1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_key_set_cb(void *); 385 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 386 static void run_key_delete_cb(void *); 387 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 388 static void run_ratectl_to(void *); 389 static void run_ratectl_cb(void *, int); 390 static void run_drain_fifo(void *); 391 static void run_iter_func(void *, struct ieee80211_node *); 392 static void run_newassoc_cb(void *); 393 static void run_newassoc(struct ieee80211_node *, int); 394 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 395 const struct ieee80211_rx_stats *, int, int); 396 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 397 static void run_tx_free(struct run_endpoint_queue *pq, 398 struct run_tx_data *, int); 399 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 400 static int run_tx(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402 static int run_tx_mgt(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_sendprot(struct run_softc *, const struct mbuf *, 405 struct ieee80211_node *, int, int); 406 static int run_tx_param(struct run_softc *, struct mbuf *, 407 struct ieee80211_node *, 408 const struct ieee80211_bpf_params *); 409 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 410 const struct ieee80211_bpf_params *); 411 static int run_transmit(struct ieee80211com *, struct mbuf *); 412 static void run_start(struct run_softc *); 413 static void run_parent(struct ieee80211com *); 414 static void run_iq_calib(struct run_softc *, u_int); 415 static void run_set_agc(struct run_softc *, uint8_t); 416 static void run_select_chan_group(struct run_softc *, int); 417 static void run_set_rx_antenna(struct run_softc *, int); 418 static void run_rt2870_set_chan(struct run_softc *, u_int); 419 static void run_rt3070_set_chan(struct run_softc *, u_int); 420 static void run_rt3572_set_chan(struct run_softc *, u_int); 421 static void run_rt3593_set_chan(struct run_softc *, u_int); 422 static void run_rt5390_set_chan(struct run_softc *, u_int); 423 static void run_rt5592_set_chan(struct run_softc *, u_int); 424 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 425 static void run_set_channel(struct ieee80211com *); 426 static void run_scan_start(struct ieee80211com *); 427 static void run_scan_end(struct ieee80211com *); 428 static void run_update_beacon(struct ieee80211vap *, int); 429 static void run_update_beacon_cb(void *); 430 static void run_updateprot(struct ieee80211com *); 431 static void run_updateprot_cb(void *); 432 static void run_usb_timeout_cb(void *); 433 static void run_reset_livelock(struct run_softc *); 434 static void run_enable_tsf_sync(struct run_softc *); 435 static void run_enable_tsf(struct run_softc *); 436 static void run_get_tsf(struct run_softc *, uint64_t *); 437 static void run_enable_mrr(struct run_softc *); 438 static void run_set_txpreamble(struct run_softc *); 439 static void run_set_basicrates(struct run_softc *); 440 static void run_set_leds(struct run_softc *, uint16_t); 441 static void run_set_bssid(struct run_softc *, const uint8_t *); 442 static void run_set_macaddr(struct run_softc *, const uint8_t *); 443 static void run_updateslot(struct ieee80211com *); 444 static void run_updateslot_cb(void *); 445 static void run_update_mcast(struct ieee80211com *); 446 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 447 static void run_update_promisc_locked(struct run_softc *); 448 static void run_update_promisc(struct ieee80211com *); 449 static void run_rt5390_bbp_init(struct run_softc *); 450 static int run_bbp_init(struct run_softc *); 451 static int run_rt3070_rf_init(struct run_softc *); 452 static void run_rt3593_rf_init(struct run_softc *); 453 static void run_rt5390_rf_init(struct run_softc *); 454 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 455 uint8_t *); 456 static void run_rt3070_rf_setup(struct run_softc *); 457 static void run_rt3593_rf_setup(struct run_softc *); 458 static void run_rt5390_rf_setup(struct run_softc *); 459 static int run_txrx_enable(struct run_softc *); 460 static void run_adjust_freq_offset(struct run_softc *); 461 static void run_init_locked(struct run_softc *); 462 static void run_stop(void *); 463 static void run_delay(struct run_softc *, u_int); 464 465 static eventhandler_tag run_etag; 466 467 static const struct rt2860_rate { 468 uint8_t rate; 469 uint8_t mcs; 470 enum ieee80211_phytype phy; 471 uint8_t ctl_ridx; 472 uint16_t sp_ack_dur; 473 uint16_t lp_ack_dur; 474 } rt2860_rates[] = { 475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 487 }; 488 489 static const struct { 490 uint16_t reg; 491 uint32_t val; 492 } rt2870_def_mac[] = { 493 RT2870_DEF_MAC 494 }; 495 496 static const struct { 497 uint8_t reg; 498 uint8_t val; 499 } rt2860_def_bbp[] = { 500 RT2860_DEF_BBP 501 },rt5390_def_bbp[] = { 502 RT5390_DEF_BBP 503 },rt5592_def_bbp[] = { 504 RT5592_DEF_BBP 505 }; 506 507 /* 508 * Default values for BBP register R196 for RT5592. 509 */ 510 static const uint8_t rt5592_bbp_r196[] = { 511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 519 0x2e, 0x36, 0x30, 0x6e 520 }; 521 522 static const struct rfprog { 523 uint8_t chan; 524 uint32_t r1, r2, r3, r4; 525 } rt2860_rf2850[] = { 526 RT2860_RF2850 527 }; 528 529 struct { 530 uint8_t n, r, k; 531 } rt3070_freqs[] = { 532 RT3070_RF3052 533 }; 534 535 static const struct rt5592_freqs { 536 uint16_t n; 537 uint8_t k, m, r; 538 } rt5592_freqs_20mhz[] = { 539 RT5592_RF5592_20MHZ 540 },rt5592_freqs_40mhz[] = { 541 RT5592_RF5592_40MHZ 542 }; 543 544 static const struct { 545 uint8_t reg; 546 uint8_t val; 547 } rt3070_def_rf[] = { 548 RT3070_DEF_RF 549 },rt3572_def_rf[] = { 550 RT3572_DEF_RF 551 },rt3593_def_rf[] = { 552 RT3593_DEF_RF 553 },rt5390_def_rf[] = { 554 RT5390_DEF_RF 555 },rt5392_def_rf[] = { 556 RT5392_DEF_RF 557 },rt5592_def_rf[] = { 558 RT5592_DEF_RF 559 },rt5592_2ghz_def_rf[] = { 560 RT5592_2GHZ_DEF_RF 561 },rt5592_5ghz_def_rf[] = { 562 RT5592_5GHZ_DEF_RF 563 }; 564 565 static const struct { 566 u_int firstchan; 567 u_int lastchan; 568 uint8_t reg; 569 uint8_t val; 570 } rt5592_chan_5ghz[] = { 571 RT5592_CHAN_5GHZ 572 }; 573 574 static const struct usb_config run_config[RUN_N_XFER] = { 575 [RUN_BULK_TX_BE] = { 576 .type = UE_BULK, 577 .endpoint = UE_ADDR_ANY, 578 .ep_index = 0, 579 .direction = UE_DIR_OUT, 580 .bufsize = RUN_MAX_TXSZ, 581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 582 .callback = run_bulk_tx_callback0, 583 .timeout = 5000, /* ms */ 584 }, 585 [RUN_BULK_TX_BK] = { 586 .type = UE_BULK, 587 .endpoint = UE_ADDR_ANY, 588 .direction = UE_DIR_OUT, 589 .ep_index = 1, 590 .bufsize = RUN_MAX_TXSZ, 591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 592 .callback = run_bulk_tx_callback1, 593 .timeout = 5000, /* ms */ 594 }, 595 [RUN_BULK_TX_VI] = { 596 .type = UE_BULK, 597 .endpoint = UE_ADDR_ANY, 598 .direction = UE_DIR_OUT, 599 .ep_index = 2, 600 .bufsize = RUN_MAX_TXSZ, 601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 602 .callback = run_bulk_tx_callback2, 603 .timeout = 5000, /* ms */ 604 }, 605 [RUN_BULK_TX_VO] = { 606 .type = UE_BULK, 607 .endpoint = UE_ADDR_ANY, 608 .direction = UE_DIR_OUT, 609 .ep_index = 3, 610 .bufsize = RUN_MAX_TXSZ, 611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 612 .callback = run_bulk_tx_callback3, 613 .timeout = 5000, /* ms */ 614 }, 615 [RUN_BULK_TX_HCCA] = { 616 .type = UE_BULK, 617 .endpoint = UE_ADDR_ANY, 618 .direction = UE_DIR_OUT, 619 .ep_index = 4, 620 .bufsize = RUN_MAX_TXSZ, 621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 622 .callback = run_bulk_tx_callback4, 623 .timeout = 5000, /* ms */ 624 }, 625 [RUN_BULK_TX_PRIO] = { 626 .type = UE_BULK, 627 .endpoint = UE_ADDR_ANY, 628 .direction = UE_DIR_OUT, 629 .ep_index = 5, 630 .bufsize = RUN_MAX_TXSZ, 631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 632 .callback = run_bulk_tx_callback5, 633 .timeout = 5000, /* ms */ 634 }, 635 [RUN_BULK_RX] = { 636 .type = UE_BULK, 637 .endpoint = UE_ADDR_ANY, 638 .direction = UE_DIR_IN, 639 .bufsize = RUN_MAX_RXSZ, 640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 641 .callback = run_bulk_rx_callback, 642 } 643 }; 644 645 static void 646 run_autoinst(void *arg, struct usb_device *udev, 647 struct usb_attach_arg *uaa) 648 { 649 struct usb_interface *iface; 650 struct usb_interface_descriptor *id; 651 652 if (uaa->dev_state != UAA_DEV_READY) 653 return; 654 655 iface = usbd_get_iface(udev, 0); 656 if (iface == NULL) 657 return; 658 id = iface->idesc; 659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 660 return; 661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 662 return; 663 664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 665 uaa->dev_state = UAA_DEV_EJECTING; 666 } 667 668 static int 669 run_driver_loaded(struct module *mod, int what, void *arg) 670 { 671 switch (what) { 672 case MOD_LOAD: 673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 675 break; 676 case MOD_UNLOAD: 677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 678 break; 679 default: 680 return (EOPNOTSUPP); 681 } 682 return (0); 683 } 684 685 static int 686 run_match(device_t self) 687 { 688 struct usb_attach_arg *uaa = device_get_ivars(self); 689 690 if (uaa->usb_mode != USB_MODE_HOST) 691 return (ENXIO); 692 if (uaa->info.bConfigIndex != 0) 693 return (ENXIO); 694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 695 return (ENXIO); 696 697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 698 } 699 700 static int 701 run_attach(device_t self) 702 { 703 struct run_softc *sc = device_get_softc(self); 704 struct usb_attach_arg *uaa = device_get_ivars(self); 705 struct ieee80211com *ic = &sc->sc_ic; 706 uint32_t ver; 707 uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)]; 708 uint8_t iface_index; 709 int ntries, error; 710 711 device_set_usb_desc(self); 712 sc->sc_udev = uaa->device; 713 sc->sc_dev = self; 714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 716 717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 718 MTX_NETWORK_LOCK, MTX_DEF); 719 mbufq_init(&sc->sc_snd, ifqmaxlen); 720 721 iface_index = RT2860_IFACE_INDEX; 722 723 error = usbd_transfer_setup(uaa->device, &iface_index, 724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 725 if (error) { 726 device_printf(self, "could not allocate USB transfers, " 727 "err=%s\n", usbd_errstr(error)); 728 goto detach; 729 } 730 731 RUN_LOCK(sc); 732 733 /* wait for the chip to settle */ 734 for (ntries = 0; ntries < 100; ntries++) { 735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 736 RUN_UNLOCK(sc); 737 goto detach; 738 } 739 if (ver != 0 && ver != 0xffffffff) 740 break; 741 run_delay(sc, 10); 742 } 743 if (ntries == 100) { 744 device_printf(sc->sc_dev, 745 "timeout waiting for NIC to initialize\n"); 746 RUN_UNLOCK(sc); 747 goto detach; 748 } 749 sc->mac_ver = ver >> 16; 750 sc->mac_rev = ver & 0xffff; 751 752 /* retrieve RF rev. no and various other things from EEPROM */ 753 run_read_eeprom(sc); 754 755 device_printf(sc->sc_dev, 756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 759 760 RUN_UNLOCK(sc); 761 762 ic->ic_softc = sc; 763 ic->ic_name = device_get_nameunit(self); 764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 766 767 /* set device capabilities */ 768 ic->ic_caps = 769 IEEE80211_C_STA | /* station mode supported */ 770 IEEE80211_C_MONITOR | /* monitor mode supported */ 771 IEEE80211_C_IBSS | 772 IEEE80211_C_HOSTAP | 773 IEEE80211_C_WDS | /* 4-address traffic works */ 774 IEEE80211_C_MBSS | 775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 776 IEEE80211_C_SHSLOT | /* short slot time supported */ 777 IEEE80211_C_WME | /* WME */ 778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 779 780 ic->ic_cryptocaps = 781 IEEE80211_CRYPTO_WEP | 782 IEEE80211_CRYPTO_AES_CCM | 783 IEEE80211_CRYPTO_TKIPMIC | 784 IEEE80211_CRYPTO_TKIP; 785 786 ic->ic_flags |= IEEE80211_F_DATAPAD; 787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 788 789 memset(bands, 0, sizeof(bands)); 790 setbit(bands, IEEE80211_MODE_11B); 791 setbit(bands, IEEE80211_MODE_11G); 792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 794 sc->rf_rev == RT5592_RF_5592) 795 setbit(bands, IEEE80211_MODE_11A); 796 ieee80211_init_channels(ic, NULL, bands); 797 798 ieee80211_ifattach(ic); 799 800 ic->ic_scan_start = run_scan_start; 801 ic->ic_scan_end = run_scan_end; 802 ic->ic_set_channel = run_set_channel; 803 ic->ic_node_alloc = run_node_alloc; 804 ic->ic_newassoc = run_newassoc; 805 ic->ic_updateslot = run_updateslot; 806 ic->ic_update_mcast = run_update_mcast; 807 ic->ic_wme.wme_update = run_wme_update; 808 ic->ic_raw_xmit = run_raw_xmit; 809 ic->ic_update_promisc = run_update_promisc; 810 ic->ic_vap_create = run_vap_create; 811 ic->ic_vap_delete = run_vap_delete; 812 ic->ic_transmit = run_transmit; 813 ic->ic_parent = run_parent; 814 815 ieee80211_radiotap_attach(ic, 816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 817 RUN_TX_RADIOTAP_PRESENT, 818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 819 RUN_RX_RADIOTAP_PRESENT); 820 821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 824 825 if (bootverbose) 826 ieee80211_announce(ic); 827 828 return (0); 829 830 detach: 831 run_detach(self); 832 return (ENXIO); 833 } 834 835 static void 836 run_drain_mbufq(struct run_softc *sc) 837 { 838 struct mbuf *m; 839 struct ieee80211_node *ni; 840 841 RUN_LOCK_ASSERT(sc, MA_OWNED); 842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 844 m->m_pkthdr.rcvif = NULL; 845 ieee80211_free_node(ni); 846 m_freem(m); 847 } 848 } 849 850 static int 851 run_detach(device_t self) 852 { 853 struct run_softc *sc = device_get_softc(self); 854 struct ieee80211com *ic = &sc->sc_ic; 855 int i; 856 857 RUN_LOCK(sc); 858 sc->sc_detached = 1; 859 RUN_UNLOCK(sc); 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 872 /* Free TX queue */ 873 run_drain_mbufq(sc); 874 RUN_UNLOCK(sc); 875 876 if (sc->sc_ic.ic_softc == sc) { 877 /* drain tasks */ 878 usb_callout_drain(&sc->ratectl_ch); 879 ieee80211_draintask(ic, &sc->cmdq_task); 880 ieee80211_draintask(ic, &sc->ratectl_task); 881 ieee80211_ifdetach(ic); 882 } 883 884 mtx_destroy(&sc->sc_mtx); 885 886 return (0); 887 } 888 889 static struct ieee80211vap * 890 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 891 enum ieee80211_opmode opmode, int flags, 892 const uint8_t bssid[IEEE80211_ADDR_LEN], 893 const uint8_t mac[IEEE80211_ADDR_LEN]) 894 { 895 struct run_softc *sc = ic->ic_softc; 896 struct run_vap *rvp; 897 struct ieee80211vap *vap; 898 int i; 899 900 if (sc->rvp_cnt >= RUN_VAP_MAX) { 901 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 902 return (NULL); 903 } 904 905 switch (opmode) { 906 case IEEE80211_M_STA: 907 /* enable s/w bmiss handling for sta mode */ 908 flags |= IEEE80211_CLONE_NOBEACONS; 909 /* fall though */ 910 case IEEE80211_M_IBSS: 911 case IEEE80211_M_MONITOR: 912 case IEEE80211_M_HOSTAP: 913 case IEEE80211_M_MBSS: 914 /* other than WDS vaps, only one at a time */ 915 if (!TAILQ_EMPTY(&ic->ic_vaps)) 916 return (NULL); 917 break; 918 case IEEE80211_M_WDS: 919 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 920 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 921 continue; 922 /* WDS vap's always share the local mac address. */ 923 flags &= ~IEEE80211_CLONE_BSSID; 924 break; 925 } 926 if (vap == NULL) { 927 device_printf(sc->sc_dev, 928 "wds only supported in ap mode\n"); 929 return (NULL); 930 } 931 break; 932 default: 933 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 934 return (NULL); 935 } 936 937 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 938 vap = &rvp->vap; 939 940 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 941 bssid) != 0) { 942 /* out of memory */ 943 free(rvp, M_80211_VAP); 944 return (NULL); 945 } 946 947 vap->iv_update_beacon = run_update_beacon; 948 vap->iv_max_aid = RT2870_WCID_MAX; 949 /* 950 * To delete the right key from h/w, we need wcid. 951 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 952 * and matching wcid will be written into there. So, cast 953 * some spells to remove 'const' from ieee80211_key{} 954 */ 955 vap->iv_key_delete = (void *)run_key_delete; 956 vap->iv_key_set = (void *)run_key_set; 957 958 /* override state transition machine */ 959 rvp->newstate = vap->iv_newstate; 960 vap->iv_newstate = run_newstate; 961 if (opmode == IEEE80211_M_IBSS) { 962 rvp->recv_mgmt = vap->iv_recv_mgmt; 963 vap->iv_recv_mgmt = run_recv_mgmt; 964 } 965 966 ieee80211_ratectl_init(vap); 967 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 968 969 /* complete setup */ 970 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 971 mac); 972 973 /* make sure id is always unique */ 974 for (i = 0; i < RUN_VAP_MAX; i++) { 975 if((sc->rvp_bmap & 1 << i) == 0){ 976 sc->rvp_bmap |= 1 << i; 977 rvp->rvp_id = i; 978 break; 979 } 980 } 981 if (sc->rvp_cnt++ == 0) 982 ic->ic_opmode = opmode; 983 984 if (opmode == IEEE80211_M_HOSTAP) 985 sc->cmdq_run = RUN_CMDQ_GO; 986 987 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 988 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 989 990 return (vap); 991 } 992 993 static void 994 run_vap_delete(struct ieee80211vap *vap) 995 { 996 struct run_vap *rvp = RUN_VAP(vap); 997 struct ieee80211com *ic; 998 struct run_softc *sc; 999 uint8_t rvp_id; 1000 1001 if (vap == NULL) 1002 return; 1003 1004 ic = vap->iv_ic; 1005 sc = ic->ic_softc; 1006 1007 RUN_LOCK(sc); 1008 1009 m_freem(rvp->beacon_mbuf); 1010 rvp->beacon_mbuf = NULL; 1011 1012 rvp_id = rvp->rvp_id; 1013 sc->ratectl_run &= ~(1 << rvp_id); 1014 sc->rvp_bmap &= ~(1 << rvp_id); 1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1017 --sc->rvp_cnt; 1018 1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1021 1022 RUN_UNLOCK(sc); 1023 1024 ieee80211_ratectl_deinit(vap); 1025 ieee80211_vap_detach(vap); 1026 free(rvp, M_80211_VAP); 1027 } 1028 1029 /* 1030 * There are numbers of functions need to be called in context thread. 1031 * Rather than creating taskqueue event for each of those functions, 1032 * here is all-for-one taskqueue callback function. This function 1033 * gurantees deferred functions are executed in the same order they 1034 * were enqueued. 1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1036 */ 1037 static void 1038 run_cmdq_cb(void *arg, int pending) 1039 { 1040 struct run_softc *sc = arg; 1041 uint8_t i; 1042 1043 /* call cmdq[].func locked */ 1044 RUN_LOCK(sc); 1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1046 i = sc->cmdq_exec, pending--) { 1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1048 if (sc->cmdq_run == RUN_CMDQ_GO) { 1049 /* 1050 * If arg0 is NULL, callback func needs more 1051 * than one arg. So, pass ptr to cmdq struct. 1052 */ 1053 if (sc->cmdq[i].arg0) 1054 sc->cmdq[i].func(sc->cmdq[i].arg0); 1055 else 1056 sc->cmdq[i].func(&sc->cmdq[i]); 1057 } 1058 sc->cmdq[i].arg0 = NULL; 1059 sc->cmdq[i].func = NULL; 1060 sc->cmdq_exec++; 1061 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1062 } 1063 RUN_UNLOCK(sc); 1064 } 1065 1066 static void 1067 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1068 { 1069 struct run_tx_data *data; 1070 1071 memset(pq, 0, sizeof(*pq)); 1072 1073 STAILQ_INIT(&pq->tx_qh); 1074 STAILQ_INIT(&pq->tx_fh); 1075 1076 for (data = &pq->tx_data[0]; 1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1078 data->sc = sc; 1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1080 } 1081 pq->tx_nfree = RUN_TX_RING_COUNT; 1082 } 1083 1084 static void 1085 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1086 { 1087 struct run_tx_data *data; 1088 1089 /* make sure any subsequent use of the queues will fail */ 1090 pq->tx_nfree = 0; 1091 STAILQ_INIT(&pq->tx_fh); 1092 STAILQ_INIT(&pq->tx_qh); 1093 1094 /* free up all node references and mbufs */ 1095 for (data = &pq->tx_data[0]; 1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1097 if (data->m != NULL) { 1098 m_freem(data->m); 1099 data->m = NULL; 1100 } 1101 if (data->ni != NULL) { 1102 ieee80211_free_node(data->ni); 1103 data->ni = NULL; 1104 } 1105 } 1106 } 1107 1108 static int 1109 run_load_microcode(struct run_softc *sc) 1110 { 1111 usb_device_request_t req; 1112 const struct firmware *fw; 1113 const u_char *base; 1114 uint32_t tmp; 1115 int ntries, error; 1116 const uint64_t *temp; 1117 uint64_t bytes; 1118 1119 RUN_UNLOCK(sc); 1120 fw = firmware_get("runfw"); 1121 RUN_LOCK(sc); 1122 if (fw == NULL) { 1123 device_printf(sc->sc_dev, 1124 "failed loadfirmware of file %s\n", "runfw"); 1125 return ENOENT; 1126 } 1127 1128 if (fw->datasize != 8192) { 1129 device_printf(sc->sc_dev, 1130 "invalid firmware size (should be 8KB)\n"); 1131 error = EINVAL; 1132 goto fail; 1133 } 1134 1135 /* 1136 * RT3071/RT3072 use a different firmware 1137 * run-rt2870 (8KB) contains both, 1138 * first half (4KB) is for rt2870, 1139 * last half is for rt3071. 1140 */ 1141 base = fw->data; 1142 if ((sc->mac_ver) != 0x2860 && 1143 (sc->mac_ver) != 0x2872 && 1144 (sc->mac_ver) != 0x3070) { 1145 base += 4096; 1146 } 1147 1148 /* cheap sanity check */ 1149 temp = fw->data; 1150 bytes = *temp; 1151 if (bytes != be64toh(0xffffff0210280210ULL)) { 1152 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1153 error = EINVAL; 1154 goto fail; 1155 } 1156 1157 /* write microcode image */ 1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1162 } 1163 1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1165 req.bRequest = RT2870_RESET; 1166 USETW(req.wValue, 8); 1167 USETW(req.wIndex, 0); 1168 USETW(req.wLength, 0); 1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1170 != 0) { 1171 device_printf(sc->sc_dev, "firmware reset failed\n"); 1172 goto fail; 1173 } 1174 1175 run_delay(sc, 10); 1176 1177 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1178 run_write(sc, RT2860_H2M_MAILBOX, 0); 1179 run_write(sc, RT2860_H2M_INTSRC, 0); 1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1181 goto fail; 1182 1183 /* wait until microcontroller is ready */ 1184 for (ntries = 0; ntries < 1000; ntries++) { 1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1186 goto fail; 1187 if (tmp & RT2860_MCU_READY) 1188 break; 1189 run_delay(sc, 10); 1190 } 1191 if (ntries == 1000) { 1192 device_printf(sc->sc_dev, 1193 "timeout waiting for MCU to initialize\n"); 1194 error = ETIMEDOUT; 1195 goto fail; 1196 } 1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1198 (base == fw->data) ? "RT2870" : "RT3071", 1199 *(base + 4092), *(base + 4093)); 1200 1201 fail: 1202 firmware_put(fw, FIRMWARE_UNLOAD); 1203 return (error); 1204 } 1205 1206 static int 1207 run_reset(struct run_softc *sc) 1208 { 1209 usb_device_request_t req; 1210 1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1212 req.bRequest = RT2870_RESET; 1213 USETW(req.wValue, 1); 1214 USETW(req.wIndex, 0); 1215 USETW(req.wLength, 0); 1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1217 } 1218 1219 static usb_error_t 1220 run_do_request(struct run_softc *sc, 1221 struct usb_device_request *req, void *data) 1222 { 1223 usb_error_t err; 1224 int ntries = 10; 1225 1226 RUN_LOCK_ASSERT(sc, MA_OWNED); 1227 1228 while (ntries--) { 1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1230 req, data, 0, NULL, 250 /* ms */); 1231 if (err == 0) 1232 break; 1233 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1234 usbd_errstr(err)); 1235 run_delay(sc, 10); 1236 } 1237 return (err); 1238 } 1239 1240 static int 1241 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1242 { 1243 uint32_t tmp; 1244 int error; 1245 1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1247 if (error == 0) 1248 *val = le32toh(tmp); 1249 else 1250 *val = 0xffffffff; 1251 return (error); 1252 } 1253 1254 static int 1255 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1256 { 1257 usb_device_request_t req; 1258 1259 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1260 req.bRequest = RT2870_READ_REGION_1; 1261 USETW(req.wValue, 0); 1262 USETW(req.wIndex, reg); 1263 USETW(req.wLength, len); 1264 1265 return (run_do_request(sc, &req, buf)); 1266 } 1267 1268 static int 1269 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1270 { 1271 usb_device_request_t req; 1272 1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1274 req.bRequest = RT2870_WRITE_2; 1275 USETW(req.wValue, val); 1276 USETW(req.wIndex, reg); 1277 USETW(req.wLength, 0); 1278 1279 return (run_do_request(sc, &req, NULL)); 1280 } 1281 1282 static int 1283 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1284 { 1285 int error; 1286 1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1288 error = run_write_2(sc, reg + 2, val >> 16); 1289 return (error); 1290 } 1291 1292 static int 1293 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1294 int len) 1295 { 1296 #if 1 1297 int i, error = 0; 1298 /* 1299 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1300 * We thus issue multiple WRITE_2 commands instead. 1301 */ 1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1303 for (i = 0; i < len && error == 0; i += 2) 1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1305 return (error); 1306 #else 1307 usb_device_request_t req; 1308 int error = 0; 1309 1310 /* 1311 * NOTE: It appears the WRITE_REGION_1 command cannot be 1312 * passed a huge amount of data, which will crash the 1313 * firmware. Limit amount of data passed to 64-bytes at a 1314 * time. 1315 */ 1316 while (len > 0) { 1317 int delta = 64; 1318 if (delta > len) 1319 delta = len; 1320 1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1322 req.bRequest = RT2870_WRITE_REGION_1; 1323 USETW(req.wValue, 0); 1324 USETW(req.wIndex, reg); 1325 USETW(req.wLength, delta); 1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1327 if (error != 0) 1328 break; 1329 reg += delta; 1330 buf += delta; 1331 len -= delta; 1332 } 1333 return (error); 1334 #endif 1335 } 1336 1337 static int 1338 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1339 { 1340 int i, error = 0; 1341 1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1343 for (i = 0; i < len && error == 0; i += 4) 1344 error = run_write(sc, reg + i, val); 1345 return (error); 1346 } 1347 1348 static int 1349 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1350 { 1351 uint32_t tmp; 1352 uint16_t reg; 1353 int error, ntries; 1354 1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1356 return (error); 1357 1358 if (count == 2) 1359 addr *= 2; 1360 /*- 1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1362 * DATA0: F E D C 1363 * DATA1: B A 9 8 1364 * DATA2: 7 6 5 4 1365 * DATA3: 3 2 1 0 1366 */ 1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1369 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1370 for (ntries = 0; ntries < 100; ntries++) { 1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1372 return (error); 1373 if (!(tmp & RT3070_EFSROM_KICK)) 1374 break; 1375 run_delay(sc, 2); 1376 } 1377 if (ntries == 100) 1378 return (ETIMEDOUT); 1379 1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1381 *val = 0xffff; /* address not found */ 1382 return (0); 1383 } 1384 /* determine to which 32-bit register our 16-bit word belongs */ 1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1386 if ((error = run_read(sc, reg, &tmp)) != 0) 1387 return (error); 1388 1389 tmp >>= (8 * (addr & 0x3)); 1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1391 1392 return (0); 1393 } 1394 1395 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1396 static int 1397 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1398 { 1399 return (run_efuse_read(sc, addr, val, 2)); 1400 } 1401 1402 static int 1403 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1404 { 1405 usb_device_request_t req; 1406 uint16_t tmp; 1407 int error; 1408 1409 addr *= 2; 1410 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1411 req.bRequest = RT2870_EEPROM_READ; 1412 USETW(req.wValue, 0); 1413 USETW(req.wIndex, addr); 1414 USETW(req.wLength, sizeof(tmp)); 1415 1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1417 if (error == 0) 1418 *val = le16toh(tmp); 1419 else 1420 *val = 0xffff; 1421 return (error); 1422 } 1423 1424 static __inline int 1425 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426 { 1427 /* either eFUSE ROM or EEPROM */ 1428 return sc->sc_srom_read(sc, addr, val); 1429 } 1430 1431 static int 1432 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1433 { 1434 uint32_t tmp; 1435 int error, ntries; 1436 1437 for (ntries = 0; ntries < 10; ntries++) { 1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1439 return (error); 1440 if (!(tmp & RT2860_RF_REG_CTRL)) 1441 break; 1442 } 1443 if (ntries == 10) 1444 return (ETIMEDOUT); 1445 1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1447 } 1448 1449 static int 1450 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1451 { 1452 uint32_t tmp; 1453 int error, ntries; 1454 1455 for (ntries = 0; ntries < 100; ntries++) { 1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1457 return (error); 1458 if (!(tmp & RT3070_RF_KICK)) 1459 break; 1460 } 1461 if (ntries == 100) 1462 return (ETIMEDOUT); 1463 1464 tmp = RT3070_RF_KICK | reg << 8; 1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1466 return (error); 1467 1468 for (ntries = 0; ntries < 100; ntries++) { 1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1470 return (error); 1471 if (!(tmp & RT3070_RF_KICK)) 1472 break; 1473 } 1474 if (ntries == 100) 1475 return (ETIMEDOUT); 1476 1477 *val = tmp & 0xff; 1478 return (0); 1479 } 1480 1481 static int 1482 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1483 { 1484 uint32_t tmp; 1485 int error, ntries; 1486 1487 for (ntries = 0; ntries < 10; ntries++) { 1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1489 return (error); 1490 if (!(tmp & RT3070_RF_KICK)) 1491 break; 1492 } 1493 if (ntries == 10) 1494 return (ETIMEDOUT); 1495 1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1498 } 1499 1500 static int 1501 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1502 { 1503 uint32_t tmp; 1504 int ntries, error; 1505 1506 for (ntries = 0; ntries < 10; ntries++) { 1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1508 return (error); 1509 if (!(tmp & RT2860_BBP_CSR_KICK)) 1510 break; 1511 } 1512 if (ntries == 10) 1513 return (ETIMEDOUT); 1514 1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1517 return (error); 1518 1519 for (ntries = 0; ntries < 10; ntries++) { 1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1521 return (error); 1522 if (!(tmp & RT2860_BBP_CSR_KICK)) 1523 break; 1524 } 1525 if (ntries == 10) 1526 return (ETIMEDOUT); 1527 1528 *val = tmp & 0xff; 1529 return (0); 1530 } 1531 1532 static int 1533 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1534 { 1535 uint32_t tmp; 1536 int ntries, error; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_BBP_CSR_KICK)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1549 } 1550 1551 /* 1552 * Send a command to the 8051 microcontroller unit. 1553 */ 1554 static int 1555 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1556 { 1557 uint32_t tmp; 1558 int error, ntries; 1559 1560 for (ntries = 0; ntries < 100; ntries++) { 1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1562 return error; 1563 if (!(tmp & RT2860_H2M_BUSY)) 1564 break; 1565 } 1566 if (ntries == 100) 1567 return ETIMEDOUT; 1568 1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1571 error = run_write(sc, RT2860_HOST_CMD, cmd); 1572 return (error); 1573 } 1574 1575 /* 1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1577 * Used to adjust per-rate Tx power registers. 1578 */ 1579 static __inline uint32_t 1580 b4inc(uint32_t b32, int8_t delta) 1581 { 1582 int8_t i, b4; 1583 1584 for (i = 0; i < 8; i++) { 1585 b4 = b32 & 0xf; 1586 b4 += delta; 1587 if (b4 < 0) 1588 b4 = 0; 1589 else if (b4 > 0xf) 1590 b4 = 0xf; 1591 b32 = b32 >> 4 | b4 << 28; 1592 } 1593 return (b32); 1594 } 1595 1596 static const char * 1597 run_get_rf(uint16_t rev) 1598 { 1599 switch (rev) { 1600 case RT2860_RF_2820: return "RT2820"; 1601 case RT2860_RF_2850: return "RT2850"; 1602 case RT2860_RF_2720: return "RT2720"; 1603 case RT2860_RF_2750: return "RT2750"; 1604 case RT3070_RF_3020: return "RT3020"; 1605 case RT3070_RF_2020: return "RT2020"; 1606 case RT3070_RF_3021: return "RT3021"; 1607 case RT3070_RF_3022: return "RT3022"; 1608 case RT3070_RF_3052: return "RT3052"; 1609 case RT3593_RF_3053: return "RT3053"; 1610 case RT5592_RF_5592: return "RT5592"; 1611 case RT5390_RF_5370: return "RT5370"; 1612 case RT5390_RF_5372: return "RT5372"; 1613 } 1614 return ("unknown"); 1615 } 1616 1617 static void 1618 run_rt3593_get_txpower(struct run_softc *sc) 1619 { 1620 uint16_t addr, val; 1621 int i; 1622 1623 /* Read power settings for 2GHz channels. */ 1624 for (i = 0; i < 14; i += 2) { 1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1626 RT2860_EEPROM_PWR2GHZ_BASE1; 1627 run_srom_read(sc, addr + i / 2, &val); 1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1629 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1630 1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1632 RT2860_EEPROM_PWR2GHZ_BASE2; 1633 run_srom_read(sc, addr + i / 2, &val); 1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1635 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1636 1637 if (sc->ntxchains == 3) { 1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1639 &val); 1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1641 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1642 } 1643 } 1644 /* Fix broken Tx power entries. */ 1645 for (i = 0; i < 14; i++) { 1646 if (sc->txpow1[i] > 31) 1647 sc->txpow1[i] = 5; 1648 if (sc->txpow2[i] > 31) 1649 sc->txpow2[i] = 5; 1650 if (sc->ntxchains == 3) { 1651 if (sc->txpow3[i] > 31) 1652 sc->txpow3[i] = 5; 1653 } 1654 } 1655 /* Read power settings for 5GHz channels. */ 1656 for (i = 0; i < 40; i += 2) { 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1660 1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1670 } 1671 } 1672 } 1673 1674 static void 1675 run_get_txpower(struct run_softc *sc) 1676 { 1677 uint16_t val; 1678 int i; 1679 1680 /* Read power settings for 2GHz channels. */ 1681 for (i = 0; i < 14; i += 2) { 1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1684 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1685 1686 if (sc->mac_ver != 0x5390) { 1687 run_srom_read(sc, 1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1690 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1691 } 1692 } 1693 /* Fix broken Tx power entries. */ 1694 for (i = 0; i < 14; i++) { 1695 if (sc->mac_ver >= 0x5390) { 1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1697 sc->txpow1[i] = 5; 1698 } else { 1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1700 sc->txpow1[i] = 5; 1701 } 1702 if (sc->mac_ver > 0x5390) { 1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1704 sc->txpow2[i] = 5; 1705 } else if (sc->mac_ver < 0x5390) { 1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1707 sc->txpow2[i] = 5; 1708 } 1709 DPRINTF("chan %d: power1=%d, power2=%d\n", 1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1711 } 1712 /* Read power settings for 5GHz channels. */ 1713 for (i = 0; i < 40; i += 2) { 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1717 1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1720 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1721 } 1722 /* Fix broken Tx power entries. */ 1723 for (i = 0; i < 40; i++ ) { 1724 if (sc->mac_ver != 0x5592) { 1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1726 sc->txpow1[14 + i] = 5; 1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1728 sc->txpow2[14 + i] = 5; 1729 } 1730 DPRINTF("chan %d: power1=%d, power2=%d\n", 1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1732 sc->txpow2[14 + i]); 1733 } 1734 } 1735 1736 static int 1737 run_read_eeprom(struct run_softc *sc) 1738 { 1739 struct ieee80211com *ic = &sc->sc_ic; 1740 int8_t delta_2ghz, delta_5ghz; 1741 uint32_t tmp; 1742 uint16_t val; 1743 int ridx, ant, i; 1744 1745 /* check whether the ROM is eFUSE ROM or EEPROM */ 1746 sc->sc_srom_read = run_eeprom_read_2; 1747 if (sc->mac_ver >= 0x3070) { 1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1751 sc->sc_srom_read = run_efuse_read_2; 1752 } 1753 1754 /* read ROM version */ 1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1757 1758 /* read MAC address */ 1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1760 ic->ic_macaddr[0] = val & 0xff; 1761 ic->ic_macaddr[1] = val >> 8; 1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1763 ic->ic_macaddr[2] = val & 0xff; 1764 ic->ic_macaddr[3] = val >> 8; 1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1766 ic->ic_macaddr[4] = val & 0xff; 1767 ic->ic_macaddr[5] = val >> 8; 1768 1769 if (sc->mac_ver < 0x3593) { 1770 /* read vender BBP settings */ 1771 for (i = 0; i < 10; i++) { 1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1773 sc->bbp[i].val = val & 0xff; 1774 sc->bbp[i].reg = val >> 8; 1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1776 sc->bbp[i].val); 1777 } 1778 if (sc->mac_ver >= 0x3071) { 1779 /* read vendor RF settings */ 1780 for (i = 0; i < 10; i++) { 1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1782 &val); 1783 sc->rf[i].val = val & 0xff; 1784 sc->rf[i].reg = val >> 8; 1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1786 sc->rf[i].val); 1787 } 1788 } 1789 } 1790 1791 /* read RF frequency offset from EEPROM */ 1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1793 RT3593_EEPROM_FREQ, &val); 1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1796 1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1798 RT3593_EEPROM_FREQ_LEDS, &val); 1799 if (val >> 8 != 0xff) { 1800 /* read LEDs operating mode */ 1801 sc->leds = val >> 8; 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1803 RT3593_EEPROM_LED1, &sc->led[0]); 1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1805 RT3593_EEPROM_LED2, &sc->led[1]); 1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1807 RT3593_EEPROM_LED3, &sc->led[2]); 1808 } else { 1809 /* broken EEPROM, use default settings */ 1810 sc->leds = 0x01; 1811 sc->led[0] = 0x5555; 1812 sc->led[1] = 0x2221; 1813 sc->led[2] = 0x5627; /* differs from RT2860 */ 1814 } 1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1817 1818 /* read RF information */ 1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1820 run_srom_read(sc, 0x00, &val); 1821 else 1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1823 1824 if (val == 0xffff) { 1825 device_printf(sc->sc_dev, 1826 "invalid EEPROM antenna info, using default\n"); 1827 DPRINTF("invalid EEPROM antenna info, using default\n"); 1828 if (sc->mac_ver == 0x3572) { 1829 /* default to RF3052 2T2R */ 1830 sc->rf_rev = RT3070_RF_3052; 1831 sc->ntxchains = 2; 1832 sc->nrxchains = 2; 1833 } else if (sc->mac_ver >= 0x3070) { 1834 /* default to RF3020 1T1R */ 1835 sc->rf_rev = RT3070_RF_3020; 1836 sc->ntxchains = 1; 1837 sc->nrxchains = 1; 1838 } else { 1839 /* default to RF2820 1T2R */ 1840 sc->rf_rev = RT2860_RF_2820; 1841 sc->ntxchains = 1; 1842 sc->nrxchains = 2; 1843 } 1844 } else { 1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1846 sc->rf_rev = val; 1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1848 } else 1849 sc->rf_rev = (val >> 8) & 0xf; 1850 sc->ntxchains = (val >> 4) & 0xf; 1851 sc->nrxchains = val & 0xf; 1852 } 1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1854 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1855 1856 /* check if RF supports automatic Tx access gain control */ 1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1858 DPRINTF("EEPROM CFG 0x%04x\n", val); 1859 /* check if driver should patch the DAC issue */ 1860 if ((val >> 8) != 0xff) 1861 sc->patch_dac = (val >> 15) & 1; 1862 if ((val & 0xff) != 0xff) { 1863 sc->ext_5ghz_lna = (val >> 3) & 1; 1864 sc->ext_2ghz_lna = (val >> 2) & 1; 1865 /* check if RF supports automatic Tx access gain control */ 1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1867 /* check if we have a hardware radio switch */ 1868 sc->rfswitch = val & 1; 1869 } 1870 1871 /* Read Tx power settings. */ 1872 if (sc->mac_ver == 0x3593) 1873 run_rt3593_get_txpower(sc); 1874 else 1875 run_get_txpower(sc); 1876 1877 /* read Tx power compensation for each Tx rate */ 1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1879 delta_2ghz = delta_5ghz = 0; 1880 if ((val & 0xff) != 0xff && (val & 0x80)) { 1881 delta_2ghz = val & 0xf; 1882 if (!(val & 0x40)) /* negative number */ 1883 delta_2ghz = -delta_2ghz; 1884 } 1885 val >>= 8; 1886 if ((val & 0xff) != 0xff && (val & 0x80)) { 1887 delta_5ghz = val & 0xf; 1888 if (!(val & 0x40)) /* negative number */ 1889 delta_5ghz = -delta_5ghz; 1890 } 1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1892 delta_2ghz, delta_5ghz); 1893 1894 for (ridx = 0; ridx < 5; ridx++) { 1895 uint32_t reg; 1896 1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1898 reg = val; 1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1900 reg |= (uint32_t)val << 16; 1901 1902 sc->txpow20mhz[ridx] = reg; 1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1905 1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1909 } 1910 1911 /* Read RSSI offsets and LNA gains from EEPROM. */ 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1913 RT3593_EEPROM_RSSI1_2GHZ, &val); 1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1917 RT3593_EEPROM_RSSI2_2GHZ, &val); 1918 if (sc->mac_ver >= 0x3070) { 1919 if (sc->mac_ver == 0x3593) { 1920 sc->txmixgain_2ghz = 0; 1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1922 } else { 1923 /* 1924 * On RT3070 chips (limited to 2 Rx chains), this ROM 1925 * field contains the Tx mixer gain for the 2GHz band. 1926 */ 1927 if ((val & 0xff) != 0xff) 1928 sc->txmixgain_2ghz = val & 0x7; 1929 } 1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1931 } else 1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1933 if (sc->mac_ver == 0x3593) 1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1935 sc->lna[2] = val >> 8; /* channel group 2 */ 1936 1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1938 RT3593_EEPROM_RSSI1_5GHZ, &val); 1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1942 RT3593_EEPROM_RSSI2_5GHZ, &val); 1943 if (sc->mac_ver == 0x3572) { 1944 /* 1945 * On RT3572 chips (limited to 2 Rx chains), this ROM 1946 * field contains the Tx mixer gain for the 5GHz band. 1947 */ 1948 if ((val & 0xff) != 0xff) 1949 sc->txmixgain_5ghz = val & 0x7; 1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1951 } else 1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1953 if (sc->mac_ver == 0x3593) { 1954 sc->txmixgain_5ghz = 0; 1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1956 } 1957 sc->lna[3] = val >> 8; /* channel group 3 */ 1958 1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1960 RT3593_EEPROM_LNA, &val); 1961 sc->lna[0] = val & 0xff; /* channel group 0 */ 1962 sc->lna[1] = val >> 8; /* channel group 1 */ 1963 1964 /* fix broken 5GHz LNA entries */ 1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1966 DPRINTF("invalid LNA for channel group %d\n", 2); 1967 sc->lna[2] = sc->lna[1]; 1968 } 1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1970 DPRINTF("invalid LNA for channel group %d\n", 3); 1971 sc->lna[3] = sc->lna[1]; 1972 } 1973 1974 /* fix broken RSSI offset entries */ 1975 for (ant = 0; ant < 3; ant++) { 1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1978 ant + 1, sc->rssi_2ghz[ant]); 1979 sc->rssi_2ghz[ant] = 0; 1980 } 1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1983 ant + 1, sc->rssi_5ghz[ant]); 1984 sc->rssi_5ghz[ant] = 0; 1985 } 1986 } 1987 return (0); 1988 } 1989 1990 static struct ieee80211_node * 1991 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1992 { 1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1994 } 1995 1996 static int 1997 run_media_change(struct ifnet *ifp) 1998 { 1999 struct ieee80211vap *vap = ifp->if_softc; 2000 struct ieee80211com *ic = vap->iv_ic; 2001 const struct ieee80211_txparam *tp; 2002 struct run_softc *sc = ic->ic_softc; 2003 uint8_t rate, ridx; 2004 int error; 2005 2006 RUN_LOCK(sc); 2007 2008 error = ieee80211_media_change(ifp); 2009 if (error != ENETRESET) { 2010 RUN_UNLOCK(sc); 2011 return (error); 2012 } 2013 2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2016 struct ieee80211_node *ni; 2017 struct run_node *rn; 2018 2019 rate = ic->ic_sup_rates[ic->ic_curmode]. 2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2022 if (rt2860_rates[ridx].rate == rate) 2023 break; 2024 ni = ieee80211_ref_node(vap->iv_bss); 2025 rn = RUN_NODE(ni); 2026 rn->fix_ridx = ridx; 2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2028 ieee80211_free_node(ni); 2029 } 2030 2031 #if 0 2032 if ((ifp->if_flags & IFF_UP) && 2033 (ifp->if_drv_flags & RUN_RUNNING)){ 2034 run_init_locked(sc); 2035 } 2036 #endif 2037 2038 RUN_UNLOCK(sc); 2039 2040 return (0); 2041 } 2042 2043 static int 2044 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2045 { 2046 const struct ieee80211_txparam *tp; 2047 struct ieee80211com *ic = vap->iv_ic; 2048 struct run_softc *sc = ic->ic_softc; 2049 struct run_vap *rvp = RUN_VAP(vap); 2050 enum ieee80211_state ostate; 2051 uint32_t sta[3]; 2052 uint32_t tmp; 2053 uint8_t ratectl; 2054 uint8_t restart_ratectl = 0; 2055 uint8_t bid = 1 << rvp->rvp_id; 2056 2057 ostate = vap->iv_state; 2058 DPRINTF("%s -> %s\n", 2059 ieee80211_state_name[ostate], 2060 ieee80211_state_name[nstate]); 2061 2062 IEEE80211_UNLOCK(ic); 2063 RUN_LOCK(sc); 2064 2065 ratectl = sc->ratectl_run; /* remember current state */ 2066 sc->ratectl_run = RUN_RATECTL_OFF; 2067 usb_callout_stop(&sc->ratectl_ch); 2068 2069 if (ostate == IEEE80211_S_RUN) { 2070 /* turn link LED off */ 2071 run_set_leds(sc, RT2860_LED_RADIO); 2072 } 2073 2074 switch (nstate) { 2075 case IEEE80211_S_INIT: 2076 restart_ratectl = 1; 2077 2078 if (ostate != IEEE80211_S_RUN) 2079 break; 2080 2081 ratectl &= ~bid; 2082 sc->runbmap &= ~bid; 2083 2084 /* abort TSF synchronization if there is no vap running */ 2085 if (--sc->running == 0) { 2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2087 run_write(sc, RT2860_BCN_TIME_CFG, 2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2089 RT2860_TBTT_TIMER_EN)); 2090 } 2091 break; 2092 2093 case IEEE80211_S_RUN: 2094 if (!(sc->runbmap & bid)) { 2095 if(sc->running++) 2096 restart_ratectl = 1; 2097 sc->runbmap |= bid; 2098 } 2099 2100 m_freem(rvp->beacon_mbuf); 2101 rvp->beacon_mbuf = NULL; 2102 2103 switch (vap->iv_opmode) { 2104 case IEEE80211_M_HOSTAP: 2105 case IEEE80211_M_MBSS: 2106 sc->ap_running |= bid; 2107 ic->ic_opmode = vap->iv_opmode; 2108 run_update_beacon_cb(vap); 2109 break; 2110 case IEEE80211_M_IBSS: 2111 sc->adhoc_running |= bid; 2112 if (!sc->ap_running) 2113 ic->ic_opmode = vap->iv_opmode; 2114 run_update_beacon_cb(vap); 2115 break; 2116 case IEEE80211_M_STA: 2117 sc->sta_running |= bid; 2118 if (!sc->ap_running && !sc->adhoc_running) 2119 ic->ic_opmode = vap->iv_opmode; 2120 2121 /* read statistic counters (clear on read) */ 2122 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2123 (uint8_t *)sta, sizeof sta); 2124 2125 break; 2126 default: 2127 ic->ic_opmode = vap->iv_opmode; 2128 break; 2129 } 2130 2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2132 struct ieee80211_node *ni; 2133 2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2135 RUN_UNLOCK(sc); 2136 IEEE80211_LOCK(ic); 2137 return (-1); 2138 } 2139 run_updateslot(ic); 2140 run_enable_mrr(sc); 2141 run_set_txpreamble(sc); 2142 run_set_basicrates(sc); 2143 ni = ieee80211_ref_node(vap->iv_bss); 2144 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2145 run_set_bssid(sc, sc->sc_bssid); 2146 ieee80211_free_node(ni); 2147 run_enable_tsf_sync(sc); 2148 2149 /* enable automatic rate adaptation */ 2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2152 ratectl |= bid; 2153 } else 2154 run_enable_tsf(sc); 2155 2156 /* turn link LED on */ 2157 run_set_leds(sc, RT2860_LED_RADIO | 2158 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2159 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2160 2161 break; 2162 default: 2163 DPRINTFN(6, "undefined case\n"); 2164 break; 2165 } 2166 2167 /* restart amrr for running VAPs */ 2168 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2169 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2170 2171 RUN_UNLOCK(sc); 2172 IEEE80211_LOCK(ic); 2173 2174 return(rvp->newstate(vap, nstate, arg)); 2175 } 2176 2177 static int 2178 run_wme_update(struct ieee80211com *ic) 2179 { 2180 struct run_softc *sc = ic->ic_softc; 2181 const struct wmeParams *ac = 2182 ic->ic_wme.wme_chanParams.cap_wmeParams; 2183 int aci, error = 0; 2184 2185 /* update MAC TX configuration registers */ 2186 RUN_LOCK(sc); 2187 for (aci = 0; aci < WME_NUM_AC; aci++) { 2188 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2189 ac[aci].wmep_logcwmax << 16 | 2190 ac[aci].wmep_logcwmin << 12 | 2191 ac[aci].wmep_aifsn << 8 | 2192 ac[aci].wmep_txopLimit); 2193 if (error) goto err; 2194 } 2195 2196 /* update SCH/DMA registers too */ 2197 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2198 ac[WME_AC_VO].wmep_aifsn << 12 | 2199 ac[WME_AC_VI].wmep_aifsn << 8 | 2200 ac[WME_AC_BK].wmep_aifsn << 4 | 2201 ac[WME_AC_BE].wmep_aifsn); 2202 if (error) goto err; 2203 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2204 ac[WME_AC_VO].wmep_logcwmin << 12 | 2205 ac[WME_AC_VI].wmep_logcwmin << 8 | 2206 ac[WME_AC_BK].wmep_logcwmin << 4 | 2207 ac[WME_AC_BE].wmep_logcwmin); 2208 if (error) goto err; 2209 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2210 ac[WME_AC_VO].wmep_logcwmax << 12 | 2211 ac[WME_AC_VI].wmep_logcwmax << 8 | 2212 ac[WME_AC_BK].wmep_logcwmax << 4 | 2213 ac[WME_AC_BE].wmep_logcwmax); 2214 if (error) goto err; 2215 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2216 ac[WME_AC_BK].wmep_txopLimit << 16 | 2217 ac[WME_AC_BE].wmep_txopLimit); 2218 if (error) goto err; 2219 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2220 ac[WME_AC_VO].wmep_txopLimit << 16 | 2221 ac[WME_AC_VI].wmep_txopLimit); 2222 2223 err: 2224 RUN_UNLOCK(sc); 2225 if (error) 2226 DPRINTF("WME update failed\n"); 2227 2228 return (error); 2229 } 2230 2231 static void 2232 run_key_set_cb(void *arg) 2233 { 2234 struct run_cmdq *cmdq = arg; 2235 struct ieee80211vap *vap = cmdq->arg1; 2236 struct ieee80211_key *k = cmdq->k; 2237 struct ieee80211com *ic = vap->iv_ic; 2238 struct run_softc *sc = ic->ic_softc; 2239 struct ieee80211_node *ni; 2240 u_int cipher = k->wk_cipher->ic_cipher; 2241 uint32_t attr; 2242 uint16_t base, associd; 2243 uint8_t mode, wcid, iv[8]; 2244 2245 RUN_LOCK_ASSERT(sc, MA_OWNED); 2246 2247 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2248 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2249 else 2250 ni = vap->iv_bss; 2251 associd = (ni != NULL) ? ni->ni_associd : 0; 2252 2253 /* map net80211 cipher to RT2860 security mode */ 2254 switch (cipher) { 2255 case IEEE80211_CIPHER_WEP: 2256 if(k->wk_keylen < 8) 2257 mode = RT2860_MODE_WEP40; 2258 else 2259 mode = RT2860_MODE_WEP104; 2260 break; 2261 case IEEE80211_CIPHER_TKIP: 2262 mode = RT2860_MODE_TKIP; 2263 break; 2264 case IEEE80211_CIPHER_AES_CCM: 2265 mode = RT2860_MODE_AES_CCMP; 2266 break; 2267 default: 2268 DPRINTF("undefined case\n"); 2269 return; 2270 } 2271 2272 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2273 associd, k->wk_keyix, mode, 2274 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2275 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2276 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2277 2278 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2279 wcid = 0; /* NB: update WCID0 for group keys */ 2280 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2281 } else { 2282 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2283 1 : RUN_AID2WCID(associd); 2284 base = RT2860_PKEY(wcid); 2285 } 2286 2287 if (cipher == IEEE80211_CIPHER_TKIP) { 2288 if(run_write_region_1(sc, base, k->wk_key, 16)) 2289 return; 2290 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2291 return; 2292 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2293 return; 2294 } else { 2295 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2296 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2297 return; 2298 } 2299 2300 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2301 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2302 /* set initial packet number in IV+EIV */ 2303 if (cipher == IEEE80211_CIPHER_WEP) { 2304 memset(iv, 0, sizeof iv); 2305 iv[3] = vap->iv_def_txkey << 6; 2306 } else { 2307 if (cipher == IEEE80211_CIPHER_TKIP) { 2308 iv[0] = k->wk_keytsc >> 8; 2309 iv[1] = (iv[0] | 0x20) & 0x7f; 2310 iv[2] = k->wk_keytsc; 2311 } else /* CCMP */ { 2312 iv[0] = k->wk_keytsc; 2313 iv[1] = k->wk_keytsc >> 8; 2314 iv[2] = 0; 2315 } 2316 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2317 iv[4] = k->wk_keytsc >> 16; 2318 iv[5] = k->wk_keytsc >> 24; 2319 iv[6] = k->wk_keytsc >> 32; 2320 iv[7] = k->wk_keytsc >> 40; 2321 } 2322 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2323 return; 2324 } 2325 2326 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2327 /* install group key */ 2328 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2329 return; 2330 attr &= ~(0xf << (k->wk_keyix * 4)); 2331 attr |= mode << (k->wk_keyix * 4); 2332 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2333 return; 2334 } else { 2335 /* install pairwise key */ 2336 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2337 return; 2338 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2339 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2340 return; 2341 } 2342 2343 /* TODO create a pass-thru key entry? */ 2344 2345 /* need wcid to delete the right key later */ 2346 k->wk_pad = wcid; 2347 } 2348 2349 /* 2350 * Don't have to be deferred, but in order to keep order of 2351 * execution, i.e. with run_key_delete(), defer this and let 2352 * run_cmdq_cb() maintain the order. 2353 * 2354 * return 0 on error 2355 */ 2356 static int 2357 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2358 { 2359 struct ieee80211com *ic = vap->iv_ic; 2360 struct run_softc *sc = ic->ic_softc; 2361 uint32_t i; 2362 2363 i = RUN_CMDQ_GET(&sc->cmdq_store); 2364 DPRINTF("cmdq_store=%d\n", i); 2365 sc->cmdq[i].func = run_key_set_cb; 2366 sc->cmdq[i].arg0 = NULL; 2367 sc->cmdq[i].arg1 = vap; 2368 sc->cmdq[i].k = k; 2369 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2370 ieee80211_runtask(ic, &sc->cmdq_task); 2371 2372 /* 2373 * To make sure key will be set when hostapd 2374 * calls iv_key_set() before if_init(). 2375 */ 2376 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2377 RUN_LOCK(sc); 2378 sc->cmdq_key_set = RUN_CMDQ_GO; 2379 RUN_UNLOCK(sc); 2380 } 2381 2382 return (1); 2383 } 2384 2385 /* 2386 * If wlan is destroyed without being brought down i.e. without 2387 * wlan down or wpa_cli terminate, this function is called after 2388 * vap is gone. Don't refer it. 2389 */ 2390 static void 2391 run_key_delete_cb(void *arg) 2392 { 2393 struct run_cmdq *cmdq = arg; 2394 struct run_softc *sc = cmdq->arg1; 2395 struct ieee80211_key *k = &cmdq->key; 2396 uint32_t attr; 2397 uint8_t wcid; 2398 2399 RUN_LOCK_ASSERT(sc, MA_OWNED); 2400 2401 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2402 /* remove group key */ 2403 DPRINTF("removing group key\n"); 2404 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2405 attr &= ~(0xf << (k->wk_keyix * 4)); 2406 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2407 } else { 2408 /* remove pairwise key */ 2409 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2410 /* matching wcid was written to wk_pad in run_key_set() */ 2411 wcid = k->wk_pad; 2412 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2413 attr &= ~0xf; 2414 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2415 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2416 } 2417 2418 k->wk_pad = 0; 2419 } 2420 2421 /* 2422 * return 0 on error 2423 */ 2424 static int 2425 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2426 { 2427 struct ieee80211com *ic = vap->iv_ic; 2428 struct run_softc *sc = ic->ic_softc; 2429 struct ieee80211_key *k0; 2430 uint32_t i; 2431 2432 /* 2433 * When called back, key might be gone. So, make a copy 2434 * of some values need to delete keys before deferring. 2435 * But, because of LOR with node lock, cannot use lock here. 2436 * So, use atomic instead. 2437 */ 2438 i = RUN_CMDQ_GET(&sc->cmdq_store); 2439 DPRINTF("cmdq_store=%d\n", i); 2440 sc->cmdq[i].func = run_key_delete_cb; 2441 sc->cmdq[i].arg0 = NULL; 2442 sc->cmdq[i].arg1 = sc; 2443 k0 = &sc->cmdq[i].key; 2444 k0->wk_flags = k->wk_flags; 2445 k0->wk_keyix = k->wk_keyix; 2446 /* matching wcid was written to wk_pad in run_key_set() */ 2447 k0->wk_pad = k->wk_pad; 2448 ieee80211_runtask(ic, &sc->cmdq_task); 2449 return (1); /* return fake success */ 2450 2451 } 2452 2453 static void 2454 run_ratectl_to(void *arg) 2455 { 2456 struct run_softc *sc = arg; 2457 2458 /* do it in a process context, so it can go sleep */ 2459 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2460 /* next timeout will be rescheduled in the callback task */ 2461 } 2462 2463 /* ARGSUSED */ 2464 static void 2465 run_ratectl_cb(void *arg, int pending) 2466 { 2467 struct run_softc *sc = arg; 2468 struct ieee80211com *ic = &sc->sc_ic; 2469 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2470 2471 if (vap == NULL) 2472 return; 2473 2474 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2475 /* 2476 * run_reset_livelock() doesn't do anything with AMRR, 2477 * but Ralink wants us to call it every 1 sec. So, we 2478 * piggyback here rather than creating another callout. 2479 * Livelock may occur only in HOSTAP or IBSS mode 2480 * (when h/w is sending beacons). 2481 */ 2482 RUN_LOCK(sc); 2483 run_reset_livelock(sc); 2484 /* just in case, there are some stats to drain */ 2485 run_drain_fifo(sc); 2486 RUN_UNLOCK(sc); 2487 } 2488 2489 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2490 2491 RUN_LOCK(sc); 2492 if(sc->ratectl_run != RUN_RATECTL_OFF) 2493 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2494 RUN_UNLOCK(sc); 2495 } 2496 2497 static void 2498 run_drain_fifo(void *arg) 2499 { 2500 struct run_softc *sc = arg; 2501 uint32_t stat; 2502 uint16_t (*wstat)[3]; 2503 uint8_t wcid, mcs, pid; 2504 int8_t retry; 2505 2506 RUN_LOCK_ASSERT(sc, MA_OWNED); 2507 2508 for (;;) { 2509 /* drain Tx status FIFO (maxsize = 16) */ 2510 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2511 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2512 if (!(stat & RT2860_TXQ_VLD)) 2513 break; 2514 2515 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2516 2517 /* if no ACK was requested, no feedback is available */ 2518 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2519 wcid == 0) 2520 continue; 2521 2522 /* 2523 * Even though each stat is Tx-complete-status like format, 2524 * the device can poll stats. Because there is no guarantee 2525 * that the referring node is still around when read the stats. 2526 * So that, if we use ieee80211_ratectl_tx_update(), we will 2527 * have hard time not to refer already freed node. 2528 * 2529 * To eliminate such page faults, we poll stats in softc. 2530 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2531 */ 2532 wstat = &(sc->wcid_stats[wcid]); 2533 (*wstat)[RUN_TXCNT]++; 2534 if (stat & RT2860_TXQ_OK) 2535 (*wstat)[RUN_SUCCESS]++; 2536 else 2537 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2538 /* 2539 * Check if there were retries, ie if the Tx success rate is 2540 * different from the requested rate. Note that it works only 2541 * because we do not allow rate fallback from OFDM to CCK. 2542 */ 2543 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2544 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2545 if ((retry = pid -1 - mcs) > 0) { 2546 (*wstat)[RUN_TXCNT] += retry; 2547 (*wstat)[RUN_RETRY] += retry; 2548 } 2549 } 2550 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2551 2552 sc->fifo_cnt = 0; 2553 } 2554 2555 static void 2556 run_iter_func(void *arg, struct ieee80211_node *ni) 2557 { 2558 struct run_softc *sc = arg; 2559 struct ieee80211vap *vap = ni->ni_vap; 2560 struct run_node *rn = RUN_NODE(ni); 2561 union run_stats sta[2]; 2562 uint16_t (*wstat)[3]; 2563 int txcnt, success, retrycnt, error; 2564 2565 RUN_LOCK(sc); 2566 2567 /* Check for special case */ 2568 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2569 ni != vap->iv_bss) 2570 goto fail; 2571 2572 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2573 vap->iv_opmode == IEEE80211_M_STA)) { 2574 /* read statistic counters (clear on read) and update AMRR state */ 2575 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2576 sizeof sta); 2577 if (error != 0) 2578 goto fail; 2579 2580 /* count failed TX as errors */ 2581 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2582 le16toh(sta[0].error.fail)); 2583 2584 retrycnt = le16toh(sta[1].tx.retry); 2585 success = le16toh(sta[1].tx.success); 2586 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2587 2588 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2589 retrycnt, success, le16toh(sta[0].error.fail)); 2590 } else { 2591 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2592 2593 if (wstat == &(sc->wcid_stats[0]) || 2594 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2595 goto fail; 2596 2597 txcnt = (*wstat)[RUN_TXCNT]; 2598 success = (*wstat)[RUN_SUCCESS]; 2599 retrycnt = (*wstat)[RUN_RETRY]; 2600 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2601 retrycnt, txcnt, success); 2602 2603 memset(wstat, 0, sizeof(*wstat)); 2604 } 2605 2606 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2607 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2608 2609 fail: 2610 RUN_UNLOCK(sc); 2611 2612 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2613 } 2614 2615 static void 2616 run_newassoc_cb(void *arg) 2617 { 2618 struct run_cmdq *cmdq = arg; 2619 struct ieee80211_node *ni = cmdq->arg1; 2620 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2621 uint8_t wcid = cmdq->wcid; 2622 2623 RUN_LOCK_ASSERT(sc, MA_OWNED); 2624 2625 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2626 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2627 2628 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2629 } 2630 2631 static void 2632 run_newassoc(struct ieee80211_node *ni, int isnew) 2633 { 2634 struct run_node *rn = RUN_NODE(ni); 2635 struct ieee80211_rateset *rs = &ni->ni_rates; 2636 struct ieee80211vap *vap = ni->ni_vap; 2637 struct ieee80211com *ic = vap->iv_ic; 2638 struct run_softc *sc = ic->ic_softc; 2639 uint8_t rate; 2640 uint8_t ridx; 2641 uint8_t wcid; 2642 int i, j; 2643 2644 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2645 1 : RUN_AID2WCID(ni->ni_associd); 2646 2647 if (wcid > RT2870_WCID_MAX) { 2648 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2649 return; 2650 } 2651 2652 /* only interested in true associations */ 2653 if (isnew && ni->ni_associd != 0) { 2654 2655 /* 2656 * This function could is called though timeout function. 2657 * Need to defer. 2658 */ 2659 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2660 DPRINTF("cmdq_store=%d\n", cnt); 2661 sc->cmdq[cnt].func = run_newassoc_cb; 2662 sc->cmdq[cnt].arg0 = NULL; 2663 sc->cmdq[cnt].arg1 = ni; 2664 sc->cmdq[cnt].wcid = wcid; 2665 ieee80211_runtask(ic, &sc->cmdq_task); 2666 } 2667 2668 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2669 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2670 2671 for (i = 0; i < rs->rs_nrates; i++) { 2672 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2673 /* convert 802.11 rate to hardware rate index */ 2674 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2675 if (rt2860_rates[ridx].rate == rate) 2676 break; 2677 rn->ridx[i] = ridx; 2678 /* determine rate of control response frames */ 2679 for (j = i; j >= 0; j--) { 2680 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2681 rt2860_rates[rn->ridx[i]].phy == 2682 rt2860_rates[rn->ridx[j]].phy) 2683 break; 2684 } 2685 if (j >= 0) { 2686 rn->ctl_ridx[i] = rn->ridx[j]; 2687 } else { 2688 /* no basic rate found, use mandatory one */ 2689 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2690 } 2691 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2692 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2693 } 2694 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2695 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2696 if (rt2860_rates[ridx].rate == rate) 2697 break; 2698 rn->mgt_ridx = ridx; 2699 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2700 2701 RUN_LOCK(sc); 2702 if(sc->ratectl_run != RUN_RATECTL_OFF) 2703 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2704 RUN_UNLOCK(sc); 2705 } 2706 2707 /* 2708 * Return the Rx chain with the highest RSSI for a given frame. 2709 */ 2710 static __inline uint8_t 2711 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2712 { 2713 uint8_t rxchain = 0; 2714 2715 if (sc->nrxchains > 1) { 2716 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2717 rxchain = 1; 2718 if (sc->nrxchains > 2) 2719 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2720 rxchain = 2; 2721 } 2722 return (rxchain); 2723 } 2724 2725 static void 2726 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2727 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2728 { 2729 struct ieee80211vap *vap = ni->ni_vap; 2730 struct run_softc *sc = vap->iv_ic->ic_softc; 2731 struct run_vap *rvp = RUN_VAP(vap); 2732 uint64_t ni_tstamp, rx_tstamp; 2733 2734 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2735 2736 if (vap->iv_state == IEEE80211_S_RUN && 2737 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2738 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2739 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2740 RUN_LOCK(sc); 2741 run_get_tsf(sc, &rx_tstamp); 2742 RUN_UNLOCK(sc); 2743 rx_tstamp = le64toh(rx_tstamp); 2744 2745 if (ni_tstamp >= rx_tstamp) { 2746 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2747 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2748 (void) ieee80211_ibss_merge(ni); 2749 } 2750 } 2751 } 2752 2753 static void 2754 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2755 { 2756 struct ieee80211com *ic = &sc->sc_ic; 2757 struct ieee80211_frame *wh; 2758 struct ieee80211_node *ni; 2759 struct rt2870_rxd *rxd; 2760 struct rt2860_rxwi *rxwi; 2761 uint32_t flags; 2762 uint16_t len, rxwisize; 2763 uint8_t ant, rssi; 2764 int8_t nf; 2765 2766 rxwi = mtod(m, struct rt2860_rxwi *); 2767 len = le16toh(rxwi->len) & 0xfff; 2768 rxwisize = sizeof(struct rt2860_rxwi); 2769 if (sc->mac_ver == 0x5592) 2770 rxwisize += sizeof(uint64_t); 2771 else if (sc->mac_ver == 0x3593) 2772 rxwisize += sizeof(uint32_t); 2773 if (__predict_false(len > dmalen)) { 2774 m_freem(m); 2775 counter_u64_add(ic->ic_ierrors, 1); 2776 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2777 return; 2778 } 2779 /* Rx descriptor is located at the end */ 2780 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2781 flags = le32toh(rxd->flags); 2782 2783 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2784 m_freem(m); 2785 counter_u64_add(ic->ic_ierrors, 1); 2786 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2787 return; 2788 } 2789 2790 m->m_data += rxwisize; 2791 m->m_pkthdr.len = m->m_len -= rxwisize; 2792 2793 wh = mtod(m, struct ieee80211_frame *); 2794 2795 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2796 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2797 m->m_flags |= M_WEP; 2798 } 2799 2800 if (flags & RT2860_RX_L2PAD) { 2801 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2802 len += 2; 2803 } 2804 2805 ni = ieee80211_find_rxnode(ic, 2806 mtod(m, struct ieee80211_frame_min *)); 2807 2808 if (__predict_false(flags & RT2860_RX_MICERR)) { 2809 /* report MIC failures to net80211 for TKIP */ 2810 if (ni != NULL) 2811 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2812 rxwi->keyidx); 2813 m_freem(m); 2814 counter_u64_add(ic->ic_ierrors, 1); 2815 DPRINTF("MIC error. Someone is lying.\n"); 2816 return; 2817 } 2818 2819 ant = run_maxrssi_chain(sc, rxwi); 2820 rssi = rxwi->rssi[ant]; 2821 nf = run_rssi2dbm(sc, rssi, ant); 2822 2823 m->m_pkthdr.len = m->m_len = len; 2824 2825 if (__predict_false(ieee80211_radiotap_active(ic))) { 2826 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2827 uint16_t phy; 2828 2829 tap->wr_flags = 0; 2830 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2831 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2832 tap->wr_antsignal = rssi; 2833 tap->wr_antenna = ant; 2834 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2835 tap->wr_rate = 2; /* in case it can't be found below */ 2836 run_get_tsf(sc, &tap->wr_tsf); 2837 phy = le16toh(rxwi->phy); 2838 switch (phy & RT2860_PHY_MODE) { 2839 case RT2860_PHY_CCK: 2840 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2841 case 0: tap->wr_rate = 2; break; 2842 case 1: tap->wr_rate = 4; break; 2843 case 2: tap->wr_rate = 11; break; 2844 case 3: tap->wr_rate = 22; break; 2845 } 2846 if (phy & RT2860_PHY_SHPRE) 2847 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2848 break; 2849 case RT2860_PHY_OFDM: 2850 switch (phy & RT2860_PHY_MCS) { 2851 case 0: tap->wr_rate = 12; break; 2852 case 1: tap->wr_rate = 18; break; 2853 case 2: tap->wr_rate = 24; break; 2854 case 3: tap->wr_rate = 36; break; 2855 case 4: tap->wr_rate = 48; break; 2856 case 5: tap->wr_rate = 72; break; 2857 case 6: tap->wr_rate = 96; break; 2858 case 7: tap->wr_rate = 108; break; 2859 } 2860 break; 2861 } 2862 } 2863 2864 if (ni != NULL) { 2865 (void)ieee80211_input(ni, m, rssi, nf); 2866 ieee80211_free_node(ni); 2867 } else { 2868 (void)ieee80211_input_all(ic, m, rssi, nf); 2869 } 2870 } 2871 2872 static void 2873 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2874 { 2875 struct run_softc *sc = usbd_xfer_softc(xfer); 2876 struct ieee80211com *ic = &sc->sc_ic; 2877 struct mbuf *m = NULL; 2878 struct mbuf *m0; 2879 uint32_t dmalen; 2880 uint16_t rxwisize; 2881 int xferlen; 2882 2883 rxwisize = sizeof(struct rt2860_rxwi); 2884 if (sc->mac_ver == 0x5592) 2885 rxwisize += sizeof(uint64_t); 2886 else if (sc->mac_ver == 0x3593) 2887 rxwisize += sizeof(uint32_t); 2888 2889 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2890 2891 switch (USB_GET_STATE(xfer)) { 2892 case USB_ST_TRANSFERRED: 2893 2894 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2895 2896 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2897 sizeof(struct rt2870_rxd))) { 2898 DPRINTF("xfer too short %d\n", xferlen); 2899 goto tr_setup; 2900 } 2901 2902 m = sc->rx_m; 2903 sc->rx_m = NULL; 2904 2905 /* FALLTHROUGH */ 2906 case USB_ST_SETUP: 2907 tr_setup: 2908 if (sc->rx_m == NULL) { 2909 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2910 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2911 } 2912 if (sc->rx_m == NULL) { 2913 DPRINTF("could not allocate mbuf - idle with stall\n"); 2914 counter_u64_add(ic->ic_ierrors, 1); 2915 usbd_xfer_set_stall(xfer); 2916 usbd_xfer_set_frames(xfer, 0); 2917 } else { 2918 /* 2919 * Directly loading a mbuf cluster into DMA to 2920 * save some data copying. This works because 2921 * there is only one cluster. 2922 */ 2923 usbd_xfer_set_frame_data(xfer, 0, 2924 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2925 usbd_xfer_set_frames(xfer, 1); 2926 } 2927 usbd_transfer_submit(xfer); 2928 break; 2929 2930 default: /* Error */ 2931 if (error != USB_ERR_CANCELLED) { 2932 /* try to clear stall first */ 2933 usbd_xfer_set_stall(xfer); 2934 if (error == USB_ERR_TIMEOUT) 2935 device_printf(sc->sc_dev, "device timeout\n"); 2936 counter_u64_add(ic->ic_ierrors, 1); 2937 goto tr_setup; 2938 } 2939 if (sc->rx_m != NULL) { 2940 m_freem(sc->rx_m); 2941 sc->rx_m = NULL; 2942 } 2943 break; 2944 } 2945 2946 if (m == NULL) 2947 return; 2948 2949 /* inputting all the frames must be last */ 2950 2951 RUN_UNLOCK(sc); 2952 2953 m->m_pkthdr.len = m->m_len = xferlen; 2954 2955 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2956 for(;;) { 2957 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2958 2959 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2960 ((dmalen & 3) != 0)) { 2961 DPRINTF("bad DMA length %u\n", dmalen); 2962 break; 2963 } 2964 if ((dmalen + 8) > (uint32_t)xferlen) { 2965 DPRINTF("bad DMA length %u > %d\n", 2966 dmalen + 8, xferlen); 2967 break; 2968 } 2969 2970 /* If it is the last one or a single frame, we won't copy. */ 2971 if ((xferlen -= dmalen + 8) <= 8) { 2972 /* trim 32-bit DMA-len header */ 2973 m->m_data += 4; 2974 m->m_pkthdr.len = m->m_len -= 4; 2975 run_rx_frame(sc, m, dmalen); 2976 m = NULL; /* don't free source buffer */ 2977 break; 2978 } 2979 2980 /* copy aggregated frames to another mbuf */ 2981 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2982 if (__predict_false(m0 == NULL)) { 2983 DPRINTF("could not allocate mbuf\n"); 2984 counter_u64_add(ic->ic_ierrors, 1); 2985 break; 2986 } 2987 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2988 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2989 m0->m_pkthdr.len = m0->m_len = 2990 dmalen + sizeof(struct rt2870_rxd); 2991 run_rx_frame(sc, m0, dmalen); 2992 2993 /* update data ptr */ 2994 m->m_data += dmalen + 8; 2995 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2996 } 2997 2998 /* make sure we free the source buffer, if any */ 2999 m_freem(m); 3000 3001 RUN_LOCK(sc); 3002 } 3003 3004 static void 3005 run_tx_free(struct run_endpoint_queue *pq, 3006 struct run_tx_data *data, int txerr) 3007 { 3008 3009 ieee80211_tx_complete(data->ni, data->m, txerr); 3010 3011 data->m = NULL; 3012 data->ni = NULL; 3013 3014 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3015 pq->tx_nfree++; 3016 } 3017 3018 static void 3019 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3020 { 3021 struct run_softc *sc = usbd_xfer_softc(xfer); 3022 struct ieee80211com *ic = &sc->sc_ic; 3023 struct run_tx_data *data; 3024 struct ieee80211vap *vap = NULL; 3025 struct usb_page_cache *pc; 3026 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3027 struct mbuf *m; 3028 usb_frlength_t size; 3029 int actlen; 3030 int sumlen; 3031 3032 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3033 3034 switch (USB_GET_STATE(xfer)) { 3035 case USB_ST_TRANSFERRED: 3036 DPRINTFN(11, "transfer complete: %d " 3037 "bytes @ index %d\n", actlen, index); 3038 3039 data = usbd_xfer_get_priv(xfer); 3040 run_tx_free(pq, data, 0); 3041 usbd_xfer_set_priv(xfer, NULL); 3042 3043 /* FALLTHROUGH */ 3044 case USB_ST_SETUP: 3045 tr_setup: 3046 data = STAILQ_FIRST(&pq->tx_qh); 3047 if (data == NULL) 3048 break; 3049 3050 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3051 3052 m = data->m; 3053 size = (sc->mac_ver == 0x5592) ? 3054 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3055 if ((m->m_pkthdr.len + 3056 size + 3 + 8) > RUN_MAX_TXSZ) { 3057 DPRINTF("data overflow, %u bytes\n", 3058 m->m_pkthdr.len); 3059 run_tx_free(pq, data, 1); 3060 goto tr_setup; 3061 } 3062 3063 pc = usbd_xfer_get_frame(xfer, 0); 3064 usbd_copy_in(pc, 0, &data->desc, size); 3065 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3066 size += m->m_pkthdr.len; 3067 /* 3068 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3069 * 4-byte padding), and be sure to zero those trailing 3070 * bytes: 3071 */ 3072 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3073 size += ((-size) & 3) + 8; 3074 3075 vap = data->ni->ni_vap; 3076 if (ieee80211_radiotap_active_vap(vap)) { 3077 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3078 struct rt2860_txwi *txwi = 3079 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3080 tap->wt_flags = 0; 3081 tap->wt_rate = rt2860_rates[data->ridx].rate; 3082 run_get_tsf(sc, &tap->wt_tsf); 3083 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3084 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3085 tap->wt_hwqueue = index; 3086 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3087 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3088 3089 ieee80211_radiotap_tx(vap, m); 3090 } 3091 3092 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3093 m->m_pkthdr.len, size, index); 3094 3095 usbd_xfer_set_frame_len(xfer, 0, size); 3096 usbd_xfer_set_priv(xfer, data); 3097 usbd_transfer_submit(xfer); 3098 run_start(sc); 3099 3100 break; 3101 3102 default: 3103 DPRINTF("USB transfer error, %s\n", 3104 usbd_errstr(error)); 3105 3106 data = usbd_xfer_get_priv(xfer); 3107 3108 if (data != NULL) { 3109 if(data->ni != NULL) 3110 vap = data->ni->ni_vap; 3111 run_tx_free(pq, data, error); 3112 usbd_xfer_set_priv(xfer, NULL); 3113 } 3114 3115 if (vap == NULL) 3116 vap = TAILQ_FIRST(&ic->ic_vaps); 3117 3118 if (error != USB_ERR_CANCELLED) { 3119 if (error == USB_ERR_TIMEOUT) { 3120 device_printf(sc->sc_dev, "device timeout\n"); 3121 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3122 DPRINTF("cmdq_store=%d\n", i); 3123 sc->cmdq[i].func = run_usb_timeout_cb; 3124 sc->cmdq[i].arg0 = vap; 3125 ieee80211_runtask(ic, &sc->cmdq_task); 3126 } 3127 3128 /* 3129 * Try to clear stall first, also if other 3130 * errors occur, hence clearing stall 3131 * introduces a 50 ms delay: 3132 */ 3133 usbd_xfer_set_stall(xfer); 3134 goto tr_setup; 3135 } 3136 break; 3137 } 3138 } 3139 3140 static void 3141 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3142 { 3143 run_bulk_tx_callbackN(xfer, error, 0); 3144 } 3145 3146 static void 3147 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3148 { 3149 run_bulk_tx_callbackN(xfer, error, 1); 3150 } 3151 3152 static void 3153 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3154 { 3155 run_bulk_tx_callbackN(xfer, error, 2); 3156 } 3157 3158 static void 3159 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3160 { 3161 run_bulk_tx_callbackN(xfer, error, 3); 3162 } 3163 3164 static void 3165 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3166 { 3167 run_bulk_tx_callbackN(xfer, error, 4); 3168 } 3169 3170 static void 3171 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3172 { 3173 run_bulk_tx_callbackN(xfer, error, 5); 3174 } 3175 3176 static void 3177 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3178 { 3179 struct mbuf *m = data->m; 3180 struct ieee80211com *ic = &sc->sc_ic; 3181 struct ieee80211vap *vap = data->ni->ni_vap; 3182 struct ieee80211_frame *wh; 3183 struct rt2870_txd *txd; 3184 struct rt2860_txwi *txwi; 3185 uint16_t xferlen, txwisize; 3186 uint16_t mcs; 3187 uint8_t ridx = data->ridx; 3188 uint8_t pad; 3189 3190 /* get MCS code from rate index */ 3191 mcs = rt2860_rates[ridx].mcs; 3192 3193 txwisize = (sc->mac_ver == 0x5592) ? 3194 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3195 xferlen = txwisize + m->m_pkthdr.len; 3196 3197 /* roundup to 32-bit alignment */ 3198 xferlen = (xferlen + 3) & ~3; 3199 3200 txd = (struct rt2870_txd *)&data->desc; 3201 txd->len = htole16(xferlen); 3202 3203 wh = mtod(m, struct ieee80211_frame *); 3204 3205 /* 3206 * Ether both are true or both are false, the header 3207 * are nicely aligned to 32-bit. So, no L2 padding. 3208 */ 3209 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3210 pad = 0; 3211 else 3212 pad = 2; 3213 3214 /* setup TX Wireless Information */ 3215 txwi = (struct rt2860_txwi *)(txd + 1); 3216 txwi->len = htole16(m->m_pkthdr.len - pad); 3217 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3218 mcs |= RT2860_PHY_CCK; 3219 if (ridx != RT2860_RIDX_CCK1 && 3220 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3221 mcs |= RT2860_PHY_SHPRE; 3222 } else 3223 mcs |= RT2860_PHY_OFDM; 3224 txwi->phy = htole16(mcs); 3225 3226 /* check if RTS/CTS or CTS-to-self protection is required */ 3227 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3228 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3229 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3230 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3231 txwi->txop |= RT2860_TX_TXOP_HT; 3232 else 3233 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3234 3235 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3236 txwi->xflags |= RT2860_TX_NSEQ; 3237 } 3238 3239 /* This function must be called locked */ 3240 static int 3241 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3242 { 3243 struct ieee80211com *ic = &sc->sc_ic; 3244 struct ieee80211vap *vap = ni->ni_vap; 3245 struct ieee80211_frame *wh; 3246 struct ieee80211_channel *chan; 3247 const struct ieee80211_txparam *tp; 3248 struct run_node *rn = RUN_NODE(ni); 3249 struct run_tx_data *data; 3250 struct rt2870_txd *txd; 3251 struct rt2860_txwi *txwi; 3252 uint16_t qos; 3253 uint16_t dur; 3254 uint16_t qid; 3255 uint8_t type; 3256 uint8_t tid; 3257 uint8_t ridx; 3258 uint8_t ctl_ridx; 3259 uint8_t qflags; 3260 uint8_t xflags = 0; 3261 int hasqos; 3262 3263 RUN_LOCK_ASSERT(sc, MA_OWNED); 3264 3265 wh = mtod(m, struct ieee80211_frame *); 3266 3267 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3268 3269 /* 3270 * There are 7 bulk endpoints: 1 for RX 3271 * and 6 for TX (4 EDCAs + HCCA + Prio). 3272 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3273 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3274 */ 3275 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3276 uint8_t *frm; 3277 3278 if(IEEE80211_HAS_ADDR4(wh)) 3279 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3280 else 3281 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3282 3283 qos = le16toh(*(const uint16_t *)frm); 3284 tid = qos & IEEE80211_QOS_TID; 3285 qid = TID_TO_WME_AC(tid); 3286 } else { 3287 qos = 0; 3288 tid = 0; 3289 qid = WME_AC_BE; 3290 } 3291 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3292 3293 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3294 qos, qid, tid, qflags); 3295 3296 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3297 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3298 3299 /* pickup a rate index */ 3300 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3301 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3302 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3303 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3304 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3305 } else { 3306 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3307 ridx = rn->fix_ridx; 3308 else 3309 ridx = rn->amrr_ridx; 3310 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3311 } 3312 3313 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3314 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3315 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3316 xflags |= RT2860_TX_ACK; 3317 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3318 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3319 else 3320 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3321 USETW(wh->i_dur, dur); 3322 } 3323 3324 /* reserve slots for mgmt packets, just in case */ 3325 if (sc->sc_epq[qid].tx_nfree < 3) { 3326 DPRINTFN(10, "tx ring %d is full\n", qid); 3327 return (-1); 3328 } 3329 3330 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3331 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3332 sc->sc_epq[qid].tx_nfree--; 3333 3334 txd = (struct rt2870_txd *)&data->desc; 3335 txd->flags = qflags; 3336 txwi = (struct rt2860_txwi *)(txd + 1); 3337 txwi->xflags = xflags; 3338 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3339 txwi->wcid = 0; 3340 else 3341 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3342 1 : RUN_AID2WCID(ni->ni_associd); 3343 3344 /* clear leftover garbage bits */ 3345 txwi->flags = 0; 3346 txwi->txop = 0; 3347 3348 data->m = m; 3349 data->ni = ni; 3350 data->ridx = ridx; 3351 3352 run_set_tx_desc(sc, data); 3353 3354 /* 3355 * The chip keeps track of 2 kind of Tx stats, 3356 * * TX_STAT_FIFO, for per WCID stats, and 3357 * * TX_STA_CNT0 for all-TX-in-one stats. 3358 * 3359 * To use FIFO stats, we need to store MCS into the driver-private 3360 * PacketID field. So that, we can tell whose stats when we read them. 3361 * We add 1 to the MCS because setting the PacketID field to 0 means 3362 * that we don't want feedback in TX_STAT_FIFO. 3363 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3364 * 3365 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3366 */ 3367 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3368 vap->iv_opmode == IEEE80211_M_MBSS) { 3369 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3370 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3371 3372 /* 3373 * Unlike PCI based devices, we don't get any interrupt from 3374 * USB devices, so we simulate FIFO-is-full interrupt here. 3375 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3376 * quickly get fulled. To prevent overflow, increment a counter on 3377 * every FIFO stat request, so we know how many slots are left. 3378 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3379 * are used only in those modes. 3380 * We just drain stats. AMRR gets updated every 1 sec by 3381 * run_ratectl_cb() via callout. 3382 * Call it early. Otherwise overflow. 3383 */ 3384 if (sc->fifo_cnt++ == 10) { 3385 /* 3386 * With multiple vaps or if_bridge, if_start() is called 3387 * with a non-sleepable lock, tcpinp. So, need to defer. 3388 */ 3389 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3390 DPRINTFN(6, "cmdq_store=%d\n", i); 3391 sc->cmdq[i].func = run_drain_fifo; 3392 sc->cmdq[i].arg0 = sc; 3393 ieee80211_runtask(ic, &sc->cmdq_task); 3394 } 3395 } 3396 3397 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3398 3399 usbd_transfer_start(sc->sc_xfer[qid]); 3400 3401 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3402 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3403 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3404 3405 return (0); 3406 } 3407 3408 static int 3409 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3410 { 3411 struct ieee80211com *ic = &sc->sc_ic; 3412 struct run_node *rn = RUN_NODE(ni); 3413 struct run_tx_data *data; 3414 struct ieee80211_frame *wh; 3415 struct rt2870_txd *txd; 3416 struct rt2860_txwi *txwi; 3417 uint16_t dur; 3418 uint8_t ridx = rn->mgt_ridx; 3419 uint8_t type; 3420 uint8_t xflags = 0; 3421 uint8_t wflags = 0; 3422 3423 RUN_LOCK_ASSERT(sc, MA_OWNED); 3424 3425 wh = mtod(m, struct ieee80211_frame *); 3426 3427 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3428 3429 /* tell hardware to add timestamp for probe responses */ 3430 if ((wh->i_fc[0] & 3431 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3432 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3433 wflags |= RT2860_TX_TS; 3434 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3435 xflags |= RT2860_TX_ACK; 3436 3437 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3438 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3439 USETW(wh->i_dur, dur); 3440 } 3441 3442 if (sc->sc_epq[0].tx_nfree == 0) 3443 /* let caller free mbuf */ 3444 return (EIO); 3445 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3446 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3447 sc->sc_epq[0].tx_nfree--; 3448 3449 txd = (struct rt2870_txd *)&data->desc; 3450 txd->flags = RT2860_TX_QSEL_EDCA; 3451 txwi = (struct rt2860_txwi *)(txd + 1); 3452 txwi->wcid = 0xff; 3453 txwi->flags = wflags; 3454 txwi->xflags = xflags; 3455 txwi->txop = 0; /* clear leftover garbage bits */ 3456 3457 data->m = m; 3458 data->ni = ni; 3459 data->ridx = ridx; 3460 3461 run_set_tx_desc(sc, data); 3462 3463 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3464 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3465 rt2860_rates[ridx].rate); 3466 3467 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3468 3469 usbd_transfer_start(sc->sc_xfer[0]); 3470 3471 return (0); 3472 } 3473 3474 static int 3475 run_sendprot(struct run_softc *sc, 3476 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3477 { 3478 struct ieee80211com *ic = ni->ni_ic; 3479 struct ieee80211_frame *wh; 3480 struct run_tx_data *data; 3481 struct rt2870_txd *txd; 3482 struct rt2860_txwi *txwi; 3483 struct mbuf *mprot; 3484 int ridx; 3485 int protrate; 3486 int ackrate; 3487 int pktlen; 3488 int isshort; 3489 uint16_t dur; 3490 uint8_t type; 3491 uint8_t wflags = 0; 3492 uint8_t xflags = 0; 3493 3494 RUN_LOCK_ASSERT(sc, MA_OWNED); 3495 3496 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3497 ("protection %d", prot)); 3498 3499 wh = mtod(m, struct ieee80211_frame *); 3500 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3501 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3502 3503 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3504 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3505 3506 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3507 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3508 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3509 wflags = RT2860_TX_FRAG; 3510 3511 /* check that there are free slots before allocating the mbuf */ 3512 if (sc->sc_epq[0].tx_nfree == 0) 3513 /* let caller free mbuf */ 3514 return (ENOBUFS); 3515 3516 if (prot == IEEE80211_PROT_RTSCTS) { 3517 /* NB: CTS is the same size as an ACK */ 3518 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3519 xflags |= RT2860_TX_ACK; 3520 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3521 } else { 3522 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3523 } 3524 if (mprot == NULL) { 3525 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3526 DPRINTF("could not allocate mbuf\n"); 3527 return (ENOBUFS); 3528 } 3529 3530 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3531 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3532 sc->sc_epq[0].tx_nfree--; 3533 3534 txd = (struct rt2870_txd *)&data->desc; 3535 txd->flags = RT2860_TX_QSEL_EDCA; 3536 txwi = (struct rt2860_txwi *)(txd + 1); 3537 txwi->wcid = 0xff; 3538 txwi->flags = wflags; 3539 txwi->xflags = xflags; 3540 txwi->txop = 0; /* clear leftover garbage bits */ 3541 3542 data->m = mprot; 3543 data->ni = ieee80211_ref_node(ni); 3544 3545 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3546 if (rt2860_rates[ridx].rate == protrate) 3547 break; 3548 data->ridx = ridx; 3549 3550 run_set_tx_desc(sc, data); 3551 3552 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3553 m->m_pkthdr.len, rate); 3554 3555 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3556 3557 usbd_transfer_start(sc->sc_xfer[0]); 3558 3559 return (0); 3560 } 3561 3562 static int 3563 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3564 const struct ieee80211_bpf_params *params) 3565 { 3566 struct ieee80211com *ic = ni->ni_ic; 3567 struct ieee80211_frame *wh; 3568 struct run_tx_data *data; 3569 struct rt2870_txd *txd; 3570 struct rt2860_txwi *txwi; 3571 uint8_t type; 3572 uint8_t ridx; 3573 uint8_t rate; 3574 uint8_t opflags = 0; 3575 uint8_t xflags = 0; 3576 int error; 3577 3578 RUN_LOCK_ASSERT(sc, MA_OWNED); 3579 3580 KASSERT(params != NULL, ("no raw xmit params")); 3581 3582 wh = mtod(m, struct ieee80211_frame *); 3583 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3584 3585 rate = params->ibp_rate0; 3586 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3587 /* let caller free mbuf */ 3588 return (EINVAL); 3589 } 3590 3591 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3592 xflags |= RT2860_TX_ACK; 3593 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3594 error = run_sendprot(sc, m, ni, 3595 params->ibp_flags & IEEE80211_BPF_RTS ? 3596 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3597 rate); 3598 if (error) { 3599 /* let caller free mbuf */ 3600 return error; 3601 } 3602 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3603 } 3604 3605 if (sc->sc_epq[0].tx_nfree == 0) { 3606 /* let caller free mbuf */ 3607 DPRINTF("sending raw frame, but tx ring is full\n"); 3608 return (EIO); 3609 } 3610 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3611 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3612 sc->sc_epq[0].tx_nfree--; 3613 3614 txd = (struct rt2870_txd *)&data->desc; 3615 txd->flags = RT2860_TX_QSEL_EDCA; 3616 txwi = (struct rt2860_txwi *)(txd + 1); 3617 txwi->wcid = 0xff; 3618 txwi->xflags = xflags; 3619 txwi->txop = opflags; 3620 txwi->flags = 0; /* clear leftover garbage bits */ 3621 3622 data->m = m; 3623 data->ni = ni; 3624 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3625 if (rt2860_rates[ridx].rate == rate) 3626 break; 3627 data->ridx = ridx; 3628 3629 run_set_tx_desc(sc, data); 3630 3631 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3632 m->m_pkthdr.len, rate); 3633 3634 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3635 3636 usbd_transfer_start(sc->sc_xfer[0]); 3637 3638 return (0); 3639 } 3640 3641 static int 3642 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3643 const struct ieee80211_bpf_params *params) 3644 { 3645 struct run_softc *sc = ni->ni_ic->ic_softc; 3646 int error = 0; 3647 3648 RUN_LOCK(sc); 3649 3650 /* prevent management frames from being sent if we're not ready */ 3651 if (!(sc->sc_flags & RUN_RUNNING)) { 3652 error = ENETDOWN; 3653 goto done; 3654 } 3655 3656 if (params == NULL) { 3657 /* tx mgt packet */ 3658 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3659 DPRINTF("mgt tx failed\n"); 3660 goto done; 3661 } 3662 } else { 3663 /* tx raw packet with param */ 3664 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3665 DPRINTF("tx with param failed\n"); 3666 goto done; 3667 } 3668 } 3669 3670 done: 3671 RUN_UNLOCK(sc); 3672 3673 if (error != 0) { 3674 if(m != NULL) 3675 m_freem(m); 3676 } 3677 3678 return (error); 3679 } 3680 3681 static int 3682 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3683 { 3684 struct run_softc *sc = ic->ic_softc; 3685 int error; 3686 3687 RUN_LOCK(sc); 3688 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3689 RUN_UNLOCK(sc); 3690 return (ENXIO); 3691 } 3692 error = mbufq_enqueue(&sc->sc_snd, m); 3693 if (error) { 3694 RUN_UNLOCK(sc); 3695 return (error); 3696 } 3697 run_start(sc); 3698 RUN_UNLOCK(sc); 3699 3700 return (0); 3701 } 3702 3703 static void 3704 run_start(struct run_softc *sc) 3705 { 3706 struct ieee80211_node *ni; 3707 struct mbuf *m; 3708 3709 RUN_LOCK_ASSERT(sc, MA_OWNED); 3710 3711 if ((sc->sc_flags & RUN_RUNNING) == 0) 3712 return; 3713 3714 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3715 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3716 if (run_tx(sc, m, ni) != 0) { 3717 mbufq_prepend(&sc->sc_snd, m); 3718 break; 3719 } 3720 } 3721 } 3722 3723 static void 3724 run_parent(struct ieee80211com *ic) 3725 { 3726 struct run_softc *sc = ic->ic_softc; 3727 int startall = 0; 3728 3729 RUN_LOCK(sc); 3730 if (sc->sc_detached) { 3731 RUN_UNLOCK(sc); 3732 return; 3733 } 3734 3735 if (ic->ic_nrunning > 0) { 3736 if (!(sc->sc_flags & RUN_RUNNING)) { 3737 startall = 1; 3738 run_init_locked(sc); 3739 } else 3740 run_update_promisc_locked(sc); 3741 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3742 run_stop(sc); 3743 RUN_UNLOCK(sc); 3744 if (startall) 3745 ieee80211_start_all(ic); 3746 } 3747 3748 static void 3749 run_iq_calib(struct run_softc *sc, u_int chan) 3750 { 3751 uint16_t val; 3752 3753 /* Tx0 IQ gain. */ 3754 run_bbp_write(sc, 158, 0x2c); 3755 if (chan <= 14) 3756 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3757 else if (chan <= 64) { 3758 run_efuse_read(sc, 3759 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3760 &val, 1); 3761 } else if (chan <= 138) { 3762 run_efuse_read(sc, 3763 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3764 &val, 1); 3765 } else if (chan <= 165) { 3766 run_efuse_read(sc, 3767 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3768 &val, 1); 3769 } else 3770 val = 0; 3771 run_bbp_write(sc, 159, val); 3772 3773 /* Tx0 IQ phase. */ 3774 run_bbp_write(sc, 158, 0x2d); 3775 if (chan <= 14) { 3776 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3777 &val, 1); 3778 } else if (chan <= 64) { 3779 run_efuse_read(sc, 3780 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3781 &val, 1); 3782 } else if (chan <= 138) { 3783 run_efuse_read(sc, 3784 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3785 &val, 1); 3786 } else if (chan <= 165) { 3787 run_efuse_read(sc, 3788 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3789 &val, 1); 3790 } else 3791 val = 0; 3792 run_bbp_write(sc, 159, val); 3793 3794 /* Tx1 IQ gain. */ 3795 run_bbp_write(sc, 158, 0x4a); 3796 if (chan <= 14) { 3797 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3798 &val, 1); 3799 } else if (chan <= 64) { 3800 run_efuse_read(sc, 3801 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3802 &val, 1); 3803 } else if (chan <= 138) { 3804 run_efuse_read(sc, 3805 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3806 &val, 1); 3807 } else if (chan <= 165) { 3808 run_efuse_read(sc, 3809 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3810 &val, 1); 3811 } else 3812 val = 0; 3813 run_bbp_write(sc, 159, val); 3814 3815 /* Tx1 IQ phase. */ 3816 run_bbp_write(sc, 158, 0x4b); 3817 if (chan <= 14) { 3818 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3819 &val, 1); 3820 } else if (chan <= 64) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3823 &val, 1); 3824 } else if (chan <= 138) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3827 &val, 1); 3828 } else if (chan <= 165) { 3829 run_efuse_read(sc, 3830 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3831 &val, 1); 3832 } else 3833 val = 0; 3834 run_bbp_write(sc, 159, val); 3835 3836 /* RF IQ compensation control. */ 3837 run_bbp_write(sc, 158, 0x04); 3838 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3839 &val, 1); 3840 run_bbp_write(sc, 159, val); 3841 3842 /* RF IQ imbalance compensation control. */ 3843 run_bbp_write(sc, 158, 0x03); 3844 run_efuse_read(sc, 3845 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3846 run_bbp_write(sc, 159, val); 3847 } 3848 3849 static void 3850 run_set_agc(struct run_softc *sc, uint8_t agc) 3851 { 3852 uint8_t bbp; 3853 3854 if (sc->mac_ver == 0x3572) { 3855 run_bbp_read(sc, 27, &bbp); 3856 bbp &= ~(0x3 << 5); 3857 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3858 run_bbp_write(sc, 66, agc); 3859 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3860 run_bbp_write(sc, 66, agc); 3861 } else 3862 run_bbp_write(sc, 66, agc); 3863 } 3864 3865 static void 3866 run_select_chan_group(struct run_softc *sc, int group) 3867 { 3868 uint32_t tmp; 3869 uint8_t agc; 3870 3871 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3872 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3873 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3874 if (sc->mac_ver < 0x3572) 3875 run_bbp_write(sc, 86, 0x00); 3876 3877 if (sc->mac_ver == 0x3593) { 3878 run_bbp_write(sc, 77, 0x98); 3879 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3880 } 3881 3882 if (group == 0) { 3883 if (sc->ext_2ghz_lna) { 3884 if (sc->mac_ver >= 0x5390) 3885 run_bbp_write(sc, 75, 0x52); 3886 else { 3887 run_bbp_write(sc, 82, 0x62); 3888 run_bbp_write(sc, 75, 0x46); 3889 } 3890 } else { 3891 if (sc->mac_ver == 0x5592) { 3892 run_bbp_write(sc, 79, 0x1c); 3893 run_bbp_write(sc, 80, 0x0e); 3894 run_bbp_write(sc, 81, 0x3a); 3895 run_bbp_write(sc, 82, 0x62); 3896 3897 run_bbp_write(sc, 195, 0x80); 3898 run_bbp_write(sc, 196, 0xe0); 3899 run_bbp_write(sc, 195, 0x81); 3900 run_bbp_write(sc, 196, 0x1f); 3901 run_bbp_write(sc, 195, 0x82); 3902 run_bbp_write(sc, 196, 0x38); 3903 run_bbp_write(sc, 195, 0x83); 3904 run_bbp_write(sc, 196, 0x32); 3905 run_bbp_write(sc, 195, 0x85); 3906 run_bbp_write(sc, 196, 0x28); 3907 run_bbp_write(sc, 195, 0x86); 3908 run_bbp_write(sc, 196, 0x19); 3909 } else if (sc->mac_ver >= 0x5390) 3910 run_bbp_write(sc, 75, 0x50); 3911 else { 3912 run_bbp_write(sc, 82, 3913 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3914 run_bbp_write(sc, 75, 0x50); 3915 } 3916 } 3917 } else { 3918 if (sc->mac_ver == 0x5592) { 3919 run_bbp_write(sc, 79, 0x18); 3920 run_bbp_write(sc, 80, 0x08); 3921 run_bbp_write(sc, 81, 0x38); 3922 run_bbp_write(sc, 82, 0x92); 3923 3924 run_bbp_write(sc, 195, 0x80); 3925 run_bbp_write(sc, 196, 0xf0); 3926 run_bbp_write(sc, 195, 0x81); 3927 run_bbp_write(sc, 196, 0x1e); 3928 run_bbp_write(sc, 195, 0x82); 3929 run_bbp_write(sc, 196, 0x28); 3930 run_bbp_write(sc, 195, 0x83); 3931 run_bbp_write(sc, 196, 0x20); 3932 run_bbp_write(sc, 195, 0x85); 3933 run_bbp_write(sc, 196, 0x7f); 3934 run_bbp_write(sc, 195, 0x86); 3935 run_bbp_write(sc, 196, 0x7f); 3936 } else if (sc->mac_ver == 0x3572) 3937 run_bbp_write(sc, 82, 0x94); 3938 else 3939 run_bbp_write(sc, 82, 3940 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3941 if (sc->ext_5ghz_lna) 3942 run_bbp_write(sc, 75, 0x46); 3943 else 3944 run_bbp_write(sc, 75, 0x50); 3945 } 3946 3947 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3948 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3949 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3950 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3951 3952 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3953 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3954 if (sc->mac_ver == 0x3593) 3955 tmp |= 1 << 29 | 1 << 28; 3956 if (sc->nrxchains > 1) 3957 tmp |= RT2860_LNA_PE1_EN; 3958 if (group == 0) { /* 2GHz */ 3959 tmp |= RT2860_PA_PE_G0_EN; 3960 if (sc->ntxchains > 1) 3961 tmp |= RT2860_PA_PE_G1_EN; 3962 if (sc->mac_ver == 0x3593) { 3963 if (sc->ntxchains > 2) 3964 tmp |= 1 << 25; 3965 } 3966 } else { /* 5GHz */ 3967 tmp |= RT2860_PA_PE_A0_EN; 3968 if (sc->ntxchains > 1) 3969 tmp |= RT2860_PA_PE_A1_EN; 3970 } 3971 if (sc->mac_ver == 0x3572) { 3972 run_rt3070_rf_write(sc, 8, 0x00); 3973 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3974 run_rt3070_rf_write(sc, 8, 0x80); 3975 } else 3976 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3977 3978 if (sc->mac_ver == 0x5592) { 3979 run_bbp_write(sc, 195, 0x8d); 3980 run_bbp_write(sc, 196, 0x1a); 3981 } 3982 3983 if (sc->mac_ver == 0x3593) { 3984 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3985 tmp &= ~0x01010000; 3986 if (group == 0) 3987 tmp |= 0x00010000; 3988 tmp = (tmp & ~0x00009090) | 0x00000090; 3989 run_write(sc, RT2860_GPIO_CTRL, tmp); 3990 } 3991 3992 /* set initial AGC value */ 3993 if (group == 0) { /* 2GHz band */ 3994 if (sc->mac_ver >= 0x3070) 3995 agc = 0x1c + sc->lna[0] * 2; 3996 else 3997 agc = 0x2e + sc->lna[0]; 3998 } else { /* 5GHz band */ 3999 if (sc->mac_ver == 0x5592) 4000 agc = 0x24 + sc->lna[group] * 2; 4001 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4002 agc = 0x22 + (sc->lna[group] * 5) / 3; 4003 else 4004 agc = 0x32 + (sc->lna[group] * 5) / 3; 4005 } 4006 run_set_agc(sc, agc); 4007 } 4008 4009 static void 4010 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4011 { 4012 const struct rfprog *rfprog = rt2860_rf2850; 4013 uint32_t r2, r3, r4; 4014 int8_t txpow1, txpow2; 4015 int i; 4016 4017 /* find the settings for this channel (we know it exists) */ 4018 for (i = 0; rfprog[i].chan != chan; i++); 4019 4020 r2 = rfprog[i].r2; 4021 if (sc->ntxchains == 1) 4022 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4023 if (sc->nrxchains == 1) 4024 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4025 else if (sc->nrxchains == 2) 4026 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4027 4028 /* use Tx power values from EEPROM */ 4029 txpow1 = sc->txpow1[i]; 4030 txpow2 = sc->txpow2[i]; 4031 4032 /* Initialize RF R3 and R4. */ 4033 r3 = rfprog[i].r3 & 0xffffc1ff; 4034 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4035 if (chan > 14) { 4036 if (txpow1 >= 0) { 4037 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4038 r3 |= (txpow1 << 10) | (1 << 9); 4039 } else { 4040 txpow1 += 7; 4041 4042 /* txpow1 is not possible larger than 15. */ 4043 r3 |= (txpow1 << 10); 4044 } 4045 if (txpow2 >= 0) { 4046 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4047 r4 |= (txpow2 << 7) | (1 << 6); 4048 } else { 4049 txpow2 += 7; 4050 r4 |= (txpow2 << 7); 4051 } 4052 } else { 4053 /* Set Tx0 power. */ 4054 r3 |= (txpow1 << 9); 4055 4056 /* Set frequency offset and Tx1 power. */ 4057 r4 |= (txpow2 << 6); 4058 } 4059 4060 run_rt2870_rf_write(sc, rfprog[i].r1); 4061 run_rt2870_rf_write(sc, r2); 4062 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4063 run_rt2870_rf_write(sc, r4); 4064 4065 run_delay(sc, 10); 4066 4067 run_rt2870_rf_write(sc, rfprog[i].r1); 4068 run_rt2870_rf_write(sc, r2); 4069 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4070 run_rt2870_rf_write(sc, r4); 4071 4072 run_delay(sc, 10); 4073 4074 run_rt2870_rf_write(sc, rfprog[i].r1); 4075 run_rt2870_rf_write(sc, r2); 4076 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4077 run_rt2870_rf_write(sc, r4); 4078 } 4079 4080 static void 4081 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4082 { 4083 int8_t txpow1, txpow2; 4084 uint8_t rf; 4085 int i; 4086 4087 /* find the settings for this channel (we know it exists) */ 4088 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4089 4090 /* use Tx power values from EEPROM */ 4091 txpow1 = sc->txpow1[i]; 4092 txpow2 = sc->txpow2[i]; 4093 4094 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4095 4096 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4097 run_rt3070_rf_read(sc, 3, &rf); 4098 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4099 run_rt3070_rf_write(sc, 3, rf); 4100 4101 run_rt3070_rf_read(sc, 6, &rf); 4102 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4103 run_rt3070_rf_write(sc, 6, rf); 4104 4105 /* set Tx0 power */ 4106 run_rt3070_rf_read(sc, 12, &rf); 4107 rf = (rf & ~0x1f) | txpow1; 4108 run_rt3070_rf_write(sc, 12, rf); 4109 4110 /* set Tx1 power */ 4111 run_rt3070_rf_read(sc, 13, &rf); 4112 rf = (rf & ~0x1f) | txpow2; 4113 run_rt3070_rf_write(sc, 13, rf); 4114 4115 run_rt3070_rf_read(sc, 1, &rf); 4116 rf &= ~0xfc; 4117 if (sc->ntxchains == 1) 4118 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4119 else if (sc->ntxchains == 2) 4120 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4121 if (sc->nrxchains == 1) 4122 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4123 else if (sc->nrxchains == 2) 4124 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4125 run_rt3070_rf_write(sc, 1, rf); 4126 4127 /* set RF offset */ 4128 run_rt3070_rf_read(sc, 23, &rf); 4129 rf = (rf & ~0x7f) | sc->freq; 4130 run_rt3070_rf_write(sc, 23, rf); 4131 4132 /* program RF filter */ 4133 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4134 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4135 run_rt3070_rf_write(sc, 24, rf); 4136 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4137 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4138 run_rt3070_rf_write(sc, 31, rf); 4139 4140 /* enable RF tuning */ 4141 run_rt3070_rf_read(sc, 7, &rf); 4142 run_rt3070_rf_write(sc, 7, rf | 0x01); 4143 } 4144 4145 static void 4146 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4147 { 4148 int8_t txpow1, txpow2; 4149 uint32_t tmp; 4150 uint8_t rf; 4151 int i; 4152 4153 /* find the settings for this channel (we know it exists) */ 4154 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4155 4156 /* use Tx power values from EEPROM */ 4157 txpow1 = sc->txpow1[i]; 4158 txpow2 = sc->txpow2[i]; 4159 4160 if (chan <= 14) { 4161 run_bbp_write(sc, 25, sc->bbp25); 4162 run_bbp_write(sc, 26, sc->bbp26); 4163 } else { 4164 /* enable IQ phase correction */ 4165 run_bbp_write(sc, 25, 0x09); 4166 run_bbp_write(sc, 26, 0xff); 4167 } 4168 4169 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4170 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4171 run_rt3070_rf_read(sc, 6, &rf); 4172 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4173 rf |= (chan <= 14) ? 0x08 : 0x04; 4174 run_rt3070_rf_write(sc, 6, rf); 4175 4176 /* set PLL mode */ 4177 run_rt3070_rf_read(sc, 5, &rf); 4178 rf &= ~(0x08 | 0x04); 4179 rf |= (chan <= 14) ? 0x04 : 0x08; 4180 run_rt3070_rf_write(sc, 5, rf); 4181 4182 /* set Tx power for chain 0 */ 4183 if (chan <= 14) 4184 rf = 0x60 | txpow1; 4185 else 4186 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4187 run_rt3070_rf_write(sc, 12, rf); 4188 4189 /* set Tx power for chain 1 */ 4190 if (chan <= 14) 4191 rf = 0x60 | txpow2; 4192 else 4193 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4194 run_rt3070_rf_write(sc, 13, rf); 4195 4196 /* set Tx/Rx streams */ 4197 run_rt3070_rf_read(sc, 1, &rf); 4198 rf &= ~0xfc; 4199 if (sc->ntxchains == 1) 4200 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4201 else if (sc->ntxchains == 2) 4202 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4203 if (sc->nrxchains == 1) 4204 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4205 else if (sc->nrxchains == 2) 4206 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4207 run_rt3070_rf_write(sc, 1, rf); 4208 4209 /* set RF offset */ 4210 run_rt3070_rf_read(sc, 23, &rf); 4211 rf = (rf & ~0x7f) | sc->freq; 4212 run_rt3070_rf_write(sc, 23, rf); 4213 4214 /* program RF filter */ 4215 rf = sc->rf24_20mhz; 4216 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4217 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4218 4219 /* enable RF tuning */ 4220 run_rt3070_rf_read(sc, 7, &rf); 4221 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4222 run_rt3070_rf_write(sc, 7, rf); 4223 4224 /* TSSI */ 4225 rf = (chan <= 14) ? 0xc3 : 0xc0; 4226 run_rt3070_rf_write(sc, 9, rf); 4227 4228 /* set loop filter 1 */ 4229 run_rt3070_rf_write(sc, 10, 0xf1); 4230 /* set loop filter 2 */ 4231 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4232 4233 /* set tx_mx2_ic */ 4234 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4235 /* set tx_mx1_ic */ 4236 if (chan <= 14) 4237 rf = 0x48 | sc->txmixgain_2ghz; 4238 else 4239 rf = 0x78 | sc->txmixgain_5ghz; 4240 run_rt3070_rf_write(sc, 16, rf); 4241 4242 /* set tx_lo1 */ 4243 run_rt3070_rf_write(sc, 17, 0x23); 4244 /* set tx_lo2 */ 4245 if (chan <= 14) 4246 rf = 0x93; 4247 else if (chan <= 64) 4248 rf = 0xb7; 4249 else if (chan <= 128) 4250 rf = 0x74; 4251 else 4252 rf = 0x72; 4253 run_rt3070_rf_write(sc, 19, rf); 4254 4255 /* set rx_lo1 */ 4256 if (chan <= 14) 4257 rf = 0xb3; 4258 else if (chan <= 64) 4259 rf = 0xf6; 4260 else if (chan <= 128) 4261 rf = 0xf4; 4262 else 4263 rf = 0xf3; 4264 run_rt3070_rf_write(sc, 20, rf); 4265 4266 /* set pfd_delay */ 4267 if (chan <= 14) 4268 rf = 0x15; 4269 else if (chan <= 64) 4270 rf = 0x3d; 4271 else 4272 rf = 0x01; 4273 run_rt3070_rf_write(sc, 25, rf); 4274 4275 /* set rx_lo2 */ 4276 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4277 /* set ldo_rf_vc */ 4278 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4279 /* set drv_cc */ 4280 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4281 4282 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4283 tmp &= ~0x8080; 4284 if (chan <= 14) 4285 tmp |= 0x80; 4286 run_write(sc, RT2860_GPIO_CTRL, tmp); 4287 4288 /* enable RF tuning */ 4289 run_rt3070_rf_read(sc, 7, &rf); 4290 run_rt3070_rf_write(sc, 7, rf | 0x01); 4291 4292 run_delay(sc, 2); 4293 } 4294 4295 static void 4296 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4297 { 4298 int8_t txpow1, txpow2, txpow3; 4299 uint8_t h20mhz, rf; 4300 int i; 4301 4302 /* find the settings for this channel (we know it exists) */ 4303 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4304 4305 /* use Tx power values from EEPROM */ 4306 txpow1 = sc->txpow1[i]; 4307 txpow2 = sc->txpow2[i]; 4308 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4309 4310 if (chan <= 14) { 4311 run_bbp_write(sc, 25, sc->bbp25); 4312 run_bbp_write(sc, 26, sc->bbp26); 4313 } else { 4314 /* Enable IQ phase correction. */ 4315 run_bbp_write(sc, 25, 0x09); 4316 run_bbp_write(sc, 26, 0xff); 4317 } 4318 4319 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4320 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4321 run_rt3070_rf_read(sc, 11, &rf); 4322 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4323 run_rt3070_rf_write(sc, 11, rf); 4324 4325 /* Set pll_idoh. */ 4326 run_rt3070_rf_read(sc, 11, &rf); 4327 rf &= ~0x4c; 4328 rf |= (chan <= 14) ? 0x44 : 0x48; 4329 run_rt3070_rf_write(sc, 11, rf); 4330 4331 if (chan <= 14) 4332 rf = txpow1 & 0x1f; 4333 else 4334 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4335 run_rt3070_rf_write(sc, 53, rf); 4336 4337 if (chan <= 14) 4338 rf = txpow2 & 0x1f; 4339 else 4340 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4341 run_rt3070_rf_write(sc, 55, rf); 4342 4343 if (chan <= 14) 4344 rf = txpow3 & 0x1f; 4345 else 4346 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4347 run_rt3070_rf_write(sc, 54, rf); 4348 4349 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4350 if (sc->ntxchains == 3) 4351 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4352 else 4353 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4354 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4355 run_rt3070_rf_write(sc, 1, rf); 4356 4357 run_adjust_freq_offset(sc); 4358 4359 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4360 4361 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4362 run_rt3070_rf_read(sc, 30, &rf); 4363 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4364 run_rt3070_rf_write(sc, 30, rf); 4365 4366 run_rt3070_rf_read(sc, 36, &rf); 4367 if (chan <= 14) 4368 rf |= 0x80; 4369 else 4370 rf &= ~0x80; 4371 run_rt3070_rf_write(sc, 36, rf); 4372 4373 /* Set vcolo_bs. */ 4374 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4375 /* Set pfd_delay. */ 4376 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4377 4378 /* Set vco bias current control. */ 4379 run_rt3070_rf_read(sc, 6, &rf); 4380 rf &= ~0xc0; 4381 if (chan <= 14) 4382 rf |= 0x40; 4383 else if (chan <= 128) 4384 rf |= 0x80; 4385 else 4386 rf |= 0x40; 4387 run_rt3070_rf_write(sc, 6, rf); 4388 4389 run_rt3070_rf_read(sc, 30, &rf); 4390 rf = (rf & ~0x18) | 0x10; 4391 run_rt3070_rf_write(sc, 30, rf); 4392 4393 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4394 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4395 4396 run_rt3070_rf_read(sc, 51, &rf); 4397 rf = (rf & ~0x03) | 0x01; 4398 run_rt3070_rf_write(sc, 51, rf); 4399 /* Set tx_mx1_cc. */ 4400 run_rt3070_rf_read(sc, 51, &rf); 4401 rf &= ~0x1c; 4402 rf |= (chan <= 14) ? 0x14 : 0x10; 4403 run_rt3070_rf_write(sc, 51, rf); 4404 /* Set tx_mx1_ic. */ 4405 run_rt3070_rf_read(sc, 51, &rf); 4406 rf &= ~0xe0; 4407 rf |= (chan <= 14) ? 0x60 : 0x40; 4408 run_rt3070_rf_write(sc, 51, rf); 4409 /* Set tx_lo1_ic. */ 4410 run_rt3070_rf_read(sc, 49, &rf); 4411 rf &= ~0x1c; 4412 rf |= (chan <= 14) ? 0x0c : 0x08; 4413 run_rt3070_rf_write(sc, 49, rf); 4414 /* Set tx_lo1_en. */ 4415 run_rt3070_rf_read(sc, 50, &rf); 4416 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4417 /* Set drv_cc. */ 4418 run_rt3070_rf_read(sc, 57, &rf); 4419 rf &= ~0xfc; 4420 rf |= (chan <= 14) ? 0x6c : 0x3c; 4421 run_rt3070_rf_write(sc, 57, rf); 4422 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4423 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4424 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4425 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4426 /* Enable VCO calibration. */ 4427 run_rt3070_rf_read(sc, 3, &rf); 4428 rf &= ~RT5390_VCOCAL; 4429 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4430 run_rt3070_rf_write(sc, 3, rf); 4431 4432 if (chan <= 14) 4433 rf = 0x23; 4434 else if (chan <= 64) 4435 rf = 0x36; 4436 else if (chan <= 128) 4437 rf = 0x32; 4438 else 4439 rf = 0x30; 4440 run_rt3070_rf_write(sc, 39, rf); 4441 if (chan <= 14) 4442 rf = 0xbb; 4443 else if (chan <= 64) 4444 rf = 0xeb; 4445 else if (chan <= 128) 4446 rf = 0xb3; 4447 else 4448 rf = 0x9b; 4449 run_rt3070_rf_write(sc, 45, rf); 4450 4451 /* Set FEQ/AEQ control. */ 4452 run_bbp_write(sc, 105, 0x34); 4453 } 4454 4455 static void 4456 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4457 { 4458 int8_t txpow1, txpow2; 4459 uint8_t rf; 4460 int i; 4461 4462 /* find the settings for this channel (we know it exists) */ 4463 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4464 4465 /* use Tx power values from EEPROM */ 4466 txpow1 = sc->txpow1[i]; 4467 txpow2 = sc->txpow2[i]; 4468 4469 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4470 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4471 run_rt3070_rf_read(sc, 11, &rf); 4472 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4473 run_rt3070_rf_write(sc, 11, rf); 4474 4475 run_rt3070_rf_read(sc, 49, &rf); 4476 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4477 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4478 if ((rf & 0x3f) > 0x27) 4479 rf = (rf & ~0x3f) | 0x27; 4480 run_rt3070_rf_write(sc, 49, rf); 4481 4482 if (sc->mac_ver == 0x5392) { 4483 run_rt3070_rf_read(sc, 50, &rf); 4484 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4485 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4486 if ((rf & 0x3f) > 0x27) 4487 rf = (rf & ~0x3f) | 0x27; 4488 run_rt3070_rf_write(sc, 50, rf); 4489 } 4490 4491 run_rt3070_rf_read(sc, 1, &rf); 4492 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4493 if (sc->mac_ver == 0x5392) 4494 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4495 run_rt3070_rf_write(sc, 1, rf); 4496 4497 if (sc->mac_ver != 0x5392) { 4498 run_rt3070_rf_read(sc, 2, &rf); 4499 rf |= 0x80; 4500 run_rt3070_rf_write(sc, 2, rf); 4501 run_delay(sc, 10); 4502 rf &= 0x7f; 4503 run_rt3070_rf_write(sc, 2, rf); 4504 } 4505 4506 run_adjust_freq_offset(sc); 4507 4508 if (sc->mac_ver == 0x5392) { 4509 /* Fix for RT5392C. */ 4510 if (sc->mac_rev >= 0x0223) { 4511 if (chan <= 4) 4512 rf = 0x0f; 4513 else if (chan >= 5 && chan <= 7) 4514 rf = 0x0e; 4515 else 4516 rf = 0x0d; 4517 run_rt3070_rf_write(sc, 23, rf); 4518 4519 if (chan <= 4) 4520 rf = 0x0c; 4521 else if (chan == 5) 4522 rf = 0x0b; 4523 else if (chan >= 6 && chan <= 7) 4524 rf = 0x0a; 4525 else if (chan >= 8 && chan <= 10) 4526 rf = 0x09; 4527 else 4528 rf = 0x08; 4529 run_rt3070_rf_write(sc, 59, rf); 4530 } else { 4531 if (chan <= 11) 4532 rf = 0x0f; 4533 else 4534 rf = 0x0b; 4535 run_rt3070_rf_write(sc, 59, rf); 4536 } 4537 } else { 4538 /* Fix for RT5390F. */ 4539 if (sc->mac_rev >= 0x0502) { 4540 if (chan <= 11) 4541 rf = 0x43; 4542 else 4543 rf = 0x23; 4544 run_rt3070_rf_write(sc, 55, rf); 4545 4546 if (chan <= 11) 4547 rf = 0x0f; 4548 else if (chan == 12) 4549 rf = 0x0d; 4550 else 4551 rf = 0x0b; 4552 run_rt3070_rf_write(sc, 59, rf); 4553 } else { 4554 run_rt3070_rf_write(sc, 55, 0x44); 4555 run_rt3070_rf_write(sc, 59, 0x8f); 4556 } 4557 } 4558 4559 /* Enable VCO calibration. */ 4560 run_rt3070_rf_read(sc, 3, &rf); 4561 rf |= RT5390_VCOCAL; 4562 run_rt3070_rf_write(sc, 3, rf); 4563 } 4564 4565 static void 4566 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4567 { 4568 const struct rt5592_freqs *freqs; 4569 uint32_t tmp; 4570 uint8_t reg, rf, txpow_bound; 4571 int8_t txpow1, txpow2; 4572 int i; 4573 4574 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4575 freqs = (tmp & RT5592_SEL_XTAL) ? 4576 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4577 4578 /* find the settings for this channel (we know it exists) */ 4579 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4580 4581 /* use Tx power values from EEPROM */ 4582 txpow1 = sc->txpow1[i]; 4583 txpow2 = sc->txpow2[i]; 4584 4585 run_read(sc, RT3070_LDO_CFG0, &tmp); 4586 tmp &= ~0x1c000000; 4587 if (chan > 14) 4588 tmp |= 0x14000000; 4589 run_write(sc, RT3070_LDO_CFG0, tmp); 4590 4591 /* N setting. */ 4592 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4593 run_rt3070_rf_read(sc, 9, &rf); 4594 rf &= ~(1 << 4); 4595 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4596 run_rt3070_rf_write(sc, 9, rf); 4597 4598 /* K setting. */ 4599 run_rt3070_rf_read(sc, 9, &rf); 4600 rf &= ~0x0f; 4601 rf |= (freqs->k & 0x0f); 4602 run_rt3070_rf_write(sc, 9, rf); 4603 4604 /* Mode setting. */ 4605 run_rt3070_rf_read(sc, 11, &rf); 4606 rf &= ~0x0c; 4607 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4608 run_rt3070_rf_write(sc, 11, rf); 4609 run_rt3070_rf_read(sc, 9, &rf); 4610 rf &= ~(1 << 7); 4611 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4612 run_rt3070_rf_write(sc, 9, rf); 4613 4614 /* R setting. */ 4615 run_rt3070_rf_read(sc, 11, &rf); 4616 rf &= ~0x03; 4617 rf |= (freqs->r - 0x1); 4618 run_rt3070_rf_write(sc, 11, rf); 4619 4620 if (chan <= 14) { 4621 /* Initialize RF registers for 2GHZ. */ 4622 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4623 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4624 rt5592_2ghz_def_rf[i].val); 4625 } 4626 4627 rf = (chan <= 10) ? 0x07 : 0x06; 4628 run_rt3070_rf_write(sc, 23, rf); 4629 run_rt3070_rf_write(sc, 59, rf); 4630 4631 run_rt3070_rf_write(sc, 55, 0x43); 4632 4633 /* 4634 * RF R49/R50 Tx power ALC code. 4635 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4636 */ 4637 reg = 2; 4638 txpow_bound = 0x27; 4639 } else { 4640 /* Initialize RF registers for 5GHZ. */ 4641 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4642 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4643 rt5592_5ghz_def_rf[i].val); 4644 } 4645 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4646 if (chan >= rt5592_chan_5ghz[i].firstchan && 4647 chan <= rt5592_chan_5ghz[i].lastchan) { 4648 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4649 rt5592_chan_5ghz[i].val); 4650 } 4651 } 4652 4653 /* 4654 * RF R49/R50 Tx power ALC code. 4655 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4656 */ 4657 reg = 3; 4658 txpow_bound = 0x2b; 4659 } 4660 4661 /* RF R49 ch0 Tx power ALC code. */ 4662 run_rt3070_rf_read(sc, 49, &rf); 4663 rf &= ~0xc0; 4664 rf |= (reg << 6); 4665 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4666 if ((rf & 0x3f) > txpow_bound) 4667 rf = (rf & ~0x3f) | txpow_bound; 4668 run_rt3070_rf_write(sc, 49, rf); 4669 4670 /* RF R50 ch1 Tx power ALC code. */ 4671 run_rt3070_rf_read(sc, 50, &rf); 4672 rf &= ~(1 << 7 | 1 << 6); 4673 rf |= (reg << 6); 4674 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4675 if ((rf & 0x3f) > txpow_bound) 4676 rf = (rf & ~0x3f) | txpow_bound; 4677 run_rt3070_rf_write(sc, 50, rf); 4678 4679 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4680 run_rt3070_rf_read(sc, 1, &rf); 4681 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4682 if (sc->ntxchains > 1) 4683 rf |= RT3070_TX1_PD; 4684 if (sc->nrxchains > 1) 4685 rf |= RT3070_RX1_PD; 4686 run_rt3070_rf_write(sc, 1, rf); 4687 4688 run_rt3070_rf_write(sc, 6, 0xe4); 4689 4690 run_rt3070_rf_write(sc, 30, 0x10); 4691 run_rt3070_rf_write(sc, 31, 0x80); 4692 run_rt3070_rf_write(sc, 32, 0x80); 4693 4694 run_adjust_freq_offset(sc); 4695 4696 /* Enable VCO calibration. */ 4697 run_rt3070_rf_read(sc, 3, &rf); 4698 rf |= RT5390_VCOCAL; 4699 run_rt3070_rf_write(sc, 3, rf); 4700 } 4701 4702 static void 4703 run_set_rx_antenna(struct run_softc *sc, int aux) 4704 { 4705 uint32_t tmp; 4706 uint8_t bbp152; 4707 4708 if (aux) { 4709 if (sc->rf_rev == RT5390_RF_5370) { 4710 run_bbp_read(sc, 152, &bbp152); 4711 run_bbp_write(sc, 152, bbp152 & ~0x80); 4712 } else { 4713 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4714 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4715 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4716 } 4717 } else { 4718 if (sc->rf_rev == RT5390_RF_5370) { 4719 run_bbp_read(sc, 152, &bbp152); 4720 run_bbp_write(sc, 152, bbp152 | 0x80); 4721 } else { 4722 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4723 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4724 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4725 } 4726 } 4727 } 4728 4729 static int 4730 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4731 { 4732 struct ieee80211com *ic = &sc->sc_ic; 4733 u_int chan, group; 4734 4735 chan = ieee80211_chan2ieee(ic, c); 4736 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4737 return (EINVAL); 4738 4739 if (sc->mac_ver == 0x5592) 4740 run_rt5592_set_chan(sc, chan); 4741 else if (sc->mac_ver >= 0x5390) 4742 run_rt5390_set_chan(sc, chan); 4743 else if (sc->mac_ver == 0x3593) 4744 run_rt3593_set_chan(sc, chan); 4745 else if (sc->mac_ver == 0x3572) 4746 run_rt3572_set_chan(sc, chan); 4747 else if (sc->mac_ver >= 0x3070) 4748 run_rt3070_set_chan(sc, chan); 4749 else 4750 run_rt2870_set_chan(sc, chan); 4751 4752 /* determine channel group */ 4753 if (chan <= 14) 4754 group = 0; 4755 else if (chan <= 64) 4756 group = 1; 4757 else if (chan <= 128) 4758 group = 2; 4759 else 4760 group = 3; 4761 4762 /* XXX necessary only when group has changed! */ 4763 run_select_chan_group(sc, group); 4764 4765 run_delay(sc, 10); 4766 4767 /* Perform IQ calibration. */ 4768 if (sc->mac_ver >= 0x5392) 4769 run_iq_calib(sc, chan); 4770 4771 return (0); 4772 } 4773 4774 static void 4775 run_set_channel(struct ieee80211com *ic) 4776 { 4777 struct run_softc *sc = ic->ic_softc; 4778 4779 RUN_LOCK(sc); 4780 run_set_chan(sc, ic->ic_curchan); 4781 RUN_UNLOCK(sc); 4782 4783 return; 4784 } 4785 4786 static void 4787 run_scan_start(struct ieee80211com *ic) 4788 { 4789 struct run_softc *sc = ic->ic_softc; 4790 uint32_t tmp; 4791 4792 RUN_LOCK(sc); 4793 4794 /* abort TSF synchronization */ 4795 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4796 run_write(sc, RT2860_BCN_TIME_CFG, 4797 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4798 RT2860_TBTT_TIMER_EN)); 4799 run_set_bssid(sc, ieee80211broadcastaddr); 4800 4801 RUN_UNLOCK(sc); 4802 4803 return; 4804 } 4805 4806 static void 4807 run_scan_end(struct ieee80211com *ic) 4808 { 4809 struct run_softc *sc = ic->ic_softc; 4810 4811 RUN_LOCK(sc); 4812 4813 run_enable_tsf_sync(sc); 4814 run_set_bssid(sc, sc->sc_bssid); 4815 4816 RUN_UNLOCK(sc); 4817 4818 return; 4819 } 4820 4821 /* 4822 * Could be called from ieee80211_node_timeout() 4823 * (non-sleepable thread) 4824 */ 4825 static void 4826 run_update_beacon(struct ieee80211vap *vap, int item) 4827 { 4828 struct ieee80211com *ic = vap->iv_ic; 4829 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4830 struct ieee80211_node *ni = vap->iv_bss; 4831 struct run_softc *sc = ic->ic_softc; 4832 struct run_vap *rvp = RUN_VAP(vap); 4833 int mcast = 0; 4834 uint32_t i; 4835 4836 switch (item) { 4837 case IEEE80211_BEACON_ERP: 4838 run_updateslot(ic); 4839 break; 4840 case IEEE80211_BEACON_HTINFO: 4841 run_updateprot(ic); 4842 break; 4843 case IEEE80211_BEACON_TIM: 4844 mcast = 1; /*TODO*/ 4845 break; 4846 default: 4847 break; 4848 } 4849 4850 setbit(bo->bo_flags, item); 4851 if (rvp->beacon_mbuf == NULL) { 4852 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4853 if (rvp->beacon_mbuf == NULL) 4854 return; 4855 } 4856 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4857 4858 i = RUN_CMDQ_GET(&sc->cmdq_store); 4859 DPRINTF("cmdq_store=%d\n", i); 4860 sc->cmdq[i].func = run_update_beacon_cb; 4861 sc->cmdq[i].arg0 = vap; 4862 ieee80211_runtask(ic, &sc->cmdq_task); 4863 4864 return; 4865 } 4866 4867 static void 4868 run_update_beacon_cb(void *arg) 4869 { 4870 struct ieee80211vap *vap = arg; 4871 struct ieee80211_node *ni = vap->iv_bss; 4872 struct run_vap *rvp = RUN_VAP(vap); 4873 struct ieee80211com *ic = vap->iv_ic; 4874 struct run_softc *sc = ic->ic_softc; 4875 struct rt2860_txwi txwi; 4876 struct mbuf *m; 4877 uint16_t txwisize; 4878 uint8_t ridx; 4879 4880 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4881 return; 4882 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4883 return; 4884 4885 /* 4886 * No need to call ieee80211_beacon_update(), run_update_beacon() 4887 * is taking care of apropriate calls. 4888 */ 4889 if (rvp->beacon_mbuf == NULL) { 4890 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4891 if (rvp->beacon_mbuf == NULL) 4892 return; 4893 } 4894 m = rvp->beacon_mbuf; 4895 4896 memset(&txwi, 0, sizeof(txwi)); 4897 txwi.wcid = 0xff; 4898 txwi.len = htole16(m->m_pkthdr.len); 4899 4900 /* send beacons at the lowest available rate */ 4901 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4902 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4903 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4904 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4905 txwi.phy |= htole16(RT2860_PHY_OFDM); 4906 txwi.txop = RT2860_TX_TXOP_HT; 4907 txwi.flags = RT2860_TX_TS; 4908 txwi.xflags = RT2860_TX_NSEQ; 4909 4910 txwisize = (sc->mac_ver == 0x5592) ? 4911 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4912 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4913 txwisize); 4914 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4915 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4916 } 4917 4918 static void 4919 run_updateprot(struct ieee80211com *ic) 4920 { 4921 struct run_softc *sc = ic->ic_softc; 4922 uint32_t i; 4923 4924 i = RUN_CMDQ_GET(&sc->cmdq_store); 4925 DPRINTF("cmdq_store=%d\n", i); 4926 sc->cmdq[i].func = run_updateprot_cb; 4927 sc->cmdq[i].arg0 = ic; 4928 ieee80211_runtask(ic, &sc->cmdq_task); 4929 } 4930 4931 static void 4932 run_updateprot_cb(void *arg) 4933 { 4934 struct ieee80211com *ic = arg; 4935 struct run_softc *sc = ic->ic_softc; 4936 uint32_t tmp; 4937 4938 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4939 /* setup protection frame rate (MCS code) */ 4940 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4941 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4942 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4943 4944 /* CCK frames don't require protection */ 4945 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4946 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4947 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4948 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4949 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4950 tmp |= RT2860_PROT_CTRL_CTS; 4951 } 4952 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4953 } 4954 4955 static void 4956 run_usb_timeout_cb(void *arg) 4957 { 4958 struct ieee80211vap *vap = arg; 4959 struct run_softc *sc = vap->iv_ic->ic_softc; 4960 4961 RUN_LOCK_ASSERT(sc, MA_OWNED); 4962 4963 if(vap->iv_state == IEEE80211_S_RUN && 4964 vap->iv_opmode != IEEE80211_M_STA) 4965 run_reset_livelock(sc); 4966 else if (vap->iv_state == IEEE80211_S_SCAN) { 4967 DPRINTF("timeout caused by scan\n"); 4968 /* cancel bgscan */ 4969 ieee80211_cancel_scan(vap); 4970 } else 4971 DPRINTF("timeout by unknown cause\n"); 4972 } 4973 4974 static void 4975 run_reset_livelock(struct run_softc *sc) 4976 { 4977 uint32_t tmp; 4978 4979 RUN_LOCK_ASSERT(sc, MA_OWNED); 4980 4981 /* 4982 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4983 * can run into a livelock and start sending CTS-to-self frames like 4984 * crazy if protection is enabled. Reset MAC/BBP for a while 4985 */ 4986 run_read(sc, RT2860_DEBUG, &tmp); 4987 DPRINTFN(3, "debug reg %08x\n", tmp); 4988 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4989 DPRINTF("CTS-to-self livelock detected\n"); 4990 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4991 run_delay(sc, 1); 4992 run_write(sc, RT2860_MAC_SYS_CTRL, 4993 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4994 } 4995 } 4996 4997 static void 4998 run_update_promisc_locked(struct run_softc *sc) 4999 { 5000 uint32_t tmp; 5001 5002 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5003 5004 tmp |= RT2860_DROP_UC_NOME; 5005 if (sc->sc_ic.ic_promisc > 0) 5006 tmp &= ~RT2860_DROP_UC_NOME; 5007 5008 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5009 5010 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5011 "entering" : "leaving"); 5012 } 5013 5014 static void 5015 run_update_promisc(struct ieee80211com *ic) 5016 { 5017 struct run_softc *sc = ic->ic_softc; 5018 5019 if ((sc->sc_flags & RUN_RUNNING) == 0) 5020 return; 5021 5022 RUN_LOCK(sc); 5023 run_update_promisc_locked(sc); 5024 RUN_UNLOCK(sc); 5025 } 5026 5027 static void 5028 run_enable_tsf_sync(struct run_softc *sc) 5029 { 5030 struct ieee80211com *ic = &sc->sc_ic; 5031 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5032 uint32_t tmp; 5033 5034 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5035 ic->ic_opmode); 5036 5037 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5038 tmp &= ~0x1fffff; 5039 tmp |= vap->iv_bss->ni_intval * 16; 5040 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5041 5042 if (ic->ic_opmode == IEEE80211_M_STA) { 5043 /* 5044 * Local TSF is always updated with remote TSF on beacon 5045 * reception. 5046 */ 5047 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5048 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5049 tmp |= RT2860_BCN_TX_EN; 5050 /* 5051 * Local TSF is updated with remote TSF on beacon reception 5052 * only if the remote TSF is greater than local TSF. 5053 */ 5054 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5055 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5056 ic->ic_opmode == IEEE80211_M_MBSS) { 5057 tmp |= RT2860_BCN_TX_EN; 5058 /* SYNC with nobody */ 5059 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5060 } else { 5061 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5062 return; 5063 } 5064 5065 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5066 } 5067 5068 static void 5069 run_enable_tsf(struct run_softc *sc) 5070 { 5071 uint32_t tmp; 5072 5073 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5074 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5075 tmp |= RT2860_TSF_TIMER_EN; 5076 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5077 } 5078 } 5079 5080 static void 5081 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5082 { 5083 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5084 sizeof(*buf)); 5085 } 5086 5087 static void 5088 run_enable_mrr(struct run_softc *sc) 5089 { 5090 #define CCK(mcs) (mcs) 5091 #define OFDM(mcs) (1 << 3 | (mcs)) 5092 run_write(sc, RT2860_LG_FBK_CFG0, 5093 OFDM(6) << 28 | /* 54->48 */ 5094 OFDM(5) << 24 | /* 48->36 */ 5095 OFDM(4) << 20 | /* 36->24 */ 5096 OFDM(3) << 16 | /* 24->18 */ 5097 OFDM(2) << 12 | /* 18->12 */ 5098 OFDM(1) << 8 | /* 12-> 9 */ 5099 OFDM(0) << 4 | /* 9-> 6 */ 5100 OFDM(0)); /* 6-> 6 */ 5101 5102 run_write(sc, RT2860_LG_FBK_CFG1, 5103 CCK(2) << 12 | /* 11->5.5 */ 5104 CCK(1) << 8 | /* 5.5-> 2 */ 5105 CCK(0) << 4 | /* 2-> 1 */ 5106 CCK(0)); /* 1-> 1 */ 5107 #undef OFDM 5108 #undef CCK 5109 } 5110 5111 static void 5112 run_set_txpreamble(struct run_softc *sc) 5113 { 5114 struct ieee80211com *ic = &sc->sc_ic; 5115 uint32_t tmp; 5116 5117 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5118 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5119 tmp |= RT2860_CCK_SHORT_EN; 5120 else 5121 tmp &= ~RT2860_CCK_SHORT_EN; 5122 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5123 } 5124 5125 static void 5126 run_set_basicrates(struct run_softc *sc) 5127 { 5128 struct ieee80211com *ic = &sc->sc_ic; 5129 5130 /* set basic rates mask */ 5131 if (ic->ic_curmode == IEEE80211_MODE_11B) 5132 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5133 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5134 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5135 else /* 11g */ 5136 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5137 } 5138 5139 static void 5140 run_set_leds(struct run_softc *sc, uint16_t which) 5141 { 5142 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5143 which | (sc->leds & 0x7f)); 5144 } 5145 5146 static void 5147 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5148 { 5149 run_write(sc, RT2860_MAC_BSSID_DW0, 5150 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5151 run_write(sc, RT2860_MAC_BSSID_DW1, 5152 bssid[4] | bssid[5] << 8); 5153 } 5154 5155 static void 5156 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5157 { 5158 run_write(sc, RT2860_MAC_ADDR_DW0, 5159 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5160 run_write(sc, RT2860_MAC_ADDR_DW1, 5161 addr[4] | addr[5] << 8 | 0xff << 16); 5162 } 5163 5164 static void 5165 run_updateslot(struct ieee80211com *ic) 5166 { 5167 struct run_softc *sc = ic->ic_softc; 5168 uint32_t i; 5169 5170 i = RUN_CMDQ_GET(&sc->cmdq_store); 5171 DPRINTF("cmdq_store=%d\n", i); 5172 sc->cmdq[i].func = run_updateslot_cb; 5173 sc->cmdq[i].arg0 = ic; 5174 ieee80211_runtask(ic, &sc->cmdq_task); 5175 5176 return; 5177 } 5178 5179 /* ARGSUSED */ 5180 static void 5181 run_updateslot_cb(void *arg) 5182 { 5183 struct ieee80211com *ic = arg; 5184 struct run_softc *sc = ic->ic_softc; 5185 uint32_t tmp; 5186 5187 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5188 tmp &= ~0xff; 5189 tmp |= IEEE80211_GET_SLOTTIME(ic); 5190 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5191 } 5192 5193 static void 5194 run_update_mcast(struct ieee80211com *ic) 5195 { 5196 } 5197 5198 static int8_t 5199 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5200 { 5201 struct ieee80211com *ic = &sc->sc_ic; 5202 struct ieee80211_channel *c = ic->ic_curchan; 5203 int delta; 5204 5205 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5206 u_int chan = ieee80211_chan2ieee(ic, c); 5207 delta = sc->rssi_5ghz[rxchain]; 5208 5209 /* determine channel group */ 5210 if (chan <= 64) 5211 delta -= sc->lna[1]; 5212 else if (chan <= 128) 5213 delta -= sc->lna[2]; 5214 else 5215 delta -= sc->lna[3]; 5216 } else 5217 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5218 5219 return (-12 - delta - rssi); 5220 } 5221 5222 static void 5223 run_rt5390_bbp_init(struct run_softc *sc) 5224 { 5225 int i; 5226 uint8_t bbp; 5227 5228 /* Apply maximum likelihood detection for 2 stream case. */ 5229 run_bbp_read(sc, 105, &bbp); 5230 if (sc->nrxchains > 1) 5231 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5232 5233 /* Avoid data lost and CRC error. */ 5234 run_bbp_read(sc, 4, &bbp); 5235 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5236 5237 if (sc->mac_ver == 0x5592) { 5238 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5239 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5240 rt5592_def_bbp[i].val); 5241 } 5242 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5243 run_bbp_write(sc, 195, i + 0x80); 5244 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5245 } 5246 } else { 5247 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5248 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5249 rt5390_def_bbp[i].val); 5250 } 5251 } 5252 if (sc->mac_ver == 0x5392) { 5253 run_bbp_write(sc, 88, 0x90); 5254 run_bbp_write(sc, 95, 0x9a); 5255 run_bbp_write(sc, 98, 0x12); 5256 run_bbp_write(sc, 106, 0x12); 5257 run_bbp_write(sc, 134, 0xd0); 5258 run_bbp_write(sc, 135, 0xf6); 5259 run_bbp_write(sc, 148, 0x84); 5260 } 5261 5262 run_bbp_read(sc, 152, &bbp); 5263 run_bbp_write(sc, 152, bbp | 0x80); 5264 5265 /* Fix BBP254 for RT5592C. */ 5266 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5267 run_bbp_read(sc, 254, &bbp); 5268 run_bbp_write(sc, 254, bbp | 0x80); 5269 } 5270 5271 /* Disable hardware antenna diversity. */ 5272 if (sc->mac_ver == 0x5390) 5273 run_bbp_write(sc, 154, 0); 5274 5275 /* Initialize Rx CCK/OFDM frequency offset report. */ 5276 run_bbp_write(sc, 142, 1); 5277 run_bbp_write(sc, 143, 57); 5278 } 5279 5280 static int 5281 run_bbp_init(struct run_softc *sc) 5282 { 5283 int i, error, ntries; 5284 uint8_t bbp0; 5285 5286 /* wait for BBP to wake up */ 5287 for (ntries = 0; ntries < 20; ntries++) { 5288 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5289 return error; 5290 if (bbp0 != 0 && bbp0 != 0xff) 5291 break; 5292 } 5293 if (ntries == 20) 5294 return (ETIMEDOUT); 5295 5296 /* initialize BBP registers to default values */ 5297 if (sc->mac_ver >= 0x5390) 5298 run_rt5390_bbp_init(sc); 5299 else { 5300 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5301 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5302 rt2860_def_bbp[i].val); 5303 } 5304 } 5305 5306 if (sc->mac_ver == 0x3593) { 5307 run_bbp_write(sc, 79, 0x13); 5308 run_bbp_write(sc, 80, 0x05); 5309 run_bbp_write(sc, 81, 0x33); 5310 run_bbp_write(sc, 86, 0x46); 5311 run_bbp_write(sc, 137, 0x0f); 5312 } 5313 5314 /* fix BBP84 for RT2860E */ 5315 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5316 run_bbp_write(sc, 84, 0x19); 5317 5318 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5319 sc->mac_ver != 0x5592)) { 5320 run_bbp_write(sc, 79, 0x13); 5321 run_bbp_write(sc, 80, 0x05); 5322 run_bbp_write(sc, 81, 0x33); 5323 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5324 run_bbp_write(sc, 69, 0x16); 5325 run_bbp_write(sc, 73, 0x12); 5326 } 5327 return (0); 5328 } 5329 5330 static int 5331 run_rt3070_rf_init(struct run_softc *sc) 5332 { 5333 uint32_t tmp; 5334 uint8_t bbp4, mingain, rf, target; 5335 int i; 5336 5337 run_rt3070_rf_read(sc, 30, &rf); 5338 /* toggle RF R30 bit 7 */ 5339 run_rt3070_rf_write(sc, 30, rf | 0x80); 5340 run_delay(sc, 10); 5341 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5342 5343 /* initialize RF registers to default value */ 5344 if (sc->mac_ver == 0x3572) { 5345 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5346 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5347 rt3572_def_rf[i].val); 5348 } 5349 } else { 5350 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5351 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5352 rt3070_def_rf[i].val); 5353 } 5354 } 5355 5356 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5357 /* 5358 * Change voltage from 1.2V to 1.35V for RT3070. 5359 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5360 * in RT3070(F). 5361 */ 5362 run_read(sc, RT3070_LDO_CFG0, &tmp); 5363 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5364 run_write(sc, RT3070_LDO_CFG0, tmp); 5365 5366 } else if (sc->mac_ver == 0x3071) { 5367 run_rt3070_rf_read(sc, 6, &rf); 5368 run_rt3070_rf_write(sc, 6, rf | 0x40); 5369 run_rt3070_rf_write(sc, 31, 0x14); 5370 5371 run_read(sc, RT3070_LDO_CFG0, &tmp); 5372 tmp &= ~0x1f000000; 5373 if (sc->mac_rev < 0x0211) 5374 tmp |= 0x0d000000; /* 1.3V */ 5375 else 5376 tmp |= 0x01000000; /* 1.2V */ 5377 run_write(sc, RT3070_LDO_CFG0, tmp); 5378 5379 /* patch LNA_PE_G1 */ 5380 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5381 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5382 5383 } else if (sc->mac_ver == 0x3572) { 5384 run_rt3070_rf_read(sc, 6, &rf); 5385 run_rt3070_rf_write(sc, 6, rf | 0x40); 5386 5387 /* increase voltage from 1.2V to 1.35V */ 5388 run_read(sc, RT3070_LDO_CFG0, &tmp); 5389 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5390 run_write(sc, RT3070_LDO_CFG0, tmp); 5391 5392 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5393 run_delay(sc, 1); /* wait for 1msec */ 5394 /* decrease voltage back to 1.2V */ 5395 tmp = (tmp & ~0x1f000000) | 0x01000000; 5396 run_write(sc, RT3070_LDO_CFG0, tmp); 5397 } 5398 } 5399 5400 /* select 20MHz bandwidth */ 5401 run_rt3070_rf_read(sc, 31, &rf); 5402 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5403 5404 /* calibrate filter for 20MHz bandwidth */ 5405 sc->rf24_20mhz = 0x1f; /* default value */ 5406 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5407 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5408 5409 /* select 40MHz bandwidth */ 5410 run_bbp_read(sc, 4, &bbp4); 5411 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5412 run_rt3070_rf_read(sc, 31, &rf); 5413 run_rt3070_rf_write(sc, 31, rf | 0x20); 5414 5415 /* calibrate filter for 40MHz bandwidth */ 5416 sc->rf24_40mhz = 0x2f; /* default value */ 5417 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5418 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5419 5420 /* go back to 20MHz bandwidth */ 5421 run_bbp_read(sc, 4, &bbp4); 5422 run_bbp_write(sc, 4, bbp4 & ~0x18); 5423 5424 if (sc->mac_ver == 0x3572) { 5425 /* save default BBP registers 25 and 26 values */ 5426 run_bbp_read(sc, 25, &sc->bbp25); 5427 run_bbp_read(sc, 26, &sc->bbp26); 5428 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5429 run_rt3070_rf_write(sc, 27, 0x03); 5430 5431 run_read(sc, RT3070_OPT_14, &tmp); 5432 run_write(sc, RT3070_OPT_14, tmp | 1); 5433 5434 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5435 run_rt3070_rf_read(sc, 17, &rf); 5436 rf &= ~RT3070_TX_LO1; 5437 if ((sc->mac_ver == 0x3070 || 5438 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5439 !sc->ext_2ghz_lna) 5440 rf |= 0x20; /* fix for long range Rx issue */ 5441 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5442 if (sc->txmixgain_2ghz >= mingain) 5443 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5444 run_rt3070_rf_write(sc, 17, rf); 5445 } 5446 5447 if (sc->mac_ver == 0x3071) { 5448 run_rt3070_rf_read(sc, 1, &rf); 5449 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5450 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5451 run_rt3070_rf_write(sc, 1, rf); 5452 5453 run_rt3070_rf_read(sc, 15, &rf); 5454 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5455 5456 run_rt3070_rf_read(sc, 20, &rf); 5457 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5458 5459 run_rt3070_rf_read(sc, 21, &rf); 5460 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5461 } 5462 5463 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5464 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5465 run_rt3070_rf_read(sc, 27, &rf); 5466 rf &= ~0x77; 5467 if (sc->mac_rev < 0x0211) 5468 rf |= 0x03; 5469 run_rt3070_rf_write(sc, 27, rf); 5470 } 5471 return (0); 5472 } 5473 5474 static void 5475 run_rt3593_rf_init(struct run_softc *sc) 5476 { 5477 uint32_t tmp; 5478 uint8_t rf; 5479 int i; 5480 5481 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5482 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5483 tmp &= ~(1 << 4 | 1 << 7); 5484 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5485 5486 /* Initialize RF registers to default value. */ 5487 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5488 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5489 rt3593_def_rf[i].val); 5490 } 5491 5492 /* Toggle RF R2 to initiate calibration. */ 5493 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5494 5495 /* Initialize RF frequency offset. */ 5496 run_adjust_freq_offset(sc); 5497 5498 run_rt3070_rf_read(sc, 18, &rf); 5499 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5500 5501 /* 5502 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5503 * decrease voltage back to 1.2V. 5504 */ 5505 run_read(sc, RT3070_LDO_CFG0, &tmp); 5506 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5507 run_write(sc, RT3070_LDO_CFG0, tmp); 5508 run_delay(sc, 1); 5509 tmp = (tmp & ~0x1f000000) | 0x01000000; 5510 run_write(sc, RT3070_LDO_CFG0, tmp); 5511 5512 sc->rf24_20mhz = 0x1f; 5513 sc->rf24_40mhz = 0x2f; 5514 5515 /* Save default BBP registers 25 and 26 values. */ 5516 run_bbp_read(sc, 25, &sc->bbp25); 5517 run_bbp_read(sc, 26, &sc->bbp26); 5518 5519 run_read(sc, RT3070_OPT_14, &tmp); 5520 run_write(sc, RT3070_OPT_14, tmp | 1); 5521 } 5522 5523 static void 5524 run_rt5390_rf_init(struct run_softc *sc) 5525 { 5526 uint32_t tmp; 5527 uint8_t rf; 5528 int i; 5529 5530 /* Toggle RF R2 to initiate calibration. */ 5531 if (sc->mac_ver == 0x5390) { 5532 run_rt3070_rf_read(sc, 2, &rf); 5533 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5534 run_delay(sc, 10); 5535 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5536 } else { 5537 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5538 run_delay(sc, 10); 5539 } 5540 5541 /* Initialize RF registers to default value. */ 5542 if (sc->mac_ver == 0x5592) { 5543 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5544 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5545 rt5592_def_rf[i].val); 5546 } 5547 /* Initialize RF frequency offset. */ 5548 run_adjust_freq_offset(sc); 5549 } else if (sc->mac_ver == 0x5392) { 5550 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5551 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5552 rt5392_def_rf[i].val); 5553 } 5554 if (sc->mac_rev >= 0x0223) { 5555 run_rt3070_rf_write(sc, 23, 0x0f); 5556 run_rt3070_rf_write(sc, 24, 0x3e); 5557 run_rt3070_rf_write(sc, 51, 0x32); 5558 run_rt3070_rf_write(sc, 53, 0x22); 5559 run_rt3070_rf_write(sc, 56, 0xc1); 5560 run_rt3070_rf_write(sc, 59, 0x0f); 5561 } 5562 } else { 5563 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5564 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5565 rt5390_def_rf[i].val); 5566 } 5567 if (sc->mac_rev >= 0x0502) { 5568 run_rt3070_rf_write(sc, 6, 0xe0); 5569 run_rt3070_rf_write(sc, 25, 0x80); 5570 run_rt3070_rf_write(sc, 46, 0x73); 5571 run_rt3070_rf_write(sc, 53, 0x00); 5572 run_rt3070_rf_write(sc, 56, 0x42); 5573 run_rt3070_rf_write(sc, 61, 0xd1); 5574 } 5575 } 5576 5577 sc->rf24_20mhz = 0x1f; /* default value */ 5578 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5579 5580 if (sc->mac_rev < 0x0211) 5581 run_rt3070_rf_write(sc, 27, 0x3); 5582 5583 run_read(sc, RT3070_OPT_14, &tmp); 5584 run_write(sc, RT3070_OPT_14, tmp | 1); 5585 } 5586 5587 static int 5588 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5589 uint8_t *val) 5590 { 5591 uint8_t rf22, rf24; 5592 uint8_t bbp55_pb, bbp55_sb, delta; 5593 int ntries; 5594 5595 /* program filter */ 5596 run_rt3070_rf_read(sc, 24, &rf24); 5597 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5598 run_rt3070_rf_write(sc, 24, rf24); 5599 5600 /* enable baseband loopback mode */ 5601 run_rt3070_rf_read(sc, 22, &rf22); 5602 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5603 5604 /* set power and frequency of passband test tone */ 5605 run_bbp_write(sc, 24, 0x00); 5606 for (ntries = 0; ntries < 100; ntries++) { 5607 /* transmit test tone */ 5608 run_bbp_write(sc, 25, 0x90); 5609 run_delay(sc, 10); 5610 /* read received power */ 5611 run_bbp_read(sc, 55, &bbp55_pb); 5612 if (bbp55_pb != 0) 5613 break; 5614 } 5615 if (ntries == 100) 5616 return (ETIMEDOUT); 5617 5618 /* set power and frequency of stopband test tone */ 5619 run_bbp_write(sc, 24, 0x06); 5620 for (ntries = 0; ntries < 100; ntries++) { 5621 /* transmit test tone */ 5622 run_bbp_write(sc, 25, 0x90); 5623 run_delay(sc, 10); 5624 /* read received power */ 5625 run_bbp_read(sc, 55, &bbp55_sb); 5626 5627 delta = bbp55_pb - bbp55_sb; 5628 if (delta > target) 5629 break; 5630 5631 /* reprogram filter */ 5632 rf24++; 5633 run_rt3070_rf_write(sc, 24, rf24); 5634 } 5635 if (ntries < 100) { 5636 if (rf24 != init) 5637 rf24--; /* backtrack */ 5638 *val = rf24; 5639 run_rt3070_rf_write(sc, 24, rf24); 5640 } 5641 5642 /* restore initial state */ 5643 run_bbp_write(sc, 24, 0x00); 5644 5645 /* disable baseband loopback mode */ 5646 run_rt3070_rf_read(sc, 22, &rf22); 5647 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5648 5649 return (0); 5650 } 5651 5652 static void 5653 run_rt3070_rf_setup(struct run_softc *sc) 5654 { 5655 uint8_t bbp, rf; 5656 int i; 5657 5658 if (sc->mac_ver == 0x3572) { 5659 /* enable DC filter */ 5660 if (sc->mac_rev >= 0x0201) 5661 run_bbp_write(sc, 103, 0xc0); 5662 5663 run_bbp_read(sc, 138, &bbp); 5664 if (sc->ntxchains == 1) 5665 bbp |= 0x20; /* turn off DAC1 */ 5666 if (sc->nrxchains == 1) 5667 bbp &= ~0x02; /* turn off ADC1 */ 5668 run_bbp_write(sc, 138, bbp); 5669 5670 if (sc->mac_rev >= 0x0211) { 5671 /* improve power consumption */ 5672 run_bbp_read(sc, 31, &bbp); 5673 run_bbp_write(sc, 31, bbp & ~0x03); 5674 } 5675 5676 run_rt3070_rf_read(sc, 16, &rf); 5677 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5678 run_rt3070_rf_write(sc, 16, rf); 5679 5680 } else if (sc->mac_ver == 0x3071) { 5681 if (sc->mac_rev >= 0x0211) { 5682 /* enable DC filter */ 5683 run_bbp_write(sc, 103, 0xc0); 5684 5685 /* improve power consumption */ 5686 run_bbp_read(sc, 31, &bbp); 5687 run_bbp_write(sc, 31, bbp & ~0x03); 5688 } 5689 5690 run_bbp_read(sc, 138, &bbp); 5691 if (sc->ntxchains == 1) 5692 bbp |= 0x20; /* turn off DAC1 */ 5693 if (sc->nrxchains == 1) 5694 bbp &= ~0x02; /* turn off ADC1 */ 5695 run_bbp_write(sc, 138, bbp); 5696 5697 run_write(sc, RT2860_TX_SW_CFG1, 0); 5698 if (sc->mac_rev < 0x0211) { 5699 run_write(sc, RT2860_TX_SW_CFG2, 5700 sc->patch_dac ? 0x2c : 0x0f); 5701 } else 5702 run_write(sc, RT2860_TX_SW_CFG2, 0); 5703 5704 } else if (sc->mac_ver == 0x3070) { 5705 if (sc->mac_rev >= 0x0201) { 5706 /* enable DC filter */ 5707 run_bbp_write(sc, 103, 0xc0); 5708 5709 /* improve power consumption */ 5710 run_bbp_read(sc, 31, &bbp); 5711 run_bbp_write(sc, 31, bbp & ~0x03); 5712 } 5713 5714 if (sc->mac_rev < 0x0201) { 5715 run_write(sc, RT2860_TX_SW_CFG1, 0); 5716 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5717 } else 5718 run_write(sc, RT2860_TX_SW_CFG2, 0); 5719 } 5720 5721 /* initialize RF registers from ROM for >=RT3071*/ 5722 if (sc->mac_ver >= 0x3071) { 5723 for (i = 0; i < 10; i++) { 5724 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5725 continue; 5726 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5727 } 5728 } 5729 } 5730 5731 static void 5732 run_rt3593_rf_setup(struct run_softc *sc) 5733 { 5734 uint8_t bbp, rf; 5735 5736 if (sc->mac_rev >= 0x0211) { 5737 /* Enable DC filter. */ 5738 run_bbp_write(sc, 103, 0xc0); 5739 } 5740 run_write(sc, RT2860_TX_SW_CFG1, 0); 5741 if (sc->mac_rev < 0x0211) { 5742 run_write(sc, RT2860_TX_SW_CFG2, 5743 sc->patch_dac ? 0x2c : 0x0f); 5744 } else 5745 run_write(sc, RT2860_TX_SW_CFG2, 0); 5746 5747 run_rt3070_rf_read(sc, 50, &rf); 5748 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5749 5750 run_rt3070_rf_read(sc, 51, &rf); 5751 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5752 ((sc->txmixgain_2ghz & 0x07) << 2); 5753 run_rt3070_rf_write(sc, 51, rf); 5754 5755 run_rt3070_rf_read(sc, 38, &rf); 5756 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5757 5758 run_rt3070_rf_read(sc, 39, &rf); 5759 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5760 5761 run_rt3070_rf_read(sc, 1, &rf); 5762 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5763 5764 run_rt3070_rf_read(sc, 30, &rf); 5765 rf = (rf & ~0x18) | 0x10; 5766 run_rt3070_rf_write(sc, 30, rf); 5767 5768 /* Apply maximum likelihood detection for 2 stream case. */ 5769 run_bbp_read(sc, 105, &bbp); 5770 if (sc->nrxchains > 1) 5771 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5772 5773 /* Avoid data lost and CRC error. */ 5774 run_bbp_read(sc, 4, &bbp); 5775 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5776 5777 run_bbp_write(sc, 92, 0x02); 5778 run_bbp_write(sc, 82, 0x82); 5779 run_bbp_write(sc, 106, 0x05); 5780 run_bbp_write(sc, 104, 0x92); 5781 run_bbp_write(sc, 88, 0x90); 5782 run_bbp_write(sc, 148, 0xc8); 5783 run_bbp_write(sc, 47, 0x48); 5784 run_bbp_write(sc, 120, 0x50); 5785 5786 run_bbp_write(sc, 163, 0x9d); 5787 5788 /* SNR mapping. */ 5789 run_bbp_write(sc, 142, 0x06); 5790 run_bbp_write(sc, 143, 0xa0); 5791 run_bbp_write(sc, 142, 0x07); 5792 run_bbp_write(sc, 143, 0xa1); 5793 run_bbp_write(sc, 142, 0x08); 5794 run_bbp_write(sc, 143, 0xa2); 5795 5796 run_bbp_write(sc, 31, 0x08); 5797 run_bbp_write(sc, 68, 0x0b); 5798 run_bbp_write(sc, 105, 0x04); 5799 } 5800 5801 static void 5802 run_rt5390_rf_setup(struct run_softc *sc) 5803 { 5804 uint8_t bbp, rf; 5805 5806 if (sc->mac_rev >= 0x0211) { 5807 /* Enable DC filter. */ 5808 run_bbp_write(sc, 103, 0xc0); 5809 5810 if (sc->mac_ver != 0x5592) { 5811 /* Improve power consumption. */ 5812 run_bbp_read(sc, 31, &bbp); 5813 run_bbp_write(sc, 31, bbp & ~0x03); 5814 } 5815 } 5816 5817 run_bbp_read(sc, 138, &bbp); 5818 if (sc->ntxchains == 1) 5819 bbp |= 0x20; /* turn off DAC1 */ 5820 if (sc->nrxchains == 1) 5821 bbp &= ~0x02; /* turn off ADC1 */ 5822 run_bbp_write(sc, 138, bbp); 5823 5824 run_rt3070_rf_read(sc, 38, &rf); 5825 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5826 5827 run_rt3070_rf_read(sc, 39, &rf); 5828 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5829 5830 /* Avoid data lost and CRC error. */ 5831 run_bbp_read(sc, 4, &bbp); 5832 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5833 5834 run_rt3070_rf_read(sc, 30, &rf); 5835 rf = (rf & ~0x18) | 0x10; 5836 run_rt3070_rf_write(sc, 30, rf); 5837 5838 if (sc->mac_ver != 0x5592) { 5839 run_write(sc, RT2860_TX_SW_CFG1, 0); 5840 if (sc->mac_rev < 0x0211) { 5841 run_write(sc, RT2860_TX_SW_CFG2, 5842 sc->patch_dac ? 0x2c : 0x0f); 5843 } else 5844 run_write(sc, RT2860_TX_SW_CFG2, 0); 5845 } 5846 } 5847 5848 static int 5849 run_txrx_enable(struct run_softc *sc) 5850 { 5851 struct ieee80211com *ic = &sc->sc_ic; 5852 uint32_t tmp; 5853 int error, ntries; 5854 5855 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5856 for (ntries = 0; ntries < 200; ntries++) { 5857 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5858 return (error); 5859 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5860 break; 5861 run_delay(sc, 50); 5862 } 5863 if (ntries == 200) 5864 return (ETIMEDOUT); 5865 5866 run_delay(sc, 50); 5867 5868 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5869 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5870 5871 /* enable Rx bulk aggregation (set timeout and limit) */ 5872 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5873 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5874 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5875 5876 /* set Rx filter */ 5877 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5878 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5879 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5880 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5881 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5882 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5883 if (ic->ic_opmode == IEEE80211_M_STA) 5884 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5885 } 5886 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5887 5888 run_write(sc, RT2860_MAC_SYS_CTRL, 5889 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5890 5891 return (0); 5892 } 5893 5894 static void 5895 run_adjust_freq_offset(struct run_softc *sc) 5896 { 5897 uint8_t rf, tmp; 5898 5899 run_rt3070_rf_read(sc, 17, &rf); 5900 tmp = rf; 5901 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5902 rf = MIN(rf, 0x5f); 5903 5904 if (tmp != rf) 5905 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5906 } 5907 5908 static void 5909 run_init_locked(struct run_softc *sc) 5910 { 5911 struct ieee80211com *ic = &sc->sc_ic; 5912 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5913 uint32_t tmp; 5914 uint8_t bbp1, bbp3; 5915 int i; 5916 int ridx; 5917 int ntries; 5918 5919 if (ic->ic_nrunning > 1) 5920 return; 5921 5922 run_stop(sc); 5923 5924 if (run_load_microcode(sc) != 0) { 5925 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5926 goto fail; 5927 } 5928 5929 for (ntries = 0; ntries < 100; ntries++) { 5930 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5931 goto fail; 5932 if (tmp != 0 && tmp != 0xffffffff) 5933 break; 5934 run_delay(sc, 10); 5935 } 5936 if (ntries == 100) 5937 goto fail; 5938 5939 for (i = 0; i != RUN_EP_QUEUES; i++) 5940 run_setup_tx_list(sc, &sc->sc_epq[i]); 5941 5942 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5943 5944 for (ntries = 0; ntries < 100; ntries++) { 5945 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5946 goto fail; 5947 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5948 break; 5949 run_delay(sc, 10); 5950 } 5951 if (ntries == 100) { 5952 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5953 goto fail; 5954 } 5955 tmp &= 0xff0; 5956 tmp |= RT2860_TX_WB_DDONE; 5957 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5958 5959 /* turn off PME_OEN to solve high-current issue */ 5960 run_read(sc, RT2860_SYS_CTRL, &tmp); 5961 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5962 5963 run_write(sc, RT2860_MAC_SYS_CTRL, 5964 RT2860_BBP_HRST | RT2860_MAC_SRST); 5965 run_write(sc, RT2860_USB_DMA_CFG, 0); 5966 5967 if (run_reset(sc) != 0) { 5968 device_printf(sc->sc_dev, "could not reset chipset\n"); 5969 goto fail; 5970 } 5971 5972 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5973 5974 /* init Tx power for all Tx rates (from EEPROM) */ 5975 for (ridx = 0; ridx < 5; ridx++) { 5976 if (sc->txpow20mhz[ridx] == 0xffffffff) 5977 continue; 5978 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5979 } 5980 5981 for (i = 0; i < nitems(rt2870_def_mac); i++) 5982 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5983 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5984 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5985 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5986 5987 if (sc->mac_ver >= 0x5390) { 5988 run_write(sc, RT2860_TX_SW_CFG0, 5989 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5990 if (sc->mac_ver >= 0x5392) { 5991 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5992 if (sc->mac_ver == 0x5592) { 5993 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5994 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5995 } else { 5996 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5997 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5998 } 5999 } 6000 } else if (sc->mac_ver == 0x3593) { 6001 run_write(sc, RT2860_TX_SW_CFG0, 6002 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6003 } else if (sc->mac_ver >= 0x3070) { 6004 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6005 run_write(sc, RT2860_TX_SW_CFG0, 6006 4 << RT2860_DLY_PAPE_EN_SHIFT); 6007 } 6008 6009 /* wait while MAC is busy */ 6010 for (ntries = 0; ntries < 100; ntries++) { 6011 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6012 goto fail; 6013 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6014 break; 6015 run_delay(sc, 10); 6016 } 6017 if (ntries == 100) 6018 goto fail; 6019 6020 /* clear Host to MCU mailbox */ 6021 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6022 run_write(sc, RT2860_H2M_MAILBOX, 0); 6023 run_delay(sc, 10); 6024 6025 if (run_bbp_init(sc) != 0) { 6026 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6027 goto fail; 6028 } 6029 6030 /* abort TSF synchronization */ 6031 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6032 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6033 RT2860_TBTT_TIMER_EN); 6034 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6035 6036 /* clear RX WCID search table */ 6037 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6038 /* clear WCID attribute table */ 6039 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6040 6041 /* hostapd sets a key before init. So, don't clear it. */ 6042 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6043 /* clear shared key table */ 6044 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6045 /* clear shared key mode */ 6046 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6047 } 6048 6049 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6050 tmp = (tmp & ~0xff) | 0x1e; 6051 run_write(sc, RT2860_US_CYC_CNT, tmp); 6052 6053 if (sc->mac_rev != 0x0101) 6054 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6055 6056 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6057 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6058 6059 /* write vendor-specific BBP values (from EEPROM) */ 6060 if (sc->mac_ver < 0x3593) { 6061 for (i = 0; i < 10; i++) { 6062 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6063 continue; 6064 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6065 } 6066 } 6067 6068 /* select Main antenna for 1T1R devices */ 6069 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6070 run_set_rx_antenna(sc, 0); 6071 6072 /* send LEDs operating mode to microcontroller */ 6073 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6074 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6075 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6076 6077 if (sc->mac_ver >= 0x5390) 6078 run_rt5390_rf_init(sc); 6079 else if (sc->mac_ver == 0x3593) 6080 run_rt3593_rf_init(sc); 6081 else if (sc->mac_ver >= 0x3070) 6082 run_rt3070_rf_init(sc); 6083 6084 /* disable non-existing Rx chains */ 6085 run_bbp_read(sc, 3, &bbp3); 6086 bbp3 &= ~(1 << 3 | 1 << 4); 6087 if (sc->nrxchains == 2) 6088 bbp3 |= 1 << 3; 6089 else if (sc->nrxchains == 3) 6090 bbp3 |= 1 << 4; 6091 run_bbp_write(sc, 3, bbp3); 6092 6093 /* disable non-existing Tx chains */ 6094 run_bbp_read(sc, 1, &bbp1); 6095 if (sc->ntxchains == 1) 6096 bbp1 &= ~(1 << 3 | 1 << 4); 6097 run_bbp_write(sc, 1, bbp1); 6098 6099 if (sc->mac_ver >= 0x5390) 6100 run_rt5390_rf_setup(sc); 6101 else if (sc->mac_ver == 0x3593) 6102 run_rt3593_rf_setup(sc); 6103 else if (sc->mac_ver >= 0x3070) 6104 run_rt3070_rf_setup(sc); 6105 6106 /* select default channel */ 6107 run_set_chan(sc, ic->ic_curchan); 6108 6109 /* setup initial protection mode */ 6110 run_updateprot_cb(ic); 6111 6112 /* turn radio LED on */ 6113 run_set_leds(sc, RT2860_LED_RADIO); 6114 6115 sc->sc_flags |= RUN_RUNNING; 6116 sc->cmdq_run = RUN_CMDQ_GO; 6117 6118 for (i = 0; i != RUN_N_XFER; i++) 6119 usbd_xfer_set_stall(sc->sc_xfer[i]); 6120 6121 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6122 6123 if (run_txrx_enable(sc) != 0) 6124 goto fail; 6125 6126 return; 6127 6128 fail: 6129 run_stop(sc); 6130 } 6131 6132 static void 6133 run_stop(void *arg) 6134 { 6135 struct run_softc *sc = (struct run_softc *)arg; 6136 uint32_t tmp; 6137 int i; 6138 int ntries; 6139 6140 RUN_LOCK_ASSERT(sc, MA_OWNED); 6141 6142 if (sc->sc_flags & RUN_RUNNING) 6143 run_set_leds(sc, 0); /* turn all LEDs off */ 6144 6145 sc->sc_flags &= ~RUN_RUNNING; 6146 6147 sc->ratectl_run = RUN_RATECTL_OFF; 6148 sc->cmdq_run = sc->cmdq_key_set; 6149 6150 RUN_UNLOCK(sc); 6151 6152 for(i = 0; i < RUN_N_XFER; i++) 6153 usbd_transfer_drain(sc->sc_xfer[i]); 6154 6155 RUN_LOCK(sc); 6156 6157 run_drain_mbufq(sc); 6158 6159 if (sc->rx_m != NULL) { 6160 m_free(sc->rx_m); 6161 sc->rx_m = NULL; 6162 } 6163 6164 /* Disable Tx/Rx DMA. */ 6165 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6166 return; 6167 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6168 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6169 6170 for (ntries = 0; ntries < 100; ntries++) { 6171 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6172 return; 6173 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6174 break; 6175 run_delay(sc, 10); 6176 } 6177 if (ntries == 100) { 6178 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6179 return; 6180 } 6181 6182 /* disable Tx/Rx */ 6183 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6184 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6185 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6186 6187 /* wait for pending Tx to complete */ 6188 for (ntries = 0; ntries < 100; ntries++) { 6189 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6190 DPRINTF("Cannot read Tx queue count\n"); 6191 break; 6192 } 6193 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6194 DPRINTF("All Tx cleared\n"); 6195 break; 6196 } 6197 run_delay(sc, 10); 6198 } 6199 if (ntries >= 100) 6200 DPRINTF("There are still pending Tx\n"); 6201 run_delay(sc, 10); 6202 run_write(sc, RT2860_USB_DMA_CFG, 0); 6203 6204 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6205 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6206 6207 for (i = 0; i != RUN_EP_QUEUES; i++) 6208 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6209 } 6210 6211 static void 6212 run_delay(struct run_softc *sc, u_int ms) 6213 { 6214 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6215 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6216 } 6217 6218 static device_method_t run_methods[] = { 6219 /* Device interface */ 6220 DEVMETHOD(device_probe, run_match), 6221 DEVMETHOD(device_attach, run_attach), 6222 DEVMETHOD(device_detach, run_detach), 6223 DEVMETHOD_END 6224 }; 6225 6226 static driver_t run_driver = { 6227 .name = "run", 6228 .methods = run_methods, 6229 .size = sizeof(struct run_softc) 6230 }; 6231 6232 static devclass_t run_devclass; 6233 6234 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6235 MODULE_DEPEND(run, wlan, 1, 1, 1); 6236 MODULE_DEPEND(run, usb, 1, 1, 1); 6237 MODULE_DEPEND(run, firmware, 1, 1, 1); 6238 MODULE_VERSION(run, 1); 6239 USB_PNP_HOST_INFO(run_devs); 6240