1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/lock.h> 34 #include <sys/mutex.h> 35 #include <sys/mbuf.h> 36 #include <sys/kernel.h> 37 #include <sys/socket.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/module.h> 41 #include <sys/bus.h> 42 #include <sys/endian.h> 43 #include <sys/linker.h> 44 #include <sys/firmware.h> 45 #include <sys/kdb.h> 46 47 #include <machine/bus.h> 48 #include <machine/resource.h> 49 #include <sys/rman.h> 50 51 #include <net/bpf.h> 52 #include <net/if.h> 53 #include <net/if_var.h> 54 #include <net/if_arp.h> 55 #include <net/ethernet.h> 56 #include <net/if_dl.h> 57 #include <net/if_media.h> 58 #include <net/if_types.h> 59 60 #include <netinet/in.h> 61 #include <netinet/in_systm.h> 62 #include <netinet/in_var.h> 63 #include <netinet/if_ether.h> 64 #include <netinet/ip.h> 65 66 #include <net80211/ieee80211_var.h> 67 #include <net80211/ieee80211_regdomain.h> 68 #include <net80211/ieee80211_radiotap.h> 69 #include <net80211/ieee80211_ratectl.h> 70 71 #include <dev/usb/usb.h> 72 #include <dev/usb/usbdi.h> 73 #include "usbdevs.h" 74 75 #define USB_DEBUG_VAR run_debug 76 #include <dev/usb/usb_debug.h> 77 #include <dev/usb/usb_msctest.h> 78 79 #include <dev/usb/wlan/if_runreg.h> 80 #include <dev/usb/wlan/if_runvar.h> 81 82 #ifdef USB_DEBUG 83 #define RUN_DEBUG 84 #endif 85 86 #ifdef RUN_DEBUG 87 int run_debug = 0; 88 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 89 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 90 "run debug level"); 91 92 enum { 93 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 94 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 95 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 96 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 97 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 98 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 99 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 100 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 101 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 102 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 103 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 104 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 105 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 106 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 107 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 108 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 109 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 110 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 111 RUN_DEBUG_ANY = 0xffffffff 112 }; 113 114 #define RUN_DPRINTF(_sc, _m, ...) do { \ 115 if (run_debug & (_m)) \ 116 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 117 } while(0) 118 #else 119 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 120 #endif 121 122 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 123 124 /* 125 * Because of LOR in run_key_delete(), use atomic instead. 126 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 127 */ 128 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 129 130 static const STRUCT_USB_HOST_ID run_devs[] = { 131 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 132 #define RUN_DEV_EJECT(v,p) \ 133 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 134 #define RUN_EJECT 1 135 RUN_DEV(ABOCOM, RT2770), 136 RUN_DEV(ABOCOM, RT2870), 137 RUN_DEV(ABOCOM, RT3070), 138 RUN_DEV(ABOCOM, RT3071), 139 RUN_DEV(ABOCOM, RT3072), 140 RUN_DEV(ABOCOM2, RT2870_1), 141 RUN_DEV(ACCTON, RT2770), 142 RUN_DEV(ACCTON, RT2870_1), 143 RUN_DEV(ACCTON, RT2870_2), 144 RUN_DEV(ACCTON, RT2870_3), 145 RUN_DEV(ACCTON, RT2870_4), 146 RUN_DEV(ACCTON, RT2870_5), 147 RUN_DEV(ACCTON, RT3070), 148 RUN_DEV(ACCTON, RT3070_1), 149 RUN_DEV(ACCTON, RT3070_2), 150 RUN_DEV(ACCTON, RT3070_3), 151 RUN_DEV(ACCTON, RT3070_4), 152 RUN_DEV(ACCTON, RT3070_5), 153 RUN_DEV(AIRTIES, RT3070), 154 RUN_DEV(ALLWIN, RT2070), 155 RUN_DEV(ALLWIN, RT2770), 156 RUN_DEV(ALLWIN, RT2870), 157 RUN_DEV(ALLWIN, RT3070), 158 RUN_DEV(ALLWIN, RT3071), 159 RUN_DEV(ALLWIN, RT3072), 160 RUN_DEV(ALLWIN, RT3572), 161 RUN_DEV(AMIGO, RT2870_1), 162 RUN_DEV(AMIGO, RT2870_2), 163 RUN_DEV(AMIT, CGWLUSB2GNR), 164 RUN_DEV(AMIT, RT2870_1), 165 RUN_DEV(AMIT2, RT2870), 166 RUN_DEV(ASUS, RT2870_1), 167 RUN_DEV(ASUS, RT2870_2), 168 RUN_DEV(ASUS, RT2870_3), 169 RUN_DEV(ASUS, RT2870_4), 170 RUN_DEV(ASUS, RT2870_5), 171 RUN_DEV(ASUS, USBN13), 172 RUN_DEV(ASUS, RT3070_1), 173 RUN_DEV(ASUS, USBN66), 174 RUN_DEV(ASUS, USB_N53), 175 RUN_DEV(ASUS2, USBN11), 176 RUN_DEV(AZUREWAVE, RT2870_1), 177 RUN_DEV(AZUREWAVE, RT2870_2), 178 RUN_DEV(AZUREWAVE, RT3070_1), 179 RUN_DEV(AZUREWAVE, RT3070_2), 180 RUN_DEV(AZUREWAVE, RT3070_3), 181 RUN_DEV(BELKIN, F9L1103), 182 RUN_DEV(BELKIN, F5D8053V3), 183 RUN_DEV(BELKIN, F5D8055), 184 RUN_DEV(BELKIN, F5D8055V2), 185 RUN_DEV(BELKIN, F6D4050V1), 186 RUN_DEV(BELKIN, F6D4050V2), 187 RUN_DEV(BELKIN, RT2870_1), 188 RUN_DEV(BELKIN, RT2870_2), 189 RUN_DEV(CISCOLINKSYS, AE1000), 190 RUN_DEV(CISCOLINKSYS2, RT3070), 191 RUN_DEV(CISCOLINKSYS3, RT3070), 192 RUN_DEV(CONCEPTRONIC2, RT2870_1), 193 RUN_DEV(CONCEPTRONIC2, RT2870_2), 194 RUN_DEV(CONCEPTRONIC2, RT2870_3), 195 RUN_DEV(CONCEPTRONIC2, RT2870_4), 196 RUN_DEV(CONCEPTRONIC2, RT2870_5), 197 RUN_DEV(CONCEPTRONIC2, RT2870_6), 198 RUN_DEV(CONCEPTRONIC2, RT2870_7), 199 RUN_DEV(CONCEPTRONIC2, RT2870_8), 200 RUN_DEV(CONCEPTRONIC2, RT3070_1), 201 RUN_DEV(CONCEPTRONIC2, RT3070_2), 202 RUN_DEV(CONCEPTRONIC2, VIGORN61), 203 RUN_DEV(COREGA, CGWLUSB300GNM), 204 RUN_DEV(COREGA, RT2870_1), 205 RUN_DEV(COREGA, RT2870_2), 206 RUN_DEV(COREGA, RT2870_3), 207 RUN_DEV(COREGA, RT3070), 208 RUN_DEV(CYBERTAN, RT2870), 209 RUN_DEV(DLINK, RT2870), 210 RUN_DEV(DLINK, RT3072), 211 RUN_DEV(DLINK, DWA127), 212 RUN_DEV(DLINK, DWA140B3), 213 RUN_DEV(DLINK, DWA160B2), 214 RUN_DEV(DLINK, DWA140D1), 215 RUN_DEV(DLINK, DWA162), 216 RUN_DEV(DLINK2, DWA130), 217 RUN_DEV(DLINK2, RT2870_1), 218 RUN_DEV(DLINK2, RT2870_2), 219 RUN_DEV(DLINK2, RT3070_1), 220 RUN_DEV(DLINK2, RT3070_2), 221 RUN_DEV(DLINK2, RT3070_3), 222 RUN_DEV(DLINK2, RT3070_4), 223 RUN_DEV(DLINK2, RT3070_5), 224 RUN_DEV(DLINK2, RT3072), 225 RUN_DEV(DLINK2, RT3072_1), 226 RUN_DEV(EDIMAX, EW7717), 227 RUN_DEV(EDIMAX, EW7718), 228 RUN_DEV(EDIMAX, EW7733UND), 229 RUN_DEV(EDIMAX, RT2870_1), 230 RUN_DEV(ENCORE, RT3070_1), 231 RUN_DEV(ENCORE, RT3070_2), 232 RUN_DEV(ENCORE, RT3070_3), 233 RUN_DEV(GIGABYTE, GNWB31N), 234 RUN_DEV(GIGABYTE, GNWB32L), 235 RUN_DEV(GIGABYTE, RT2870_1), 236 RUN_DEV(GIGASET, RT3070_1), 237 RUN_DEV(GIGASET, RT3070_2), 238 RUN_DEV(GUILLEMOT, HWNU300), 239 RUN_DEV(HAWKING, HWUN2), 240 RUN_DEV(HAWKING, RT2870_1), 241 RUN_DEV(HAWKING, RT2870_2), 242 RUN_DEV(HAWKING, RT3070), 243 RUN_DEV(IODATA, RT3072_1), 244 RUN_DEV(IODATA, RT3072_2), 245 RUN_DEV(IODATA, RT3072_3), 246 RUN_DEV(IODATA, RT3072_4), 247 RUN_DEV(LINKSYS4, RT3070), 248 RUN_DEV(LINKSYS4, WUSB100), 249 RUN_DEV(LINKSYS4, WUSB54GCV3), 250 RUN_DEV(LINKSYS4, WUSB600N), 251 RUN_DEV(LINKSYS4, WUSB600NV2), 252 RUN_DEV(LOGITEC, RT2870_1), 253 RUN_DEV(LOGITEC, RT2870_2), 254 RUN_DEV(LOGITEC, RT2870_3), 255 RUN_DEV(LOGITEC, LANW300NU2), 256 RUN_DEV(LOGITEC, LANW150NU2), 257 RUN_DEV(LOGITEC, LANW300NU2S), 258 RUN_DEV(MELCO, WLIUCG300HP), 259 RUN_DEV(MELCO, RT2870_2), 260 RUN_DEV(MELCO, WLIUCAG300N), 261 RUN_DEV(MELCO, WLIUCG300N), 262 RUN_DEV(MELCO, WLIUCG301N), 263 RUN_DEV(MELCO, WLIUCGN), 264 RUN_DEV(MELCO, WLIUCGNM), 265 RUN_DEV(MELCO, WLIUCG300HPV1), 266 RUN_DEV(MELCO, WLIUCGNM2), 267 RUN_DEV(MOTOROLA4, RT2770), 268 RUN_DEV(MOTOROLA4, RT3070), 269 RUN_DEV(MSI, RT3070_1), 270 RUN_DEV(MSI, RT3070_2), 271 RUN_DEV(MSI, RT3070_3), 272 RUN_DEV(MSI, RT3070_4), 273 RUN_DEV(MSI, RT3070_5), 274 RUN_DEV(MSI, RT3070_6), 275 RUN_DEV(MSI, RT3070_7), 276 RUN_DEV(MSI, RT3070_8), 277 RUN_DEV(MSI, RT3070_9), 278 RUN_DEV(MSI, RT3070_10), 279 RUN_DEV(MSI, RT3070_11), 280 RUN_DEV(NETGEAR, WNDA4100), 281 RUN_DEV(OVISLINK, RT3072), 282 RUN_DEV(PARA, RT3070), 283 RUN_DEV(PEGATRON, RT2870), 284 RUN_DEV(PEGATRON, RT3070), 285 RUN_DEV(PEGATRON, RT3070_2), 286 RUN_DEV(PEGATRON, RT3070_3), 287 RUN_DEV(PHILIPS, RT2870), 288 RUN_DEV(PLANEX2, GWUS300MINIS), 289 RUN_DEV(PLANEX2, GWUSMICRON), 290 RUN_DEV(PLANEX2, RT2870), 291 RUN_DEV(PLANEX2, RT3070), 292 RUN_DEV(QCOM, RT2870), 293 RUN_DEV(QUANTA, RT3070), 294 RUN_DEV(RALINK, RT2070), 295 RUN_DEV(RALINK, RT2770), 296 RUN_DEV(RALINK, RT2870), 297 RUN_DEV(RALINK, RT3070), 298 RUN_DEV(RALINK, RT3071), 299 RUN_DEV(RALINK, RT3072), 300 RUN_DEV(RALINK, RT3370), 301 RUN_DEV(RALINK, RT3572), 302 RUN_DEV(RALINK, RT3573), 303 RUN_DEV(RALINK, RT5370), 304 RUN_DEV(RALINK, RT5372), 305 RUN_DEV(RALINK, RT5572), 306 RUN_DEV(RALINK, RT8070), 307 RUN_DEV(SAMSUNG, WIS09ABGN), 308 RUN_DEV(SAMSUNG2, RT2870_1), 309 RUN_DEV(SENAO, RT2870_1), 310 RUN_DEV(SENAO, RT2870_2), 311 RUN_DEV(SENAO, RT2870_3), 312 RUN_DEV(SENAO, RT2870_4), 313 RUN_DEV(SENAO, RT3070), 314 RUN_DEV(SENAO, RT3071), 315 RUN_DEV(SENAO, RT3072_1), 316 RUN_DEV(SENAO, RT3072_2), 317 RUN_DEV(SENAO, RT3072_3), 318 RUN_DEV(SENAO, RT3072_4), 319 RUN_DEV(SENAO, RT3072_5), 320 RUN_DEV(SITECOMEU, RT2770), 321 RUN_DEV(SITECOMEU, RT2870_1), 322 RUN_DEV(SITECOMEU, RT2870_2), 323 RUN_DEV(SITECOMEU, RT2870_3), 324 RUN_DEV(SITECOMEU, RT2870_4), 325 RUN_DEV(SITECOMEU, RT3070), 326 RUN_DEV(SITECOMEU, RT3070_2), 327 RUN_DEV(SITECOMEU, RT3070_3), 328 RUN_DEV(SITECOMEU, RT3070_4), 329 RUN_DEV(SITECOMEU, RT3071), 330 RUN_DEV(SITECOMEU, RT3072_1), 331 RUN_DEV(SITECOMEU, RT3072_2), 332 RUN_DEV(SITECOMEU, RT3072_3), 333 RUN_DEV(SITECOMEU, RT3072_4), 334 RUN_DEV(SITECOMEU, RT3072_5), 335 RUN_DEV(SITECOMEU, RT3072_6), 336 RUN_DEV(SITECOMEU, WL608), 337 RUN_DEV(SPARKLAN, RT2870_1), 338 RUN_DEV(SPARKLAN, RT3070), 339 RUN_DEV(SWEEX2, LW153), 340 RUN_DEV(SWEEX2, LW303), 341 RUN_DEV(SWEEX2, LW313), 342 RUN_DEV(TOSHIBA, RT3070), 343 RUN_DEV(UMEDIA, RT2870_1), 344 RUN_DEV(ZCOM, RT2870_1), 345 RUN_DEV(ZCOM, RT2870_2), 346 RUN_DEV(ZINWELL, RT2870_1), 347 RUN_DEV(ZINWELL, RT2870_2), 348 RUN_DEV(ZINWELL, RT3070), 349 RUN_DEV(ZINWELL, RT3072_1), 350 RUN_DEV(ZINWELL, RT3072_2), 351 RUN_DEV(ZYXEL, RT2870_1), 352 RUN_DEV(ZYXEL, RT2870_2), 353 RUN_DEV(ZYXEL, RT3070), 354 RUN_DEV_EJECT(ZYXEL, NWD2705), 355 RUN_DEV_EJECT(RALINK, RT_STOR), 356 #undef RUN_DEV_EJECT 357 #undef RUN_DEV 358 }; 359 360 static device_probe_t run_match; 361 static device_attach_t run_attach; 362 static device_detach_t run_detach; 363 364 static usb_callback_t run_bulk_rx_callback; 365 static usb_callback_t run_bulk_tx_callback0; 366 static usb_callback_t run_bulk_tx_callback1; 367 static usb_callback_t run_bulk_tx_callback2; 368 static usb_callback_t run_bulk_tx_callback3; 369 static usb_callback_t run_bulk_tx_callback4; 370 static usb_callback_t run_bulk_tx_callback5; 371 372 static void run_autoinst(void *, struct usb_device *, 373 struct usb_attach_arg *); 374 static int run_driver_loaded(struct module *, int, void *); 375 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 376 usb_error_t error, u_int index); 377 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 378 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 379 const uint8_t [IEEE80211_ADDR_LEN], 380 const uint8_t [IEEE80211_ADDR_LEN]); 381 static void run_vap_delete(struct ieee80211vap *); 382 static void run_cmdq_cb(void *, int); 383 static void run_setup_tx_list(struct run_softc *, 384 struct run_endpoint_queue *); 385 static void run_unsetup_tx_list(struct run_softc *, 386 struct run_endpoint_queue *); 387 static int run_load_microcode(struct run_softc *); 388 static int run_reset(struct run_softc *); 389 static usb_error_t run_do_request(struct run_softc *, 390 struct usb_device_request *, void *); 391 static int run_read(struct run_softc *, uint16_t, uint32_t *); 392 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 393 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 394 static int run_write(struct run_softc *, uint16_t, uint32_t); 395 static int run_write_region_1(struct run_softc *, uint16_t, 396 const uint8_t *, int); 397 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 398 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 399 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 400 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 401 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 402 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 403 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 404 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 405 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 406 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 407 static const char *run_get_rf(uint16_t); 408 static void run_rt3593_get_txpower(struct run_softc *); 409 static void run_get_txpower(struct run_softc *); 410 static int run_read_eeprom(struct run_softc *); 411 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 412 const uint8_t mac[IEEE80211_ADDR_LEN]); 413 static int run_media_change(struct ifnet *); 414 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 415 static int run_wme_update(struct ieee80211com *); 416 static void run_key_set_cb(void *); 417 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 418 static void run_key_delete_cb(void *); 419 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 420 static void run_ratectl_to(void *); 421 static void run_ratectl_cb(void *, int); 422 static void run_drain_fifo(void *); 423 static void run_iter_func(void *, struct ieee80211_node *); 424 static void run_newassoc_cb(void *); 425 static void run_newassoc(struct ieee80211_node *, int); 426 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 427 const struct ieee80211_rx_stats *, int, int); 428 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 429 static void run_tx_free(struct run_endpoint_queue *pq, 430 struct run_tx_data *, int); 431 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 432 static int run_tx(struct run_softc *, struct mbuf *, 433 struct ieee80211_node *); 434 static int run_tx_mgt(struct run_softc *, struct mbuf *, 435 struct ieee80211_node *); 436 static int run_sendprot(struct run_softc *, const struct mbuf *, 437 struct ieee80211_node *, int, int); 438 static int run_tx_param(struct run_softc *, struct mbuf *, 439 struct ieee80211_node *, 440 const struct ieee80211_bpf_params *); 441 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 442 const struct ieee80211_bpf_params *); 443 static int run_transmit(struct ieee80211com *, struct mbuf *); 444 static void run_start(struct run_softc *); 445 static void run_parent(struct ieee80211com *); 446 static void run_iq_calib(struct run_softc *, u_int); 447 static void run_set_agc(struct run_softc *, uint8_t); 448 static void run_select_chan_group(struct run_softc *, int); 449 static void run_set_rx_antenna(struct run_softc *, int); 450 static void run_rt2870_set_chan(struct run_softc *, u_int); 451 static void run_rt3070_set_chan(struct run_softc *, u_int); 452 static void run_rt3572_set_chan(struct run_softc *, u_int); 453 static void run_rt3593_set_chan(struct run_softc *, u_int); 454 static void run_rt5390_set_chan(struct run_softc *, u_int); 455 static void run_rt5592_set_chan(struct run_softc *, u_int); 456 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 457 static void run_set_channel(struct ieee80211com *); 458 static void run_getradiocaps(struct ieee80211com *, int, int *, 459 struct ieee80211_channel[]); 460 static void run_scan_start(struct ieee80211com *); 461 static void run_scan_end(struct ieee80211com *); 462 static void run_update_beacon(struct ieee80211vap *, int); 463 static void run_update_beacon_cb(void *); 464 static void run_updateprot(struct ieee80211com *); 465 static void run_updateprot_cb(void *); 466 static void run_usb_timeout_cb(void *); 467 static void run_reset_livelock(struct run_softc *); 468 static void run_enable_tsf_sync(struct run_softc *); 469 static void run_enable_tsf(struct run_softc *); 470 static void run_get_tsf(struct run_softc *, uint64_t *); 471 static void run_enable_mrr(struct run_softc *); 472 static void run_set_txpreamble(struct run_softc *); 473 static void run_set_basicrates(struct run_softc *); 474 static void run_set_leds(struct run_softc *, uint16_t); 475 static void run_set_bssid(struct run_softc *, const uint8_t *); 476 static void run_set_macaddr(struct run_softc *, const uint8_t *); 477 static void run_updateslot(struct ieee80211com *); 478 static void run_updateslot_cb(void *); 479 static void run_update_mcast(struct ieee80211com *); 480 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 481 static void run_update_promisc_locked(struct run_softc *); 482 static void run_update_promisc(struct ieee80211com *); 483 static void run_rt5390_bbp_init(struct run_softc *); 484 static int run_bbp_init(struct run_softc *); 485 static int run_rt3070_rf_init(struct run_softc *); 486 static void run_rt3593_rf_init(struct run_softc *); 487 static void run_rt5390_rf_init(struct run_softc *); 488 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 489 uint8_t *); 490 static void run_rt3070_rf_setup(struct run_softc *); 491 static void run_rt3593_rf_setup(struct run_softc *); 492 static void run_rt5390_rf_setup(struct run_softc *); 493 static int run_txrx_enable(struct run_softc *); 494 static void run_adjust_freq_offset(struct run_softc *); 495 static void run_init_locked(struct run_softc *); 496 static void run_stop(void *); 497 static void run_delay(struct run_softc *, u_int); 498 499 static eventhandler_tag run_etag; 500 501 static const struct rt2860_rate { 502 uint8_t rate; 503 uint8_t mcs; 504 enum ieee80211_phytype phy; 505 uint8_t ctl_ridx; 506 uint16_t sp_ack_dur; 507 uint16_t lp_ack_dur; 508 } rt2860_rates[] = { 509 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 510 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 511 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 512 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 513 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 514 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 515 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 516 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 517 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 518 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 519 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 520 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 521 }; 522 523 static const struct { 524 uint16_t reg; 525 uint32_t val; 526 } rt2870_def_mac[] = { 527 RT2870_DEF_MAC 528 }; 529 530 static const struct { 531 uint8_t reg; 532 uint8_t val; 533 } rt2860_def_bbp[] = { 534 RT2860_DEF_BBP 535 },rt5390_def_bbp[] = { 536 RT5390_DEF_BBP 537 },rt5592_def_bbp[] = { 538 RT5592_DEF_BBP 539 }; 540 541 /* 542 * Default values for BBP register R196 for RT5592. 543 */ 544 static const uint8_t rt5592_bbp_r196[] = { 545 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 546 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 547 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 548 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 549 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 550 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 551 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 552 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 553 0x2e, 0x36, 0x30, 0x6e 554 }; 555 556 static const struct rfprog { 557 uint8_t chan; 558 uint32_t r1, r2, r3, r4; 559 } rt2860_rf2850[] = { 560 RT2860_RF2850 561 }; 562 563 struct { 564 uint8_t n, r, k; 565 } rt3070_freqs[] = { 566 RT3070_RF3052 567 }; 568 569 static const struct rt5592_freqs { 570 uint16_t n; 571 uint8_t k, m, r; 572 } rt5592_freqs_20mhz[] = { 573 RT5592_RF5592_20MHZ 574 },rt5592_freqs_40mhz[] = { 575 RT5592_RF5592_40MHZ 576 }; 577 578 static const struct { 579 uint8_t reg; 580 uint8_t val; 581 } rt3070_def_rf[] = { 582 RT3070_DEF_RF 583 },rt3572_def_rf[] = { 584 RT3572_DEF_RF 585 },rt3593_def_rf[] = { 586 RT3593_DEF_RF 587 },rt5390_def_rf[] = { 588 RT5390_DEF_RF 589 },rt5392_def_rf[] = { 590 RT5392_DEF_RF 591 },rt5592_def_rf[] = { 592 RT5592_DEF_RF 593 },rt5592_2ghz_def_rf[] = { 594 RT5592_2GHZ_DEF_RF 595 },rt5592_5ghz_def_rf[] = { 596 RT5592_5GHZ_DEF_RF 597 }; 598 599 static const struct { 600 u_int firstchan; 601 u_int lastchan; 602 uint8_t reg; 603 uint8_t val; 604 } rt5592_chan_5ghz[] = { 605 RT5592_CHAN_5GHZ 606 }; 607 608 static const struct usb_config run_config[RUN_N_XFER] = { 609 [RUN_BULK_TX_BE] = { 610 .type = UE_BULK, 611 .endpoint = UE_ADDR_ANY, 612 .ep_index = 0, 613 .direction = UE_DIR_OUT, 614 .bufsize = RUN_MAX_TXSZ, 615 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 616 .callback = run_bulk_tx_callback0, 617 .timeout = 5000, /* ms */ 618 }, 619 [RUN_BULK_TX_BK] = { 620 .type = UE_BULK, 621 .endpoint = UE_ADDR_ANY, 622 .direction = UE_DIR_OUT, 623 .ep_index = 1, 624 .bufsize = RUN_MAX_TXSZ, 625 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 626 .callback = run_bulk_tx_callback1, 627 .timeout = 5000, /* ms */ 628 }, 629 [RUN_BULK_TX_VI] = { 630 .type = UE_BULK, 631 .endpoint = UE_ADDR_ANY, 632 .direction = UE_DIR_OUT, 633 .ep_index = 2, 634 .bufsize = RUN_MAX_TXSZ, 635 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 636 .callback = run_bulk_tx_callback2, 637 .timeout = 5000, /* ms */ 638 }, 639 [RUN_BULK_TX_VO] = { 640 .type = UE_BULK, 641 .endpoint = UE_ADDR_ANY, 642 .direction = UE_DIR_OUT, 643 .ep_index = 3, 644 .bufsize = RUN_MAX_TXSZ, 645 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 646 .callback = run_bulk_tx_callback3, 647 .timeout = 5000, /* ms */ 648 }, 649 [RUN_BULK_TX_HCCA] = { 650 .type = UE_BULK, 651 .endpoint = UE_ADDR_ANY, 652 .direction = UE_DIR_OUT, 653 .ep_index = 4, 654 .bufsize = RUN_MAX_TXSZ, 655 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 656 .callback = run_bulk_tx_callback4, 657 .timeout = 5000, /* ms */ 658 }, 659 [RUN_BULK_TX_PRIO] = { 660 .type = UE_BULK, 661 .endpoint = UE_ADDR_ANY, 662 .direction = UE_DIR_OUT, 663 .ep_index = 5, 664 .bufsize = RUN_MAX_TXSZ, 665 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 666 .callback = run_bulk_tx_callback5, 667 .timeout = 5000, /* ms */ 668 }, 669 [RUN_BULK_RX] = { 670 .type = UE_BULK, 671 .endpoint = UE_ADDR_ANY, 672 .direction = UE_DIR_IN, 673 .bufsize = RUN_MAX_RXSZ, 674 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 675 .callback = run_bulk_rx_callback, 676 } 677 }; 678 679 static void 680 run_autoinst(void *arg, struct usb_device *udev, 681 struct usb_attach_arg *uaa) 682 { 683 struct usb_interface *iface; 684 struct usb_interface_descriptor *id; 685 686 if (uaa->dev_state != UAA_DEV_READY) 687 return; 688 689 iface = usbd_get_iface(udev, 0); 690 if (iface == NULL) 691 return; 692 id = iface->idesc; 693 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 694 return; 695 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 696 return; 697 698 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 699 uaa->dev_state = UAA_DEV_EJECTING; 700 } 701 702 static int 703 run_driver_loaded(struct module *mod, int what, void *arg) 704 { 705 switch (what) { 706 case MOD_LOAD: 707 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 708 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 709 break; 710 case MOD_UNLOAD: 711 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 712 break; 713 default: 714 return (EOPNOTSUPP); 715 } 716 return (0); 717 } 718 719 static int 720 run_match(device_t self) 721 { 722 struct usb_attach_arg *uaa = device_get_ivars(self); 723 724 if (uaa->usb_mode != USB_MODE_HOST) 725 return (ENXIO); 726 if (uaa->info.bConfigIndex != 0) 727 return (ENXIO); 728 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 729 return (ENXIO); 730 731 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 732 } 733 734 static int 735 run_attach(device_t self) 736 { 737 struct run_softc *sc = device_get_softc(self); 738 struct usb_attach_arg *uaa = device_get_ivars(self); 739 struct ieee80211com *ic = &sc->sc_ic; 740 uint32_t ver; 741 uint8_t iface_index; 742 int ntries, error; 743 744 device_set_usb_desc(self); 745 sc->sc_udev = uaa->device; 746 sc->sc_dev = self; 747 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 748 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 749 750 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 751 MTX_NETWORK_LOCK, MTX_DEF); 752 mbufq_init(&sc->sc_snd, ifqmaxlen); 753 754 iface_index = RT2860_IFACE_INDEX; 755 756 error = usbd_transfer_setup(uaa->device, &iface_index, 757 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 758 if (error) { 759 device_printf(self, "could not allocate USB transfers, " 760 "err=%s\n", usbd_errstr(error)); 761 goto detach; 762 } 763 764 RUN_LOCK(sc); 765 766 /* wait for the chip to settle */ 767 for (ntries = 0; ntries < 100; ntries++) { 768 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 769 RUN_UNLOCK(sc); 770 goto detach; 771 } 772 if (ver != 0 && ver != 0xffffffff) 773 break; 774 run_delay(sc, 10); 775 } 776 if (ntries == 100) { 777 device_printf(sc->sc_dev, 778 "timeout waiting for NIC to initialize\n"); 779 RUN_UNLOCK(sc); 780 goto detach; 781 } 782 sc->mac_ver = ver >> 16; 783 sc->mac_rev = ver & 0xffff; 784 785 /* retrieve RF rev. no and various other things from EEPROM */ 786 run_read_eeprom(sc); 787 788 device_printf(sc->sc_dev, 789 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 790 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 791 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 792 793 RUN_UNLOCK(sc); 794 795 ic->ic_softc = sc; 796 ic->ic_name = device_get_nameunit(self); 797 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 798 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 799 800 /* set device capabilities */ 801 ic->ic_caps = 802 IEEE80211_C_STA | /* station mode supported */ 803 IEEE80211_C_MONITOR | /* monitor mode supported */ 804 IEEE80211_C_IBSS | 805 IEEE80211_C_HOSTAP | 806 IEEE80211_C_WDS | /* 4-address traffic works */ 807 IEEE80211_C_MBSS | 808 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 809 IEEE80211_C_SHSLOT | /* short slot time supported */ 810 IEEE80211_C_WME | /* WME */ 811 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 812 813 ic->ic_cryptocaps = 814 IEEE80211_CRYPTO_WEP | 815 IEEE80211_CRYPTO_AES_CCM | 816 IEEE80211_CRYPTO_TKIPMIC | 817 IEEE80211_CRYPTO_TKIP; 818 819 ic->ic_flags |= IEEE80211_F_DATAPAD; 820 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 821 822 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 823 ic->ic_channels); 824 825 ieee80211_ifattach(ic); 826 827 ic->ic_scan_start = run_scan_start; 828 ic->ic_scan_end = run_scan_end; 829 ic->ic_set_channel = run_set_channel; 830 ic->ic_getradiocaps = run_getradiocaps; 831 ic->ic_node_alloc = run_node_alloc; 832 ic->ic_newassoc = run_newassoc; 833 ic->ic_updateslot = run_updateslot; 834 ic->ic_update_mcast = run_update_mcast; 835 ic->ic_wme.wme_update = run_wme_update; 836 ic->ic_raw_xmit = run_raw_xmit; 837 ic->ic_update_promisc = run_update_promisc; 838 ic->ic_vap_create = run_vap_create; 839 ic->ic_vap_delete = run_vap_delete; 840 ic->ic_transmit = run_transmit; 841 ic->ic_parent = run_parent; 842 843 ieee80211_radiotap_attach(ic, 844 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 845 RUN_TX_RADIOTAP_PRESENT, 846 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 847 RUN_RX_RADIOTAP_PRESENT); 848 849 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 850 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 851 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 852 853 if (bootverbose) 854 ieee80211_announce(ic); 855 856 return (0); 857 858 detach: 859 run_detach(self); 860 return (ENXIO); 861 } 862 863 static void 864 run_drain_mbufq(struct run_softc *sc) 865 { 866 struct mbuf *m; 867 struct ieee80211_node *ni; 868 869 RUN_LOCK_ASSERT(sc, MA_OWNED); 870 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 871 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 872 m->m_pkthdr.rcvif = NULL; 873 ieee80211_free_node(ni); 874 m_freem(m); 875 } 876 } 877 878 static int 879 run_detach(device_t self) 880 { 881 struct run_softc *sc = device_get_softc(self); 882 struct ieee80211com *ic = &sc->sc_ic; 883 int i; 884 885 RUN_LOCK(sc); 886 sc->sc_detached = 1; 887 RUN_UNLOCK(sc); 888 889 /* stop all USB transfers */ 890 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 891 892 RUN_LOCK(sc); 893 sc->ratectl_run = RUN_RATECTL_OFF; 894 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 895 896 /* free TX list, if any */ 897 for (i = 0; i != RUN_EP_QUEUES; i++) 898 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 899 900 /* Free TX queue */ 901 run_drain_mbufq(sc); 902 RUN_UNLOCK(sc); 903 904 if (sc->sc_ic.ic_softc == sc) { 905 /* drain tasks */ 906 usb_callout_drain(&sc->ratectl_ch); 907 ieee80211_draintask(ic, &sc->cmdq_task); 908 ieee80211_draintask(ic, &sc->ratectl_task); 909 ieee80211_ifdetach(ic); 910 } 911 912 mtx_destroy(&sc->sc_mtx); 913 914 return (0); 915 } 916 917 static struct ieee80211vap * 918 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 919 enum ieee80211_opmode opmode, int flags, 920 const uint8_t bssid[IEEE80211_ADDR_LEN], 921 const uint8_t mac[IEEE80211_ADDR_LEN]) 922 { 923 struct run_softc *sc = ic->ic_softc; 924 struct run_vap *rvp; 925 struct ieee80211vap *vap; 926 int i; 927 928 if (sc->rvp_cnt >= RUN_VAP_MAX) { 929 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 930 return (NULL); 931 } 932 933 switch (opmode) { 934 case IEEE80211_M_STA: 935 /* enable s/w bmiss handling for sta mode */ 936 flags |= IEEE80211_CLONE_NOBEACONS; 937 /* fall though */ 938 case IEEE80211_M_IBSS: 939 case IEEE80211_M_MONITOR: 940 case IEEE80211_M_HOSTAP: 941 case IEEE80211_M_MBSS: 942 /* other than WDS vaps, only one at a time */ 943 if (!TAILQ_EMPTY(&ic->ic_vaps)) 944 return (NULL); 945 break; 946 case IEEE80211_M_WDS: 947 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 948 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 949 continue; 950 /* WDS vap's always share the local mac address. */ 951 flags &= ~IEEE80211_CLONE_BSSID; 952 break; 953 } 954 if (vap == NULL) { 955 device_printf(sc->sc_dev, 956 "wds only supported in ap mode\n"); 957 return (NULL); 958 } 959 break; 960 default: 961 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 962 return (NULL); 963 } 964 965 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 966 vap = &rvp->vap; 967 968 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 969 bssid) != 0) { 970 /* out of memory */ 971 free(rvp, M_80211_VAP); 972 return (NULL); 973 } 974 975 vap->iv_update_beacon = run_update_beacon; 976 vap->iv_max_aid = RT2870_WCID_MAX; 977 /* 978 * To delete the right key from h/w, we need wcid. 979 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 980 * and matching wcid will be written into there. So, cast 981 * some spells to remove 'const' from ieee80211_key{} 982 */ 983 vap->iv_key_delete = (void *)run_key_delete; 984 vap->iv_key_set = (void *)run_key_set; 985 986 /* override state transition machine */ 987 rvp->newstate = vap->iv_newstate; 988 vap->iv_newstate = run_newstate; 989 if (opmode == IEEE80211_M_IBSS) { 990 rvp->recv_mgmt = vap->iv_recv_mgmt; 991 vap->iv_recv_mgmt = run_recv_mgmt; 992 } 993 994 ieee80211_ratectl_init(vap); 995 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 996 997 /* complete setup */ 998 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 999 mac); 1000 1001 /* make sure id is always unique */ 1002 for (i = 0; i < RUN_VAP_MAX; i++) { 1003 if((sc->rvp_bmap & 1 << i) == 0){ 1004 sc->rvp_bmap |= 1 << i; 1005 rvp->rvp_id = i; 1006 break; 1007 } 1008 } 1009 if (sc->rvp_cnt++ == 0) 1010 ic->ic_opmode = opmode; 1011 1012 if (opmode == IEEE80211_M_HOSTAP) 1013 sc->cmdq_run = RUN_CMDQ_GO; 1014 1015 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1016 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1017 1018 return (vap); 1019 } 1020 1021 static void 1022 run_vap_delete(struct ieee80211vap *vap) 1023 { 1024 struct run_vap *rvp = RUN_VAP(vap); 1025 struct ieee80211com *ic; 1026 struct run_softc *sc; 1027 uint8_t rvp_id; 1028 1029 if (vap == NULL) 1030 return; 1031 1032 ic = vap->iv_ic; 1033 sc = ic->ic_softc; 1034 1035 RUN_LOCK(sc); 1036 1037 m_freem(rvp->beacon_mbuf); 1038 rvp->beacon_mbuf = NULL; 1039 1040 rvp_id = rvp->rvp_id; 1041 sc->ratectl_run &= ~(1 << rvp_id); 1042 sc->rvp_bmap &= ~(1 << rvp_id); 1043 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1044 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1045 --sc->rvp_cnt; 1046 1047 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1048 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1049 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1050 1051 RUN_UNLOCK(sc); 1052 1053 ieee80211_ratectl_deinit(vap); 1054 ieee80211_vap_detach(vap); 1055 free(rvp, M_80211_VAP); 1056 } 1057 1058 /* 1059 * There are numbers of functions need to be called in context thread. 1060 * Rather than creating taskqueue event for each of those functions, 1061 * here is all-for-one taskqueue callback function. This function 1062 * guarantees deferred functions are executed in the same order they 1063 * were enqueued. 1064 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1065 */ 1066 static void 1067 run_cmdq_cb(void *arg, int pending) 1068 { 1069 struct run_softc *sc = arg; 1070 uint8_t i; 1071 1072 /* call cmdq[].func locked */ 1073 RUN_LOCK(sc); 1074 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1075 i = sc->cmdq_exec, pending--) { 1076 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1077 i, pending); 1078 if (sc->cmdq_run == RUN_CMDQ_GO) { 1079 /* 1080 * If arg0 is NULL, callback func needs more 1081 * than one arg. So, pass ptr to cmdq struct. 1082 */ 1083 if (sc->cmdq[i].arg0) 1084 sc->cmdq[i].func(sc->cmdq[i].arg0); 1085 else 1086 sc->cmdq[i].func(&sc->cmdq[i]); 1087 } 1088 sc->cmdq[i].arg0 = NULL; 1089 sc->cmdq[i].func = NULL; 1090 sc->cmdq_exec++; 1091 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1092 } 1093 RUN_UNLOCK(sc); 1094 } 1095 1096 static void 1097 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1098 { 1099 struct run_tx_data *data; 1100 1101 memset(pq, 0, sizeof(*pq)); 1102 1103 STAILQ_INIT(&pq->tx_qh); 1104 STAILQ_INIT(&pq->tx_fh); 1105 1106 for (data = &pq->tx_data[0]; 1107 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1108 data->sc = sc; 1109 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1110 } 1111 pq->tx_nfree = RUN_TX_RING_COUNT; 1112 } 1113 1114 static void 1115 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1116 { 1117 struct run_tx_data *data; 1118 1119 /* make sure any subsequent use of the queues will fail */ 1120 pq->tx_nfree = 0; 1121 STAILQ_INIT(&pq->tx_fh); 1122 STAILQ_INIT(&pq->tx_qh); 1123 1124 /* free up all node references and mbufs */ 1125 for (data = &pq->tx_data[0]; 1126 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1127 if (data->m != NULL) { 1128 m_freem(data->m); 1129 data->m = NULL; 1130 } 1131 if (data->ni != NULL) { 1132 ieee80211_free_node(data->ni); 1133 data->ni = NULL; 1134 } 1135 } 1136 } 1137 1138 static int 1139 run_load_microcode(struct run_softc *sc) 1140 { 1141 usb_device_request_t req; 1142 const struct firmware *fw; 1143 const u_char *base; 1144 uint32_t tmp; 1145 int ntries, error; 1146 const uint64_t *temp; 1147 uint64_t bytes; 1148 1149 RUN_UNLOCK(sc); 1150 fw = firmware_get("runfw"); 1151 RUN_LOCK(sc); 1152 if (fw == NULL) { 1153 device_printf(sc->sc_dev, 1154 "failed loadfirmware of file %s\n", "runfw"); 1155 return ENOENT; 1156 } 1157 1158 if (fw->datasize != 8192) { 1159 device_printf(sc->sc_dev, 1160 "invalid firmware size (should be 8KB)\n"); 1161 error = EINVAL; 1162 goto fail; 1163 } 1164 1165 /* 1166 * RT3071/RT3072 use a different firmware 1167 * run-rt2870 (8KB) contains both, 1168 * first half (4KB) is for rt2870, 1169 * last half is for rt3071. 1170 */ 1171 base = fw->data; 1172 if ((sc->mac_ver) != 0x2860 && 1173 (sc->mac_ver) != 0x2872 && 1174 (sc->mac_ver) != 0x3070) { 1175 base += 4096; 1176 } 1177 1178 /* cheap sanity check */ 1179 temp = fw->data; 1180 bytes = *temp; 1181 if (bytes != be64toh(0xffffff0210280210ULL)) { 1182 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1183 error = EINVAL; 1184 goto fail; 1185 } 1186 1187 /* write microcode image */ 1188 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1189 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1190 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1191 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1192 } 1193 1194 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1195 req.bRequest = RT2870_RESET; 1196 USETW(req.wValue, 8); 1197 USETW(req.wIndex, 0); 1198 USETW(req.wLength, 0); 1199 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1200 != 0) { 1201 device_printf(sc->sc_dev, "firmware reset failed\n"); 1202 goto fail; 1203 } 1204 1205 run_delay(sc, 10); 1206 1207 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1208 run_write(sc, RT2860_H2M_MAILBOX, 0); 1209 run_write(sc, RT2860_H2M_INTSRC, 0); 1210 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1211 goto fail; 1212 1213 /* wait until microcontroller is ready */ 1214 for (ntries = 0; ntries < 1000; ntries++) { 1215 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1216 goto fail; 1217 if (tmp & RT2860_MCU_READY) 1218 break; 1219 run_delay(sc, 10); 1220 } 1221 if (ntries == 1000) { 1222 device_printf(sc->sc_dev, 1223 "timeout waiting for MCU to initialize\n"); 1224 error = ETIMEDOUT; 1225 goto fail; 1226 } 1227 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1228 (base == fw->data) ? "RT2870" : "RT3071", 1229 *(base + 4092), *(base + 4093)); 1230 1231 fail: 1232 firmware_put(fw, FIRMWARE_UNLOAD); 1233 return (error); 1234 } 1235 1236 static int 1237 run_reset(struct run_softc *sc) 1238 { 1239 usb_device_request_t req; 1240 1241 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1242 req.bRequest = RT2870_RESET; 1243 USETW(req.wValue, 1); 1244 USETW(req.wIndex, 0); 1245 USETW(req.wLength, 0); 1246 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1247 } 1248 1249 static usb_error_t 1250 run_do_request(struct run_softc *sc, 1251 struct usb_device_request *req, void *data) 1252 { 1253 usb_error_t err; 1254 int ntries = 10; 1255 1256 RUN_LOCK_ASSERT(sc, MA_OWNED); 1257 1258 while (ntries--) { 1259 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1260 req, data, 0, NULL, 250 /* ms */); 1261 if (err == 0) 1262 break; 1263 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1264 "Control request failed, %s (retrying)\n", 1265 usbd_errstr(err)); 1266 run_delay(sc, 10); 1267 } 1268 return (err); 1269 } 1270 1271 static int 1272 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1273 { 1274 uint32_t tmp; 1275 int error; 1276 1277 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1278 if (error == 0) 1279 *val = le32toh(tmp); 1280 else 1281 *val = 0xffffffff; 1282 return (error); 1283 } 1284 1285 static int 1286 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1287 { 1288 usb_device_request_t req; 1289 1290 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1291 req.bRequest = RT2870_READ_REGION_1; 1292 USETW(req.wValue, 0); 1293 USETW(req.wIndex, reg); 1294 USETW(req.wLength, len); 1295 1296 return (run_do_request(sc, &req, buf)); 1297 } 1298 1299 static int 1300 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1301 { 1302 usb_device_request_t req; 1303 1304 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1305 req.bRequest = RT2870_WRITE_2; 1306 USETW(req.wValue, val); 1307 USETW(req.wIndex, reg); 1308 USETW(req.wLength, 0); 1309 1310 return (run_do_request(sc, &req, NULL)); 1311 } 1312 1313 static int 1314 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1315 { 1316 int error; 1317 1318 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1319 error = run_write_2(sc, reg + 2, val >> 16); 1320 return (error); 1321 } 1322 1323 static int 1324 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1325 int len) 1326 { 1327 #if 1 1328 int i, error = 0; 1329 /* 1330 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1331 * We thus issue multiple WRITE_2 commands instead. 1332 */ 1333 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1334 for (i = 0; i < len && error == 0; i += 2) 1335 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1336 return (error); 1337 #else 1338 usb_device_request_t req; 1339 int error = 0; 1340 1341 /* 1342 * NOTE: It appears the WRITE_REGION_1 command cannot be 1343 * passed a huge amount of data, which will crash the 1344 * firmware. Limit amount of data passed to 64-bytes at a 1345 * time. 1346 */ 1347 while (len > 0) { 1348 int delta = 64; 1349 if (delta > len) 1350 delta = len; 1351 1352 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1353 req.bRequest = RT2870_WRITE_REGION_1; 1354 USETW(req.wValue, 0); 1355 USETW(req.wIndex, reg); 1356 USETW(req.wLength, delta); 1357 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1358 if (error != 0) 1359 break; 1360 reg += delta; 1361 buf += delta; 1362 len -= delta; 1363 } 1364 return (error); 1365 #endif 1366 } 1367 1368 static int 1369 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1370 { 1371 int i, error = 0; 1372 1373 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1374 for (i = 0; i < len && error == 0; i += 4) 1375 error = run_write(sc, reg + i, val); 1376 return (error); 1377 } 1378 1379 static int 1380 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1381 { 1382 uint32_t tmp; 1383 uint16_t reg; 1384 int error, ntries; 1385 1386 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1387 return (error); 1388 1389 if (count == 2) 1390 addr *= 2; 1391 /*- 1392 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1393 * DATA0: F E D C 1394 * DATA1: B A 9 8 1395 * DATA2: 7 6 5 4 1396 * DATA3: 3 2 1 0 1397 */ 1398 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1399 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1400 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1401 for (ntries = 0; ntries < 100; ntries++) { 1402 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1403 return (error); 1404 if (!(tmp & RT3070_EFSROM_KICK)) 1405 break; 1406 run_delay(sc, 2); 1407 } 1408 if (ntries == 100) 1409 return (ETIMEDOUT); 1410 1411 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1412 *val = 0xffff; /* address not found */ 1413 return (0); 1414 } 1415 /* determine to which 32-bit register our 16-bit word belongs */ 1416 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1417 if ((error = run_read(sc, reg, &tmp)) != 0) 1418 return (error); 1419 1420 tmp >>= (8 * (addr & 0x3)); 1421 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1422 1423 return (0); 1424 } 1425 1426 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1427 static int 1428 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1429 { 1430 return (run_efuse_read(sc, addr, val, 2)); 1431 } 1432 1433 static int 1434 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1435 { 1436 usb_device_request_t req; 1437 uint16_t tmp; 1438 int error; 1439 1440 addr *= 2; 1441 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1442 req.bRequest = RT2870_EEPROM_READ; 1443 USETW(req.wValue, 0); 1444 USETW(req.wIndex, addr); 1445 USETW(req.wLength, sizeof(tmp)); 1446 1447 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1448 if (error == 0) 1449 *val = le16toh(tmp); 1450 else 1451 *val = 0xffff; 1452 return (error); 1453 } 1454 1455 static __inline int 1456 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1457 { 1458 /* either eFUSE ROM or EEPROM */ 1459 return sc->sc_srom_read(sc, addr, val); 1460 } 1461 1462 static int 1463 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1464 { 1465 uint32_t tmp; 1466 int error, ntries; 1467 1468 for (ntries = 0; ntries < 10; ntries++) { 1469 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1470 return (error); 1471 if (!(tmp & RT2860_RF_REG_CTRL)) 1472 break; 1473 } 1474 if (ntries == 10) 1475 return (ETIMEDOUT); 1476 1477 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1478 } 1479 1480 static int 1481 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1482 { 1483 uint32_t tmp; 1484 int error, ntries; 1485 1486 for (ntries = 0; ntries < 100; ntries++) { 1487 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1488 return (error); 1489 if (!(tmp & RT3070_RF_KICK)) 1490 break; 1491 } 1492 if (ntries == 100) 1493 return (ETIMEDOUT); 1494 1495 tmp = RT3070_RF_KICK | reg << 8; 1496 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1497 return (error); 1498 1499 for (ntries = 0; ntries < 100; ntries++) { 1500 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1501 return (error); 1502 if (!(tmp & RT3070_RF_KICK)) 1503 break; 1504 } 1505 if (ntries == 100) 1506 return (ETIMEDOUT); 1507 1508 *val = tmp & 0xff; 1509 return (0); 1510 } 1511 1512 static int 1513 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1514 { 1515 uint32_t tmp; 1516 int error, ntries; 1517 1518 for (ntries = 0; ntries < 10; ntries++) { 1519 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1520 return (error); 1521 if (!(tmp & RT3070_RF_KICK)) 1522 break; 1523 } 1524 if (ntries == 10) 1525 return (ETIMEDOUT); 1526 1527 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1528 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1529 } 1530 1531 static int 1532 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1533 { 1534 uint32_t tmp; 1535 int ntries, error; 1536 1537 for (ntries = 0; ntries < 10; ntries++) { 1538 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1539 return (error); 1540 if (!(tmp & RT2860_BBP_CSR_KICK)) 1541 break; 1542 } 1543 if (ntries == 10) 1544 return (ETIMEDOUT); 1545 1546 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1547 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1548 return (error); 1549 1550 for (ntries = 0; ntries < 10; ntries++) { 1551 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1552 return (error); 1553 if (!(tmp & RT2860_BBP_CSR_KICK)) 1554 break; 1555 } 1556 if (ntries == 10) 1557 return (ETIMEDOUT); 1558 1559 *val = tmp & 0xff; 1560 return (0); 1561 } 1562 1563 static int 1564 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1565 { 1566 uint32_t tmp; 1567 int ntries, error; 1568 1569 for (ntries = 0; ntries < 10; ntries++) { 1570 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1571 return (error); 1572 if (!(tmp & RT2860_BBP_CSR_KICK)) 1573 break; 1574 } 1575 if (ntries == 10) 1576 return (ETIMEDOUT); 1577 1578 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1579 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1580 } 1581 1582 /* 1583 * Send a command to the 8051 microcontroller unit. 1584 */ 1585 static int 1586 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1587 { 1588 uint32_t tmp; 1589 int error, ntries; 1590 1591 for (ntries = 0; ntries < 100; ntries++) { 1592 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1593 return error; 1594 if (!(tmp & RT2860_H2M_BUSY)) 1595 break; 1596 } 1597 if (ntries == 100) 1598 return ETIMEDOUT; 1599 1600 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1601 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1602 error = run_write(sc, RT2860_HOST_CMD, cmd); 1603 return (error); 1604 } 1605 1606 /* 1607 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1608 * Used to adjust per-rate Tx power registers. 1609 */ 1610 static __inline uint32_t 1611 b4inc(uint32_t b32, int8_t delta) 1612 { 1613 int8_t i, b4; 1614 1615 for (i = 0; i < 8; i++) { 1616 b4 = b32 & 0xf; 1617 b4 += delta; 1618 if (b4 < 0) 1619 b4 = 0; 1620 else if (b4 > 0xf) 1621 b4 = 0xf; 1622 b32 = b32 >> 4 | b4 << 28; 1623 } 1624 return (b32); 1625 } 1626 1627 static const char * 1628 run_get_rf(uint16_t rev) 1629 { 1630 switch (rev) { 1631 case RT2860_RF_2820: return "RT2820"; 1632 case RT2860_RF_2850: return "RT2850"; 1633 case RT2860_RF_2720: return "RT2720"; 1634 case RT2860_RF_2750: return "RT2750"; 1635 case RT3070_RF_3020: return "RT3020"; 1636 case RT3070_RF_2020: return "RT2020"; 1637 case RT3070_RF_3021: return "RT3021"; 1638 case RT3070_RF_3022: return "RT3022"; 1639 case RT3070_RF_3052: return "RT3052"; 1640 case RT3593_RF_3053: return "RT3053"; 1641 case RT5592_RF_5592: return "RT5592"; 1642 case RT5390_RF_5370: return "RT5370"; 1643 case RT5390_RF_5372: return "RT5372"; 1644 } 1645 return ("unknown"); 1646 } 1647 1648 static void 1649 run_rt3593_get_txpower(struct run_softc *sc) 1650 { 1651 uint16_t addr, val; 1652 int i; 1653 1654 /* Read power settings for 2GHz channels. */ 1655 for (i = 0; i < 14; i += 2) { 1656 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1657 RT2860_EEPROM_PWR2GHZ_BASE1; 1658 run_srom_read(sc, addr + i / 2, &val); 1659 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1660 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1661 1662 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1663 RT2860_EEPROM_PWR2GHZ_BASE2; 1664 run_srom_read(sc, addr + i / 2, &val); 1665 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1666 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1667 1668 if (sc->ntxchains == 3) { 1669 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1670 &val); 1671 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1672 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1673 } 1674 } 1675 /* Fix broken Tx power entries. */ 1676 for (i = 0; i < 14; i++) { 1677 if (sc->txpow1[i] > 31) 1678 sc->txpow1[i] = 5; 1679 if (sc->txpow2[i] > 31) 1680 sc->txpow2[i] = 5; 1681 if (sc->ntxchains == 3) { 1682 if (sc->txpow3[i] > 31) 1683 sc->txpow3[i] = 5; 1684 } 1685 } 1686 /* Read power settings for 5GHz channels. */ 1687 for (i = 0; i < 40; i += 2) { 1688 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1689 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1690 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1691 1692 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1693 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1694 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1695 1696 if (sc->ntxchains == 3) { 1697 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1698 &val); 1699 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1700 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1701 } 1702 } 1703 } 1704 1705 static void 1706 run_get_txpower(struct run_softc *sc) 1707 { 1708 uint16_t val; 1709 int i; 1710 1711 /* Read power settings for 2GHz channels. */ 1712 for (i = 0; i < 14; i += 2) { 1713 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1714 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1715 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1716 1717 if (sc->mac_ver != 0x5390) { 1718 run_srom_read(sc, 1719 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1720 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1721 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1722 } 1723 } 1724 /* Fix broken Tx power entries. */ 1725 for (i = 0; i < 14; i++) { 1726 if (sc->mac_ver >= 0x5390) { 1727 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1728 sc->txpow1[i] = 5; 1729 } else { 1730 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1731 sc->txpow1[i] = 5; 1732 } 1733 if (sc->mac_ver > 0x5390) { 1734 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1735 sc->txpow2[i] = 5; 1736 } else if (sc->mac_ver < 0x5390) { 1737 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1738 sc->txpow2[i] = 5; 1739 } 1740 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1741 "chan %d: power1=%d, power2=%d\n", 1742 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1743 } 1744 /* Read power settings for 5GHz channels. */ 1745 for (i = 0; i < 40; i += 2) { 1746 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1747 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1748 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1749 1750 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1751 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1752 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1753 } 1754 /* Fix broken Tx power entries. */ 1755 for (i = 0; i < 40; i++ ) { 1756 if (sc->mac_ver != 0x5592) { 1757 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1758 sc->txpow1[14 + i] = 5; 1759 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1760 sc->txpow2[14 + i] = 5; 1761 } 1762 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1763 "chan %d: power1=%d, power2=%d\n", 1764 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1765 sc->txpow2[14 + i]); 1766 } 1767 } 1768 1769 static int 1770 run_read_eeprom(struct run_softc *sc) 1771 { 1772 struct ieee80211com *ic = &sc->sc_ic; 1773 int8_t delta_2ghz, delta_5ghz; 1774 uint32_t tmp; 1775 uint16_t val; 1776 int ridx, ant, i; 1777 1778 /* check whether the ROM is eFUSE ROM or EEPROM */ 1779 sc->sc_srom_read = run_eeprom_read_2; 1780 if (sc->mac_ver >= 0x3070) { 1781 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1782 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1783 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1784 sc->sc_srom_read = run_efuse_read_2; 1785 } 1786 1787 /* read ROM version */ 1788 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1789 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1790 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1791 1792 /* read MAC address */ 1793 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1794 ic->ic_macaddr[0] = val & 0xff; 1795 ic->ic_macaddr[1] = val >> 8; 1796 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1797 ic->ic_macaddr[2] = val & 0xff; 1798 ic->ic_macaddr[3] = val >> 8; 1799 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1800 ic->ic_macaddr[4] = val & 0xff; 1801 ic->ic_macaddr[5] = val >> 8; 1802 1803 if (sc->mac_ver < 0x3593) { 1804 /* read vender BBP settings */ 1805 for (i = 0; i < 10; i++) { 1806 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1807 sc->bbp[i].val = val & 0xff; 1808 sc->bbp[i].reg = val >> 8; 1809 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1810 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1811 } 1812 if (sc->mac_ver >= 0x3071) { 1813 /* read vendor RF settings */ 1814 for (i = 0; i < 10; i++) { 1815 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1816 &val); 1817 sc->rf[i].val = val & 0xff; 1818 sc->rf[i].reg = val >> 8; 1819 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1820 sc->rf[i].reg, sc->rf[i].val); 1821 } 1822 } 1823 } 1824 1825 /* read RF frequency offset from EEPROM */ 1826 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1827 RT3593_EEPROM_FREQ, &val); 1828 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1829 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1830 sc->freq & 0xff); 1831 1832 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1833 RT3593_EEPROM_FREQ_LEDS, &val); 1834 if (val >> 8 != 0xff) { 1835 /* read LEDs operating mode */ 1836 sc->leds = val >> 8; 1837 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1838 RT3593_EEPROM_LED1, &sc->led[0]); 1839 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1840 RT3593_EEPROM_LED2, &sc->led[1]); 1841 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1842 RT3593_EEPROM_LED3, &sc->led[2]); 1843 } else { 1844 /* broken EEPROM, use default settings */ 1845 sc->leds = 0x01; 1846 sc->led[0] = 0x5555; 1847 sc->led[1] = 0x2221; 1848 sc->led[2] = 0x5627; /* differs from RT2860 */ 1849 } 1850 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1851 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1852 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1853 1854 /* read RF information */ 1855 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1856 run_srom_read(sc, 0x00, &val); 1857 else 1858 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1859 1860 if (val == 0xffff) { 1861 device_printf(sc->sc_dev, 1862 "invalid EEPROM antenna info, using default\n"); 1863 if (sc->mac_ver == 0x3572) { 1864 /* default to RF3052 2T2R */ 1865 sc->rf_rev = RT3070_RF_3052; 1866 sc->ntxchains = 2; 1867 sc->nrxchains = 2; 1868 } else if (sc->mac_ver >= 0x3070) { 1869 /* default to RF3020 1T1R */ 1870 sc->rf_rev = RT3070_RF_3020; 1871 sc->ntxchains = 1; 1872 sc->nrxchains = 1; 1873 } else { 1874 /* default to RF2820 1T2R */ 1875 sc->rf_rev = RT2860_RF_2820; 1876 sc->ntxchains = 1; 1877 sc->nrxchains = 2; 1878 } 1879 } else { 1880 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1881 sc->rf_rev = val; 1882 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1883 } else 1884 sc->rf_rev = (val >> 8) & 0xf; 1885 sc->ntxchains = (val >> 4) & 0xf; 1886 sc->nrxchains = val & 0xf; 1887 } 1888 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1889 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1890 1891 /* check if RF supports automatic Tx access gain control */ 1892 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1893 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1894 /* check if driver should patch the DAC issue */ 1895 if ((val >> 8) != 0xff) 1896 sc->patch_dac = (val >> 15) & 1; 1897 if ((val & 0xff) != 0xff) { 1898 sc->ext_5ghz_lna = (val >> 3) & 1; 1899 sc->ext_2ghz_lna = (val >> 2) & 1; 1900 /* check if RF supports automatic Tx access gain control */ 1901 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1902 /* check if we have a hardware radio switch */ 1903 sc->rfswitch = val & 1; 1904 } 1905 1906 /* Read Tx power settings. */ 1907 if (sc->mac_ver == 0x3593) 1908 run_rt3593_get_txpower(sc); 1909 else 1910 run_get_txpower(sc); 1911 1912 /* read Tx power compensation for each Tx rate */ 1913 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1914 delta_2ghz = delta_5ghz = 0; 1915 if ((val & 0xff) != 0xff && (val & 0x80)) { 1916 delta_2ghz = val & 0xf; 1917 if (!(val & 0x40)) /* negative number */ 1918 delta_2ghz = -delta_2ghz; 1919 } 1920 val >>= 8; 1921 if ((val & 0xff) != 0xff && (val & 0x80)) { 1922 delta_5ghz = val & 0xf; 1923 if (!(val & 0x40)) /* negative number */ 1924 delta_5ghz = -delta_5ghz; 1925 } 1926 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1927 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1928 1929 for (ridx = 0; ridx < 5; ridx++) { 1930 uint32_t reg; 1931 1932 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1933 reg = val; 1934 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1935 reg |= (uint32_t)val << 16; 1936 1937 sc->txpow20mhz[ridx] = reg; 1938 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1939 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1940 1941 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1942 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1943 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1944 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1945 } 1946 1947 /* Read RSSI offsets and LNA gains from EEPROM. */ 1948 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1949 RT3593_EEPROM_RSSI1_2GHZ, &val); 1950 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1951 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1952 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1953 RT3593_EEPROM_RSSI2_2GHZ, &val); 1954 if (sc->mac_ver >= 0x3070) { 1955 if (sc->mac_ver == 0x3593) { 1956 sc->txmixgain_2ghz = 0; 1957 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1958 } else { 1959 /* 1960 * On RT3070 chips (limited to 2 Rx chains), this ROM 1961 * field contains the Tx mixer gain for the 2GHz band. 1962 */ 1963 if ((val & 0xff) != 0xff) 1964 sc->txmixgain_2ghz = val & 0x7; 1965 } 1966 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1967 sc->txmixgain_2ghz); 1968 } else 1969 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1970 if (sc->mac_ver == 0x3593) 1971 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1972 sc->lna[2] = val >> 8; /* channel group 2 */ 1973 1974 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1975 RT3593_EEPROM_RSSI1_5GHZ, &val); 1976 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1977 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1978 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1979 RT3593_EEPROM_RSSI2_5GHZ, &val); 1980 if (sc->mac_ver == 0x3572) { 1981 /* 1982 * On RT3572 chips (limited to 2 Rx chains), this ROM 1983 * field contains the Tx mixer gain for the 5GHz band. 1984 */ 1985 if ((val & 0xff) != 0xff) 1986 sc->txmixgain_5ghz = val & 0x7; 1987 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1988 sc->txmixgain_5ghz); 1989 } else 1990 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1991 if (sc->mac_ver == 0x3593) { 1992 sc->txmixgain_5ghz = 0; 1993 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1994 } 1995 sc->lna[3] = val >> 8; /* channel group 3 */ 1996 1997 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1998 RT3593_EEPROM_LNA, &val); 1999 sc->lna[0] = val & 0xff; /* channel group 0 */ 2000 sc->lna[1] = val >> 8; /* channel group 1 */ 2001 2002 /* fix broken 5GHz LNA entries */ 2003 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2004 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2005 "invalid LNA for channel group %d\n", 2); 2006 sc->lna[2] = sc->lna[1]; 2007 } 2008 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2009 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2010 "invalid LNA for channel group %d\n", 3); 2011 sc->lna[3] = sc->lna[1]; 2012 } 2013 2014 /* fix broken RSSI offset entries */ 2015 for (ant = 0; ant < 3; ant++) { 2016 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2017 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2018 "invalid RSSI%d offset: %d (2GHz)\n", 2019 ant + 1, sc->rssi_2ghz[ant]); 2020 sc->rssi_2ghz[ant] = 0; 2021 } 2022 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2023 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2024 "invalid RSSI%d offset: %d (5GHz)\n", 2025 ant + 1, sc->rssi_5ghz[ant]); 2026 sc->rssi_5ghz[ant] = 0; 2027 } 2028 } 2029 return (0); 2030 } 2031 2032 static struct ieee80211_node * 2033 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2034 { 2035 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 2036 } 2037 2038 static int 2039 run_media_change(struct ifnet *ifp) 2040 { 2041 struct ieee80211vap *vap = ifp->if_softc; 2042 struct ieee80211com *ic = vap->iv_ic; 2043 const struct ieee80211_txparam *tp; 2044 struct run_softc *sc = ic->ic_softc; 2045 uint8_t rate, ridx; 2046 int error; 2047 2048 RUN_LOCK(sc); 2049 2050 error = ieee80211_media_change(ifp); 2051 if (error != ENETRESET) { 2052 RUN_UNLOCK(sc); 2053 return (error); 2054 } 2055 2056 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2057 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2058 struct ieee80211_node *ni; 2059 struct run_node *rn; 2060 2061 rate = ic->ic_sup_rates[ic->ic_curmode]. 2062 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2063 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2064 if (rt2860_rates[ridx].rate == rate) 2065 break; 2066 ni = ieee80211_ref_node(vap->iv_bss); 2067 rn = RUN_NODE(ni); 2068 rn->fix_ridx = ridx; 2069 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2070 rate, rn->fix_ridx); 2071 ieee80211_free_node(ni); 2072 } 2073 2074 #if 0 2075 if ((ifp->if_flags & IFF_UP) && 2076 (ifp->if_drv_flags & RUN_RUNNING)){ 2077 run_init_locked(sc); 2078 } 2079 #endif 2080 2081 RUN_UNLOCK(sc); 2082 2083 return (0); 2084 } 2085 2086 static int 2087 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2088 { 2089 const struct ieee80211_txparam *tp; 2090 struct ieee80211com *ic = vap->iv_ic; 2091 struct run_softc *sc = ic->ic_softc; 2092 struct run_vap *rvp = RUN_VAP(vap); 2093 enum ieee80211_state ostate; 2094 uint32_t sta[3]; 2095 uint32_t tmp; 2096 uint8_t ratectl; 2097 uint8_t restart_ratectl = 0; 2098 uint8_t bid = 1 << rvp->rvp_id; 2099 2100 ostate = vap->iv_state; 2101 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2102 ieee80211_state_name[ostate], 2103 ieee80211_state_name[nstate]); 2104 2105 IEEE80211_UNLOCK(ic); 2106 RUN_LOCK(sc); 2107 2108 ratectl = sc->ratectl_run; /* remember current state */ 2109 sc->ratectl_run = RUN_RATECTL_OFF; 2110 usb_callout_stop(&sc->ratectl_ch); 2111 2112 if (ostate == IEEE80211_S_RUN) { 2113 /* turn link LED off */ 2114 run_set_leds(sc, RT2860_LED_RADIO); 2115 } 2116 2117 switch (nstate) { 2118 case IEEE80211_S_INIT: 2119 restart_ratectl = 1; 2120 2121 if (ostate != IEEE80211_S_RUN) 2122 break; 2123 2124 ratectl &= ~bid; 2125 sc->runbmap &= ~bid; 2126 2127 /* abort TSF synchronization if there is no vap running */ 2128 if (--sc->running == 0) { 2129 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2130 run_write(sc, RT2860_BCN_TIME_CFG, 2131 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2132 RT2860_TBTT_TIMER_EN)); 2133 } 2134 break; 2135 2136 case IEEE80211_S_RUN: 2137 if (!(sc->runbmap & bid)) { 2138 if(sc->running++) 2139 restart_ratectl = 1; 2140 sc->runbmap |= bid; 2141 } 2142 2143 m_freem(rvp->beacon_mbuf); 2144 rvp->beacon_mbuf = NULL; 2145 2146 switch (vap->iv_opmode) { 2147 case IEEE80211_M_HOSTAP: 2148 case IEEE80211_M_MBSS: 2149 sc->ap_running |= bid; 2150 ic->ic_opmode = vap->iv_opmode; 2151 run_update_beacon_cb(vap); 2152 break; 2153 case IEEE80211_M_IBSS: 2154 sc->adhoc_running |= bid; 2155 if (!sc->ap_running) 2156 ic->ic_opmode = vap->iv_opmode; 2157 run_update_beacon_cb(vap); 2158 break; 2159 case IEEE80211_M_STA: 2160 sc->sta_running |= bid; 2161 if (!sc->ap_running && !sc->adhoc_running) 2162 ic->ic_opmode = vap->iv_opmode; 2163 2164 /* read statistic counters (clear on read) */ 2165 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2166 (uint8_t *)sta, sizeof sta); 2167 2168 break; 2169 default: 2170 ic->ic_opmode = vap->iv_opmode; 2171 break; 2172 } 2173 2174 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2175 struct ieee80211_node *ni; 2176 2177 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2178 RUN_UNLOCK(sc); 2179 IEEE80211_LOCK(ic); 2180 return (-1); 2181 } 2182 run_updateslot(ic); 2183 run_enable_mrr(sc); 2184 run_set_txpreamble(sc); 2185 run_set_basicrates(sc); 2186 ni = ieee80211_ref_node(vap->iv_bss); 2187 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2188 run_set_bssid(sc, sc->sc_bssid); 2189 ieee80211_free_node(ni); 2190 run_enable_tsf_sync(sc); 2191 2192 /* enable automatic rate adaptation */ 2193 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2194 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2195 ratectl |= bid; 2196 } else 2197 run_enable_tsf(sc); 2198 2199 /* turn link LED on */ 2200 run_set_leds(sc, RT2860_LED_RADIO | 2201 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2202 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2203 2204 break; 2205 default: 2206 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2207 break; 2208 } 2209 2210 /* restart amrr for running VAPs */ 2211 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2212 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2213 2214 RUN_UNLOCK(sc); 2215 IEEE80211_LOCK(ic); 2216 2217 return(rvp->newstate(vap, nstate, arg)); 2218 } 2219 2220 static int 2221 run_wme_update(struct ieee80211com *ic) 2222 { 2223 struct chanAccParams chp; 2224 struct run_softc *sc = ic->ic_softc; 2225 const struct wmeParams *ac; 2226 int aci, error = 0; 2227 2228 ieee80211_wme_ic_getparams(ic, &chp); 2229 ac = chp.cap_wmeParams; 2230 2231 /* update MAC TX configuration registers */ 2232 RUN_LOCK(sc); 2233 for (aci = 0; aci < WME_NUM_AC; aci++) { 2234 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2235 ac[aci].wmep_logcwmax << 16 | 2236 ac[aci].wmep_logcwmin << 12 | 2237 ac[aci].wmep_aifsn << 8 | 2238 ac[aci].wmep_txopLimit); 2239 if (error) goto err; 2240 } 2241 2242 /* update SCH/DMA registers too */ 2243 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2244 ac[WME_AC_VO].wmep_aifsn << 12 | 2245 ac[WME_AC_VI].wmep_aifsn << 8 | 2246 ac[WME_AC_BK].wmep_aifsn << 4 | 2247 ac[WME_AC_BE].wmep_aifsn); 2248 if (error) goto err; 2249 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2250 ac[WME_AC_VO].wmep_logcwmin << 12 | 2251 ac[WME_AC_VI].wmep_logcwmin << 8 | 2252 ac[WME_AC_BK].wmep_logcwmin << 4 | 2253 ac[WME_AC_BE].wmep_logcwmin); 2254 if (error) goto err; 2255 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2256 ac[WME_AC_VO].wmep_logcwmax << 12 | 2257 ac[WME_AC_VI].wmep_logcwmax << 8 | 2258 ac[WME_AC_BK].wmep_logcwmax << 4 | 2259 ac[WME_AC_BE].wmep_logcwmax); 2260 if (error) goto err; 2261 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2262 ac[WME_AC_BK].wmep_txopLimit << 16 | 2263 ac[WME_AC_BE].wmep_txopLimit); 2264 if (error) goto err; 2265 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2266 ac[WME_AC_VO].wmep_txopLimit << 16 | 2267 ac[WME_AC_VI].wmep_txopLimit); 2268 2269 err: 2270 RUN_UNLOCK(sc); 2271 if (error) 2272 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2273 2274 return (error); 2275 } 2276 2277 static void 2278 run_key_set_cb(void *arg) 2279 { 2280 struct run_cmdq *cmdq = arg; 2281 struct ieee80211vap *vap = cmdq->arg1; 2282 struct ieee80211_key *k = cmdq->k; 2283 struct ieee80211com *ic = vap->iv_ic; 2284 struct run_softc *sc = ic->ic_softc; 2285 struct ieee80211_node *ni; 2286 u_int cipher = k->wk_cipher->ic_cipher; 2287 uint32_t attr; 2288 uint16_t base, associd; 2289 uint8_t mode, wcid, iv[8]; 2290 2291 RUN_LOCK_ASSERT(sc, MA_OWNED); 2292 2293 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2294 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2295 else 2296 ni = vap->iv_bss; 2297 associd = (ni != NULL) ? ni->ni_associd : 0; 2298 2299 /* map net80211 cipher to RT2860 security mode */ 2300 switch (cipher) { 2301 case IEEE80211_CIPHER_WEP: 2302 if(k->wk_keylen < 8) 2303 mode = RT2860_MODE_WEP40; 2304 else 2305 mode = RT2860_MODE_WEP104; 2306 break; 2307 case IEEE80211_CIPHER_TKIP: 2308 mode = RT2860_MODE_TKIP; 2309 break; 2310 case IEEE80211_CIPHER_AES_CCM: 2311 mode = RT2860_MODE_AES_CCMP; 2312 break; 2313 default: 2314 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2315 return; 2316 } 2317 2318 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2319 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2320 associd, k->wk_keyix, mode, 2321 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2322 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2323 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2324 2325 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2326 wcid = 0; /* NB: update WCID0 for group keys */ 2327 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2328 } else { 2329 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2330 1 : RUN_AID2WCID(associd); 2331 base = RT2860_PKEY(wcid); 2332 } 2333 2334 if (cipher == IEEE80211_CIPHER_TKIP) { 2335 if(run_write_region_1(sc, base, k->wk_key, 16)) 2336 return; 2337 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2338 return; 2339 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2340 return; 2341 } else { 2342 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2343 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2344 return; 2345 } 2346 2347 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2348 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2349 /* set initial packet number in IV+EIV */ 2350 if (cipher == IEEE80211_CIPHER_WEP) { 2351 memset(iv, 0, sizeof iv); 2352 iv[3] = vap->iv_def_txkey << 6; 2353 } else { 2354 if (cipher == IEEE80211_CIPHER_TKIP) { 2355 iv[0] = k->wk_keytsc >> 8; 2356 iv[1] = (iv[0] | 0x20) & 0x7f; 2357 iv[2] = k->wk_keytsc; 2358 } else /* CCMP */ { 2359 iv[0] = k->wk_keytsc; 2360 iv[1] = k->wk_keytsc >> 8; 2361 iv[2] = 0; 2362 } 2363 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2364 iv[4] = k->wk_keytsc >> 16; 2365 iv[5] = k->wk_keytsc >> 24; 2366 iv[6] = k->wk_keytsc >> 32; 2367 iv[7] = k->wk_keytsc >> 40; 2368 } 2369 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2370 return; 2371 } 2372 2373 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2374 /* install group key */ 2375 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2376 return; 2377 attr &= ~(0xf << (k->wk_keyix * 4)); 2378 attr |= mode << (k->wk_keyix * 4); 2379 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2380 return; 2381 } else { 2382 /* install pairwise key */ 2383 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2384 return; 2385 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2386 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2387 return; 2388 } 2389 2390 /* TODO create a pass-thru key entry? */ 2391 2392 /* need wcid to delete the right key later */ 2393 k->wk_pad = wcid; 2394 } 2395 2396 /* 2397 * Don't have to be deferred, but in order to keep order of 2398 * execution, i.e. with run_key_delete(), defer this and let 2399 * run_cmdq_cb() maintain the order. 2400 * 2401 * return 0 on error 2402 */ 2403 static int 2404 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2405 { 2406 struct ieee80211com *ic = vap->iv_ic; 2407 struct run_softc *sc = ic->ic_softc; 2408 uint32_t i; 2409 2410 i = RUN_CMDQ_GET(&sc->cmdq_store); 2411 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2412 sc->cmdq[i].func = run_key_set_cb; 2413 sc->cmdq[i].arg0 = NULL; 2414 sc->cmdq[i].arg1 = vap; 2415 sc->cmdq[i].k = k; 2416 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2417 ieee80211_runtask(ic, &sc->cmdq_task); 2418 2419 /* 2420 * To make sure key will be set when hostapd 2421 * calls iv_key_set() before if_init(). 2422 */ 2423 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2424 RUN_LOCK(sc); 2425 sc->cmdq_key_set = RUN_CMDQ_GO; 2426 RUN_UNLOCK(sc); 2427 } 2428 2429 return (1); 2430 } 2431 2432 /* 2433 * If wlan is destroyed without being brought down i.e. without 2434 * wlan down or wpa_cli terminate, this function is called after 2435 * vap is gone. Don't refer it. 2436 */ 2437 static void 2438 run_key_delete_cb(void *arg) 2439 { 2440 struct run_cmdq *cmdq = arg; 2441 struct run_softc *sc = cmdq->arg1; 2442 struct ieee80211_key *k = &cmdq->key; 2443 uint32_t attr; 2444 uint8_t wcid; 2445 2446 RUN_LOCK_ASSERT(sc, MA_OWNED); 2447 2448 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2449 /* remove group key */ 2450 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2451 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2452 attr &= ~(0xf << (k->wk_keyix * 4)); 2453 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2454 } else { 2455 /* remove pairwise key */ 2456 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2457 "removing key for wcid %x\n", k->wk_pad); 2458 /* matching wcid was written to wk_pad in run_key_set() */ 2459 wcid = k->wk_pad; 2460 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2461 attr &= ~0xf; 2462 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2463 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2464 } 2465 2466 k->wk_pad = 0; 2467 } 2468 2469 /* 2470 * return 0 on error 2471 */ 2472 static int 2473 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2474 { 2475 struct ieee80211com *ic = vap->iv_ic; 2476 struct run_softc *sc = ic->ic_softc; 2477 struct ieee80211_key *k0; 2478 uint32_t i; 2479 2480 /* 2481 * When called back, key might be gone. So, make a copy 2482 * of some values need to delete keys before deferring. 2483 * But, because of LOR with node lock, cannot use lock here. 2484 * So, use atomic instead. 2485 */ 2486 i = RUN_CMDQ_GET(&sc->cmdq_store); 2487 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2488 sc->cmdq[i].func = run_key_delete_cb; 2489 sc->cmdq[i].arg0 = NULL; 2490 sc->cmdq[i].arg1 = sc; 2491 k0 = &sc->cmdq[i].key; 2492 k0->wk_flags = k->wk_flags; 2493 k0->wk_keyix = k->wk_keyix; 2494 /* matching wcid was written to wk_pad in run_key_set() */ 2495 k0->wk_pad = k->wk_pad; 2496 ieee80211_runtask(ic, &sc->cmdq_task); 2497 return (1); /* return fake success */ 2498 2499 } 2500 2501 static void 2502 run_ratectl_to(void *arg) 2503 { 2504 struct run_softc *sc = arg; 2505 2506 /* do it in a process context, so it can go sleep */ 2507 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2508 /* next timeout will be rescheduled in the callback task */ 2509 } 2510 2511 /* ARGSUSED */ 2512 static void 2513 run_ratectl_cb(void *arg, int pending) 2514 { 2515 struct run_softc *sc = arg; 2516 struct ieee80211com *ic = &sc->sc_ic; 2517 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2518 2519 if (vap == NULL) 2520 return; 2521 2522 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2523 /* 2524 * run_reset_livelock() doesn't do anything with AMRR, 2525 * but Ralink wants us to call it every 1 sec. So, we 2526 * piggyback here rather than creating another callout. 2527 * Livelock may occur only in HOSTAP or IBSS mode 2528 * (when h/w is sending beacons). 2529 */ 2530 RUN_LOCK(sc); 2531 run_reset_livelock(sc); 2532 /* just in case, there are some stats to drain */ 2533 run_drain_fifo(sc); 2534 RUN_UNLOCK(sc); 2535 } 2536 2537 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2538 2539 RUN_LOCK(sc); 2540 if(sc->ratectl_run != RUN_RATECTL_OFF) 2541 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2542 RUN_UNLOCK(sc); 2543 } 2544 2545 static void 2546 run_drain_fifo(void *arg) 2547 { 2548 struct run_softc *sc = arg; 2549 uint32_t stat; 2550 uint16_t (*wstat)[3]; 2551 uint8_t wcid, mcs, pid; 2552 int8_t retry; 2553 2554 RUN_LOCK_ASSERT(sc, MA_OWNED); 2555 2556 for (;;) { 2557 /* drain Tx status FIFO (maxsize = 16) */ 2558 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2559 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2560 if (!(stat & RT2860_TXQ_VLD)) 2561 break; 2562 2563 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2564 2565 /* if no ACK was requested, no feedback is available */ 2566 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2567 wcid == 0) 2568 continue; 2569 2570 /* 2571 * Even though each stat is Tx-complete-status like format, 2572 * the device can poll stats. Because there is no guarantee 2573 * that the referring node is still around when read the stats. 2574 * So that, if we use ieee80211_ratectl_tx_update(), we will 2575 * have hard time not to refer already freed node. 2576 * 2577 * To eliminate such page faults, we poll stats in softc. 2578 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2579 */ 2580 wstat = &(sc->wcid_stats[wcid]); 2581 (*wstat)[RUN_TXCNT]++; 2582 if (stat & RT2860_TXQ_OK) 2583 (*wstat)[RUN_SUCCESS]++; 2584 else 2585 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2586 /* 2587 * Check if there were retries, ie if the Tx success rate is 2588 * different from the requested rate. Note that it works only 2589 * because we do not allow rate fallback from OFDM to CCK. 2590 */ 2591 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2592 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2593 if ((retry = pid -1 - mcs) > 0) { 2594 (*wstat)[RUN_TXCNT] += retry; 2595 (*wstat)[RUN_RETRY] += retry; 2596 } 2597 } 2598 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2599 2600 sc->fifo_cnt = 0; 2601 } 2602 2603 static void 2604 run_iter_func(void *arg, struct ieee80211_node *ni) 2605 { 2606 struct run_softc *sc = arg; 2607 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2608 struct ieee80211vap *vap = ni->ni_vap; 2609 struct run_node *rn = RUN_NODE(ni); 2610 union run_stats sta[2]; 2611 uint16_t (*wstat)[3]; 2612 int error; 2613 2614 RUN_LOCK(sc); 2615 2616 /* Check for special case */ 2617 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2618 ni != vap->iv_bss) 2619 goto fail; 2620 2621 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2622 IEEE80211_RATECTL_TX_STATS_RETRIES; 2623 txs->ni = ni; 2624 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2625 vap->iv_opmode == IEEE80211_M_STA)) { 2626 /* read statistic counters (clear on read) and update AMRR state */ 2627 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2628 sizeof sta); 2629 if (error != 0) 2630 goto fail; 2631 2632 /* count failed TX as errors */ 2633 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2634 le16toh(sta[0].error.fail)); 2635 2636 txs->nretries = le16toh(sta[1].tx.retry); 2637 txs->nsuccess = le16toh(sta[1].tx.success); 2638 /* nretries??? */ 2639 txs->nframes = txs->nretries + txs->nsuccess + 2640 le16toh(sta[0].error.fail); 2641 2642 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2643 "retrycnt=%d success=%d failcnt=%d\n", 2644 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2645 } else { 2646 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2647 2648 if (wstat == &(sc->wcid_stats[0]) || 2649 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2650 goto fail; 2651 2652 txs->nretries = (*wstat)[RUN_RETRY]; 2653 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2654 txs->nframes = (*wstat)[RUN_TXCNT]; 2655 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2656 "retrycnt=%d txcnt=%d success=%d\n", 2657 txs->nretries, txs->nframes, txs->nsuccess); 2658 2659 memset(wstat, 0, sizeof(*wstat)); 2660 } 2661 2662 ieee80211_ratectl_tx_update(vap, txs); 2663 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2664 2665 fail: 2666 RUN_UNLOCK(sc); 2667 2668 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2669 } 2670 2671 static void 2672 run_newassoc_cb(void *arg) 2673 { 2674 struct run_cmdq *cmdq = arg; 2675 struct ieee80211_node *ni = cmdq->arg1; 2676 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2677 uint8_t wcid = cmdq->wcid; 2678 2679 RUN_LOCK_ASSERT(sc, MA_OWNED); 2680 2681 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2682 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2683 2684 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2685 } 2686 2687 static void 2688 run_newassoc(struct ieee80211_node *ni, int isnew) 2689 { 2690 struct run_node *rn = RUN_NODE(ni); 2691 struct ieee80211_rateset *rs = &ni->ni_rates; 2692 struct ieee80211vap *vap = ni->ni_vap; 2693 struct ieee80211com *ic = vap->iv_ic; 2694 struct run_softc *sc = ic->ic_softc; 2695 uint8_t rate; 2696 uint8_t ridx; 2697 uint8_t wcid; 2698 int i, j; 2699 2700 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2701 1 : RUN_AID2WCID(ni->ni_associd); 2702 2703 if (wcid > RT2870_WCID_MAX) { 2704 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2705 return; 2706 } 2707 2708 /* only interested in true associations */ 2709 if (isnew && ni->ni_associd != 0) { 2710 2711 /* 2712 * This function could is called though timeout function. 2713 * Need to defer. 2714 */ 2715 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2716 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2717 sc->cmdq[cnt].func = run_newassoc_cb; 2718 sc->cmdq[cnt].arg0 = NULL; 2719 sc->cmdq[cnt].arg1 = ni; 2720 sc->cmdq[cnt].wcid = wcid; 2721 ieee80211_runtask(ic, &sc->cmdq_task); 2722 } 2723 2724 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2725 "new assoc isnew=%d associd=%x addr=%s\n", 2726 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2727 2728 for (i = 0; i < rs->rs_nrates; i++) { 2729 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2730 /* convert 802.11 rate to hardware rate index */ 2731 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2732 if (rt2860_rates[ridx].rate == rate) 2733 break; 2734 rn->ridx[i] = ridx; 2735 /* determine rate of control response frames */ 2736 for (j = i; j >= 0; j--) { 2737 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2738 rt2860_rates[rn->ridx[i]].phy == 2739 rt2860_rates[rn->ridx[j]].phy) 2740 break; 2741 } 2742 if (j >= 0) { 2743 rn->ctl_ridx[i] = rn->ridx[j]; 2744 } else { 2745 /* no basic rate found, use mandatory one */ 2746 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2747 } 2748 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2749 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2750 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2751 } 2752 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2753 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2754 if (rt2860_rates[ridx].rate == rate) 2755 break; 2756 rn->mgt_ridx = ridx; 2757 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2758 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2759 2760 RUN_LOCK(sc); 2761 if(sc->ratectl_run != RUN_RATECTL_OFF) 2762 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2763 RUN_UNLOCK(sc); 2764 } 2765 2766 /* 2767 * Return the Rx chain with the highest RSSI for a given frame. 2768 */ 2769 static __inline uint8_t 2770 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2771 { 2772 uint8_t rxchain = 0; 2773 2774 if (sc->nrxchains > 1) { 2775 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2776 rxchain = 1; 2777 if (sc->nrxchains > 2) 2778 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2779 rxchain = 2; 2780 } 2781 return (rxchain); 2782 } 2783 2784 static void 2785 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2786 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2787 { 2788 struct ieee80211vap *vap = ni->ni_vap; 2789 struct run_softc *sc = vap->iv_ic->ic_softc; 2790 struct run_vap *rvp = RUN_VAP(vap); 2791 uint64_t ni_tstamp, rx_tstamp; 2792 2793 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2794 2795 if (vap->iv_state == IEEE80211_S_RUN && 2796 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2797 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2798 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2799 RUN_LOCK(sc); 2800 run_get_tsf(sc, &rx_tstamp); 2801 RUN_UNLOCK(sc); 2802 rx_tstamp = le64toh(rx_tstamp); 2803 2804 if (ni_tstamp >= rx_tstamp) { 2805 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2806 "ibss merge, tsf %ju tstamp %ju\n", 2807 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2808 (void) ieee80211_ibss_merge(ni); 2809 } 2810 } 2811 } 2812 2813 static void 2814 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2815 { 2816 struct ieee80211com *ic = &sc->sc_ic; 2817 struct ieee80211_frame *wh; 2818 struct ieee80211_node *ni; 2819 struct rt2870_rxd *rxd; 2820 struct rt2860_rxwi *rxwi; 2821 uint32_t flags; 2822 uint16_t len, rxwisize; 2823 uint8_t ant, rssi; 2824 int8_t nf; 2825 2826 rxwi = mtod(m, struct rt2860_rxwi *); 2827 len = le16toh(rxwi->len) & 0xfff; 2828 rxwisize = sizeof(struct rt2860_rxwi); 2829 if (sc->mac_ver == 0x5592) 2830 rxwisize += sizeof(uint64_t); 2831 else if (sc->mac_ver == 0x3593) 2832 rxwisize += sizeof(uint32_t); 2833 if (__predict_false(len > dmalen)) { 2834 m_freem(m); 2835 counter_u64_add(ic->ic_ierrors, 1); 2836 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2837 "bad RXWI length %u > %u\n", len, dmalen); 2838 return; 2839 } 2840 /* Rx descriptor is located at the end */ 2841 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2842 flags = le32toh(rxd->flags); 2843 2844 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2845 m_freem(m); 2846 counter_u64_add(ic->ic_ierrors, 1); 2847 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2848 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2849 return; 2850 } 2851 2852 m->m_data += rxwisize; 2853 m->m_pkthdr.len = m->m_len -= rxwisize; 2854 2855 wh = mtod(m, struct ieee80211_frame *); 2856 2857 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2858 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2859 m->m_flags |= M_WEP; 2860 } 2861 2862 if (flags & RT2860_RX_L2PAD) { 2863 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2864 "received RT2860_RX_L2PAD frame\n"); 2865 len += 2; 2866 } 2867 2868 ni = ieee80211_find_rxnode(ic, 2869 mtod(m, struct ieee80211_frame_min *)); 2870 2871 if (__predict_false(flags & RT2860_RX_MICERR)) { 2872 /* report MIC failures to net80211 for TKIP */ 2873 if (ni != NULL) 2874 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2875 rxwi->keyidx); 2876 m_freem(m); 2877 counter_u64_add(ic->ic_ierrors, 1); 2878 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2879 "MIC error. Someone is lying.\n"); 2880 return; 2881 } 2882 2883 ant = run_maxrssi_chain(sc, rxwi); 2884 rssi = rxwi->rssi[ant]; 2885 nf = run_rssi2dbm(sc, rssi, ant); 2886 2887 m->m_pkthdr.len = m->m_len = len; 2888 2889 if (__predict_false(ieee80211_radiotap_active(ic))) { 2890 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2891 uint16_t phy; 2892 2893 tap->wr_flags = 0; 2894 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2895 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2896 tap->wr_antsignal = rssi; 2897 tap->wr_antenna = ant; 2898 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2899 tap->wr_rate = 2; /* in case it can't be found below */ 2900 RUN_LOCK(sc); 2901 run_get_tsf(sc, &tap->wr_tsf); 2902 RUN_UNLOCK(sc); 2903 phy = le16toh(rxwi->phy); 2904 switch (phy & RT2860_PHY_MODE) { 2905 case RT2860_PHY_CCK: 2906 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2907 case 0: tap->wr_rate = 2; break; 2908 case 1: tap->wr_rate = 4; break; 2909 case 2: tap->wr_rate = 11; break; 2910 case 3: tap->wr_rate = 22; break; 2911 } 2912 if (phy & RT2860_PHY_SHPRE) 2913 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2914 break; 2915 case RT2860_PHY_OFDM: 2916 switch (phy & RT2860_PHY_MCS) { 2917 case 0: tap->wr_rate = 12; break; 2918 case 1: tap->wr_rate = 18; break; 2919 case 2: tap->wr_rate = 24; break; 2920 case 3: tap->wr_rate = 36; break; 2921 case 4: tap->wr_rate = 48; break; 2922 case 5: tap->wr_rate = 72; break; 2923 case 6: tap->wr_rate = 96; break; 2924 case 7: tap->wr_rate = 108; break; 2925 } 2926 break; 2927 } 2928 } 2929 2930 if (ni != NULL) { 2931 (void)ieee80211_input(ni, m, rssi, nf); 2932 ieee80211_free_node(ni); 2933 } else { 2934 (void)ieee80211_input_all(ic, m, rssi, nf); 2935 } 2936 } 2937 2938 static void 2939 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2940 { 2941 struct run_softc *sc = usbd_xfer_softc(xfer); 2942 struct ieee80211com *ic = &sc->sc_ic; 2943 struct mbuf *m = NULL; 2944 struct mbuf *m0; 2945 uint32_t dmalen; 2946 uint16_t rxwisize; 2947 int xferlen; 2948 2949 rxwisize = sizeof(struct rt2860_rxwi); 2950 if (sc->mac_ver == 0x5592) 2951 rxwisize += sizeof(uint64_t); 2952 else if (sc->mac_ver == 0x3593) 2953 rxwisize += sizeof(uint32_t); 2954 2955 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2956 2957 switch (USB_GET_STATE(xfer)) { 2958 case USB_ST_TRANSFERRED: 2959 2960 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2961 "rx done, actlen=%d\n", xferlen); 2962 2963 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2964 sizeof(struct rt2870_rxd))) { 2965 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2966 "xfer too short %d\n", xferlen); 2967 goto tr_setup; 2968 } 2969 2970 m = sc->rx_m; 2971 sc->rx_m = NULL; 2972 2973 /* FALLTHROUGH */ 2974 case USB_ST_SETUP: 2975 tr_setup: 2976 if (sc->rx_m == NULL) { 2977 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2978 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2979 } 2980 if (sc->rx_m == NULL) { 2981 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2982 "could not allocate mbuf - idle with stall\n"); 2983 counter_u64_add(ic->ic_ierrors, 1); 2984 usbd_xfer_set_stall(xfer); 2985 usbd_xfer_set_frames(xfer, 0); 2986 } else { 2987 /* 2988 * Directly loading a mbuf cluster into DMA to 2989 * save some data copying. This works because 2990 * there is only one cluster. 2991 */ 2992 usbd_xfer_set_frame_data(xfer, 0, 2993 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2994 usbd_xfer_set_frames(xfer, 1); 2995 } 2996 usbd_transfer_submit(xfer); 2997 break; 2998 2999 default: /* Error */ 3000 if (error != USB_ERR_CANCELLED) { 3001 /* try to clear stall first */ 3002 usbd_xfer_set_stall(xfer); 3003 if (error == USB_ERR_TIMEOUT) 3004 device_printf(sc->sc_dev, "device timeout\n"); 3005 counter_u64_add(ic->ic_ierrors, 1); 3006 goto tr_setup; 3007 } 3008 if (sc->rx_m != NULL) { 3009 m_freem(sc->rx_m); 3010 sc->rx_m = NULL; 3011 } 3012 break; 3013 } 3014 3015 if (m == NULL) 3016 return; 3017 3018 /* inputting all the frames must be last */ 3019 3020 RUN_UNLOCK(sc); 3021 3022 m->m_pkthdr.len = m->m_len = xferlen; 3023 3024 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3025 for(;;) { 3026 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3027 3028 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3029 ((dmalen & 3) != 0)) { 3030 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3031 "bad DMA length %u\n", dmalen); 3032 break; 3033 } 3034 if ((dmalen + 8) > (uint32_t)xferlen) { 3035 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3036 "bad DMA length %u > %d\n", 3037 dmalen + 8, xferlen); 3038 break; 3039 } 3040 3041 /* If it is the last one or a single frame, we won't copy. */ 3042 if ((xferlen -= dmalen + 8) <= 8) { 3043 /* trim 32-bit DMA-len header */ 3044 m->m_data += 4; 3045 m->m_pkthdr.len = m->m_len -= 4; 3046 run_rx_frame(sc, m, dmalen); 3047 m = NULL; /* don't free source buffer */ 3048 break; 3049 } 3050 3051 /* copy aggregated frames to another mbuf */ 3052 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3053 if (__predict_false(m0 == NULL)) { 3054 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3055 "could not allocate mbuf\n"); 3056 counter_u64_add(ic->ic_ierrors, 1); 3057 break; 3058 } 3059 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3060 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3061 m0->m_pkthdr.len = m0->m_len = 3062 dmalen + sizeof(struct rt2870_rxd); 3063 run_rx_frame(sc, m0, dmalen); 3064 3065 /* update data ptr */ 3066 m->m_data += dmalen + 8; 3067 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3068 } 3069 3070 /* make sure we free the source buffer, if any */ 3071 m_freem(m); 3072 3073 RUN_LOCK(sc); 3074 } 3075 3076 static void 3077 run_tx_free(struct run_endpoint_queue *pq, 3078 struct run_tx_data *data, int txerr) 3079 { 3080 3081 ieee80211_tx_complete(data->ni, data->m, txerr); 3082 3083 data->m = NULL; 3084 data->ni = NULL; 3085 3086 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3087 pq->tx_nfree++; 3088 } 3089 3090 static void 3091 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3092 { 3093 struct run_softc *sc = usbd_xfer_softc(xfer); 3094 struct ieee80211com *ic = &sc->sc_ic; 3095 struct run_tx_data *data; 3096 struct ieee80211vap *vap = NULL; 3097 struct usb_page_cache *pc; 3098 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3099 struct mbuf *m; 3100 usb_frlength_t size; 3101 int actlen; 3102 int sumlen; 3103 3104 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3105 3106 switch (USB_GET_STATE(xfer)) { 3107 case USB_ST_TRANSFERRED: 3108 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3109 "transfer complete: %d bytes @ index %d\n", actlen, index); 3110 3111 data = usbd_xfer_get_priv(xfer); 3112 run_tx_free(pq, data, 0); 3113 usbd_xfer_set_priv(xfer, NULL); 3114 3115 /* FALLTHROUGH */ 3116 case USB_ST_SETUP: 3117 tr_setup: 3118 data = STAILQ_FIRST(&pq->tx_qh); 3119 if (data == NULL) 3120 break; 3121 3122 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3123 3124 m = data->m; 3125 size = (sc->mac_ver == 0x5592) ? 3126 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3127 if ((m->m_pkthdr.len + 3128 size + 3 + 8) > RUN_MAX_TXSZ) { 3129 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3130 "data overflow, %u bytes\n", m->m_pkthdr.len); 3131 run_tx_free(pq, data, 1); 3132 goto tr_setup; 3133 } 3134 3135 pc = usbd_xfer_get_frame(xfer, 0); 3136 usbd_copy_in(pc, 0, &data->desc, size); 3137 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3138 size += m->m_pkthdr.len; 3139 /* 3140 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3141 * 4-byte padding), and be sure to zero those trailing 3142 * bytes: 3143 */ 3144 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3145 size += ((-size) & 3) + 8; 3146 3147 vap = data->ni->ni_vap; 3148 if (ieee80211_radiotap_active_vap(vap)) { 3149 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3150 struct rt2860_txwi *txwi = 3151 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3152 tap->wt_flags = 0; 3153 tap->wt_rate = rt2860_rates[data->ridx].rate; 3154 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3155 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3156 tap->wt_hwqueue = index; 3157 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3158 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3159 3160 ieee80211_radiotap_tx(vap, m); 3161 } 3162 3163 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3164 "sending frame len=%u/%u @ index %d\n", 3165 m->m_pkthdr.len, size, index); 3166 3167 usbd_xfer_set_frame_len(xfer, 0, size); 3168 usbd_xfer_set_priv(xfer, data); 3169 usbd_transfer_submit(xfer); 3170 run_start(sc); 3171 3172 break; 3173 3174 default: 3175 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3176 "USB transfer error, %s\n", usbd_errstr(error)); 3177 3178 data = usbd_xfer_get_priv(xfer); 3179 3180 if (data != NULL) { 3181 if(data->ni != NULL) 3182 vap = data->ni->ni_vap; 3183 run_tx_free(pq, data, error); 3184 usbd_xfer_set_priv(xfer, NULL); 3185 } 3186 3187 if (vap == NULL) 3188 vap = TAILQ_FIRST(&ic->ic_vaps); 3189 3190 if (error != USB_ERR_CANCELLED) { 3191 if (error == USB_ERR_TIMEOUT) { 3192 device_printf(sc->sc_dev, "device timeout\n"); 3193 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3194 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3195 "cmdq_store=%d\n", i); 3196 sc->cmdq[i].func = run_usb_timeout_cb; 3197 sc->cmdq[i].arg0 = vap; 3198 ieee80211_runtask(ic, &sc->cmdq_task); 3199 } 3200 3201 /* 3202 * Try to clear stall first, also if other 3203 * errors occur, hence clearing stall 3204 * introduces a 50 ms delay: 3205 */ 3206 usbd_xfer_set_stall(xfer); 3207 goto tr_setup; 3208 } 3209 break; 3210 } 3211 } 3212 3213 static void 3214 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3215 { 3216 run_bulk_tx_callbackN(xfer, error, 0); 3217 } 3218 3219 static void 3220 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3221 { 3222 run_bulk_tx_callbackN(xfer, error, 1); 3223 } 3224 3225 static void 3226 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3227 { 3228 run_bulk_tx_callbackN(xfer, error, 2); 3229 } 3230 3231 static void 3232 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3233 { 3234 run_bulk_tx_callbackN(xfer, error, 3); 3235 } 3236 3237 static void 3238 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3239 { 3240 run_bulk_tx_callbackN(xfer, error, 4); 3241 } 3242 3243 static void 3244 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3245 { 3246 run_bulk_tx_callbackN(xfer, error, 5); 3247 } 3248 3249 static void 3250 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3251 { 3252 struct mbuf *m = data->m; 3253 struct ieee80211com *ic = &sc->sc_ic; 3254 struct ieee80211vap *vap = data->ni->ni_vap; 3255 struct ieee80211_frame *wh; 3256 struct rt2870_txd *txd; 3257 struct rt2860_txwi *txwi; 3258 uint16_t xferlen, txwisize; 3259 uint16_t mcs; 3260 uint8_t ridx = data->ridx; 3261 uint8_t pad; 3262 3263 /* get MCS code from rate index */ 3264 mcs = rt2860_rates[ridx].mcs; 3265 3266 txwisize = (sc->mac_ver == 0x5592) ? 3267 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3268 xferlen = txwisize + m->m_pkthdr.len; 3269 3270 /* roundup to 32-bit alignment */ 3271 xferlen = (xferlen + 3) & ~3; 3272 3273 txd = (struct rt2870_txd *)&data->desc; 3274 txd->len = htole16(xferlen); 3275 3276 wh = mtod(m, struct ieee80211_frame *); 3277 3278 /* 3279 * Ether both are true or both are false, the header 3280 * are nicely aligned to 32-bit. So, no L2 padding. 3281 */ 3282 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3283 pad = 0; 3284 else 3285 pad = 2; 3286 3287 /* setup TX Wireless Information */ 3288 txwi = (struct rt2860_txwi *)(txd + 1); 3289 txwi->len = htole16(m->m_pkthdr.len - pad); 3290 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3291 mcs |= RT2860_PHY_CCK; 3292 if (ridx != RT2860_RIDX_CCK1 && 3293 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3294 mcs |= RT2860_PHY_SHPRE; 3295 } else 3296 mcs |= RT2860_PHY_OFDM; 3297 txwi->phy = htole16(mcs); 3298 3299 /* check if RTS/CTS or CTS-to-self protection is required */ 3300 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3301 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3302 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3303 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3304 txwi->txop |= RT2860_TX_TXOP_HT; 3305 else 3306 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3307 3308 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3309 txwi->xflags |= RT2860_TX_NSEQ; 3310 } 3311 3312 /* This function must be called locked */ 3313 static int 3314 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3315 { 3316 struct ieee80211com *ic = &sc->sc_ic; 3317 struct ieee80211vap *vap = ni->ni_vap; 3318 struct ieee80211_frame *wh; 3319 const struct ieee80211_txparam *tp = ni->ni_txparms; 3320 struct run_node *rn = RUN_NODE(ni); 3321 struct run_tx_data *data; 3322 struct rt2870_txd *txd; 3323 struct rt2860_txwi *txwi; 3324 uint16_t qos; 3325 uint16_t dur; 3326 uint16_t qid; 3327 uint8_t type; 3328 uint8_t tid; 3329 uint8_t ridx; 3330 uint8_t ctl_ridx; 3331 uint8_t qflags; 3332 uint8_t xflags = 0; 3333 int hasqos; 3334 3335 RUN_LOCK_ASSERT(sc, MA_OWNED); 3336 3337 wh = mtod(m, struct ieee80211_frame *); 3338 3339 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3340 3341 /* 3342 * There are 7 bulk endpoints: 1 for RX 3343 * and 6 for TX (4 EDCAs + HCCA + Prio). 3344 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3345 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3346 */ 3347 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3348 uint8_t *frm; 3349 3350 if(IEEE80211_HAS_ADDR4(wh)) 3351 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3352 else 3353 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3354 3355 qos = le16toh(*(const uint16_t *)frm); 3356 tid = qos & IEEE80211_QOS_TID; 3357 qid = TID_TO_WME_AC(tid); 3358 } else { 3359 qos = 0; 3360 tid = 0; 3361 qid = WME_AC_BE; 3362 } 3363 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3364 3365 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3366 qos, qid, tid, qflags); 3367 3368 /* pickup a rate index */ 3369 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3370 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3371 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3372 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3373 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3374 } else { 3375 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3376 ridx = rn->fix_ridx; 3377 else 3378 ridx = rn->amrr_ridx; 3379 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3380 } 3381 3382 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3383 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3384 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3385 xflags |= RT2860_TX_ACK; 3386 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3387 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3388 else 3389 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3390 USETW(wh->i_dur, dur); 3391 } 3392 3393 /* reserve slots for mgmt packets, just in case */ 3394 if (sc->sc_epq[qid].tx_nfree < 3) { 3395 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3396 return (-1); 3397 } 3398 3399 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3400 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3401 sc->sc_epq[qid].tx_nfree--; 3402 3403 txd = (struct rt2870_txd *)&data->desc; 3404 txd->flags = qflags; 3405 txwi = (struct rt2860_txwi *)(txd + 1); 3406 txwi->xflags = xflags; 3407 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3408 txwi->wcid = 0; 3409 else 3410 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3411 1 : RUN_AID2WCID(ni->ni_associd); 3412 3413 /* clear leftover garbage bits */ 3414 txwi->flags = 0; 3415 txwi->txop = 0; 3416 3417 data->m = m; 3418 data->ni = ni; 3419 data->ridx = ridx; 3420 3421 run_set_tx_desc(sc, data); 3422 3423 /* 3424 * The chip keeps track of 2 kind of Tx stats, 3425 * * TX_STAT_FIFO, for per WCID stats, and 3426 * * TX_STA_CNT0 for all-TX-in-one stats. 3427 * 3428 * To use FIFO stats, we need to store MCS into the driver-private 3429 * PacketID field. So that, we can tell whose stats when we read them. 3430 * We add 1 to the MCS because setting the PacketID field to 0 means 3431 * that we don't want feedback in TX_STAT_FIFO. 3432 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3433 * 3434 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3435 */ 3436 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3437 vap->iv_opmode == IEEE80211_M_MBSS) { 3438 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3439 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3440 3441 /* 3442 * Unlike PCI based devices, we don't get any interrupt from 3443 * USB devices, so we simulate FIFO-is-full interrupt here. 3444 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3445 * quickly get fulled. To prevent overflow, increment a counter on 3446 * every FIFO stat request, so we know how many slots are left. 3447 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3448 * are used only in those modes. 3449 * We just drain stats. AMRR gets updated every 1 sec by 3450 * run_ratectl_cb() via callout. 3451 * Call it early. Otherwise overflow. 3452 */ 3453 if (sc->fifo_cnt++ == 10) { 3454 /* 3455 * With multiple vaps or if_bridge, if_start() is called 3456 * with a non-sleepable lock, tcpinp. So, need to defer. 3457 */ 3458 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3459 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3460 sc->cmdq[i].func = run_drain_fifo; 3461 sc->cmdq[i].arg0 = sc; 3462 ieee80211_runtask(ic, &sc->cmdq_task); 3463 } 3464 } 3465 3466 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3467 3468 usbd_transfer_start(sc->sc_xfer[qid]); 3469 3470 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3471 "sending data frame len=%d rate=%d qid=%d\n", 3472 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3473 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3474 3475 return (0); 3476 } 3477 3478 static int 3479 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3480 { 3481 struct ieee80211com *ic = &sc->sc_ic; 3482 struct run_node *rn = RUN_NODE(ni); 3483 struct run_tx_data *data; 3484 struct ieee80211_frame *wh; 3485 struct rt2870_txd *txd; 3486 struct rt2860_txwi *txwi; 3487 uint16_t dur; 3488 uint8_t ridx = rn->mgt_ridx; 3489 uint8_t xflags = 0; 3490 uint8_t wflags = 0; 3491 3492 RUN_LOCK_ASSERT(sc, MA_OWNED); 3493 3494 wh = mtod(m, struct ieee80211_frame *); 3495 3496 /* tell hardware to add timestamp for probe responses */ 3497 if ((wh->i_fc[0] & 3498 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3499 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3500 wflags |= RT2860_TX_TS; 3501 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3502 xflags |= RT2860_TX_ACK; 3503 3504 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3505 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3506 USETW(wh->i_dur, dur); 3507 } 3508 3509 if (sc->sc_epq[0].tx_nfree == 0) 3510 /* let caller free mbuf */ 3511 return (EIO); 3512 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3513 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3514 sc->sc_epq[0].tx_nfree--; 3515 3516 txd = (struct rt2870_txd *)&data->desc; 3517 txd->flags = RT2860_TX_QSEL_EDCA; 3518 txwi = (struct rt2860_txwi *)(txd + 1); 3519 txwi->wcid = 0xff; 3520 txwi->flags = wflags; 3521 txwi->xflags = xflags; 3522 txwi->txop = 0; /* clear leftover garbage bits */ 3523 3524 data->m = m; 3525 data->ni = ni; 3526 data->ridx = ridx; 3527 3528 run_set_tx_desc(sc, data); 3529 3530 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3531 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3532 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3533 3534 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3535 3536 usbd_transfer_start(sc->sc_xfer[0]); 3537 3538 return (0); 3539 } 3540 3541 static int 3542 run_sendprot(struct run_softc *sc, 3543 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3544 { 3545 struct ieee80211com *ic = ni->ni_ic; 3546 struct run_tx_data *data; 3547 struct rt2870_txd *txd; 3548 struct rt2860_txwi *txwi; 3549 struct mbuf *mprot; 3550 int ridx; 3551 int protrate; 3552 uint8_t wflags = 0; 3553 uint8_t xflags = 0; 3554 3555 RUN_LOCK_ASSERT(sc, MA_OWNED); 3556 3557 /* check that there are free slots before allocating the mbuf */ 3558 if (sc->sc_epq[0].tx_nfree == 0) 3559 /* let caller free mbuf */ 3560 return (ENOBUFS); 3561 3562 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3563 if (mprot == NULL) { 3564 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3565 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3566 return (ENOBUFS); 3567 } 3568 3569 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3570 wflags = RT2860_TX_FRAG; 3571 xflags = 0; 3572 if (prot == IEEE80211_PROT_RTSCTS) 3573 xflags |= RT2860_TX_ACK; 3574 3575 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3576 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3577 sc->sc_epq[0].tx_nfree--; 3578 3579 txd = (struct rt2870_txd *)&data->desc; 3580 txd->flags = RT2860_TX_QSEL_EDCA; 3581 txwi = (struct rt2860_txwi *)(txd + 1); 3582 txwi->wcid = 0xff; 3583 txwi->flags = wflags; 3584 txwi->xflags = xflags; 3585 txwi->txop = 0; /* clear leftover garbage bits */ 3586 3587 data->m = mprot; 3588 data->ni = ieee80211_ref_node(ni); 3589 3590 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3591 if (rt2860_rates[ridx].rate == protrate) 3592 break; 3593 data->ridx = ridx; 3594 3595 run_set_tx_desc(sc, data); 3596 3597 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3598 m->m_pkthdr.len, rate); 3599 3600 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3601 3602 usbd_transfer_start(sc->sc_xfer[0]); 3603 3604 return (0); 3605 } 3606 3607 static int 3608 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3609 const struct ieee80211_bpf_params *params) 3610 { 3611 struct ieee80211com *ic = ni->ni_ic; 3612 struct run_tx_data *data; 3613 struct rt2870_txd *txd; 3614 struct rt2860_txwi *txwi; 3615 uint8_t ridx; 3616 uint8_t rate; 3617 uint8_t opflags = 0; 3618 uint8_t xflags = 0; 3619 int error; 3620 3621 RUN_LOCK_ASSERT(sc, MA_OWNED); 3622 3623 KASSERT(params != NULL, ("no raw xmit params")); 3624 3625 rate = params->ibp_rate0; 3626 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3627 /* let caller free mbuf */ 3628 return (EINVAL); 3629 } 3630 3631 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3632 xflags |= RT2860_TX_ACK; 3633 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3634 error = run_sendprot(sc, m, ni, 3635 params->ibp_flags & IEEE80211_BPF_RTS ? 3636 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3637 rate); 3638 if (error) { 3639 /* let caller free mbuf */ 3640 return error; 3641 } 3642 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3643 } 3644 3645 if (sc->sc_epq[0].tx_nfree == 0) { 3646 /* let caller free mbuf */ 3647 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3648 "sending raw frame, but tx ring is full\n"); 3649 return (EIO); 3650 } 3651 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3652 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3653 sc->sc_epq[0].tx_nfree--; 3654 3655 txd = (struct rt2870_txd *)&data->desc; 3656 txd->flags = RT2860_TX_QSEL_EDCA; 3657 txwi = (struct rt2860_txwi *)(txd + 1); 3658 txwi->wcid = 0xff; 3659 txwi->xflags = xflags; 3660 txwi->txop = opflags; 3661 txwi->flags = 0; /* clear leftover garbage bits */ 3662 3663 data->m = m; 3664 data->ni = ni; 3665 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3666 if (rt2860_rates[ridx].rate == rate) 3667 break; 3668 data->ridx = ridx; 3669 3670 run_set_tx_desc(sc, data); 3671 3672 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3673 m->m_pkthdr.len, rate); 3674 3675 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3676 3677 usbd_transfer_start(sc->sc_xfer[0]); 3678 3679 return (0); 3680 } 3681 3682 static int 3683 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3684 const struct ieee80211_bpf_params *params) 3685 { 3686 struct run_softc *sc = ni->ni_ic->ic_softc; 3687 int error = 0; 3688 3689 RUN_LOCK(sc); 3690 3691 /* prevent management frames from being sent if we're not ready */ 3692 if (!(sc->sc_flags & RUN_RUNNING)) { 3693 error = ENETDOWN; 3694 goto done; 3695 } 3696 3697 if (params == NULL) { 3698 /* tx mgt packet */ 3699 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3700 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3701 goto done; 3702 } 3703 } else { 3704 /* tx raw packet with param */ 3705 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3706 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3707 goto done; 3708 } 3709 } 3710 3711 done: 3712 RUN_UNLOCK(sc); 3713 3714 if (error != 0) { 3715 if(m != NULL) 3716 m_freem(m); 3717 } 3718 3719 return (error); 3720 } 3721 3722 static int 3723 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3724 { 3725 struct run_softc *sc = ic->ic_softc; 3726 int error; 3727 3728 RUN_LOCK(sc); 3729 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3730 RUN_UNLOCK(sc); 3731 return (ENXIO); 3732 } 3733 error = mbufq_enqueue(&sc->sc_snd, m); 3734 if (error) { 3735 RUN_UNLOCK(sc); 3736 return (error); 3737 } 3738 run_start(sc); 3739 RUN_UNLOCK(sc); 3740 3741 return (0); 3742 } 3743 3744 static void 3745 run_start(struct run_softc *sc) 3746 { 3747 struct ieee80211_node *ni; 3748 struct mbuf *m; 3749 3750 RUN_LOCK_ASSERT(sc, MA_OWNED); 3751 3752 if ((sc->sc_flags & RUN_RUNNING) == 0) 3753 return; 3754 3755 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3756 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3757 if (run_tx(sc, m, ni) != 0) { 3758 mbufq_prepend(&sc->sc_snd, m); 3759 break; 3760 } 3761 } 3762 } 3763 3764 static void 3765 run_parent(struct ieee80211com *ic) 3766 { 3767 struct run_softc *sc = ic->ic_softc; 3768 int startall = 0; 3769 3770 RUN_LOCK(sc); 3771 if (sc->sc_detached) { 3772 RUN_UNLOCK(sc); 3773 return; 3774 } 3775 3776 if (ic->ic_nrunning > 0) { 3777 if (!(sc->sc_flags & RUN_RUNNING)) { 3778 startall = 1; 3779 run_init_locked(sc); 3780 } else 3781 run_update_promisc_locked(sc); 3782 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3783 run_stop(sc); 3784 RUN_UNLOCK(sc); 3785 if (startall) 3786 ieee80211_start_all(ic); 3787 } 3788 3789 static void 3790 run_iq_calib(struct run_softc *sc, u_int chan) 3791 { 3792 uint16_t val; 3793 3794 /* Tx0 IQ gain. */ 3795 run_bbp_write(sc, 158, 0x2c); 3796 if (chan <= 14) 3797 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3798 else if (chan <= 64) { 3799 run_efuse_read(sc, 3800 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3801 &val, 1); 3802 } else if (chan <= 138) { 3803 run_efuse_read(sc, 3804 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3805 &val, 1); 3806 } else if (chan <= 165) { 3807 run_efuse_read(sc, 3808 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3809 &val, 1); 3810 } else 3811 val = 0; 3812 run_bbp_write(sc, 159, val); 3813 3814 /* Tx0 IQ phase. */ 3815 run_bbp_write(sc, 158, 0x2d); 3816 if (chan <= 14) { 3817 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3818 &val, 1); 3819 } else if (chan <= 64) { 3820 run_efuse_read(sc, 3821 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3822 &val, 1); 3823 } else if (chan <= 138) { 3824 run_efuse_read(sc, 3825 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3826 &val, 1); 3827 } else if (chan <= 165) { 3828 run_efuse_read(sc, 3829 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3830 &val, 1); 3831 } else 3832 val = 0; 3833 run_bbp_write(sc, 159, val); 3834 3835 /* Tx1 IQ gain. */ 3836 run_bbp_write(sc, 158, 0x4a); 3837 if (chan <= 14) { 3838 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3839 &val, 1); 3840 } else if (chan <= 64) { 3841 run_efuse_read(sc, 3842 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3843 &val, 1); 3844 } else if (chan <= 138) { 3845 run_efuse_read(sc, 3846 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3847 &val, 1); 3848 } else if (chan <= 165) { 3849 run_efuse_read(sc, 3850 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3851 &val, 1); 3852 } else 3853 val = 0; 3854 run_bbp_write(sc, 159, val); 3855 3856 /* Tx1 IQ phase. */ 3857 run_bbp_write(sc, 158, 0x4b); 3858 if (chan <= 14) { 3859 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3860 &val, 1); 3861 } else if (chan <= 64) { 3862 run_efuse_read(sc, 3863 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3864 &val, 1); 3865 } else if (chan <= 138) { 3866 run_efuse_read(sc, 3867 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3868 &val, 1); 3869 } else if (chan <= 165) { 3870 run_efuse_read(sc, 3871 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3872 &val, 1); 3873 } else 3874 val = 0; 3875 run_bbp_write(sc, 159, val); 3876 3877 /* RF IQ compensation control. */ 3878 run_bbp_write(sc, 158, 0x04); 3879 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3880 &val, 1); 3881 run_bbp_write(sc, 159, val); 3882 3883 /* RF IQ imbalance compensation control. */ 3884 run_bbp_write(sc, 158, 0x03); 3885 run_efuse_read(sc, 3886 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3887 run_bbp_write(sc, 159, val); 3888 } 3889 3890 static void 3891 run_set_agc(struct run_softc *sc, uint8_t agc) 3892 { 3893 uint8_t bbp; 3894 3895 if (sc->mac_ver == 0x3572) { 3896 run_bbp_read(sc, 27, &bbp); 3897 bbp &= ~(0x3 << 5); 3898 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3899 run_bbp_write(sc, 66, agc); 3900 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3901 run_bbp_write(sc, 66, agc); 3902 } else 3903 run_bbp_write(sc, 66, agc); 3904 } 3905 3906 static void 3907 run_select_chan_group(struct run_softc *sc, int group) 3908 { 3909 uint32_t tmp; 3910 uint8_t agc; 3911 3912 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3913 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3914 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3915 if (sc->mac_ver < 0x3572) 3916 run_bbp_write(sc, 86, 0x00); 3917 3918 if (sc->mac_ver == 0x3593) { 3919 run_bbp_write(sc, 77, 0x98); 3920 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3921 } 3922 3923 if (group == 0) { 3924 if (sc->ext_2ghz_lna) { 3925 if (sc->mac_ver >= 0x5390) 3926 run_bbp_write(sc, 75, 0x52); 3927 else { 3928 run_bbp_write(sc, 82, 0x62); 3929 run_bbp_write(sc, 75, 0x46); 3930 } 3931 } else { 3932 if (sc->mac_ver == 0x5592) { 3933 run_bbp_write(sc, 79, 0x1c); 3934 run_bbp_write(sc, 80, 0x0e); 3935 run_bbp_write(sc, 81, 0x3a); 3936 run_bbp_write(sc, 82, 0x62); 3937 3938 run_bbp_write(sc, 195, 0x80); 3939 run_bbp_write(sc, 196, 0xe0); 3940 run_bbp_write(sc, 195, 0x81); 3941 run_bbp_write(sc, 196, 0x1f); 3942 run_bbp_write(sc, 195, 0x82); 3943 run_bbp_write(sc, 196, 0x38); 3944 run_bbp_write(sc, 195, 0x83); 3945 run_bbp_write(sc, 196, 0x32); 3946 run_bbp_write(sc, 195, 0x85); 3947 run_bbp_write(sc, 196, 0x28); 3948 run_bbp_write(sc, 195, 0x86); 3949 run_bbp_write(sc, 196, 0x19); 3950 } else if (sc->mac_ver >= 0x5390) 3951 run_bbp_write(sc, 75, 0x50); 3952 else { 3953 run_bbp_write(sc, 82, 3954 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3955 run_bbp_write(sc, 75, 0x50); 3956 } 3957 } 3958 } else { 3959 if (sc->mac_ver == 0x5592) { 3960 run_bbp_write(sc, 79, 0x18); 3961 run_bbp_write(sc, 80, 0x08); 3962 run_bbp_write(sc, 81, 0x38); 3963 run_bbp_write(sc, 82, 0x92); 3964 3965 run_bbp_write(sc, 195, 0x80); 3966 run_bbp_write(sc, 196, 0xf0); 3967 run_bbp_write(sc, 195, 0x81); 3968 run_bbp_write(sc, 196, 0x1e); 3969 run_bbp_write(sc, 195, 0x82); 3970 run_bbp_write(sc, 196, 0x28); 3971 run_bbp_write(sc, 195, 0x83); 3972 run_bbp_write(sc, 196, 0x20); 3973 run_bbp_write(sc, 195, 0x85); 3974 run_bbp_write(sc, 196, 0x7f); 3975 run_bbp_write(sc, 195, 0x86); 3976 run_bbp_write(sc, 196, 0x7f); 3977 } else if (sc->mac_ver == 0x3572) 3978 run_bbp_write(sc, 82, 0x94); 3979 else 3980 run_bbp_write(sc, 82, 3981 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3982 if (sc->ext_5ghz_lna) 3983 run_bbp_write(sc, 75, 0x46); 3984 else 3985 run_bbp_write(sc, 75, 0x50); 3986 } 3987 3988 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3989 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3990 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3991 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3992 3993 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3994 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3995 if (sc->mac_ver == 0x3593) 3996 tmp |= 1 << 29 | 1 << 28; 3997 if (sc->nrxchains > 1) 3998 tmp |= RT2860_LNA_PE1_EN; 3999 if (group == 0) { /* 2GHz */ 4000 tmp |= RT2860_PA_PE_G0_EN; 4001 if (sc->ntxchains > 1) 4002 tmp |= RT2860_PA_PE_G1_EN; 4003 if (sc->mac_ver == 0x3593) { 4004 if (sc->ntxchains > 2) 4005 tmp |= 1 << 25; 4006 } 4007 } else { /* 5GHz */ 4008 tmp |= RT2860_PA_PE_A0_EN; 4009 if (sc->ntxchains > 1) 4010 tmp |= RT2860_PA_PE_A1_EN; 4011 } 4012 if (sc->mac_ver == 0x3572) { 4013 run_rt3070_rf_write(sc, 8, 0x00); 4014 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4015 run_rt3070_rf_write(sc, 8, 0x80); 4016 } else 4017 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4018 4019 if (sc->mac_ver == 0x5592) { 4020 run_bbp_write(sc, 195, 0x8d); 4021 run_bbp_write(sc, 196, 0x1a); 4022 } 4023 4024 if (sc->mac_ver == 0x3593) { 4025 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4026 tmp &= ~0x01010000; 4027 if (group == 0) 4028 tmp |= 0x00010000; 4029 tmp = (tmp & ~0x00009090) | 0x00000090; 4030 run_write(sc, RT2860_GPIO_CTRL, tmp); 4031 } 4032 4033 /* set initial AGC value */ 4034 if (group == 0) { /* 2GHz band */ 4035 if (sc->mac_ver >= 0x3070) 4036 agc = 0x1c + sc->lna[0] * 2; 4037 else 4038 agc = 0x2e + sc->lna[0]; 4039 } else { /* 5GHz band */ 4040 if (sc->mac_ver == 0x5592) 4041 agc = 0x24 + sc->lna[group] * 2; 4042 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4043 agc = 0x22 + (sc->lna[group] * 5) / 3; 4044 else 4045 agc = 0x32 + (sc->lna[group] * 5) / 3; 4046 } 4047 run_set_agc(sc, agc); 4048 } 4049 4050 static void 4051 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4052 { 4053 const struct rfprog *rfprog = rt2860_rf2850; 4054 uint32_t r2, r3, r4; 4055 int8_t txpow1, txpow2; 4056 int i; 4057 4058 /* find the settings for this channel (we know it exists) */ 4059 for (i = 0; rfprog[i].chan != chan; i++); 4060 4061 r2 = rfprog[i].r2; 4062 if (sc->ntxchains == 1) 4063 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4064 if (sc->nrxchains == 1) 4065 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4066 else if (sc->nrxchains == 2) 4067 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4068 4069 /* use Tx power values from EEPROM */ 4070 txpow1 = sc->txpow1[i]; 4071 txpow2 = sc->txpow2[i]; 4072 4073 /* Initialize RF R3 and R4. */ 4074 r3 = rfprog[i].r3 & 0xffffc1ff; 4075 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4076 if (chan > 14) { 4077 if (txpow1 >= 0) { 4078 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4079 r3 |= (txpow1 << 10) | (1 << 9); 4080 } else { 4081 txpow1 += 7; 4082 4083 /* txpow1 is not possible larger than 15. */ 4084 r3 |= (txpow1 << 10); 4085 } 4086 if (txpow2 >= 0) { 4087 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4088 r4 |= (txpow2 << 7) | (1 << 6); 4089 } else { 4090 txpow2 += 7; 4091 r4 |= (txpow2 << 7); 4092 } 4093 } else { 4094 /* Set Tx0 power. */ 4095 r3 |= (txpow1 << 9); 4096 4097 /* Set frequency offset and Tx1 power. */ 4098 r4 |= (txpow2 << 6); 4099 } 4100 4101 run_rt2870_rf_write(sc, rfprog[i].r1); 4102 run_rt2870_rf_write(sc, r2); 4103 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4104 run_rt2870_rf_write(sc, r4); 4105 4106 run_delay(sc, 10); 4107 4108 run_rt2870_rf_write(sc, rfprog[i].r1); 4109 run_rt2870_rf_write(sc, r2); 4110 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4111 run_rt2870_rf_write(sc, r4); 4112 4113 run_delay(sc, 10); 4114 4115 run_rt2870_rf_write(sc, rfprog[i].r1); 4116 run_rt2870_rf_write(sc, r2); 4117 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4118 run_rt2870_rf_write(sc, r4); 4119 } 4120 4121 static void 4122 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4123 { 4124 int8_t txpow1, txpow2; 4125 uint8_t rf; 4126 int i; 4127 4128 /* find the settings for this channel (we know it exists) */ 4129 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4130 4131 /* use Tx power values from EEPROM */ 4132 txpow1 = sc->txpow1[i]; 4133 txpow2 = sc->txpow2[i]; 4134 4135 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4136 4137 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4138 run_rt3070_rf_read(sc, 3, &rf); 4139 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4140 run_rt3070_rf_write(sc, 3, rf); 4141 4142 run_rt3070_rf_read(sc, 6, &rf); 4143 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4144 run_rt3070_rf_write(sc, 6, rf); 4145 4146 /* set Tx0 power */ 4147 run_rt3070_rf_read(sc, 12, &rf); 4148 rf = (rf & ~0x1f) | txpow1; 4149 run_rt3070_rf_write(sc, 12, rf); 4150 4151 /* set Tx1 power */ 4152 run_rt3070_rf_read(sc, 13, &rf); 4153 rf = (rf & ~0x1f) | txpow2; 4154 run_rt3070_rf_write(sc, 13, rf); 4155 4156 run_rt3070_rf_read(sc, 1, &rf); 4157 rf &= ~0xfc; 4158 if (sc->ntxchains == 1) 4159 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4160 else if (sc->ntxchains == 2) 4161 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4162 if (sc->nrxchains == 1) 4163 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4164 else if (sc->nrxchains == 2) 4165 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4166 run_rt3070_rf_write(sc, 1, rf); 4167 4168 /* set RF offset */ 4169 run_rt3070_rf_read(sc, 23, &rf); 4170 rf = (rf & ~0x7f) | sc->freq; 4171 run_rt3070_rf_write(sc, 23, rf); 4172 4173 /* program RF filter */ 4174 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4175 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4176 run_rt3070_rf_write(sc, 24, rf); 4177 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4178 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4179 run_rt3070_rf_write(sc, 31, rf); 4180 4181 /* enable RF tuning */ 4182 run_rt3070_rf_read(sc, 7, &rf); 4183 run_rt3070_rf_write(sc, 7, rf | 0x01); 4184 } 4185 4186 static void 4187 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4188 { 4189 int8_t txpow1, txpow2; 4190 uint32_t tmp; 4191 uint8_t rf; 4192 int i; 4193 4194 /* find the settings for this channel (we know it exists) */ 4195 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4196 4197 /* use Tx power values from EEPROM */ 4198 txpow1 = sc->txpow1[i]; 4199 txpow2 = sc->txpow2[i]; 4200 4201 if (chan <= 14) { 4202 run_bbp_write(sc, 25, sc->bbp25); 4203 run_bbp_write(sc, 26, sc->bbp26); 4204 } else { 4205 /* enable IQ phase correction */ 4206 run_bbp_write(sc, 25, 0x09); 4207 run_bbp_write(sc, 26, 0xff); 4208 } 4209 4210 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4211 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4212 run_rt3070_rf_read(sc, 6, &rf); 4213 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4214 rf |= (chan <= 14) ? 0x08 : 0x04; 4215 run_rt3070_rf_write(sc, 6, rf); 4216 4217 /* set PLL mode */ 4218 run_rt3070_rf_read(sc, 5, &rf); 4219 rf &= ~(0x08 | 0x04); 4220 rf |= (chan <= 14) ? 0x04 : 0x08; 4221 run_rt3070_rf_write(sc, 5, rf); 4222 4223 /* set Tx power for chain 0 */ 4224 if (chan <= 14) 4225 rf = 0x60 | txpow1; 4226 else 4227 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4228 run_rt3070_rf_write(sc, 12, rf); 4229 4230 /* set Tx power for chain 1 */ 4231 if (chan <= 14) 4232 rf = 0x60 | txpow2; 4233 else 4234 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4235 run_rt3070_rf_write(sc, 13, rf); 4236 4237 /* set Tx/Rx streams */ 4238 run_rt3070_rf_read(sc, 1, &rf); 4239 rf &= ~0xfc; 4240 if (sc->ntxchains == 1) 4241 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4242 else if (sc->ntxchains == 2) 4243 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4244 if (sc->nrxchains == 1) 4245 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4246 else if (sc->nrxchains == 2) 4247 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4248 run_rt3070_rf_write(sc, 1, rf); 4249 4250 /* set RF offset */ 4251 run_rt3070_rf_read(sc, 23, &rf); 4252 rf = (rf & ~0x7f) | sc->freq; 4253 run_rt3070_rf_write(sc, 23, rf); 4254 4255 /* program RF filter */ 4256 rf = sc->rf24_20mhz; 4257 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4258 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4259 4260 /* enable RF tuning */ 4261 run_rt3070_rf_read(sc, 7, &rf); 4262 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4263 run_rt3070_rf_write(sc, 7, rf); 4264 4265 /* TSSI */ 4266 rf = (chan <= 14) ? 0xc3 : 0xc0; 4267 run_rt3070_rf_write(sc, 9, rf); 4268 4269 /* set loop filter 1 */ 4270 run_rt3070_rf_write(sc, 10, 0xf1); 4271 /* set loop filter 2 */ 4272 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4273 4274 /* set tx_mx2_ic */ 4275 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4276 /* set tx_mx1_ic */ 4277 if (chan <= 14) 4278 rf = 0x48 | sc->txmixgain_2ghz; 4279 else 4280 rf = 0x78 | sc->txmixgain_5ghz; 4281 run_rt3070_rf_write(sc, 16, rf); 4282 4283 /* set tx_lo1 */ 4284 run_rt3070_rf_write(sc, 17, 0x23); 4285 /* set tx_lo2 */ 4286 if (chan <= 14) 4287 rf = 0x93; 4288 else if (chan <= 64) 4289 rf = 0xb7; 4290 else if (chan <= 128) 4291 rf = 0x74; 4292 else 4293 rf = 0x72; 4294 run_rt3070_rf_write(sc, 19, rf); 4295 4296 /* set rx_lo1 */ 4297 if (chan <= 14) 4298 rf = 0xb3; 4299 else if (chan <= 64) 4300 rf = 0xf6; 4301 else if (chan <= 128) 4302 rf = 0xf4; 4303 else 4304 rf = 0xf3; 4305 run_rt3070_rf_write(sc, 20, rf); 4306 4307 /* set pfd_delay */ 4308 if (chan <= 14) 4309 rf = 0x15; 4310 else if (chan <= 64) 4311 rf = 0x3d; 4312 else 4313 rf = 0x01; 4314 run_rt3070_rf_write(sc, 25, rf); 4315 4316 /* set rx_lo2 */ 4317 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4318 /* set ldo_rf_vc */ 4319 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4320 /* set drv_cc */ 4321 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4322 4323 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4324 tmp &= ~0x8080; 4325 if (chan <= 14) 4326 tmp |= 0x80; 4327 run_write(sc, RT2860_GPIO_CTRL, tmp); 4328 4329 /* enable RF tuning */ 4330 run_rt3070_rf_read(sc, 7, &rf); 4331 run_rt3070_rf_write(sc, 7, rf | 0x01); 4332 4333 run_delay(sc, 2); 4334 } 4335 4336 static void 4337 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4338 { 4339 int8_t txpow1, txpow2, txpow3; 4340 uint8_t h20mhz, rf; 4341 int i; 4342 4343 /* find the settings for this channel (we know it exists) */ 4344 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4345 4346 /* use Tx power values from EEPROM */ 4347 txpow1 = sc->txpow1[i]; 4348 txpow2 = sc->txpow2[i]; 4349 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4350 4351 if (chan <= 14) { 4352 run_bbp_write(sc, 25, sc->bbp25); 4353 run_bbp_write(sc, 26, sc->bbp26); 4354 } else { 4355 /* Enable IQ phase correction. */ 4356 run_bbp_write(sc, 25, 0x09); 4357 run_bbp_write(sc, 26, 0xff); 4358 } 4359 4360 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4361 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4362 run_rt3070_rf_read(sc, 11, &rf); 4363 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4364 run_rt3070_rf_write(sc, 11, rf); 4365 4366 /* Set pll_idoh. */ 4367 run_rt3070_rf_read(sc, 11, &rf); 4368 rf &= ~0x4c; 4369 rf |= (chan <= 14) ? 0x44 : 0x48; 4370 run_rt3070_rf_write(sc, 11, rf); 4371 4372 if (chan <= 14) 4373 rf = txpow1 & 0x1f; 4374 else 4375 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4376 run_rt3070_rf_write(sc, 53, rf); 4377 4378 if (chan <= 14) 4379 rf = txpow2 & 0x1f; 4380 else 4381 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4382 run_rt3070_rf_write(sc, 55, rf); 4383 4384 if (chan <= 14) 4385 rf = txpow3 & 0x1f; 4386 else 4387 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4388 run_rt3070_rf_write(sc, 54, rf); 4389 4390 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4391 if (sc->ntxchains == 3) 4392 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4393 else 4394 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4395 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4396 run_rt3070_rf_write(sc, 1, rf); 4397 4398 run_adjust_freq_offset(sc); 4399 4400 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4401 4402 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4403 run_rt3070_rf_read(sc, 30, &rf); 4404 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4405 run_rt3070_rf_write(sc, 30, rf); 4406 4407 run_rt3070_rf_read(sc, 36, &rf); 4408 if (chan <= 14) 4409 rf |= 0x80; 4410 else 4411 rf &= ~0x80; 4412 run_rt3070_rf_write(sc, 36, rf); 4413 4414 /* Set vcolo_bs. */ 4415 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4416 /* Set pfd_delay. */ 4417 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4418 4419 /* Set vco bias current control. */ 4420 run_rt3070_rf_read(sc, 6, &rf); 4421 rf &= ~0xc0; 4422 if (chan <= 14) 4423 rf |= 0x40; 4424 else if (chan <= 128) 4425 rf |= 0x80; 4426 else 4427 rf |= 0x40; 4428 run_rt3070_rf_write(sc, 6, rf); 4429 4430 run_rt3070_rf_read(sc, 30, &rf); 4431 rf = (rf & ~0x18) | 0x10; 4432 run_rt3070_rf_write(sc, 30, rf); 4433 4434 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4435 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4436 4437 run_rt3070_rf_read(sc, 51, &rf); 4438 rf = (rf & ~0x03) | 0x01; 4439 run_rt3070_rf_write(sc, 51, rf); 4440 /* Set tx_mx1_cc. */ 4441 run_rt3070_rf_read(sc, 51, &rf); 4442 rf &= ~0x1c; 4443 rf |= (chan <= 14) ? 0x14 : 0x10; 4444 run_rt3070_rf_write(sc, 51, rf); 4445 /* Set tx_mx1_ic. */ 4446 run_rt3070_rf_read(sc, 51, &rf); 4447 rf &= ~0xe0; 4448 rf |= (chan <= 14) ? 0x60 : 0x40; 4449 run_rt3070_rf_write(sc, 51, rf); 4450 /* Set tx_lo1_ic. */ 4451 run_rt3070_rf_read(sc, 49, &rf); 4452 rf &= ~0x1c; 4453 rf |= (chan <= 14) ? 0x0c : 0x08; 4454 run_rt3070_rf_write(sc, 49, rf); 4455 /* Set tx_lo1_en. */ 4456 run_rt3070_rf_read(sc, 50, &rf); 4457 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4458 /* Set drv_cc. */ 4459 run_rt3070_rf_read(sc, 57, &rf); 4460 rf &= ~0xfc; 4461 rf |= (chan <= 14) ? 0x6c : 0x3c; 4462 run_rt3070_rf_write(sc, 57, rf); 4463 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4464 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4465 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4466 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4467 /* Enable VCO calibration. */ 4468 run_rt3070_rf_read(sc, 3, &rf); 4469 rf &= ~RT5390_VCOCAL; 4470 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4471 run_rt3070_rf_write(sc, 3, rf); 4472 4473 if (chan <= 14) 4474 rf = 0x23; 4475 else if (chan <= 64) 4476 rf = 0x36; 4477 else if (chan <= 128) 4478 rf = 0x32; 4479 else 4480 rf = 0x30; 4481 run_rt3070_rf_write(sc, 39, rf); 4482 if (chan <= 14) 4483 rf = 0xbb; 4484 else if (chan <= 64) 4485 rf = 0xeb; 4486 else if (chan <= 128) 4487 rf = 0xb3; 4488 else 4489 rf = 0x9b; 4490 run_rt3070_rf_write(sc, 45, rf); 4491 4492 /* Set FEQ/AEQ control. */ 4493 run_bbp_write(sc, 105, 0x34); 4494 } 4495 4496 static void 4497 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4498 { 4499 int8_t txpow1, txpow2; 4500 uint8_t rf; 4501 int i; 4502 4503 /* find the settings for this channel (we know it exists) */ 4504 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4505 4506 /* use Tx power values from EEPROM */ 4507 txpow1 = sc->txpow1[i]; 4508 txpow2 = sc->txpow2[i]; 4509 4510 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4511 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4512 run_rt3070_rf_read(sc, 11, &rf); 4513 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4514 run_rt3070_rf_write(sc, 11, rf); 4515 4516 run_rt3070_rf_read(sc, 49, &rf); 4517 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4518 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4519 if ((rf & 0x3f) > 0x27) 4520 rf = (rf & ~0x3f) | 0x27; 4521 run_rt3070_rf_write(sc, 49, rf); 4522 4523 if (sc->mac_ver == 0x5392) { 4524 run_rt3070_rf_read(sc, 50, &rf); 4525 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4526 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4527 if ((rf & 0x3f) > 0x27) 4528 rf = (rf & ~0x3f) | 0x27; 4529 run_rt3070_rf_write(sc, 50, rf); 4530 } 4531 4532 run_rt3070_rf_read(sc, 1, &rf); 4533 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4534 if (sc->mac_ver == 0x5392) 4535 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4536 run_rt3070_rf_write(sc, 1, rf); 4537 4538 if (sc->mac_ver != 0x5392) { 4539 run_rt3070_rf_read(sc, 2, &rf); 4540 rf |= 0x80; 4541 run_rt3070_rf_write(sc, 2, rf); 4542 run_delay(sc, 10); 4543 rf &= 0x7f; 4544 run_rt3070_rf_write(sc, 2, rf); 4545 } 4546 4547 run_adjust_freq_offset(sc); 4548 4549 if (sc->mac_ver == 0x5392) { 4550 /* Fix for RT5392C. */ 4551 if (sc->mac_rev >= 0x0223) { 4552 if (chan <= 4) 4553 rf = 0x0f; 4554 else if (chan >= 5 && chan <= 7) 4555 rf = 0x0e; 4556 else 4557 rf = 0x0d; 4558 run_rt3070_rf_write(sc, 23, rf); 4559 4560 if (chan <= 4) 4561 rf = 0x0c; 4562 else if (chan == 5) 4563 rf = 0x0b; 4564 else if (chan >= 6 && chan <= 7) 4565 rf = 0x0a; 4566 else if (chan >= 8 && chan <= 10) 4567 rf = 0x09; 4568 else 4569 rf = 0x08; 4570 run_rt3070_rf_write(sc, 59, rf); 4571 } else { 4572 if (chan <= 11) 4573 rf = 0x0f; 4574 else 4575 rf = 0x0b; 4576 run_rt3070_rf_write(sc, 59, rf); 4577 } 4578 } else { 4579 /* Fix for RT5390F. */ 4580 if (sc->mac_rev >= 0x0502) { 4581 if (chan <= 11) 4582 rf = 0x43; 4583 else 4584 rf = 0x23; 4585 run_rt3070_rf_write(sc, 55, rf); 4586 4587 if (chan <= 11) 4588 rf = 0x0f; 4589 else if (chan == 12) 4590 rf = 0x0d; 4591 else 4592 rf = 0x0b; 4593 run_rt3070_rf_write(sc, 59, rf); 4594 } else { 4595 run_rt3070_rf_write(sc, 55, 0x44); 4596 run_rt3070_rf_write(sc, 59, 0x8f); 4597 } 4598 } 4599 4600 /* Enable VCO calibration. */ 4601 run_rt3070_rf_read(sc, 3, &rf); 4602 rf |= RT5390_VCOCAL; 4603 run_rt3070_rf_write(sc, 3, rf); 4604 } 4605 4606 static void 4607 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4608 { 4609 const struct rt5592_freqs *freqs; 4610 uint32_t tmp; 4611 uint8_t reg, rf, txpow_bound; 4612 int8_t txpow1, txpow2; 4613 int i; 4614 4615 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4616 freqs = (tmp & RT5592_SEL_XTAL) ? 4617 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4618 4619 /* find the settings for this channel (we know it exists) */ 4620 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4621 4622 /* use Tx power values from EEPROM */ 4623 txpow1 = sc->txpow1[i]; 4624 txpow2 = sc->txpow2[i]; 4625 4626 run_read(sc, RT3070_LDO_CFG0, &tmp); 4627 tmp &= ~0x1c000000; 4628 if (chan > 14) 4629 tmp |= 0x14000000; 4630 run_write(sc, RT3070_LDO_CFG0, tmp); 4631 4632 /* N setting. */ 4633 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4634 run_rt3070_rf_read(sc, 9, &rf); 4635 rf &= ~(1 << 4); 4636 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4637 run_rt3070_rf_write(sc, 9, rf); 4638 4639 /* K setting. */ 4640 run_rt3070_rf_read(sc, 9, &rf); 4641 rf &= ~0x0f; 4642 rf |= (freqs->k & 0x0f); 4643 run_rt3070_rf_write(sc, 9, rf); 4644 4645 /* Mode setting. */ 4646 run_rt3070_rf_read(sc, 11, &rf); 4647 rf &= ~0x0c; 4648 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4649 run_rt3070_rf_write(sc, 11, rf); 4650 run_rt3070_rf_read(sc, 9, &rf); 4651 rf &= ~(1 << 7); 4652 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4653 run_rt3070_rf_write(sc, 9, rf); 4654 4655 /* R setting. */ 4656 run_rt3070_rf_read(sc, 11, &rf); 4657 rf &= ~0x03; 4658 rf |= (freqs->r - 0x1); 4659 run_rt3070_rf_write(sc, 11, rf); 4660 4661 if (chan <= 14) { 4662 /* Initialize RF registers for 2GHZ. */ 4663 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4664 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4665 rt5592_2ghz_def_rf[i].val); 4666 } 4667 4668 rf = (chan <= 10) ? 0x07 : 0x06; 4669 run_rt3070_rf_write(sc, 23, rf); 4670 run_rt3070_rf_write(sc, 59, rf); 4671 4672 run_rt3070_rf_write(sc, 55, 0x43); 4673 4674 /* 4675 * RF R49/R50 Tx power ALC code. 4676 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4677 */ 4678 reg = 2; 4679 txpow_bound = 0x27; 4680 } else { 4681 /* Initialize RF registers for 5GHZ. */ 4682 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4683 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4684 rt5592_5ghz_def_rf[i].val); 4685 } 4686 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4687 if (chan >= rt5592_chan_5ghz[i].firstchan && 4688 chan <= rt5592_chan_5ghz[i].lastchan) { 4689 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4690 rt5592_chan_5ghz[i].val); 4691 } 4692 } 4693 4694 /* 4695 * RF R49/R50 Tx power ALC code. 4696 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4697 */ 4698 reg = 3; 4699 txpow_bound = 0x2b; 4700 } 4701 4702 /* RF R49 ch0 Tx power ALC code. */ 4703 run_rt3070_rf_read(sc, 49, &rf); 4704 rf &= ~0xc0; 4705 rf |= (reg << 6); 4706 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4707 if ((rf & 0x3f) > txpow_bound) 4708 rf = (rf & ~0x3f) | txpow_bound; 4709 run_rt3070_rf_write(sc, 49, rf); 4710 4711 /* RF R50 ch1 Tx power ALC code. */ 4712 run_rt3070_rf_read(sc, 50, &rf); 4713 rf &= ~(1 << 7 | 1 << 6); 4714 rf |= (reg << 6); 4715 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4716 if ((rf & 0x3f) > txpow_bound) 4717 rf = (rf & ~0x3f) | txpow_bound; 4718 run_rt3070_rf_write(sc, 50, rf); 4719 4720 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4721 run_rt3070_rf_read(sc, 1, &rf); 4722 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4723 if (sc->ntxchains > 1) 4724 rf |= RT3070_TX1_PD; 4725 if (sc->nrxchains > 1) 4726 rf |= RT3070_RX1_PD; 4727 run_rt3070_rf_write(sc, 1, rf); 4728 4729 run_rt3070_rf_write(sc, 6, 0xe4); 4730 4731 run_rt3070_rf_write(sc, 30, 0x10); 4732 run_rt3070_rf_write(sc, 31, 0x80); 4733 run_rt3070_rf_write(sc, 32, 0x80); 4734 4735 run_adjust_freq_offset(sc); 4736 4737 /* Enable VCO calibration. */ 4738 run_rt3070_rf_read(sc, 3, &rf); 4739 rf |= RT5390_VCOCAL; 4740 run_rt3070_rf_write(sc, 3, rf); 4741 } 4742 4743 static void 4744 run_set_rx_antenna(struct run_softc *sc, int aux) 4745 { 4746 uint32_t tmp; 4747 uint8_t bbp152; 4748 4749 if (aux) { 4750 if (sc->rf_rev == RT5390_RF_5370) { 4751 run_bbp_read(sc, 152, &bbp152); 4752 run_bbp_write(sc, 152, bbp152 & ~0x80); 4753 } else { 4754 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4755 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4756 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4757 } 4758 } else { 4759 if (sc->rf_rev == RT5390_RF_5370) { 4760 run_bbp_read(sc, 152, &bbp152); 4761 run_bbp_write(sc, 152, bbp152 | 0x80); 4762 } else { 4763 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4764 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4765 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4766 } 4767 } 4768 } 4769 4770 static int 4771 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4772 { 4773 struct ieee80211com *ic = &sc->sc_ic; 4774 u_int chan, group; 4775 4776 chan = ieee80211_chan2ieee(ic, c); 4777 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4778 return (EINVAL); 4779 4780 if (sc->mac_ver == 0x5592) 4781 run_rt5592_set_chan(sc, chan); 4782 else if (sc->mac_ver >= 0x5390) 4783 run_rt5390_set_chan(sc, chan); 4784 else if (sc->mac_ver == 0x3593) 4785 run_rt3593_set_chan(sc, chan); 4786 else if (sc->mac_ver == 0x3572) 4787 run_rt3572_set_chan(sc, chan); 4788 else if (sc->mac_ver >= 0x3070) 4789 run_rt3070_set_chan(sc, chan); 4790 else 4791 run_rt2870_set_chan(sc, chan); 4792 4793 /* determine channel group */ 4794 if (chan <= 14) 4795 group = 0; 4796 else if (chan <= 64) 4797 group = 1; 4798 else if (chan <= 128) 4799 group = 2; 4800 else 4801 group = 3; 4802 4803 /* XXX necessary only when group has changed! */ 4804 run_select_chan_group(sc, group); 4805 4806 run_delay(sc, 10); 4807 4808 /* Perform IQ calibration. */ 4809 if (sc->mac_ver >= 0x5392) 4810 run_iq_calib(sc, chan); 4811 4812 return (0); 4813 } 4814 4815 static void 4816 run_set_channel(struct ieee80211com *ic) 4817 { 4818 struct run_softc *sc = ic->ic_softc; 4819 4820 RUN_LOCK(sc); 4821 run_set_chan(sc, ic->ic_curchan); 4822 RUN_UNLOCK(sc); 4823 4824 return; 4825 } 4826 4827 static void 4828 run_getradiocaps(struct ieee80211com *ic, 4829 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4830 { 4831 struct run_softc *sc = ic->ic_softc; 4832 uint8_t bands[IEEE80211_MODE_BYTES]; 4833 4834 memset(bands, 0, sizeof(bands)); 4835 setbit(bands, IEEE80211_MODE_11B); 4836 setbit(bands, IEEE80211_MODE_11G); 4837 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4838 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4839 4840 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4841 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4842 sc->rf_rev == RT5592_RF_5592) { 4843 setbit(bands, IEEE80211_MODE_11A); 4844 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4845 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4846 } 4847 } 4848 4849 static void 4850 run_scan_start(struct ieee80211com *ic) 4851 { 4852 struct run_softc *sc = ic->ic_softc; 4853 uint32_t tmp; 4854 4855 RUN_LOCK(sc); 4856 4857 /* abort TSF synchronization */ 4858 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4859 run_write(sc, RT2860_BCN_TIME_CFG, 4860 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4861 RT2860_TBTT_TIMER_EN)); 4862 run_set_bssid(sc, ieee80211broadcastaddr); 4863 4864 RUN_UNLOCK(sc); 4865 4866 return; 4867 } 4868 4869 static void 4870 run_scan_end(struct ieee80211com *ic) 4871 { 4872 struct run_softc *sc = ic->ic_softc; 4873 4874 RUN_LOCK(sc); 4875 4876 run_enable_tsf_sync(sc); 4877 run_set_bssid(sc, sc->sc_bssid); 4878 4879 RUN_UNLOCK(sc); 4880 4881 return; 4882 } 4883 4884 /* 4885 * Could be called from ieee80211_node_timeout() 4886 * (non-sleepable thread) 4887 */ 4888 static void 4889 run_update_beacon(struct ieee80211vap *vap, int item) 4890 { 4891 struct ieee80211com *ic = vap->iv_ic; 4892 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4893 struct ieee80211_node *ni = vap->iv_bss; 4894 struct run_softc *sc = ic->ic_softc; 4895 struct run_vap *rvp = RUN_VAP(vap); 4896 int mcast = 0; 4897 uint32_t i; 4898 4899 switch (item) { 4900 case IEEE80211_BEACON_ERP: 4901 run_updateslot(ic); 4902 break; 4903 case IEEE80211_BEACON_HTINFO: 4904 run_updateprot(ic); 4905 break; 4906 case IEEE80211_BEACON_TIM: 4907 mcast = 1; /*TODO*/ 4908 break; 4909 default: 4910 break; 4911 } 4912 4913 setbit(bo->bo_flags, item); 4914 if (rvp->beacon_mbuf == NULL) { 4915 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4916 if (rvp->beacon_mbuf == NULL) 4917 return; 4918 } 4919 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4920 4921 i = RUN_CMDQ_GET(&sc->cmdq_store); 4922 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4923 sc->cmdq[i].func = run_update_beacon_cb; 4924 sc->cmdq[i].arg0 = vap; 4925 ieee80211_runtask(ic, &sc->cmdq_task); 4926 4927 return; 4928 } 4929 4930 static void 4931 run_update_beacon_cb(void *arg) 4932 { 4933 struct ieee80211vap *vap = arg; 4934 struct ieee80211_node *ni = vap->iv_bss; 4935 struct run_vap *rvp = RUN_VAP(vap); 4936 struct ieee80211com *ic = vap->iv_ic; 4937 struct run_softc *sc = ic->ic_softc; 4938 struct rt2860_txwi txwi; 4939 struct mbuf *m; 4940 uint16_t txwisize; 4941 uint8_t ridx; 4942 4943 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4944 return; 4945 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4946 return; 4947 4948 /* 4949 * No need to call ieee80211_beacon_update(), run_update_beacon() 4950 * is taking care of appropriate calls. 4951 */ 4952 if (rvp->beacon_mbuf == NULL) { 4953 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4954 if (rvp->beacon_mbuf == NULL) 4955 return; 4956 } 4957 m = rvp->beacon_mbuf; 4958 4959 memset(&txwi, 0, sizeof(txwi)); 4960 txwi.wcid = 0xff; 4961 txwi.len = htole16(m->m_pkthdr.len); 4962 4963 /* send beacons at the lowest available rate */ 4964 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4965 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4966 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4967 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4968 txwi.phy |= htole16(RT2860_PHY_OFDM); 4969 txwi.txop = RT2860_TX_TXOP_HT; 4970 txwi.flags = RT2860_TX_TS; 4971 txwi.xflags = RT2860_TX_NSEQ; 4972 4973 txwisize = (sc->mac_ver == 0x5592) ? 4974 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4975 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4976 txwisize); 4977 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4978 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4979 } 4980 4981 static void 4982 run_updateprot(struct ieee80211com *ic) 4983 { 4984 struct run_softc *sc = ic->ic_softc; 4985 uint32_t i; 4986 4987 i = RUN_CMDQ_GET(&sc->cmdq_store); 4988 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4989 sc->cmdq[i].func = run_updateprot_cb; 4990 sc->cmdq[i].arg0 = ic; 4991 ieee80211_runtask(ic, &sc->cmdq_task); 4992 } 4993 4994 static void 4995 run_updateprot_cb(void *arg) 4996 { 4997 struct ieee80211com *ic = arg; 4998 struct run_softc *sc = ic->ic_softc; 4999 uint32_t tmp; 5000 5001 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5002 /* setup protection frame rate (MCS code) */ 5003 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5004 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5005 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5006 5007 /* CCK frames don't require protection */ 5008 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5009 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5010 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5011 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5012 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5013 tmp |= RT2860_PROT_CTRL_CTS; 5014 } 5015 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5016 } 5017 5018 static void 5019 run_usb_timeout_cb(void *arg) 5020 { 5021 struct ieee80211vap *vap = arg; 5022 struct run_softc *sc = vap->iv_ic->ic_softc; 5023 5024 RUN_LOCK_ASSERT(sc, MA_OWNED); 5025 5026 if(vap->iv_state == IEEE80211_S_RUN && 5027 vap->iv_opmode != IEEE80211_M_STA) 5028 run_reset_livelock(sc); 5029 else if (vap->iv_state == IEEE80211_S_SCAN) { 5030 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5031 "timeout caused by scan\n"); 5032 /* cancel bgscan */ 5033 ieee80211_cancel_scan(vap); 5034 } else 5035 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5036 "timeout by unknown cause\n"); 5037 } 5038 5039 static void 5040 run_reset_livelock(struct run_softc *sc) 5041 { 5042 uint32_t tmp; 5043 5044 RUN_LOCK_ASSERT(sc, MA_OWNED); 5045 5046 /* 5047 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5048 * can run into a livelock and start sending CTS-to-self frames like 5049 * crazy if protection is enabled. Reset MAC/BBP for a while 5050 */ 5051 run_read(sc, RT2860_DEBUG, &tmp); 5052 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5053 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5054 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5055 "CTS-to-self livelock detected\n"); 5056 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5057 run_delay(sc, 1); 5058 run_write(sc, RT2860_MAC_SYS_CTRL, 5059 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5060 } 5061 } 5062 5063 static void 5064 run_update_promisc_locked(struct run_softc *sc) 5065 { 5066 uint32_t tmp; 5067 5068 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5069 5070 tmp |= RT2860_DROP_UC_NOME; 5071 if (sc->sc_ic.ic_promisc > 0) 5072 tmp &= ~RT2860_DROP_UC_NOME; 5073 5074 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5075 5076 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5077 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5078 } 5079 5080 static void 5081 run_update_promisc(struct ieee80211com *ic) 5082 { 5083 struct run_softc *sc = ic->ic_softc; 5084 5085 if ((sc->sc_flags & RUN_RUNNING) == 0) 5086 return; 5087 5088 RUN_LOCK(sc); 5089 run_update_promisc_locked(sc); 5090 RUN_UNLOCK(sc); 5091 } 5092 5093 static void 5094 run_enable_tsf_sync(struct run_softc *sc) 5095 { 5096 struct ieee80211com *ic = &sc->sc_ic; 5097 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5098 uint32_t tmp; 5099 5100 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5101 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5102 5103 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5104 tmp &= ~0x1fffff; 5105 tmp |= vap->iv_bss->ni_intval * 16; 5106 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5107 5108 if (ic->ic_opmode == IEEE80211_M_STA) { 5109 /* 5110 * Local TSF is always updated with remote TSF on beacon 5111 * reception. 5112 */ 5113 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5114 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5115 tmp |= RT2860_BCN_TX_EN; 5116 /* 5117 * Local TSF is updated with remote TSF on beacon reception 5118 * only if the remote TSF is greater than local TSF. 5119 */ 5120 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5121 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5122 ic->ic_opmode == IEEE80211_M_MBSS) { 5123 tmp |= RT2860_BCN_TX_EN; 5124 /* SYNC with nobody */ 5125 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5126 } else { 5127 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5128 "Enabling TSF failed. undefined opmode\n"); 5129 return; 5130 } 5131 5132 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5133 } 5134 5135 static void 5136 run_enable_tsf(struct run_softc *sc) 5137 { 5138 uint32_t tmp; 5139 5140 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5141 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5142 tmp |= RT2860_TSF_TIMER_EN; 5143 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5144 } 5145 } 5146 5147 static void 5148 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5149 { 5150 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5151 sizeof(*buf)); 5152 } 5153 5154 static void 5155 run_enable_mrr(struct run_softc *sc) 5156 { 5157 #define CCK(mcs) (mcs) 5158 #define OFDM(mcs) (1 << 3 | (mcs)) 5159 run_write(sc, RT2860_LG_FBK_CFG0, 5160 OFDM(6) << 28 | /* 54->48 */ 5161 OFDM(5) << 24 | /* 48->36 */ 5162 OFDM(4) << 20 | /* 36->24 */ 5163 OFDM(3) << 16 | /* 24->18 */ 5164 OFDM(2) << 12 | /* 18->12 */ 5165 OFDM(1) << 8 | /* 12-> 9 */ 5166 OFDM(0) << 4 | /* 9-> 6 */ 5167 OFDM(0)); /* 6-> 6 */ 5168 5169 run_write(sc, RT2860_LG_FBK_CFG1, 5170 CCK(2) << 12 | /* 11->5.5 */ 5171 CCK(1) << 8 | /* 5.5-> 2 */ 5172 CCK(0) << 4 | /* 2-> 1 */ 5173 CCK(0)); /* 1-> 1 */ 5174 #undef OFDM 5175 #undef CCK 5176 } 5177 5178 static void 5179 run_set_txpreamble(struct run_softc *sc) 5180 { 5181 struct ieee80211com *ic = &sc->sc_ic; 5182 uint32_t tmp; 5183 5184 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5185 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5186 tmp |= RT2860_CCK_SHORT_EN; 5187 else 5188 tmp &= ~RT2860_CCK_SHORT_EN; 5189 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5190 } 5191 5192 static void 5193 run_set_basicrates(struct run_softc *sc) 5194 { 5195 struct ieee80211com *ic = &sc->sc_ic; 5196 5197 /* set basic rates mask */ 5198 if (ic->ic_curmode == IEEE80211_MODE_11B) 5199 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5200 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5201 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5202 else /* 11g */ 5203 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5204 } 5205 5206 static void 5207 run_set_leds(struct run_softc *sc, uint16_t which) 5208 { 5209 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5210 which | (sc->leds & 0x7f)); 5211 } 5212 5213 static void 5214 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5215 { 5216 run_write(sc, RT2860_MAC_BSSID_DW0, 5217 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5218 run_write(sc, RT2860_MAC_BSSID_DW1, 5219 bssid[4] | bssid[5] << 8); 5220 } 5221 5222 static void 5223 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5224 { 5225 run_write(sc, RT2860_MAC_ADDR_DW0, 5226 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5227 run_write(sc, RT2860_MAC_ADDR_DW1, 5228 addr[4] | addr[5] << 8 | 0xff << 16); 5229 } 5230 5231 static void 5232 run_updateslot(struct ieee80211com *ic) 5233 { 5234 struct run_softc *sc = ic->ic_softc; 5235 uint32_t i; 5236 5237 i = RUN_CMDQ_GET(&sc->cmdq_store); 5238 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5239 sc->cmdq[i].func = run_updateslot_cb; 5240 sc->cmdq[i].arg0 = ic; 5241 ieee80211_runtask(ic, &sc->cmdq_task); 5242 5243 return; 5244 } 5245 5246 /* ARGSUSED */ 5247 static void 5248 run_updateslot_cb(void *arg) 5249 { 5250 struct ieee80211com *ic = arg; 5251 struct run_softc *sc = ic->ic_softc; 5252 uint32_t tmp; 5253 5254 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5255 tmp &= ~0xff; 5256 tmp |= IEEE80211_GET_SLOTTIME(ic); 5257 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5258 } 5259 5260 static void 5261 run_update_mcast(struct ieee80211com *ic) 5262 { 5263 } 5264 5265 static int8_t 5266 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5267 { 5268 struct ieee80211com *ic = &sc->sc_ic; 5269 struct ieee80211_channel *c = ic->ic_curchan; 5270 int delta; 5271 5272 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5273 u_int chan = ieee80211_chan2ieee(ic, c); 5274 delta = sc->rssi_5ghz[rxchain]; 5275 5276 /* determine channel group */ 5277 if (chan <= 64) 5278 delta -= sc->lna[1]; 5279 else if (chan <= 128) 5280 delta -= sc->lna[2]; 5281 else 5282 delta -= sc->lna[3]; 5283 } else 5284 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5285 5286 return (-12 - delta - rssi); 5287 } 5288 5289 static void 5290 run_rt5390_bbp_init(struct run_softc *sc) 5291 { 5292 u_int i; 5293 uint8_t bbp; 5294 5295 /* Apply maximum likelihood detection for 2 stream case. */ 5296 run_bbp_read(sc, 105, &bbp); 5297 if (sc->nrxchains > 1) 5298 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5299 5300 /* Avoid data lost and CRC error. */ 5301 run_bbp_read(sc, 4, &bbp); 5302 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5303 5304 if (sc->mac_ver == 0x5592) { 5305 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5306 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5307 rt5592_def_bbp[i].val); 5308 } 5309 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5310 run_bbp_write(sc, 195, i + 0x80); 5311 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5312 } 5313 } else { 5314 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5315 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5316 rt5390_def_bbp[i].val); 5317 } 5318 } 5319 if (sc->mac_ver == 0x5392) { 5320 run_bbp_write(sc, 88, 0x90); 5321 run_bbp_write(sc, 95, 0x9a); 5322 run_bbp_write(sc, 98, 0x12); 5323 run_bbp_write(sc, 106, 0x12); 5324 run_bbp_write(sc, 134, 0xd0); 5325 run_bbp_write(sc, 135, 0xf6); 5326 run_bbp_write(sc, 148, 0x84); 5327 } 5328 5329 run_bbp_read(sc, 152, &bbp); 5330 run_bbp_write(sc, 152, bbp | 0x80); 5331 5332 /* Fix BBP254 for RT5592C. */ 5333 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5334 run_bbp_read(sc, 254, &bbp); 5335 run_bbp_write(sc, 254, bbp | 0x80); 5336 } 5337 5338 /* Disable hardware antenna diversity. */ 5339 if (sc->mac_ver == 0x5390) 5340 run_bbp_write(sc, 154, 0); 5341 5342 /* Initialize Rx CCK/OFDM frequency offset report. */ 5343 run_bbp_write(sc, 142, 1); 5344 run_bbp_write(sc, 143, 57); 5345 } 5346 5347 static int 5348 run_bbp_init(struct run_softc *sc) 5349 { 5350 int i, error, ntries; 5351 uint8_t bbp0; 5352 5353 /* wait for BBP to wake up */ 5354 for (ntries = 0; ntries < 20; ntries++) { 5355 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5356 return error; 5357 if (bbp0 != 0 && bbp0 != 0xff) 5358 break; 5359 } 5360 if (ntries == 20) 5361 return (ETIMEDOUT); 5362 5363 /* initialize BBP registers to default values */ 5364 if (sc->mac_ver >= 0x5390) 5365 run_rt5390_bbp_init(sc); 5366 else { 5367 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5368 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5369 rt2860_def_bbp[i].val); 5370 } 5371 } 5372 5373 if (sc->mac_ver == 0x3593) { 5374 run_bbp_write(sc, 79, 0x13); 5375 run_bbp_write(sc, 80, 0x05); 5376 run_bbp_write(sc, 81, 0x33); 5377 run_bbp_write(sc, 86, 0x46); 5378 run_bbp_write(sc, 137, 0x0f); 5379 } 5380 5381 /* fix BBP84 for RT2860E */ 5382 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5383 run_bbp_write(sc, 84, 0x19); 5384 5385 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5386 sc->mac_ver != 0x5592)) { 5387 run_bbp_write(sc, 79, 0x13); 5388 run_bbp_write(sc, 80, 0x05); 5389 run_bbp_write(sc, 81, 0x33); 5390 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5391 run_bbp_write(sc, 69, 0x16); 5392 run_bbp_write(sc, 73, 0x12); 5393 } 5394 return (0); 5395 } 5396 5397 static int 5398 run_rt3070_rf_init(struct run_softc *sc) 5399 { 5400 uint32_t tmp; 5401 uint8_t bbp4, mingain, rf, target; 5402 u_int i; 5403 5404 run_rt3070_rf_read(sc, 30, &rf); 5405 /* toggle RF R30 bit 7 */ 5406 run_rt3070_rf_write(sc, 30, rf | 0x80); 5407 run_delay(sc, 10); 5408 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5409 5410 /* initialize RF registers to default value */ 5411 if (sc->mac_ver == 0x3572) { 5412 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5413 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5414 rt3572_def_rf[i].val); 5415 } 5416 } else { 5417 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5418 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5419 rt3070_def_rf[i].val); 5420 } 5421 } 5422 5423 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5424 /* 5425 * Change voltage from 1.2V to 1.35V for RT3070. 5426 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5427 * in RT3070(F). 5428 */ 5429 run_read(sc, RT3070_LDO_CFG0, &tmp); 5430 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5431 run_write(sc, RT3070_LDO_CFG0, tmp); 5432 5433 } else if (sc->mac_ver == 0x3071) { 5434 run_rt3070_rf_read(sc, 6, &rf); 5435 run_rt3070_rf_write(sc, 6, rf | 0x40); 5436 run_rt3070_rf_write(sc, 31, 0x14); 5437 5438 run_read(sc, RT3070_LDO_CFG0, &tmp); 5439 tmp &= ~0x1f000000; 5440 if (sc->mac_rev < 0x0211) 5441 tmp |= 0x0d000000; /* 1.3V */ 5442 else 5443 tmp |= 0x01000000; /* 1.2V */ 5444 run_write(sc, RT3070_LDO_CFG0, tmp); 5445 5446 /* patch LNA_PE_G1 */ 5447 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5448 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5449 5450 } else if (sc->mac_ver == 0x3572) { 5451 run_rt3070_rf_read(sc, 6, &rf); 5452 run_rt3070_rf_write(sc, 6, rf | 0x40); 5453 5454 /* increase voltage from 1.2V to 1.35V */ 5455 run_read(sc, RT3070_LDO_CFG0, &tmp); 5456 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5457 run_write(sc, RT3070_LDO_CFG0, tmp); 5458 5459 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5460 run_delay(sc, 1); /* wait for 1msec */ 5461 /* decrease voltage back to 1.2V */ 5462 tmp = (tmp & ~0x1f000000) | 0x01000000; 5463 run_write(sc, RT3070_LDO_CFG0, tmp); 5464 } 5465 } 5466 5467 /* select 20MHz bandwidth */ 5468 run_rt3070_rf_read(sc, 31, &rf); 5469 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5470 5471 /* calibrate filter for 20MHz bandwidth */ 5472 sc->rf24_20mhz = 0x1f; /* default value */ 5473 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5474 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5475 5476 /* select 40MHz bandwidth */ 5477 run_bbp_read(sc, 4, &bbp4); 5478 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5479 run_rt3070_rf_read(sc, 31, &rf); 5480 run_rt3070_rf_write(sc, 31, rf | 0x20); 5481 5482 /* calibrate filter for 40MHz bandwidth */ 5483 sc->rf24_40mhz = 0x2f; /* default value */ 5484 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5485 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5486 5487 /* go back to 20MHz bandwidth */ 5488 run_bbp_read(sc, 4, &bbp4); 5489 run_bbp_write(sc, 4, bbp4 & ~0x18); 5490 5491 if (sc->mac_ver == 0x3572) { 5492 /* save default BBP registers 25 and 26 values */ 5493 run_bbp_read(sc, 25, &sc->bbp25); 5494 run_bbp_read(sc, 26, &sc->bbp26); 5495 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5496 run_rt3070_rf_write(sc, 27, 0x03); 5497 5498 run_read(sc, RT3070_OPT_14, &tmp); 5499 run_write(sc, RT3070_OPT_14, tmp | 1); 5500 5501 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5502 run_rt3070_rf_read(sc, 17, &rf); 5503 rf &= ~RT3070_TX_LO1; 5504 if ((sc->mac_ver == 0x3070 || 5505 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5506 !sc->ext_2ghz_lna) 5507 rf |= 0x20; /* fix for long range Rx issue */ 5508 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5509 if (sc->txmixgain_2ghz >= mingain) 5510 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5511 run_rt3070_rf_write(sc, 17, rf); 5512 } 5513 5514 if (sc->mac_ver == 0x3071) { 5515 run_rt3070_rf_read(sc, 1, &rf); 5516 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5517 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5518 run_rt3070_rf_write(sc, 1, rf); 5519 5520 run_rt3070_rf_read(sc, 15, &rf); 5521 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5522 5523 run_rt3070_rf_read(sc, 20, &rf); 5524 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5525 5526 run_rt3070_rf_read(sc, 21, &rf); 5527 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5528 } 5529 5530 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5531 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5532 run_rt3070_rf_read(sc, 27, &rf); 5533 rf &= ~0x77; 5534 if (sc->mac_rev < 0x0211) 5535 rf |= 0x03; 5536 run_rt3070_rf_write(sc, 27, rf); 5537 } 5538 return (0); 5539 } 5540 5541 static void 5542 run_rt3593_rf_init(struct run_softc *sc) 5543 { 5544 uint32_t tmp; 5545 uint8_t rf; 5546 u_int i; 5547 5548 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5549 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5550 tmp &= ~(1 << 4 | 1 << 7); 5551 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5552 5553 /* Initialize RF registers to default value. */ 5554 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5555 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5556 rt3593_def_rf[i].val); 5557 } 5558 5559 /* Toggle RF R2 to initiate calibration. */ 5560 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5561 5562 /* Initialize RF frequency offset. */ 5563 run_adjust_freq_offset(sc); 5564 5565 run_rt3070_rf_read(sc, 18, &rf); 5566 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5567 5568 /* 5569 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5570 * decrease voltage back to 1.2V. 5571 */ 5572 run_read(sc, RT3070_LDO_CFG0, &tmp); 5573 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5574 run_write(sc, RT3070_LDO_CFG0, tmp); 5575 run_delay(sc, 1); 5576 tmp = (tmp & ~0x1f000000) | 0x01000000; 5577 run_write(sc, RT3070_LDO_CFG0, tmp); 5578 5579 sc->rf24_20mhz = 0x1f; 5580 sc->rf24_40mhz = 0x2f; 5581 5582 /* Save default BBP registers 25 and 26 values. */ 5583 run_bbp_read(sc, 25, &sc->bbp25); 5584 run_bbp_read(sc, 26, &sc->bbp26); 5585 5586 run_read(sc, RT3070_OPT_14, &tmp); 5587 run_write(sc, RT3070_OPT_14, tmp | 1); 5588 } 5589 5590 static void 5591 run_rt5390_rf_init(struct run_softc *sc) 5592 { 5593 uint32_t tmp; 5594 uint8_t rf; 5595 u_int i; 5596 5597 /* Toggle RF R2 to initiate calibration. */ 5598 if (sc->mac_ver == 0x5390) { 5599 run_rt3070_rf_read(sc, 2, &rf); 5600 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5601 run_delay(sc, 10); 5602 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5603 } else { 5604 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5605 run_delay(sc, 10); 5606 } 5607 5608 /* Initialize RF registers to default value. */ 5609 if (sc->mac_ver == 0x5592) { 5610 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5611 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5612 rt5592_def_rf[i].val); 5613 } 5614 /* Initialize RF frequency offset. */ 5615 run_adjust_freq_offset(sc); 5616 } else if (sc->mac_ver == 0x5392) { 5617 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5618 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5619 rt5392_def_rf[i].val); 5620 } 5621 if (sc->mac_rev >= 0x0223) { 5622 run_rt3070_rf_write(sc, 23, 0x0f); 5623 run_rt3070_rf_write(sc, 24, 0x3e); 5624 run_rt3070_rf_write(sc, 51, 0x32); 5625 run_rt3070_rf_write(sc, 53, 0x22); 5626 run_rt3070_rf_write(sc, 56, 0xc1); 5627 run_rt3070_rf_write(sc, 59, 0x0f); 5628 } 5629 } else { 5630 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5631 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5632 rt5390_def_rf[i].val); 5633 } 5634 if (sc->mac_rev >= 0x0502) { 5635 run_rt3070_rf_write(sc, 6, 0xe0); 5636 run_rt3070_rf_write(sc, 25, 0x80); 5637 run_rt3070_rf_write(sc, 46, 0x73); 5638 run_rt3070_rf_write(sc, 53, 0x00); 5639 run_rt3070_rf_write(sc, 56, 0x42); 5640 run_rt3070_rf_write(sc, 61, 0xd1); 5641 } 5642 } 5643 5644 sc->rf24_20mhz = 0x1f; /* default value */ 5645 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5646 5647 if (sc->mac_rev < 0x0211) 5648 run_rt3070_rf_write(sc, 27, 0x3); 5649 5650 run_read(sc, RT3070_OPT_14, &tmp); 5651 run_write(sc, RT3070_OPT_14, tmp | 1); 5652 } 5653 5654 static int 5655 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5656 uint8_t *val) 5657 { 5658 uint8_t rf22, rf24; 5659 uint8_t bbp55_pb, bbp55_sb, delta; 5660 int ntries; 5661 5662 /* program filter */ 5663 run_rt3070_rf_read(sc, 24, &rf24); 5664 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5665 run_rt3070_rf_write(sc, 24, rf24); 5666 5667 /* enable baseband loopback mode */ 5668 run_rt3070_rf_read(sc, 22, &rf22); 5669 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5670 5671 /* set power and frequency of passband test tone */ 5672 run_bbp_write(sc, 24, 0x00); 5673 for (ntries = 0; ntries < 100; ntries++) { 5674 /* transmit test tone */ 5675 run_bbp_write(sc, 25, 0x90); 5676 run_delay(sc, 10); 5677 /* read received power */ 5678 run_bbp_read(sc, 55, &bbp55_pb); 5679 if (bbp55_pb != 0) 5680 break; 5681 } 5682 if (ntries == 100) 5683 return (ETIMEDOUT); 5684 5685 /* set power and frequency of stopband test tone */ 5686 run_bbp_write(sc, 24, 0x06); 5687 for (ntries = 0; ntries < 100; ntries++) { 5688 /* transmit test tone */ 5689 run_bbp_write(sc, 25, 0x90); 5690 run_delay(sc, 10); 5691 /* read received power */ 5692 run_bbp_read(sc, 55, &bbp55_sb); 5693 5694 delta = bbp55_pb - bbp55_sb; 5695 if (delta > target) 5696 break; 5697 5698 /* reprogram filter */ 5699 rf24++; 5700 run_rt3070_rf_write(sc, 24, rf24); 5701 } 5702 if (ntries < 100) { 5703 if (rf24 != init) 5704 rf24--; /* backtrack */ 5705 *val = rf24; 5706 run_rt3070_rf_write(sc, 24, rf24); 5707 } 5708 5709 /* restore initial state */ 5710 run_bbp_write(sc, 24, 0x00); 5711 5712 /* disable baseband loopback mode */ 5713 run_rt3070_rf_read(sc, 22, &rf22); 5714 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5715 5716 return (0); 5717 } 5718 5719 static void 5720 run_rt3070_rf_setup(struct run_softc *sc) 5721 { 5722 uint8_t bbp, rf; 5723 int i; 5724 5725 if (sc->mac_ver == 0x3572) { 5726 /* enable DC filter */ 5727 if (sc->mac_rev >= 0x0201) 5728 run_bbp_write(sc, 103, 0xc0); 5729 5730 run_bbp_read(sc, 138, &bbp); 5731 if (sc->ntxchains == 1) 5732 bbp |= 0x20; /* turn off DAC1 */ 5733 if (sc->nrxchains == 1) 5734 bbp &= ~0x02; /* turn off ADC1 */ 5735 run_bbp_write(sc, 138, bbp); 5736 5737 if (sc->mac_rev >= 0x0211) { 5738 /* improve power consumption */ 5739 run_bbp_read(sc, 31, &bbp); 5740 run_bbp_write(sc, 31, bbp & ~0x03); 5741 } 5742 5743 run_rt3070_rf_read(sc, 16, &rf); 5744 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5745 run_rt3070_rf_write(sc, 16, rf); 5746 5747 } else if (sc->mac_ver == 0x3071) { 5748 if (sc->mac_rev >= 0x0211) { 5749 /* enable DC filter */ 5750 run_bbp_write(sc, 103, 0xc0); 5751 5752 /* improve power consumption */ 5753 run_bbp_read(sc, 31, &bbp); 5754 run_bbp_write(sc, 31, bbp & ~0x03); 5755 } 5756 5757 run_bbp_read(sc, 138, &bbp); 5758 if (sc->ntxchains == 1) 5759 bbp |= 0x20; /* turn off DAC1 */ 5760 if (sc->nrxchains == 1) 5761 bbp &= ~0x02; /* turn off ADC1 */ 5762 run_bbp_write(sc, 138, bbp); 5763 5764 run_write(sc, RT2860_TX_SW_CFG1, 0); 5765 if (sc->mac_rev < 0x0211) { 5766 run_write(sc, RT2860_TX_SW_CFG2, 5767 sc->patch_dac ? 0x2c : 0x0f); 5768 } else 5769 run_write(sc, RT2860_TX_SW_CFG2, 0); 5770 5771 } else if (sc->mac_ver == 0x3070) { 5772 if (sc->mac_rev >= 0x0201) { 5773 /* enable DC filter */ 5774 run_bbp_write(sc, 103, 0xc0); 5775 5776 /* improve power consumption */ 5777 run_bbp_read(sc, 31, &bbp); 5778 run_bbp_write(sc, 31, bbp & ~0x03); 5779 } 5780 5781 if (sc->mac_rev < 0x0201) { 5782 run_write(sc, RT2860_TX_SW_CFG1, 0); 5783 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5784 } else 5785 run_write(sc, RT2860_TX_SW_CFG2, 0); 5786 } 5787 5788 /* initialize RF registers from ROM for >=RT3071*/ 5789 if (sc->mac_ver >= 0x3071) { 5790 for (i = 0; i < 10; i++) { 5791 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5792 continue; 5793 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5794 } 5795 } 5796 } 5797 5798 static void 5799 run_rt3593_rf_setup(struct run_softc *sc) 5800 { 5801 uint8_t bbp, rf; 5802 5803 if (sc->mac_rev >= 0x0211) { 5804 /* Enable DC filter. */ 5805 run_bbp_write(sc, 103, 0xc0); 5806 } 5807 run_write(sc, RT2860_TX_SW_CFG1, 0); 5808 if (sc->mac_rev < 0x0211) { 5809 run_write(sc, RT2860_TX_SW_CFG2, 5810 sc->patch_dac ? 0x2c : 0x0f); 5811 } else 5812 run_write(sc, RT2860_TX_SW_CFG2, 0); 5813 5814 run_rt3070_rf_read(sc, 50, &rf); 5815 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5816 5817 run_rt3070_rf_read(sc, 51, &rf); 5818 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5819 ((sc->txmixgain_2ghz & 0x07) << 2); 5820 run_rt3070_rf_write(sc, 51, rf); 5821 5822 run_rt3070_rf_read(sc, 38, &rf); 5823 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5824 5825 run_rt3070_rf_read(sc, 39, &rf); 5826 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5827 5828 run_rt3070_rf_read(sc, 1, &rf); 5829 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5830 5831 run_rt3070_rf_read(sc, 30, &rf); 5832 rf = (rf & ~0x18) | 0x10; 5833 run_rt3070_rf_write(sc, 30, rf); 5834 5835 /* Apply maximum likelihood detection for 2 stream case. */ 5836 run_bbp_read(sc, 105, &bbp); 5837 if (sc->nrxchains > 1) 5838 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5839 5840 /* Avoid data lost and CRC error. */ 5841 run_bbp_read(sc, 4, &bbp); 5842 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5843 5844 run_bbp_write(sc, 92, 0x02); 5845 run_bbp_write(sc, 82, 0x82); 5846 run_bbp_write(sc, 106, 0x05); 5847 run_bbp_write(sc, 104, 0x92); 5848 run_bbp_write(sc, 88, 0x90); 5849 run_bbp_write(sc, 148, 0xc8); 5850 run_bbp_write(sc, 47, 0x48); 5851 run_bbp_write(sc, 120, 0x50); 5852 5853 run_bbp_write(sc, 163, 0x9d); 5854 5855 /* SNR mapping. */ 5856 run_bbp_write(sc, 142, 0x06); 5857 run_bbp_write(sc, 143, 0xa0); 5858 run_bbp_write(sc, 142, 0x07); 5859 run_bbp_write(sc, 143, 0xa1); 5860 run_bbp_write(sc, 142, 0x08); 5861 run_bbp_write(sc, 143, 0xa2); 5862 5863 run_bbp_write(sc, 31, 0x08); 5864 run_bbp_write(sc, 68, 0x0b); 5865 run_bbp_write(sc, 105, 0x04); 5866 } 5867 5868 static void 5869 run_rt5390_rf_setup(struct run_softc *sc) 5870 { 5871 uint8_t bbp, rf; 5872 5873 if (sc->mac_rev >= 0x0211) { 5874 /* Enable DC filter. */ 5875 run_bbp_write(sc, 103, 0xc0); 5876 5877 if (sc->mac_ver != 0x5592) { 5878 /* Improve power consumption. */ 5879 run_bbp_read(sc, 31, &bbp); 5880 run_bbp_write(sc, 31, bbp & ~0x03); 5881 } 5882 } 5883 5884 run_bbp_read(sc, 138, &bbp); 5885 if (sc->ntxchains == 1) 5886 bbp |= 0x20; /* turn off DAC1 */ 5887 if (sc->nrxchains == 1) 5888 bbp &= ~0x02; /* turn off ADC1 */ 5889 run_bbp_write(sc, 138, bbp); 5890 5891 run_rt3070_rf_read(sc, 38, &rf); 5892 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5893 5894 run_rt3070_rf_read(sc, 39, &rf); 5895 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5896 5897 /* Avoid data lost and CRC error. */ 5898 run_bbp_read(sc, 4, &bbp); 5899 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5900 5901 run_rt3070_rf_read(sc, 30, &rf); 5902 rf = (rf & ~0x18) | 0x10; 5903 run_rt3070_rf_write(sc, 30, rf); 5904 5905 if (sc->mac_ver != 0x5592) { 5906 run_write(sc, RT2860_TX_SW_CFG1, 0); 5907 if (sc->mac_rev < 0x0211) { 5908 run_write(sc, RT2860_TX_SW_CFG2, 5909 sc->patch_dac ? 0x2c : 0x0f); 5910 } else 5911 run_write(sc, RT2860_TX_SW_CFG2, 0); 5912 } 5913 } 5914 5915 static int 5916 run_txrx_enable(struct run_softc *sc) 5917 { 5918 struct ieee80211com *ic = &sc->sc_ic; 5919 uint32_t tmp; 5920 int error, ntries; 5921 5922 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5923 for (ntries = 0; ntries < 200; ntries++) { 5924 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5925 return (error); 5926 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5927 break; 5928 run_delay(sc, 50); 5929 } 5930 if (ntries == 200) 5931 return (ETIMEDOUT); 5932 5933 run_delay(sc, 50); 5934 5935 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5936 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5937 5938 /* enable Rx bulk aggregation (set timeout and limit) */ 5939 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5940 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5941 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5942 5943 /* set Rx filter */ 5944 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5945 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5946 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5947 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5948 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5949 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5950 if (ic->ic_opmode == IEEE80211_M_STA) 5951 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5952 } 5953 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5954 5955 run_write(sc, RT2860_MAC_SYS_CTRL, 5956 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5957 5958 return (0); 5959 } 5960 5961 static void 5962 run_adjust_freq_offset(struct run_softc *sc) 5963 { 5964 uint8_t rf, tmp; 5965 5966 run_rt3070_rf_read(sc, 17, &rf); 5967 tmp = rf; 5968 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5969 rf = MIN(rf, 0x5f); 5970 5971 if (tmp != rf) 5972 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5973 } 5974 5975 static void 5976 run_init_locked(struct run_softc *sc) 5977 { 5978 struct ieee80211com *ic = &sc->sc_ic; 5979 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5980 uint32_t tmp; 5981 uint8_t bbp1, bbp3; 5982 int i; 5983 int ridx; 5984 int ntries; 5985 5986 if (ic->ic_nrunning > 1) 5987 return; 5988 5989 run_stop(sc); 5990 5991 if (run_load_microcode(sc) != 0) { 5992 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5993 goto fail; 5994 } 5995 5996 for (ntries = 0; ntries < 100; ntries++) { 5997 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5998 goto fail; 5999 if (tmp != 0 && tmp != 0xffffffff) 6000 break; 6001 run_delay(sc, 10); 6002 } 6003 if (ntries == 100) 6004 goto fail; 6005 6006 for (i = 0; i != RUN_EP_QUEUES; i++) 6007 run_setup_tx_list(sc, &sc->sc_epq[i]); 6008 6009 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6010 6011 for (ntries = 0; ntries < 100; ntries++) { 6012 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6013 goto fail; 6014 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6015 break; 6016 run_delay(sc, 10); 6017 } 6018 if (ntries == 100) { 6019 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6020 goto fail; 6021 } 6022 tmp &= 0xff0; 6023 tmp |= RT2860_TX_WB_DDONE; 6024 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6025 6026 /* turn off PME_OEN to solve high-current issue */ 6027 run_read(sc, RT2860_SYS_CTRL, &tmp); 6028 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6029 6030 run_write(sc, RT2860_MAC_SYS_CTRL, 6031 RT2860_BBP_HRST | RT2860_MAC_SRST); 6032 run_write(sc, RT2860_USB_DMA_CFG, 0); 6033 6034 if (run_reset(sc) != 0) { 6035 device_printf(sc->sc_dev, "could not reset chipset\n"); 6036 goto fail; 6037 } 6038 6039 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6040 6041 /* init Tx power for all Tx rates (from EEPROM) */ 6042 for (ridx = 0; ridx < 5; ridx++) { 6043 if (sc->txpow20mhz[ridx] == 0xffffffff) 6044 continue; 6045 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6046 } 6047 6048 for (i = 0; i < nitems(rt2870_def_mac); i++) 6049 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6050 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6051 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6052 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6053 6054 if (sc->mac_ver >= 0x5390) { 6055 run_write(sc, RT2860_TX_SW_CFG0, 6056 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6057 if (sc->mac_ver >= 0x5392) { 6058 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6059 if (sc->mac_ver == 0x5592) { 6060 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6061 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6062 } else { 6063 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6064 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6065 } 6066 } 6067 } else if (sc->mac_ver == 0x3593) { 6068 run_write(sc, RT2860_TX_SW_CFG0, 6069 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6070 } else if (sc->mac_ver >= 0x3070) { 6071 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6072 run_write(sc, RT2860_TX_SW_CFG0, 6073 4 << RT2860_DLY_PAPE_EN_SHIFT); 6074 } 6075 6076 /* wait while MAC is busy */ 6077 for (ntries = 0; ntries < 100; ntries++) { 6078 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6079 goto fail; 6080 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6081 break; 6082 run_delay(sc, 10); 6083 } 6084 if (ntries == 100) 6085 goto fail; 6086 6087 /* clear Host to MCU mailbox */ 6088 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6089 run_write(sc, RT2860_H2M_MAILBOX, 0); 6090 run_delay(sc, 10); 6091 6092 if (run_bbp_init(sc) != 0) { 6093 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6094 goto fail; 6095 } 6096 6097 /* abort TSF synchronization */ 6098 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6099 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6100 RT2860_TBTT_TIMER_EN); 6101 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6102 6103 /* clear RX WCID search table */ 6104 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6105 /* clear WCID attribute table */ 6106 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6107 6108 /* hostapd sets a key before init. So, don't clear it. */ 6109 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6110 /* clear shared key table */ 6111 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6112 /* clear shared key mode */ 6113 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6114 } 6115 6116 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6117 tmp = (tmp & ~0xff) | 0x1e; 6118 run_write(sc, RT2860_US_CYC_CNT, tmp); 6119 6120 if (sc->mac_rev != 0x0101) 6121 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6122 6123 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6124 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6125 6126 /* write vendor-specific BBP values (from EEPROM) */ 6127 if (sc->mac_ver < 0x3593) { 6128 for (i = 0; i < 10; i++) { 6129 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6130 continue; 6131 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6132 } 6133 } 6134 6135 /* select Main antenna for 1T1R devices */ 6136 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6137 run_set_rx_antenna(sc, 0); 6138 6139 /* send LEDs operating mode to microcontroller */ 6140 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6141 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6142 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6143 6144 if (sc->mac_ver >= 0x5390) 6145 run_rt5390_rf_init(sc); 6146 else if (sc->mac_ver == 0x3593) 6147 run_rt3593_rf_init(sc); 6148 else if (sc->mac_ver >= 0x3070) 6149 run_rt3070_rf_init(sc); 6150 6151 /* disable non-existing Rx chains */ 6152 run_bbp_read(sc, 3, &bbp3); 6153 bbp3 &= ~(1 << 3 | 1 << 4); 6154 if (sc->nrxchains == 2) 6155 bbp3 |= 1 << 3; 6156 else if (sc->nrxchains == 3) 6157 bbp3 |= 1 << 4; 6158 run_bbp_write(sc, 3, bbp3); 6159 6160 /* disable non-existing Tx chains */ 6161 run_bbp_read(sc, 1, &bbp1); 6162 if (sc->ntxchains == 1) 6163 bbp1 &= ~(1 << 3 | 1 << 4); 6164 run_bbp_write(sc, 1, bbp1); 6165 6166 if (sc->mac_ver >= 0x5390) 6167 run_rt5390_rf_setup(sc); 6168 else if (sc->mac_ver == 0x3593) 6169 run_rt3593_rf_setup(sc); 6170 else if (sc->mac_ver >= 0x3070) 6171 run_rt3070_rf_setup(sc); 6172 6173 /* select default channel */ 6174 run_set_chan(sc, ic->ic_curchan); 6175 6176 /* setup initial protection mode */ 6177 run_updateprot_cb(ic); 6178 6179 /* turn radio LED on */ 6180 run_set_leds(sc, RT2860_LED_RADIO); 6181 6182 sc->sc_flags |= RUN_RUNNING; 6183 sc->cmdq_run = RUN_CMDQ_GO; 6184 6185 for (i = 0; i != RUN_N_XFER; i++) 6186 usbd_xfer_set_stall(sc->sc_xfer[i]); 6187 6188 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6189 6190 if (run_txrx_enable(sc) != 0) 6191 goto fail; 6192 6193 return; 6194 6195 fail: 6196 run_stop(sc); 6197 } 6198 6199 static void 6200 run_stop(void *arg) 6201 { 6202 struct run_softc *sc = (struct run_softc *)arg; 6203 uint32_t tmp; 6204 int i; 6205 int ntries; 6206 6207 RUN_LOCK_ASSERT(sc, MA_OWNED); 6208 6209 if (sc->sc_flags & RUN_RUNNING) 6210 run_set_leds(sc, 0); /* turn all LEDs off */ 6211 6212 sc->sc_flags &= ~RUN_RUNNING; 6213 6214 sc->ratectl_run = RUN_RATECTL_OFF; 6215 sc->cmdq_run = sc->cmdq_key_set; 6216 6217 RUN_UNLOCK(sc); 6218 6219 for(i = 0; i < RUN_N_XFER; i++) 6220 usbd_transfer_drain(sc->sc_xfer[i]); 6221 6222 RUN_LOCK(sc); 6223 6224 run_drain_mbufq(sc); 6225 6226 if (sc->rx_m != NULL) { 6227 m_free(sc->rx_m); 6228 sc->rx_m = NULL; 6229 } 6230 6231 /* Disable Tx/Rx DMA. */ 6232 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6233 return; 6234 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6235 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6236 6237 for (ntries = 0; ntries < 100; ntries++) { 6238 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6239 return; 6240 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6241 break; 6242 run_delay(sc, 10); 6243 } 6244 if (ntries == 100) { 6245 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6246 return; 6247 } 6248 6249 /* disable Tx/Rx */ 6250 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6251 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6252 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6253 6254 /* wait for pending Tx to complete */ 6255 for (ntries = 0; ntries < 100; ntries++) { 6256 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6257 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6258 "Cannot read Tx queue count\n"); 6259 break; 6260 } 6261 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6262 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6263 "All Tx cleared\n"); 6264 break; 6265 } 6266 run_delay(sc, 10); 6267 } 6268 if (ntries >= 100) 6269 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6270 "There are still pending Tx\n"); 6271 run_delay(sc, 10); 6272 run_write(sc, RT2860_USB_DMA_CFG, 0); 6273 6274 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6275 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6276 6277 for (i = 0; i != RUN_EP_QUEUES; i++) 6278 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6279 } 6280 6281 static void 6282 run_delay(struct run_softc *sc, u_int ms) 6283 { 6284 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6285 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6286 } 6287 6288 static device_method_t run_methods[] = { 6289 /* Device interface */ 6290 DEVMETHOD(device_probe, run_match), 6291 DEVMETHOD(device_attach, run_attach), 6292 DEVMETHOD(device_detach, run_detach), 6293 DEVMETHOD_END 6294 }; 6295 6296 static driver_t run_driver = { 6297 .name = "run", 6298 .methods = run_methods, 6299 .size = sizeof(struct run_softc) 6300 }; 6301 6302 static devclass_t run_devclass; 6303 6304 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6305 MODULE_DEPEND(run, wlan, 1, 1, 1); 6306 MODULE_DEPEND(run, usb, 1, 1, 1); 6307 MODULE_DEPEND(run, firmware, 1, 1, 1); 6308 MODULE_VERSION(run, 1); 6309 USB_PNP_HOST_INFO(run_devs); 6310