684 sc->txpow3[i] = 5; 1685 } 1686 } 1687 /* Read power settings for 5GHz channels. */ 1688 for (i = 0; i < 40; i += 2) { 1689 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1690 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1691 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1692 1693 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1694 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1695 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1696 1697 if (sc->ntxchains == 3) { 1698 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1699 &val); 1700 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1701 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1702 } 1703 } 1704 } 1705 1706 static void 1707 run_get_txpower(struct run_softc *sc) 1708 { 1709 uint16_t val; 1710 int i; 1711 1712 /* Read power settings for 2GHz channels. */ 1713 for (i = 0; i < 14; i += 2) { 1714 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1715 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1716 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1717 1718 if (sc->mac_ver != 0x5390) { 1719 run_srom_read(sc, 1720 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1721 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1722 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1723 } 1724 } 1725 /* Fix broken Tx power entries. */ 1726 for (i = 0; i < 14; i++) { 1727 if (sc->mac_ver >= 0x5390) { 1728 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1729 sc->txpow1[i] = 5; 1730 } else { 1731 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1732 sc->txpow1[i] = 5; 1733 } 1734 if (sc->mac_ver > 0x5390) { 1735 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1736 sc->txpow2[i] = 5; 1737 } else if (sc->mac_ver < 0x5390) { 1738 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1739 sc->txpow2[i] = 5; 1740 } 1741 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1742 "chan %d: power1=%d, power2=%d\n", 1743 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1744 } 1745 /* Read power settings for 5GHz channels. */ 1746 for (i = 0; i < 40; i += 2) { 1747 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1748 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1749 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1750 1751 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1752 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1753 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1754 } 1755 /* Fix broken Tx power entries. */ 1756 for (i = 0; i < 40; i++ ) { 1757 if (sc->mac_ver != 0x5592) { 1758 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1759 sc->txpow1[14 + i] = 5; 1760 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1761 sc->txpow2[14 + i] = 5; 1762 } 1763 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1764 "chan %d: power1=%d, power2=%d\n", 1765 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1766 sc->txpow2[14 + i]); 1767 } 1768 } 1769 1770 static int 1771 run_read_eeprom(struct run_softc *sc) 1772 { 1773 struct ieee80211com *ic = &sc->sc_ic; 1774 int8_t delta_2ghz, delta_5ghz; 1775 uint32_t tmp; 1776 uint16_t val; 1777 int ridx, ant, i; 1778 1779 /* check whether the ROM is eFUSE ROM or EEPROM */ 1780 sc->sc_srom_read = run_eeprom_read_2; 1781 if (sc->mac_ver >= 0x3070) { 1782 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1783 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1784 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1785 sc->sc_srom_read = run_efuse_read_2; 1786 } 1787 1788 /* read ROM version */ 1789 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1790 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1791 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1792 1793 /* read MAC address */ 1794 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1795 ic->ic_macaddr[0] = val & 0xff; 1796 ic->ic_macaddr[1] = val >> 8; 1797 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1798 ic->ic_macaddr[2] = val & 0xff; 1799 ic->ic_macaddr[3] = val >> 8; 1800 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1801 ic->ic_macaddr[4] = val & 0xff; 1802 ic->ic_macaddr[5] = val >> 8; 1803 1804 if (sc->mac_ver < 0x3593) { 1805 /* read vender BBP settings */ 1806 for (i = 0; i < 10; i++) { 1807 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1808 sc->bbp[i].val = val & 0xff; 1809 sc->bbp[i].reg = val >> 8; 1810 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1811 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1812 } 1813 if (sc->mac_ver >= 0x3071) { 1814 /* read vendor RF settings */ 1815 for (i = 0; i < 10; i++) { 1816 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1817 &val); 1818 sc->rf[i].val = val & 0xff; 1819 sc->rf[i].reg = val >> 8; 1820 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1821 sc->rf[i].reg, sc->rf[i].val); 1822 } 1823 } 1824 } 1825 1826 /* read RF frequency offset from EEPROM */ 1827 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1828 RT3593_EEPROM_FREQ, &val); 1829 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1830 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1831 sc->freq & 0xff); 1832 1833 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1834 RT3593_EEPROM_FREQ_LEDS, &val); 1835 if (val >> 8 != 0xff) { 1836 /* read LEDs operating mode */ 1837 sc->leds = val >> 8; 1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1839 RT3593_EEPROM_LED1, &sc->led[0]); 1840 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1841 RT3593_EEPROM_LED2, &sc->led[1]); 1842 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1843 RT3593_EEPROM_LED3, &sc->led[2]); 1844 } else { 1845 /* broken EEPROM, use default settings */ 1846 sc->leds = 0x01; 1847 sc->led[0] = 0x5555; 1848 sc->led[1] = 0x2221; 1849 sc->led[2] = 0x5627; /* differs from RT2860 */ 1850 } 1851 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1852 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1853 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1854 1855 /* read RF information */ 1856 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1857 run_srom_read(sc, 0x00, &val); 1858 else 1859 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1860 1861 if (val == 0xffff) { 1862 device_printf(sc->sc_dev, 1863 "invalid EEPROM antenna info, using default\n"); 1864 if (sc->mac_ver == 0x3572) { 1865 /* default to RF3052 2T2R */ 1866 sc->rf_rev = RT3070_RF_3052; 1867 sc->ntxchains = 2; 1868 sc->nrxchains = 2; 1869 } else if (sc->mac_ver >= 0x3070) { 1870 /* default to RF3020 1T1R */ 1871 sc->rf_rev = RT3070_RF_3020; 1872 sc->ntxchains = 1; 1873 sc->nrxchains = 1; 1874 } else { 1875 /* default to RF2820 1T2R */ 1876 sc->rf_rev = RT2860_RF_2820; 1877 sc->ntxchains = 1; 1878 sc->nrxchains = 2; 1879 } 1880 } else { 1881 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1882 sc->rf_rev = val; 1883 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1884 } else 1885 sc->rf_rev = (val >> 8) & 0xf; 1886 sc->ntxchains = (val >> 4) & 0xf; 1887 sc->nrxchains = val & 0xf; 1888 } 1889 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1890 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1891 1892 /* check if RF supports automatic Tx access gain control */ 1893 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1894 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1895 /* check if driver should patch the DAC issue */ 1896 if ((val >> 8) != 0xff) 1897 sc->patch_dac = (val >> 15) & 1; 1898 if ((val & 0xff) != 0xff) { 1899 sc->ext_5ghz_lna = (val >> 3) & 1; 1900 sc->ext_2ghz_lna = (val >> 2) & 1; 1901 /* check if RF supports automatic Tx access gain control */ 1902 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1903 /* check if we have a hardware radio switch */ 1904 sc->rfswitch = val & 1; 1905 } 1906 1907 /* Read Tx power settings. */ 1908 if (sc->mac_ver == 0x3593) 1909 run_rt3593_get_txpower(sc); 1910 else 1911 run_get_txpower(sc); 1912 1913 /* read Tx power compensation for each Tx rate */ 1914 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1915 delta_2ghz = delta_5ghz = 0; 1916 if ((val & 0xff) != 0xff && (val & 0x80)) { 1917 delta_2ghz = val & 0xf; 1918 if (!(val & 0x40)) /* negative number */ 1919 delta_2ghz = -delta_2ghz; 1920 } 1921 val >>= 8; 1922 if ((val & 0xff) != 0xff && (val & 0x80)) { 1923 delta_5ghz = val & 0xf; 1924 if (!(val & 0x40)) /* negative number */ 1925 delta_5ghz = -delta_5ghz; 1926 } 1927 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1928 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1929 1930 for (ridx = 0; ridx < 5; ridx++) { 1931 uint32_t reg; 1932 1933 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1934 reg = val; 1935 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1936 reg |= (uint32_t)val << 16; 1937 1938 sc->txpow20mhz[ridx] = reg; 1939 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1940 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1941 1942 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1943 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1944 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1945 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1946 } 1947 1948 /* Read RSSI offsets and LNA gains from EEPROM. */ 1949 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1950 RT3593_EEPROM_RSSI1_2GHZ, &val); 1951 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1952 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1953 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1954 RT3593_EEPROM_RSSI2_2GHZ, &val); 1955 if (sc->mac_ver >= 0x3070) { 1956 if (sc->mac_ver == 0x3593) { 1957 sc->txmixgain_2ghz = 0; 1958 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1959 } else { 1960 /* 1961 * On RT3070 chips (limited to 2 Rx chains), this ROM 1962 * field contains the Tx mixer gain for the 2GHz band. 1963 */ 1964 if ((val & 0xff) != 0xff) 1965 sc->txmixgain_2ghz = val & 0x7; 1966 } 1967 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1968 sc->txmixgain_2ghz); 1969 } else 1970 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1971 if (sc->mac_ver == 0x3593) 1972 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1973 sc->lna[2] = val >> 8; /* channel group 2 */ 1974 1975 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1976 RT3593_EEPROM_RSSI1_5GHZ, &val); 1977 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1978 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1979 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1980 RT3593_EEPROM_RSSI2_5GHZ, &val); 1981 if (sc->mac_ver == 0x3572) { 1982 /* 1983 * On RT3572 chips (limited to 2 Rx chains), this ROM 1984 * field contains the Tx mixer gain for the 5GHz band. 1985 */ 1986 if ((val & 0xff) != 0xff) 1987 sc->txmixgain_5ghz = val & 0x7; 1988 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1989 sc->txmixgain_5ghz); 1990 } else 1991 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1992 if (sc->mac_ver == 0x3593) { 1993 sc->txmixgain_5ghz = 0; 1994 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1995 } 1996 sc->lna[3] = val >> 8; /* channel group 3 */ 1997 1998 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1999 RT3593_EEPROM_LNA, &val); 2000 sc->lna[0] = val & 0xff; /* channel group 0 */ 2001 sc->lna[1] = val >> 8; /* channel group 1 */ 2002 2003 /* fix broken 5GHz LNA entries */ 2004 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2005 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2006 "invalid LNA for channel group %d\n", 2); 2007 sc->lna[2] = sc->lna[1]; 2008 } 2009 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2010 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2011 "invalid LNA for channel group %d\n", 3); 2012 sc->lna[3] = sc->lna[1]; 2013 } 2014 2015 /* fix broken RSSI offset entries */ 2016 for (ant = 0; ant < 3; ant++) { 2017 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2018 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2019 "invalid RSSI%d offset: %d (2GHz)\n", 2020 ant + 1, sc->rssi_2ghz[ant]); 2021 sc->rssi_2ghz[ant] = 0; 2022 } 2023 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2024 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2025 "invalid RSSI%d offset: %d (5GHz)\n", 2026 ant + 1, sc->rssi_5ghz[ant]); 2027 sc->rssi_5ghz[ant] = 0; 2028 } 2029 } 2030 return (0); 2031 } 2032 2033 static struct ieee80211_node * 2034 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2035 { 2036 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 2037 } 2038 2039 static int 2040 run_media_change(struct ifnet *ifp) 2041 { 2042 struct ieee80211vap *vap = ifp->if_softc; 2043 struct ieee80211com *ic = vap->iv_ic; 2044 const struct ieee80211_txparam *tp; 2045 struct run_softc *sc = ic->ic_softc; 2046 uint8_t rate, ridx; 2047 int error; 2048 2049 RUN_LOCK(sc); 2050 2051 error = ieee80211_media_change(ifp); 2052 if (error != ENETRESET) { 2053 RUN_UNLOCK(sc); 2054 return (error); 2055 } 2056 2057 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2058 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2059 struct ieee80211_node *ni; 2060 struct run_node *rn; 2061 2062 rate = ic->ic_sup_rates[ic->ic_curmode]. 2063 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2064 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2065 if (rt2860_rates[ridx].rate == rate) 2066 break; 2067 ni = ieee80211_ref_node(vap->iv_bss); 2068 rn = RUN_NODE(ni); 2069 rn->fix_ridx = ridx; 2070 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2071 rate, rn->fix_ridx); 2072 ieee80211_free_node(ni); 2073 } 2074 2075 #if 0 2076 if ((ifp->if_flags & IFF_UP) && 2077 (ifp->if_drv_flags & RUN_RUNNING)){ 2078 run_init_locked(sc); 2079 } 2080 #endif 2081 2082 RUN_UNLOCK(sc); 2083 2084 return (0); 2085 } 2086 2087 static int 2088 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2089 { 2090 const struct ieee80211_txparam *tp; 2091 struct ieee80211com *ic = vap->iv_ic; 2092 struct run_softc *sc = ic->ic_softc; 2093 struct run_vap *rvp = RUN_VAP(vap); 2094 enum ieee80211_state ostate; 2095 uint32_t sta[3]; 2096 uint32_t tmp; 2097 uint8_t ratectl; 2098 uint8_t restart_ratectl = 0; 2099 uint8_t bid = 1 << rvp->rvp_id; 2100 2101 ostate = vap->iv_state; 2102 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2103 ieee80211_state_name[ostate], 2104 ieee80211_state_name[nstate]); 2105 2106 IEEE80211_UNLOCK(ic); 2107 RUN_LOCK(sc); 2108 2109 ratectl = sc->ratectl_run; /* remember current state */ 2110 sc->ratectl_run = RUN_RATECTL_OFF; 2111 usb_callout_stop(&sc->ratectl_ch); 2112 2113 if (ostate == IEEE80211_S_RUN) { 2114 /* turn link LED off */ 2115 run_set_leds(sc, RT2860_LED_RADIO); 2116 } 2117 2118 switch (nstate) { 2119 case IEEE80211_S_INIT: 2120 restart_ratectl = 1; 2121 2122 if (ostate != IEEE80211_S_RUN) 2123 break; 2124 2125 ratectl &= ~bid; 2126 sc->runbmap &= ~bid; 2127 2128 /* abort TSF synchronization if there is no vap running */ 2129 if (--sc->running == 0) { 2130 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2131 run_write(sc, RT2860_BCN_TIME_CFG, 2132 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2133 RT2860_TBTT_TIMER_EN)); 2134 } 2135 break; 2136 2137 case IEEE80211_S_RUN: 2138 if (!(sc->runbmap & bid)) { 2139 if(sc->running++) 2140 restart_ratectl = 1; 2141 sc->runbmap |= bid; 2142 } 2143 2144 m_freem(rvp->beacon_mbuf); 2145 rvp->beacon_mbuf = NULL; 2146 2147 switch (vap->iv_opmode) { 2148 case IEEE80211_M_HOSTAP: 2149 case IEEE80211_M_MBSS: 2150 sc->ap_running |= bid; 2151 ic->ic_opmode = vap->iv_opmode; 2152 run_update_beacon_cb(vap); 2153 break; 2154 case IEEE80211_M_IBSS: 2155 sc->adhoc_running |= bid; 2156 if (!sc->ap_running) 2157 ic->ic_opmode = vap->iv_opmode; 2158 run_update_beacon_cb(vap); 2159 break; 2160 case IEEE80211_M_STA: 2161 sc->sta_running |= bid; 2162 if (!sc->ap_running && !sc->adhoc_running) 2163 ic->ic_opmode = vap->iv_opmode; 2164 2165 /* read statistic counters (clear on read) */ 2166 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2167 (uint8_t *)sta, sizeof sta); 2168 2169 break; 2170 default: 2171 ic->ic_opmode = vap->iv_opmode; 2172 break; 2173 } 2174 2175 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2176 struct ieee80211_node *ni; 2177 2178 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2179 RUN_UNLOCK(sc); 2180 IEEE80211_LOCK(ic); 2181 return (-1); 2182 } 2183 run_updateslot(ic); 2184 run_enable_mrr(sc); 2185 run_set_txpreamble(sc); 2186 run_set_basicrates(sc); 2187 ni = ieee80211_ref_node(vap->iv_bss); 2188 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2189 run_set_bssid(sc, sc->sc_bssid); 2190 ieee80211_free_node(ni); 2191 run_enable_tsf_sync(sc); 2192 2193 /* enable automatic rate adaptation */ 2194 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2195 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2196 ratectl |= bid; 2197 } else 2198 run_enable_tsf(sc); 2199 2200 /* turn link LED on */ 2201 run_set_leds(sc, RT2860_LED_RADIO | 2202 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2203 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2204 2205 break; 2206 default: 2207 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2208 break; 2209 } 2210 2211 /* restart amrr for running VAPs */ 2212 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2213 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2214 2215 RUN_UNLOCK(sc); 2216 IEEE80211_LOCK(ic); 2217 2218 return(rvp->newstate(vap, nstate, arg)); 2219 } 2220 2221 static int 2222 run_wme_update(struct ieee80211com *ic) 2223 { 2224 struct chanAccParams chp; 2225 struct run_softc *sc = ic->ic_softc; 2226 const struct wmeParams *ac; 2227 int aci, error = 0; 2228 2229 ieee80211_wme_ic_getparams(ic, &chp); 2230 ac = chp.cap_wmeParams; 2231 2232 /* update MAC TX configuration registers */ 2233 RUN_LOCK(sc); 2234 for (aci = 0; aci < WME_NUM_AC; aci++) { 2235 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2236 ac[aci].wmep_logcwmax << 16 | 2237 ac[aci].wmep_logcwmin << 12 | 2238 ac[aci].wmep_aifsn << 8 | 2239 ac[aci].wmep_txopLimit); 2240 if (error) goto err; 2241 } 2242 2243 /* update SCH/DMA registers too */ 2244 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2245 ac[WME_AC_VO].wmep_aifsn << 12 | 2246 ac[WME_AC_VI].wmep_aifsn << 8 | 2247 ac[WME_AC_BK].wmep_aifsn << 4 | 2248 ac[WME_AC_BE].wmep_aifsn); 2249 if (error) goto err; 2250 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2251 ac[WME_AC_VO].wmep_logcwmin << 12 | 2252 ac[WME_AC_VI].wmep_logcwmin << 8 | 2253 ac[WME_AC_BK].wmep_logcwmin << 4 | 2254 ac[WME_AC_BE].wmep_logcwmin); 2255 if (error) goto err; 2256 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2257 ac[WME_AC_VO].wmep_logcwmax << 12 | 2258 ac[WME_AC_VI].wmep_logcwmax << 8 | 2259 ac[WME_AC_BK].wmep_logcwmax << 4 | 2260 ac[WME_AC_BE].wmep_logcwmax); 2261 if (error) goto err; 2262 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2263 ac[WME_AC_BK].wmep_txopLimit << 16 | 2264 ac[WME_AC_BE].wmep_txopLimit); 2265 if (error) goto err; 2266 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2267 ac[WME_AC_VO].wmep_txopLimit << 16 | 2268 ac[WME_AC_VI].wmep_txopLimit); 2269 2270 err: 2271 RUN_UNLOCK(sc); 2272 if (error) 2273 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2274 2275 return (error); 2276 } 2277 2278 static void 2279 run_key_set_cb(void *arg) 2280 { 2281 struct run_cmdq *cmdq = arg; 2282 struct ieee80211vap *vap = cmdq->arg1; 2283 struct ieee80211_key *k = cmdq->k; 2284 struct ieee80211com *ic = vap->iv_ic; 2285 struct run_softc *sc = ic->ic_softc; 2286 struct ieee80211_node *ni; 2287 u_int cipher = k->wk_cipher->ic_cipher; 2288 uint32_t attr; 2289 uint16_t base, associd; 2290 uint8_t mode, wcid, iv[8]; 2291 2292 RUN_LOCK_ASSERT(sc, MA_OWNED); 2293 2294 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2295 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2296 else 2297 ni = vap->iv_bss; 2298 associd = (ni != NULL) ? ni->ni_associd : 0; 2299 2300 /* map net80211 cipher to RT2860 security mode */ 2301 switch (cipher) { 2302 case IEEE80211_CIPHER_WEP: 2303 if(k->wk_keylen < 8) 2304 mode = RT2860_MODE_WEP40; 2305 else 2306 mode = RT2860_MODE_WEP104; 2307 break; 2308 case IEEE80211_CIPHER_TKIP: 2309 mode = RT2860_MODE_TKIP; 2310 break; 2311 case IEEE80211_CIPHER_AES_CCM: 2312 mode = RT2860_MODE_AES_CCMP; 2313 break; 2314 default: 2315 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2316 return; 2317 } 2318 2319 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2320 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2321 associd, k->wk_keyix, mode, 2322 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2323 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2324 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2325 2326 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2327 wcid = 0; /* NB: update WCID0 for group keys */ 2328 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2329 } else { 2330 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2331 1 : RUN_AID2WCID(associd); 2332 base = RT2860_PKEY(wcid); 2333 } 2334 2335 if (cipher == IEEE80211_CIPHER_TKIP) { 2336 if(run_write_region_1(sc, base, k->wk_key, 16)) 2337 return; 2338 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2339 return; 2340 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2341 return; 2342 } else { 2343 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2344 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2345 return; 2346 } 2347 2348 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2349 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2350 /* set initial packet number in IV+EIV */ 2351 if (cipher == IEEE80211_CIPHER_WEP) { 2352 memset(iv, 0, sizeof iv); 2353 iv[3] = vap->iv_def_txkey << 6; 2354 } else { 2355 if (cipher == IEEE80211_CIPHER_TKIP) { 2356 iv[0] = k->wk_keytsc >> 8; 2357 iv[1] = (iv[0] | 0x20) & 0x7f; 2358 iv[2] = k->wk_keytsc; 2359 } else /* CCMP */ { 2360 iv[0] = k->wk_keytsc; 2361 iv[1] = k->wk_keytsc >> 8; 2362 iv[2] = 0; 2363 } 2364 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2365 iv[4] = k->wk_keytsc >> 16; 2366 iv[5] = k->wk_keytsc >> 24; 2367 iv[6] = k->wk_keytsc >> 32; 2368 iv[7] = k->wk_keytsc >> 40; 2369 } 2370 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2371 return; 2372 } 2373 2374 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2375 /* install group key */ 2376 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2377 return; 2378 attr &= ~(0xf << (k->wk_keyix * 4)); 2379 attr |= mode << (k->wk_keyix * 4); 2380 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2381 return; 2382 } else { 2383 /* install pairwise key */ 2384 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2385 return; 2386 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2387 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2388 return; 2389 } 2390 2391 /* TODO create a pass-thru key entry? */ 2392 2393 /* need wcid to delete the right key later */ 2394 k->wk_pad = wcid; 2395 } 2396 2397 /* 2398 * Don't have to be deferred, but in order to keep order of 2399 * execution, i.e. with run_key_delete(), defer this and let 2400 * run_cmdq_cb() maintain the order. 2401 * 2402 * return 0 on error 2403 */ 2404 static int 2405 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2406 { 2407 struct ieee80211com *ic = vap->iv_ic; 2408 struct run_softc *sc = ic->ic_softc; 2409 uint32_t i; 2410 2411 i = RUN_CMDQ_GET(&sc->cmdq_store); 2412 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2413 sc->cmdq[i].func = run_key_set_cb; 2414 sc->cmdq[i].arg0 = NULL; 2415 sc->cmdq[i].arg1 = vap; 2416 sc->cmdq[i].k = k; 2417 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2418 ieee80211_runtask(ic, &sc->cmdq_task); 2419 2420 /* 2421 * To make sure key will be set when hostapd 2422 * calls iv_key_set() before if_init(). 2423 */ 2424 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2425 RUN_LOCK(sc); 2426 sc->cmdq_key_set = RUN_CMDQ_GO; 2427 RUN_UNLOCK(sc); 2428 } 2429 2430 return (1); 2431 } 2432 2433 /* 2434 * If wlan is destroyed without being brought down i.e. without 2435 * wlan down or wpa_cli terminate, this function is called after 2436 * vap is gone. Don't refer it. 2437 */ 2438 static void 2439 run_key_delete_cb(void *arg) 2440 { 2441 struct run_cmdq *cmdq = arg; 2442 struct run_softc *sc = cmdq->arg1; 2443 struct ieee80211_key *k = &cmdq->key; 2444 uint32_t attr; 2445 uint8_t wcid; 2446 2447 RUN_LOCK_ASSERT(sc, MA_OWNED); 2448 2449 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2450 /* remove group key */ 2451 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2452 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2453 attr &= ~(0xf << (k->wk_keyix * 4)); 2454 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2455 } else { 2456 /* remove pairwise key */ 2457 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2458 "removing key for wcid %x\n", k->wk_pad); 2459 /* matching wcid was written to wk_pad in run_key_set() */ 2460 wcid = k->wk_pad; 2461 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2462 attr &= ~0xf; 2463 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2464 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2465 } 2466 2467 k->wk_pad = 0; 2468 } 2469 2470 /* 2471 * return 0 on error 2472 */ 2473 static int 2474 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2475 { 2476 struct ieee80211com *ic = vap->iv_ic; 2477 struct run_softc *sc = ic->ic_softc; 2478 struct ieee80211_key *k0; 2479 uint32_t i; 2480 2481 /* 2482 * When called back, key might be gone. So, make a copy 2483 * of some values need to delete keys before deferring. 2484 * But, because of LOR with node lock, cannot use lock here. 2485 * So, use atomic instead. 2486 */ 2487 i = RUN_CMDQ_GET(&sc->cmdq_store); 2488 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2489 sc->cmdq[i].func = run_key_delete_cb; 2490 sc->cmdq[i].arg0 = NULL; 2491 sc->cmdq[i].arg1 = sc; 2492 k0 = &sc->cmdq[i].key; 2493 k0->wk_flags = k->wk_flags; 2494 k0->wk_keyix = k->wk_keyix; 2495 /* matching wcid was written to wk_pad in run_key_set() */ 2496 k0->wk_pad = k->wk_pad; 2497 ieee80211_runtask(ic, &sc->cmdq_task); 2498 return (1); /* return fake success */ 2499 2500 } 2501 2502 static void 2503 run_ratectl_to(void *arg) 2504 { 2505 struct run_softc *sc = arg; 2506 2507 /* do it in a process context, so it can go sleep */ 2508 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2509 /* next timeout will be rescheduled in the callback task */ 2510 } 2511 2512 /* ARGSUSED */ 2513 static void 2514 run_ratectl_cb(void *arg, int pending) 2515 { 2516 struct run_softc *sc = arg; 2517 struct ieee80211com *ic = &sc->sc_ic; 2518 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2519 2520 if (vap == NULL) 2521 return; 2522 2523 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2524 /* 2525 * run_reset_livelock() doesn't do anything with AMRR, 2526 * but Ralink wants us to call it every 1 sec. So, we 2527 * piggyback here rather than creating another callout. 2528 * Livelock may occur only in HOSTAP or IBSS mode 2529 * (when h/w is sending beacons). 2530 */ 2531 RUN_LOCK(sc); 2532 run_reset_livelock(sc); 2533 /* just in case, there are some stats to drain */ 2534 run_drain_fifo(sc); 2535 RUN_UNLOCK(sc); 2536 } 2537 2538 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2539 2540 RUN_LOCK(sc); 2541 if(sc->ratectl_run != RUN_RATECTL_OFF) 2542 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2543 RUN_UNLOCK(sc); 2544 } 2545 2546 static void 2547 run_drain_fifo(void *arg) 2548 { 2549 struct run_softc *sc = arg; 2550 uint32_t stat; 2551 uint16_t (*wstat)[3]; 2552 uint8_t wcid, mcs, pid; 2553 int8_t retry; 2554 2555 RUN_LOCK_ASSERT(sc, MA_OWNED); 2556 2557 for (;;) { 2558 /* drain Tx status FIFO (maxsize = 16) */ 2559 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2560 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2561 if (!(stat & RT2860_TXQ_VLD)) 2562 break; 2563 2564 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2565 2566 /* if no ACK was requested, no feedback is available */ 2567 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2568 wcid == 0) 2569 continue; 2570 2571 /* 2572 * Even though each stat is Tx-complete-status like format, 2573 * the device can poll stats. Because there is no guarantee 2574 * that the referring node is still around when read the stats. 2575 * So that, if we use ieee80211_ratectl_tx_update(), we will 2576 * have hard time not to refer already freed node. 2577 * 2578 * To eliminate such page faults, we poll stats in softc. 2579 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2580 */ 2581 wstat = &(sc->wcid_stats[wcid]); 2582 (*wstat)[RUN_TXCNT]++; 2583 if (stat & RT2860_TXQ_OK) 2584 (*wstat)[RUN_SUCCESS]++; 2585 else 2586 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2587 /* 2588 * Check if there were retries, ie if the Tx success rate is 2589 * different from the requested rate. Note that it works only 2590 * because we do not allow rate fallback from OFDM to CCK. 2591 */ 2592 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2593 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2594 if ((retry = pid -1 - mcs) > 0) { 2595 (*wstat)[RUN_TXCNT] += retry; 2596 (*wstat)[RUN_RETRY] += retry; 2597 } 2598 } 2599 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2600 2601 sc->fifo_cnt = 0; 2602 } 2603 2604 static void 2605 run_iter_func(void *arg, struct ieee80211_node *ni) 2606 { 2607 struct run_softc *sc = arg; 2608 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2609 struct ieee80211vap *vap = ni->ni_vap; 2610 struct run_node *rn = RUN_NODE(ni); 2611 union run_stats sta[2]; 2612 uint16_t (*wstat)[3]; 2613 int error; 2614 2615 RUN_LOCK(sc); 2616 2617 /* Check for special case */ 2618 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2619 ni != vap->iv_bss) 2620 goto fail; 2621 2622 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2623 IEEE80211_RATECTL_TX_STATS_RETRIES; 2624 txs->ni = ni; 2625 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2626 vap->iv_opmode == IEEE80211_M_STA)) { 2627 /* read statistic counters (clear on read) and update AMRR state */ 2628 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2629 sizeof sta); 2630 if (error != 0) 2631 goto fail; 2632 2633 /* count failed TX as errors */ 2634 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2635 le16toh(sta[0].error.fail)); 2636 2637 txs->nretries = le16toh(sta[1].tx.retry); 2638 txs->nsuccess = le16toh(sta[1].tx.success); 2639 /* nretries??? */ 2640 txs->nframes = txs->nretries + txs->nsuccess + 2641 le16toh(sta[0].error.fail); 2642 2643 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2644 "retrycnt=%d success=%d failcnt=%d\n", 2645 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2646 } else { 2647 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2648 2649 if (wstat == &(sc->wcid_stats[0]) || 2650 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2651 goto fail; 2652 2653 txs->nretries = (*wstat)[RUN_RETRY]; 2654 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2655 txs->nframes = (*wstat)[RUN_TXCNT]; 2656 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2657 "retrycnt=%d txcnt=%d success=%d\n", 2658 txs->nretries, txs->nframes, txs->nsuccess); 2659 2660 memset(wstat, 0, sizeof(*wstat)); 2661 } 2662 2663 ieee80211_ratectl_tx_update(vap, txs); 2664 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2665 2666 fail: 2667 RUN_UNLOCK(sc); 2668 2669 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2670 } 2671 2672 static void 2673 run_newassoc_cb(void *arg) 2674 { 2675 struct run_cmdq *cmdq = arg; 2676 struct ieee80211_node *ni = cmdq->arg1; 2677 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2678 uint8_t wcid = cmdq->wcid; 2679 2680 RUN_LOCK_ASSERT(sc, MA_OWNED); 2681 2682 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2683 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2684 2685 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2686 } 2687 2688 static void 2689 run_newassoc(struct ieee80211_node *ni, int isnew) 2690 { 2691 struct run_node *rn = RUN_NODE(ni); 2692 struct ieee80211_rateset *rs = &ni->ni_rates; 2693 struct ieee80211vap *vap = ni->ni_vap; 2694 struct ieee80211com *ic = vap->iv_ic; 2695 struct run_softc *sc = ic->ic_softc; 2696 uint8_t rate; 2697 uint8_t ridx; 2698 uint8_t wcid; 2699 int i, j; 2700 2701 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2702 1 : RUN_AID2WCID(ni->ni_associd); 2703 2704 if (wcid > RT2870_WCID_MAX) { 2705 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2706 return; 2707 } 2708 2709 /* only interested in true associations */ 2710 if (isnew && ni->ni_associd != 0) { 2711 2712 /* 2713 * This function could is called though timeout function. 2714 * Need to defer. 2715 */ 2716 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2717 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2718 sc->cmdq[cnt].func = run_newassoc_cb; 2719 sc->cmdq[cnt].arg0 = NULL; 2720 sc->cmdq[cnt].arg1 = ni; 2721 sc->cmdq[cnt].wcid = wcid; 2722 ieee80211_runtask(ic, &sc->cmdq_task); 2723 } 2724 2725 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2726 "new assoc isnew=%d associd=%x addr=%s\n", 2727 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2728 2729 for (i = 0; i < rs->rs_nrates; i++) { 2730 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2731 /* convert 802.11 rate to hardware rate index */ 2732 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2733 if (rt2860_rates[ridx].rate == rate) 2734 break; 2735 rn->ridx[i] = ridx; 2736 /* determine rate of control response frames */ 2737 for (j = i; j >= 0; j--) { 2738 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2739 rt2860_rates[rn->ridx[i]].phy == 2740 rt2860_rates[rn->ridx[j]].phy) 2741 break; 2742 } 2743 if (j >= 0) { 2744 rn->ctl_ridx[i] = rn->ridx[j]; 2745 } else { 2746 /* no basic rate found, use mandatory one */ 2747 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2748 } 2749 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2750 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2751 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2752 } 2753 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2754 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2755 if (rt2860_rates[ridx].rate == rate) 2756 break; 2757 rn->mgt_ridx = ridx; 2758 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2759 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2760 2761 RUN_LOCK(sc); 2762 if(sc->ratectl_run != RUN_RATECTL_OFF) 2763 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2764 RUN_UNLOCK(sc); 2765 } 2766 2767 /* 2768 * Return the Rx chain with the highest RSSI for a given frame. 2769 */ 2770 static __inline uint8_t 2771 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2772 { 2773 uint8_t rxchain = 0; 2774 2775 if (sc->nrxchains > 1) { 2776 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2777 rxchain = 1; 2778 if (sc->nrxchains > 2) 2779 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2780 rxchain = 2; 2781 } 2782 return (rxchain); 2783 } 2784 2785 static void 2786 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2787 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2788 { 2789 struct ieee80211vap *vap = ni->ni_vap; 2790 struct run_softc *sc = vap->iv_ic->ic_softc; 2791 struct run_vap *rvp = RUN_VAP(vap); 2792 uint64_t ni_tstamp, rx_tstamp; 2793 2794 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2795 2796 if (vap->iv_state == IEEE80211_S_RUN && 2797 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2798 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2799 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2800 RUN_LOCK(sc); 2801 run_get_tsf(sc, &rx_tstamp); 2802 RUN_UNLOCK(sc); 2803 rx_tstamp = le64toh(rx_tstamp); 2804 2805 if (ni_tstamp >= rx_tstamp) { 2806 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2807 "ibss merge, tsf %ju tstamp %ju\n", 2808 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2809 (void) ieee80211_ibss_merge(ni); 2810 } 2811 } 2812 } 2813 2814 static void 2815 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2816 { 2817 struct ieee80211com *ic = &sc->sc_ic; 2818 struct ieee80211_frame *wh; 2819 struct ieee80211_node *ni; 2820 struct rt2870_rxd *rxd; 2821 struct rt2860_rxwi *rxwi; 2822 uint32_t flags; 2823 uint16_t len, rxwisize; 2824 uint8_t ant, rssi; 2825 int8_t nf; 2826 2827 rxwisize = sizeof(struct rt2860_rxwi); 2828 if (sc->mac_ver == 0x5592) 2829 rxwisize += sizeof(uint64_t); 2830 else if (sc->mac_ver == 0x3593) 2831 rxwisize += sizeof(uint32_t); 2832 2833 if (__predict_false(dmalen < 2834 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2835 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2836 "payload is too short: dma length %u < %zu\n", 2837 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2838 goto fail; 2839 } 2840 2841 rxwi = mtod(m, struct rt2860_rxwi *); 2842 len = le16toh(rxwi->len) & 0xfff; 2843 2844 if (__predict_false(len > dmalen - rxwisize)) { 2845 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2846 "bad RXWI length %u > %u\n", len, dmalen); 2847 goto fail; 2848 } 2849 2850 /* Rx descriptor is located at the end */ 2851 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2852 flags = le32toh(rxd->flags); 2853 2854 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2855 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2856 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2857 goto fail; 2858 } 2859 2860 if (flags & RT2860_RX_L2PAD) { 2861 /* 2862 * XXX OpenBSD removes padding between header 2863 * and payload here... 2864 */ 2865 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2866 "received RT2860_RX_L2PAD frame\n"); 2867 len += 2; 2868 } 2869 2870 m->m_data += rxwisize; 2871 m->m_pkthdr.len = m->m_len = len; 2872 2873 wh = mtod(m, struct ieee80211_frame *); 2874 2875 /* XXX wrong for monitor mode */ 2876 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2877 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2878 m->m_flags |= M_WEP; 2879 } 2880 2881 if (len >= sizeof(struct ieee80211_frame_min)) { 2882 ni = ieee80211_find_rxnode(ic, 2883 mtod(m, struct ieee80211_frame_min *)); 2884 } else 2885 ni = NULL; 2886 2887 if (__predict_false(flags & RT2860_RX_MICERR)) { 2888 /* report MIC failures to net80211 for TKIP */ 2889 if (ni != NULL) 2890 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2891 rxwi->keyidx); 2892 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2893 "MIC error. Someone is lying.\n"); 2894 goto fail; 2895 } 2896 2897 ant = run_maxrssi_chain(sc, rxwi); 2898 rssi = rxwi->rssi[ant]; 2899 nf = run_rssi2dbm(sc, rssi, ant); 2900 2901 if (__predict_false(ieee80211_radiotap_active(ic))) { 2902 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2903 uint16_t phy; 2904 2905 tap->wr_flags = 0; 2906 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2907 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2908 tap->wr_antsignal = rssi; 2909 tap->wr_antenna = ant; 2910 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2911 tap->wr_rate = 2; /* in case it can't be found below */ 2912 RUN_LOCK(sc); 2913 run_get_tsf(sc, &tap->wr_tsf); 2914 RUN_UNLOCK(sc); 2915 phy = le16toh(rxwi->phy); 2916 switch (phy & RT2860_PHY_MODE) { 2917 case RT2860_PHY_CCK: 2918 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2919 case 0: tap->wr_rate = 2; break; 2920 case 1: tap->wr_rate = 4; break; 2921 case 2: tap->wr_rate = 11; break; 2922 case 3: tap->wr_rate = 22; break; 2923 } 2924 if (phy & RT2860_PHY_SHPRE) 2925 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2926 break; 2927 case RT2860_PHY_OFDM: 2928 switch (phy & RT2860_PHY_MCS) { 2929 case 0: tap->wr_rate = 12; break; 2930 case 1: tap->wr_rate = 18; break; 2931 case 2: tap->wr_rate = 24; break; 2932 case 3: tap->wr_rate = 36; break; 2933 case 4: tap->wr_rate = 48; break; 2934 case 5: tap->wr_rate = 72; break; 2935 case 6: tap->wr_rate = 96; break; 2936 case 7: tap->wr_rate = 108; break; 2937 } 2938 break; 2939 } 2940 } 2941 2942 if (ni != NULL) { 2943 (void)ieee80211_input(ni, m, rssi, nf); 2944 ieee80211_free_node(ni); 2945 } else { 2946 (void)ieee80211_input_all(ic, m, rssi, nf); 2947 } 2948 2949 return; 2950 2951 fail: 2952 m_freem(m); 2953 counter_u64_add(ic->ic_ierrors, 1); 2954 } 2955 2956 static void 2957 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2958 { 2959 struct run_softc *sc = usbd_xfer_softc(xfer); 2960 struct ieee80211com *ic = &sc->sc_ic; 2961 struct mbuf *m = NULL; 2962 struct mbuf *m0; 2963 uint32_t dmalen, mbuf_len; 2964 uint16_t rxwisize; 2965 int xferlen; 2966 2967 rxwisize = sizeof(struct rt2860_rxwi); 2968 if (sc->mac_ver == 0x5592) 2969 rxwisize += sizeof(uint64_t); 2970 else if (sc->mac_ver == 0x3593) 2971 rxwisize += sizeof(uint32_t); 2972 2973 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2974 2975 switch (USB_GET_STATE(xfer)) { 2976 case USB_ST_TRANSFERRED: 2977 2978 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2979 "rx done, actlen=%d\n", xferlen); 2980 2981 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2982 sizeof(struct rt2870_rxd))) { 2983 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2984 "xfer too short %d\n", xferlen); 2985 goto tr_setup; 2986 } 2987 2988 m = sc->rx_m; 2989 sc->rx_m = NULL; 2990 2991 /* FALLTHROUGH */ 2992 case USB_ST_SETUP: 2993 tr_setup: 2994 if (sc->rx_m == NULL) { 2995 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2996 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2997 } 2998 if (sc->rx_m == NULL) { 2999 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 3000 "could not allocate mbuf - idle with stall\n"); 3001 counter_u64_add(ic->ic_ierrors, 1); 3002 usbd_xfer_set_stall(xfer); 3003 usbd_xfer_set_frames(xfer, 0); 3004 } else { 3005 /* 3006 * Directly loading a mbuf cluster into DMA to 3007 * save some data copying. This works because 3008 * there is only one cluster. 3009 */ 3010 usbd_xfer_set_frame_data(xfer, 0, 3011 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3012 usbd_xfer_set_frames(xfer, 1); 3013 } 3014 usbd_transfer_submit(xfer); 3015 break; 3016 3017 default: /* Error */ 3018 if (error != USB_ERR_CANCELLED) { 3019 /* try to clear stall first */ 3020 usbd_xfer_set_stall(xfer); 3021 if (error == USB_ERR_TIMEOUT) 3022 device_printf(sc->sc_dev, "device timeout\n"); 3023 counter_u64_add(ic->ic_ierrors, 1); 3024 goto tr_setup; 3025 } 3026 if (sc->rx_m != NULL) { 3027 m_freem(sc->rx_m); 3028 sc->rx_m = NULL; 3029 } 3030 break; 3031 } 3032 3033 if (m == NULL) 3034 return; 3035 3036 /* inputting all the frames must be last */ 3037 3038 RUN_UNLOCK(sc); 3039 3040 m->m_pkthdr.len = m->m_len = xferlen; 3041 3042 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3043 for(;;) { 3044 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3045 3046 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3047 ((dmalen & 3) != 0)) { 3048 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3049 "bad DMA length %u\n", dmalen); 3050 break; 3051 } 3052 if ((dmalen + 8) > (uint32_t)xferlen) { 3053 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3054 "bad DMA length %u > %d\n", 3055 dmalen + 8, xferlen); 3056 break; 3057 } 3058 3059 /* If it is the last one or a single frame, we won't copy. */ 3060 if ((xferlen -= dmalen + 8) <= 8) { 3061 /* trim 32-bit DMA-len header */ 3062 m->m_data += 4; 3063 m->m_pkthdr.len = m->m_len -= 4; 3064 run_rx_frame(sc, m, dmalen); 3065 m = NULL; /* don't free source buffer */ 3066 break; 3067 } 3068 3069 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3070 if (__predict_false(mbuf_len > MCLBYTES)) { 3071 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3072 "payload is too big: mbuf_len %u\n", mbuf_len); 3073 counter_u64_add(ic->ic_ierrors, 1); 3074 break; 3075 } 3076 3077 /* copy aggregated frames to another mbuf */ 3078 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3079 if (__predict_false(m0 == NULL)) { 3080 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3081 "could not allocate mbuf\n"); 3082 counter_u64_add(ic->ic_ierrors, 1); 3083 break; 3084 } 3085 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3086 mbuf_len, mtod(m0, caddr_t)); 3087 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3088 run_rx_frame(sc, m0, dmalen); 3089 3090 /* update data ptr */ 3091 m->m_data += mbuf_len + 4; 3092 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3093 } 3094 3095 /* make sure we free the source buffer, if any */ 3096 m_freem(m); 3097 3098 RUN_LOCK(sc); 3099 } 3100 3101 static void 3102 run_tx_free(struct run_endpoint_queue *pq, 3103 struct run_tx_data *data, int txerr) 3104 { 3105 3106 ieee80211_tx_complete(data->ni, data->m, txerr); 3107 3108 data->m = NULL; 3109 data->ni = NULL; 3110 3111 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3112 pq->tx_nfree++; 3113 } 3114 3115 static void 3116 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3117 { 3118 struct run_softc *sc = usbd_xfer_softc(xfer); 3119 struct ieee80211com *ic = &sc->sc_ic; 3120 struct run_tx_data *data; 3121 struct ieee80211vap *vap = NULL; 3122 struct usb_page_cache *pc; 3123 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3124 struct mbuf *m; 3125 usb_frlength_t size; 3126 int actlen; 3127 int sumlen; 3128 3129 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3130 3131 switch (USB_GET_STATE(xfer)) { 3132 case USB_ST_TRANSFERRED: 3133 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3134 "transfer complete: %d bytes @ index %d\n", actlen, index); 3135 3136 data = usbd_xfer_get_priv(xfer); 3137 run_tx_free(pq, data, 0); 3138 usbd_xfer_set_priv(xfer, NULL); 3139 3140 /* FALLTHROUGH */ 3141 case USB_ST_SETUP: 3142 tr_setup: 3143 data = STAILQ_FIRST(&pq->tx_qh); 3144 if (data == NULL) 3145 break; 3146 3147 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3148 3149 m = data->m; 3150 size = (sc->mac_ver == 0x5592) ? 3151 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3152 if ((m->m_pkthdr.len + 3153 size + 3 + 8) > RUN_MAX_TXSZ) { 3154 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3155 "data overflow, %u bytes\n", m->m_pkthdr.len); 3156 run_tx_free(pq, data, 1); 3157 goto tr_setup; 3158 } 3159 3160 pc = usbd_xfer_get_frame(xfer, 0); 3161 usbd_copy_in(pc, 0, &data->desc, size); 3162 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3163 size += m->m_pkthdr.len; 3164 /* 3165 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3166 * 4-byte padding), and be sure to zero those trailing 3167 * bytes: 3168 */ 3169 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3170 size += ((-size) & 3) + 8; 3171 3172 vap = data->ni->ni_vap; 3173 if (ieee80211_radiotap_active_vap(vap)) { 3174 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3175 struct rt2860_txwi *txwi = 3176 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3177 tap->wt_flags = 0; 3178 tap->wt_rate = rt2860_rates[data->ridx].rate; 3179 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3180 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3181 tap->wt_hwqueue = index; 3182 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3183 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3184 3185 ieee80211_radiotap_tx(vap, m); 3186 } 3187 3188 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3189 "sending frame len=%u/%u @ index %d\n", 3190 m->m_pkthdr.len, size, index); 3191 3192 usbd_xfer_set_frame_len(xfer, 0, size); 3193 usbd_xfer_set_priv(xfer, data); 3194 usbd_transfer_submit(xfer); 3195 run_start(sc); 3196 3197 break; 3198 3199 default: 3200 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3201 "USB transfer error, %s\n", usbd_errstr(error)); 3202 3203 data = usbd_xfer_get_priv(xfer); 3204 3205 if (data != NULL) { 3206 if(data->ni != NULL) 3207 vap = data->ni->ni_vap; 3208 run_tx_free(pq, data, error); 3209 usbd_xfer_set_priv(xfer, NULL); 3210 } 3211 3212 if (vap == NULL) 3213 vap = TAILQ_FIRST(&ic->ic_vaps); 3214 3215 if (error != USB_ERR_CANCELLED) { 3216 if (error == USB_ERR_TIMEOUT) { 3217 device_printf(sc->sc_dev, "device timeout\n"); 3218 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3219 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3220 "cmdq_store=%d\n", i); 3221 sc->cmdq[i].func = run_usb_timeout_cb; 3222 sc->cmdq[i].arg0 = vap; 3223 ieee80211_runtask(ic, &sc->cmdq_task); 3224 } 3225 3226 /* 3227 * Try to clear stall first, also if other 3228 * errors occur, hence clearing stall 3229 * introduces a 50 ms delay: 3230 */ 3231 usbd_xfer_set_stall(xfer); 3232 goto tr_setup; 3233 } 3234 break; 3235 } 3236 } 3237 3238 static void 3239 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3240 { 3241 run_bulk_tx_callbackN(xfer, error, 0); 3242 } 3243 3244 static void 3245 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3246 { 3247 run_bulk_tx_callbackN(xfer, error, 1); 3248 } 3249 3250 static void 3251 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3252 { 3253 run_bulk_tx_callbackN(xfer, error, 2); 3254 } 3255 3256 static void 3257 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3258 { 3259 run_bulk_tx_callbackN(xfer, error, 3); 3260 } 3261 3262 static void 3263 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3264 { 3265 run_bulk_tx_callbackN(xfer, error, 4); 3266 } 3267 3268 static void 3269 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3270 { 3271 run_bulk_tx_callbackN(xfer, error, 5); 3272 } 3273 3274 static void 3275 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3276 { 3277 struct mbuf *m = data->m; 3278 struct ieee80211com *ic = &sc->sc_ic; 3279 struct ieee80211vap *vap = data->ni->ni_vap; 3280 struct ieee80211_frame *wh; 3281 struct rt2870_txd *txd; 3282 struct rt2860_txwi *txwi; 3283 uint16_t xferlen, txwisize; 3284 uint16_t mcs; 3285 uint8_t ridx = data->ridx; 3286 uint8_t pad; 3287 3288 /* get MCS code from rate index */ 3289 mcs = rt2860_rates[ridx].mcs; 3290 3291 txwisize = (sc->mac_ver == 0x5592) ? 3292 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3293 xferlen = txwisize + m->m_pkthdr.len; 3294 3295 /* roundup to 32-bit alignment */ 3296 xferlen = (xferlen + 3) & ~3; 3297 3298 txd = (struct rt2870_txd *)&data->desc; 3299 txd->len = htole16(xferlen); 3300 3301 wh = mtod(m, struct ieee80211_frame *); 3302 3303 /* 3304 * Ether both are true or both are false, the header 3305 * are nicely aligned to 32-bit. So, no L2 padding. 3306 */ 3307 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3308 pad = 0; 3309 else 3310 pad = 2; 3311 3312 /* setup TX Wireless Information */ 3313 txwi = (struct rt2860_txwi *)(txd + 1); 3314 txwi->len = htole16(m->m_pkthdr.len - pad); 3315 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3316 mcs |= RT2860_PHY_CCK; 3317 if (ridx != RT2860_RIDX_CCK1 && 3318 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3319 mcs |= RT2860_PHY_SHPRE; 3320 } else 3321 mcs |= RT2860_PHY_OFDM; 3322 txwi->phy = htole16(mcs); 3323 3324 /* check if RTS/CTS or CTS-to-self protection is required */ 3325 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3326 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3327 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3328 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3329 txwi->txop |= RT2860_TX_TXOP_HT; 3330 else 3331 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3332 3333 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3334 txwi->xflags |= RT2860_TX_NSEQ; 3335 } 3336 3337 /* This function must be called locked */ 3338 static int 3339 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3340 { 3341 struct ieee80211com *ic = &sc->sc_ic; 3342 struct ieee80211vap *vap = ni->ni_vap; 3343 struct ieee80211_frame *wh; 3344 const struct ieee80211_txparam *tp = ni->ni_txparms; 3345 struct run_node *rn = RUN_NODE(ni); 3346 struct run_tx_data *data; 3347 struct rt2870_txd *txd; 3348 struct rt2860_txwi *txwi; 3349 uint16_t qos; 3350 uint16_t dur; 3351 uint16_t qid; 3352 uint8_t type; 3353 uint8_t tid; 3354 uint8_t ridx; 3355 uint8_t ctl_ridx; 3356 uint8_t qflags; 3357 uint8_t xflags = 0; 3358 int hasqos; 3359 3360 RUN_LOCK_ASSERT(sc, MA_OWNED); 3361 3362 wh = mtod(m, struct ieee80211_frame *); 3363 3364 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3365 3366 /* 3367 * There are 7 bulk endpoints: 1 for RX 3368 * and 6 for TX (4 EDCAs + HCCA + Prio). 3369 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3370 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3371 */ 3372 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3373 uint8_t *frm; 3374 3375 if(IEEE80211_HAS_ADDR4(wh)) 3376 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3377 else 3378 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3379 3380 qos = le16toh(*(const uint16_t *)frm); 3381 tid = qos & IEEE80211_QOS_TID; 3382 qid = TID_TO_WME_AC(tid); 3383 } else { 3384 qos = 0; 3385 tid = 0; 3386 qid = WME_AC_BE; 3387 } 3388 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3389 3390 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3391 qos, qid, tid, qflags); 3392 3393 /* pickup a rate index */ 3394 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3395 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3396 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3397 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3398 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3399 } else { 3400 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3401 ridx = rn->fix_ridx; 3402 else 3403 ridx = rn->amrr_ridx; 3404 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3405 } 3406 3407 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3408 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3409 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3410 xflags |= RT2860_TX_ACK; 3411 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3412 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3413 else 3414 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3415 USETW(wh->i_dur, dur); 3416 } 3417 3418 /* reserve slots for mgmt packets, just in case */ 3419 if (sc->sc_epq[qid].tx_nfree < 3) { 3420 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3421 return (-1); 3422 } 3423 3424 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3425 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3426 sc->sc_epq[qid].tx_nfree--; 3427 3428 txd = (struct rt2870_txd *)&data->desc; 3429 txd->flags = qflags; 3430 txwi = (struct rt2860_txwi *)(txd + 1); 3431 txwi->xflags = xflags; 3432 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3433 txwi->wcid = 0; 3434 else 3435 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3436 1 : RUN_AID2WCID(ni->ni_associd); 3437 3438 /* clear leftover garbage bits */ 3439 txwi->flags = 0; 3440 txwi->txop = 0; 3441 3442 data->m = m; 3443 data->ni = ni; 3444 data->ridx = ridx; 3445 3446 run_set_tx_desc(sc, data); 3447 3448 /* 3449 * The chip keeps track of 2 kind of Tx stats, 3450 * * TX_STAT_FIFO, for per WCID stats, and 3451 * * TX_STA_CNT0 for all-TX-in-one stats. 3452 * 3453 * To use FIFO stats, we need to store MCS into the driver-private 3454 * PacketID field. So that, we can tell whose stats when we read them. 3455 * We add 1 to the MCS because setting the PacketID field to 0 means 3456 * that we don't want feedback in TX_STAT_FIFO. 3457 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3458 * 3459 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3460 */ 3461 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3462 vap->iv_opmode == IEEE80211_M_MBSS) { 3463 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3464 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3465 3466 /* 3467 * Unlike PCI based devices, we don't get any interrupt from 3468 * USB devices, so we simulate FIFO-is-full interrupt here. 3469 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3470 * quickly get fulled. To prevent overflow, increment a counter on 3471 * every FIFO stat request, so we know how many slots are left. 3472 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3473 * are used only in those modes. 3474 * We just drain stats. AMRR gets updated every 1 sec by 3475 * run_ratectl_cb() via callout. 3476 * Call it early. Otherwise overflow. 3477 */ 3478 if (sc->fifo_cnt++ == 10) { 3479 /* 3480 * With multiple vaps or if_bridge, if_start() is called 3481 * with a non-sleepable lock, tcpinp. So, need to defer. 3482 */ 3483 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3484 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3485 sc->cmdq[i].func = run_drain_fifo; 3486 sc->cmdq[i].arg0 = sc; 3487 ieee80211_runtask(ic, &sc->cmdq_task); 3488 } 3489 } 3490 3491 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3492 3493 usbd_transfer_start(sc->sc_xfer[qid]); 3494 3495 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3496 "sending data frame len=%d rate=%d qid=%d\n", 3497 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3498 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3499 3500 return (0); 3501 } 3502 3503 static int 3504 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3505 { 3506 struct ieee80211com *ic = &sc->sc_ic; 3507 struct run_node *rn = RUN_NODE(ni); 3508 struct run_tx_data *data; 3509 struct ieee80211_frame *wh; 3510 struct rt2870_txd *txd; 3511 struct rt2860_txwi *txwi; 3512 uint16_t dur; 3513 uint8_t ridx = rn->mgt_ridx; 3514 uint8_t xflags = 0; 3515 uint8_t wflags = 0; 3516 3517 RUN_LOCK_ASSERT(sc, MA_OWNED); 3518 3519 wh = mtod(m, struct ieee80211_frame *); 3520 3521 /* tell hardware to add timestamp for probe responses */ 3522 if ((wh->i_fc[0] & 3523 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3524 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3525 wflags |= RT2860_TX_TS; 3526 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3527 xflags |= RT2860_TX_ACK; 3528 3529 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3530 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3531 USETW(wh->i_dur, dur); 3532 } 3533 3534 if (sc->sc_epq[0].tx_nfree == 0) 3535 /* let caller free mbuf */ 3536 return (EIO); 3537 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3538 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3539 sc->sc_epq[0].tx_nfree--; 3540 3541 txd = (struct rt2870_txd *)&data->desc; 3542 txd->flags = RT2860_TX_QSEL_EDCA; 3543 txwi = (struct rt2860_txwi *)(txd + 1); 3544 txwi->wcid = 0xff; 3545 txwi->flags = wflags; 3546 txwi->xflags = xflags; 3547 txwi->txop = 0; /* clear leftover garbage bits */ 3548 3549 data->m = m; 3550 data->ni = ni; 3551 data->ridx = ridx; 3552 3553 run_set_tx_desc(sc, data); 3554 3555 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3556 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3557 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3558 3559 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3560 3561 usbd_transfer_start(sc->sc_xfer[0]); 3562 3563 return (0); 3564 } 3565 3566 static int 3567 run_sendprot(struct run_softc *sc, 3568 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3569 { 3570 struct ieee80211com *ic = ni->ni_ic; 3571 struct run_tx_data *data; 3572 struct rt2870_txd *txd; 3573 struct rt2860_txwi *txwi; 3574 struct mbuf *mprot; 3575 int ridx; 3576 int protrate; 3577 uint8_t wflags = 0; 3578 uint8_t xflags = 0; 3579 3580 RUN_LOCK_ASSERT(sc, MA_OWNED); 3581 3582 /* check that there are free slots before allocating the mbuf */ 3583 if (sc->sc_epq[0].tx_nfree == 0) 3584 /* let caller free mbuf */ 3585 return (ENOBUFS); 3586 3587 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3588 if (mprot == NULL) { 3589 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3590 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3591 return (ENOBUFS); 3592 } 3593 3594 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3595 wflags = RT2860_TX_FRAG; 3596 xflags = 0; 3597 if (prot == IEEE80211_PROT_RTSCTS) 3598 xflags |= RT2860_TX_ACK; 3599 3600 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3601 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3602 sc->sc_epq[0].tx_nfree--; 3603 3604 txd = (struct rt2870_txd *)&data->desc; 3605 txd->flags = RT2860_TX_QSEL_EDCA; 3606 txwi = (struct rt2860_txwi *)(txd + 1); 3607 txwi->wcid = 0xff; 3608 txwi->flags = wflags; 3609 txwi->xflags = xflags; 3610 txwi->txop = 0; /* clear leftover garbage bits */ 3611 3612 data->m = mprot; 3613 data->ni = ieee80211_ref_node(ni); 3614 3615 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3616 if (rt2860_rates[ridx].rate == protrate) 3617 break; 3618 data->ridx = ridx; 3619 3620 run_set_tx_desc(sc, data); 3621 3622 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3623 m->m_pkthdr.len, rate); 3624 3625 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3626 3627 usbd_transfer_start(sc->sc_xfer[0]); 3628 3629 return (0); 3630 } 3631 3632 static int 3633 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3634 const struct ieee80211_bpf_params *params) 3635 { 3636 struct ieee80211com *ic = ni->ni_ic; 3637 struct run_tx_data *data; 3638 struct rt2870_txd *txd; 3639 struct rt2860_txwi *txwi; 3640 uint8_t ridx; 3641 uint8_t rate; 3642 uint8_t opflags = 0; 3643 uint8_t xflags = 0; 3644 int error; 3645 3646 RUN_LOCK_ASSERT(sc, MA_OWNED); 3647 3648 KASSERT(params != NULL, ("no raw xmit params")); 3649 3650 rate = params->ibp_rate0; 3651 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3652 /* let caller free mbuf */ 3653 return (EINVAL); 3654 } 3655 3656 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3657 xflags |= RT2860_TX_ACK; 3658 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3659 error = run_sendprot(sc, m, ni, 3660 params->ibp_flags & IEEE80211_BPF_RTS ? 3661 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3662 rate); 3663 if (error) { 3664 /* let caller free mbuf */ 3665 return error; 3666 } 3667 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3668 } 3669 3670 if (sc->sc_epq[0].tx_nfree == 0) { 3671 /* let caller free mbuf */ 3672 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3673 "sending raw frame, but tx ring is full\n"); 3674 return (EIO); 3675 } 3676 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3677 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3678 sc->sc_epq[0].tx_nfree--; 3679 3680 txd = (struct rt2870_txd *)&data->desc; 3681 txd->flags = RT2860_TX_QSEL_EDCA; 3682 txwi = (struct rt2860_txwi *)(txd + 1); 3683 txwi->wcid = 0xff; 3684 txwi->xflags = xflags; 3685 txwi->txop = opflags; 3686 txwi->flags = 0; /* clear leftover garbage bits */ 3687 3688 data->m = m; 3689 data->ni = ni; 3690 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3691 if (rt2860_rates[ridx].rate == rate) 3692 break; 3693 data->ridx = ridx; 3694 3695 run_set_tx_desc(sc, data); 3696 3697 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3698 m->m_pkthdr.len, rate); 3699 3700 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3701 3702 usbd_transfer_start(sc->sc_xfer[0]); 3703 3704 return (0); 3705 } 3706 3707 static int 3708 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3709 const struct ieee80211_bpf_params *params) 3710 { 3711 struct run_softc *sc = ni->ni_ic->ic_softc; 3712 int error = 0; 3713 3714 RUN_LOCK(sc); 3715 3716 /* prevent management frames from being sent if we're not ready */ 3717 if (!(sc->sc_flags & RUN_RUNNING)) { 3718 error = ENETDOWN; 3719 goto done; 3720 } 3721 3722 if (params == NULL) { 3723 /* tx mgt packet */ 3724 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3725 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3726 goto done; 3727 } 3728 } else { 3729 /* tx raw packet with param */ 3730 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3731 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3732 goto done; 3733 } 3734 } 3735 3736 done: 3737 RUN_UNLOCK(sc); 3738 3739 if (error != 0) { 3740 if(m != NULL) 3741 m_freem(m); 3742 } 3743 3744 return (error); 3745 } 3746 3747 static int 3748 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3749 { 3750 struct run_softc *sc = ic->ic_softc; 3751 int error; 3752 3753 RUN_LOCK(sc); 3754 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3755 RUN_UNLOCK(sc); 3756 return (ENXIO); 3757 } 3758 error = mbufq_enqueue(&sc->sc_snd, m); 3759 if (error) { 3760 RUN_UNLOCK(sc); 3761 return (error); 3762 } 3763 run_start(sc); 3764 RUN_UNLOCK(sc); 3765 3766 return (0); 3767 } 3768 3769 static void 3770 run_start(struct run_softc *sc) 3771 { 3772 struct ieee80211_node *ni; 3773 struct mbuf *m; 3774 3775 RUN_LOCK_ASSERT(sc, MA_OWNED); 3776 3777 if ((sc->sc_flags & RUN_RUNNING) == 0) 3778 return; 3779 3780 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3781 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3782 if (run_tx(sc, m, ni) != 0) { 3783 mbufq_prepend(&sc->sc_snd, m); 3784 break; 3785 } 3786 } 3787 } 3788 3789 static void 3790 run_parent(struct ieee80211com *ic) 3791 { 3792 struct run_softc *sc = ic->ic_softc; 3793 int startall = 0; 3794 3795 RUN_LOCK(sc); 3796 if (sc->sc_detached) { 3797 RUN_UNLOCK(sc); 3798 return; 3799 } 3800 3801 if (ic->ic_nrunning > 0) { 3802 if (!(sc->sc_flags & RUN_RUNNING)) { 3803 startall = 1; 3804 run_init_locked(sc); 3805 } else 3806 run_update_promisc_locked(sc); 3807 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3808 run_stop(sc); 3809 RUN_UNLOCK(sc); 3810 if (startall) 3811 ieee80211_start_all(ic); 3812 } 3813 3814 static void 3815 run_iq_calib(struct run_softc *sc, u_int chan) 3816 { 3817 uint16_t val; 3818 3819 /* Tx0 IQ gain. */ 3820 run_bbp_write(sc, 158, 0x2c); 3821 if (chan <= 14) 3822 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3823 else if (chan <= 64) { 3824 run_efuse_read(sc, 3825 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3826 &val, 1); 3827 } else if (chan <= 138) { 3828 run_efuse_read(sc, 3829 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3830 &val, 1); 3831 } else if (chan <= 165) { 3832 run_efuse_read(sc, 3833 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3834 &val, 1); 3835 } else 3836 val = 0; 3837 run_bbp_write(sc, 159, val); 3838 3839 /* Tx0 IQ phase. */ 3840 run_bbp_write(sc, 158, 0x2d); 3841 if (chan <= 14) { 3842 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3843 &val, 1); 3844 } else if (chan <= 64) { 3845 run_efuse_read(sc, 3846 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3847 &val, 1); 3848 } else if (chan <= 138) { 3849 run_efuse_read(sc, 3850 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3851 &val, 1); 3852 } else if (chan <= 165) { 3853 run_efuse_read(sc, 3854 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3855 &val, 1); 3856 } else 3857 val = 0; 3858 run_bbp_write(sc, 159, val); 3859 3860 /* Tx1 IQ gain. */ 3861 run_bbp_write(sc, 158, 0x4a); 3862 if (chan <= 14) { 3863 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3864 &val, 1); 3865 } else if (chan <= 64) { 3866 run_efuse_read(sc, 3867 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3868 &val, 1); 3869 } else if (chan <= 138) { 3870 run_efuse_read(sc, 3871 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3872 &val, 1); 3873 } else if (chan <= 165) { 3874 run_efuse_read(sc, 3875 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3876 &val, 1); 3877 } else 3878 val = 0; 3879 run_bbp_write(sc, 159, val); 3880 3881 /* Tx1 IQ phase. */ 3882 run_bbp_write(sc, 158, 0x4b); 3883 if (chan <= 14) { 3884 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3885 &val, 1); 3886 } else if (chan <= 64) { 3887 run_efuse_read(sc, 3888 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3889 &val, 1); 3890 } else if (chan <= 138) { 3891 run_efuse_read(sc, 3892 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3893 &val, 1); 3894 } else if (chan <= 165) { 3895 run_efuse_read(sc, 3896 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3897 &val, 1); 3898 } else 3899 val = 0; 3900 run_bbp_write(sc, 159, val); 3901 3902 /* RF IQ compensation control. */ 3903 run_bbp_write(sc, 158, 0x04); 3904 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3905 &val, 1); 3906 run_bbp_write(sc, 159, val); 3907 3908 /* RF IQ imbalance compensation control. */ 3909 run_bbp_write(sc, 158, 0x03); 3910 run_efuse_read(sc, 3911 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3912 run_bbp_write(sc, 159, val); 3913 } 3914 3915 static void 3916 run_set_agc(struct run_softc *sc, uint8_t agc) 3917 { 3918 uint8_t bbp; 3919 3920 if (sc->mac_ver == 0x3572) { 3921 run_bbp_read(sc, 27, &bbp); 3922 bbp &= ~(0x3 << 5); 3923 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3924 run_bbp_write(sc, 66, agc); 3925 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3926 run_bbp_write(sc, 66, agc); 3927 } else 3928 run_bbp_write(sc, 66, agc); 3929 } 3930 3931 static void 3932 run_select_chan_group(struct run_softc *sc, int group) 3933 { 3934 uint32_t tmp; 3935 uint8_t agc; 3936 3937 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3938 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3939 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3940 if (sc->mac_ver < 0x3572) 3941 run_bbp_write(sc, 86, 0x00); 3942 3943 if (sc->mac_ver == 0x3593) { 3944 run_bbp_write(sc, 77, 0x98); 3945 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3946 } 3947 3948 if (group == 0) { 3949 if (sc->ext_2ghz_lna) { 3950 if (sc->mac_ver >= 0x5390) 3951 run_bbp_write(sc, 75, 0x52); 3952 else { 3953 run_bbp_write(sc, 82, 0x62); 3954 run_bbp_write(sc, 75, 0x46); 3955 } 3956 } else { 3957 if (sc->mac_ver == 0x5592) { 3958 run_bbp_write(sc, 79, 0x1c); 3959 run_bbp_write(sc, 80, 0x0e); 3960 run_bbp_write(sc, 81, 0x3a); 3961 run_bbp_write(sc, 82, 0x62); 3962 3963 run_bbp_write(sc, 195, 0x80); 3964 run_bbp_write(sc, 196, 0xe0); 3965 run_bbp_write(sc, 195, 0x81); 3966 run_bbp_write(sc, 196, 0x1f); 3967 run_bbp_write(sc, 195, 0x82); 3968 run_bbp_write(sc, 196, 0x38); 3969 run_bbp_write(sc, 195, 0x83); 3970 run_bbp_write(sc, 196, 0x32); 3971 run_bbp_write(sc, 195, 0x85); 3972 run_bbp_write(sc, 196, 0x28); 3973 run_bbp_write(sc, 195, 0x86); 3974 run_bbp_write(sc, 196, 0x19); 3975 } else if (sc->mac_ver >= 0x5390) 3976 run_bbp_write(sc, 75, 0x50); 3977 else { 3978 run_bbp_write(sc, 82, 3979 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3980 run_bbp_write(sc, 75, 0x50); 3981 } 3982 } 3983 } else { 3984 if (sc->mac_ver == 0x5592) { 3985 run_bbp_write(sc, 79, 0x18); 3986 run_bbp_write(sc, 80, 0x08); 3987 run_bbp_write(sc, 81, 0x38); 3988 run_bbp_write(sc, 82, 0x92); 3989 3990 run_bbp_write(sc, 195, 0x80); 3991 run_bbp_write(sc, 196, 0xf0); 3992 run_bbp_write(sc, 195, 0x81); 3993 run_bbp_write(sc, 196, 0x1e); 3994 run_bbp_write(sc, 195, 0x82); 3995 run_bbp_write(sc, 196, 0x28); 3996 run_bbp_write(sc, 195, 0x83); 3997 run_bbp_write(sc, 196, 0x20); 3998 run_bbp_write(sc, 195, 0x85); 3999 run_bbp_write(sc, 196, 0x7f); 4000 run_bbp_write(sc, 195, 0x86); 4001 run_bbp_write(sc, 196, 0x7f); 4002 } else if (sc->mac_ver == 0x3572) 4003 run_bbp_write(sc, 82, 0x94); 4004 else 4005 run_bbp_write(sc, 82, 4006 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4007 if (sc->ext_5ghz_lna) 4008 run_bbp_write(sc, 75, 0x46); 4009 else 4010 run_bbp_write(sc, 75, 0x50); 4011 } 4012 4013 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4014 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4015 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4016 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4017 4018 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4019 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4020 if (sc->mac_ver == 0x3593) 4021 tmp |= 1 << 29 | 1 << 28; 4022 if (sc->nrxchains > 1) 4023 tmp |= RT2860_LNA_PE1_EN; 4024 if (group == 0) { /* 2GHz */ 4025 tmp |= RT2860_PA_PE_G0_EN; 4026 if (sc->ntxchains > 1) 4027 tmp |= RT2860_PA_PE_G1_EN; 4028 if (sc->mac_ver == 0x3593) { 4029 if (sc->ntxchains > 2) 4030 tmp |= 1 << 25; 4031 } 4032 } else { /* 5GHz */ 4033 tmp |= RT2860_PA_PE_A0_EN; 4034 if (sc->ntxchains > 1) 4035 tmp |= RT2860_PA_PE_A1_EN; 4036 } 4037 if (sc->mac_ver == 0x3572) { 4038 run_rt3070_rf_write(sc, 8, 0x00); 4039 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4040 run_rt3070_rf_write(sc, 8, 0x80); 4041 } else 4042 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4043 4044 if (sc->mac_ver == 0x5592) { 4045 run_bbp_write(sc, 195, 0x8d); 4046 run_bbp_write(sc, 196, 0x1a); 4047 } 4048 4049 if (sc->mac_ver == 0x3593) { 4050 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4051 tmp &= ~0x01010000; 4052 if (group == 0) 4053 tmp |= 0x00010000; 4054 tmp = (tmp & ~0x00009090) | 0x00000090; 4055 run_write(sc, RT2860_GPIO_CTRL, tmp); 4056 } 4057 4058 /* set initial AGC value */ 4059 if (group == 0) { /* 2GHz band */ 4060 if (sc->mac_ver >= 0x3070) 4061 agc = 0x1c + sc->lna[0] * 2; 4062 else 4063 agc = 0x2e + sc->lna[0]; 4064 } else { /* 5GHz band */ 4065 if (sc->mac_ver == 0x5592) 4066 agc = 0x24 + sc->lna[group] * 2; 4067 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4068 agc = 0x22 + (sc->lna[group] * 5) / 3; 4069 else 4070 agc = 0x32 + (sc->lna[group] * 5) / 3; 4071 } 4072 run_set_agc(sc, agc); 4073 } 4074 4075 static void 4076 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4077 { 4078 const struct rfprog *rfprog = rt2860_rf2850; 4079 uint32_t r2, r3, r4; 4080 int8_t txpow1, txpow2; 4081 int i; 4082 4083 /* find the settings for this channel (we know it exists) */ 4084 for (i = 0; rfprog[i].chan != chan; i++); 4085 4086 r2 = rfprog[i].r2; 4087 if (sc->ntxchains == 1) 4088 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4089 if (sc->nrxchains == 1) 4090 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4091 else if (sc->nrxchains == 2) 4092 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4093 4094 /* use Tx power values from EEPROM */ 4095 txpow1 = sc->txpow1[i]; 4096 txpow2 = sc->txpow2[i]; 4097 4098 /* Initialize RF R3 and R4. */ 4099 r3 = rfprog[i].r3 & 0xffffc1ff; 4100 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4101 if (chan > 14) { 4102 if (txpow1 >= 0) { 4103 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4104 r3 |= (txpow1 << 10) | (1 << 9); 4105 } else { 4106 txpow1 += 7; 4107 4108 /* txpow1 is not possible larger than 15. */ 4109 r3 |= (txpow1 << 10); 4110 } 4111 if (txpow2 >= 0) { 4112 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4113 r4 |= (txpow2 << 7) | (1 << 6); 4114 } else { 4115 txpow2 += 7; 4116 r4 |= (txpow2 << 7); 4117 } 4118 } else { 4119 /* Set Tx0 power. */ 4120 r3 |= (txpow1 << 9); 4121 4122 /* Set frequency offset and Tx1 power. */ 4123 r4 |= (txpow2 << 6); 4124 } 4125 4126 run_rt2870_rf_write(sc, rfprog[i].r1); 4127 run_rt2870_rf_write(sc, r2); 4128 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4129 run_rt2870_rf_write(sc, r4); 4130 4131 run_delay(sc, 10); 4132 4133 run_rt2870_rf_write(sc, rfprog[i].r1); 4134 run_rt2870_rf_write(sc, r2); 4135 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4136 run_rt2870_rf_write(sc, r4); 4137 4138 run_delay(sc, 10); 4139 4140 run_rt2870_rf_write(sc, rfprog[i].r1); 4141 run_rt2870_rf_write(sc, r2); 4142 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4143 run_rt2870_rf_write(sc, r4); 4144 } 4145 4146 static void 4147 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4148 { 4149 int8_t txpow1, txpow2; 4150 uint8_t rf; 4151 int i; 4152 4153 /* find the settings for this channel (we know it exists) */ 4154 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4155 4156 /* use Tx power values from EEPROM */ 4157 txpow1 = sc->txpow1[i]; 4158 txpow2 = sc->txpow2[i]; 4159 4160 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4161 4162 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4163 run_rt3070_rf_read(sc, 3, &rf); 4164 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4165 run_rt3070_rf_write(sc, 3, rf); 4166 4167 run_rt3070_rf_read(sc, 6, &rf); 4168 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4169 run_rt3070_rf_write(sc, 6, rf); 4170 4171 /* set Tx0 power */ 4172 run_rt3070_rf_read(sc, 12, &rf); 4173 rf = (rf & ~0x1f) | txpow1; 4174 run_rt3070_rf_write(sc, 12, rf); 4175 4176 /* set Tx1 power */ 4177 run_rt3070_rf_read(sc, 13, &rf); 4178 rf = (rf & ~0x1f) | txpow2; 4179 run_rt3070_rf_write(sc, 13, rf); 4180 4181 run_rt3070_rf_read(sc, 1, &rf); 4182 rf &= ~0xfc; 4183 if (sc->ntxchains == 1) 4184 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4185 else if (sc->ntxchains == 2) 4186 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4187 if (sc->nrxchains == 1) 4188 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4189 else if (sc->nrxchains == 2) 4190 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4191 run_rt3070_rf_write(sc, 1, rf); 4192 4193 /* set RF offset */ 4194 run_rt3070_rf_read(sc, 23, &rf); 4195 rf = (rf & ~0x7f) | sc->freq; 4196 run_rt3070_rf_write(sc, 23, rf); 4197 4198 /* program RF filter */ 4199 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4200 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4201 run_rt3070_rf_write(sc, 24, rf); 4202 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4203 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4204 run_rt3070_rf_write(sc, 31, rf); 4205 4206 /* enable RF tuning */ 4207 run_rt3070_rf_read(sc, 7, &rf); 4208 run_rt3070_rf_write(sc, 7, rf | 0x01); 4209 } 4210 4211 static void 4212 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4213 { 4214 int8_t txpow1, txpow2; 4215 uint32_t tmp; 4216 uint8_t rf; 4217 int i; 4218 4219 /* find the settings for this channel (we know it exists) */ 4220 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4221 4222 /* use Tx power values from EEPROM */ 4223 txpow1 = sc->txpow1[i]; 4224 txpow2 = sc->txpow2[i]; 4225 4226 if (chan <= 14) { 4227 run_bbp_write(sc, 25, sc->bbp25); 4228 run_bbp_write(sc, 26, sc->bbp26); 4229 } else { 4230 /* enable IQ phase correction */ 4231 run_bbp_write(sc, 25, 0x09); 4232 run_bbp_write(sc, 26, 0xff); 4233 } 4234 4235 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4236 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4237 run_rt3070_rf_read(sc, 6, &rf); 4238 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4239 rf |= (chan <= 14) ? 0x08 : 0x04; 4240 run_rt3070_rf_write(sc, 6, rf); 4241 4242 /* set PLL mode */ 4243 run_rt3070_rf_read(sc, 5, &rf); 4244 rf &= ~(0x08 | 0x04); 4245 rf |= (chan <= 14) ? 0x04 : 0x08; 4246 run_rt3070_rf_write(sc, 5, rf); 4247 4248 /* set Tx power for chain 0 */ 4249 if (chan <= 14) 4250 rf = 0x60 | txpow1; 4251 else 4252 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4253 run_rt3070_rf_write(sc, 12, rf); 4254 4255 /* set Tx power for chain 1 */ 4256 if (chan <= 14) 4257 rf = 0x60 | txpow2; 4258 else 4259 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4260 run_rt3070_rf_write(sc, 13, rf); 4261 4262 /* set Tx/Rx streams */ 4263 run_rt3070_rf_read(sc, 1, &rf); 4264 rf &= ~0xfc; 4265 if (sc->ntxchains == 1) 4266 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4267 else if (sc->ntxchains == 2) 4268 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4269 if (sc->nrxchains == 1) 4270 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4271 else if (sc->nrxchains == 2) 4272 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4273 run_rt3070_rf_write(sc, 1, rf); 4274 4275 /* set RF offset */ 4276 run_rt3070_rf_read(sc, 23, &rf); 4277 rf = (rf & ~0x7f) | sc->freq; 4278 run_rt3070_rf_write(sc, 23, rf); 4279 4280 /* program RF filter */ 4281 rf = sc->rf24_20mhz; 4282 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4283 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4284 4285 /* enable RF tuning */ 4286 run_rt3070_rf_read(sc, 7, &rf); 4287 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4288 run_rt3070_rf_write(sc, 7, rf); 4289 4290 /* TSSI */ 4291 rf = (chan <= 14) ? 0xc3 : 0xc0; 4292 run_rt3070_rf_write(sc, 9, rf); 4293 4294 /* set loop filter 1 */ 4295 run_rt3070_rf_write(sc, 10, 0xf1); 4296 /* set loop filter 2 */ 4297 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4298 4299 /* set tx_mx2_ic */ 4300 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4301 /* set tx_mx1_ic */ 4302 if (chan <= 14) 4303 rf = 0x48 | sc->txmixgain_2ghz; 4304 else 4305 rf = 0x78 | sc->txmixgain_5ghz; 4306 run_rt3070_rf_write(sc, 16, rf); 4307 4308 /* set tx_lo1 */ 4309 run_rt3070_rf_write(sc, 17, 0x23); 4310 /* set tx_lo2 */ 4311 if (chan <= 14) 4312 rf = 0x93; 4313 else if (chan <= 64) 4314 rf = 0xb7; 4315 else if (chan <= 128) 4316 rf = 0x74; 4317 else 4318 rf = 0x72; 4319 run_rt3070_rf_write(sc, 19, rf); 4320 4321 /* set rx_lo1 */ 4322 if (chan <= 14) 4323 rf = 0xb3; 4324 else if (chan <= 64) 4325 rf = 0xf6; 4326 else if (chan <= 128) 4327 rf = 0xf4; 4328 else 4329 rf = 0xf3; 4330 run_rt3070_rf_write(sc, 20, rf); 4331 4332 /* set pfd_delay */ 4333 if (chan <= 14) 4334 rf = 0x15; 4335 else if (chan <= 64) 4336 rf = 0x3d; 4337 else 4338 rf = 0x01; 4339 run_rt3070_rf_write(sc, 25, rf); 4340 4341 /* set rx_lo2 */ 4342 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4343 /* set ldo_rf_vc */ 4344 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4345 /* set drv_cc */ 4346 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4347 4348 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4349 tmp &= ~0x8080; 4350 if (chan <= 14) 4351 tmp |= 0x80; 4352 run_write(sc, RT2860_GPIO_CTRL, tmp); 4353 4354 /* enable RF tuning */ 4355 run_rt3070_rf_read(sc, 7, &rf); 4356 run_rt3070_rf_write(sc, 7, rf | 0x01); 4357 4358 run_delay(sc, 2); 4359 } 4360 4361 static void 4362 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4363 { 4364 int8_t txpow1, txpow2, txpow3; 4365 uint8_t h20mhz, rf; 4366 int i; 4367 4368 /* find the settings for this channel (we know it exists) */ 4369 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4370 4371 /* use Tx power values from EEPROM */ 4372 txpow1 = sc->txpow1[i]; 4373 txpow2 = sc->txpow2[i]; 4374 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4375 4376 if (chan <= 14) { 4377 run_bbp_write(sc, 25, sc->bbp25); 4378 run_bbp_write(sc, 26, sc->bbp26); 4379 } else { 4380 /* Enable IQ phase correction. */ 4381 run_bbp_write(sc, 25, 0x09); 4382 run_bbp_write(sc, 26, 0xff); 4383 } 4384 4385 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4386 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4387 run_rt3070_rf_read(sc, 11, &rf); 4388 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4389 run_rt3070_rf_write(sc, 11, rf); 4390 4391 /* Set pll_idoh. */ 4392 run_rt3070_rf_read(sc, 11, &rf); 4393 rf &= ~0x4c; 4394 rf |= (chan <= 14) ? 0x44 : 0x48; 4395 run_rt3070_rf_write(sc, 11, rf); 4396 4397 if (chan <= 14) 4398 rf = txpow1 & 0x1f; 4399 else 4400 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4401 run_rt3070_rf_write(sc, 53, rf); 4402 4403 if (chan <= 14) 4404 rf = txpow2 & 0x1f; 4405 else 4406 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4407 run_rt3070_rf_write(sc, 55, rf); 4408 4409 if (chan <= 14) 4410 rf = txpow3 & 0x1f; 4411 else 4412 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4413 run_rt3070_rf_write(sc, 54, rf); 4414 4415 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4416 if (sc->ntxchains == 3) 4417 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4418 else 4419 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4420 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4421 run_rt3070_rf_write(sc, 1, rf); 4422 4423 run_adjust_freq_offset(sc); 4424 4425 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4426 4427 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4428 run_rt3070_rf_read(sc, 30, &rf); 4429 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4430 run_rt3070_rf_write(sc, 30, rf); 4431 4432 run_rt3070_rf_read(sc, 36, &rf); 4433 if (chan <= 14) 4434 rf |= 0x80; 4435 else 4436 rf &= ~0x80; 4437 run_rt3070_rf_write(sc, 36, rf); 4438 4439 /* Set vcolo_bs. */ 4440 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4441 /* Set pfd_delay. */ 4442 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4443 4444 /* Set vco bias current control. */ 4445 run_rt3070_rf_read(sc, 6, &rf); 4446 rf &= ~0xc0; 4447 if (chan <= 14) 4448 rf |= 0x40; 4449 else if (chan <= 128) 4450 rf |= 0x80; 4451 else 4452 rf |= 0x40; 4453 run_rt3070_rf_write(sc, 6, rf); 4454 4455 run_rt3070_rf_read(sc, 30, &rf); 4456 rf = (rf & ~0x18) | 0x10; 4457 run_rt3070_rf_write(sc, 30, rf); 4458 4459 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4460 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4461 4462 run_rt3070_rf_read(sc, 51, &rf); 4463 rf = (rf & ~0x03) | 0x01; 4464 run_rt3070_rf_write(sc, 51, rf); 4465 /* Set tx_mx1_cc. */ 4466 run_rt3070_rf_read(sc, 51, &rf); 4467 rf &= ~0x1c; 4468 rf |= (chan <= 14) ? 0x14 : 0x10; 4469 run_rt3070_rf_write(sc, 51, rf); 4470 /* Set tx_mx1_ic. */ 4471 run_rt3070_rf_read(sc, 51, &rf); 4472 rf &= ~0xe0; 4473 rf |= (chan <= 14) ? 0x60 : 0x40; 4474 run_rt3070_rf_write(sc, 51, rf); 4475 /* Set tx_lo1_ic. */ 4476 run_rt3070_rf_read(sc, 49, &rf); 4477 rf &= ~0x1c; 4478 rf |= (chan <= 14) ? 0x0c : 0x08; 4479 run_rt3070_rf_write(sc, 49, rf); 4480 /* Set tx_lo1_en. */ 4481 run_rt3070_rf_read(sc, 50, &rf); 4482 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4483 /* Set drv_cc. */ 4484 run_rt3070_rf_read(sc, 57, &rf); 4485 rf &= ~0xfc; 4486 rf |= (chan <= 14) ? 0x6c : 0x3c; 4487 run_rt3070_rf_write(sc, 57, rf); 4488 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4489 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4490 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4491 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4492 /* Enable VCO calibration. */ 4493 run_rt3070_rf_read(sc, 3, &rf); 4494 rf &= ~RT5390_VCOCAL; 4495 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4496 run_rt3070_rf_write(sc, 3, rf); 4497 4498 if (chan <= 14) 4499 rf = 0x23; 4500 else if (chan <= 64) 4501 rf = 0x36; 4502 else if (chan <= 128) 4503 rf = 0x32; 4504 else 4505 rf = 0x30; 4506 run_rt3070_rf_write(sc, 39, rf); 4507 if (chan <= 14) 4508 rf = 0xbb; 4509 else if (chan <= 64) 4510 rf = 0xeb; 4511 else if (chan <= 128) 4512 rf = 0xb3; 4513 else 4514 rf = 0x9b; 4515 run_rt3070_rf_write(sc, 45, rf); 4516 4517 /* Set FEQ/AEQ control. */ 4518 run_bbp_write(sc, 105, 0x34); 4519 } 4520 4521 static void 4522 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4523 { 4524 int8_t txpow1, txpow2; 4525 uint8_t rf; 4526 int i; 4527 4528 /* find the settings for this channel (we know it exists) */ 4529 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4530 4531 /* use Tx power values from EEPROM */ 4532 txpow1 = sc->txpow1[i]; 4533 txpow2 = sc->txpow2[i]; 4534 4535 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4536 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4537 run_rt3070_rf_read(sc, 11, &rf); 4538 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4539 run_rt3070_rf_write(sc, 11, rf); 4540 4541 run_rt3070_rf_read(sc, 49, &rf); 4542 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4543 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4544 if ((rf & 0x3f) > 0x27) 4545 rf = (rf & ~0x3f) | 0x27; 4546 run_rt3070_rf_write(sc, 49, rf); 4547 4548 if (sc->mac_ver == 0x5392) { 4549 run_rt3070_rf_read(sc, 50, &rf); 4550 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4551 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4552 if ((rf & 0x3f) > 0x27) 4553 rf = (rf & ~0x3f) | 0x27; 4554 run_rt3070_rf_write(sc, 50, rf); 4555 } 4556 4557 run_rt3070_rf_read(sc, 1, &rf); 4558 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4559 if (sc->mac_ver == 0x5392) 4560 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4561 run_rt3070_rf_write(sc, 1, rf); 4562 4563 if (sc->mac_ver != 0x5392) { 4564 run_rt3070_rf_read(sc, 2, &rf); 4565 rf |= 0x80; 4566 run_rt3070_rf_write(sc, 2, rf); 4567 run_delay(sc, 10); 4568 rf &= 0x7f; 4569 run_rt3070_rf_write(sc, 2, rf); 4570 } 4571 4572 run_adjust_freq_offset(sc); 4573 4574 if (sc->mac_ver == 0x5392) { 4575 /* Fix for RT5392C. */ 4576 if (sc->mac_rev >= 0x0223) { 4577 if (chan <= 4) 4578 rf = 0x0f; 4579 else if (chan >= 5 && chan <= 7) 4580 rf = 0x0e; 4581 else 4582 rf = 0x0d; 4583 run_rt3070_rf_write(sc, 23, rf); 4584 4585 if (chan <= 4) 4586 rf = 0x0c; 4587 else if (chan == 5) 4588 rf = 0x0b; 4589 else if (chan >= 6 && chan <= 7) 4590 rf = 0x0a; 4591 else if (chan >= 8 && chan <= 10) 4592 rf = 0x09; 4593 else 4594 rf = 0x08; 4595 run_rt3070_rf_write(sc, 59, rf); 4596 } else { 4597 if (chan <= 11) 4598 rf = 0x0f; 4599 else 4600 rf = 0x0b; 4601 run_rt3070_rf_write(sc, 59, rf); 4602 } 4603 } else { 4604 /* Fix for RT5390F. */ 4605 if (sc->mac_rev >= 0x0502) { 4606 if (chan <= 11) 4607 rf = 0x43; 4608 else 4609 rf = 0x23; 4610 run_rt3070_rf_write(sc, 55, rf); 4611 4612 if (chan <= 11) 4613 rf = 0x0f; 4614 else if (chan == 12) 4615 rf = 0x0d; 4616 else 4617 rf = 0x0b; 4618 run_rt3070_rf_write(sc, 59, rf); 4619 } else { 4620 run_rt3070_rf_write(sc, 55, 0x44); 4621 run_rt3070_rf_write(sc, 59, 0x8f); 4622 } 4623 } 4624 4625 /* Enable VCO calibration. */ 4626 run_rt3070_rf_read(sc, 3, &rf); 4627 rf |= RT5390_VCOCAL; 4628 run_rt3070_rf_write(sc, 3, rf); 4629 } 4630 4631 static void 4632 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4633 { 4634 const struct rt5592_freqs *freqs; 4635 uint32_t tmp; 4636 uint8_t reg, rf, txpow_bound; 4637 int8_t txpow1, txpow2; 4638 int i; 4639 4640 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4641 freqs = (tmp & RT5592_SEL_XTAL) ? 4642 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4643 4644 /* find the settings for this channel (we know it exists) */ 4645 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4646 4647 /* use Tx power values from EEPROM */ 4648 txpow1 = sc->txpow1[i]; 4649 txpow2 = sc->txpow2[i]; 4650 4651 run_read(sc, RT3070_LDO_CFG0, &tmp); 4652 tmp &= ~0x1c000000; 4653 if (chan > 14) 4654 tmp |= 0x14000000; 4655 run_write(sc, RT3070_LDO_CFG0, tmp); 4656 4657 /* N setting. */ 4658 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4659 run_rt3070_rf_read(sc, 9, &rf); 4660 rf &= ~(1 << 4); 4661 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4662 run_rt3070_rf_write(sc, 9, rf); 4663 4664 /* K setting. */ 4665 run_rt3070_rf_read(sc, 9, &rf); 4666 rf &= ~0x0f; 4667 rf |= (freqs->k & 0x0f); 4668 run_rt3070_rf_write(sc, 9, rf); 4669 4670 /* Mode setting. */ 4671 run_rt3070_rf_read(sc, 11, &rf); 4672 rf &= ~0x0c; 4673 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4674 run_rt3070_rf_write(sc, 11, rf); 4675 run_rt3070_rf_read(sc, 9, &rf); 4676 rf &= ~(1 << 7); 4677 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4678 run_rt3070_rf_write(sc, 9, rf); 4679 4680 /* R setting. */ 4681 run_rt3070_rf_read(sc, 11, &rf); 4682 rf &= ~0x03; 4683 rf |= (freqs->r - 0x1); 4684 run_rt3070_rf_write(sc, 11, rf); 4685 4686 if (chan <= 14) { 4687 /* Initialize RF registers for 2GHZ. */ 4688 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4689 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4690 rt5592_2ghz_def_rf[i].val); 4691 } 4692 4693 rf = (chan <= 10) ? 0x07 : 0x06; 4694 run_rt3070_rf_write(sc, 23, rf); 4695 run_rt3070_rf_write(sc, 59, rf); 4696 4697 run_rt3070_rf_write(sc, 55, 0x43); 4698 4699 /* 4700 * RF R49/R50 Tx power ALC code. 4701 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4702 */ 4703 reg = 2; 4704 txpow_bound = 0x27; 4705 } else { 4706 /* Initialize RF registers for 5GHZ. */ 4707 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4708 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4709 rt5592_5ghz_def_rf[i].val); 4710 } 4711 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4712 if (chan >= rt5592_chan_5ghz[i].firstchan && 4713 chan <= rt5592_chan_5ghz[i].lastchan) { 4714 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4715 rt5592_chan_5ghz[i].val); 4716 } 4717 } 4718 4719 /* 4720 * RF R49/R50 Tx power ALC code. 4721 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4722 */ 4723 reg = 3; 4724 txpow_bound = 0x2b; 4725 } 4726 4727 /* RF R49 ch0 Tx power ALC code. */ 4728 run_rt3070_rf_read(sc, 49, &rf); 4729 rf &= ~0xc0; 4730 rf |= (reg << 6); 4731 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4732 if ((rf & 0x3f) > txpow_bound) 4733 rf = (rf & ~0x3f) | txpow_bound; 4734 run_rt3070_rf_write(sc, 49, rf); 4735 4736 /* RF R50 ch1 Tx power ALC code. */ 4737 run_rt3070_rf_read(sc, 50, &rf); 4738 rf &= ~(1 << 7 | 1 << 6); 4739 rf |= (reg << 6); 4740 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4741 if ((rf & 0x3f) > txpow_bound) 4742 rf = (rf & ~0x3f) | txpow_bound; 4743 run_rt3070_rf_write(sc, 50, rf); 4744 4745 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4746 run_rt3070_rf_read(sc, 1, &rf); 4747 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4748 if (sc->ntxchains > 1) 4749 rf |= RT3070_TX1_PD; 4750 if (sc->nrxchains > 1) 4751 rf |= RT3070_RX1_PD; 4752 run_rt3070_rf_write(sc, 1, rf); 4753 4754 run_rt3070_rf_write(sc, 6, 0xe4); 4755 4756 run_rt3070_rf_write(sc, 30, 0x10); 4757 run_rt3070_rf_write(sc, 31, 0x80); 4758 run_rt3070_rf_write(sc, 32, 0x80); 4759 4760 run_adjust_freq_offset(sc); 4761 4762 /* Enable VCO calibration. */ 4763 run_rt3070_rf_read(sc, 3, &rf); 4764 rf |= RT5390_VCOCAL; 4765 run_rt3070_rf_write(sc, 3, rf); 4766 } 4767 4768 static void 4769 run_set_rx_antenna(struct run_softc *sc, int aux) 4770 { 4771 uint32_t tmp; 4772 uint8_t bbp152; 4773 4774 if (aux) { 4775 if (sc->rf_rev == RT5390_RF_5370) { 4776 run_bbp_read(sc, 152, &bbp152); 4777 run_bbp_write(sc, 152, bbp152 & ~0x80); 4778 } else { 4779 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4780 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4781 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4782 } 4783 } else { 4784 if (sc->rf_rev == RT5390_RF_5370) { 4785 run_bbp_read(sc, 152, &bbp152); 4786 run_bbp_write(sc, 152, bbp152 | 0x80); 4787 } else { 4788 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4789 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4790 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4791 } 4792 } 4793 } 4794 4795 static int 4796 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4797 { 4798 struct ieee80211com *ic = &sc->sc_ic; 4799 u_int chan, group; 4800 4801 chan = ieee80211_chan2ieee(ic, c); 4802 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4803 return (EINVAL); 4804 4805 if (sc->mac_ver == 0x5592) 4806 run_rt5592_set_chan(sc, chan); 4807 else if (sc->mac_ver >= 0x5390) 4808 run_rt5390_set_chan(sc, chan); 4809 else if (sc->mac_ver == 0x3593) 4810 run_rt3593_set_chan(sc, chan); 4811 else if (sc->mac_ver == 0x3572) 4812 run_rt3572_set_chan(sc, chan); 4813 else if (sc->mac_ver >= 0x3070) 4814 run_rt3070_set_chan(sc, chan); 4815 else 4816 run_rt2870_set_chan(sc, chan); 4817 4818 /* determine channel group */ 4819 if (chan <= 14) 4820 group = 0; 4821 else if (chan <= 64) 4822 group = 1; 4823 else if (chan <= 128) 4824 group = 2; 4825 else 4826 group = 3; 4827 4828 /* XXX necessary only when group has changed! */ 4829 run_select_chan_group(sc, group); 4830 4831 run_delay(sc, 10); 4832 4833 /* Perform IQ calibration. */ 4834 if (sc->mac_ver >= 0x5392) 4835 run_iq_calib(sc, chan); 4836 4837 return (0); 4838 } 4839 4840 static void 4841 run_set_channel(struct ieee80211com *ic) 4842 { 4843 struct run_softc *sc = ic->ic_softc; 4844 4845 RUN_LOCK(sc); 4846 run_set_chan(sc, ic->ic_curchan); 4847 RUN_UNLOCK(sc); 4848 4849 return; 4850 } 4851 4852 static void 4853 run_getradiocaps(struct ieee80211com *ic, 4854 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4855 { 4856 struct run_softc *sc = ic->ic_softc; 4857 uint8_t bands[IEEE80211_MODE_BYTES]; 4858 4859 memset(bands, 0, sizeof(bands)); 4860 setbit(bands, IEEE80211_MODE_11B); 4861 setbit(bands, IEEE80211_MODE_11G); 4862 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4863 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4864 4865 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4866 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4867 sc->rf_rev == RT5592_RF_5592) { 4868 setbit(bands, IEEE80211_MODE_11A); 4869 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4870 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4871 } 4872 } 4873 4874 static void 4875 run_scan_start(struct ieee80211com *ic) 4876 { 4877 struct run_softc *sc = ic->ic_softc; 4878 uint32_t tmp; 4879 4880 RUN_LOCK(sc); 4881 4882 /* abort TSF synchronization */ 4883 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4884 run_write(sc, RT2860_BCN_TIME_CFG, 4885 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4886 RT2860_TBTT_TIMER_EN)); 4887 run_set_bssid(sc, ieee80211broadcastaddr); 4888 4889 RUN_UNLOCK(sc); 4890 4891 return; 4892 } 4893 4894 static void 4895 run_scan_end(struct ieee80211com *ic) 4896 { 4897 struct run_softc *sc = ic->ic_softc; 4898 4899 RUN_LOCK(sc); 4900 4901 run_enable_tsf_sync(sc); 4902 run_set_bssid(sc, sc->sc_bssid); 4903 4904 RUN_UNLOCK(sc); 4905 4906 return; 4907 } 4908 4909 /* 4910 * Could be called from ieee80211_node_timeout() 4911 * (non-sleepable thread) 4912 */ 4913 static void 4914 run_update_beacon(struct ieee80211vap *vap, int item) 4915 { 4916 struct ieee80211com *ic = vap->iv_ic; 4917 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4918 struct ieee80211_node *ni = vap->iv_bss; 4919 struct run_softc *sc = ic->ic_softc; 4920 struct run_vap *rvp = RUN_VAP(vap); 4921 int mcast = 0; 4922 uint32_t i; 4923 4924 switch (item) { 4925 case IEEE80211_BEACON_ERP: 4926 run_updateslot(ic); 4927 break; 4928 case IEEE80211_BEACON_HTINFO: 4929 run_updateprot(ic); 4930 break; 4931 case IEEE80211_BEACON_TIM: 4932 mcast = 1; /*TODO*/ 4933 break; 4934 default: 4935 break; 4936 } 4937 4938 setbit(bo->bo_flags, item); 4939 if (rvp->beacon_mbuf == NULL) { 4940 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4941 if (rvp->beacon_mbuf == NULL) 4942 return; 4943 } 4944 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4945 4946 i = RUN_CMDQ_GET(&sc->cmdq_store); 4947 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4948 sc->cmdq[i].func = run_update_beacon_cb; 4949 sc->cmdq[i].arg0 = vap; 4950 ieee80211_runtask(ic, &sc->cmdq_task); 4951 4952 return; 4953 } 4954 4955 static void 4956 run_update_beacon_cb(void *arg) 4957 { 4958 struct ieee80211vap *vap = arg; 4959 struct ieee80211_node *ni = vap->iv_bss; 4960 struct run_vap *rvp = RUN_VAP(vap); 4961 struct ieee80211com *ic = vap->iv_ic; 4962 struct run_softc *sc = ic->ic_softc; 4963 struct rt2860_txwi txwi; 4964 struct mbuf *m; 4965 uint16_t txwisize; 4966 uint8_t ridx; 4967 4968 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4969 return; 4970 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4971 return; 4972 4973 /* 4974 * No need to call ieee80211_beacon_update(), run_update_beacon() 4975 * is taking care of appropriate calls. 4976 */ 4977 if (rvp->beacon_mbuf == NULL) { 4978 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4979 if (rvp->beacon_mbuf == NULL) 4980 return; 4981 } 4982 m = rvp->beacon_mbuf; 4983 4984 memset(&txwi, 0, sizeof(txwi)); 4985 txwi.wcid = 0xff; 4986 txwi.len = htole16(m->m_pkthdr.len); 4987 4988 /* send beacons at the lowest available rate */ 4989 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4990 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4991 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4992 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4993 txwi.phy |= htole16(RT2860_PHY_OFDM); 4994 txwi.txop = RT2860_TX_TXOP_HT; 4995 txwi.flags = RT2860_TX_TS; 4996 txwi.xflags = RT2860_TX_NSEQ; 4997 4998 txwisize = (sc->mac_ver == 0x5592) ? 4999 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 5000 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 5001 txwisize); 5002 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 5003 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5004 } 5005 5006 static void 5007 run_updateprot(struct ieee80211com *ic) 5008 { 5009 struct run_softc *sc = ic->ic_softc; 5010 uint32_t i; 5011 5012 i = RUN_CMDQ_GET(&sc->cmdq_store); 5013 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5014 sc->cmdq[i].func = run_updateprot_cb; 5015 sc->cmdq[i].arg0 = ic; 5016 ieee80211_runtask(ic, &sc->cmdq_task); 5017 } 5018 5019 static void 5020 run_updateprot_cb(void *arg) 5021 { 5022 struct ieee80211com *ic = arg; 5023 struct run_softc *sc = ic->ic_softc; 5024 uint32_t tmp; 5025 5026 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5027 /* setup protection frame rate (MCS code) */ 5028 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5029 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5030 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5031 5032 /* CCK frames don't require protection */ 5033 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5034 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5035 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5036 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5037 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5038 tmp |= RT2860_PROT_CTRL_CTS; 5039 } 5040 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5041 } 5042 5043 static void 5044 run_usb_timeout_cb(void *arg) 5045 { 5046 struct ieee80211vap *vap = arg; 5047 struct run_softc *sc = vap->iv_ic->ic_softc; 5048 5049 RUN_LOCK_ASSERT(sc, MA_OWNED); 5050 5051 if(vap->iv_state == IEEE80211_S_RUN && 5052 vap->iv_opmode != IEEE80211_M_STA) 5053 run_reset_livelock(sc); 5054 else if (vap->iv_state == IEEE80211_S_SCAN) { 5055 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5056 "timeout caused by scan\n"); 5057 /* cancel bgscan */ 5058 ieee80211_cancel_scan(vap); 5059 } else 5060 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5061 "timeout by unknown cause\n"); 5062 } 5063 5064 static void 5065 run_reset_livelock(struct run_softc *sc) 5066 { 5067 uint32_t tmp; 5068 5069 RUN_LOCK_ASSERT(sc, MA_OWNED); 5070 5071 /* 5072 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5073 * can run into a livelock and start sending CTS-to-self frames like 5074 * crazy if protection is enabled. Reset MAC/BBP for a while 5075 */ 5076 run_read(sc, RT2860_DEBUG, &tmp); 5077 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5078 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5079 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5080 "CTS-to-self livelock detected\n"); 5081 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5082 run_delay(sc, 1); 5083 run_write(sc, RT2860_MAC_SYS_CTRL, 5084 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5085 } 5086 } 5087 5088 static void 5089 run_update_promisc_locked(struct run_softc *sc) 5090 { 5091 uint32_t tmp; 5092 5093 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5094 5095 tmp |= RT2860_DROP_UC_NOME; 5096 if (sc->sc_ic.ic_promisc > 0) 5097 tmp &= ~RT2860_DROP_UC_NOME; 5098 5099 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5100 5101 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5102 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5103 } 5104 5105 static void 5106 run_update_promisc(struct ieee80211com *ic) 5107 { 5108 struct run_softc *sc = ic->ic_softc; 5109 5110 if ((sc->sc_flags & RUN_RUNNING) == 0) 5111 return; 5112 5113 RUN_LOCK(sc); 5114 run_update_promisc_locked(sc); 5115 RUN_UNLOCK(sc); 5116 } 5117 5118 static void 5119 run_enable_tsf_sync(struct run_softc *sc) 5120 { 5121 struct ieee80211com *ic = &sc->sc_ic; 5122 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5123 uint32_t tmp; 5124 5125 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5126 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5127 5128 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5129 tmp &= ~0x1fffff; 5130 tmp |= vap->iv_bss->ni_intval * 16; 5131 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5132 5133 if (ic->ic_opmode == IEEE80211_M_STA) { 5134 /* 5135 * Local TSF is always updated with remote TSF on beacon 5136 * reception. 5137 */ 5138 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5139 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5140 tmp |= RT2860_BCN_TX_EN; 5141 /* 5142 * Local TSF is updated with remote TSF on beacon reception 5143 * only if the remote TSF is greater than local TSF. 5144 */ 5145 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5146 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5147 ic->ic_opmode == IEEE80211_M_MBSS) { 5148 tmp |= RT2860_BCN_TX_EN; 5149 /* SYNC with nobody */ 5150 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5151 } else { 5152 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5153 "Enabling TSF failed. undefined opmode\n"); 5154 return; 5155 } 5156 5157 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5158 } 5159 5160 static void 5161 run_enable_tsf(struct run_softc *sc) 5162 { 5163 uint32_t tmp; 5164 5165 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5166 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5167 tmp |= RT2860_TSF_TIMER_EN; 5168 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5169 } 5170 } 5171 5172 static void 5173 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5174 { 5175 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5176 sizeof(*buf)); 5177 } 5178 5179 static void 5180 run_enable_mrr(struct run_softc *sc) 5181 { 5182 #define CCK(mcs) (mcs) 5183 #define OFDM(mcs) (1 << 3 | (mcs)) 5184 run_write(sc, RT2860_LG_FBK_CFG0, 5185 OFDM(6) << 28 | /* 54->48 */ 5186 OFDM(5) << 24 | /* 48->36 */ 5187 OFDM(4) << 20 | /* 36->24 */ 5188 OFDM(3) << 16 | /* 24->18 */ 5189 OFDM(2) << 12 | /* 18->12 */ 5190 OFDM(1) << 8 | /* 12-> 9 */ 5191 OFDM(0) << 4 | /* 9-> 6 */ 5192 OFDM(0)); /* 6-> 6 */ 5193 5194 run_write(sc, RT2860_LG_FBK_CFG1, 5195 CCK(2) << 12 | /* 11->5.5 */ 5196 CCK(1) << 8 | /* 5.5-> 2 */ 5197 CCK(0) << 4 | /* 2-> 1 */ 5198 CCK(0)); /* 1-> 1 */ 5199 #undef OFDM 5200 #undef CCK 5201 } 5202 5203 static void 5204 run_set_txpreamble(struct run_softc *sc) 5205 { 5206 struct ieee80211com *ic = &sc->sc_ic; 5207 uint32_t tmp; 5208 5209 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5210 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5211 tmp |= RT2860_CCK_SHORT_EN; 5212 else 5213 tmp &= ~RT2860_CCK_SHORT_EN; 5214 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5215 } 5216 5217 static void 5218 run_set_basicrates(struct run_softc *sc) 5219 { 5220 struct ieee80211com *ic = &sc->sc_ic; 5221 5222 /* set basic rates mask */ 5223 if (ic->ic_curmode == IEEE80211_MODE_11B) 5224 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5225 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5226 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5227 else /* 11g */ 5228 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5229 } 5230 5231 static void 5232 run_set_leds(struct run_softc *sc, uint16_t which) 5233 { 5234 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5235 which | (sc->leds & 0x7f)); 5236 } 5237 5238 static void 5239 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5240 { 5241 run_write(sc, RT2860_MAC_BSSID_DW0, 5242 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5243 run_write(sc, RT2860_MAC_BSSID_DW1, 5244 bssid[4] | bssid[5] << 8); 5245 } 5246 5247 static void 5248 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5249 { 5250 run_write(sc, RT2860_MAC_ADDR_DW0, 5251 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5252 run_write(sc, RT2860_MAC_ADDR_DW1, 5253 addr[4] | addr[5] << 8 | 0xff << 16); 5254 } 5255 5256 static void 5257 run_updateslot(struct ieee80211com *ic) 5258 { 5259 struct run_softc *sc = ic->ic_softc; 5260 uint32_t i; 5261 5262 i = RUN_CMDQ_GET(&sc->cmdq_store); 5263 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5264 sc->cmdq[i].func = run_updateslot_cb; 5265 sc->cmdq[i].arg0 = ic; 5266 ieee80211_runtask(ic, &sc->cmdq_task); 5267 5268 return; 5269 } 5270 5271 /* ARGSUSED */ 5272 static void 5273 run_updateslot_cb(void *arg) 5274 { 5275 struct ieee80211com *ic = arg; 5276 struct run_softc *sc = ic->ic_softc; 5277 uint32_t tmp; 5278 5279 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5280 tmp &= ~0xff; 5281 tmp |= IEEE80211_GET_SLOTTIME(ic); 5282 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5283 } 5284 5285 static void 5286 run_update_mcast(struct ieee80211com *ic) 5287 { 5288 } 5289 5290 static int8_t 5291 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5292 { 5293 struct ieee80211com *ic = &sc->sc_ic; 5294 struct ieee80211_channel *c = ic->ic_curchan; 5295 int delta; 5296 5297 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5298 u_int chan = ieee80211_chan2ieee(ic, c); 5299 delta = sc->rssi_5ghz[rxchain]; 5300 5301 /* determine channel group */ 5302 if (chan <= 64) 5303 delta -= sc->lna[1]; 5304 else if (chan <= 128) 5305 delta -= sc->lna[2]; 5306 else 5307 delta -= sc->lna[3]; 5308 } else 5309 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5310 5311 return (-12 - delta - rssi); 5312 } 5313 5314 static void 5315 run_rt5390_bbp_init(struct run_softc *sc) 5316 { 5317 u_int i; 5318 uint8_t bbp; 5319 5320 /* Apply maximum likelihood detection for 2 stream case. */ 5321 run_bbp_read(sc, 105, &bbp); 5322 if (sc->nrxchains > 1) 5323 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5324 5325 /* Avoid data lost and CRC error. */ 5326 run_bbp_read(sc, 4, &bbp); 5327 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5328 5329 if (sc->mac_ver == 0x5592) { 5330 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5331 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5332 rt5592_def_bbp[i].val); 5333 } 5334 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5335 run_bbp_write(sc, 195, i + 0x80); 5336 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5337 } 5338 } else { 5339 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5340 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5341 rt5390_def_bbp[i].val); 5342 } 5343 } 5344 if (sc->mac_ver == 0x5392) { 5345 run_bbp_write(sc, 88, 0x90); 5346 run_bbp_write(sc, 95, 0x9a); 5347 run_bbp_write(sc, 98, 0x12); 5348 run_bbp_write(sc, 106, 0x12); 5349 run_bbp_write(sc, 134, 0xd0); 5350 run_bbp_write(sc, 135, 0xf6); 5351 run_bbp_write(sc, 148, 0x84); 5352 } 5353 5354 run_bbp_read(sc, 152, &bbp); 5355 run_bbp_write(sc, 152, bbp | 0x80); 5356 5357 /* Fix BBP254 for RT5592C. */ 5358 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5359 run_bbp_read(sc, 254, &bbp); 5360 run_bbp_write(sc, 254, bbp | 0x80); 5361 } 5362 5363 /* Disable hardware antenna diversity. */ 5364 if (sc->mac_ver == 0x5390) 5365 run_bbp_write(sc, 154, 0); 5366 5367 /* Initialize Rx CCK/OFDM frequency offset report. */ 5368 run_bbp_write(sc, 142, 1); 5369 run_bbp_write(sc, 143, 57); 5370 } 5371 5372 static int 5373 run_bbp_init(struct run_softc *sc) 5374 { 5375 int i, error, ntries; 5376 uint8_t bbp0; 5377 5378 /* wait for BBP to wake up */ 5379 for (ntries = 0; ntries < 20; ntries++) { 5380 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5381 return error; 5382 if (bbp0 != 0 && bbp0 != 0xff) 5383 break; 5384 } 5385 if (ntries == 20) 5386 return (ETIMEDOUT); 5387 5388 /* initialize BBP registers to default values */ 5389 if (sc->mac_ver >= 0x5390) 5390 run_rt5390_bbp_init(sc); 5391 else { 5392 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5393 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5394 rt2860_def_bbp[i].val); 5395 } 5396 } 5397 5398 if (sc->mac_ver == 0x3593) { 5399 run_bbp_write(sc, 79, 0x13); 5400 run_bbp_write(sc, 80, 0x05); 5401 run_bbp_write(sc, 81, 0x33); 5402 run_bbp_write(sc, 86, 0x46); 5403 run_bbp_write(sc, 137, 0x0f); 5404 } 5405 5406 /* fix BBP84 for RT2860E */ 5407 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5408 run_bbp_write(sc, 84, 0x19); 5409 5410 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5411 sc->mac_ver != 0x5592)) { 5412 run_bbp_write(sc, 79, 0x13); 5413 run_bbp_write(sc, 80, 0x05); 5414 run_bbp_write(sc, 81, 0x33); 5415 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5416 run_bbp_write(sc, 69, 0x16); 5417 run_bbp_write(sc, 73, 0x12); 5418 } 5419 return (0); 5420 } 5421 5422 static int 5423 run_rt3070_rf_init(struct run_softc *sc) 5424 { 5425 uint32_t tmp; 5426 uint8_t bbp4, mingain, rf, target; 5427 u_int i; 5428 5429 run_rt3070_rf_read(sc, 30, &rf); 5430 /* toggle RF R30 bit 7 */ 5431 run_rt3070_rf_write(sc, 30, rf | 0x80); 5432 run_delay(sc, 10); 5433 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5434 5435 /* initialize RF registers to default value */ 5436 if (sc->mac_ver == 0x3572) { 5437 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5438 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5439 rt3572_def_rf[i].val); 5440 } 5441 } else { 5442 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5443 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5444 rt3070_def_rf[i].val); 5445 } 5446 } 5447 5448 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5449 /* 5450 * Change voltage from 1.2V to 1.35V for RT3070. 5451 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5452 * in RT3070(F). 5453 */ 5454 run_read(sc, RT3070_LDO_CFG0, &tmp); 5455 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5456 run_write(sc, RT3070_LDO_CFG0, tmp); 5457 5458 } else if (sc->mac_ver == 0x3071) { 5459 run_rt3070_rf_read(sc, 6, &rf); 5460 run_rt3070_rf_write(sc, 6, rf | 0x40); 5461 run_rt3070_rf_write(sc, 31, 0x14); 5462 5463 run_read(sc, RT3070_LDO_CFG0, &tmp); 5464 tmp &= ~0x1f000000; 5465 if (sc->mac_rev < 0x0211) 5466 tmp |= 0x0d000000; /* 1.3V */ 5467 else 5468 tmp |= 0x01000000; /* 1.2V */ 5469 run_write(sc, RT3070_LDO_CFG0, tmp); 5470 5471 /* patch LNA_PE_G1 */ 5472 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5473 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5474 5475 } else if (sc->mac_ver == 0x3572) { 5476 run_rt3070_rf_read(sc, 6, &rf); 5477 run_rt3070_rf_write(sc, 6, rf | 0x40); 5478 5479 /* increase voltage from 1.2V to 1.35V */ 5480 run_read(sc, RT3070_LDO_CFG0, &tmp); 5481 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5482 run_write(sc, RT3070_LDO_CFG0, tmp); 5483 5484 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5485 run_delay(sc, 1); /* wait for 1msec */ 5486 /* decrease voltage back to 1.2V */ 5487 tmp = (tmp & ~0x1f000000) | 0x01000000; 5488 run_write(sc, RT3070_LDO_CFG0, tmp); 5489 } 5490 } 5491 5492 /* select 20MHz bandwidth */ 5493 run_rt3070_rf_read(sc, 31, &rf); 5494 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5495 5496 /* calibrate filter for 20MHz bandwidth */ 5497 sc->rf24_20mhz = 0x1f; /* default value */ 5498 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5499 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5500 5501 /* select 40MHz bandwidth */ 5502 run_bbp_read(sc, 4, &bbp4); 5503 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5504 run_rt3070_rf_read(sc, 31, &rf); 5505 run_rt3070_rf_write(sc, 31, rf | 0x20); 5506 5507 /* calibrate filter for 40MHz bandwidth */ 5508 sc->rf24_40mhz = 0x2f; /* default value */ 5509 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5510 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5511 5512 /* go back to 20MHz bandwidth */ 5513 run_bbp_read(sc, 4, &bbp4); 5514 run_bbp_write(sc, 4, bbp4 & ~0x18); 5515 5516 if (sc->mac_ver == 0x3572) { 5517 /* save default BBP registers 25 and 26 values */ 5518 run_bbp_read(sc, 25, &sc->bbp25); 5519 run_bbp_read(sc, 26, &sc->bbp26); 5520 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5521 run_rt3070_rf_write(sc, 27, 0x03); 5522 5523 run_read(sc, RT3070_OPT_14, &tmp); 5524 run_write(sc, RT3070_OPT_14, tmp | 1); 5525 5526 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5527 run_rt3070_rf_read(sc, 17, &rf); 5528 rf &= ~RT3070_TX_LO1; 5529 if ((sc->mac_ver == 0x3070 || 5530 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5531 !sc->ext_2ghz_lna) 5532 rf |= 0x20; /* fix for long range Rx issue */ 5533 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5534 if (sc->txmixgain_2ghz >= mingain) 5535 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5536 run_rt3070_rf_write(sc, 17, rf); 5537 } 5538 5539 if (sc->mac_ver == 0x3071) { 5540 run_rt3070_rf_read(sc, 1, &rf); 5541 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5542 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5543 run_rt3070_rf_write(sc, 1, rf); 5544 5545 run_rt3070_rf_read(sc, 15, &rf); 5546 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5547 5548 run_rt3070_rf_read(sc, 20, &rf); 5549 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5550 5551 run_rt3070_rf_read(sc, 21, &rf); 5552 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5553 } 5554 5555 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5556 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5557 run_rt3070_rf_read(sc, 27, &rf); 5558 rf &= ~0x77; 5559 if (sc->mac_rev < 0x0211) 5560 rf |= 0x03; 5561 run_rt3070_rf_write(sc, 27, rf); 5562 } 5563 return (0); 5564 } 5565 5566 static void 5567 run_rt3593_rf_init(struct run_softc *sc) 5568 { 5569 uint32_t tmp; 5570 uint8_t rf; 5571 u_int i; 5572 5573 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5574 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5575 tmp &= ~(1 << 4 | 1 << 7); 5576 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5577 5578 /* Initialize RF registers to default value. */ 5579 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5580 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5581 rt3593_def_rf[i].val); 5582 } 5583 5584 /* Toggle RF R2 to initiate calibration. */ 5585 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5586 5587 /* Initialize RF frequency offset. */ 5588 run_adjust_freq_offset(sc); 5589 5590 run_rt3070_rf_read(sc, 18, &rf); 5591 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5592 5593 /* 5594 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5595 * decrease voltage back to 1.2V. 5596 */ 5597 run_read(sc, RT3070_LDO_CFG0, &tmp); 5598 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5599 run_write(sc, RT3070_LDO_CFG0, tmp); 5600 run_delay(sc, 1); 5601 tmp = (tmp & ~0x1f000000) | 0x01000000; 5602 run_write(sc, RT3070_LDO_CFG0, tmp); 5603 5604 sc->rf24_20mhz = 0x1f; 5605 sc->rf24_40mhz = 0x2f; 5606 5607 /* Save default BBP registers 25 and 26 values. */ 5608 run_bbp_read(sc, 25, &sc->bbp25); 5609 run_bbp_read(sc, 26, &sc->bbp26); 5610 5611 run_read(sc, RT3070_OPT_14, &tmp); 5612 run_write(sc, RT3070_OPT_14, tmp | 1); 5613 } 5614 5615 static void 5616 run_rt5390_rf_init(struct run_softc *sc) 5617 { 5618 uint32_t tmp; 5619 uint8_t rf; 5620 u_int i; 5621 5622 /* Toggle RF R2 to initiate calibration. */ 5623 if (sc->mac_ver == 0x5390) { 5624 run_rt3070_rf_read(sc, 2, &rf); 5625 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5626 run_delay(sc, 10); 5627 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5628 } else { 5629 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5630 run_delay(sc, 10); 5631 } 5632 5633 /* Initialize RF registers to default value. */ 5634 if (sc->mac_ver == 0x5592) { 5635 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5636 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5637 rt5592_def_rf[i].val); 5638 } 5639 /* Initialize RF frequency offset. */ 5640 run_adjust_freq_offset(sc); 5641 } else if (sc->mac_ver == 0x5392) { 5642 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5643 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5644 rt5392_def_rf[i].val); 5645 } 5646 if (sc->mac_rev >= 0x0223) { 5647 run_rt3070_rf_write(sc, 23, 0x0f); 5648 run_rt3070_rf_write(sc, 24, 0x3e); 5649 run_rt3070_rf_write(sc, 51, 0x32); 5650 run_rt3070_rf_write(sc, 53, 0x22); 5651 run_rt3070_rf_write(sc, 56, 0xc1); 5652 run_rt3070_rf_write(sc, 59, 0x0f); 5653 } 5654 } else { 5655 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5656 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5657 rt5390_def_rf[i].val); 5658 } 5659 if (sc->mac_rev >= 0x0502) { 5660 run_rt3070_rf_write(sc, 6, 0xe0); 5661 run_rt3070_rf_write(sc, 25, 0x80); 5662 run_rt3070_rf_write(sc, 46, 0x73); 5663 run_rt3070_rf_write(sc, 53, 0x00); 5664 run_rt3070_rf_write(sc, 56, 0x42); 5665 run_rt3070_rf_write(sc, 61, 0xd1); 5666 } 5667 } 5668 5669 sc->rf24_20mhz = 0x1f; /* default value */ 5670 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5671 5672 if (sc->mac_rev < 0x0211) 5673 run_rt3070_rf_write(sc, 27, 0x3); 5674 5675 run_read(sc, RT3070_OPT_14, &tmp); 5676 run_write(sc, RT3070_OPT_14, tmp | 1); 5677 } 5678 5679 static int 5680 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5681 uint8_t *val) 5682 { 5683 uint8_t rf22, rf24; 5684 uint8_t bbp55_pb, bbp55_sb, delta; 5685 int ntries; 5686 5687 /* program filter */ 5688 run_rt3070_rf_read(sc, 24, &rf24); 5689 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5690 run_rt3070_rf_write(sc, 24, rf24); 5691 5692 /* enable baseband loopback mode */ 5693 run_rt3070_rf_read(sc, 22, &rf22); 5694 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5695 5696 /* set power and frequency of passband test tone */ 5697 run_bbp_write(sc, 24, 0x00); 5698 for (ntries = 0; ntries < 100; ntries++) { 5699 /* transmit test tone */ 5700 run_bbp_write(sc, 25, 0x90); 5701 run_delay(sc, 10); 5702 /* read received power */ 5703 run_bbp_read(sc, 55, &bbp55_pb); 5704 if (bbp55_pb != 0) 5705 break; 5706 } 5707 if (ntries == 100) 5708 return (ETIMEDOUT); 5709 5710 /* set power and frequency of stopband test tone */ 5711 run_bbp_write(sc, 24, 0x06); 5712 for (ntries = 0; ntries < 100; ntries++) { 5713 /* transmit test tone */ 5714 run_bbp_write(sc, 25, 0x90); 5715 run_delay(sc, 10); 5716 /* read received power */ 5717 run_bbp_read(sc, 55, &bbp55_sb); 5718 5719 delta = bbp55_pb - bbp55_sb; 5720 if (delta > target) 5721 break; 5722 5723 /* reprogram filter */ 5724 rf24++; 5725 run_rt3070_rf_write(sc, 24, rf24); 5726 } 5727 if (ntries < 100) { 5728 if (rf24 != init) 5729 rf24--; /* backtrack */ 5730 *val = rf24; 5731 run_rt3070_rf_write(sc, 24, rf24); 5732 } 5733 5734 /* restore initial state */ 5735 run_bbp_write(sc, 24, 0x00); 5736 5737 /* disable baseband loopback mode */ 5738 run_rt3070_rf_read(sc, 22, &rf22); 5739 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5740 5741 return (0); 5742 } 5743 5744 static void 5745 run_rt3070_rf_setup(struct run_softc *sc) 5746 { 5747 uint8_t bbp, rf; 5748 int i; 5749 5750 if (sc->mac_ver == 0x3572) { 5751 /* enable DC filter */ 5752 if (sc->mac_rev >= 0x0201) 5753 run_bbp_write(sc, 103, 0xc0); 5754 5755 run_bbp_read(sc, 138, &bbp); 5756 if (sc->ntxchains == 1) 5757 bbp |= 0x20; /* turn off DAC1 */ 5758 if (sc->nrxchains == 1) 5759 bbp &= ~0x02; /* turn off ADC1 */ 5760 run_bbp_write(sc, 138, bbp); 5761 5762 if (sc->mac_rev >= 0x0211) { 5763 /* improve power consumption */ 5764 run_bbp_read(sc, 31, &bbp); 5765 run_bbp_write(sc, 31, bbp & ~0x03); 5766 } 5767 5768 run_rt3070_rf_read(sc, 16, &rf); 5769 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5770 run_rt3070_rf_write(sc, 16, rf); 5771 5772 } else if (sc->mac_ver == 0x3071) { 5773 if (sc->mac_rev >= 0x0211) { 5774 /* enable DC filter */ 5775 run_bbp_write(sc, 103, 0xc0); 5776 5777 /* improve power consumption */ 5778 run_bbp_read(sc, 31, &bbp); 5779 run_bbp_write(sc, 31, bbp & ~0x03); 5780 } 5781 5782 run_bbp_read(sc, 138, &bbp); 5783 if (sc->ntxchains == 1) 5784 bbp |= 0x20; /* turn off DAC1 */ 5785 if (sc->nrxchains == 1) 5786 bbp &= ~0x02; /* turn off ADC1 */ 5787 run_bbp_write(sc, 138, bbp); 5788 5789 run_write(sc, RT2860_TX_SW_CFG1, 0); 5790 if (sc->mac_rev < 0x0211) { 5791 run_write(sc, RT2860_TX_SW_CFG2, 5792 sc->patch_dac ? 0x2c : 0x0f); 5793 } else 5794 run_write(sc, RT2860_TX_SW_CFG2, 0); 5795 5796 } else if (sc->mac_ver == 0x3070) { 5797 if (sc->mac_rev >= 0x0201) { 5798 /* enable DC filter */ 5799 run_bbp_write(sc, 103, 0xc0); 5800 5801 /* improve power consumption */ 5802 run_bbp_read(sc, 31, &bbp); 5803 run_bbp_write(sc, 31, bbp & ~0x03); 5804 } 5805 5806 if (sc->mac_rev < 0x0201) { 5807 run_write(sc, RT2860_TX_SW_CFG1, 0); 5808 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5809 } else 5810 run_write(sc, RT2860_TX_SW_CFG2, 0); 5811 } 5812 5813 /* initialize RF registers from ROM for >=RT3071*/ 5814 if (sc->mac_ver >= 0x3071) { 5815 for (i = 0; i < 10; i++) { 5816 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5817 continue; 5818 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5819 } 5820 } 5821 } 5822 5823 static void 5824 run_rt3593_rf_setup(struct run_softc *sc) 5825 { 5826 uint8_t bbp, rf; 5827 5828 if (sc->mac_rev >= 0x0211) { 5829 /* Enable DC filter. */ 5830 run_bbp_write(sc, 103, 0xc0); 5831 } 5832 run_write(sc, RT2860_TX_SW_CFG1, 0); 5833 if (sc->mac_rev < 0x0211) { 5834 run_write(sc, RT2860_TX_SW_CFG2, 5835 sc->patch_dac ? 0x2c : 0x0f); 5836 } else 5837 run_write(sc, RT2860_TX_SW_CFG2, 0); 5838 5839 run_rt3070_rf_read(sc, 50, &rf); 5840 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5841 5842 run_rt3070_rf_read(sc, 51, &rf); 5843 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5844 ((sc->txmixgain_2ghz & 0x07) << 2); 5845 run_rt3070_rf_write(sc, 51, rf); 5846 5847 run_rt3070_rf_read(sc, 38, &rf); 5848 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5849 5850 run_rt3070_rf_read(sc, 39, &rf); 5851 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5852 5853 run_rt3070_rf_read(sc, 1, &rf); 5854 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5855 5856 run_rt3070_rf_read(sc, 30, &rf); 5857 rf = (rf & ~0x18) | 0x10; 5858 run_rt3070_rf_write(sc, 30, rf); 5859 5860 /* Apply maximum likelihood detection for 2 stream case. */ 5861 run_bbp_read(sc, 105, &bbp); 5862 if (sc->nrxchains > 1) 5863 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5864 5865 /* Avoid data lost and CRC error. */ 5866 run_bbp_read(sc, 4, &bbp); 5867 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5868 5869 run_bbp_write(sc, 92, 0x02); 5870 run_bbp_write(sc, 82, 0x82); 5871 run_bbp_write(sc, 106, 0x05); 5872 run_bbp_write(sc, 104, 0x92); 5873 run_bbp_write(sc, 88, 0x90); 5874 run_bbp_write(sc, 148, 0xc8); 5875 run_bbp_write(sc, 47, 0x48); 5876 run_bbp_write(sc, 120, 0x50); 5877 5878 run_bbp_write(sc, 163, 0x9d); 5879 5880 /* SNR mapping. */ 5881 run_bbp_write(sc, 142, 0x06); 5882 run_bbp_write(sc, 143, 0xa0); 5883 run_bbp_write(sc, 142, 0x07); 5884 run_bbp_write(sc, 143, 0xa1); 5885 run_bbp_write(sc, 142, 0x08); 5886 run_bbp_write(sc, 143, 0xa2); 5887 5888 run_bbp_write(sc, 31, 0x08); 5889 run_bbp_write(sc, 68, 0x0b); 5890 run_bbp_write(sc, 105, 0x04); 5891 } 5892 5893 static void 5894 run_rt5390_rf_setup(struct run_softc *sc) 5895 { 5896 uint8_t bbp, rf; 5897 5898 if (sc->mac_rev >= 0x0211) { 5899 /* Enable DC filter. */ 5900 run_bbp_write(sc, 103, 0xc0); 5901 5902 if (sc->mac_ver != 0x5592) { 5903 /* Improve power consumption. */ 5904 run_bbp_read(sc, 31, &bbp); 5905 run_bbp_write(sc, 31, bbp & ~0x03); 5906 } 5907 } 5908 5909 run_bbp_read(sc, 138, &bbp); 5910 if (sc->ntxchains == 1) 5911 bbp |= 0x20; /* turn off DAC1 */ 5912 if (sc->nrxchains == 1) 5913 bbp &= ~0x02; /* turn off ADC1 */ 5914 run_bbp_write(sc, 138, bbp); 5915 5916 run_rt3070_rf_read(sc, 38, &rf); 5917 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5918 5919 run_rt3070_rf_read(sc, 39, &rf); 5920 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5921 5922 /* Avoid data lost and CRC error. */ 5923 run_bbp_read(sc, 4, &bbp); 5924 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5925 5926 run_rt3070_rf_read(sc, 30, &rf); 5927 rf = (rf & ~0x18) | 0x10; 5928 run_rt3070_rf_write(sc, 30, rf); 5929 5930 if (sc->mac_ver != 0x5592) { 5931 run_write(sc, RT2860_TX_SW_CFG1, 0); 5932 if (sc->mac_rev < 0x0211) { 5933 run_write(sc, RT2860_TX_SW_CFG2, 5934 sc->patch_dac ? 0x2c : 0x0f); 5935 } else 5936 run_write(sc, RT2860_TX_SW_CFG2, 0); 5937 } 5938 } 5939 5940 static int 5941 run_txrx_enable(struct run_softc *sc) 5942 { 5943 struct ieee80211com *ic = &sc->sc_ic; 5944 uint32_t tmp; 5945 int error, ntries; 5946 5947 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5948 for (ntries = 0; ntries < 200; ntries++) { 5949 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5950 return (error); 5951 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5952 break; 5953 run_delay(sc, 50); 5954 } 5955 if (ntries == 200) 5956 return (ETIMEDOUT); 5957 5958 run_delay(sc, 50); 5959 5960 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5961 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5962 5963 /* enable Rx bulk aggregation (set timeout and limit) */ 5964 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5965 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5966 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5967 5968 /* set Rx filter */ 5969 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5970 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5971 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5972 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5973 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5974 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5975 if (ic->ic_opmode == IEEE80211_M_STA) 5976 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5977 } 5978 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5979 5980 run_write(sc, RT2860_MAC_SYS_CTRL, 5981 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5982 5983 return (0); 5984 } 5985 5986 static void 5987 run_adjust_freq_offset(struct run_softc *sc) 5988 { 5989 uint8_t rf, tmp; 5990 5991 run_rt3070_rf_read(sc, 17, &rf); 5992 tmp = rf; 5993 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5994 rf = MIN(rf, 0x5f); 5995 5996 if (tmp != rf) 5997 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5998 } 5999 6000 static void 6001 run_init_locked(struct run_softc *sc) 6002 { 6003 struct ieee80211com *ic = &sc->sc_ic; 6004 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6005 uint32_t tmp; 6006 uint8_t bbp1, bbp3; 6007 int i; 6008 int ridx; 6009 int ntries; 6010 6011 if (ic->ic_nrunning > 1) 6012 return; 6013 6014 run_stop(sc); 6015 6016 if (run_load_microcode(sc) != 0) { 6017 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6018 goto fail; 6019 } 6020 6021 for (ntries = 0; ntries < 100; ntries++) { 6022 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6023 goto fail; 6024 if (tmp != 0 && tmp != 0xffffffff) 6025 break; 6026 run_delay(sc, 10); 6027 } 6028 if (ntries == 100) 6029 goto fail; 6030 6031 for (i = 0; i != RUN_EP_QUEUES; i++) 6032 run_setup_tx_list(sc, &sc->sc_epq[i]); 6033 6034 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6035 6036 for (ntries = 0; ntries < 100; ntries++) { 6037 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6038 goto fail; 6039 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6040 break; 6041 run_delay(sc, 10); 6042 } 6043 if (ntries == 100) { 6044 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6045 goto fail; 6046 } 6047 tmp &= 0xff0; 6048 tmp |= RT2860_TX_WB_DDONE; 6049 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6050 6051 /* turn off PME_OEN to solve high-current issue */ 6052 run_read(sc, RT2860_SYS_CTRL, &tmp); 6053 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6054 6055 run_write(sc, RT2860_MAC_SYS_CTRL, 6056 RT2860_BBP_HRST | RT2860_MAC_SRST); 6057 run_write(sc, RT2860_USB_DMA_CFG, 0); 6058 6059 if (run_reset(sc) != 0) { 6060 device_printf(sc->sc_dev, "could not reset chipset\n"); 6061 goto fail; 6062 } 6063 6064 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6065 6066 /* init Tx power for all Tx rates (from EEPROM) */ 6067 for (ridx = 0; ridx < 5; ridx++) { 6068 if (sc->txpow20mhz[ridx] == 0xffffffff) 6069 continue; 6070 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6071 } 6072 6073 for (i = 0; i < nitems(rt2870_def_mac); i++) 6074 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6075 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6076 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6077 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6078 6079 if (sc->mac_ver >= 0x5390) { 6080 run_write(sc, RT2860_TX_SW_CFG0, 6081 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6082 if (sc->mac_ver >= 0x5392) { 6083 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6084 if (sc->mac_ver == 0x5592) { 6085 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6086 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6087 } else { 6088 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6089 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6090 } 6091 } 6092 } else if (sc->mac_ver == 0x3593) { 6093 run_write(sc, RT2860_TX_SW_CFG0, 6094 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6095 } else if (sc->mac_ver >= 0x3070) { 6096 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6097 run_write(sc, RT2860_TX_SW_CFG0, 6098 4 << RT2860_DLY_PAPE_EN_SHIFT); 6099 } 6100 6101 /* wait while MAC is busy */ 6102 for (ntries = 0; ntries < 100; ntries++) { 6103 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6104 goto fail; 6105 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6106 break; 6107 run_delay(sc, 10); 6108 } 6109 if (ntries == 100) 6110 goto fail; 6111 6112 /* clear Host to MCU mailbox */ 6113 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6114 run_write(sc, RT2860_H2M_MAILBOX, 0); 6115 run_delay(sc, 10); 6116 6117 if (run_bbp_init(sc) != 0) { 6118 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6119 goto fail; 6120 } 6121 6122 /* abort TSF synchronization */ 6123 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6124 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6125 RT2860_TBTT_TIMER_EN); 6126 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6127 6128 /* clear RX WCID search table */ 6129 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6130 /* clear WCID attribute table */ 6131 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6132 6133 /* hostapd sets a key before init. So, don't clear it. */ 6134 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6135 /* clear shared key table */ 6136 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6137 /* clear shared key mode */ 6138 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6139 } 6140 6141 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6142 tmp = (tmp & ~0xff) | 0x1e; 6143 run_write(sc, RT2860_US_CYC_CNT, tmp); 6144 6145 if (sc->mac_rev != 0x0101) 6146 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6147 6148 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6149 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6150 6151 /* write vendor-specific BBP values (from EEPROM) */ 6152 if (sc->mac_ver < 0x3593) { 6153 for (i = 0; i < 10; i++) { 6154 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6155 continue; 6156 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6157 } 6158 } 6159 6160 /* select Main antenna for 1T1R devices */ 6161 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6162 run_set_rx_antenna(sc, 0); 6163 6164 /* send LEDs operating mode to microcontroller */ 6165 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6166 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6167 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6168 6169 if (sc->mac_ver >= 0x5390) 6170 run_rt5390_rf_init(sc); 6171 else if (sc->mac_ver == 0x3593) 6172 run_rt3593_rf_init(sc); 6173 else if (sc->mac_ver >= 0x3070) 6174 run_rt3070_rf_init(sc); 6175 6176 /* disable non-existing Rx chains */ 6177 run_bbp_read(sc, 3, &bbp3); 6178 bbp3 &= ~(1 << 3 | 1 << 4); 6179 if (sc->nrxchains == 2) 6180 bbp3 |= 1 << 3; 6181 else if (sc->nrxchains == 3) 6182 bbp3 |= 1 << 4; 6183 run_bbp_write(sc, 3, bbp3); 6184 6185 /* disable non-existing Tx chains */ 6186 run_bbp_read(sc, 1, &bbp1); 6187 if (sc->ntxchains == 1) 6188 bbp1 &= ~(1 << 3 | 1 << 4); 6189 run_bbp_write(sc, 1, bbp1); 6190 6191 if (sc->mac_ver >= 0x5390) 6192 run_rt5390_rf_setup(sc); 6193 else if (sc->mac_ver == 0x3593) 6194 run_rt3593_rf_setup(sc); 6195 else if (sc->mac_ver >= 0x3070) 6196 run_rt3070_rf_setup(sc); 6197 6198 /* select default channel */ 6199 run_set_chan(sc, ic->ic_curchan); 6200 6201 /* setup initial protection mode */ 6202 run_updateprot_cb(ic); 6203 6204 /* turn radio LED on */ 6205 run_set_leds(sc, RT2860_LED_RADIO); 6206 6207 sc->sc_flags |= RUN_RUNNING; 6208 sc->cmdq_run = RUN_CMDQ_GO; 6209 6210 for (i = 0; i != RUN_N_XFER; i++) 6211 usbd_xfer_set_stall(sc->sc_xfer[i]); 6212 6213 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6214 6215 if (run_txrx_enable(sc) != 0) 6216 goto fail; 6217 6218 return; 6219 6220 fail: 6221 run_stop(sc); 6222 } 6223 6224 static void 6225 run_stop(void *arg) 6226 { 6227 struct run_softc *sc = (struct run_softc *)arg; 6228 uint32_t tmp; 6229 int i; 6230 int ntries; 6231 6232 RUN_LOCK_ASSERT(sc, MA_OWNED); 6233 6234 if (sc->sc_flags & RUN_RUNNING) 6235 run_set_leds(sc, 0); /* turn all LEDs off */ 6236 6237 sc->sc_flags &= ~RUN_RUNNING; 6238 6239 sc->ratectl_run = RUN_RATECTL_OFF; 6240 sc->cmdq_run = sc->cmdq_key_set; 6241 6242 RUN_UNLOCK(sc); 6243 6244 for(i = 0; i < RUN_N_XFER; i++) 6245 usbd_transfer_drain(sc->sc_xfer[i]); 6246 6247 RUN_LOCK(sc); 6248 6249 run_drain_mbufq(sc); 6250 6251 if (sc->rx_m != NULL) { 6252 m_free(sc->rx_m); 6253 sc->rx_m = NULL; 6254 } 6255 6256 /* Disable Tx/Rx DMA. */ 6257 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6258 return; 6259 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6260 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6261 6262 for (ntries = 0; ntries < 100; ntries++) { 6263 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6264 return; 6265 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6266 break; 6267 run_delay(sc, 10); 6268 } 6269 if (ntries == 100) { 6270 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6271 return; 6272 } 6273 6274 /* disable Tx/Rx */ 6275 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6276 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6277 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6278 6279 /* wait for pending Tx to complete */ 6280 for (ntries = 0; ntries < 100; ntries++) { 6281 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6282 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6283 "Cannot read Tx queue count\n"); 6284 break; 6285 } 6286 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6287 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6288 "All Tx cleared\n"); 6289 break; 6290 } 6291 run_delay(sc, 10); 6292 } 6293 if (ntries >= 100) 6294 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6295 "There are still pending Tx\n"); 6296 run_delay(sc, 10); 6297 run_write(sc, RT2860_USB_DMA_CFG, 0); 6298 6299 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6300 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6301 6302 for (i = 0; i != RUN_EP_QUEUES; i++) 6303 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6304 } 6305 6306 static void 6307 run_delay(struct run_softc *sc, u_int ms) 6308 { 6309 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6310 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6311 } 6312 6313 static device_method_t run_methods[] = { 6314 /* Device interface */ 6315 DEVMETHOD(device_probe, run_match), 6316 DEVMETHOD(device_attach, run_attach), 6317 DEVMETHOD(device_detach, run_detach), 6318 DEVMETHOD_END 6319 }; 6320 6321 static driver_t run_driver = { 6322 .name = "run", 6323 .methods = run_methods, 6324 .size = sizeof(struct run_softc) 6325 }; 6326 6327 static devclass_t run_devclass; 6328 6329 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6330 MODULE_DEPEND(run, wlan, 1, 1, 1); 6331 MODULE_DEPEND(run, usb, 1, 1, 1); 6332 MODULE_DEPEND(run, firmware, 1, 1, 1); 6333 MODULE_VERSION(run, 1); 6334 USB_PNP_HOST_INFO(run_devs); 6335