1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/eventhandler.h> 32 #include <sys/sockio.h> 33 #include <sys/sysctl.h> 34 #include <sys/lock.h> 35 #include <sys/mutex.h> 36 #include <sys/mbuf.h> 37 #include <sys/kernel.h> 38 #include <sys/socket.h> 39 #include <sys/systm.h> 40 #include <sys/malloc.h> 41 #include <sys/module.h> 42 #include <sys/bus.h> 43 #include <sys/endian.h> 44 #include <sys/linker.h> 45 #include <sys/firmware.h> 46 #include <sys/kdb.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_var.h> 51 #include <net/if_arp.h> 52 #include <net/ethernet.h> 53 #include <net/if_dl.h> 54 #include <net/if_media.h> 55 #include <net/if_types.h> 56 57 #include <netinet/in.h> 58 #include <netinet/in_systm.h> 59 #include <netinet/in_var.h> 60 #include <netinet/if_ether.h> 61 #include <netinet/ip.h> 62 63 #include <net80211/ieee80211_var.h> 64 #include <net80211/ieee80211_regdomain.h> 65 #include <net80211/ieee80211_radiotap.h> 66 #include <net80211/ieee80211_ratectl.h> 67 68 #include <dev/usb/usb.h> 69 #include <dev/usb/usbdi.h> 70 #include "usbdevs.h" 71 72 #define USB_DEBUG_VAR run_debug 73 #include <dev/usb/usb_debug.h> 74 #include <dev/usb/usb_msctest.h> 75 76 #include <dev/usb/wlan/if_runreg.h> 77 #include <dev/usb/wlan/if_runvar.h> 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 87 "run debug level"); 88 89 enum { 90 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 91 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 92 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 93 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 94 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 95 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 96 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 97 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 98 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 99 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 100 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 101 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 102 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 103 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 104 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 105 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 106 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 107 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 108 RUN_DEBUG_ANY = 0xffffffff 109 }; 110 111 #define RUN_DPRINTF(_sc, _m, ...) do { \ 112 if (run_debug & (_m)) \ 113 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 114 } while(0) 115 #else 116 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 117 #endif 118 119 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 120 121 /* 122 * Because of LOR in run_key_delete(), use atomic instead. 123 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 124 */ 125 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 126 127 static const STRUCT_USB_HOST_ID run_devs[] = { 128 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 129 #define RUN_DEV_EJECT(v,p) \ 130 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 131 #define RUN_EJECT 1 132 RUN_DEV(ABOCOM, RT2770), 133 RUN_DEV(ABOCOM, RT2870), 134 RUN_DEV(ABOCOM, RT3070), 135 RUN_DEV(ABOCOM, RT3071), 136 RUN_DEV(ABOCOM, RT3072), 137 RUN_DEV(ABOCOM2, RT2870_1), 138 RUN_DEV(ACCTON, RT2770), 139 RUN_DEV(ACCTON, RT2870_1), 140 RUN_DEV(ACCTON, RT2870_2), 141 RUN_DEV(ACCTON, RT2870_3), 142 RUN_DEV(ACCTON, RT2870_4), 143 RUN_DEV(ACCTON, RT2870_5), 144 RUN_DEV(ACCTON, RT3070), 145 RUN_DEV(ACCTON, RT3070_1), 146 RUN_DEV(ACCTON, RT3070_2), 147 RUN_DEV(ACCTON, RT3070_3), 148 RUN_DEV(ACCTON, RT3070_4), 149 RUN_DEV(ACCTON, RT3070_5), 150 RUN_DEV(AIRTIES, RT3070), 151 RUN_DEV(ALLWIN, RT2070), 152 RUN_DEV(ALLWIN, RT2770), 153 RUN_DEV(ALLWIN, RT2870), 154 RUN_DEV(ALLWIN, RT3070), 155 RUN_DEV(ALLWIN, RT3071), 156 RUN_DEV(ALLWIN, RT3072), 157 RUN_DEV(ALLWIN, RT3572), 158 RUN_DEV(AMIGO, RT2870_1), 159 RUN_DEV(AMIGO, RT2870_2), 160 RUN_DEV(AMIT, CGWLUSB2GNR), 161 RUN_DEV(AMIT, RT2870_1), 162 RUN_DEV(AMIT2, RT2870), 163 RUN_DEV(ASUS, RT2870_1), 164 RUN_DEV(ASUS, RT2870_2), 165 RUN_DEV(ASUS, RT2870_3), 166 RUN_DEV(ASUS, RT2870_4), 167 RUN_DEV(ASUS, RT2870_5), 168 RUN_DEV(ASUS, USBN13), 169 RUN_DEV(ASUS, RT3070_1), 170 RUN_DEV(ASUS, USBN66), 171 RUN_DEV(ASUS, USB_N53), 172 RUN_DEV(ASUS2, USBN11), 173 RUN_DEV(AZUREWAVE, RT2870_1), 174 RUN_DEV(AZUREWAVE, RT2870_2), 175 RUN_DEV(AZUREWAVE, RT3070_1), 176 RUN_DEV(AZUREWAVE, RT3070_2), 177 RUN_DEV(AZUREWAVE, RT3070_3), 178 RUN_DEV(BELKIN, F9L1103), 179 RUN_DEV(BELKIN, F5D8053V3), 180 RUN_DEV(BELKIN, F5D8055), 181 RUN_DEV(BELKIN, F5D8055V2), 182 RUN_DEV(BELKIN, F6D4050V1), 183 RUN_DEV(BELKIN, F6D4050V2), 184 RUN_DEV(BELKIN, RT2870_1), 185 RUN_DEV(BELKIN, RT2870_2), 186 RUN_DEV(CISCOLINKSYS, AE1000), 187 RUN_DEV(CISCOLINKSYS2, RT3070), 188 RUN_DEV(CISCOLINKSYS3, RT3070), 189 RUN_DEV(CONCEPTRONIC2, RT2870_1), 190 RUN_DEV(CONCEPTRONIC2, RT2870_2), 191 RUN_DEV(CONCEPTRONIC2, RT2870_3), 192 RUN_DEV(CONCEPTRONIC2, RT2870_4), 193 RUN_DEV(CONCEPTRONIC2, RT2870_5), 194 RUN_DEV(CONCEPTRONIC2, RT2870_6), 195 RUN_DEV(CONCEPTRONIC2, RT2870_7), 196 RUN_DEV(CONCEPTRONIC2, RT2870_8), 197 RUN_DEV(CONCEPTRONIC2, RT3070_1), 198 RUN_DEV(CONCEPTRONIC2, RT3070_2), 199 RUN_DEV(CONCEPTRONIC2, VIGORN61), 200 RUN_DEV(COREGA, CGWLUSB300GNM), 201 RUN_DEV(COREGA, RT2870_1), 202 RUN_DEV(COREGA, RT2870_2), 203 RUN_DEV(COREGA, RT2870_3), 204 RUN_DEV(COREGA, RT3070), 205 RUN_DEV(CYBERTAN, RT2870), 206 RUN_DEV(DLINK, RT2870), 207 RUN_DEV(DLINK, RT3072), 208 RUN_DEV(DLINK, DWA125A3), 209 RUN_DEV(DLINK, DWA127), 210 RUN_DEV(DLINK, DWA140B3), 211 RUN_DEV(DLINK, DWA160B2), 212 RUN_DEV(DLINK, DWA140D1), 213 RUN_DEV(DLINK, DWA162), 214 RUN_DEV(DLINK2, DWA130), 215 RUN_DEV(DLINK2, RT2870_1), 216 RUN_DEV(DLINK2, RT2870_2), 217 RUN_DEV(DLINK2, RT3070_1), 218 RUN_DEV(DLINK2, RT3070_2), 219 RUN_DEV(DLINK2, RT3070_3), 220 RUN_DEV(DLINK2, RT3070_4), 221 RUN_DEV(DLINK2, RT3070_5), 222 RUN_DEV(DLINK2, RT3072), 223 RUN_DEV(DLINK2, RT3072_1), 224 RUN_DEV(EDIMAX, EW7717), 225 RUN_DEV(EDIMAX, EW7718), 226 RUN_DEV(EDIMAX, EW7733UND), 227 RUN_DEV(EDIMAX, RT2870_1), 228 RUN_DEV(ENCORE, RT3070_1), 229 RUN_DEV(ENCORE, RT3070_2), 230 RUN_DEV(ENCORE, RT3070_3), 231 RUN_DEV(GIGABYTE, GNWB31N), 232 RUN_DEV(GIGABYTE, GNWB32L), 233 RUN_DEV(GIGABYTE, RT2870_1), 234 RUN_DEV(GIGASET, RT3070_1), 235 RUN_DEV(GIGASET, RT3070_2), 236 RUN_DEV(GUILLEMOT, HWNU300), 237 RUN_DEV(HAWKING, HWUN2), 238 RUN_DEV(HAWKING, RT2870_1), 239 RUN_DEV(HAWKING, RT2870_2), 240 RUN_DEV(HAWKING, RT3070), 241 RUN_DEV(IODATA, RT3072_1), 242 RUN_DEV(IODATA, RT3072_2), 243 RUN_DEV(IODATA, RT3072_3), 244 RUN_DEV(IODATA, RT3072_4), 245 RUN_DEV(LINKSYS4, RT3070), 246 RUN_DEV(LINKSYS4, WUSB100), 247 RUN_DEV(LINKSYS4, WUSB54GCV3), 248 RUN_DEV(LINKSYS4, WUSB600N), 249 RUN_DEV(LINKSYS4, WUSB600NV2), 250 RUN_DEV(LOGITEC, RT2870_1), 251 RUN_DEV(LOGITEC, RT2870_2), 252 RUN_DEV(LOGITEC, RT2870_3), 253 RUN_DEV(LOGITEC, LANW300NU2), 254 RUN_DEV(LOGITEC, LANW150NU2), 255 RUN_DEV(LOGITEC, LANW300NU2S), 256 RUN_DEV(MELCO, WLIUCG300HP), 257 RUN_DEV(MELCO, RT2870_2), 258 RUN_DEV(MELCO, WLIUCAG300N), 259 RUN_DEV(MELCO, WLIUCG300N), 260 RUN_DEV(MELCO, WLIUCG301N), 261 RUN_DEV(MELCO, WLIUCGN), 262 RUN_DEV(MELCO, WLIUCGNM), 263 RUN_DEV(MELCO, WLIUCG300HPV1), 264 RUN_DEV(MELCO, WLIUCGNM2), 265 RUN_DEV(MOTOROLA4, RT2770), 266 RUN_DEV(MOTOROLA4, RT3070), 267 RUN_DEV(MSI, RT3070_1), 268 RUN_DEV(MSI, RT3070_2), 269 RUN_DEV(MSI, RT3070_3), 270 RUN_DEV(MSI, RT3070_4), 271 RUN_DEV(MSI, RT3070_5), 272 RUN_DEV(MSI, RT3070_6), 273 RUN_DEV(MSI, RT3070_7), 274 RUN_DEV(MSI, RT3070_8), 275 RUN_DEV(MSI, RT3070_9), 276 RUN_DEV(MSI, RT3070_10), 277 RUN_DEV(MSI, RT3070_11), 278 RUN_DEV(NETGEAR, WNDA4100), 279 RUN_DEV(OVISLINK, RT3072), 280 RUN_DEV(PARA, RT3070), 281 RUN_DEV(PEGATRON, RT2870), 282 RUN_DEV(PEGATRON, RT3070), 283 RUN_DEV(PEGATRON, RT3070_2), 284 RUN_DEV(PEGATRON, RT3070_3), 285 RUN_DEV(PHILIPS, RT2870), 286 RUN_DEV(PLANEX2, GWUS300MINIS), 287 RUN_DEV(PLANEX2, GWUSMICRON), 288 RUN_DEV(PLANEX2, RT2870), 289 RUN_DEV(PLANEX2, RT3070), 290 RUN_DEV(QCOM, RT2870), 291 RUN_DEV(QUANTA, RT3070), 292 RUN_DEV(RALINK, RT2070), 293 RUN_DEV(RALINK, RT2770), 294 RUN_DEV(RALINK, RT2870), 295 RUN_DEV(RALINK, RT3070), 296 RUN_DEV(RALINK, RT3071), 297 RUN_DEV(RALINK, RT3072), 298 RUN_DEV(RALINK, RT3370), 299 RUN_DEV(RALINK, RT3572), 300 RUN_DEV(RALINK, RT3573), 301 RUN_DEV(RALINK, RT5370), 302 RUN_DEV(RALINK, RT5372), 303 RUN_DEV(RALINK, RT5572), 304 RUN_DEV(RALINK, RT8070), 305 RUN_DEV(SAMSUNG, WIS09ABGN), 306 RUN_DEV(SAMSUNG2, RT2870_1), 307 RUN_DEV(SENAO, RT2870_1), 308 RUN_DEV(SENAO, RT2870_2), 309 RUN_DEV(SENAO, RT2870_3), 310 RUN_DEV(SENAO, RT2870_4), 311 RUN_DEV(SENAO, RT3070), 312 RUN_DEV(SENAO, RT3071), 313 RUN_DEV(SENAO, RT3072_1), 314 RUN_DEV(SENAO, RT3072_2), 315 RUN_DEV(SENAO, RT3072_3), 316 RUN_DEV(SENAO, RT3072_4), 317 RUN_DEV(SENAO, RT3072_5), 318 RUN_DEV(SITECOMEU, RT2770), 319 RUN_DEV(SITECOMEU, RT2870_1), 320 RUN_DEV(SITECOMEU, RT2870_2), 321 RUN_DEV(SITECOMEU, RT2870_3), 322 RUN_DEV(SITECOMEU, RT2870_4), 323 RUN_DEV(SITECOMEU, RT3070), 324 RUN_DEV(SITECOMEU, RT3070_2), 325 RUN_DEV(SITECOMEU, RT3070_3), 326 RUN_DEV(SITECOMEU, RT3070_4), 327 RUN_DEV(SITECOMEU, RT3071), 328 RUN_DEV(SITECOMEU, RT3072_1), 329 RUN_DEV(SITECOMEU, RT3072_2), 330 RUN_DEV(SITECOMEU, RT3072_3), 331 RUN_DEV(SITECOMEU, RT3072_4), 332 RUN_DEV(SITECOMEU, RT3072_5), 333 RUN_DEV(SITECOMEU, RT3072_6), 334 RUN_DEV(SITECOMEU, WL608), 335 RUN_DEV(SPARKLAN, RT2870_1), 336 RUN_DEV(SPARKLAN, RT3070), 337 RUN_DEV(SWEEX2, LW153), 338 RUN_DEV(SWEEX2, LW303), 339 RUN_DEV(SWEEX2, LW313), 340 RUN_DEV(TOSHIBA, RT3070), 341 RUN_DEV(UMEDIA, RT2870_1), 342 RUN_DEV(ZCOM, RT2870_1), 343 RUN_DEV(ZCOM, RT2870_2), 344 RUN_DEV(ZINWELL, RT2870_1), 345 RUN_DEV(ZINWELL, RT2870_2), 346 RUN_DEV(ZINWELL, RT3070), 347 RUN_DEV(ZINWELL, RT3072_1), 348 RUN_DEV(ZINWELL, RT3072_2), 349 RUN_DEV(ZYXEL, RT2870_1), 350 RUN_DEV(ZYXEL, RT2870_2), 351 RUN_DEV(ZYXEL, RT3070), 352 RUN_DEV_EJECT(ZYXEL, NWD2705), 353 RUN_DEV_EJECT(RALINK, RT_STOR), 354 #undef RUN_DEV_EJECT 355 #undef RUN_DEV 356 }; 357 358 static device_probe_t run_match; 359 static device_attach_t run_attach; 360 static device_detach_t run_detach; 361 362 static usb_callback_t run_bulk_rx_callback; 363 static usb_callback_t run_bulk_tx_callback0; 364 static usb_callback_t run_bulk_tx_callback1; 365 static usb_callback_t run_bulk_tx_callback2; 366 static usb_callback_t run_bulk_tx_callback3; 367 static usb_callback_t run_bulk_tx_callback4; 368 static usb_callback_t run_bulk_tx_callback5; 369 370 static void run_autoinst(void *, struct usb_device *, 371 struct usb_attach_arg *); 372 static int run_driver_loaded(struct module *, int, void *); 373 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 374 usb_error_t error, u_int index); 375 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 376 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 377 const uint8_t [IEEE80211_ADDR_LEN], 378 const uint8_t [IEEE80211_ADDR_LEN]); 379 static void run_vap_delete(struct ieee80211vap *); 380 static void run_cmdq_cb(void *, int); 381 static void run_setup_tx_list(struct run_softc *, 382 struct run_endpoint_queue *); 383 static void run_unsetup_tx_list(struct run_softc *, 384 struct run_endpoint_queue *); 385 static int run_load_microcode(struct run_softc *); 386 static int run_reset(struct run_softc *); 387 static usb_error_t run_do_request(struct run_softc *, 388 struct usb_device_request *, void *); 389 static int run_read(struct run_softc *, uint16_t, uint32_t *); 390 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 391 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 392 static int run_write(struct run_softc *, uint16_t, uint32_t); 393 static int run_write_region_1(struct run_softc *, uint16_t, 394 const uint8_t *, int); 395 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 396 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 397 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 398 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 399 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 400 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 401 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 402 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 403 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 404 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 405 static const char *run_get_rf(uint16_t); 406 static void run_rt3593_get_txpower(struct run_softc *); 407 static void run_get_txpower(struct run_softc *); 408 static int run_read_eeprom(struct run_softc *); 409 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 410 const uint8_t mac[IEEE80211_ADDR_LEN]); 411 static int run_media_change(struct ifnet *); 412 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 413 static int run_wme_update(struct ieee80211com *); 414 static void run_key_set_cb(void *); 415 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 416 static void run_key_delete_cb(void *); 417 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 418 static void run_ratectl_to(void *); 419 static void run_ratectl_cb(void *, int); 420 static void run_drain_fifo(void *); 421 static void run_iter_func(void *, struct ieee80211_node *); 422 static void run_newassoc_cb(void *); 423 static void run_newassoc(struct ieee80211_node *, int); 424 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 425 const struct ieee80211_rx_stats *, int, int); 426 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 427 static void run_tx_free(struct run_endpoint_queue *pq, 428 struct run_tx_data *, int); 429 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 430 static int run_tx(struct run_softc *, struct mbuf *, 431 struct ieee80211_node *); 432 static int run_tx_mgt(struct run_softc *, struct mbuf *, 433 struct ieee80211_node *); 434 static int run_sendprot(struct run_softc *, const struct mbuf *, 435 struct ieee80211_node *, int, int); 436 static int run_tx_param(struct run_softc *, struct mbuf *, 437 struct ieee80211_node *, 438 const struct ieee80211_bpf_params *); 439 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 440 const struct ieee80211_bpf_params *); 441 static int run_transmit(struct ieee80211com *, struct mbuf *); 442 static void run_start(struct run_softc *); 443 static void run_parent(struct ieee80211com *); 444 static void run_iq_calib(struct run_softc *, u_int); 445 static void run_set_agc(struct run_softc *, uint8_t); 446 static void run_select_chan_group(struct run_softc *, int); 447 static void run_set_rx_antenna(struct run_softc *, int); 448 static void run_rt2870_set_chan(struct run_softc *, u_int); 449 static void run_rt3070_set_chan(struct run_softc *, u_int); 450 static void run_rt3572_set_chan(struct run_softc *, u_int); 451 static void run_rt3593_set_chan(struct run_softc *, u_int); 452 static void run_rt5390_set_chan(struct run_softc *, u_int); 453 static void run_rt5592_set_chan(struct run_softc *, u_int); 454 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 455 static void run_set_channel(struct ieee80211com *); 456 static void run_getradiocaps(struct ieee80211com *, int, int *, 457 struct ieee80211_channel[]); 458 static void run_scan_start(struct ieee80211com *); 459 static void run_scan_end(struct ieee80211com *); 460 static void run_update_beacon(struct ieee80211vap *, int); 461 static void run_update_beacon_cb(void *); 462 static void run_updateprot(struct ieee80211com *); 463 static void run_updateprot_cb(void *); 464 static void run_usb_timeout_cb(void *); 465 static void run_reset_livelock(struct run_softc *); 466 static void run_enable_tsf_sync(struct run_softc *); 467 static void run_enable_tsf(struct run_softc *); 468 static void run_disable_tsf(struct run_softc *); 469 static void run_get_tsf(struct run_softc *, uint64_t *); 470 static void run_enable_mrr(struct run_softc *); 471 static void run_set_txpreamble(struct run_softc *); 472 static void run_set_basicrates(struct run_softc *); 473 static void run_set_leds(struct run_softc *, uint16_t); 474 static void run_set_bssid(struct run_softc *, const uint8_t *); 475 static void run_set_macaddr(struct run_softc *, const uint8_t *); 476 static void run_updateslot(struct ieee80211com *); 477 static void run_updateslot_cb(void *); 478 static void run_update_mcast(struct ieee80211com *); 479 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 480 static void run_update_promisc_locked(struct run_softc *); 481 static void run_update_promisc(struct ieee80211com *); 482 static void run_rt5390_bbp_init(struct run_softc *); 483 static int run_bbp_init(struct run_softc *); 484 static int run_rt3070_rf_init(struct run_softc *); 485 static void run_rt3593_rf_init(struct run_softc *); 486 static void run_rt5390_rf_init(struct run_softc *); 487 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 488 uint8_t *); 489 static void run_rt3070_rf_setup(struct run_softc *); 490 static void run_rt3593_rf_setup(struct run_softc *); 491 static void run_rt5390_rf_setup(struct run_softc *); 492 static int run_txrx_enable(struct run_softc *); 493 static void run_adjust_freq_offset(struct run_softc *); 494 static void run_init_locked(struct run_softc *); 495 static void run_stop(void *); 496 static void run_delay(struct run_softc *, u_int); 497 498 static eventhandler_tag run_etag; 499 500 static const struct rt2860_rate { 501 uint8_t rate; 502 uint8_t mcs; 503 enum ieee80211_phytype phy; 504 uint8_t ctl_ridx; 505 uint16_t sp_ack_dur; 506 uint16_t lp_ack_dur; 507 } rt2860_rates[] = { 508 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 509 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 510 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 511 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 512 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 513 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 514 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 515 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 516 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 517 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 518 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 519 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 520 }; 521 522 static const struct { 523 uint16_t reg; 524 uint32_t val; 525 } rt2870_def_mac[] = { 526 RT2870_DEF_MAC 527 }; 528 529 static const struct { 530 uint8_t reg; 531 uint8_t val; 532 } rt2860_def_bbp[] = { 533 RT2860_DEF_BBP 534 },rt5390_def_bbp[] = { 535 RT5390_DEF_BBP 536 },rt5592_def_bbp[] = { 537 RT5592_DEF_BBP 538 }; 539 540 /* 541 * Default values for BBP register R196 for RT5592. 542 */ 543 static const uint8_t rt5592_bbp_r196[] = { 544 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 545 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 546 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 547 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 548 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 549 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 551 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 552 0x2e, 0x36, 0x30, 0x6e 553 }; 554 555 static const struct rfprog { 556 uint8_t chan; 557 uint32_t r1, r2, r3, r4; 558 } rt2860_rf2850[] = { 559 RT2860_RF2850 560 }; 561 562 struct { 563 uint8_t n, r, k; 564 } rt3070_freqs[] = { 565 RT3070_RF3052 566 }; 567 568 static const struct rt5592_freqs { 569 uint16_t n; 570 uint8_t k, m, r; 571 } rt5592_freqs_20mhz[] = { 572 RT5592_RF5592_20MHZ 573 },rt5592_freqs_40mhz[] = { 574 RT5592_RF5592_40MHZ 575 }; 576 577 static const struct { 578 uint8_t reg; 579 uint8_t val; 580 } rt3070_def_rf[] = { 581 RT3070_DEF_RF 582 },rt3572_def_rf[] = { 583 RT3572_DEF_RF 584 },rt3593_def_rf[] = { 585 RT3593_DEF_RF 586 },rt5390_def_rf[] = { 587 RT5390_DEF_RF 588 },rt5392_def_rf[] = { 589 RT5392_DEF_RF 590 },rt5592_def_rf[] = { 591 RT5592_DEF_RF 592 },rt5592_2ghz_def_rf[] = { 593 RT5592_2GHZ_DEF_RF 594 },rt5592_5ghz_def_rf[] = { 595 RT5592_5GHZ_DEF_RF 596 }; 597 598 static const struct { 599 u_int firstchan; 600 u_int lastchan; 601 uint8_t reg; 602 uint8_t val; 603 } rt5592_chan_5ghz[] = { 604 RT5592_CHAN_5GHZ 605 }; 606 607 static const struct usb_config run_config[RUN_N_XFER] = { 608 [RUN_BULK_TX_BE] = { 609 .type = UE_BULK, 610 .endpoint = UE_ADDR_ANY, 611 .ep_index = 0, 612 .direction = UE_DIR_OUT, 613 .bufsize = RUN_MAX_TXSZ, 614 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 615 .callback = run_bulk_tx_callback0, 616 .timeout = 5000, /* ms */ 617 }, 618 [RUN_BULK_TX_BK] = { 619 .type = UE_BULK, 620 .endpoint = UE_ADDR_ANY, 621 .direction = UE_DIR_OUT, 622 .ep_index = 1, 623 .bufsize = RUN_MAX_TXSZ, 624 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 625 .callback = run_bulk_tx_callback1, 626 .timeout = 5000, /* ms */ 627 }, 628 [RUN_BULK_TX_VI] = { 629 .type = UE_BULK, 630 .endpoint = UE_ADDR_ANY, 631 .direction = UE_DIR_OUT, 632 .ep_index = 2, 633 .bufsize = RUN_MAX_TXSZ, 634 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 635 .callback = run_bulk_tx_callback2, 636 .timeout = 5000, /* ms */ 637 }, 638 [RUN_BULK_TX_VO] = { 639 .type = UE_BULK, 640 .endpoint = UE_ADDR_ANY, 641 .direction = UE_DIR_OUT, 642 .ep_index = 3, 643 .bufsize = RUN_MAX_TXSZ, 644 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 645 .callback = run_bulk_tx_callback3, 646 .timeout = 5000, /* ms */ 647 }, 648 [RUN_BULK_TX_HCCA] = { 649 .type = UE_BULK, 650 .endpoint = UE_ADDR_ANY, 651 .direction = UE_DIR_OUT, 652 .ep_index = 4, 653 .bufsize = RUN_MAX_TXSZ, 654 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 655 .callback = run_bulk_tx_callback4, 656 .timeout = 5000, /* ms */ 657 }, 658 [RUN_BULK_TX_PRIO] = { 659 .type = UE_BULK, 660 .endpoint = UE_ADDR_ANY, 661 .direction = UE_DIR_OUT, 662 .ep_index = 5, 663 .bufsize = RUN_MAX_TXSZ, 664 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 665 .callback = run_bulk_tx_callback5, 666 .timeout = 5000, /* ms */ 667 }, 668 [RUN_BULK_RX] = { 669 .type = UE_BULK, 670 .endpoint = UE_ADDR_ANY, 671 .direction = UE_DIR_IN, 672 .bufsize = RUN_MAX_RXSZ, 673 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 674 .callback = run_bulk_rx_callback, 675 } 676 }; 677 678 static void 679 run_autoinst(void *arg, struct usb_device *udev, 680 struct usb_attach_arg *uaa) 681 { 682 struct usb_interface *iface; 683 struct usb_interface_descriptor *id; 684 685 if (uaa->dev_state != UAA_DEV_READY) 686 return; 687 688 iface = usbd_get_iface(udev, 0); 689 if (iface == NULL) 690 return; 691 id = iface->idesc; 692 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 693 return; 694 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 695 return; 696 697 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 698 uaa->dev_state = UAA_DEV_EJECTING; 699 } 700 701 static int 702 run_driver_loaded(struct module *mod, int what, void *arg) 703 { 704 switch (what) { 705 case MOD_LOAD: 706 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 707 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 708 break; 709 case MOD_UNLOAD: 710 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 711 break; 712 default: 713 return (EOPNOTSUPP); 714 } 715 return (0); 716 } 717 718 static int 719 run_match(device_t self) 720 { 721 struct usb_attach_arg *uaa = device_get_ivars(self); 722 723 if (uaa->usb_mode != USB_MODE_HOST) 724 return (ENXIO); 725 if (uaa->info.bConfigIndex != 0) 726 return (ENXIO); 727 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 728 return (ENXIO); 729 730 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 731 } 732 733 static int 734 run_attach(device_t self) 735 { 736 struct run_softc *sc = device_get_softc(self); 737 struct usb_attach_arg *uaa = device_get_ivars(self); 738 struct ieee80211com *ic = &sc->sc_ic; 739 uint32_t ver; 740 uint8_t iface_index; 741 int ntries, error; 742 743 device_set_usb_desc(self); 744 sc->sc_udev = uaa->device; 745 sc->sc_dev = self; 746 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 747 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 748 749 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 750 MTX_NETWORK_LOCK, MTX_DEF); 751 mbufq_init(&sc->sc_snd, ifqmaxlen); 752 753 iface_index = RT2860_IFACE_INDEX; 754 755 error = usbd_transfer_setup(uaa->device, &iface_index, 756 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 757 if (error) { 758 device_printf(self, "could not allocate USB transfers, " 759 "err=%s\n", usbd_errstr(error)); 760 goto detach; 761 } 762 763 RUN_LOCK(sc); 764 765 /* wait for the chip to settle */ 766 for (ntries = 0; ntries < 100; ntries++) { 767 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 768 RUN_UNLOCK(sc); 769 goto detach; 770 } 771 if (ver != 0 && ver != 0xffffffff) 772 break; 773 run_delay(sc, 10); 774 } 775 if (ntries == 100) { 776 device_printf(sc->sc_dev, 777 "timeout waiting for NIC to initialize\n"); 778 RUN_UNLOCK(sc); 779 goto detach; 780 } 781 sc->mac_ver = ver >> 16; 782 sc->mac_rev = ver & 0xffff; 783 784 /* retrieve RF rev. no and various other things from EEPROM */ 785 run_read_eeprom(sc); 786 787 device_printf(sc->sc_dev, 788 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 789 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 790 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 791 792 RUN_UNLOCK(sc); 793 794 ic->ic_softc = sc; 795 ic->ic_name = device_get_nameunit(self); 796 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 797 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 798 799 /* set device capabilities */ 800 ic->ic_caps = 801 IEEE80211_C_STA | /* station mode supported */ 802 IEEE80211_C_MONITOR | /* monitor mode supported */ 803 IEEE80211_C_IBSS | 804 IEEE80211_C_HOSTAP | 805 IEEE80211_C_WDS | /* 4-address traffic works */ 806 IEEE80211_C_MBSS | 807 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 808 IEEE80211_C_SHSLOT | /* short slot time supported */ 809 IEEE80211_C_WME | /* WME */ 810 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 811 812 ic->ic_cryptocaps = 813 IEEE80211_CRYPTO_WEP | 814 IEEE80211_CRYPTO_AES_CCM | 815 IEEE80211_CRYPTO_TKIPMIC | 816 IEEE80211_CRYPTO_TKIP; 817 818 ic->ic_flags |= IEEE80211_F_DATAPAD; 819 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 820 821 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 822 ic->ic_channels); 823 824 ieee80211_ifattach(ic); 825 826 ic->ic_scan_start = run_scan_start; 827 ic->ic_scan_end = run_scan_end; 828 ic->ic_set_channel = run_set_channel; 829 ic->ic_getradiocaps = run_getradiocaps; 830 ic->ic_node_alloc = run_node_alloc; 831 ic->ic_newassoc = run_newassoc; 832 ic->ic_updateslot = run_updateslot; 833 ic->ic_update_mcast = run_update_mcast; 834 ic->ic_wme.wme_update = run_wme_update; 835 ic->ic_raw_xmit = run_raw_xmit; 836 ic->ic_update_promisc = run_update_promisc; 837 ic->ic_vap_create = run_vap_create; 838 ic->ic_vap_delete = run_vap_delete; 839 ic->ic_transmit = run_transmit; 840 ic->ic_parent = run_parent; 841 842 ieee80211_radiotap_attach(ic, 843 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 844 RUN_TX_RADIOTAP_PRESENT, 845 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 846 RUN_RX_RADIOTAP_PRESENT); 847 848 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 849 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 850 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 851 852 if (bootverbose) 853 ieee80211_announce(ic); 854 855 return (0); 856 857 detach: 858 run_detach(self); 859 return (ENXIO); 860 } 861 862 static void 863 run_drain_mbufq(struct run_softc *sc) 864 { 865 struct mbuf *m; 866 struct ieee80211_node *ni; 867 868 RUN_LOCK_ASSERT(sc, MA_OWNED); 869 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 870 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 871 m->m_pkthdr.rcvif = NULL; 872 ieee80211_free_node(ni); 873 m_freem(m); 874 } 875 } 876 877 static int 878 run_detach(device_t self) 879 { 880 struct run_softc *sc = device_get_softc(self); 881 struct ieee80211com *ic = &sc->sc_ic; 882 int i; 883 884 RUN_LOCK(sc); 885 sc->sc_detached = 1; 886 RUN_UNLOCK(sc); 887 888 /* stop all USB transfers */ 889 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 890 891 RUN_LOCK(sc); 892 sc->ratectl_run = RUN_RATECTL_OFF; 893 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 894 895 /* free TX list, if any */ 896 for (i = 0; i != RUN_EP_QUEUES; i++) 897 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 898 899 /* Free TX queue */ 900 run_drain_mbufq(sc); 901 RUN_UNLOCK(sc); 902 903 if (sc->sc_ic.ic_softc == sc) { 904 /* drain tasks */ 905 usb_callout_drain(&sc->ratectl_ch); 906 ieee80211_draintask(ic, &sc->cmdq_task); 907 ieee80211_draintask(ic, &sc->ratectl_task); 908 ieee80211_ifdetach(ic); 909 } 910 911 mtx_destroy(&sc->sc_mtx); 912 913 return (0); 914 } 915 916 static struct ieee80211vap * 917 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 918 enum ieee80211_opmode opmode, int flags, 919 const uint8_t bssid[IEEE80211_ADDR_LEN], 920 const uint8_t mac[IEEE80211_ADDR_LEN]) 921 { 922 struct run_softc *sc = ic->ic_softc; 923 struct run_vap *rvp; 924 struct ieee80211vap *vap; 925 int i; 926 927 if (sc->rvp_cnt >= RUN_VAP_MAX) { 928 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 929 return (NULL); 930 } 931 932 switch (opmode) { 933 case IEEE80211_M_STA: 934 /* enable s/w bmiss handling for sta mode */ 935 flags |= IEEE80211_CLONE_NOBEACONS; 936 /* fall though */ 937 case IEEE80211_M_IBSS: 938 case IEEE80211_M_MONITOR: 939 case IEEE80211_M_HOSTAP: 940 case IEEE80211_M_MBSS: 941 /* other than WDS vaps, only one at a time */ 942 if (!TAILQ_EMPTY(&ic->ic_vaps)) 943 return (NULL); 944 break; 945 case IEEE80211_M_WDS: 946 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 947 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 948 continue; 949 /* WDS vap's always share the local mac address. */ 950 flags &= ~IEEE80211_CLONE_BSSID; 951 break; 952 } 953 if (vap == NULL) { 954 device_printf(sc->sc_dev, 955 "wds only supported in ap mode\n"); 956 return (NULL); 957 } 958 break; 959 default: 960 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 961 return (NULL); 962 } 963 964 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 965 vap = &rvp->vap; 966 967 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 968 bssid) != 0) { 969 /* out of memory */ 970 free(rvp, M_80211_VAP); 971 return (NULL); 972 } 973 974 vap->iv_update_beacon = run_update_beacon; 975 vap->iv_max_aid = RT2870_WCID_MAX; 976 /* 977 * To delete the right key from h/w, we need wcid. 978 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 979 * and matching wcid will be written into there. So, cast 980 * some spells to remove 'const' from ieee80211_key{} 981 */ 982 vap->iv_key_delete = (void *)run_key_delete; 983 vap->iv_key_set = (void *)run_key_set; 984 985 /* override state transition machine */ 986 rvp->newstate = vap->iv_newstate; 987 vap->iv_newstate = run_newstate; 988 if (opmode == IEEE80211_M_IBSS) { 989 rvp->recv_mgmt = vap->iv_recv_mgmt; 990 vap->iv_recv_mgmt = run_recv_mgmt; 991 } 992 993 ieee80211_ratectl_init(vap); 994 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 995 996 /* complete setup */ 997 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 998 mac); 999 1000 /* make sure id is always unique */ 1001 for (i = 0; i < RUN_VAP_MAX; i++) { 1002 if((sc->rvp_bmap & 1 << i) == 0){ 1003 sc->rvp_bmap |= 1 << i; 1004 rvp->rvp_id = i; 1005 break; 1006 } 1007 } 1008 if (sc->rvp_cnt++ == 0) 1009 ic->ic_opmode = opmode; 1010 1011 if (opmode == IEEE80211_M_HOSTAP) 1012 sc->cmdq_run = RUN_CMDQ_GO; 1013 1014 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1015 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1016 1017 return (vap); 1018 } 1019 1020 static void 1021 run_vap_delete(struct ieee80211vap *vap) 1022 { 1023 struct run_vap *rvp = RUN_VAP(vap); 1024 struct ieee80211com *ic; 1025 struct run_softc *sc; 1026 uint8_t rvp_id; 1027 1028 if (vap == NULL) 1029 return; 1030 1031 ic = vap->iv_ic; 1032 sc = ic->ic_softc; 1033 1034 RUN_LOCK(sc); 1035 1036 m_freem(rvp->beacon_mbuf); 1037 rvp->beacon_mbuf = NULL; 1038 1039 rvp_id = rvp->rvp_id; 1040 sc->ratectl_run &= ~(1 << rvp_id); 1041 sc->rvp_bmap &= ~(1 << rvp_id); 1042 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1043 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1044 --sc->rvp_cnt; 1045 1046 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1047 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1048 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1049 1050 RUN_UNLOCK(sc); 1051 1052 ieee80211_ratectl_deinit(vap); 1053 ieee80211_vap_detach(vap); 1054 free(rvp, M_80211_VAP); 1055 } 1056 1057 /* 1058 * There are numbers of functions need to be called in context thread. 1059 * Rather than creating taskqueue event for each of those functions, 1060 * here is all-for-one taskqueue callback function. This function 1061 * guarantees deferred functions are executed in the same order they 1062 * were enqueued. 1063 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1064 */ 1065 static void 1066 run_cmdq_cb(void *arg, int pending) 1067 { 1068 struct run_softc *sc = arg; 1069 uint8_t i; 1070 1071 /* call cmdq[].func locked */ 1072 RUN_LOCK(sc); 1073 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1074 i = sc->cmdq_exec, pending--) { 1075 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1076 i, pending); 1077 if (sc->cmdq_run == RUN_CMDQ_GO) { 1078 /* 1079 * If arg0 is NULL, callback func needs more 1080 * than one arg. So, pass ptr to cmdq struct. 1081 */ 1082 if (sc->cmdq[i].arg0) 1083 sc->cmdq[i].func(sc->cmdq[i].arg0); 1084 else 1085 sc->cmdq[i].func(&sc->cmdq[i]); 1086 } 1087 sc->cmdq[i].arg0 = NULL; 1088 sc->cmdq[i].func = NULL; 1089 sc->cmdq_exec++; 1090 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1091 } 1092 RUN_UNLOCK(sc); 1093 } 1094 1095 static void 1096 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1097 { 1098 struct run_tx_data *data; 1099 1100 memset(pq, 0, sizeof(*pq)); 1101 1102 STAILQ_INIT(&pq->tx_qh); 1103 STAILQ_INIT(&pq->tx_fh); 1104 1105 for (data = &pq->tx_data[0]; 1106 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1107 data->sc = sc; 1108 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1109 } 1110 pq->tx_nfree = RUN_TX_RING_COUNT; 1111 } 1112 1113 static void 1114 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1115 { 1116 struct run_tx_data *data; 1117 1118 /* make sure any subsequent use of the queues will fail */ 1119 pq->tx_nfree = 0; 1120 STAILQ_INIT(&pq->tx_fh); 1121 STAILQ_INIT(&pq->tx_qh); 1122 1123 /* free up all node references and mbufs */ 1124 for (data = &pq->tx_data[0]; 1125 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1126 if (data->m != NULL) { 1127 m_freem(data->m); 1128 data->m = NULL; 1129 } 1130 if (data->ni != NULL) { 1131 ieee80211_free_node(data->ni); 1132 data->ni = NULL; 1133 } 1134 } 1135 } 1136 1137 static int 1138 run_load_microcode(struct run_softc *sc) 1139 { 1140 usb_device_request_t req; 1141 const struct firmware *fw; 1142 const u_char *base; 1143 uint32_t tmp; 1144 int ntries, error; 1145 const uint64_t *temp; 1146 uint64_t bytes; 1147 1148 RUN_UNLOCK(sc); 1149 fw = firmware_get("runfw"); 1150 RUN_LOCK(sc); 1151 if (fw == NULL) { 1152 device_printf(sc->sc_dev, 1153 "failed loadfirmware of file %s\n", "runfw"); 1154 return ENOENT; 1155 } 1156 1157 if (fw->datasize != 8192) { 1158 device_printf(sc->sc_dev, 1159 "invalid firmware size (should be 8KB)\n"); 1160 error = EINVAL; 1161 goto fail; 1162 } 1163 1164 /* 1165 * RT3071/RT3072 use a different firmware 1166 * run-rt2870 (8KB) contains both, 1167 * first half (4KB) is for rt2870, 1168 * last half is for rt3071. 1169 */ 1170 base = fw->data; 1171 if ((sc->mac_ver) != 0x2860 && 1172 (sc->mac_ver) != 0x2872 && 1173 (sc->mac_ver) != 0x3070) { 1174 base += 4096; 1175 } 1176 1177 /* cheap sanity check */ 1178 temp = fw->data; 1179 bytes = *temp; 1180 if (bytes != be64toh(0xffffff0210280210ULL)) { 1181 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1182 error = EINVAL; 1183 goto fail; 1184 } 1185 1186 /* write microcode image */ 1187 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1188 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1189 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1190 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1191 } 1192 1193 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1194 req.bRequest = RT2870_RESET; 1195 USETW(req.wValue, 8); 1196 USETW(req.wIndex, 0); 1197 USETW(req.wLength, 0); 1198 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1199 != 0) { 1200 device_printf(sc->sc_dev, "firmware reset failed\n"); 1201 goto fail; 1202 } 1203 1204 run_delay(sc, 10); 1205 1206 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1207 run_write(sc, RT2860_H2M_MAILBOX, 0); 1208 run_write(sc, RT2860_H2M_INTSRC, 0); 1209 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1210 goto fail; 1211 1212 /* wait until microcontroller is ready */ 1213 for (ntries = 0; ntries < 1000; ntries++) { 1214 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1215 goto fail; 1216 if (tmp & RT2860_MCU_READY) 1217 break; 1218 run_delay(sc, 10); 1219 } 1220 if (ntries == 1000) { 1221 device_printf(sc->sc_dev, 1222 "timeout waiting for MCU to initialize\n"); 1223 error = ETIMEDOUT; 1224 goto fail; 1225 } 1226 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1227 (base == fw->data) ? "RT2870" : "RT3071", 1228 *(base + 4092), *(base + 4093)); 1229 1230 fail: 1231 firmware_put(fw, FIRMWARE_UNLOAD); 1232 return (error); 1233 } 1234 1235 static int 1236 run_reset(struct run_softc *sc) 1237 { 1238 usb_device_request_t req; 1239 1240 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1241 req.bRequest = RT2870_RESET; 1242 USETW(req.wValue, 1); 1243 USETW(req.wIndex, 0); 1244 USETW(req.wLength, 0); 1245 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1246 } 1247 1248 static usb_error_t 1249 run_do_request(struct run_softc *sc, 1250 struct usb_device_request *req, void *data) 1251 { 1252 usb_error_t err; 1253 int ntries = 10; 1254 1255 RUN_LOCK_ASSERT(sc, MA_OWNED); 1256 1257 while (ntries--) { 1258 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1259 req, data, 0, NULL, 250 /* ms */); 1260 if (err == 0) 1261 break; 1262 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1263 "Control request failed, %s (retrying)\n", 1264 usbd_errstr(err)); 1265 run_delay(sc, 10); 1266 } 1267 return (err); 1268 } 1269 1270 static int 1271 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1272 { 1273 uint32_t tmp; 1274 int error; 1275 1276 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1277 if (error == 0) 1278 *val = le32toh(tmp); 1279 else 1280 *val = 0xffffffff; 1281 return (error); 1282 } 1283 1284 static int 1285 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1286 { 1287 usb_device_request_t req; 1288 1289 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1290 req.bRequest = RT2870_READ_REGION_1; 1291 USETW(req.wValue, 0); 1292 USETW(req.wIndex, reg); 1293 USETW(req.wLength, len); 1294 1295 return (run_do_request(sc, &req, buf)); 1296 } 1297 1298 static int 1299 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1300 { 1301 usb_device_request_t req; 1302 1303 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1304 req.bRequest = RT2870_WRITE_2; 1305 USETW(req.wValue, val); 1306 USETW(req.wIndex, reg); 1307 USETW(req.wLength, 0); 1308 1309 return (run_do_request(sc, &req, NULL)); 1310 } 1311 1312 static int 1313 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1314 { 1315 int error; 1316 1317 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1318 error = run_write_2(sc, reg + 2, val >> 16); 1319 return (error); 1320 } 1321 1322 static int 1323 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1324 int len) 1325 { 1326 #if 1 1327 int i, error = 0; 1328 /* 1329 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1330 * We thus issue multiple WRITE_2 commands instead. 1331 */ 1332 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1333 for (i = 0; i < len && error == 0; i += 2) 1334 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1335 return (error); 1336 #else 1337 usb_device_request_t req; 1338 int error = 0; 1339 1340 /* 1341 * NOTE: It appears the WRITE_REGION_1 command cannot be 1342 * passed a huge amount of data, which will crash the 1343 * firmware. Limit amount of data passed to 64-bytes at a 1344 * time. 1345 */ 1346 while (len > 0) { 1347 int delta = 64; 1348 if (delta > len) 1349 delta = len; 1350 1351 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1352 req.bRequest = RT2870_WRITE_REGION_1; 1353 USETW(req.wValue, 0); 1354 USETW(req.wIndex, reg); 1355 USETW(req.wLength, delta); 1356 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1357 if (error != 0) 1358 break; 1359 reg += delta; 1360 buf += delta; 1361 len -= delta; 1362 } 1363 return (error); 1364 #endif 1365 } 1366 1367 static int 1368 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1369 { 1370 int i, error = 0; 1371 1372 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1373 for (i = 0; i < len && error == 0; i += 4) 1374 error = run_write(sc, reg + i, val); 1375 return (error); 1376 } 1377 1378 static int 1379 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1380 { 1381 uint32_t tmp; 1382 uint16_t reg; 1383 int error, ntries; 1384 1385 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1386 return (error); 1387 1388 if (count == 2) 1389 addr *= 2; 1390 /*- 1391 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1392 * DATA0: F E D C 1393 * DATA1: B A 9 8 1394 * DATA2: 7 6 5 4 1395 * DATA3: 3 2 1 0 1396 */ 1397 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1398 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1399 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1400 for (ntries = 0; ntries < 100; ntries++) { 1401 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1402 return (error); 1403 if (!(tmp & RT3070_EFSROM_KICK)) 1404 break; 1405 run_delay(sc, 2); 1406 } 1407 if (ntries == 100) 1408 return (ETIMEDOUT); 1409 1410 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1411 *val = 0xffff; /* address not found */ 1412 return (0); 1413 } 1414 /* determine to which 32-bit register our 16-bit word belongs */ 1415 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1416 if ((error = run_read(sc, reg, &tmp)) != 0) 1417 return (error); 1418 1419 tmp >>= (8 * (addr & 0x3)); 1420 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1421 1422 return (0); 1423 } 1424 1425 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1426 static int 1427 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1428 { 1429 return (run_efuse_read(sc, addr, val, 2)); 1430 } 1431 1432 static int 1433 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1434 { 1435 usb_device_request_t req; 1436 uint16_t tmp; 1437 int error; 1438 1439 addr *= 2; 1440 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1441 req.bRequest = RT2870_EEPROM_READ; 1442 USETW(req.wValue, 0); 1443 USETW(req.wIndex, addr); 1444 USETW(req.wLength, sizeof(tmp)); 1445 1446 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1447 if (error == 0) 1448 *val = le16toh(tmp); 1449 else 1450 *val = 0xffff; 1451 return (error); 1452 } 1453 1454 static __inline int 1455 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1456 { 1457 /* either eFUSE ROM or EEPROM */ 1458 return sc->sc_srom_read(sc, addr, val); 1459 } 1460 1461 static int 1462 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1463 { 1464 uint32_t tmp; 1465 int error, ntries; 1466 1467 for (ntries = 0; ntries < 10; ntries++) { 1468 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1469 return (error); 1470 if (!(tmp & RT2860_RF_REG_CTRL)) 1471 break; 1472 } 1473 if (ntries == 10) 1474 return (ETIMEDOUT); 1475 1476 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1477 } 1478 1479 static int 1480 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1481 { 1482 uint32_t tmp; 1483 int error, ntries; 1484 1485 for (ntries = 0; ntries < 100; ntries++) { 1486 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1487 return (error); 1488 if (!(tmp & RT3070_RF_KICK)) 1489 break; 1490 } 1491 if (ntries == 100) 1492 return (ETIMEDOUT); 1493 1494 tmp = RT3070_RF_KICK | reg << 8; 1495 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1496 return (error); 1497 1498 for (ntries = 0; ntries < 100; ntries++) { 1499 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1500 return (error); 1501 if (!(tmp & RT3070_RF_KICK)) 1502 break; 1503 } 1504 if (ntries == 100) 1505 return (ETIMEDOUT); 1506 1507 *val = tmp & 0xff; 1508 return (0); 1509 } 1510 1511 static int 1512 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1513 { 1514 uint32_t tmp; 1515 int error, ntries; 1516 1517 for (ntries = 0; ntries < 10; ntries++) { 1518 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1519 return (error); 1520 if (!(tmp & RT3070_RF_KICK)) 1521 break; 1522 } 1523 if (ntries == 10) 1524 return (ETIMEDOUT); 1525 1526 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1527 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1528 } 1529 1530 static int 1531 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1532 { 1533 uint32_t tmp; 1534 int ntries, error; 1535 1536 for (ntries = 0; ntries < 10; ntries++) { 1537 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1538 return (error); 1539 if (!(tmp & RT2860_BBP_CSR_KICK)) 1540 break; 1541 } 1542 if (ntries == 10) 1543 return (ETIMEDOUT); 1544 1545 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1546 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1547 return (error); 1548 1549 for (ntries = 0; ntries < 10; ntries++) { 1550 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1551 return (error); 1552 if (!(tmp & RT2860_BBP_CSR_KICK)) 1553 break; 1554 } 1555 if (ntries == 10) 1556 return (ETIMEDOUT); 1557 1558 *val = tmp & 0xff; 1559 return (0); 1560 } 1561 1562 static int 1563 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1564 { 1565 uint32_t tmp; 1566 int ntries, error; 1567 1568 for (ntries = 0; ntries < 10; ntries++) { 1569 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1570 return (error); 1571 if (!(tmp & RT2860_BBP_CSR_KICK)) 1572 break; 1573 } 1574 if (ntries == 10) 1575 return (ETIMEDOUT); 1576 1577 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1578 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1579 } 1580 1581 /* 1582 * Send a command to the 8051 microcontroller unit. 1583 */ 1584 static int 1585 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1586 { 1587 uint32_t tmp; 1588 int error, ntries; 1589 1590 for (ntries = 0; ntries < 100; ntries++) { 1591 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1592 return error; 1593 if (!(tmp & RT2860_H2M_BUSY)) 1594 break; 1595 } 1596 if (ntries == 100) 1597 return ETIMEDOUT; 1598 1599 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1600 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1601 error = run_write(sc, RT2860_HOST_CMD, cmd); 1602 return (error); 1603 } 1604 1605 /* 1606 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1607 * Used to adjust per-rate Tx power registers. 1608 */ 1609 static __inline uint32_t 1610 b4inc(uint32_t b32, int8_t delta) 1611 { 1612 int8_t i, b4; 1613 1614 for (i = 0; i < 8; i++) { 1615 b4 = b32 & 0xf; 1616 b4 += delta; 1617 if (b4 < 0) 1618 b4 = 0; 1619 else if (b4 > 0xf) 1620 b4 = 0xf; 1621 b32 = b32 >> 4 | b4 << 28; 1622 } 1623 return (b32); 1624 } 1625 1626 static const char * 1627 run_get_rf(uint16_t rev) 1628 { 1629 switch (rev) { 1630 case RT2860_RF_2820: return "RT2820"; 1631 case RT2860_RF_2850: return "RT2850"; 1632 case RT2860_RF_2720: return "RT2720"; 1633 case RT2860_RF_2750: return "RT2750"; 1634 case RT3070_RF_3020: return "RT3020"; 1635 case RT3070_RF_2020: return "RT2020"; 1636 case RT3070_RF_3021: return "RT3021"; 1637 case RT3070_RF_3022: return "RT3022"; 1638 case RT3070_RF_3052: return "RT3052"; 1639 case RT3593_RF_3053: return "RT3053"; 1640 case RT5592_RF_5592: return "RT5592"; 1641 case RT5390_RF_5370: return "RT5370"; 1642 case RT5390_RF_5372: return "RT5372"; 1643 } 1644 return ("unknown"); 1645 } 1646 1647 static void 1648 run_rt3593_get_txpower(struct run_softc *sc) 1649 { 1650 uint16_t addr, val; 1651 int i; 1652 1653 /* Read power settings for 2GHz channels. */ 1654 for (i = 0; i < 14; i += 2) { 1655 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1656 RT2860_EEPROM_PWR2GHZ_BASE1; 1657 run_srom_read(sc, addr + i / 2, &val); 1658 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1659 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1660 1661 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1662 RT2860_EEPROM_PWR2GHZ_BASE2; 1663 run_srom_read(sc, addr + i / 2, &val); 1664 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1665 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1666 1667 if (sc->ntxchains == 3) { 1668 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1669 &val); 1670 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1671 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1672 } 1673 } 1674 /* Fix broken Tx power entries. */ 1675 for (i = 0; i < 14; i++) { 1676 if (sc->txpow1[i] > 31) 1677 sc->txpow1[i] = 5; 1678 if (sc->txpow2[i] > 31) 1679 sc->txpow2[i] = 5; 1680 if (sc->ntxchains == 3) { 1681 if (sc->txpow3[i] > 31) 1682 sc->txpow3[i] = 5; 1683 } 1684 } 1685 /* Read power settings for 5GHz channels. */ 1686 for (i = 0; i < 40; i += 2) { 1687 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1688 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1689 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1690 1691 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1692 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1693 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1694 1695 if (sc->ntxchains == 3) { 1696 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1697 &val); 1698 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1699 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1700 } 1701 } 1702 } 1703 1704 static void 1705 run_get_txpower(struct run_softc *sc) 1706 { 1707 uint16_t val; 1708 int i; 1709 1710 /* Read power settings for 2GHz channels. */ 1711 for (i = 0; i < 14; i += 2) { 1712 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1713 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1714 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1715 1716 if (sc->mac_ver != 0x5390) { 1717 run_srom_read(sc, 1718 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1719 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1720 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1721 } 1722 } 1723 /* Fix broken Tx power entries. */ 1724 for (i = 0; i < 14; i++) { 1725 if (sc->mac_ver >= 0x5390) { 1726 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1727 sc->txpow1[i] = 5; 1728 } else { 1729 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1730 sc->txpow1[i] = 5; 1731 } 1732 if (sc->mac_ver > 0x5390) { 1733 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1734 sc->txpow2[i] = 5; 1735 } else if (sc->mac_ver < 0x5390) { 1736 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1737 sc->txpow2[i] = 5; 1738 } 1739 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1740 "chan %d: power1=%d, power2=%d\n", 1741 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1742 } 1743 /* Read power settings for 5GHz channels. */ 1744 for (i = 0; i < 40; i += 2) { 1745 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1746 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1747 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1748 1749 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1750 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1751 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1752 } 1753 /* Fix broken Tx power entries. */ 1754 for (i = 0; i < 40; i++ ) { 1755 if (sc->mac_ver != 0x5592) { 1756 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1757 sc->txpow1[14 + i] = 5; 1758 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1759 sc->txpow2[14 + i] = 5; 1760 } 1761 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1762 "chan %d: power1=%d, power2=%d\n", 1763 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1764 sc->txpow2[14 + i]); 1765 } 1766 } 1767 1768 static int 1769 run_read_eeprom(struct run_softc *sc) 1770 { 1771 struct ieee80211com *ic = &sc->sc_ic; 1772 int8_t delta_2ghz, delta_5ghz; 1773 uint32_t tmp; 1774 uint16_t val; 1775 int ridx, ant, i; 1776 1777 /* check whether the ROM is eFUSE ROM or EEPROM */ 1778 sc->sc_srom_read = run_eeprom_read_2; 1779 if (sc->mac_ver >= 0x3070) { 1780 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1781 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1782 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1783 sc->sc_srom_read = run_efuse_read_2; 1784 } 1785 1786 /* read ROM version */ 1787 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1788 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1789 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1790 1791 /* read MAC address */ 1792 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1793 ic->ic_macaddr[0] = val & 0xff; 1794 ic->ic_macaddr[1] = val >> 8; 1795 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1796 ic->ic_macaddr[2] = val & 0xff; 1797 ic->ic_macaddr[3] = val >> 8; 1798 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1799 ic->ic_macaddr[4] = val & 0xff; 1800 ic->ic_macaddr[5] = val >> 8; 1801 1802 if (sc->mac_ver < 0x3593) { 1803 /* read vender BBP settings */ 1804 for (i = 0; i < 10; i++) { 1805 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1806 sc->bbp[i].val = val & 0xff; 1807 sc->bbp[i].reg = val >> 8; 1808 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1809 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1810 } 1811 if (sc->mac_ver >= 0x3071) { 1812 /* read vendor RF settings */ 1813 for (i = 0; i < 10; i++) { 1814 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1815 &val); 1816 sc->rf[i].val = val & 0xff; 1817 sc->rf[i].reg = val >> 8; 1818 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1819 sc->rf[i].reg, sc->rf[i].val); 1820 } 1821 } 1822 } 1823 1824 /* read RF frequency offset from EEPROM */ 1825 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1826 RT3593_EEPROM_FREQ, &val); 1827 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1828 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1829 sc->freq & 0xff); 1830 1831 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1832 RT3593_EEPROM_FREQ_LEDS, &val); 1833 if (val >> 8 != 0xff) { 1834 /* read LEDs operating mode */ 1835 sc->leds = val >> 8; 1836 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1837 RT3593_EEPROM_LED1, &sc->led[0]); 1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1839 RT3593_EEPROM_LED2, &sc->led[1]); 1840 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1841 RT3593_EEPROM_LED3, &sc->led[2]); 1842 } else { 1843 /* broken EEPROM, use default settings */ 1844 sc->leds = 0x01; 1845 sc->led[0] = 0x5555; 1846 sc->led[1] = 0x2221; 1847 sc->led[2] = 0x5627; /* differs from RT2860 */ 1848 } 1849 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1850 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1851 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1852 1853 /* read RF information */ 1854 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1855 run_srom_read(sc, 0x00, &val); 1856 else 1857 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1858 1859 if (val == 0xffff) { 1860 device_printf(sc->sc_dev, 1861 "invalid EEPROM antenna info, using default\n"); 1862 if (sc->mac_ver == 0x3572) { 1863 /* default to RF3052 2T2R */ 1864 sc->rf_rev = RT3070_RF_3052; 1865 sc->ntxchains = 2; 1866 sc->nrxchains = 2; 1867 } else if (sc->mac_ver >= 0x3070) { 1868 /* default to RF3020 1T1R */ 1869 sc->rf_rev = RT3070_RF_3020; 1870 sc->ntxchains = 1; 1871 sc->nrxchains = 1; 1872 } else { 1873 /* default to RF2820 1T2R */ 1874 sc->rf_rev = RT2860_RF_2820; 1875 sc->ntxchains = 1; 1876 sc->nrxchains = 2; 1877 } 1878 } else { 1879 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1880 sc->rf_rev = val; 1881 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1882 } else 1883 sc->rf_rev = (val >> 8) & 0xf; 1884 sc->ntxchains = (val >> 4) & 0xf; 1885 sc->nrxchains = val & 0xf; 1886 } 1887 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1888 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1889 1890 /* check if RF supports automatic Tx access gain control */ 1891 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1892 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1893 /* check if driver should patch the DAC issue */ 1894 if ((val >> 8) != 0xff) 1895 sc->patch_dac = (val >> 15) & 1; 1896 if ((val & 0xff) != 0xff) { 1897 sc->ext_5ghz_lna = (val >> 3) & 1; 1898 sc->ext_2ghz_lna = (val >> 2) & 1; 1899 /* check if RF supports automatic Tx access gain control */ 1900 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1901 /* check if we have a hardware radio switch */ 1902 sc->rfswitch = val & 1; 1903 } 1904 1905 /* Read Tx power settings. */ 1906 if (sc->mac_ver == 0x3593) 1907 run_rt3593_get_txpower(sc); 1908 else 1909 run_get_txpower(sc); 1910 1911 /* read Tx power compensation for each Tx rate */ 1912 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1913 delta_2ghz = delta_5ghz = 0; 1914 if ((val & 0xff) != 0xff && (val & 0x80)) { 1915 delta_2ghz = val & 0xf; 1916 if (!(val & 0x40)) /* negative number */ 1917 delta_2ghz = -delta_2ghz; 1918 } 1919 val >>= 8; 1920 if ((val & 0xff) != 0xff && (val & 0x80)) { 1921 delta_5ghz = val & 0xf; 1922 if (!(val & 0x40)) /* negative number */ 1923 delta_5ghz = -delta_5ghz; 1924 } 1925 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1926 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1927 1928 for (ridx = 0; ridx < 5; ridx++) { 1929 uint32_t reg; 1930 1931 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1932 reg = val; 1933 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1934 reg |= (uint32_t)val << 16; 1935 1936 sc->txpow20mhz[ridx] = reg; 1937 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1938 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1939 1940 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1941 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1942 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1943 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1944 } 1945 1946 /* Read RSSI offsets and LNA gains from EEPROM. */ 1947 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1948 RT3593_EEPROM_RSSI1_2GHZ, &val); 1949 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1950 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1951 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1952 RT3593_EEPROM_RSSI2_2GHZ, &val); 1953 if (sc->mac_ver >= 0x3070) { 1954 if (sc->mac_ver == 0x3593) { 1955 sc->txmixgain_2ghz = 0; 1956 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1957 } else { 1958 /* 1959 * On RT3070 chips (limited to 2 Rx chains), this ROM 1960 * field contains the Tx mixer gain for the 2GHz band. 1961 */ 1962 if ((val & 0xff) != 0xff) 1963 sc->txmixgain_2ghz = val & 0x7; 1964 } 1965 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1966 sc->txmixgain_2ghz); 1967 } else 1968 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1969 if (sc->mac_ver == 0x3593) 1970 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1971 sc->lna[2] = val >> 8; /* channel group 2 */ 1972 1973 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1974 RT3593_EEPROM_RSSI1_5GHZ, &val); 1975 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1976 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1977 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1978 RT3593_EEPROM_RSSI2_5GHZ, &val); 1979 if (sc->mac_ver == 0x3572) { 1980 /* 1981 * On RT3572 chips (limited to 2 Rx chains), this ROM 1982 * field contains the Tx mixer gain for the 5GHz band. 1983 */ 1984 if ((val & 0xff) != 0xff) 1985 sc->txmixgain_5ghz = val & 0x7; 1986 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1987 sc->txmixgain_5ghz); 1988 } else 1989 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1990 if (sc->mac_ver == 0x3593) { 1991 sc->txmixgain_5ghz = 0; 1992 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1993 } 1994 sc->lna[3] = val >> 8; /* channel group 3 */ 1995 1996 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1997 RT3593_EEPROM_LNA, &val); 1998 sc->lna[0] = val & 0xff; /* channel group 0 */ 1999 sc->lna[1] = val >> 8; /* channel group 1 */ 2000 2001 /* fix broken 5GHz LNA entries */ 2002 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2003 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2004 "invalid LNA for channel group %d\n", 2); 2005 sc->lna[2] = sc->lna[1]; 2006 } 2007 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2008 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2009 "invalid LNA for channel group %d\n", 3); 2010 sc->lna[3] = sc->lna[1]; 2011 } 2012 2013 /* fix broken RSSI offset entries */ 2014 for (ant = 0; ant < 3; ant++) { 2015 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2016 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2017 "invalid RSSI%d offset: %d (2GHz)\n", 2018 ant + 1, sc->rssi_2ghz[ant]); 2019 sc->rssi_2ghz[ant] = 0; 2020 } 2021 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2022 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2023 "invalid RSSI%d offset: %d (5GHz)\n", 2024 ant + 1, sc->rssi_5ghz[ant]); 2025 sc->rssi_5ghz[ant] = 0; 2026 } 2027 } 2028 return (0); 2029 } 2030 2031 static struct ieee80211_node * 2032 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2033 { 2034 return malloc(sizeof (struct run_node), M_80211_NODE, 2035 M_NOWAIT | M_ZERO); 2036 } 2037 2038 static int 2039 run_media_change(struct ifnet *ifp) 2040 { 2041 struct ieee80211vap *vap = ifp->if_softc; 2042 struct ieee80211com *ic = vap->iv_ic; 2043 const struct ieee80211_txparam *tp; 2044 struct run_softc *sc = ic->ic_softc; 2045 uint8_t rate, ridx; 2046 int error; 2047 2048 RUN_LOCK(sc); 2049 2050 error = ieee80211_media_change(ifp); 2051 if (error != ENETRESET) { 2052 RUN_UNLOCK(sc); 2053 return (error); 2054 } 2055 2056 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2057 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2058 struct ieee80211_node *ni; 2059 struct run_node *rn; 2060 2061 rate = ic->ic_sup_rates[ic->ic_curmode]. 2062 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2063 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2064 if (rt2860_rates[ridx].rate == rate) 2065 break; 2066 ni = ieee80211_ref_node(vap->iv_bss); 2067 rn = RUN_NODE(ni); 2068 rn->fix_ridx = ridx; 2069 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2070 rate, rn->fix_ridx); 2071 ieee80211_free_node(ni); 2072 } 2073 2074 #if 0 2075 if ((ifp->if_flags & IFF_UP) && 2076 (ifp->if_drv_flags & RUN_RUNNING)){ 2077 run_init_locked(sc); 2078 } 2079 #endif 2080 2081 RUN_UNLOCK(sc); 2082 2083 return (0); 2084 } 2085 2086 static int 2087 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2088 { 2089 const struct ieee80211_txparam *tp; 2090 struct ieee80211com *ic = vap->iv_ic; 2091 struct run_softc *sc = ic->ic_softc; 2092 struct run_vap *rvp = RUN_VAP(vap); 2093 enum ieee80211_state ostate; 2094 uint32_t sta[3]; 2095 uint8_t ratectl; 2096 uint8_t restart_ratectl = 0; 2097 uint8_t bid = 1 << rvp->rvp_id; 2098 2099 ostate = vap->iv_state; 2100 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2101 ieee80211_state_name[ostate], 2102 ieee80211_state_name[nstate]); 2103 2104 IEEE80211_UNLOCK(ic); 2105 RUN_LOCK(sc); 2106 2107 ratectl = sc->ratectl_run; /* remember current state */ 2108 sc->ratectl_run = RUN_RATECTL_OFF; 2109 usb_callout_stop(&sc->ratectl_ch); 2110 2111 if (ostate == IEEE80211_S_RUN) { 2112 /* turn link LED off */ 2113 run_set_leds(sc, RT2860_LED_RADIO); 2114 } 2115 2116 switch (nstate) { 2117 case IEEE80211_S_INIT: 2118 restart_ratectl = 1; 2119 2120 if (ostate != IEEE80211_S_RUN) 2121 break; 2122 2123 ratectl &= ~bid; 2124 sc->runbmap &= ~bid; 2125 2126 /* abort TSF synchronization if there is no vap running */ 2127 if (--sc->running == 0) 2128 run_disable_tsf(sc); 2129 break; 2130 2131 case IEEE80211_S_RUN: 2132 if (!(sc->runbmap & bid)) { 2133 if(sc->running++) 2134 restart_ratectl = 1; 2135 sc->runbmap |= bid; 2136 } 2137 2138 m_freem(rvp->beacon_mbuf); 2139 rvp->beacon_mbuf = NULL; 2140 2141 switch (vap->iv_opmode) { 2142 case IEEE80211_M_HOSTAP: 2143 case IEEE80211_M_MBSS: 2144 sc->ap_running |= bid; 2145 ic->ic_opmode = vap->iv_opmode; 2146 run_update_beacon_cb(vap); 2147 break; 2148 case IEEE80211_M_IBSS: 2149 sc->adhoc_running |= bid; 2150 if (!sc->ap_running) 2151 ic->ic_opmode = vap->iv_opmode; 2152 run_update_beacon_cb(vap); 2153 break; 2154 case IEEE80211_M_STA: 2155 sc->sta_running |= bid; 2156 if (!sc->ap_running && !sc->adhoc_running) 2157 ic->ic_opmode = vap->iv_opmode; 2158 2159 /* read statistic counters (clear on read) */ 2160 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2161 (uint8_t *)sta, sizeof sta); 2162 2163 break; 2164 default: 2165 ic->ic_opmode = vap->iv_opmode; 2166 break; 2167 } 2168 2169 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2170 struct ieee80211_node *ni; 2171 2172 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2173 RUN_UNLOCK(sc); 2174 IEEE80211_LOCK(ic); 2175 return (-1); 2176 } 2177 run_updateslot(ic); 2178 run_enable_mrr(sc); 2179 run_set_txpreamble(sc); 2180 run_set_basicrates(sc); 2181 ni = ieee80211_ref_node(vap->iv_bss); 2182 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2183 run_set_bssid(sc, sc->sc_bssid); 2184 ieee80211_free_node(ni); 2185 run_enable_tsf_sync(sc); 2186 2187 /* enable automatic rate adaptation */ 2188 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2189 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2190 ratectl |= bid; 2191 } else 2192 run_enable_tsf(sc); 2193 2194 /* turn link LED on */ 2195 run_set_leds(sc, RT2860_LED_RADIO | 2196 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2197 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2198 2199 break; 2200 default: 2201 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2202 break; 2203 } 2204 2205 /* restart amrr for running VAPs */ 2206 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2207 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2208 2209 RUN_UNLOCK(sc); 2210 IEEE80211_LOCK(ic); 2211 2212 return(rvp->newstate(vap, nstate, arg)); 2213 } 2214 2215 static int 2216 run_wme_update(struct ieee80211com *ic) 2217 { 2218 struct chanAccParams chp; 2219 struct run_softc *sc = ic->ic_softc; 2220 const struct wmeParams *ac; 2221 int aci, error = 0; 2222 2223 ieee80211_wme_ic_getparams(ic, &chp); 2224 ac = chp.cap_wmeParams; 2225 2226 /* update MAC TX configuration registers */ 2227 RUN_LOCK(sc); 2228 for (aci = 0; aci < WME_NUM_AC; aci++) { 2229 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2230 ac[aci].wmep_logcwmax << 16 | 2231 ac[aci].wmep_logcwmin << 12 | 2232 ac[aci].wmep_aifsn << 8 | 2233 ac[aci].wmep_txopLimit); 2234 if (error) goto err; 2235 } 2236 2237 /* update SCH/DMA registers too */ 2238 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2239 ac[WME_AC_VO].wmep_aifsn << 12 | 2240 ac[WME_AC_VI].wmep_aifsn << 8 | 2241 ac[WME_AC_BK].wmep_aifsn << 4 | 2242 ac[WME_AC_BE].wmep_aifsn); 2243 if (error) goto err; 2244 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2245 ac[WME_AC_VO].wmep_logcwmin << 12 | 2246 ac[WME_AC_VI].wmep_logcwmin << 8 | 2247 ac[WME_AC_BK].wmep_logcwmin << 4 | 2248 ac[WME_AC_BE].wmep_logcwmin); 2249 if (error) goto err; 2250 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2251 ac[WME_AC_VO].wmep_logcwmax << 12 | 2252 ac[WME_AC_VI].wmep_logcwmax << 8 | 2253 ac[WME_AC_BK].wmep_logcwmax << 4 | 2254 ac[WME_AC_BE].wmep_logcwmax); 2255 if (error) goto err; 2256 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2257 ac[WME_AC_BK].wmep_txopLimit << 16 | 2258 ac[WME_AC_BE].wmep_txopLimit); 2259 if (error) goto err; 2260 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2261 ac[WME_AC_VO].wmep_txopLimit << 16 | 2262 ac[WME_AC_VI].wmep_txopLimit); 2263 2264 err: 2265 RUN_UNLOCK(sc); 2266 if (error) 2267 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2268 2269 return (error); 2270 } 2271 2272 static void 2273 run_key_set_cb(void *arg) 2274 { 2275 struct run_cmdq *cmdq = arg; 2276 struct ieee80211vap *vap = cmdq->arg1; 2277 struct ieee80211_key *k = cmdq->k; 2278 struct ieee80211com *ic = vap->iv_ic; 2279 struct run_softc *sc = ic->ic_softc; 2280 struct ieee80211_node *ni; 2281 u_int cipher = k->wk_cipher->ic_cipher; 2282 uint32_t attr; 2283 uint16_t base, associd; 2284 uint8_t mode, wcid, iv[8]; 2285 2286 RUN_LOCK_ASSERT(sc, MA_OWNED); 2287 2288 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2289 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2290 else 2291 ni = vap->iv_bss; 2292 associd = (ni != NULL) ? ni->ni_associd : 0; 2293 2294 /* map net80211 cipher to RT2860 security mode */ 2295 switch (cipher) { 2296 case IEEE80211_CIPHER_WEP: 2297 if(k->wk_keylen < 8) 2298 mode = RT2860_MODE_WEP40; 2299 else 2300 mode = RT2860_MODE_WEP104; 2301 break; 2302 case IEEE80211_CIPHER_TKIP: 2303 mode = RT2860_MODE_TKIP; 2304 break; 2305 case IEEE80211_CIPHER_AES_CCM: 2306 mode = RT2860_MODE_AES_CCMP; 2307 break; 2308 default: 2309 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2310 return; 2311 } 2312 2313 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2314 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2315 associd, k->wk_keyix, mode, 2316 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2317 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2318 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2319 2320 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2321 wcid = 0; /* NB: update WCID0 for group keys */ 2322 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2323 } else { 2324 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2325 1 : RUN_AID2WCID(associd); 2326 base = RT2860_PKEY(wcid); 2327 } 2328 2329 if (cipher == IEEE80211_CIPHER_TKIP) { 2330 if(run_write_region_1(sc, base, k->wk_key, 16)) 2331 return; 2332 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2333 return; 2334 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2335 return; 2336 } else { 2337 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2338 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2339 return; 2340 } 2341 2342 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2343 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2344 /* set initial packet number in IV+EIV */ 2345 if (cipher == IEEE80211_CIPHER_WEP) { 2346 memset(iv, 0, sizeof iv); 2347 iv[3] = vap->iv_def_txkey << 6; 2348 } else { 2349 if (cipher == IEEE80211_CIPHER_TKIP) { 2350 iv[0] = k->wk_keytsc >> 8; 2351 iv[1] = (iv[0] | 0x20) & 0x7f; 2352 iv[2] = k->wk_keytsc; 2353 } else /* CCMP */ { 2354 iv[0] = k->wk_keytsc; 2355 iv[1] = k->wk_keytsc >> 8; 2356 iv[2] = 0; 2357 } 2358 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2359 iv[4] = k->wk_keytsc >> 16; 2360 iv[5] = k->wk_keytsc >> 24; 2361 iv[6] = k->wk_keytsc >> 32; 2362 iv[7] = k->wk_keytsc >> 40; 2363 } 2364 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2365 return; 2366 } 2367 2368 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2369 /* install group key */ 2370 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2371 return; 2372 attr &= ~(0xf << (k->wk_keyix * 4)); 2373 attr |= mode << (k->wk_keyix * 4); 2374 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2375 return; 2376 } else { 2377 /* install pairwise key */ 2378 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2379 return; 2380 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2381 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2382 return; 2383 } 2384 2385 /* TODO create a pass-thru key entry? */ 2386 2387 /* need wcid to delete the right key later */ 2388 k->wk_pad = wcid; 2389 } 2390 2391 /* 2392 * Don't have to be deferred, but in order to keep order of 2393 * execution, i.e. with run_key_delete(), defer this and let 2394 * run_cmdq_cb() maintain the order. 2395 * 2396 * return 0 on error 2397 */ 2398 static int 2399 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2400 { 2401 struct ieee80211com *ic = vap->iv_ic; 2402 struct run_softc *sc = ic->ic_softc; 2403 uint32_t i; 2404 2405 i = RUN_CMDQ_GET(&sc->cmdq_store); 2406 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2407 sc->cmdq[i].func = run_key_set_cb; 2408 sc->cmdq[i].arg0 = NULL; 2409 sc->cmdq[i].arg1 = vap; 2410 sc->cmdq[i].k = k; 2411 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2412 ieee80211_runtask(ic, &sc->cmdq_task); 2413 2414 /* 2415 * To make sure key will be set when hostapd 2416 * calls iv_key_set() before if_init(). 2417 */ 2418 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2419 RUN_LOCK(sc); 2420 sc->cmdq_key_set = RUN_CMDQ_GO; 2421 RUN_UNLOCK(sc); 2422 } 2423 2424 return (1); 2425 } 2426 2427 /* 2428 * If wlan is destroyed without being brought down i.e. without 2429 * wlan down or wpa_cli terminate, this function is called after 2430 * vap is gone. Don't refer it. 2431 */ 2432 static void 2433 run_key_delete_cb(void *arg) 2434 { 2435 struct run_cmdq *cmdq = arg; 2436 struct run_softc *sc = cmdq->arg1; 2437 struct ieee80211_key *k = &cmdq->key; 2438 uint32_t attr; 2439 uint8_t wcid; 2440 2441 RUN_LOCK_ASSERT(sc, MA_OWNED); 2442 2443 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2444 /* remove group key */ 2445 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2446 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2447 attr &= ~(0xf << (k->wk_keyix * 4)); 2448 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2449 } else { 2450 /* remove pairwise key */ 2451 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2452 "removing key for wcid %x\n", k->wk_pad); 2453 /* matching wcid was written to wk_pad in run_key_set() */ 2454 wcid = k->wk_pad; 2455 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2456 attr &= ~0xf; 2457 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2458 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2459 } 2460 2461 k->wk_pad = 0; 2462 } 2463 2464 /* 2465 * return 0 on error 2466 */ 2467 static int 2468 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2469 { 2470 struct ieee80211com *ic = vap->iv_ic; 2471 struct run_softc *sc = ic->ic_softc; 2472 struct ieee80211_key *k0; 2473 uint32_t i; 2474 2475 /* 2476 * When called back, key might be gone. So, make a copy 2477 * of some values need to delete keys before deferring. 2478 * But, because of LOR with node lock, cannot use lock here. 2479 * So, use atomic instead. 2480 */ 2481 i = RUN_CMDQ_GET(&sc->cmdq_store); 2482 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2483 sc->cmdq[i].func = run_key_delete_cb; 2484 sc->cmdq[i].arg0 = NULL; 2485 sc->cmdq[i].arg1 = sc; 2486 k0 = &sc->cmdq[i].key; 2487 k0->wk_flags = k->wk_flags; 2488 k0->wk_keyix = k->wk_keyix; 2489 /* matching wcid was written to wk_pad in run_key_set() */ 2490 k0->wk_pad = k->wk_pad; 2491 ieee80211_runtask(ic, &sc->cmdq_task); 2492 return (1); /* return fake success */ 2493 2494 } 2495 2496 static void 2497 run_ratectl_to(void *arg) 2498 { 2499 struct run_softc *sc = arg; 2500 2501 /* do it in a process context, so it can go sleep */ 2502 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2503 /* next timeout will be rescheduled in the callback task */ 2504 } 2505 2506 /* ARGSUSED */ 2507 static void 2508 run_ratectl_cb(void *arg, int pending) 2509 { 2510 struct run_softc *sc = arg; 2511 struct ieee80211com *ic = &sc->sc_ic; 2512 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2513 2514 if (vap == NULL) 2515 return; 2516 2517 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2518 /* 2519 * run_reset_livelock() doesn't do anything with AMRR, 2520 * but Ralink wants us to call it every 1 sec. So, we 2521 * piggyback here rather than creating another callout. 2522 * Livelock may occur only in HOSTAP or IBSS mode 2523 * (when h/w is sending beacons). 2524 */ 2525 RUN_LOCK(sc); 2526 run_reset_livelock(sc); 2527 /* just in case, there are some stats to drain */ 2528 run_drain_fifo(sc); 2529 RUN_UNLOCK(sc); 2530 } 2531 2532 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2533 2534 RUN_LOCK(sc); 2535 if(sc->ratectl_run != RUN_RATECTL_OFF) 2536 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2537 RUN_UNLOCK(sc); 2538 } 2539 2540 static void 2541 run_drain_fifo(void *arg) 2542 { 2543 struct run_softc *sc = arg; 2544 uint32_t stat; 2545 uint16_t (*wstat)[3]; 2546 uint8_t wcid, mcs, pid; 2547 int8_t retry; 2548 2549 RUN_LOCK_ASSERT(sc, MA_OWNED); 2550 2551 for (;;) { 2552 /* drain Tx status FIFO (maxsize = 16) */ 2553 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2554 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2555 if (!(stat & RT2860_TXQ_VLD)) 2556 break; 2557 2558 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2559 2560 /* if no ACK was requested, no feedback is available */ 2561 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2562 wcid == 0) 2563 continue; 2564 2565 /* 2566 * Even though each stat is Tx-complete-status like format, 2567 * the device can poll stats. Because there is no guarantee 2568 * that the referring node is still around when read the stats. 2569 * So that, if we use ieee80211_ratectl_tx_update(), we will 2570 * have hard time not to refer already freed node. 2571 * 2572 * To eliminate such page faults, we poll stats in softc. 2573 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2574 */ 2575 wstat = &(sc->wcid_stats[wcid]); 2576 (*wstat)[RUN_TXCNT]++; 2577 if (stat & RT2860_TXQ_OK) 2578 (*wstat)[RUN_SUCCESS]++; 2579 else 2580 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2581 /* 2582 * Check if there were retries, ie if the Tx success rate is 2583 * different from the requested rate. Note that it works only 2584 * because we do not allow rate fallback from OFDM to CCK. 2585 */ 2586 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2587 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2588 if ((retry = pid -1 - mcs) > 0) { 2589 (*wstat)[RUN_TXCNT] += retry; 2590 (*wstat)[RUN_RETRY] += retry; 2591 } 2592 } 2593 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2594 2595 sc->fifo_cnt = 0; 2596 } 2597 2598 static void 2599 run_iter_func(void *arg, struct ieee80211_node *ni) 2600 { 2601 struct run_softc *sc = arg; 2602 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2603 struct ieee80211vap *vap = ni->ni_vap; 2604 struct run_node *rn = RUN_NODE(ni); 2605 union run_stats sta[2]; 2606 uint16_t (*wstat)[3]; 2607 int error; 2608 2609 RUN_LOCK(sc); 2610 2611 /* Check for special case */ 2612 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2613 ni != vap->iv_bss) 2614 goto fail; 2615 2616 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2617 IEEE80211_RATECTL_TX_STATS_RETRIES; 2618 txs->ni = ni; 2619 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2620 vap->iv_opmode == IEEE80211_M_STA)) { 2621 /* read statistic counters (clear on read) and update AMRR state */ 2622 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2623 sizeof sta); 2624 if (error != 0) 2625 goto fail; 2626 2627 /* count failed TX as errors */ 2628 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2629 le16toh(sta[0].error.fail)); 2630 2631 txs->nretries = le16toh(sta[1].tx.retry); 2632 txs->nsuccess = le16toh(sta[1].tx.success); 2633 /* nretries??? */ 2634 txs->nframes = txs->nretries + txs->nsuccess + 2635 le16toh(sta[0].error.fail); 2636 2637 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2638 "retrycnt=%d success=%d failcnt=%d\n", 2639 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2640 } else { 2641 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2642 2643 if (wstat == &(sc->wcid_stats[0]) || 2644 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2645 goto fail; 2646 2647 txs->nretries = (*wstat)[RUN_RETRY]; 2648 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2649 txs->nframes = (*wstat)[RUN_TXCNT]; 2650 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2651 "retrycnt=%d txcnt=%d success=%d\n", 2652 txs->nretries, txs->nframes, txs->nsuccess); 2653 2654 memset(wstat, 0, sizeof(*wstat)); 2655 } 2656 2657 ieee80211_ratectl_tx_update(vap, txs); 2658 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2659 2660 fail: 2661 RUN_UNLOCK(sc); 2662 2663 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2664 } 2665 2666 static void 2667 run_newassoc_cb(void *arg) 2668 { 2669 struct run_cmdq *cmdq = arg; 2670 struct ieee80211_node *ni = cmdq->arg1; 2671 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2672 uint8_t wcid = cmdq->wcid; 2673 2674 RUN_LOCK_ASSERT(sc, MA_OWNED); 2675 2676 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2677 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2678 2679 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2680 } 2681 2682 static void 2683 run_newassoc(struct ieee80211_node *ni, int isnew) 2684 { 2685 struct run_node *rn = RUN_NODE(ni); 2686 struct ieee80211_rateset *rs = &ni->ni_rates; 2687 struct ieee80211vap *vap = ni->ni_vap; 2688 struct ieee80211com *ic = vap->iv_ic; 2689 struct run_softc *sc = ic->ic_softc; 2690 uint8_t rate; 2691 uint8_t ridx; 2692 uint8_t wcid; 2693 int i, j; 2694 2695 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2696 1 : RUN_AID2WCID(ni->ni_associd); 2697 2698 if (wcid > RT2870_WCID_MAX) { 2699 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2700 return; 2701 } 2702 2703 /* only interested in true associations */ 2704 if (isnew && ni->ni_associd != 0) { 2705 2706 /* 2707 * This function could is called though timeout function. 2708 * Need to defer. 2709 */ 2710 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2711 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2712 sc->cmdq[cnt].func = run_newassoc_cb; 2713 sc->cmdq[cnt].arg0 = NULL; 2714 sc->cmdq[cnt].arg1 = ni; 2715 sc->cmdq[cnt].wcid = wcid; 2716 ieee80211_runtask(ic, &sc->cmdq_task); 2717 } 2718 2719 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2720 "new assoc isnew=%d associd=%x addr=%s\n", 2721 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2722 2723 for (i = 0; i < rs->rs_nrates; i++) { 2724 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2725 /* convert 802.11 rate to hardware rate index */ 2726 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2727 if (rt2860_rates[ridx].rate == rate) 2728 break; 2729 rn->ridx[i] = ridx; 2730 /* determine rate of control response frames */ 2731 for (j = i; j >= 0; j--) { 2732 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2733 rt2860_rates[rn->ridx[i]].phy == 2734 rt2860_rates[rn->ridx[j]].phy) 2735 break; 2736 } 2737 if (j >= 0) { 2738 rn->ctl_ridx[i] = rn->ridx[j]; 2739 } else { 2740 /* no basic rate found, use mandatory one */ 2741 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2742 } 2743 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2744 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2745 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2746 } 2747 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2748 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2749 if (rt2860_rates[ridx].rate == rate) 2750 break; 2751 rn->mgt_ridx = ridx; 2752 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2753 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2754 2755 RUN_LOCK(sc); 2756 if(sc->ratectl_run != RUN_RATECTL_OFF) 2757 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2758 RUN_UNLOCK(sc); 2759 } 2760 2761 /* 2762 * Return the Rx chain with the highest RSSI for a given frame. 2763 */ 2764 static __inline uint8_t 2765 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2766 { 2767 uint8_t rxchain = 0; 2768 2769 if (sc->nrxchains > 1) { 2770 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2771 rxchain = 1; 2772 if (sc->nrxchains > 2) 2773 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2774 rxchain = 2; 2775 } 2776 return (rxchain); 2777 } 2778 2779 static void 2780 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2781 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2782 { 2783 struct ieee80211vap *vap = ni->ni_vap; 2784 struct run_softc *sc = vap->iv_ic->ic_softc; 2785 struct run_vap *rvp = RUN_VAP(vap); 2786 uint64_t ni_tstamp, rx_tstamp; 2787 2788 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2789 2790 if (vap->iv_state == IEEE80211_S_RUN && 2791 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2792 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2793 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2794 RUN_LOCK(sc); 2795 run_get_tsf(sc, &rx_tstamp); 2796 RUN_UNLOCK(sc); 2797 rx_tstamp = le64toh(rx_tstamp); 2798 2799 if (ni_tstamp >= rx_tstamp) { 2800 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2801 "ibss merge, tsf %ju tstamp %ju\n", 2802 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2803 (void) ieee80211_ibss_merge(ni); 2804 } 2805 } 2806 } 2807 2808 static void 2809 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2810 { 2811 struct ieee80211com *ic = &sc->sc_ic; 2812 struct ieee80211_frame *wh; 2813 struct ieee80211_node *ni; 2814 struct epoch_tracker et; 2815 struct rt2870_rxd *rxd; 2816 struct rt2860_rxwi *rxwi; 2817 uint32_t flags; 2818 uint16_t len, rxwisize; 2819 uint8_t ant, rssi; 2820 int8_t nf; 2821 2822 rxwisize = sizeof(struct rt2860_rxwi); 2823 if (sc->mac_ver == 0x5592) 2824 rxwisize += sizeof(uint64_t); 2825 else if (sc->mac_ver == 0x3593) 2826 rxwisize += sizeof(uint32_t); 2827 2828 if (__predict_false(dmalen < 2829 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2830 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2831 "payload is too short: dma length %u < %zu\n", 2832 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2833 goto fail; 2834 } 2835 2836 rxwi = mtod(m, struct rt2860_rxwi *); 2837 len = le16toh(rxwi->len) & 0xfff; 2838 2839 if (__predict_false(len > dmalen - rxwisize)) { 2840 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2841 "bad RXWI length %u > %u\n", len, dmalen); 2842 goto fail; 2843 } 2844 2845 /* Rx descriptor is located at the end */ 2846 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2847 flags = le32toh(rxd->flags); 2848 2849 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2850 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2851 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2852 goto fail; 2853 } 2854 2855 if (flags & RT2860_RX_L2PAD) { 2856 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2857 "received RT2860_RX_L2PAD frame\n"); 2858 len += 2; 2859 } 2860 2861 m->m_data += rxwisize; 2862 m->m_pkthdr.len = m->m_len = len; 2863 2864 wh = mtod(m, struct ieee80211_frame *); 2865 2866 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2867 (flags & RT2860_RX_DEC) != 0) { 2868 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2869 m->m_flags |= M_WEP; 2870 } 2871 2872 if (len >= sizeof(struct ieee80211_frame_min)) { 2873 ni = ieee80211_find_rxnode(ic, 2874 mtod(m, struct ieee80211_frame_min *)); 2875 } else 2876 ni = NULL; 2877 2878 if (__predict_false(flags & RT2860_RX_MICERR)) { 2879 /* report MIC failures to net80211 for TKIP */ 2880 if (ni != NULL) 2881 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2882 rxwi->keyidx); 2883 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2884 "MIC error. Someone is lying.\n"); 2885 goto fail; 2886 } 2887 2888 ant = run_maxrssi_chain(sc, rxwi); 2889 rssi = rxwi->rssi[ant]; 2890 nf = run_rssi2dbm(sc, rssi, ant); 2891 2892 if (__predict_false(ieee80211_radiotap_active(ic))) { 2893 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2894 uint16_t phy; 2895 2896 tap->wr_flags = 0; 2897 if (flags & RT2860_RX_L2PAD) 2898 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2899 tap->wr_antsignal = rssi; 2900 tap->wr_antenna = ant; 2901 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2902 tap->wr_rate = 2; /* in case it can't be found below */ 2903 RUN_LOCK(sc); 2904 run_get_tsf(sc, &tap->wr_tsf); 2905 RUN_UNLOCK(sc); 2906 phy = le16toh(rxwi->phy); 2907 switch (phy & RT2860_PHY_MODE) { 2908 case RT2860_PHY_CCK: 2909 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2910 case 0: tap->wr_rate = 2; break; 2911 case 1: tap->wr_rate = 4; break; 2912 case 2: tap->wr_rate = 11; break; 2913 case 3: tap->wr_rate = 22; break; 2914 } 2915 if (phy & RT2860_PHY_SHPRE) 2916 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2917 break; 2918 case RT2860_PHY_OFDM: 2919 switch (phy & RT2860_PHY_MCS) { 2920 case 0: tap->wr_rate = 12; break; 2921 case 1: tap->wr_rate = 18; break; 2922 case 2: tap->wr_rate = 24; break; 2923 case 3: tap->wr_rate = 36; break; 2924 case 4: tap->wr_rate = 48; break; 2925 case 5: tap->wr_rate = 72; break; 2926 case 6: tap->wr_rate = 96; break; 2927 case 7: tap->wr_rate = 108; break; 2928 } 2929 break; 2930 } 2931 } 2932 2933 NET_EPOCH_ENTER(et); 2934 if (ni != NULL) { 2935 (void)ieee80211_input(ni, m, rssi, nf); 2936 ieee80211_free_node(ni); 2937 } else { 2938 (void)ieee80211_input_all(ic, m, rssi, nf); 2939 } 2940 NET_EPOCH_EXIT(et); 2941 2942 return; 2943 2944 fail: 2945 m_freem(m); 2946 counter_u64_add(ic->ic_ierrors, 1); 2947 } 2948 2949 static void 2950 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2951 { 2952 struct run_softc *sc = usbd_xfer_softc(xfer); 2953 struct ieee80211com *ic = &sc->sc_ic; 2954 struct mbuf *m = NULL; 2955 struct mbuf *m0; 2956 uint32_t dmalen, mbuf_len; 2957 uint16_t rxwisize; 2958 int xferlen; 2959 2960 rxwisize = sizeof(struct rt2860_rxwi); 2961 if (sc->mac_ver == 0x5592) 2962 rxwisize += sizeof(uint64_t); 2963 else if (sc->mac_ver == 0x3593) 2964 rxwisize += sizeof(uint32_t); 2965 2966 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2967 2968 switch (USB_GET_STATE(xfer)) { 2969 case USB_ST_TRANSFERRED: 2970 2971 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2972 "rx done, actlen=%d\n", xferlen); 2973 2974 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2975 sizeof(struct rt2870_rxd))) { 2976 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2977 "xfer too short %d\n", xferlen); 2978 goto tr_setup; 2979 } 2980 2981 m = sc->rx_m; 2982 sc->rx_m = NULL; 2983 2984 /* FALLTHROUGH */ 2985 case USB_ST_SETUP: 2986 tr_setup: 2987 if (sc->rx_m == NULL) { 2988 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2989 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2990 } 2991 if (sc->rx_m == NULL) { 2992 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2993 "could not allocate mbuf - idle with stall\n"); 2994 counter_u64_add(ic->ic_ierrors, 1); 2995 usbd_xfer_set_stall(xfer); 2996 usbd_xfer_set_frames(xfer, 0); 2997 } else { 2998 /* 2999 * Directly loading a mbuf cluster into DMA to 3000 * save some data copying. This works because 3001 * there is only one cluster. 3002 */ 3003 usbd_xfer_set_frame_data(xfer, 0, 3004 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3005 usbd_xfer_set_frames(xfer, 1); 3006 } 3007 usbd_transfer_submit(xfer); 3008 break; 3009 3010 default: /* Error */ 3011 if (error != USB_ERR_CANCELLED) { 3012 /* try to clear stall first */ 3013 usbd_xfer_set_stall(xfer); 3014 if (error == USB_ERR_TIMEOUT) 3015 device_printf(sc->sc_dev, "device timeout\n"); 3016 counter_u64_add(ic->ic_ierrors, 1); 3017 goto tr_setup; 3018 } 3019 if (sc->rx_m != NULL) { 3020 m_freem(sc->rx_m); 3021 sc->rx_m = NULL; 3022 } 3023 break; 3024 } 3025 3026 if (m == NULL) 3027 return; 3028 3029 /* inputting all the frames must be last */ 3030 3031 RUN_UNLOCK(sc); 3032 3033 m->m_pkthdr.len = m->m_len = xferlen; 3034 3035 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3036 for(;;) { 3037 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3038 3039 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3040 ((dmalen & 3) != 0)) { 3041 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3042 "bad DMA length %u\n", dmalen); 3043 break; 3044 } 3045 if ((dmalen + 8) > (uint32_t)xferlen) { 3046 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3047 "bad DMA length %u > %d\n", 3048 dmalen + 8, xferlen); 3049 break; 3050 } 3051 3052 /* If it is the last one or a single frame, we won't copy. */ 3053 if ((xferlen -= dmalen + 8) <= 8) { 3054 /* trim 32-bit DMA-len header */ 3055 m->m_data += 4; 3056 m->m_pkthdr.len = m->m_len -= 4; 3057 run_rx_frame(sc, m, dmalen); 3058 m = NULL; /* don't free source buffer */ 3059 break; 3060 } 3061 3062 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3063 if (__predict_false(mbuf_len > MCLBYTES)) { 3064 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3065 "payload is too big: mbuf_len %u\n", mbuf_len); 3066 counter_u64_add(ic->ic_ierrors, 1); 3067 break; 3068 } 3069 3070 /* copy aggregated frames to another mbuf */ 3071 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3072 if (__predict_false(m0 == NULL)) { 3073 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3074 "could not allocate mbuf\n"); 3075 counter_u64_add(ic->ic_ierrors, 1); 3076 break; 3077 } 3078 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3079 mbuf_len, mtod(m0, caddr_t)); 3080 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3081 run_rx_frame(sc, m0, dmalen); 3082 3083 /* update data ptr */ 3084 m->m_data += mbuf_len + 4; 3085 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3086 } 3087 3088 /* make sure we free the source buffer, if any */ 3089 m_freem(m); 3090 3091 RUN_LOCK(sc); 3092 } 3093 3094 static void 3095 run_tx_free(struct run_endpoint_queue *pq, 3096 struct run_tx_data *data, int txerr) 3097 { 3098 3099 ieee80211_tx_complete(data->ni, data->m, txerr); 3100 3101 data->m = NULL; 3102 data->ni = NULL; 3103 3104 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3105 pq->tx_nfree++; 3106 } 3107 3108 static void 3109 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3110 { 3111 struct run_softc *sc = usbd_xfer_softc(xfer); 3112 struct ieee80211com *ic = &sc->sc_ic; 3113 struct run_tx_data *data; 3114 struct ieee80211vap *vap = NULL; 3115 struct usb_page_cache *pc; 3116 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3117 struct mbuf *m; 3118 usb_frlength_t size; 3119 int actlen; 3120 int sumlen; 3121 3122 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3123 3124 switch (USB_GET_STATE(xfer)) { 3125 case USB_ST_TRANSFERRED: 3126 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3127 "transfer complete: %d bytes @ index %d\n", actlen, index); 3128 3129 data = usbd_xfer_get_priv(xfer); 3130 run_tx_free(pq, data, 0); 3131 usbd_xfer_set_priv(xfer, NULL); 3132 3133 /* FALLTHROUGH */ 3134 case USB_ST_SETUP: 3135 tr_setup: 3136 data = STAILQ_FIRST(&pq->tx_qh); 3137 if (data == NULL) 3138 break; 3139 3140 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3141 3142 m = data->m; 3143 size = (sc->mac_ver == 0x5592) ? 3144 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3145 if ((m->m_pkthdr.len + 3146 size + 3 + 8) > RUN_MAX_TXSZ) { 3147 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3148 "data overflow, %u bytes\n", m->m_pkthdr.len); 3149 run_tx_free(pq, data, 1); 3150 goto tr_setup; 3151 } 3152 3153 pc = usbd_xfer_get_frame(xfer, 0); 3154 usbd_copy_in(pc, 0, &data->desc, size); 3155 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3156 size += m->m_pkthdr.len; 3157 /* 3158 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3159 * 4-byte padding), and be sure to zero those trailing 3160 * bytes: 3161 */ 3162 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3163 size += ((-size) & 3) + 8; 3164 3165 vap = data->ni->ni_vap; 3166 if (ieee80211_radiotap_active_vap(vap)) { 3167 const struct ieee80211_frame *wh; 3168 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3169 struct rt2860_txwi *txwi = 3170 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3171 int has_l2pad; 3172 3173 wh = mtod(m, struct ieee80211_frame *); 3174 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3175 IEEE80211_QOS_HAS_SEQ(wh); 3176 3177 tap->wt_flags = 0; 3178 tap->wt_rate = rt2860_rates[data->ridx].rate; 3179 tap->wt_hwqueue = index; 3180 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3181 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3182 if (has_l2pad) 3183 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3184 3185 ieee80211_radiotap_tx(vap, m); 3186 } 3187 3188 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3189 "sending frame len=%u/%u @ index %d\n", 3190 m->m_pkthdr.len, size, index); 3191 3192 usbd_xfer_set_frame_len(xfer, 0, size); 3193 usbd_xfer_set_priv(xfer, data); 3194 usbd_transfer_submit(xfer); 3195 run_start(sc); 3196 3197 break; 3198 3199 default: 3200 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3201 "USB transfer error, %s\n", usbd_errstr(error)); 3202 3203 data = usbd_xfer_get_priv(xfer); 3204 3205 if (data != NULL) { 3206 if(data->ni != NULL) 3207 vap = data->ni->ni_vap; 3208 run_tx_free(pq, data, error); 3209 usbd_xfer_set_priv(xfer, NULL); 3210 } 3211 3212 if (vap == NULL) 3213 vap = TAILQ_FIRST(&ic->ic_vaps); 3214 3215 if (error != USB_ERR_CANCELLED) { 3216 if (error == USB_ERR_TIMEOUT) { 3217 device_printf(sc->sc_dev, "device timeout\n"); 3218 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3219 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3220 "cmdq_store=%d\n", i); 3221 sc->cmdq[i].func = run_usb_timeout_cb; 3222 sc->cmdq[i].arg0 = vap; 3223 ieee80211_runtask(ic, &sc->cmdq_task); 3224 } 3225 3226 /* 3227 * Try to clear stall first, also if other 3228 * errors occur, hence clearing stall 3229 * introduces a 50 ms delay: 3230 */ 3231 usbd_xfer_set_stall(xfer); 3232 goto tr_setup; 3233 } 3234 break; 3235 } 3236 } 3237 3238 static void 3239 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3240 { 3241 run_bulk_tx_callbackN(xfer, error, 0); 3242 } 3243 3244 static void 3245 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3246 { 3247 run_bulk_tx_callbackN(xfer, error, 1); 3248 } 3249 3250 static void 3251 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3252 { 3253 run_bulk_tx_callbackN(xfer, error, 2); 3254 } 3255 3256 static void 3257 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3258 { 3259 run_bulk_tx_callbackN(xfer, error, 3); 3260 } 3261 3262 static void 3263 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3264 { 3265 run_bulk_tx_callbackN(xfer, error, 4); 3266 } 3267 3268 static void 3269 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3270 { 3271 run_bulk_tx_callbackN(xfer, error, 5); 3272 } 3273 3274 static void 3275 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3276 { 3277 struct mbuf *m = data->m; 3278 struct ieee80211com *ic = &sc->sc_ic; 3279 struct ieee80211vap *vap = data->ni->ni_vap; 3280 struct ieee80211_frame *wh; 3281 struct rt2870_txd *txd; 3282 struct rt2860_txwi *txwi; 3283 uint16_t xferlen, txwisize; 3284 uint16_t mcs; 3285 uint8_t ridx = data->ridx; 3286 uint8_t pad; 3287 3288 /* get MCS code from rate index */ 3289 mcs = rt2860_rates[ridx].mcs; 3290 3291 txwisize = (sc->mac_ver == 0x5592) ? 3292 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3293 xferlen = txwisize + m->m_pkthdr.len; 3294 3295 /* roundup to 32-bit alignment */ 3296 xferlen = (xferlen + 3) & ~3; 3297 3298 txd = (struct rt2870_txd *)&data->desc; 3299 txd->len = htole16(xferlen); 3300 3301 wh = mtod(m, struct ieee80211_frame *); 3302 3303 /* 3304 * Ether both are true or both are false, the header 3305 * are nicely aligned to 32-bit. So, no L2 padding. 3306 */ 3307 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3308 pad = 0; 3309 else 3310 pad = 2; 3311 3312 /* setup TX Wireless Information */ 3313 txwi = (struct rt2860_txwi *)(txd + 1); 3314 txwi->len = htole16(m->m_pkthdr.len - pad); 3315 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3316 mcs |= RT2860_PHY_CCK; 3317 if (ridx != RT2860_RIDX_CCK1 && 3318 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3319 mcs |= RT2860_PHY_SHPRE; 3320 } else 3321 mcs |= RT2860_PHY_OFDM; 3322 txwi->phy = htole16(mcs); 3323 3324 /* check if RTS/CTS or CTS-to-self protection is required */ 3325 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3326 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3327 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3328 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3329 txwi->txop |= RT2860_TX_TXOP_HT; 3330 else 3331 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3332 3333 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3334 txwi->xflags |= RT2860_TX_NSEQ; 3335 } 3336 3337 /* This function must be called locked */ 3338 static int 3339 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3340 { 3341 struct ieee80211com *ic = &sc->sc_ic; 3342 struct ieee80211vap *vap = ni->ni_vap; 3343 struct ieee80211_frame *wh; 3344 const struct ieee80211_txparam *tp = ni->ni_txparms; 3345 struct run_node *rn = RUN_NODE(ni); 3346 struct run_tx_data *data; 3347 struct rt2870_txd *txd; 3348 struct rt2860_txwi *txwi; 3349 uint16_t qos; 3350 uint16_t dur; 3351 uint16_t qid; 3352 uint8_t type; 3353 uint8_t tid; 3354 uint8_t ridx; 3355 uint8_t ctl_ridx; 3356 uint8_t qflags; 3357 uint8_t xflags = 0; 3358 int hasqos; 3359 3360 RUN_LOCK_ASSERT(sc, MA_OWNED); 3361 3362 wh = mtod(m, struct ieee80211_frame *); 3363 3364 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3365 3366 /* 3367 * There are 7 bulk endpoints: 1 for RX 3368 * and 6 for TX (4 EDCAs + HCCA + Prio). 3369 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3370 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3371 */ 3372 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3373 uint8_t *frm; 3374 3375 frm = ieee80211_getqos(wh); 3376 qos = le16toh(*(const uint16_t *)frm); 3377 tid = qos & IEEE80211_QOS_TID; 3378 qid = TID_TO_WME_AC(tid); 3379 } else { 3380 qos = 0; 3381 tid = 0; 3382 qid = WME_AC_BE; 3383 } 3384 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3385 3386 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3387 qos, qid, tid, qflags); 3388 3389 /* pickup a rate index */ 3390 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3391 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3392 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3393 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3394 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3395 } else { 3396 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3397 ridx = rn->fix_ridx; 3398 else 3399 ridx = rn->amrr_ridx; 3400 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3401 } 3402 3403 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3404 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3405 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3406 xflags |= RT2860_TX_ACK; 3407 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3408 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3409 else 3410 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3411 USETW(wh->i_dur, dur); 3412 } 3413 3414 /* reserve slots for mgmt packets, just in case */ 3415 if (sc->sc_epq[qid].tx_nfree < 3) { 3416 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3417 return (-1); 3418 } 3419 3420 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3421 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3422 sc->sc_epq[qid].tx_nfree--; 3423 3424 txd = (struct rt2870_txd *)&data->desc; 3425 txd->flags = qflags; 3426 txwi = (struct rt2860_txwi *)(txd + 1); 3427 txwi->xflags = xflags; 3428 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3429 txwi->wcid = 0; 3430 else 3431 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3432 1 : RUN_AID2WCID(ni->ni_associd); 3433 3434 /* clear leftover garbage bits */ 3435 txwi->flags = 0; 3436 txwi->txop = 0; 3437 3438 data->m = m; 3439 data->ni = ni; 3440 data->ridx = ridx; 3441 3442 run_set_tx_desc(sc, data); 3443 3444 /* 3445 * The chip keeps track of 2 kind of Tx stats, 3446 * * TX_STAT_FIFO, for per WCID stats, and 3447 * * TX_STA_CNT0 for all-TX-in-one stats. 3448 * 3449 * To use FIFO stats, we need to store MCS into the driver-private 3450 * PacketID field. So that, we can tell whose stats when we read them. 3451 * We add 1 to the MCS because setting the PacketID field to 0 means 3452 * that we don't want feedback in TX_STAT_FIFO. 3453 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3454 * 3455 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3456 */ 3457 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3458 vap->iv_opmode == IEEE80211_M_MBSS) { 3459 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3460 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3461 3462 /* 3463 * Unlike PCI based devices, we don't get any interrupt from 3464 * USB devices, so we simulate FIFO-is-full interrupt here. 3465 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3466 * quickly get fulled. To prevent overflow, increment a counter on 3467 * every FIFO stat request, so we know how many slots are left. 3468 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3469 * are used only in those modes. 3470 * We just drain stats. AMRR gets updated every 1 sec by 3471 * run_ratectl_cb() via callout. 3472 * Call it early. Otherwise overflow. 3473 */ 3474 if (sc->fifo_cnt++ == 10) { 3475 /* 3476 * With multiple vaps or if_bridge, if_start() is called 3477 * with a non-sleepable lock, tcpinp. So, need to defer. 3478 */ 3479 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3480 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3481 sc->cmdq[i].func = run_drain_fifo; 3482 sc->cmdq[i].arg0 = sc; 3483 ieee80211_runtask(ic, &sc->cmdq_task); 3484 } 3485 } 3486 3487 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3488 3489 usbd_transfer_start(sc->sc_xfer[qid]); 3490 3491 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3492 "sending data frame len=%d rate=%d qid=%d\n", 3493 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3494 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3495 3496 return (0); 3497 } 3498 3499 static int 3500 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3501 { 3502 struct ieee80211com *ic = &sc->sc_ic; 3503 struct run_node *rn = RUN_NODE(ni); 3504 struct run_tx_data *data; 3505 struct ieee80211_frame *wh; 3506 struct rt2870_txd *txd; 3507 struct rt2860_txwi *txwi; 3508 uint16_t dur; 3509 uint8_t ridx = rn->mgt_ridx; 3510 uint8_t xflags = 0; 3511 uint8_t wflags = 0; 3512 3513 RUN_LOCK_ASSERT(sc, MA_OWNED); 3514 3515 wh = mtod(m, struct ieee80211_frame *); 3516 3517 /* tell hardware to add timestamp for probe responses */ 3518 if ((wh->i_fc[0] & 3519 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3520 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3521 wflags |= RT2860_TX_TS; 3522 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3523 xflags |= RT2860_TX_ACK; 3524 3525 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3526 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3527 USETW(wh->i_dur, dur); 3528 } 3529 3530 if (sc->sc_epq[0].tx_nfree == 0) 3531 /* let caller free mbuf */ 3532 return (EIO); 3533 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3534 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3535 sc->sc_epq[0].tx_nfree--; 3536 3537 txd = (struct rt2870_txd *)&data->desc; 3538 txd->flags = RT2860_TX_QSEL_EDCA; 3539 txwi = (struct rt2860_txwi *)(txd + 1); 3540 txwi->wcid = 0xff; 3541 txwi->flags = wflags; 3542 txwi->xflags = xflags; 3543 txwi->txop = 0; /* clear leftover garbage bits */ 3544 3545 data->m = m; 3546 data->ni = ni; 3547 data->ridx = ridx; 3548 3549 run_set_tx_desc(sc, data); 3550 3551 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3552 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3553 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3554 3555 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3556 3557 usbd_transfer_start(sc->sc_xfer[0]); 3558 3559 return (0); 3560 } 3561 3562 static int 3563 run_sendprot(struct run_softc *sc, 3564 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3565 { 3566 struct ieee80211com *ic = ni->ni_ic; 3567 struct run_tx_data *data; 3568 struct rt2870_txd *txd; 3569 struct rt2860_txwi *txwi; 3570 struct mbuf *mprot; 3571 int ridx; 3572 int protrate; 3573 uint8_t wflags = 0; 3574 uint8_t xflags = 0; 3575 3576 RUN_LOCK_ASSERT(sc, MA_OWNED); 3577 3578 /* check that there are free slots before allocating the mbuf */ 3579 if (sc->sc_epq[0].tx_nfree == 0) 3580 /* let caller free mbuf */ 3581 return (ENOBUFS); 3582 3583 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3584 if (mprot == NULL) { 3585 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3586 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3587 return (ENOBUFS); 3588 } 3589 3590 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3591 wflags = RT2860_TX_FRAG; 3592 xflags = 0; 3593 if (prot == IEEE80211_PROT_RTSCTS) 3594 xflags |= RT2860_TX_ACK; 3595 3596 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3597 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3598 sc->sc_epq[0].tx_nfree--; 3599 3600 txd = (struct rt2870_txd *)&data->desc; 3601 txd->flags = RT2860_TX_QSEL_EDCA; 3602 txwi = (struct rt2860_txwi *)(txd + 1); 3603 txwi->wcid = 0xff; 3604 txwi->flags = wflags; 3605 txwi->xflags = xflags; 3606 txwi->txop = 0; /* clear leftover garbage bits */ 3607 3608 data->m = mprot; 3609 data->ni = ieee80211_ref_node(ni); 3610 3611 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3612 if (rt2860_rates[ridx].rate == protrate) 3613 break; 3614 data->ridx = ridx; 3615 3616 run_set_tx_desc(sc, data); 3617 3618 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3619 m->m_pkthdr.len, rate); 3620 3621 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3622 3623 usbd_transfer_start(sc->sc_xfer[0]); 3624 3625 return (0); 3626 } 3627 3628 static int 3629 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3630 const struct ieee80211_bpf_params *params) 3631 { 3632 struct ieee80211com *ic = ni->ni_ic; 3633 struct run_tx_data *data; 3634 struct rt2870_txd *txd; 3635 struct rt2860_txwi *txwi; 3636 uint8_t ridx; 3637 uint8_t rate; 3638 uint8_t opflags = 0; 3639 uint8_t xflags = 0; 3640 int error; 3641 3642 RUN_LOCK_ASSERT(sc, MA_OWNED); 3643 3644 KASSERT(params != NULL, ("no raw xmit params")); 3645 3646 rate = params->ibp_rate0; 3647 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3648 /* let caller free mbuf */ 3649 return (EINVAL); 3650 } 3651 3652 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3653 xflags |= RT2860_TX_ACK; 3654 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3655 error = run_sendprot(sc, m, ni, 3656 params->ibp_flags & IEEE80211_BPF_RTS ? 3657 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3658 rate); 3659 if (error) { 3660 /* let caller free mbuf */ 3661 return error; 3662 } 3663 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3664 } 3665 3666 if (sc->sc_epq[0].tx_nfree == 0) { 3667 /* let caller free mbuf */ 3668 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3669 "sending raw frame, but tx ring is full\n"); 3670 return (EIO); 3671 } 3672 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3673 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3674 sc->sc_epq[0].tx_nfree--; 3675 3676 txd = (struct rt2870_txd *)&data->desc; 3677 txd->flags = RT2860_TX_QSEL_EDCA; 3678 txwi = (struct rt2860_txwi *)(txd + 1); 3679 txwi->wcid = 0xff; 3680 txwi->xflags = xflags; 3681 txwi->txop = opflags; 3682 txwi->flags = 0; /* clear leftover garbage bits */ 3683 3684 data->m = m; 3685 data->ni = ni; 3686 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3687 if (rt2860_rates[ridx].rate == rate) 3688 break; 3689 data->ridx = ridx; 3690 3691 run_set_tx_desc(sc, data); 3692 3693 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3694 m->m_pkthdr.len, rate); 3695 3696 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3697 3698 usbd_transfer_start(sc->sc_xfer[0]); 3699 3700 return (0); 3701 } 3702 3703 static int 3704 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3705 const struct ieee80211_bpf_params *params) 3706 { 3707 struct run_softc *sc = ni->ni_ic->ic_softc; 3708 int error = 0; 3709 3710 RUN_LOCK(sc); 3711 3712 /* prevent management frames from being sent if we're not ready */ 3713 if (!(sc->sc_flags & RUN_RUNNING)) { 3714 error = ENETDOWN; 3715 goto done; 3716 } 3717 3718 if (params == NULL) { 3719 /* tx mgt packet */ 3720 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3721 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3722 goto done; 3723 } 3724 } else { 3725 /* tx raw packet with param */ 3726 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3727 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3728 goto done; 3729 } 3730 } 3731 3732 done: 3733 RUN_UNLOCK(sc); 3734 3735 if (error != 0) { 3736 if(m != NULL) 3737 m_freem(m); 3738 } 3739 3740 return (error); 3741 } 3742 3743 static int 3744 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3745 { 3746 struct run_softc *sc = ic->ic_softc; 3747 int error; 3748 3749 RUN_LOCK(sc); 3750 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3751 RUN_UNLOCK(sc); 3752 return (ENXIO); 3753 } 3754 error = mbufq_enqueue(&sc->sc_snd, m); 3755 if (error) { 3756 RUN_UNLOCK(sc); 3757 return (error); 3758 } 3759 run_start(sc); 3760 RUN_UNLOCK(sc); 3761 3762 return (0); 3763 } 3764 3765 static void 3766 run_start(struct run_softc *sc) 3767 { 3768 struct ieee80211_node *ni; 3769 struct mbuf *m; 3770 3771 RUN_LOCK_ASSERT(sc, MA_OWNED); 3772 3773 if ((sc->sc_flags & RUN_RUNNING) == 0) 3774 return; 3775 3776 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3777 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3778 if (run_tx(sc, m, ni) != 0) { 3779 mbufq_prepend(&sc->sc_snd, m); 3780 break; 3781 } 3782 } 3783 } 3784 3785 static void 3786 run_parent(struct ieee80211com *ic) 3787 { 3788 struct run_softc *sc = ic->ic_softc; 3789 int startall = 0; 3790 3791 RUN_LOCK(sc); 3792 if (sc->sc_detached) { 3793 RUN_UNLOCK(sc); 3794 return; 3795 } 3796 3797 if (ic->ic_nrunning > 0) { 3798 if (!(sc->sc_flags & RUN_RUNNING)) { 3799 startall = 1; 3800 run_init_locked(sc); 3801 } else 3802 run_update_promisc_locked(sc); 3803 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3804 run_stop(sc); 3805 RUN_UNLOCK(sc); 3806 if (startall) 3807 ieee80211_start_all(ic); 3808 } 3809 3810 static void 3811 run_iq_calib(struct run_softc *sc, u_int chan) 3812 { 3813 uint16_t val; 3814 3815 /* Tx0 IQ gain. */ 3816 run_bbp_write(sc, 158, 0x2c); 3817 if (chan <= 14) 3818 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3819 else if (chan <= 64) { 3820 run_efuse_read(sc, 3821 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3822 &val, 1); 3823 } else if (chan <= 138) { 3824 run_efuse_read(sc, 3825 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3826 &val, 1); 3827 } else if (chan <= 165) { 3828 run_efuse_read(sc, 3829 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3830 &val, 1); 3831 } else 3832 val = 0; 3833 run_bbp_write(sc, 159, val); 3834 3835 /* Tx0 IQ phase. */ 3836 run_bbp_write(sc, 158, 0x2d); 3837 if (chan <= 14) { 3838 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3839 &val, 1); 3840 } else if (chan <= 64) { 3841 run_efuse_read(sc, 3842 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3843 &val, 1); 3844 } else if (chan <= 138) { 3845 run_efuse_read(sc, 3846 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3847 &val, 1); 3848 } else if (chan <= 165) { 3849 run_efuse_read(sc, 3850 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3851 &val, 1); 3852 } else 3853 val = 0; 3854 run_bbp_write(sc, 159, val); 3855 3856 /* Tx1 IQ gain. */ 3857 run_bbp_write(sc, 158, 0x4a); 3858 if (chan <= 14) { 3859 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3860 &val, 1); 3861 } else if (chan <= 64) { 3862 run_efuse_read(sc, 3863 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3864 &val, 1); 3865 } else if (chan <= 138) { 3866 run_efuse_read(sc, 3867 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3868 &val, 1); 3869 } else if (chan <= 165) { 3870 run_efuse_read(sc, 3871 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3872 &val, 1); 3873 } else 3874 val = 0; 3875 run_bbp_write(sc, 159, val); 3876 3877 /* Tx1 IQ phase. */ 3878 run_bbp_write(sc, 158, 0x4b); 3879 if (chan <= 14) { 3880 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3881 &val, 1); 3882 } else if (chan <= 64) { 3883 run_efuse_read(sc, 3884 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3885 &val, 1); 3886 } else if (chan <= 138) { 3887 run_efuse_read(sc, 3888 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3889 &val, 1); 3890 } else if (chan <= 165) { 3891 run_efuse_read(sc, 3892 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3893 &val, 1); 3894 } else 3895 val = 0; 3896 run_bbp_write(sc, 159, val); 3897 3898 /* RF IQ compensation control. */ 3899 run_bbp_write(sc, 158, 0x04); 3900 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3901 &val, 1); 3902 run_bbp_write(sc, 159, val); 3903 3904 /* RF IQ imbalance compensation control. */ 3905 run_bbp_write(sc, 158, 0x03); 3906 run_efuse_read(sc, 3907 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3908 run_bbp_write(sc, 159, val); 3909 } 3910 3911 static void 3912 run_set_agc(struct run_softc *sc, uint8_t agc) 3913 { 3914 uint8_t bbp; 3915 3916 if (sc->mac_ver == 0x3572) { 3917 run_bbp_read(sc, 27, &bbp); 3918 bbp &= ~(0x3 << 5); 3919 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3920 run_bbp_write(sc, 66, agc); 3921 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3922 run_bbp_write(sc, 66, agc); 3923 } else 3924 run_bbp_write(sc, 66, agc); 3925 } 3926 3927 static void 3928 run_select_chan_group(struct run_softc *sc, int group) 3929 { 3930 uint32_t tmp; 3931 uint8_t agc; 3932 3933 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3934 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3935 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3936 if (sc->mac_ver < 0x3572) 3937 run_bbp_write(sc, 86, 0x00); 3938 3939 if (sc->mac_ver == 0x3593) { 3940 run_bbp_write(sc, 77, 0x98); 3941 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3942 } 3943 3944 if (group == 0) { 3945 if (sc->ext_2ghz_lna) { 3946 if (sc->mac_ver >= 0x5390) 3947 run_bbp_write(sc, 75, 0x52); 3948 else { 3949 run_bbp_write(sc, 82, 0x62); 3950 run_bbp_write(sc, 75, 0x46); 3951 } 3952 } else { 3953 if (sc->mac_ver == 0x5592) { 3954 run_bbp_write(sc, 79, 0x1c); 3955 run_bbp_write(sc, 80, 0x0e); 3956 run_bbp_write(sc, 81, 0x3a); 3957 run_bbp_write(sc, 82, 0x62); 3958 3959 run_bbp_write(sc, 195, 0x80); 3960 run_bbp_write(sc, 196, 0xe0); 3961 run_bbp_write(sc, 195, 0x81); 3962 run_bbp_write(sc, 196, 0x1f); 3963 run_bbp_write(sc, 195, 0x82); 3964 run_bbp_write(sc, 196, 0x38); 3965 run_bbp_write(sc, 195, 0x83); 3966 run_bbp_write(sc, 196, 0x32); 3967 run_bbp_write(sc, 195, 0x85); 3968 run_bbp_write(sc, 196, 0x28); 3969 run_bbp_write(sc, 195, 0x86); 3970 run_bbp_write(sc, 196, 0x19); 3971 } else if (sc->mac_ver >= 0x5390) 3972 run_bbp_write(sc, 75, 0x50); 3973 else { 3974 run_bbp_write(sc, 82, 3975 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3976 run_bbp_write(sc, 75, 0x50); 3977 } 3978 } 3979 } else { 3980 if (sc->mac_ver == 0x5592) { 3981 run_bbp_write(sc, 79, 0x18); 3982 run_bbp_write(sc, 80, 0x08); 3983 run_bbp_write(sc, 81, 0x38); 3984 run_bbp_write(sc, 82, 0x92); 3985 3986 run_bbp_write(sc, 195, 0x80); 3987 run_bbp_write(sc, 196, 0xf0); 3988 run_bbp_write(sc, 195, 0x81); 3989 run_bbp_write(sc, 196, 0x1e); 3990 run_bbp_write(sc, 195, 0x82); 3991 run_bbp_write(sc, 196, 0x28); 3992 run_bbp_write(sc, 195, 0x83); 3993 run_bbp_write(sc, 196, 0x20); 3994 run_bbp_write(sc, 195, 0x85); 3995 run_bbp_write(sc, 196, 0x7f); 3996 run_bbp_write(sc, 195, 0x86); 3997 run_bbp_write(sc, 196, 0x7f); 3998 } else if (sc->mac_ver == 0x3572) 3999 run_bbp_write(sc, 82, 0x94); 4000 else 4001 run_bbp_write(sc, 82, 4002 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4003 if (sc->ext_5ghz_lna) 4004 run_bbp_write(sc, 75, 0x46); 4005 else 4006 run_bbp_write(sc, 75, 0x50); 4007 } 4008 4009 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4010 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4011 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4012 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4013 4014 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4015 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4016 if (sc->mac_ver == 0x3593) 4017 tmp |= 1 << 29 | 1 << 28; 4018 if (sc->nrxchains > 1) 4019 tmp |= RT2860_LNA_PE1_EN; 4020 if (group == 0) { /* 2GHz */ 4021 tmp |= RT2860_PA_PE_G0_EN; 4022 if (sc->ntxchains > 1) 4023 tmp |= RT2860_PA_PE_G1_EN; 4024 if (sc->mac_ver == 0x3593) { 4025 if (sc->ntxchains > 2) 4026 tmp |= 1 << 25; 4027 } 4028 } else { /* 5GHz */ 4029 tmp |= RT2860_PA_PE_A0_EN; 4030 if (sc->ntxchains > 1) 4031 tmp |= RT2860_PA_PE_A1_EN; 4032 } 4033 if (sc->mac_ver == 0x3572) { 4034 run_rt3070_rf_write(sc, 8, 0x00); 4035 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4036 run_rt3070_rf_write(sc, 8, 0x80); 4037 } else 4038 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4039 4040 if (sc->mac_ver == 0x5592) { 4041 run_bbp_write(sc, 195, 0x8d); 4042 run_bbp_write(sc, 196, 0x1a); 4043 } 4044 4045 if (sc->mac_ver == 0x3593) { 4046 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4047 tmp &= ~0x01010000; 4048 if (group == 0) 4049 tmp |= 0x00010000; 4050 tmp = (tmp & ~0x00009090) | 0x00000090; 4051 run_write(sc, RT2860_GPIO_CTRL, tmp); 4052 } 4053 4054 /* set initial AGC value */ 4055 if (group == 0) { /* 2GHz band */ 4056 if (sc->mac_ver >= 0x3070) 4057 agc = 0x1c + sc->lna[0] * 2; 4058 else 4059 agc = 0x2e + sc->lna[0]; 4060 } else { /* 5GHz band */ 4061 if (sc->mac_ver == 0x5592) 4062 agc = 0x24 + sc->lna[group] * 2; 4063 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4064 agc = 0x22 + (sc->lna[group] * 5) / 3; 4065 else 4066 agc = 0x32 + (sc->lna[group] * 5) / 3; 4067 } 4068 run_set_agc(sc, agc); 4069 } 4070 4071 static void 4072 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4073 { 4074 const struct rfprog *rfprog = rt2860_rf2850; 4075 uint32_t r2, r3, r4; 4076 int8_t txpow1, txpow2; 4077 int i; 4078 4079 /* find the settings for this channel (we know it exists) */ 4080 for (i = 0; rfprog[i].chan != chan; i++); 4081 4082 r2 = rfprog[i].r2; 4083 if (sc->ntxchains == 1) 4084 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4085 if (sc->nrxchains == 1) 4086 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4087 else if (sc->nrxchains == 2) 4088 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4089 4090 /* use Tx power values from EEPROM */ 4091 txpow1 = sc->txpow1[i]; 4092 txpow2 = sc->txpow2[i]; 4093 4094 /* Initialize RF R3 and R4. */ 4095 r3 = rfprog[i].r3 & 0xffffc1ff; 4096 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4097 if (chan > 14) { 4098 if (txpow1 >= 0) { 4099 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4100 r3 |= (txpow1 << 10) | (1 << 9); 4101 } else { 4102 txpow1 += 7; 4103 4104 /* txpow1 is not possible larger than 15. */ 4105 r3 |= (txpow1 << 10); 4106 } 4107 if (txpow2 >= 0) { 4108 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4109 r4 |= (txpow2 << 7) | (1 << 6); 4110 } else { 4111 txpow2 += 7; 4112 r4 |= (txpow2 << 7); 4113 } 4114 } else { 4115 /* Set Tx0 power. */ 4116 r3 |= (txpow1 << 9); 4117 4118 /* Set frequency offset and Tx1 power. */ 4119 r4 |= (txpow2 << 6); 4120 } 4121 4122 run_rt2870_rf_write(sc, rfprog[i].r1); 4123 run_rt2870_rf_write(sc, r2); 4124 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4125 run_rt2870_rf_write(sc, r4); 4126 4127 run_delay(sc, 10); 4128 4129 run_rt2870_rf_write(sc, rfprog[i].r1); 4130 run_rt2870_rf_write(sc, r2); 4131 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4132 run_rt2870_rf_write(sc, r4); 4133 4134 run_delay(sc, 10); 4135 4136 run_rt2870_rf_write(sc, rfprog[i].r1); 4137 run_rt2870_rf_write(sc, r2); 4138 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4139 run_rt2870_rf_write(sc, r4); 4140 } 4141 4142 static void 4143 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4144 { 4145 int8_t txpow1, txpow2; 4146 uint8_t rf; 4147 int i; 4148 4149 /* find the settings for this channel (we know it exists) */ 4150 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4151 4152 /* use Tx power values from EEPROM */ 4153 txpow1 = sc->txpow1[i]; 4154 txpow2 = sc->txpow2[i]; 4155 4156 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4157 4158 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4159 run_rt3070_rf_read(sc, 3, &rf); 4160 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4161 run_rt3070_rf_write(sc, 3, rf); 4162 4163 run_rt3070_rf_read(sc, 6, &rf); 4164 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4165 run_rt3070_rf_write(sc, 6, rf); 4166 4167 /* set Tx0 power */ 4168 run_rt3070_rf_read(sc, 12, &rf); 4169 rf = (rf & ~0x1f) | txpow1; 4170 run_rt3070_rf_write(sc, 12, rf); 4171 4172 /* set Tx1 power */ 4173 run_rt3070_rf_read(sc, 13, &rf); 4174 rf = (rf & ~0x1f) | txpow2; 4175 run_rt3070_rf_write(sc, 13, rf); 4176 4177 run_rt3070_rf_read(sc, 1, &rf); 4178 rf &= ~0xfc; 4179 if (sc->ntxchains == 1) 4180 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4181 else if (sc->ntxchains == 2) 4182 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4183 if (sc->nrxchains == 1) 4184 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4185 else if (sc->nrxchains == 2) 4186 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4187 run_rt3070_rf_write(sc, 1, rf); 4188 4189 /* set RF offset */ 4190 run_rt3070_rf_read(sc, 23, &rf); 4191 rf = (rf & ~0x7f) | sc->freq; 4192 run_rt3070_rf_write(sc, 23, rf); 4193 4194 /* program RF filter */ 4195 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4196 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4197 run_rt3070_rf_write(sc, 24, rf); 4198 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4199 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4200 run_rt3070_rf_write(sc, 31, rf); 4201 4202 /* enable RF tuning */ 4203 run_rt3070_rf_read(sc, 7, &rf); 4204 run_rt3070_rf_write(sc, 7, rf | 0x01); 4205 } 4206 4207 static void 4208 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4209 { 4210 int8_t txpow1, txpow2; 4211 uint32_t tmp; 4212 uint8_t rf; 4213 int i; 4214 4215 /* find the settings for this channel (we know it exists) */ 4216 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4217 4218 /* use Tx power values from EEPROM */ 4219 txpow1 = sc->txpow1[i]; 4220 txpow2 = sc->txpow2[i]; 4221 4222 if (chan <= 14) { 4223 run_bbp_write(sc, 25, sc->bbp25); 4224 run_bbp_write(sc, 26, sc->bbp26); 4225 } else { 4226 /* enable IQ phase correction */ 4227 run_bbp_write(sc, 25, 0x09); 4228 run_bbp_write(sc, 26, 0xff); 4229 } 4230 4231 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4232 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4233 run_rt3070_rf_read(sc, 6, &rf); 4234 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4235 rf |= (chan <= 14) ? 0x08 : 0x04; 4236 run_rt3070_rf_write(sc, 6, rf); 4237 4238 /* set PLL mode */ 4239 run_rt3070_rf_read(sc, 5, &rf); 4240 rf &= ~(0x08 | 0x04); 4241 rf |= (chan <= 14) ? 0x04 : 0x08; 4242 run_rt3070_rf_write(sc, 5, rf); 4243 4244 /* set Tx power for chain 0 */ 4245 if (chan <= 14) 4246 rf = 0x60 | txpow1; 4247 else 4248 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4249 run_rt3070_rf_write(sc, 12, rf); 4250 4251 /* set Tx power for chain 1 */ 4252 if (chan <= 14) 4253 rf = 0x60 | txpow2; 4254 else 4255 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4256 run_rt3070_rf_write(sc, 13, rf); 4257 4258 /* set Tx/Rx streams */ 4259 run_rt3070_rf_read(sc, 1, &rf); 4260 rf &= ~0xfc; 4261 if (sc->ntxchains == 1) 4262 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4263 else if (sc->ntxchains == 2) 4264 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4265 if (sc->nrxchains == 1) 4266 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4267 else if (sc->nrxchains == 2) 4268 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4269 run_rt3070_rf_write(sc, 1, rf); 4270 4271 /* set RF offset */ 4272 run_rt3070_rf_read(sc, 23, &rf); 4273 rf = (rf & ~0x7f) | sc->freq; 4274 run_rt3070_rf_write(sc, 23, rf); 4275 4276 /* program RF filter */ 4277 rf = sc->rf24_20mhz; 4278 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4279 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4280 4281 /* enable RF tuning */ 4282 run_rt3070_rf_read(sc, 7, &rf); 4283 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4284 run_rt3070_rf_write(sc, 7, rf); 4285 4286 /* TSSI */ 4287 rf = (chan <= 14) ? 0xc3 : 0xc0; 4288 run_rt3070_rf_write(sc, 9, rf); 4289 4290 /* set loop filter 1 */ 4291 run_rt3070_rf_write(sc, 10, 0xf1); 4292 /* set loop filter 2 */ 4293 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4294 4295 /* set tx_mx2_ic */ 4296 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4297 /* set tx_mx1_ic */ 4298 if (chan <= 14) 4299 rf = 0x48 | sc->txmixgain_2ghz; 4300 else 4301 rf = 0x78 | sc->txmixgain_5ghz; 4302 run_rt3070_rf_write(sc, 16, rf); 4303 4304 /* set tx_lo1 */ 4305 run_rt3070_rf_write(sc, 17, 0x23); 4306 /* set tx_lo2 */ 4307 if (chan <= 14) 4308 rf = 0x93; 4309 else if (chan <= 64) 4310 rf = 0xb7; 4311 else if (chan <= 128) 4312 rf = 0x74; 4313 else 4314 rf = 0x72; 4315 run_rt3070_rf_write(sc, 19, rf); 4316 4317 /* set rx_lo1 */ 4318 if (chan <= 14) 4319 rf = 0xb3; 4320 else if (chan <= 64) 4321 rf = 0xf6; 4322 else if (chan <= 128) 4323 rf = 0xf4; 4324 else 4325 rf = 0xf3; 4326 run_rt3070_rf_write(sc, 20, rf); 4327 4328 /* set pfd_delay */ 4329 if (chan <= 14) 4330 rf = 0x15; 4331 else if (chan <= 64) 4332 rf = 0x3d; 4333 else 4334 rf = 0x01; 4335 run_rt3070_rf_write(sc, 25, rf); 4336 4337 /* set rx_lo2 */ 4338 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4339 /* set ldo_rf_vc */ 4340 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4341 /* set drv_cc */ 4342 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4343 4344 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4345 tmp &= ~0x8080; 4346 if (chan <= 14) 4347 tmp |= 0x80; 4348 run_write(sc, RT2860_GPIO_CTRL, tmp); 4349 4350 /* enable RF tuning */ 4351 run_rt3070_rf_read(sc, 7, &rf); 4352 run_rt3070_rf_write(sc, 7, rf | 0x01); 4353 4354 run_delay(sc, 2); 4355 } 4356 4357 static void 4358 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4359 { 4360 int8_t txpow1, txpow2, txpow3; 4361 uint8_t h20mhz, rf; 4362 int i; 4363 4364 /* find the settings for this channel (we know it exists) */ 4365 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4366 4367 /* use Tx power values from EEPROM */ 4368 txpow1 = sc->txpow1[i]; 4369 txpow2 = sc->txpow2[i]; 4370 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4371 4372 if (chan <= 14) { 4373 run_bbp_write(sc, 25, sc->bbp25); 4374 run_bbp_write(sc, 26, sc->bbp26); 4375 } else { 4376 /* Enable IQ phase correction. */ 4377 run_bbp_write(sc, 25, 0x09); 4378 run_bbp_write(sc, 26, 0xff); 4379 } 4380 4381 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4382 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4383 run_rt3070_rf_read(sc, 11, &rf); 4384 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4385 run_rt3070_rf_write(sc, 11, rf); 4386 4387 /* Set pll_idoh. */ 4388 run_rt3070_rf_read(sc, 11, &rf); 4389 rf &= ~0x4c; 4390 rf |= (chan <= 14) ? 0x44 : 0x48; 4391 run_rt3070_rf_write(sc, 11, rf); 4392 4393 if (chan <= 14) 4394 rf = txpow1 & 0x1f; 4395 else 4396 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4397 run_rt3070_rf_write(sc, 53, rf); 4398 4399 if (chan <= 14) 4400 rf = txpow2 & 0x1f; 4401 else 4402 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4403 run_rt3070_rf_write(sc, 55, rf); 4404 4405 if (chan <= 14) 4406 rf = txpow3 & 0x1f; 4407 else 4408 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4409 run_rt3070_rf_write(sc, 54, rf); 4410 4411 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4412 if (sc->ntxchains == 3) 4413 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4414 else 4415 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4416 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4417 run_rt3070_rf_write(sc, 1, rf); 4418 4419 run_adjust_freq_offset(sc); 4420 4421 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4422 4423 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4424 run_rt3070_rf_read(sc, 30, &rf); 4425 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4426 run_rt3070_rf_write(sc, 30, rf); 4427 4428 run_rt3070_rf_read(sc, 36, &rf); 4429 if (chan <= 14) 4430 rf |= 0x80; 4431 else 4432 rf &= ~0x80; 4433 run_rt3070_rf_write(sc, 36, rf); 4434 4435 /* Set vcolo_bs. */ 4436 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4437 /* Set pfd_delay. */ 4438 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4439 4440 /* Set vco bias current control. */ 4441 run_rt3070_rf_read(sc, 6, &rf); 4442 rf &= ~0xc0; 4443 if (chan <= 14) 4444 rf |= 0x40; 4445 else if (chan <= 128) 4446 rf |= 0x80; 4447 else 4448 rf |= 0x40; 4449 run_rt3070_rf_write(sc, 6, rf); 4450 4451 run_rt3070_rf_read(sc, 30, &rf); 4452 rf = (rf & ~0x18) | 0x10; 4453 run_rt3070_rf_write(sc, 30, rf); 4454 4455 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4456 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4457 4458 run_rt3070_rf_read(sc, 51, &rf); 4459 rf = (rf & ~0x03) | 0x01; 4460 run_rt3070_rf_write(sc, 51, rf); 4461 /* Set tx_mx1_cc. */ 4462 run_rt3070_rf_read(sc, 51, &rf); 4463 rf &= ~0x1c; 4464 rf |= (chan <= 14) ? 0x14 : 0x10; 4465 run_rt3070_rf_write(sc, 51, rf); 4466 /* Set tx_mx1_ic. */ 4467 run_rt3070_rf_read(sc, 51, &rf); 4468 rf &= ~0xe0; 4469 rf |= (chan <= 14) ? 0x60 : 0x40; 4470 run_rt3070_rf_write(sc, 51, rf); 4471 /* Set tx_lo1_ic. */ 4472 run_rt3070_rf_read(sc, 49, &rf); 4473 rf &= ~0x1c; 4474 rf |= (chan <= 14) ? 0x0c : 0x08; 4475 run_rt3070_rf_write(sc, 49, rf); 4476 /* Set tx_lo1_en. */ 4477 run_rt3070_rf_read(sc, 50, &rf); 4478 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4479 /* Set drv_cc. */ 4480 run_rt3070_rf_read(sc, 57, &rf); 4481 rf &= ~0xfc; 4482 rf |= (chan <= 14) ? 0x6c : 0x3c; 4483 run_rt3070_rf_write(sc, 57, rf); 4484 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4485 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4486 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4487 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4488 /* Enable VCO calibration. */ 4489 run_rt3070_rf_read(sc, 3, &rf); 4490 rf &= ~RT5390_VCOCAL; 4491 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4492 run_rt3070_rf_write(sc, 3, rf); 4493 4494 if (chan <= 14) 4495 rf = 0x23; 4496 else if (chan <= 64) 4497 rf = 0x36; 4498 else if (chan <= 128) 4499 rf = 0x32; 4500 else 4501 rf = 0x30; 4502 run_rt3070_rf_write(sc, 39, rf); 4503 if (chan <= 14) 4504 rf = 0xbb; 4505 else if (chan <= 64) 4506 rf = 0xeb; 4507 else if (chan <= 128) 4508 rf = 0xb3; 4509 else 4510 rf = 0x9b; 4511 run_rt3070_rf_write(sc, 45, rf); 4512 4513 /* Set FEQ/AEQ control. */ 4514 run_bbp_write(sc, 105, 0x34); 4515 } 4516 4517 static void 4518 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4519 { 4520 int8_t txpow1, txpow2; 4521 uint8_t rf; 4522 int i; 4523 4524 /* find the settings for this channel (we know it exists) */ 4525 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4526 4527 /* use Tx power values from EEPROM */ 4528 txpow1 = sc->txpow1[i]; 4529 txpow2 = sc->txpow2[i]; 4530 4531 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4532 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4533 run_rt3070_rf_read(sc, 11, &rf); 4534 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4535 run_rt3070_rf_write(sc, 11, rf); 4536 4537 run_rt3070_rf_read(sc, 49, &rf); 4538 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4539 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4540 if ((rf & 0x3f) > 0x27) 4541 rf = (rf & ~0x3f) | 0x27; 4542 run_rt3070_rf_write(sc, 49, rf); 4543 4544 if (sc->mac_ver == 0x5392) { 4545 run_rt3070_rf_read(sc, 50, &rf); 4546 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4547 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4548 if ((rf & 0x3f) > 0x27) 4549 rf = (rf & ~0x3f) | 0x27; 4550 run_rt3070_rf_write(sc, 50, rf); 4551 } 4552 4553 run_rt3070_rf_read(sc, 1, &rf); 4554 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4555 if (sc->mac_ver == 0x5392) 4556 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4557 run_rt3070_rf_write(sc, 1, rf); 4558 4559 if (sc->mac_ver != 0x5392) { 4560 run_rt3070_rf_read(sc, 2, &rf); 4561 rf |= 0x80; 4562 run_rt3070_rf_write(sc, 2, rf); 4563 run_delay(sc, 10); 4564 rf &= 0x7f; 4565 run_rt3070_rf_write(sc, 2, rf); 4566 } 4567 4568 run_adjust_freq_offset(sc); 4569 4570 if (sc->mac_ver == 0x5392) { 4571 /* Fix for RT5392C. */ 4572 if (sc->mac_rev >= 0x0223) { 4573 if (chan <= 4) 4574 rf = 0x0f; 4575 else if (chan >= 5 && chan <= 7) 4576 rf = 0x0e; 4577 else 4578 rf = 0x0d; 4579 run_rt3070_rf_write(sc, 23, rf); 4580 4581 if (chan <= 4) 4582 rf = 0x0c; 4583 else if (chan == 5) 4584 rf = 0x0b; 4585 else if (chan >= 6 && chan <= 7) 4586 rf = 0x0a; 4587 else if (chan >= 8 && chan <= 10) 4588 rf = 0x09; 4589 else 4590 rf = 0x08; 4591 run_rt3070_rf_write(sc, 59, rf); 4592 } else { 4593 if (chan <= 11) 4594 rf = 0x0f; 4595 else 4596 rf = 0x0b; 4597 run_rt3070_rf_write(sc, 59, rf); 4598 } 4599 } else { 4600 /* Fix for RT5390F. */ 4601 if (sc->mac_rev >= 0x0502) { 4602 if (chan <= 11) 4603 rf = 0x43; 4604 else 4605 rf = 0x23; 4606 run_rt3070_rf_write(sc, 55, rf); 4607 4608 if (chan <= 11) 4609 rf = 0x0f; 4610 else if (chan == 12) 4611 rf = 0x0d; 4612 else 4613 rf = 0x0b; 4614 run_rt3070_rf_write(sc, 59, rf); 4615 } else { 4616 run_rt3070_rf_write(sc, 55, 0x44); 4617 run_rt3070_rf_write(sc, 59, 0x8f); 4618 } 4619 } 4620 4621 /* Enable VCO calibration. */ 4622 run_rt3070_rf_read(sc, 3, &rf); 4623 rf |= RT5390_VCOCAL; 4624 run_rt3070_rf_write(sc, 3, rf); 4625 } 4626 4627 static void 4628 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4629 { 4630 const struct rt5592_freqs *freqs; 4631 uint32_t tmp; 4632 uint8_t reg, rf, txpow_bound; 4633 int8_t txpow1, txpow2; 4634 int i; 4635 4636 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4637 freqs = (tmp & RT5592_SEL_XTAL) ? 4638 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4639 4640 /* find the settings for this channel (we know it exists) */ 4641 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4642 4643 /* use Tx power values from EEPROM */ 4644 txpow1 = sc->txpow1[i]; 4645 txpow2 = sc->txpow2[i]; 4646 4647 run_read(sc, RT3070_LDO_CFG0, &tmp); 4648 tmp &= ~0x1c000000; 4649 if (chan > 14) 4650 tmp |= 0x14000000; 4651 run_write(sc, RT3070_LDO_CFG0, tmp); 4652 4653 /* N setting. */ 4654 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4655 run_rt3070_rf_read(sc, 9, &rf); 4656 rf &= ~(1 << 4); 4657 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4658 run_rt3070_rf_write(sc, 9, rf); 4659 4660 /* K setting. */ 4661 run_rt3070_rf_read(sc, 9, &rf); 4662 rf &= ~0x0f; 4663 rf |= (freqs->k & 0x0f); 4664 run_rt3070_rf_write(sc, 9, rf); 4665 4666 /* Mode setting. */ 4667 run_rt3070_rf_read(sc, 11, &rf); 4668 rf &= ~0x0c; 4669 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4670 run_rt3070_rf_write(sc, 11, rf); 4671 run_rt3070_rf_read(sc, 9, &rf); 4672 rf &= ~(1 << 7); 4673 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4674 run_rt3070_rf_write(sc, 9, rf); 4675 4676 /* R setting. */ 4677 run_rt3070_rf_read(sc, 11, &rf); 4678 rf &= ~0x03; 4679 rf |= (freqs->r - 0x1); 4680 run_rt3070_rf_write(sc, 11, rf); 4681 4682 if (chan <= 14) { 4683 /* Initialize RF registers for 2GHZ. */ 4684 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4685 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4686 rt5592_2ghz_def_rf[i].val); 4687 } 4688 4689 rf = (chan <= 10) ? 0x07 : 0x06; 4690 run_rt3070_rf_write(sc, 23, rf); 4691 run_rt3070_rf_write(sc, 59, rf); 4692 4693 run_rt3070_rf_write(sc, 55, 0x43); 4694 4695 /* 4696 * RF R49/R50 Tx power ALC code. 4697 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4698 */ 4699 reg = 2; 4700 txpow_bound = 0x27; 4701 } else { 4702 /* Initialize RF registers for 5GHZ. */ 4703 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4704 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4705 rt5592_5ghz_def_rf[i].val); 4706 } 4707 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4708 if (chan >= rt5592_chan_5ghz[i].firstchan && 4709 chan <= rt5592_chan_5ghz[i].lastchan) { 4710 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4711 rt5592_chan_5ghz[i].val); 4712 } 4713 } 4714 4715 /* 4716 * RF R49/R50 Tx power ALC code. 4717 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4718 */ 4719 reg = 3; 4720 txpow_bound = 0x2b; 4721 } 4722 4723 /* RF R49 ch0 Tx power ALC code. */ 4724 run_rt3070_rf_read(sc, 49, &rf); 4725 rf &= ~0xc0; 4726 rf |= (reg << 6); 4727 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4728 if ((rf & 0x3f) > txpow_bound) 4729 rf = (rf & ~0x3f) | txpow_bound; 4730 run_rt3070_rf_write(sc, 49, rf); 4731 4732 /* RF R50 ch1 Tx power ALC code. */ 4733 run_rt3070_rf_read(sc, 50, &rf); 4734 rf &= ~(1 << 7 | 1 << 6); 4735 rf |= (reg << 6); 4736 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4737 if ((rf & 0x3f) > txpow_bound) 4738 rf = (rf & ~0x3f) | txpow_bound; 4739 run_rt3070_rf_write(sc, 50, rf); 4740 4741 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4742 run_rt3070_rf_read(sc, 1, &rf); 4743 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4744 if (sc->ntxchains > 1) 4745 rf |= RT3070_TX1_PD; 4746 if (sc->nrxchains > 1) 4747 rf |= RT3070_RX1_PD; 4748 run_rt3070_rf_write(sc, 1, rf); 4749 4750 run_rt3070_rf_write(sc, 6, 0xe4); 4751 4752 run_rt3070_rf_write(sc, 30, 0x10); 4753 run_rt3070_rf_write(sc, 31, 0x80); 4754 run_rt3070_rf_write(sc, 32, 0x80); 4755 4756 run_adjust_freq_offset(sc); 4757 4758 /* Enable VCO calibration. */ 4759 run_rt3070_rf_read(sc, 3, &rf); 4760 rf |= RT5390_VCOCAL; 4761 run_rt3070_rf_write(sc, 3, rf); 4762 } 4763 4764 static void 4765 run_set_rx_antenna(struct run_softc *sc, int aux) 4766 { 4767 uint32_t tmp; 4768 uint8_t bbp152; 4769 4770 if (aux) { 4771 if (sc->rf_rev == RT5390_RF_5370) { 4772 run_bbp_read(sc, 152, &bbp152); 4773 run_bbp_write(sc, 152, bbp152 & ~0x80); 4774 } else { 4775 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4776 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4777 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4778 } 4779 } else { 4780 if (sc->rf_rev == RT5390_RF_5370) { 4781 run_bbp_read(sc, 152, &bbp152); 4782 run_bbp_write(sc, 152, bbp152 | 0x80); 4783 } else { 4784 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4785 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4786 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4787 } 4788 } 4789 } 4790 4791 static int 4792 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4793 { 4794 struct ieee80211com *ic = &sc->sc_ic; 4795 u_int chan, group; 4796 4797 chan = ieee80211_chan2ieee(ic, c); 4798 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4799 return (EINVAL); 4800 4801 if (sc->mac_ver == 0x5592) 4802 run_rt5592_set_chan(sc, chan); 4803 else if (sc->mac_ver >= 0x5390) 4804 run_rt5390_set_chan(sc, chan); 4805 else if (sc->mac_ver == 0x3593) 4806 run_rt3593_set_chan(sc, chan); 4807 else if (sc->mac_ver == 0x3572) 4808 run_rt3572_set_chan(sc, chan); 4809 else if (sc->mac_ver >= 0x3070) 4810 run_rt3070_set_chan(sc, chan); 4811 else 4812 run_rt2870_set_chan(sc, chan); 4813 4814 /* determine channel group */ 4815 if (chan <= 14) 4816 group = 0; 4817 else if (chan <= 64) 4818 group = 1; 4819 else if (chan <= 128) 4820 group = 2; 4821 else 4822 group = 3; 4823 4824 /* XXX necessary only when group has changed! */ 4825 run_select_chan_group(sc, group); 4826 4827 run_delay(sc, 10); 4828 4829 /* Perform IQ calibration. */ 4830 if (sc->mac_ver >= 0x5392) 4831 run_iq_calib(sc, chan); 4832 4833 return (0); 4834 } 4835 4836 static void 4837 run_set_channel(struct ieee80211com *ic) 4838 { 4839 struct run_softc *sc = ic->ic_softc; 4840 4841 RUN_LOCK(sc); 4842 run_set_chan(sc, ic->ic_curchan); 4843 RUN_UNLOCK(sc); 4844 4845 return; 4846 } 4847 4848 static void 4849 run_getradiocaps(struct ieee80211com *ic, 4850 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4851 { 4852 struct run_softc *sc = ic->ic_softc; 4853 uint8_t bands[IEEE80211_MODE_BYTES]; 4854 4855 memset(bands, 0, sizeof(bands)); 4856 setbit(bands, IEEE80211_MODE_11B); 4857 setbit(bands, IEEE80211_MODE_11G); 4858 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4859 4860 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4861 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4862 sc->rf_rev == RT5592_RF_5592) { 4863 setbit(bands, IEEE80211_MODE_11A); 4864 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4865 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4866 } 4867 } 4868 4869 static void 4870 run_scan_start(struct ieee80211com *ic) 4871 { 4872 struct run_softc *sc = ic->ic_softc; 4873 4874 RUN_LOCK(sc); 4875 4876 /* abort TSF synchronization */ 4877 run_disable_tsf(sc); 4878 run_set_bssid(sc, ieee80211broadcastaddr); 4879 4880 RUN_UNLOCK(sc); 4881 4882 return; 4883 } 4884 4885 static void 4886 run_scan_end(struct ieee80211com *ic) 4887 { 4888 struct run_softc *sc = ic->ic_softc; 4889 4890 RUN_LOCK(sc); 4891 4892 run_enable_tsf_sync(sc); 4893 run_set_bssid(sc, sc->sc_bssid); 4894 4895 RUN_UNLOCK(sc); 4896 4897 return; 4898 } 4899 4900 /* 4901 * Could be called from ieee80211_node_timeout() 4902 * (non-sleepable thread) 4903 */ 4904 static void 4905 run_update_beacon(struct ieee80211vap *vap, int item) 4906 { 4907 struct ieee80211com *ic = vap->iv_ic; 4908 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4909 struct ieee80211_node *ni = vap->iv_bss; 4910 struct run_softc *sc = ic->ic_softc; 4911 struct run_vap *rvp = RUN_VAP(vap); 4912 int mcast = 0; 4913 uint32_t i; 4914 4915 switch (item) { 4916 case IEEE80211_BEACON_ERP: 4917 run_updateslot(ic); 4918 break; 4919 case IEEE80211_BEACON_HTINFO: 4920 run_updateprot(ic); 4921 break; 4922 case IEEE80211_BEACON_TIM: 4923 mcast = 1; /*TODO*/ 4924 break; 4925 default: 4926 break; 4927 } 4928 4929 setbit(bo->bo_flags, item); 4930 if (rvp->beacon_mbuf == NULL) { 4931 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4932 if (rvp->beacon_mbuf == NULL) 4933 return; 4934 } 4935 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4936 4937 i = RUN_CMDQ_GET(&sc->cmdq_store); 4938 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4939 sc->cmdq[i].func = run_update_beacon_cb; 4940 sc->cmdq[i].arg0 = vap; 4941 ieee80211_runtask(ic, &sc->cmdq_task); 4942 4943 return; 4944 } 4945 4946 static void 4947 run_update_beacon_cb(void *arg) 4948 { 4949 struct ieee80211vap *vap = arg; 4950 struct ieee80211_node *ni = vap->iv_bss; 4951 struct run_vap *rvp = RUN_VAP(vap); 4952 struct ieee80211com *ic = vap->iv_ic; 4953 struct run_softc *sc = ic->ic_softc; 4954 struct rt2860_txwi txwi; 4955 struct mbuf *m; 4956 uint16_t txwisize; 4957 uint8_t ridx; 4958 4959 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4960 return; 4961 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4962 return; 4963 4964 /* 4965 * No need to call ieee80211_beacon_update(), run_update_beacon() 4966 * is taking care of appropriate calls. 4967 */ 4968 if (rvp->beacon_mbuf == NULL) { 4969 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4970 if (rvp->beacon_mbuf == NULL) 4971 return; 4972 } 4973 m = rvp->beacon_mbuf; 4974 4975 memset(&txwi, 0, sizeof(txwi)); 4976 txwi.wcid = 0xff; 4977 txwi.len = htole16(m->m_pkthdr.len); 4978 4979 /* send beacons at the lowest available rate */ 4980 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4981 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4982 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4983 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4984 txwi.phy |= htole16(RT2860_PHY_OFDM); 4985 txwi.txop = RT2860_TX_TXOP_HT; 4986 txwi.flags = RT2860_TX_TS; 4987 txwi.xflags = RT2860_TX_NSEQ; 4988 4989 txwisize = (sc->mac_ver == 0x5592) ? 4990 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4991 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4992 txwisize); 4993 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4994 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4995 } 4996 4997 static void 4998 run_updateprot(struct ieee80211com *ic) 4999 { 5000 struct run_softc *sc = ic->ic_softc; 5001 uint32_t i; 5002 5003 i = RUN_CMDQ_GET(&sc->cmdq_store); 5004 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5005 sc->cmdq[i].func = run_updateprot_cb; 5006 sc->cmdq[i].arg0 = ic; 5007 ieee80211_runtask(ic, &sc->cmdq_task); 5008 } 5009 5010 static void 5011 run_updateprot_cb(void *arg) 5012 { 5013 struct ieee80211com *ic = arg; 5014 struct run_softc *sc = ic->ic_softc; 5015 uint32_t tmp; 5016 5017 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5018 /* setup protection frame rate (MCS code) */ 5019 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5020 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5021 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5022 5023 /* CCK frames don't require protection */ 5024 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5025 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5026 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5027 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5028 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5029 tmp |= RT2860_PROT_CTRL_CTS; 5030 } 5031 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5032 } 5033 5034 static void 5035 run_usb_timeout_cb(void *arg) 5036 { 5037 struct ieee80211vap *vap = arg; 5038 struct run_softc *sc = vap->iv_ic->ic_softc; 5039 5040 RUN_LOCK_ASSERT(sc, MA_OWNED); 5041 5042 if(vap->iv_state == IEEE80211_S_RUN && 5043 vap->iv_opmode != IEEE80211_M_STA) 5044 run_reset_livelock(sc); 5045 else if (vap->iv_state == IEEE80211_S_SCAN) { 5046 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5047 "timeout caused by scan\n"); 5048 /* cancel bgscan */ 5049 ieee80211_cancel_scan(vap); 5050 } else 5051 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5052 "timeout by unknown cause\n"); 5053 } 5054 5055 static void 5056 run_reset_livelock(struct run_softc *sc) 5057 { 5058 uint32_t tmp; 5059 5060 RUN_LOCK_ASSERT(sc, MA_OWNED); 5061 5062 /* 5063 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5064 * can run into a livelock and start sending CTS-to-self frames like 5065 * crazy if protection is enabled. Reset MAC/BBP for a while 5066 */ 5067 run_read(sc, RT2860_DEBUG, &tmp); 5068 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5069 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5070 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5071 "CTS-to-self livelock detected\n"); 5072 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5073 run_delay(sc, 1); 5074 run_write(sc, RT2860_MAC_SYS_CTRL, 5075 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5076 } 5077 } 5078 5079 static void 5080 run_update_promisc_locked(struct run_softc *sc) 5081 { 5082 uint32_t tmp; 5083 5084 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5085 5086 tmp |= RT2860_DROP_UC_NOME; 5087 if (sc->sc_ic.ic_promisc > 0) 5088 tmp &= ~RT2860_DROP_UC_NOME; 5089 5090 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5091 5092 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5093 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5094 } 5095 5096 static void 5097 run_update_promisc(struct ieee80211com *ic) 5098 { 5099 struct run_softc *sc = ic->ic_softc; 5100 5101 if ((sc->sc_flags & RUN_RUNNING) == 0) 5102 return; 5103 5104 RUN_LOCK(sc); 5105 run_update_promisc_locked(sc); 5106 RUN_UNLOCK(sc); 5107 } 5108 5109 static void 5110 run_enable_tsf_sync(struct run_softc *sc) 5111 { 5112 struct ieee80211com *ic = &sc->sc_ic; 5113 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5114 uint32_t tmp; 5115 5116 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5117 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5118 5119 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5120 tmp &= ~0x1fffff; 5121 tmp |= vap->iv_bss->ni_intval * 16; 5122 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5123 5124 if (ic->ic_opmode == IEEE80211_M_STA) { 5125 /* 5126 * Local TSF is always updated with remote TSF on beacon 5127 * reception. 5128 */ 5129 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5130 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5131 tmp |= RT2860_BCN_TX_EN; 5132 /* 5133 * Local TSF is updated with remote TSF on beacon reception 5134 * only if the remote TSF is greater than local TSF. 5135 */ 5136 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5137 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5138 ic->ic_opmode == IEEE80211_M_MBSS) { 5139 tmp |= RT2860_BCN_TX_EN; 5140 /* SYNC with nobody */ 5141 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5142 } else { 5143 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5144 "Enabling TSF failed. undefined opmode\n"); 5145 return; 5146 } 5147 5148 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5149 } 5150 5151 static void 5152 run_enable_tsf(struct run_softc *sc) 5153 { 5154 uint32_t tmp; 5155 5156 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5157 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5158 tmp |= RT2860_TSF_TIMER_EN; 5159 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5160 } 5161 } 5162 5163 static void 5164 run_disable_tsf(struct run_softc *sc) 5165 { 5166 uint32_t tmp; 5167 5168 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5169 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5170 RT2860_TBTT_TIMER_EN); 5171 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5172 } 5173 } 5174 5175 static void 5176 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5177 { 5178 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5179 sizeof(*buf)); 5180 } 5181 5182 static void 5183 run_enable_mrr(struct run_softc *sc) 5184 { 5185 #define CCK(mcs) (mcs) 5186 #define OFDM(mcs) (1 << 3 | (mcs)) 5187 run_write(sc, RT2860_LG_FBK_CFG0, 5188 OFDM(6) << 28 | /* 54->48 */ 5189 OFDM(5) << 24 | /* 48->36 */ 5190 OFDM(4) << 20 | /* 36->24 */ 5191 OFDM(3) << 16 | /* 24->18 */ 5192 OFDM(2) << 12 | /* 18->12 */ 5193 OFDM(1) << 8 | /* 12-> 9 */ 5194 OFDM(0) << 4 | /* 9-> 6 */ 5195 OFDM(0)); /* 6-> 6 */ 5196 5197 run_write(sc, RT2860_LG_FBK_CFG1, 5198 CCK(2) << 12 | /* 11->5.5 */ 5199 CCK(1) << 8 | /* 5.5-> 2 */ 5200 CCK(0) << 4 | /* 2-> 1 */ 5201 CCK(0)); /* 1-> 1 */ 5202 #undef OFDM 5203 #undef CCK 5204 } 5205 5206 static void 5207 run_set_txpreamble(struct run_softc *sc) 5208 { 5209 struct ieee80211com *ic = &sc->sc_ic; 5210 uint32_t tmp; 5211 5212 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5213 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5214 tmp |= RT2860_CCK_SHORT_EN; 5215 else 5216 tmp &= ~RT2860_CCK_SHORT_EN; 5217 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5218 } 5219 5220 static void 5221 run_set_basicrates(struct run_softc *sc) 5222 { 5223 struct ieee80211com *ic = &sc->sc_ic; 5224 5225 /* set basic rates mask */ 5226 if (ic->ic_curmode == IEEE80211_MODE_11B) 5227 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5228 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5229 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5230 else /* 11g */ 5231 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5232 } 5233 5234 static void 5235 run_set_leds(struct run_softc *sc, uint16_t which) 5236 { 5237 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5238 which | (sc->leds & 0x7f)); 5239 } 5240 5241 static void 5242 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5243 { 5244 run_write(sc, RT2860_MAC_BSSID_DW0, 5245 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5246 run_write(sc, RT2860_MAC_BSSID_DW1, 5247 bssid[4] | bssid[5] << 8); 5248 } 5249 5250 static void 5251 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5252 { 5253 run_write(sc, RT2860_MAC_ADDR_DW0, 5254 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5255 run_write(sc, RT2860_MAC_ADDR_DW1, 5256 addr[4] | addr[5] << 8 | 0xff << 16); 5257 } 5258 5259 static void 5260 run_updateslot(struct ieee80211com *ic) 5261 { 5262 struct run_softc *sc = ic->ic_softc; 5263 uint32_t i; 5264 5265 i = RUN_CMDQ_GET(&sc->cmdq_store); 5266 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5267 sc->cmdq[i].func = run_updateslot_cb; 5268 sc->cmdq[i].arg0 = ic; 5269 ieee80211_runtask(ic, &sc->cmdq_task); 5270 5271 return; 5272 } 5273 5274 /* ARGSUSED */ 5275 static void 5276 run_updateslot_cb(void *arg) 5277 { 5278 struct ieee80211com *ic = arg; 5279 struct run_softc *sc = ic->ic_softc; 5280 uint32_t tmp; 5281 5282 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5283 tmp &= ~0xff; 5284 tmp |= IEEE80211_GET_SLOTTIME(ic); 5285 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5286 } 5287 5288 static void 5289 run_update_mcast(struct ieee80211com *ic) 5290 { 5291 } 5292 5293 static int8_t 5294 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5295 { 5296 struct ieee80211com *ic = &sc->sc_ic; 5297 struct ieee80211_channel *c = ic->ic_curchan; 5298 int delta; 5299 5300 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5301 u_int chan = ieee80211_chan2ieee(ic, c); 5302 delta = sc->rssi_5ghz[rxchain]; 5303 5304 /* determine channel group */ 5305 if (chan <= 64) 5306 delta -= sc->lna[1]; 5307 else if (chan <= 128) 5308 delta -= sc->lna[2]; 5309 else 5310 delta -= sc->lna[3]; 5311 } else 5312 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5313 5314 return (-12 - delta - rssi); 5315 } 5316 5317 static void 5318 run_rt5390_bbp_init(struct run_softc *sc) 5319 { 5320 u_int i; 5321 uint8_t bbp; 5322 5323 /* Apply maximum likelihood detection for 2 stream case. */ 5324 run_bbp_read(sc, 105, &bbp); 5325 if (sc->nrxchains > 1) 5326 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5327 5328 /* Avoid data lost and CRC error. */ 5329 run_bbp_read(sc, 4, &bbp); 5330 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5331 5332 if (sc->mac_ver == 0x5592) { 5333 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5334 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5335 rt5592_def_bbp[i].val); 5336 } 5337 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5338 run_bbp_write(sc, 195, i + 0x80); 5339 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5340 } 5341 } else { 5342 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5343 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5344 rt5390_def_bbp[i].val); 5345 } 5346 } 5347 if (sc->mac_ver == 0x5392) { 5348 run_bbp_write(sc, 88, 0x90); 5349 run_bbp_write(sc, 95, 0x9a); 5350 run_bbp_write(sc, 98, 0x12); 5351 run_bbp_write(sc, 106, 0x12); 5352 run_bbp_write(sc, 134, 0xd0); 5353 run_bbp_write(sc, 135, 0xf6); 5354 run_bbp_write(sc, 148, 0x84); 5355 } 5356 5357 run_bbp_read(sc, 152, &bbp); 5358 run_bbp_write(sc, 152, bbp | 0x80); 5359 5360 /* Fix BBP254 for RT5592C. */ 5361 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5362 run_bbp_read(sc, 254, &bbp); 5363 run_bbp_write(sc, 254, bbp | 0x80); 5364 } 5365 5366 /* Disable hardware antenna diversity. */ 5367 if (sc->mac_ver == 0x5390) 5368 run_bbp_write(sc, 154, 0); 5369 5370 /* Initialize Rx CCK/OFDM frequency offset report. */ 5371 run_bbp_write(sc, 142, 1); 5372 run_bbp_write(sc, 143, 57); 5373 } 5374 5375 static int 5376 run_bbp_init(struct run_softc *sc) 5377 { 5378 int i, error, ntries; 5379 uint8_t bbp0; 5380 5381 /* wait for BBP to wake up */ 5382 for (ntries = 0; ntries < 20; ntries++) { 5383 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5384 return error; 5385 if (bbp0 != 0 && bbp0 != 0xff) 5386 break; 5387 } 5388 if (ntries == 20) 5389 return (ETIMEDOUT); 5390 5391 /* initialize BBP registers to default values */ 5392 if (sc->mac_ver >= 0x5390) 5393 run_rt5390_bbp_init(sc); 5394 else { 5395 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5396 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5397 rt2860_def_bbp[i].val); 5398 } 5399 } 5400 5401 if (sc->mac_ver == 0x3593) { 5402 run_bbp_write(sc, 79, 0x13); 5403 run_bbp_write(sc, 80, 0x05); 5404 run_bbp_write(sc, 81, 0x33); 5405 run_bbp_write(sc, 86, 0x46); 5406 run_bbp_write(sc, 137, 0x0f); 5407 } 5408 5409 /* fix BBP84 for RT2860E */ 5410 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5411 run_bbp_write(sc, 84, 0x19); 5412 5413 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5414 sc->mac_ver != 0x5592)) { 5415 run_bbp_write(sc, 79, 0x13); 5416 run_bbp_write(sc, 80, 0x05); 5417 run_bbp_write(sc, 81, 0x33); 5418 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5419 run_bbp_write(sc, 69, 0x16); 5420 run_bbp_write(sc, 73, 0x12); 5421 } 5422 return (0); 5423 } 5424 5425 static int 5426 run_rt3070_rf_init(struct run_softc *sc) 5427 { 5428 uint32_t tmp; 5429 uint8_t bbp4, mingain, rf, target; 5430 u_int i; 5431 5432 run_rt3070_rf_read(sc, 30, &rf); 5433 /* toggle RF R30 bit 7 */ 5434 run_rt3070_rf_write(sc, 30, rf | 0x80); 5435 run_delay(sc, 10); 5436 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5437 5438 /* initialize RF registers to default value */ 5439 if (sc->mac_ver == 0x3572) { 5440 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5441 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5442 rt3572_def_rf[i].val); 5443 } 5444 } else { 5445 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5446 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5447 rt3070_def_rf[i].val); 5448 } 5449 } 5450 5451 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5452 /* 5453 * Change voltage from 1.2V to 1.35V for RT3070. 5454 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5455 * in RT3070(F). 5456 */ 5457 run_read(sc, RT3070_LDO_CFG0, &tmp); 5458 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5459 run_write(sc, RT3070_LDO_CFG0, tmp); 5460 5461 } else if (sc->mac_ver == 0x3071) { 5462 run_rt3070_rf_read(sc, 6, &rf); 5463 run_rt3070_rf_write(sc, 6, rf | 0x40); 5464 run_rt3070_rf_write(sc, 31, 0x14); 5465 5466 run_read(sc, RT3070_LDO_CFG0, &tmp); 5467 tmp &= ~0x1f000000; 5468 if (sc->mac_rev < 0x0211) 5469 tmp |= 0x0d000000; /* 1.3V */ 5470 else 5471 tmp |= 0x01000000; /* 1.2V */ 5472 run_write(sc, RT3070_LDO_CFG0, tmp); 5473 5474 /* patch LNA_PE_G1 */ 5475 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5476 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5477 5478 } else if (sc->mac_ver == 0x3572) { 5479 run_rt3070_rf_read(sc, 6, &rf); 5480 run_rt3070_rf_write(sc, 6, rf | 0x40); 5481 5482 /* increase voltage from 1.2V to 1.35V */ 5483 run_read(sc, RT3070_LDO_CFG0, &tmp); 5484 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5485 run_write(sc, RT3070_LDO_CFG0, tmp); 5486 5487 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5488 run_delay(sc, 1); /* wait for 1msec */ 5489 /* decrease voltage back to 1.2V */ 5490 tmp = (tmp & ~0x1f000000) | 0x01000000; 5491 run_write(sc, RT3070_LDO_CFG0, tmp); 5492 } 5493 } 5494 5495 /* select 20MHz bandwidth */ 5496 run_rt3070_rf_read(sc, 31, &rf); 5497 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5498 5499 /* calibrate filter for 20MHz bandwidth */ 5500 sc->rf24_20mhz = 0x1f; /* default value */ 5501 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5502 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5503 5504 /* select 40MHz bandwidth */ 5505 run_bbp_read(sc, 4, &bbp4); 5506 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5507 run_rt3070_rf_read(sc, 31, &rf); 5508 run_rt3070_rf_write(sc, 31, rf | 0x20); 5509 5510 /* calibrate filter for 40MHz bandwidth */ 5511 sc->rf24_40mhz = 0x2f; /* default value */ 5512 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5513 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5514 5515 /* go back to 20MHz bandwidth */ 5516 run_bbp_read(sc, 4, &bbp4); 5517 run_bbp_write(sc, 4, bbp4 & ~0x18); 5518 5519 if (sc->mac_ver == 0x3572) { 5520 /* save default BBP registers 25 and 26 values */ 5521 run_bbp_read(sc, 25, &sc->bbp25); 5522 run_bbp_read(sc, 26, &sc->bbp26); 5523 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5524 run_rt3070_rf_write(sc, 27, 0x03); 5525 5526 run_read(sc, RT3070_OPT_14, &tmp); 5527 run_write(sc, RT3070_OPT_14, tmp | 1); 5528 5529 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5530 run_rt3070_rf_read(sc, 17, &rf); 5531 rf &= ~RT3070_TX_LO1; 5532 if ((sc->mac_ver == 0x3070 || 5533 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5534 !sc->ext_2ghz_lna) 5535 rf |= 0x20; /* fix for long range Rx issue */ 5536 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5537 if (sc->txmixgain_2ghz >= mingain) 5538 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5539 run_rt3070_rf_write(sc, 17, rf); 5540 } 5541 5542 if (sc->mac_ver == 0x3071) { 5543 run_rt3070_rf_read(sc, 1, &rf); 5544 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5545 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5546 run_rt3070_rf_write(sc, 1, rf); 5547 5548 run_rt3070_rf_read(sc, 15, &rf); 5549 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5550 5551 run_rt3070_rf_read(sc, 20, &rf); 5552 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5553 5554 run_rt3070_rf_read(sc, 21, &rf); 5555 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5556 } 5557 5558 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5559 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5560 run_rt3070_rf_read(sc, 27, &rf); 5561 rf &= ~0x77; 5562 if (sc->mac_rev < 0x0211) 5563 rf |= 0x03; 5564 run_rt3070_rf_write(sc, 27, rf); 5565 } 5566 return (0); 5567 } 5568 5569 static void 5570 run_rt3593_rf_init(struct run_softc *sc) 5571 { 5572 uint32_t tmp; 5573 uint8_t rf; 5574 u_int i; 5575 5576 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5577 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5578 tmp &= ~(1 << 4 | 1 << 7); 5579 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5580 5581 /* Initialize RF registers to default value. */ 5582 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5583 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5584 rt3593_def_rf[i].val); 5585 } 5586 5587 /* Toggle RF R2 to initiate calibration. */ 5588 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5589 5590 /* Initialize RF frequency offset. */ 5591 run_adjust_freq_offset(sc); 5592 5593 run_rt3070_rf_read(sc, 18, &rf); 5594 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5595 5596 /* 5597 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5598 * decrease voltage back to 1.2V. 5599 */ 5600 run_read(sc, RT3070_LDO_CFG0, &tmp); 5601 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5602 run_write(sc, RT3070_LDO_CFG0, tmp); 5603 run_delay(sc, 1); 5604 tmp = (tmp & ~0x1f000000) | 0x01000000; 5605 run_write(sc, RT3070_LDO_CFG0, tmp); 5606 5607 sc->rf24_20mhz = 0x1f; 5608 sc->rf24_40mhz = 0x2f; 5609 5610 /* Save default BBP registers 25 and 26 values. */ 5611 run_bbp_read(sc, 25, &sc->bbp25); 5612 run_bbp_read(sc, 26, &sc->bbp26); 5613 5614 run_read(sc, RT3070_OPT_14, &tmp); 5615 run_write(sc, RT3070_OPT_14, tmp | 1); 5616 } 5617 5618 static void 5619 run_rt5390_rf_init(struct run_softc *sc) 5620 { 5621 uint32_t tmp; 5622 uint8_t rf; 5623 u_int i; 5624 5625 /* Toggle RF R2 to initiate calibration. */ 5626 if (sc->mac_ver == 0x5390) { 5627 run_rt3070_rf_read(sc, 2, &rf); 5628 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5629 run_delay(sc, 10); 5630 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5631 } else { 5632 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5633 run_delay(sc, 10); 5634 } 5635 5636 /* Initialize RF registers to default value. */ 5637 if (sc->mac_ver == 0x5592) { 5638 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5639 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5640 rt5592_def_rf[i].val); 5641 } 5642 /* Initialize RF frequency offset. */ 5643 run_adjust_freq_offset(sc); 5644 } else if (sc->mac_ver == 0x5392) { 5645 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5646 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5647 rt5392_def_rf[i].val); 5648 } 5649 if (sc->mac_rev >= 0x0223) { 5650 run_rt3070_rf_write(sc, 23, 0x0f); 5651 run_rt3070_rf_write(sc, 24, 0x3e); 5652 run_rt3070_rf_write(sc, 51, 0x32); 5653 run_rt3070_rf_write(sc, 53, 0x22); 5654 run_rt3070_rf_write(sc, 56, 0xc1); 5655 run_rt3070_rf_write(sc, 59, 0x0f); 5656 } 5657 } else { 5658 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5659 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5660 rt5390_def_rf[i].val); 5661 } 5662 if (sc->mac_rev >= 0x0502) { 5663 run_rt3070_rf_write(sc, 6, 0xe0); 5664 run_rt3070_rf_write(sc, 25, 0x80); 5665 run_rt3070_rf_write(sc, 46, 0x73); 5666 run_rt3070_rf_write(sc, 53, 0x00); 5667 run_rt3070_rf_write(sc, 56, 0x42); 5668 run_rt3070_rf_write(sc, 61, 0xd1); 5669 } 5670 } 5671 5672 sc->rf24_20mhz = 0x1f; /* default value */ 5673 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5674 5675 if (sc->mac_rev < 0x0211) 5676 run_rt3070_rf_write(sc, 27, 0x3); 5677 5678 run_read(sc, RT3070_OPT_14, &tmp); 5679 run_write(sc, RT3070_OPT_14, tmp | 1); 5680 } 5681 5682 static int 5683 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5684 uint8_t *val) 5685 { 5686 uint8_t rf22, rf24; 5687 uint8_t bbp55_pb, bbp55_sb, delta; 5688 int ntries; 5689 5690 /* program filter */ 5691 run_rt3070_rf_read(sc, 24, &rf24); 5692 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5693 run_rt3070_rf_write(sc, 24, rf24); 5694 5695 /* enable baseband loopback mode */ 5696 run_rt3070_rf_read(sc, 22, &rf22); 5697 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5698 5699 /* set power and frequency of passband test tone */ 5700 run_bbp_write(sc, 24, 0x00); 5701 for (ntries = 0; ntries < 100; ntries++) { 5702 /* transmit test tone */ 5703 run_bbp_write(sc, 25, 0x90); 5704 run_delay(sc, 10); 5705 /* read received power */ 5706 run_bbp_read(sc, 55, &bbp55_pb); 5707 if (bbp55_pb != 0) 5708 break; 5709 } 5710 if (ntries == 100) 5711 return (ETIMEDOUT); 5712 5713 /* set power and frequency of stopband test tone */ 5714 run_bbp_write(sc, 24, 0x06); 5715 for (ntries = 0; ntries < 100; ntries++) { 5716 /* transmit test tone */ 5717 run_bbp_write(sc, 25, 0x90); 5718 run_delay(sc, 10); 5719 /* read received power */ 5720 run_bbp_read(sc, 55, &bbp55_sb); 5721 5722 delta = bbp55_pb - bbp55_sb; 5723 if (delta > target) 5724 break; 5725 5726 /* reprogram filter */ 5727 rf24++; 5728 run_rt3070_rf_write(sc, 24, rf24); 5729 } 5730 if (ntries < 100) { 5731 if (rf24 != init) 5732 rf24--; /* backtrack */ 5733 *val = rf24; 5734 run_rt3070_rf_write(sc, 24, rf24); 5735 } 5736 5737 /* restore initial state */ 5738 run_bbp_write(sc, 24, 0x00); 5739 5740 /* disable baseband loopback mode */ 5741 run_rt3070_rf_read(sc, 22, &rf22); 5742 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5743 5744 return (0); 5745 } 5746 5747 static void 5748 run_rt3070_rf_setup(struct run_softc *sc) 5749 { 5750 uint8_t bbp, rf; 5751 int i; 5752 5753 if (sc->mac_ver == 0x3572) { 5754 /* enable DC filter */ 5755 if (sc->mac_rev >= 0x0201) 5756 run_bbp_write(sc, 103, 0xc0); 5757 5758 run_bbp_read(sc, 138, &bbp); 5759 if (sc->ntxchains == 1) 5760 bbp |= 0x20; /* turn off DAC1 */ 5761 if (sc->nrxchains == 1) 5762 bbp &= ~0x02; /* turn off ADC1 */ 5763 run_bbp_write(sc, 138, bbp); 5764 5765 if (sc->mac_rev >= 0x0211) { 5766 /* improve power consumption */ 5767 run_bbp_read(sc, 31, &bbp); 5768 run_bbp_write(sc, 31, bbp & ~0x03); 5769 } 5770 5771 run_rt3070_rf_read(sc, 16, &rf); 5772 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5773 run_rt3070_rf_write(sc, 16, rf); 5774 5775 } else if (sc->mac_ver == 0x3071) { 5776 if (sc->mac_rev >= 0x0211) { 5777 /* enable DC filter */ 5778 run_bbp_write(sc, 103, 0xc0); 5779 5780 /* improve power consumption */ 5781 run_bbp_read(sc, 31, &bbp); 5782 run_bbp_write(sc, 31, bbp & ~0x03); 5783 } 5784 5785 run_bbp_read(sc, 138, &bbp); 5786 if (sc->ntxchains == 1) 5787 bbp |= 0x20; /* turn off DAC1 */ 5788 if (sc->nrxchains == 1) 5789 bbp &= ~0x02; /* turn off ADC1 */ 5790 run_bbp_write(sc, 138, bbp); 5791 5792 run_write(sc, RT2860_TX_SW_CFG1, 0); 5793 if (sc->mac_rev < 0x0211) { 5794 run_write(sc, RT2860_TX_SW_CFG2, 5795 sc->patch_dac ? 0x2c : 0x0f); 5796 } else 5797 run_write(sc, RT2860_TX_SW_CFG2, 0); 5798 5799 } else if (sc->mac_ver == 0x3070) { 5800 if (sc->mac_rev >= 0x0201) { 5801 /* enable DC filter */ 5802 run_bbp_write(sc, 103, 0xc0); 5803 5804 /* improve power consumption */ 5805 run_bbp_read(sc, 31, &bbp); 5806 run_bbp_write(sc, 31, bbp & ~0x03); 5807 } 5808 5809 if (sc->mac_rev < 0x0201) { 5810 run_write(sc, RT2860_TX_SW_CFG1, 0); 5811 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5812 } else 5813 run_write(sc, RT2860_TX_SW_CFG2, 0); 5814 } 5815 5816 /* initialize RF registers from ROM for >=RT3071*/ 5817 if (sc->mac_ver >= 0x3071) { 5818 for (i = 0; i < 10; i++) { 5819 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5820 continue; 5821 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5822 } 5823 } 5824 } 5825 5826 static void 5827 run_rt3593_rf_setup(struct run_softc *sc) 5828 { 5829 uint8_t bbp, rf; 5830 5831 if (sc->mac_rev >= 0x0211) { 5832 /* Enable DC filter. */ 5833 run_bbp_write(sc, 103, 0xc0); 5834 } 5835 run_write(sc, RT2860_TX_SW_CFG1, 0); 5836 if (sc->mac_rev < 0x0211) { 5837 run_write(sc, RT2860_TX_SW_CFG2, 5838 sc->patch_dac ? 0x2c : 0x0f); 5839 } else 5840 run_write(sc, RT2860_TX_SW_CFG2, 0); 5841 5842 run_rt3070_rf_read(sc, 50, &rf); 5843 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5844 5845 run_rt3070_rf_read(sc, 51, &rf); 5846 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5847 ((sc->txmixgain_2ghz & 0x07) << 2); 5848 run_rt3070_rf_write(sc, 51, rf); 5849 5850 run_rt3070_rf_read(sc, 38, &rf); 5851 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5852 5853 run_rt3070_rf_read(sc, 39, &rf); 5854 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5855 5856 run_rt3070_rf_read(sc, 1, &rf); 5857 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5858 5859 run_rt3070_rf_read(sc, 30, &rf); 5860 rf = (rf & ~0x18) | 0x10; 5861 run_rt3070_rf_write(sc, 30, rf); 5862 5863 /* Apply maximum likelihood detection for 2 stream case. */ 5864 run_bbp_read(sc, 105, &bbp); 5865 if (sc->nrxchains > 1) 5866 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5867 5868 /* Avoid data lost and CRC error. */ 5869 run_bbp_read(sc, 4, &bbp); 5870 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5871 5872 run_bbp_write(sc, 92, 0x02); 5873 run_bbp_write(sc, 82, 0x82); 5874 run_bbp_write(sc, 106, 0x05); 5875 run_bbp_write(sc, 104, 0x92); 5876 run_bbp_write(sc, 88, 0x90); 5877 run_bbp_write(sc, 148, 0xc8); 5878 run_bbp_write(sc, 47, 0x48); 5879 run_bbp_write(sc, 120, 0x50); 5880 5881 run_bbp_write(sc, 163, 0x9d); 5882 5883 /* SNR mapping. */ 5884 run_bbp_write(sc, 142, 0x06); 5885 run_bbp_write(sc, 143, 0xa0); 5886 run_bbp_write(sc, 142, 0x07); 5887 run_bbp_write(sc, 143, 0xa1); 5888 run_bbp_write(sc, 142, 0x08); 5889 run_bbp_write(sc, 143, 0xa2); 5890 5891 run_bbp_write(sc, 31, 0x08); 5892 run_bbp_write(sc, 68, 0x0b); 5893 run_bbp_write(sc, 105, 0x04); 5894 } 5895 5896 static void 5897 run_rt5390_rf_setup(struct run_softc *sc) 5898 { 5899 uint8_t bbp, rf; 5900 5901 if (sc->mac_rev >= 0x0211) { 5902 /* Enable DC filter. */ 5903 run_bbp_write(sc, 103, 0xc0); 5904 5905 if (sc->mac_ver != 0x5592) { 5906 /* Improve power consumption. */ 5907 run_bbp_read(sc, 31, &bbp); 5908 run_bbp_write(sc, 31, bbp & ~0x03); 5909 } 5910 } 5911 5912 run_bbp_read(sc, 138, &bbp); 5913 if (sc->ntxchains == 1) 5914 bbp |= 0x20; /* turn off DAC1 */ 5915 if (sc->nrxchains == 1) 5916 bbp &= ~0x02; /* turn off ADC1 */ 5917 run_bbp_write(sc, 138, bbp); 5918 5919 run_rt3070_rf_read(sc, 38, &rf); 5920 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5921 5922 run_rt3070_rf_read(sc, 39, &rf); 5923 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5924 5925 /* Avoid data lost and CRC error. */ 5926 run_bbp_read(sc, 4, &bbp); 5927 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5928 5929 run_rt3070_rf_read(sc, 30, &rf); 5930 rf = (rf & ~0x18) | 0x10; 5931 run_rt3070_rf_write(sc, 30, rf); 5932 5933 if (sc->mac_ver != 0x5592) { 5934 run_write(sc, RT2860_TX_SW_CFG1, 0); 5935 if (sc->mac_rev < 0x0211) { 5936 run_write(sc, RT2860_TX_SW_CFG2, 5937 sc->patch_dac ? 0x2c : 0x0f); 5938 } else 5939 run_write(sc, RT2860_TX_SW_CFG2, 0); 5940 } 5941 } 5942 5943 static int 5944 run_txrx_enable(struct run_softc *sc) 5945 { 5946 struct ieee80211com *ic = &sc->sc_ic; 5947 uint32_t tmp; 5948 int error, ntries; 5949 5950 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5951 for (ntries = 0; ntries < 200; ntries++) { 5952 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5953 return (error); 5954 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5955 break; 5956 run_delay(sc, 50); 5957 } 5958 if (ntries == 200) 5959 return (ETIMEDOUT); 5960 5961 run_delay(sc, 50); 5962 5963 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5964 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5965 5966 /* enable Rx bulk aggregation (set timeout and limit) */ 5967 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5968 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5969 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5970 5971 /* set Rx filter */ 5972 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5973 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5974 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5975 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5976 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5977 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5978 if (ic->ic_opmode == IEEE80211_M_STA) 5979 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5980 } 5981 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5982 5983 run_write(sc, RT2860_MAC_SYS_CTRL, 5984 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5985 5986 return (0); 5987 } 5988 5989 static void 5990 run_adjust_freq_offset(struct run_softc *sc) 5991 { 5992 uint8_t rf, tmp; 5993 5994 run_rt3070_rf_read(sc, 17, &rf); 5995 tmp = rf; 5996 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5997 rf = MIN(rf, 0x5f); 5998 5999 if (tmp != rf) 6000 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6001 } 6002 6003 static void 6004 run_init_locked(struct run_softc *sc) 6005 { 6006 struct ieee80211com *ic = &sc->sc_ic; 6007 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6008 uint32_t tmp; 6009 uint8_t bbp1, bbp3; 6010 int i; 6011 int ridx; 6012 int ntries; 6013 6014 if (ic->ic_nrunning > 1) 6015 return; 6016 6017 run_stop(sc); 6018 6019 if (run_load_microcode(sc) != 0) { 6020 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6021 goto fail; 6022 } 6023 6024 for (ntries = 0; ntries < 100; ntries++) { 6025 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6026 goto fail; 6027 if (tmp != 0 && tmp != 0xffffffff) 6028 break; 6029 run_delay(sc, 10); 6030 } 6031 if (ntries == 100) 6032 goto fail; 6033 6034 for (i = 0; i != RUN_EP_QUEUES; i++) 6035 run_setup_tx_list(sc, &sc->sc_epq[i]); 6036 6037 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6038 6039 for (ntries = 0; ntries < 100; ntries++) { 6040 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6041 goto fail; 6042 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6043 break; 6044 run_delay(sc, 10); 6045 } 6046 if (ntries == 100) { 6047 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6048 goto fail; 6049 } 6050 tmp &= 0xff0; 6051 tmp |= RT2860_TX_WB_DDONE; 6052 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6053 6054 /* turn off PME_OEN to solve high-current issue */ 6055 run_read(sc, RT2860_SYS_CTRL, &tmp); 6056 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6057 6058 run_write(sc, RT2860_MAC_SYS_CTRL, 6059 RT2860_BBP_HRST | RT2860_MAC_SRST); 6060 run_write(sc, RT2860_USB_DMA_CFG, 0); 6061 6062 if (run_reset(sc) != 0) { 6063 device_printf(sc->sc_dev, "could not reset chipset\n"); 6064 goto fail; 6065 } 6066 6067 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6068 6069 /* init Tx power for all Tx rates (from EEPROM) */ 6070 for (ridx = 0; ridx < 5; ridx++) { 6071 if (sc->txpow20mhz[ridx] == 0xffffffff) 6072 continue; 6073 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6074 } 6075 6076 for (i = 0; i < nitems(rt2870_def_mac); i++) 6077 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6078 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6079 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6080 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6081 6082 if (sc->mac_ver >= 0x5390) { 6083 run_write(sc, RT2860_TX_SW_CFG0, 6084 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6085 if (sc->mac_ver >= 0x5392) { 6086 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6087 if (sc->mac_ver == 0x5592) { 6088 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6089 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6090 } else { 6091 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6092 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6093 } 6094 } 6095 } else if (sc->mac_ver == 0x3593) { 6096 run_write(sc, RT2860_TX_SW_CFG0, 6097 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6098 } else if (sc->mac_ver >= 0x3070) { 6099 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6100 run_write(sc, RT2860_TX_SW_CFG0, 6101 4 << RT2860_DLY_PAPE_EN_SHIFT); 6102 } 6103 6104 /* wait while MAC is busy */ 6105 for (ntries = 0; ntries < 100; ntries++) { 6106 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6107 goto fail; 6108 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6109 break; 6110 run_delay(sc, 10); 6111 } 6112 if (ntries == 100) 6113 goto fail; 6114 6115 /* clear Host to MCU mailbox */ 6116 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6117 run_write(sc, RT2860_H2M_MAILBOX, 0); 6118 run_delay(sc, 10); 6119 6120 if (run_bbp_init(sc) != 0) { 6121 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6122 goto fail; 6123 } 6124 6125 /* abort TSF synchronization */ 6126 run_disable_tsf(sc); 6127 6128 /* clear RX WCID search table */ 6129 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6130 /* clear WCID attribute table */ 6131 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6132 6133 /* hostapd sets a key before init. So, don't clear it. */ 6134 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6135 /* clear shared key table */ 6136 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6137 /* clear shared key mode */ 6138 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6139 } 6140 6141 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6142 tmp = (tmp & ~0xff) | 0x1e; 6143 run_write(sc, RT2860_US_CYC_CNT, tmp); 6144 6145 if (sc->mac_rev != 0x0101) 6146 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6147 6148 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6149 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6150 6151 /* write vendor-specific BBP values (from EEPROM) */ 6152 if (sc->mac_ver < 0x3593) { 6153 for (i = 0; i < 10; i++) { 6154 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6155 continue; 6156 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6157 } 6158 } 6159 6160 /* select Main antenna for 1T1R devices */ 6161 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6162 run_set_rx_antenna(sc, 0); 6163 6164 /* send LEDs operating mode to microcontroller */ 6165 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6166 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6167 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6168 6169 if (sc->mac_ver >= 0x5390) 6170 run_rt5390_rf_init(sc); 6171 else if (sc->mac_ver == 0x3593) 6172 run_rt3593_rf_init(sc); 6173 else if (sc->mac_ver >= 0x3070) 6174 run_rt3070_rf_init(sc); 6175 6176 /* disable non-existing Rx chains */ 6177 run_bbp_read(sc, 3, &bbp3); 6178 bbp3 &= ~(1 << 3 | 1 << 4); 6179 if (sc->nrxchains == 2) 6180 bbp3 |= 1 << 3; 6181 else if (sc->nrxchains == 3) 6182 bbp3 |= 1 << 4; 6183 run_bbp_write(sc, 3, bbp3); 6184 6185 /* disable non-existing Tx chains */ 6186 run_bbp_read(sc, 1, &bbp1); 6187 if (sc->ntxchains == 1) 6188 bbp1 &= ~(1 << 3 | 1 << 4); 6189 run_bbp_write(sc, 1, bbp1); 6190 6191 if (sc->mac_ver >= 0x5390) 6192 run_rt5390_rf_setup(sc); 6193 else if (sc->mac_ver == 0x3593) 6194 run_rt3593_rf_setup(sc); 6195 else if (sc->mac_ver >= 0x3070) 6196 run_rt3070_rf_setup(sc); 6197 6198 /* select default channel */ 6199 run_set_chan(sc, ic->ic_curchan); 6200 6201 /* setup initial protection mode */ 6202 run_updateprot_cb(ic); 6203 6204 /* turn radio LED on */ 6205 run_set_leds(sc, RT2860_LED_RADIO); 6206 6207 sc->sc_flags |= RUN_RUNNING; 6208 sc->cmdq_run = RUN_CMDQ_GO; 6209 6210 for (i = 0; i != RUN_N_XFER; i++) 6211 usbd_xfer_set_stall(sc->sc_xfer[i]); 6212 6213 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6214 6215 if (run_txrx_enable(sc) != 0) 6216 goto fail; 6217 6218 return; 6219 6220 fail: 6221 run_stop(sc); 6222 } 6223 6224 static void 6225 run_stop(void *arg) 6226 { 6227 struct run_softc *sc = (struct run_softc *)arg; 6228 uint32_t tmp; 6229 int i; 6230 int ntries; 6231 6232 RUN_LOCK_ASSERT(sc, MA_OWNED); 6233 6234 if (sc->sc_flags & RUN_RUNNING) 6235 run_set_leds(sc, 0); /* turn all LEDs off */ 6236 6237 sc->sc_flags &= ~RUN_RUNNING; 6238 6239 sc->ratectl_run = RUN_RATECTL_OFF; 6240 sc->cmdq_run = sc->cmdq_key_set; 6241 6242 RUN_UNLOCK(sc); 6243 6244 for(i = 0; i < RUN_N_XFER; i++) 6245 usbd_transfer_drain(sc->sc_xfer[i]); 6246 6247 RUN_LOCK(sc); 6248 6249 run_drain_mbufq(sc); 6250 6251 if (sc->rx_m != NULL) { 6252 m_free(sc->rx_m); 6253 sc->rx_m = NULL; 6254 } 6255 6256 /* Disable Tx/Rx DMA. */ 6257 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6258 return; 6259 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6260 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6261 6262 for (ntries = 0; ntries < 100; ntries++) { 6263 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6264 return; 6265 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6266 break; 6267 run_delay(sc, 10); 6268 } 6269 if (ntries == 100) { 6270 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6271 return; 6272 } 6273 6274 /* disable Tx/Rx */ 6275 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6276 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6277 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6278 6279 /* wait for pending Tx to complete */ 6280 for (ntries = 0; ntries < 100; ntries++) { 6281 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6282 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6283 "Cannot read Tx queue count\n"); 6284 break; 6285 } 6286 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6287 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6288 "All Tx cleared\n"); 6289 break; 6290 } 6291 run_delay(sc, 10); 6292 } 6293 if (ntries >= 100) 6294 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6295 "There are still pending Tx\n"); 6296 run_delay(sc, 10); 6297 run_write(sc, RT2860_USB_DMA_CFG, 0); 6298 6299 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6300 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6301 6302 for (i = 0; i != RUN_EP_QUEUES; i++) 6303 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6304 } 6305 6306 static void 6307 run_delay(struct run_softc *sc, u_int ms) 6308 { 6309 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6310 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6311 } 6312 6313 static device_method_t run_methods[] = { 6314 /* Device interface */ 6315 DEVMETHOD(device_probe, run_match), 6316 DEVMETHOD(device_attach, run_attach), 6317 DEVMETHOD(device_detach, run_detach), 6318 DEVMETHOD_END 6319 }; 6320 6321 static driver_t run_driver = { 6322 .name = "run", 6323 .methods = run_methods, 6324 .size = sizeof(struct run_softc) 6325 }; 6326 6327 static devclass_t run_devclass; 6328 6329 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6330 MODULE_DEPEND(run, wlan, 1, 1, 1); 6331 MODULE_DEPEND(run, usb, 1, 1, 1); 6332 MODULE_DEPEND(run, firmware, 1, 1, 1); 6333 MODULE_VERSION(run, 1); 6334 USB_PNP_HOST_INFO(run_devs); 6335