1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 90 enum { 91 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 92 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 93 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 94 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 95 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 96 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 97 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 98 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 99 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 100 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 101 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 102 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 103 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 104 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 105 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 106 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 107 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 108 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 109 RUN_DEBUG_ANY = 0xffffffff 110 }; 111 112 #define RUN_DPRINTF(_sc, _m, ...) do { \ 113 if (run_debug & (_m)) \ 114 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 115 } while(0) 116 #else 117 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 118 #endif 119 120 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 121 122 /* 123 * Because of LOR in run_key_delete(), use atomic instead. 124 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 125 */ 126 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 127 128 static const STRUCT_USB_HOST_ID run_devs[] = { 129 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 130 #define RUN_DEV_EJECT(v,p) \ 131 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 132 #define RUN_EJECT 1 133 RUN_DEV(ABOCOM, RT2770), 134 RUN_DEV(ABOCOM, RT2870), 135 RUN_DEV(ABOCOM, RT3070), 136 RUN_DEV(ABOCOM, RT3071), 137 RUN_DEV(ABOCOM, RT3072), 138 RUN_DEV(ABOCOM2, RT2870_1), 139 RUN_DEV(ACCTON, RT2770), 140 RUN_DEV(ACCTON, RT2870_1), 141 RUN_DEV(ACCTON, RT2870_2), 142 RUN_DEV(ACCTON, RT2870_3), 143 RUN_DEV(ACCTON, RT2870_4), 144 RUN_DEV(ACCTON, RT2870_5), 145 RUN_DEV(ACCTON, RT3070), 146 RUN_DEV(ACCTON, RT3070_1), 147 RUN_DEV(ACCTON, RT3070_2), 148 RUN_DEV(ACCTON, RT3070_3), 149 RUN_DEV(ACCTON, RT3070_4), 150 RUN_DEV(ACCTON, RT3070_5), 151 RUN_DEV(AIRTIES, RT3070), 152 RUN_DEV(ALLWIN, RT2070), 153 RUN_DEV(ALLWIN, RT2770), 154 RUN_DEV(ALLWIN, RT2870), 155 RUN_DEV(ALLWIN, RT3070), 156 RUN_DEV(ALLWIN, RT3071), 157 RUN_DEV(ALLWIN, RT3072), 158 RUN_DEV(ALLWIN, RT3572), 159 RUN_DEV(AMIGO, RT2870_1), 160 RUN_DEV(AMIGO, RT2870_2), 161 RUN_DEV(AMIT, CGWLUSB2GNR), 162 RUN_DEV(AMIT, RT2870_1), 163 RUN_DEV(AMIT2, RT2870), 164 RUN_DEV(ASUS, RT2870_1), 165 RUN_DEV(ASUS, RT2870_2), 166 RUN_DEV(ASUS, RT2870_3), 167 RUN_DEV(ASUS, RT2870_4), 168 RUN_DEV(ASUS, RT2870_5), 169 RUN_DEV(ASUS, USBN13), 170 RUN_DEV(ASUS, RT3070_1), 171 RUN_DEV(ASUS, USBN66), 172 RUN_DEV(ASUS, USB_N53), 173 RUN_DEV(ASUS2, USBN11), 174 RUN_DEV(AZUREWAVE, RT2870_1), 175 RUN_DEV(AZUREWAVE, RT2870_2), 176 RUN_DEV(AZUREWAVE, RT3070_1), 177 RUN_DEV(AZUREWAVE, RT3070_2), 178 RUN_DEV(AZUREWAVE, RT3070_3), 179 RUN_DEV(BELKIN, F9L1103), 180 RUN_DEV(BELKIN, F5D8053V3), 181 RUN_DEV(BELKIN, F5D8055), 182 RUN_DEV(BELKIN, F5D8055V2), 183 RUN_DEV(BELKIN, F6D4050V1), 184 RUN_DEV(BELKIN, F6D4050V2), 185 RUN_DEV(BELKIN, RT2870_1), 186 RUN_DEV(BELKIN, RT2870_2), 187 RUN_DEV(CISCOLINKSYS, AE1000), 188 RUN_DEV(CISCOLINKSYS2, RT3070), 189 RUN_DEV(CISCOLINKSYS3, RT3070), 190 RUN_DEV(CONCEPTRONIC2, RT2870_1), 191 RUN_DEV(CONCEPTRONIC2, RT2870_2), 192 RUN_DEV(CONCEPTRONIC2, RT2870_3), 193 RUN_DEV(CONCEPTRONIC2, RT2870_4), 194 RUN_DEV(CONCEPTRONIC2, RT2870_5), 195 RUN_DEV(CONCEPTRONIC2, RT2870_6), 196 RUN_DEV(CONCEPTRONIC2, RT2870_7), 197 RUN_DEV(CONCEPTRONIC2, RT2870_8), 198 RUN_DEV(CONCEPTRONIC2, RT3070_1), 199 RUN_DEV(CONCEPTRONIC2, RT3070_2), 200 RUN_DEV(CONCEPTRONIC2, VIGORN61), 201 RUN_DEV(COREGA, CGWLUSB300GNM), 202 RUN_DEV(COREGA, RT2870_1), 203 RUN_DEV(COREGA, RT2870_2), 204 RUN_DEV(COREGA, RT2870_3), 205 RUN_DEV(COREGA, RT3070), 206 RUN_DEV(CYBERTAN, RT2870), 207 RUN_DEV(DLINK, RT2870), 208 RUN_DEV(DLINK, RT3072), 209 RUN_DEV(DLINK, DWA127), 210 RUN_DEV(DLINK, DWA140B3), 211 RUN_DEV(DLINK, DWA160B2), 212 RUN_DEV(DLINK, DWA140D1), 213 RUN_DEV(DLINK, DWA162), 214 RUN_DEV(DLINK2, DWA130), 215 RUN_DEV(DLINK2, RT2870_1), 216 RUN_DEV(DLINK2, RT2870_2), 217 RUN_DEV(DLINK2, RT3070_1), 218 RUN_DEV(DLINK2, RT3070_2), 219 RUN_DEV(DLINK2, RT3070_3), 220 RUN_DEV(DLINK2, RT3070_4), 221 RUN_DEV(DLINK2, RT3070_5), 222 RUN_DEV(DLINK2, RT3072), 223 RUN_DEV(DLINK2, RT3072_1), 224 RUN_DEV(EDIMAX, EW7717), 225 RUN_DEV(EDIMAX, EW7718), 226 RUN_DEV(EDIMAX, EW7733UND), 227 RUN_DEV(EDIMAX, RT2870_1), 228 RUN_DEV(ENCORE, RT3070_1), 229 RUN_DEV(ENCORE, RT3070_2), 230 RUN_DEV(ENCORE, RT3070_3), 231 RUN_DEV(GIGABYTE, GNWB31N), 232 RUN_DEV(GIGABYTE, GNWB32L), 233 RUN_DEV(GIGABYTE, RT2870_1), 234 RUN_DEV(GIGASET, RT3070_1), 235 RUN_DEV(GIGASET, RT3070_2), 236 RUN_DEV(GUILLEMOT, HWNU300), 237 RUN_DEV(HAWKING, HWUN2), 238 RUN_DEV(HAWKING, RT2870_1), 239 RUN_DEV(HAWKING, RT2870_2), 240 RUN_DEV(HAWKING, RT3070), 241 RUN_DEV(IODATA, RT3072_1), 242 RUN_DEV(IODATA, RT3072_2), 243 RUN_DEV(IODATA, RT3072_3), 244 RUN_DEV(IODATA, RT3072_4), 245 RUN_DEV(LINKSYS4, RT3070), 246 RUN_DEV(LINKSYS4, WUSB100), 247 RUN_DEV(LINKSYS4, WUSB54GCV3), 248 RUN_DEV(LINKSYS4, WUSB600N), 249 RUN_DEV(LINKSYS4, WUSB600NV2), 250 RUN_DEV(LOGITEC, RT2870_1), 251 RUN_DEV(LOGITEC, RT2870_2), 252 RUN_DEV(LOGITEC, RT2870_3), 253 RUN_DEV(LOGITEC, LANW300NU2), 254 RUN_DEV(LOGITEC, LANW150NU2), 255 RUN_DEV(LOGITEC, LANW300NU2S), 256 RUN_DEV(MELCO, WLIUCG300HP), 257 RUN_DEV(MELCO, RT2870_2), 258 RUN_DEV(MELCO, WLIUCAG300N), 259 RUN_DEV(MELCO, WLIUCG300N), 260 RUN_DEV(MELCO, WLIUCG301N), 261 RUN_DEV(MELCO, WLIUCGN), 262 RUN_DEV(MELCO, WLIUCGNM), 263 RUN_DEV(MELCO, WLIUCG300HPV1), 264 RUN_DEV(MELCO, WLIUCGNM2), 265 RUN_DEV(MOTOROLA4, RT2770), 266 RUN_DEV(MOTOROLA4, RT3070), 267 RUN_DEV(MSI, RT3070_1), 268 RUN_DEV(MSI, RT3070_2), 269 RUN_DEV(MSI, RT3070_3), 270 RUN_DEV(MSI, RT3070_4), 271 RUN_DEV(MSI, RT3070_5), 272 RUN_DEV(MSI, RT3070_6), 273 RUN_DEV(MSI, RT3070_7), 274 RUN_DEV(MSI, RT3070_8), 275 RUN_DEV(MSI, RT3070_9), 276 RUN_DEV(MSI, RT3070_10), 277 RUN_DEV(MSI, RT3070_11), 278 RUN_DEV(NETGEAR, WNDA4100), 279 RUN_DEV(OVISLINK, RT3072), 280 RUN_DEV(PARA, RT3070), 281 RUN_DEV(PEGATRON, RT2870), 282 RUN_DEV(PEGATRON, RT3070), 283 RUN_DEV(PEGATRON, RT3070_2), 284 RUN_DEV(PEGATRON, RT3070_3), 285 RUN_DEV(PHILIPS, RT2870), 286 RUN_DEV(PLANEX2, GWUS300MINIS), 287 RUN_DEV(PLANEX2, GWUSMICRON), 288 RUN_DEV(PLANEX2, RT2870), 289 RUN_DEV(PLANEX2, RT3070), 290 RUN_DEV(QCOM, RT2870), 291 RUN_DEV(QUANTA, RT3070), 292 RUN_DEV(RALINK, RT2070), 293 RUN_DEV(RALINK, RT2770), 294 RUN_DEV(RALINK, RT2870), 295 RUN_DEV(RALINK, RT3070), 296 RUN_DEV(RALINK, RT3071), 297 RUN_DEV(RALINK, RT3072), 298 RUN_DEV(RALINK, RT3370), 299 RUN_DEV(RALINK, RT3572), 300 RUN_DEV(RALINK, RT3573), 301 RUN_DEV(RALINK, RT5370), 302 RUN_DEV(RALINK, RT5572), 303 RUN_DEV(RALINK, RT8070), 304 RUN_DEV(SAMSUNG, WIS09ABGN), 305 RUN_DEV(SAMSUNG2, RT2870_1), 306 RUN_DEV(SENAO, RT2870_1), 307 RUN_DEV(SENAO, RT2870_2), 308 RUN_DEV(SENAO, RT2870_3), 309 RUN_DEV(SENAO, RT2870_4), 310 RUN_DEV(SENAO, RT3070), 311 RUN_DEV(SENAO, RT3071), 312 RUN_DEV(SENAO, RT3072_1), 313 RUN_DEV(SENAO, RT3072_2), 314 RUN_DEV(SENAO, RT3072_3), 315 RUN_DEV(SENAO, RT3072_4), 316 RUN_DEV(SENAO, RT3072_5), 317 RUN_DEV(SITECOMEU, RT2770), 318 RUN_DEV(SITECOMEU, RT2870_1), 319 RUN_DEV(SITECOMEU, RT2870_2), 320 RUN_DEV(SITECOMEU, RT2870_3), 321 RUN_DEV(SITECOMEU, RT2870_4), 322 RUN_DEV(SITECOMEU, RT3070), 323 RUN_DEV(SITECOMEU, RT3070_2), 324 RUN_DEV(SITECOMEU, RT3070_3), 325 RUN_DEV(SITECOMEU, RT3070_4), 326 RUN_DEV(SITECOMEU, RT3071), 327 RUN_DEV(SITECOMEU, RT3072_1), 328 RUN_DEV(SITECOMEU, RT3072_2), 329 RUN_DEV(SITECOMEU, RT3072_3), 330 RUN_DEV(SITECOMEU, RT3072_4), 331 RUN_DEV(SITECOMEU, RT3072_5), 332 RUN_DEV(SITECOMEU, RT3072_6), 333 RUN_DEV(SITECOMEU, WL608), 334 RUN_DEV(SPARKLAN, RT2870_1), 335 RUN_DEV(SPARKLAN, RT3070), 336 RUN_DEV(SWEEX2, LW153), 337 RUN_DEV(SWEEX2, LW303), 338 RUN_DEV(SWEEX2, LW313), 339 RUN_DEV(TOSHIBA, RT3070), 340 RUN_DEV(UMEDIA, RT2870_1), 341 RUN_DEV(ZCOM, RT2870_1), 342 RUN_DEV(ZCOM, RT2870_2), 343 RUN_DEV(ZINWELL, RT2870_1), 344 RUN_DEV(ZINWELL, RT2870_2), 345 RUN_DEV(ZINWELL, RT3070), 346 RUN_DEV(ZINWELL, RT3072_1), 347 RUN_DEV(ZINWELL, RT3072_2), 348 RUN_DEV(ZYXEL, RT2870_1), 349 RUN_DEV(ZYXEL, RT2870_2), 350 RUN_DEV(ZYXEL, RT3070), 351 RUN_DEV_EJECT(ZYXEL, NWD2705), 352 RUN_DEV_EJECT(RALINK, RT_STOR), 353 #undef RUN_DEV_EJECT 354 #undef RUN_DEV 355 }; 356 357 static device_probe_t run_match; 358 static device_attach_t run_attach; 359 static device_detach_t run_detach; 360 361 static usb_callback_t run_bulk_rx_callback; 362 static usb_callback_t run_bulk_tx_callback0; 363 static usb_callback_t run_bulk_tx_callback1; 364 static usb_callback_t run_bulk_tx_callback2; 365 static usb_callback_t run_bulk_tx_callback3; 366 static usb_callback_t run_bulk_tx_callback4; 367 static usb_callback_t run_bulk_tx_callback5; 368 369 static void run_autoinst(void *, struct usb_device *, 370 struct usb_attach_arg *); 371 static int run_driver_loaded(struct module *, int, void *); 372 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 373 usb_error_t error, u_int index); 374 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 375 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 376 const uint8_t [IEEE80211_ADDR_LEN], 377 const uint8_t [IEEE80211_ADDR_LEN]); 378 static void run_vap_delete(struct ieee80211vap *); 379 static void run_cmdq_cb(void *, int); 380 static void run_setup_tx_list(struct run_softc *, 381 struct run_endpoint_queue *); 382 static void run_unsetup_tx_list(struct run_softc *, 383 struct run_endpoint_queue *); 384 static int run_load_microcode(struct run_softc *); 385 static int run_reset(struct run_softc *); 386 static usb_error_t run_do_request(struct run_softc *, 387 struct usb_device_request *, void *); 388 static int run_read(struct run_softc *, uint16_t, uint32_t *); 389 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 390 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 391 static int run_write(struct run_softc *, uint16_t, uint32_t); 392 static int run_write_region_1(struct run_softc *, uint16_t, 393 const uint8_t *, int); 394 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 395 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 396 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 397 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 398 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 399 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 400 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 401 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 402 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 403 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 404 static const char *run_get_rf(uint16_t); 405 static void run_rt3593_get_txpower(struct run_softc *); 406 static void run_get_txpower(struct run_softc *); 407 static int run_read_eeprom(struct run_softc *); 408 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 409 const uint8_t mac[IEEE80211_ADDR_LEN]); 410 static int run_media_change(struct ifnet *); 411 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 412 static int run_wme_update(struct ieee80211com *); 413 static void run_key_set_cb(void *); 414 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 415 static void run_key_delete_cb(void *); 416 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 417 static void run_ratectl_to(void *); 418 static void run_ratectl_cb(void *, int); 419 static void run_drain_fifo(void *); 420 static void run_iter_func(void *, struct ieee80211_node *); 421 static void run_newassoc_cb(void *); 422 static void run_newassoc(struct ieee80211_node *, int); 423 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 424 const struct ieee80211_rx_stats *, int, int); 425 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 426 static void run_tx_free(struct run_endpoint_queue *pq, 427 struct run_tx_data *, int); 428 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 429 static int run_tx(struct run_softc *, struct mbuf *, 430 struct ieee80211_node *); 431 static int run_tx_mgt(struct run_softc *, struct mbuf *, 432 struct ieee80211_node *); 433 static int run_sendprot(struct run_softc *, const struct mbuf *, 434 struct ieee80211_node *, int, int); 435 static int run_tx_param(struct run_softc *, struct mbuf *, 436 struct ieee80211_node *, 437 const struct ieee80211_bpf_params *); 438 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 439 const struct ieee80211_bpf_params *); 440 static int run_transmit(struct ieee80211com *, struct mbuf *); 441 static void run_start(struct run_softc *); 442 static void run_parent(struct ieee80211com *); 443 static void run_iq_calib(struct run_softc *, u_int); 444 static void run_set_agc(struct run_softc *, uint8_t); 445 static void run_select_chan_group(struct run_softc *, int); 446 static void run_set_rx_antenna(struct run_softc *, int); 447 static void run_rt2870_set_chan(struct run_softc *, u_int); 448 static void run_rt3070_set_chan(struct run_softc *, u_int); 449 static void run_rt3572_set_chan(struct run_softc *, u_int); 450 static void run_rt3593_set_chan(struct run_softc *, u_int); 451 static void run_rt5390_set_chan(struct run_softc *, u_int); 452 static void run_rt5592_set_chan(struct run_softc *, u_int); 453 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 454 static void run_set_channel(struct ieee80211com *); 455 static void run_getradiocaps(struct ieee80211com *, int, int *, 456 struct ieee80211_channel[]); 457 static void run_scan_start(struct ieee80211com *); 458 static void run_scan_end(struct ieee80211com *); 459 static void run_update_beacon(struct ieee80211vap *, int); 460 static void run_update_beacon_cb(void *); 461 static void run_updateprot(struct ieee80211com *); 462 static void run_updateprot_cb(void *); 463 static void run_usb_timeout_cb(void *); 464 static void run_reset_livelock(struct run_softc *); 465 static void run_enable_tsf_sync(struct run_softc *); 466 static void run_enable_tsf(struct run_softc *); 467 static void run_get_tsf(struct run_softc *, uint64_t *); 468 static void run_enable_mrr(struct run_softc *); 469 static void run_set_txpreamble(struct run_softc *); 470 static void run_set_basicrates(struct run_softc *); 471 static void run_set_leds(struct run_softc *, uint16_t); 472 static void run_set_bssid(struct run_softc *, const uint8_t *); 473 static void run_set_macaddr(struct run_softc *, const uint8_t *); 474 static void run_updateslot(struct ieee80211com *); 475 static void run_updateslot_cb(void *); 476 static void run_update_mcast(struct ieee80211com *); 477 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 478 static void run_update_promisc_locked(struct run_softc *); 479 static void run_update_promisc(struct ieee80211com *); 480 static void run_rt5390_bbp_init(struct run_softc *); 481 static int run_bbp_init(struct run_softc *); 482 static int run_rt3070_rf_init(struct run_softc *); 483 static void run_rt3593_rf_init(struct run_softc *); 484 static void run_rt5390_rf_init(struct run_softc *); 485 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 486 uint8_t *); 487 static void run_rt3070_rf_setup(struct run_softc *); 488 static void run_rt3593_rf_setup(struct run_softc *); 489 static void run_rt5390_rf_setup(struct run_softc *); 490 static int run_txrx_enable(struct run_softc *); 491 static void run_adjust_freq_offset(struct run_softc *); 492 static void run_init_locked(struct run_softc *); 493 static void run_stop(void *); 494 static void run_delay(struct run_softc *, u_int); 495 496 static eventhandler_tag run_etag; 497 498 static const struct rt2860_rate { 499 uint8_t rate; 500 uint8_t mcs; 501 enum ieee80211_phytype phy; 502 uint8_t ctl_ridx; 503 uint16_t sp_ack_dur; 504 uint16_t lp_ack_dur; 505 } rt2860_rates[] = { 506 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 507 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 508 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 509 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 510 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 511 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 512 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 513 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 514 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 515 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 516 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 517 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 518 }; 519 520 static const struct { 521 uint16_t reg; 522 uint32_t val; 523 } rt2870_def_mac[] = { 524 RT2870_DEF_MAC 525 }; 526 527 static const struct { 528 uint8_t reg; 529 uint8_t val; 530 } rt2860_def_bbp[] = { 531 RT2860_DEF_BBP 532 },rt5390_def_bbp[] = { 533 RT5390_DEF_BBP 534 },rt5592_def_bbp[] = { 535 RT5592_DEF_BBP 536 }; 537 538 /* 539 * Default values for BBP register R196 for RT5592. 540 */ 541 static const uint8_t rt5592_bbp_r196[] = { 542 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 543 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 544 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 545 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 546 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 547 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 548 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 549 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 550 0x2e, 0x36, 0x30, 0x6e 551 }; 552 553 static const struct rfprog { 554 uint8_t chan; 555 uint32_t r1, r2, r3, r4; 556 } rt2860_rf2850[] = { 557 RT2860_RF2850 558 }; 559 560 struct { 561 uint8_t n, r, k; 562 } rt3070_freqs[] = { 563 RT3070_RF3052 564 }; 565 566 static const struct rt5592_freqs { 567 uint16_t n; 568 uint8_t k, m, r; 569 } rt5592_freqs_20mhz[] = { 570 RT5592_RF5592_20MHZ 571 },rt5592_freqs_40mhz[] = { 572 RT5592_RF5592_40MHZ 573 }; 574 575 static const struct { 576 uint8_t reg; 577 uint8_t val; 578 } rt3070_def_rf[] = { 579 RT3070_DEF_RF 580 },rt3572_def_rf[] = { 581 RT3572_DEF_RF 582 },rt3593_def_rf[] = { 583 RT3593_DEF_RF 584 },rt5390_def_rf[] = { 585 RT5390_DEF_RF 586 },rt5392_def_rf[] = { 587 RT5392_DEF_RF 588 },rt5592_def_rf[] = { 589 RT5592_DEF_RF 590 },rt5592_2ghz_def_rf[] = { 591 RT5592_2GHZ_DEF_RF 592 },rt5592_5ghz_def_rf[] = { 593 RT5592_5GHZ_DEF_RF 594 }; 595 596 static const struct { 597 u_int firstchan; 598 u_int lastchan; 599 uint8_t reg; 600 uint8_t val; 601 } rt5592_chan_5ghz[] = { 602 RT5592_CHAN_5GHZ 603 }; 604 605 static const struct usb_config run_config[RUN_N_XFER] = { 606 [RUN_BULK_TX_BE] = { 607 .type = UE_BULK, 608 .endpoint = UE_ADDR_ANY, 609 .ep_index = 0, 610 .direction = UE_DIR_OUT, 611 .bufsize = RUN_MAX_TXSZ, 612 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 613 .callback = run_bulk_tx_callback0, 614 .timeout = 5000, /* ms */ 615 }, 616 [RUN_BULK_TX_BK] = { 617 .type = UE_BULK, 618 .endpoint = UE_ADDR_ANY, 619 .direction = UE_DIR_OUT, 620 .ep_index = 1, 621 .bufsize = RUN_MAX_TXSZ, 622 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 623 .callback = run_bulk_tx_callback1, 624 .timeout = 5000, /* ms */ 625 }, 626 [RUN_BULK_TX_VI] = { 627 .type = UE_BULK, 628 .endpoint = UE_ADDR_ANY, 629 .direction = UE_DIR_OUT, 630 .ep_index = 2, 631 .bufsize = RUN_MAX_TXSZ, 632 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 633 .callback = run_bulk_tx_callback2, 634 .timeout = 5000, /* ms */ 635 }, 636 [RUN_BULK_TX_VO] = { 637 .type = UE_BULK, 638 .endpoint = UE_ADDR_ANY, 639 .direction = UE_DIR_OUT, 640 .ep_index = 3, 641 .bufsize = RUN_MAX_TXSZ, 642 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 643 .callback = run_bulk_tx_callback3, 644 .timeout = 5000, /* ms */ 645 }, 646 [RUN_BULK_TX_HCCA] = { 647 .type = UE_BULK, 648 .endpoint = UE_ADDR_ANY, 649 .direction = UE_DIR_OUT, 650 .ep_index = 4, 651 .bufsize = RUN_MAX_TXSZ, 652 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 653 .callback = run_bulk_tx_callback4, 654 .timeout = 5000, /* ms */ 655 }, 656 [RUN_BULK_TX_PRIO] = { 657 .type = UE_BULK, 658 .endpoint = UE_ADDR_ANY, 659 .direction = UE_DIR_OUT, 660 .ep_index = 5, 661 .bufsize = RUN_MAX_TXSZ, 662 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 663 .callback = run_bulk_tx_callback5, 664 .timeout = 5000, /* ms */ 665 }, 666 [RUN_BULK_RX] = { 667 .type = UE_BULK, 668 .endpoint = UE_ADDR_ANY, 669 .direction = UE_DIR_IN, 670 .bufsize = RUN_MAX_RXSZ, 671 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 672 .callback = run_bulk_rx_callback, 673 } 674 }; 675 676 static void 677 run_autoinst(void *arg, struct usb_device *udev, 678 struct usb_attach_arg *uaa) 679 { 680 struct usb_interface *iface; 681 struct usb_interface_descriptor *id; 682 683 if (uaa->dev_state != UAA_DEV_READY) 684 return; 685 686 iface = usbd_get_iface(udev, 0); 687 if (iface == NULL) 688 return; 689 id = iface->idesc; 690 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 691 return; 692 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 693 return; 694 695 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 696 uaa->dev_state = UAA_DEV_EJECTING; 697 } 698 699 static int 700 run_driver_loaded(struct module *mod, int what, void *arg) 701 { 702 switch (what) { 703 case MOD_LOAD: 704 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 705 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 706 break; 707 case MOD_UNLOAD: 708 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 709 break; 710 default: 711 return (EOPNOTSUPP); 712 } 713 return (0); 714 } 715 716 static int 717 run_match(device_t self) 718 { 719 struct usb_attach_arg *uaa = device_get_ivars(self); 720 721 if (uaa->usb_mode != USB_MODE_HOST) 722 return (ENXIO); 723 if (uaa->info.bConfigIndex != 0) 724 return (ENXIO); 725 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 726 return (ENXIO); 727 728 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 729 } 730 731 static int 732 run_attach(device_t self) 733 { 734 struct run_softc *sc = device_get_softc(self); 735 struct usb_attach_arg *uaa = device_get_ivars(self); 736 struct ieee80211com *ic = &sc->sc_ic; 737 uint32_t ver; 738 uint8_t iface_index; 739 int ntries, error; 740 741 device_set_usb_desc(self); 742 sc->sc_udev = uaa->device; 743 sc->sc_dev = self; 744 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 745 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 746 747 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 748 MTX_NETWORK_LOCK, MTX_DEF); 749 mbufq_init(&sc->sc_snd, ifqmaxlen); 750 751 iface_index = RT2860_IFACE_INDEX; 752 753 error = usbd_transfer_setup(uaa->device, &iface_index, 754 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 755 if (error) { 756 device_printf(self, "could not allocate USB transfers, " 757 "err=%s\n", usbd_errstr(error)); 758 goto detach; 759 } 760 761 RUN_LOCK(sc); 762 763 /* wait for the chip to settle */ 764 for (ntries = 0; ntries < 100; ntries++) { 765 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 766 RUN_UNLOCK(sc); 767 goto detach; 768 } 769 if (ver != 0 && ver != 0xffffffff) 770 break; 771 run_delay(sc, 10); 772 } 773 if (ntries == 100) { 774 device_printf(sc->sc_dev, 775 "timeout waiting for NIC to initialize\n"); 776 RUN_UNLOCK(sc); 777 goto detach; 778 } 779 sc->mac_ver = ver >> 16; 780 sc->mac_rev = ver & 0xffff; 781 782 /* retrieve RF rev. no and various other things from EEPROM */ 783 run_read_eeprom(sc); 784 785 device_printf(sc->sc_dev, 786 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 787 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 788 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 789 790 RUN_UNLOCK(sc); 791 792 ic->ic_softc = sc; 793 ic->ic_name = device_get_nameunit(self); 794 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 795 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 796 797 /* set device capabilities */ 798 ic->ic_caps = 799 IEEE80211_C_STA | /* station mode supported */ 800 IEEE80211_C_MONITOR | /* monitor mode supported */ 801 IEEE80211_C_IBSS | 802 IEEE80211_C_HOSTAP | 803 IEEE80211_C_WDS | /* 4-address traffic works */ 804 IEEE80211_C_MBSS | 805 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 806 IEEE80211_C_SHSLOT | /* short slot time supported */ 807 IEEE80211_C_WME | /* WME */ 808 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 809 810 ic->ic_cryptocaps = 811 IEEE80211_CRYPTO_WEP | 812 IEEE80211_CRYPTO_AES_CCM | 813 IEEE80211_CRYPTO_TKIPMIC | 814 IEEE80211_CRYPTO_TKIP; 815 816 ic->ic_flags |= IEEE80211_F_DATAPAD; 817 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 818 819 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 820 ic->ic_channels); 821 822 ieee80211_ifattach(ic); 823 824 ic->ic_scan_start = run_scan_start; 825 ic->ic_scan_end = run_scan_end; 826 ic->ic_set_channel = run_set_channel; 827 ic->ic_getradiocaps = run_getradiocaps; 828 ic->ic_node_alloc = run_node_alloc; 829 ic->ic_newassoc = run_newassoc; 830 ic->ic_updateslot = run_updateslot; 831 ic->ic_update_mcast = run_update_mcast; 832 ic->ic_wme.wme_update = run_wme_update; 833 ic->ic_raw_xmit = run_raw_xmit; 834 ic->ic_update_promisc = run_update_promisc; 835 ic->ic_vap_create = run_vap_create; 836 ic->ic_vap_delete = run_vap_delete; 837 ic->ic_transmit = run_transmit; 838 ic->ic_parent = run_parent; 839 840 ieee80211_radiotap_attach(ic, 841 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 842 RUN_TX_RADIOTAP_PRESENT, 843 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 844 RUN_RX_RADIOTAP_PRESENT); 845 846 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 847 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 848 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 849 850 if (bootverbose) 851 ieee80211_announce(ic); 852 853 return (0); 854 855 detach: 856 run_detach(self); 857 return (ENXIO); 858 } 859 860 static void 861 run_drain_mbufq(struct run_softc *sc) 862 { 863 struct mbuf *m; 864 struct ieee80211_node *ni; 865 866 RUN_LOCK_ASSERT(sc, MA_OWNED); 867 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 868 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 869 m->m_pkthdr.rcvif = NULL; 870 ieee80211_free_node(ni); 871 m_freem(m); 872 } 873 } 874 875 static int 876 run_detach(device_t self) 877 { 878 struct run_softc *sc = device_get_softc(self); 879 struct ieee80211com *ic = &sc->sc_ic; 880 int i; 881 882 RUN_LOCK(sc); 883 sc->sc_detached = 1; 884 RUN_UNLOCK(sc); 885 886 /* stop all USB transfers */ 887 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 888 889 RUN_LOCK(sc); 890 sc->ratectl_run = RUN_RATECTL_OFF; 891 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 892 893 /* free TX list, if any */ 894 for (i = 0; i != RUN_EP_QUEUES; i++) 895 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 896 897 /* Free TX queue */ 898 run_drain_mbufq(sc); 899 RUN_UNLOCK(sc); 900 901 if (sc->sc_ic.ic_softc == sc) { 902 /* drain tasks */ 903 usb_callout_drain(&sc->ratectl_ch); 904 ieee80211_draintask(ic, &sc->cmdq_task); 905 ieee80211_draintask(ic, &sc->ratectl_task); 906 ieee80211_ifdetach(ic); 907 } 908 909 mtx_destroy(&sc->sc_mtx); 910 911 return (0); 912 } 913 914 static struct ieee80211vap * 915 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 916 enum ieee80211_opmode opmode, int flags, 917 const uint8_t bssid[IEEE80211_ADDR_LEN], 918 const uint8_t mac[IEEE80211_ADDR_LEN]) 919 { 920 struct run_softc *sc = ic->ic_softc; 921 struct run_vap *rvp; 922 struct ieee80211vap *vap; 923 int i; 924 925 if (sc->rvp_cnt >= RUN_VAP_MAX) { 926 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 927 return (NULL); 928 } 929 930 switch (opmode) { 931 case IEEE80211_M_STA: 932 /* enable s/w bmiss handling for sta mode */ 933 flags |= IEEE80211_CLONE_NOBEACONS; 934 /* fall though */ 935 case IEEE80211_M_IBSS: 936 case IEEE80211_M_MONITOR: 937 case IEEE80211_M_HOSTAP: 938 case IEEE80211_M_MBSS: 939 /* other than WDS vaps, only one at a time */ 940 if (!TAILQ_EMPTY(&ic->ic_vaps)) 941 return (NULL); 942 break; 943 case IEEE80211_M_WDS: 944 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 945 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 946 continue; 947 /* WDS vap's always share the local mac address. */ 948 flags &= ~IEEE80211_CLONE_BSSID; 949 break; 950 } 951 if (vap == NULL) { 952 device_printf(sc->sc_dev, 953 "wds only supported in ap mode\n"); 954 return (NULL); 955 } 956 break; 957 default: 958 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 959 return (NULL); 960 } 961 962 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 963 vap = &rvp->vap; 964 965 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 966 bssid) != 0) { 967 /* out of memory */ 968 free(rvp, M_80211_VAP); 969 return (NULL); 970 } 971 972 vap->iv_update_beacon = run_update_beacon; 973 vap->iv_max_aid = RT2870_WCID_MAX; 974 /* 975 * To delete the right key from h/w, we need wcid. 976 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 977 * and matching wcid will be written into there. So, cast 978 * some spells to remove 'const' from ieee80211_key{} 979 */ 980 vap->iv_key_delete = (void *)run_key_delete; 981 vap->iv_key_set = (void *)run_key_set; 982 983 /* override state transition machine */ 984 rvp->newstate = vap->iv_newstate; 985 vap->iv_newstate = run_newstate; 986 if (opmode == IEEE80211_M_IBSS) { 987 rvp->recv_mgmt = vap->iv_recv_mgmt; 988 vap->iv_recv_mgmt = run_recv_mgmt; 989 } 990 991 ieee80211_ratectl_init(vap); 992 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 993 994 /* complete setup */ 995 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 996 mac); 997 998 /* make sure id is always unique */ 999 for (i = 0; i < RUN_VAP_MAX; i++) { 1000 if((sc->rvp_bmap & 1 << i) == 0){ 1001 sc->rvp_bmap |= 1 << i; 1002 rvp->rvp_id = i; 1003 break; 1004 } 1005 } 1006 if (sc->rvp_cnt++ == 0) 1007 ic->ic_opmode = opmode; 1008 1009 if (opmode == IEEE80211_M_HOSTAP) 1010 sc->cmdq_run = RUN_CMDQ_GO; 1011 1012 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1013 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1014 1015 return (vap); 1016 } 1017 1018 static void 1019 run_vap_delete(struct ieee80211vap *vap) 1020 { 1021 struct run_vap *rvp = RUN_VAP(vap); 1022 struct ieee80211com *ic; 1023 struct run_softc *sc; 1024 uint8_t rvp_id; 1025 1026 if (vap == NULL) 1027 return; 1028 1029 ic = vap->iv_ic; 1030 sc = ic->ic_softc; 1031 1032 RUN_LOCK(sc); 1033 1034 m_freem(rvp->beacon_mbuf); 1035 rvp->beacon_mbuf = NULL; 1036 1037 rvp_id = rvp->rvp_id; 1038 sc->ratectl_run &= ~(1 << rvp_id); 1039 sc->rvp_bmap &= ~(1 << rvp_id); 1040 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1041 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1042 --sc->rvp_cnt; 1043 1044 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1045 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1046 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1047 1048 RUN_UNLOCK(sc); 1049 1050 ieee80211_ratectl_deinit(vap); 1051 ieee80211_vap_detach(vap); 1052 free(rvp, M_80211_VAP); 1053 } 1054 1055 /* 1056 * There are numbers of functions need to be called in context thread. 1057 * Rather than creating taskqueue event for each of those functions, 1058 * here is all-for-one taskqueue callback function. This function 1059 * guarantees deferred functions are executed in the same order they 1060 * were enqueued. 1061 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1062 */ 1063 static void 1064 run_cmdq_cb(void *arg, int pending) 1065 { 1066 struct run_softc *sc = arg; 1067 uint8_t i; 1068 1069 /* call cmdq[].func locked */ 1070 RUN_LOCK(sc); 1071 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1072 i = sc->cmdq_exec, pending--) { 1073 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1074 i, pending); 1075 if (sc->cmdq_run == RUN_CMDQ_GO) { 1076 /* 1077 * If arg0 is NULL, callback func needs more 1078 * than one arg. So, pass ptr to cmdq struct. 1079 */ 1080 if (sc->cmdq[i].arg0) 1081 sc->cmdq[i].func(sc->cmdq[i].arg0); 1082 else 1083 sc->cmdq[i].func(&sc->cmdq[i]); 1084 } 1085 sc->cmdq[i].arg0 = NULL; 1086 sc->cmdq[i].func = NULL; 1087 sc->cmdq_exec++; 1088 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1089 } 1090 RUN_UNLOCK(sc); 1091 } 1092 1093 static void 1094 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1095 { 1096 struct run_tx_data *data; 1097 1098 memset(pq, 0, sizeof(*pq)); 1099 1100 STAILQ_INIT(&pq->tx_qh); 1101 STAILQ_INIT(&pq->tx_fh); 1102 1103 for (data = &pq->tx_data[0]; 1104 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1105 data->sc = sc; 1106 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1107 } 1108 pq->tx_nfree = RUN_TX_RING_COUNT; 1109 } 1110 1111 static void 1112 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1113 { 1114 struct run_tx_data *data; 1115 1116 /* make sure any subsequent use of the queues will fail */ 1117 pq->tx_nfree = 0; 1118 STAILQ_INIT(&pq->tx_fh); 1119 STAILQ_INIT(&pq->tx_qh); 1120 1121 /* free up all node references and mbufs */ 1122 for (data = &pq->tx_data[0]; 1123 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1124 if (data->m != NULL) { 1125 m_freem(data->m); 1126 data->m = NULL; 1127 } 1128 if (data->ni != NULL) { 1129 ieee80211_free_node(data->ni); 1130 data->ni = NULL; 1131 } 1132 } 1133 } 1134 1135 static int 1136 run_load_microcode(struct run_softc *sc) 1137 { 1138 usb_device_request_t req; 1139 const struct firmware *fw; 1140 const u_char *base; 1141 uint32_t tmp; 1142 int ntries, error; 1143 const uint64_t *temp; 1144 uint64_t bytes; 1145 1146 RUN_UNLOCK(sc); 1147 fw = firmware_get("runfw"); 1148 RUN_LOCK(sc); 1149 if (fw == NULL) { 1150 device_printf(sc->sc_dev, 1151 "failed loadfirmware of file %s\n", "runfw"); 1152 return ENOENT; 1153 } 1154 1155 if (fw->datasize != 8192) { 1156 device_printf(sc->sc_dev, 1157 "invalid firmware size (should be 8KB)\n"); 1158 error = EINVAL; 1159 goto fail; 1160 } 1161 1162 /* 1163 * RT3071/RT3072 use a different firmware 1164 * run-rt2870 (8KB) contains both, 1165 * first half (4KB) is for rt2870, 1166 * last half is for rt3071. 1167 */ 1168 base = fw->data; 1169 if ((sc->mac_ver) != 0x2860 && 1170 (sc->mac_ver) != 0x2872 && 1171 (sc->mac_ver) != 0x3070) { 1172 base += 4096; 1173 } 1174 1175 /* cheap sanity check */ 1176 temp = fw->data; 1177 bytes = *temp; 1178 if (bytes != be64toh(0xffffff0210280210ULL)) { 1179 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1180 error = EINVAL; 1181 goto fail; 1182 } 1183 1184 /* write microcode image */ 1185 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1186 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1187 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1188 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1189 } 1190 1191 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1192 req.bRequest = RT2870_RESET; 1193 USETW(req.wValue, 8); 1194 USETW(req.wIndex, 0); 1195 USETW(req.wLength, 0); 1196 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1197 != 0) { 1198 device_printf(sc->sc_dev, "firmware reset failed\n"); 1199 goto fail; 1200 } 1201 1202 run_delay(sc, 10); 1203 1204 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1205 run_write(sc, RT2860_H2M_MAILBOX, 0); 1206 run_write(sc, RT2860_H2M_INTSRC, 0); 1207 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1208 goto fail; 1209 1210 /* wait until microcontroller is ready */ 1211 for (ntries = 0; ntries < 1000; ntries++) { 1212 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1213 goto fail; 1214 if (tmp & RT2860_MCU_READY) 1215 break; 1216 run_delay(sc, 10); 1217 } 1218 if (ntries == 1000) { 1219 device_printf(sc->sc_dev, 1220 "timeout waiting for MCU to initialize\n"); 1221 error = ETIMEDOUT; 1222 goto fail; 1223 } 1224 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1225 (base == fw->data) ? "RT2870" : "RT3071", 1226 *(base + 4092), *(base + 4093)); 1227 1228 fail: 1229 firmware_put(fw, FIRMWARE_UNLOAD); 1230 return (error); 1231 } 1232 1233 static int 1234 run_reset(struct run_softc *sc) 1235 { 1236 usb_device_request_t req; 1237 1238 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1239 req.bRequest = RT2870_RESET; 1240 USETW(req.wValue, 1); 1241 USETW(req.wIndex, 0); 1242 USETW(req.wLength, 0); 1243 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1244 } 1245 1246 static usb_error_t 1247 run_do_request(struct run_softc *sc, 1248 struct usb_device_request *req, void *data) 1249 { 1250 usb_error_t err; 1251 int ntries = 10; 1252 1253 RUN_LOCK_ASSERT(sc, MA_OWNED); 1254 1255 while (ntries--) { 1256 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1257 req, data, 0, NULL, 250 /* ms */); 1258 if (err == 0) 1259 break; 1260 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1261 "Control request failed, %s (retrying)\n", 1262 usbd_errstr(err)); 1263 run_delay(sc, 10); 1264 } 1265 return (err); 1266 } 1267 1268 static int 1269 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1270 { 1271 uint32_t tmp; 1272 int error; 1273 1274 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1275 if (error == 0) 1276 *val = le32toh(tmp); 1277 else 1278 *val = 0xffffffff; 1279 return (error); 1280 } 1281 1282 static int 1283 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1284 { 1285 usb_device_request_t req; 1286 1287 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1288 req.bRequest = RT2870_READ_REGION_1; 1289 USETW(req.wValue, 0); 1290 USETW(req.wIndex, reg); 1291 USETW(req.wLength, len); 1292 1293 return (run_do_request(sc, &req, buf)); 1294 } 1295 1296 static int 1297 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1298 { 1299 usb_device_request_t req; 1300 1301 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1302 req.bRequest = RT2870_WRITE_2; 1303 USETW(req.wValue, val); 1304 USETW(req.wIndex, reg); 1305 USETW(req.wLength, 0); 1306 1307 return (run_do_request(sc, &req, NULL)); 1308 } 1309 1310 static int 1311 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1312 { 1313 int error; 1314 1315 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1316 error = run_write_2(sc, reg + 2, val >> 16); 1317 return (error); 1318 } 1319 1320 static int 1321 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1322 int len) 1323 { 1324 #if 1 1325 int i, error = 0; 1326 /* 1327 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1328 * We thus issue multiple WRITE_2 commands instead. 1329 */ 1330 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1331 for (i = 0; i < len && error == 0; i += 2) 1332 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1333 return (error); 1334 #else 1335 usb_device_request_t req; 1336 int error = 0; 1337 1338 /* 1339 * NOTE: It appears the WRITE_REGION_1 command cannot be 1340 * passed a huge amount of data, which will crash the 1341 * firmware. Limit amount of data passed to 64-bytes at a 1342 * time. 1343 */ 1344 while (len > 0) { 1345 int delta = 64; 1346 if (delta > len) 1347 delta = len; 1348 1349 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1350 req.bRequest = RT2870_WRITE_REGION_1; 1351 USETW(req.wValue, 0); 1352 USETW(req.wIndex, reg); 1353 USETW(req.wLength, delta); 1354 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1355 if (error != 0) 1356 break; 1357 reg += delta; 1358 buf += delta; 1359 len -= delta; 1360 } 1361 return (error); 1362 #endif 1363 } 1364 1365 static int 1366 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1367 { 1368 int i, error = 0; 1369 1370 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1371 for (i = 0; i < len && error == 0; i += 4) 1372 error = run_write(sc, reg + i, val); 1373 return (error); 1374 } 1375 1376 static int 1377 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1378 { 1379 uint32_t tmp; 1380 uint16_t reg; 1381 int error, ntries; 1382 1383 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1384 return (error); 1385 1386 if (count == 2) 1387 addr *= 2; 1388 /*- 1389 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1390 * DATA0: F E D C 1391 * DATA1: B A 9 8 1392 * DATA2: 7 6 5 4 1393 * DATA3: 3 2 1 0 1394 */ 1395 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1396 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1397 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1398 for (ntries = 0; ntries < 100; ntries++) { 1399 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1400 return (error); 1401 if (!(tmp & RT3070_EFSROM_KICK)) 1402 break; 1403 run_delay(sc, 2); 1404 } 1405 if (ntries == 100) 1406 return (ETIMEDOUT); 1407 1408 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1409 *val = 0xffff; /* address not found */ 1410 return (0); 1411 } 1412 /* determine to which 32-bit register our 16-bit word belongs */ 1413 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1414 if ((error = run_read(sc, reg, &tmp)) != 0) 1415 return (error); 1416 1417 tmp >>= (8 * (addr & 0x3)); 1418 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1419 1420 return (0); 1421 } 1422 1423 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1424 static int 1425 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426 { 1427 return (run_efuse_read(sc, addr, val, 2)); 1428 } 1429 1430 static int 1431 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1432 { 1433 usb_device_request_t req; 1434 uint16_t tmp; 1435 int error; 1436 1437 addr *= 2; 1438 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1439 req.bRequest = RT2870_EEPROM_READ; 1440 USETW(req.wValue, 0); 1441 USETW(req.wIndex, addr); 1442 USETW(req.wLength, sizeof(tmp)); 1443 1444 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1445 if (error == 0) 1446 *val = le16toh(tmp); 1447 else 1448 *val = 0xffff; 1449 return (error); 1450 } 1451 1452 static __inline int 1453 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1454 { 1455 /* either eFUSE ROM or EEPROM */ 1456 return sc->sc_srom_read(sc, addr, val); 1457 } 1458 1459 static int 1460 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1461 { 1462 uint32_t tmp; 1463 int error, ntries; 1464 1465 for (ntries = 0; ntries < 10; ntries++) { 1466 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1467 return (error); 1468 if (!(tmp & RT2860_RF_REG_CTRL)) 1469 break; 1470 } 1471 if (ntries == 10) 1472 return (ETIMEDOUT); 1473 1474 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1475 } 1476 1477 static int 1478 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1479 { 1480 uint32_t tmp; 1481 int error, ntries; 1482 1483 for (ntries = 0; ntries < 100; ntries++) { 1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1485 return (error); 1486 if (!(tmp & RT3070_RF_KICK)) 1487 break; 1488 } 1489 if (ntries == 100) 1490 return (ETIMEDOUT); 1491 1492 tmp = RT3070_RF_KICK | reg << 8; 1493 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1494 return (error); 1495 1496 for (ntries = 0; ntries < 100; ntries++) { 1497 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1498 return (error); 1499 if (!(tmp & RT3070_RF_KICK)) 1500 break; 1501 } 1502 if (ntries == 100) 1503 return (ETIMEDOUT); 1504 1505 *val = tmp & 0xff; 1506 return (0); 1507 } 1508 1509 static int 1510 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1511 { 1512 uint32_t tmp; 1513 int error, ntries; 1514 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1517 return (error); 1518 if (!(tmp & RT3070_RF_KICK)) 1519 break; 1520 } 1521 if (ntries == 10) 1522 return (ETIMEDOUT); 1523 1524 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1525 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1526 } 1527 1528 static int 1529 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1530 { 1531 uint32_t tmp; 1532 int ntries, error; 1533 1534 for (ntries = 0; ntries < 10; ntries++) { 1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1536 return (error); 1537 if (!(tmp & RT2860_BBP_CSR_KICK)) 1538 break; 1539 } 1540 if (ntries == 10) 1541 return (ETIMEDOUT); 1542 1543 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1544 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1545 return (error); 1546 1547 for (ntries = 0; ntries < 10; ntries++) { 1548 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1549 return (error); 1550 if (!(tmp & RT2860_BBP_CSR_KICK)) 1551 break; 1552 } 1553 if (ntries == 10) 1554 return (ETIMEDOUT); 1555 1556 *val = tmp & 0xff; 1557 return (0); 1558 } 1559 1560 static int 1561 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1562 { 1563 uint32_t tmp; 1564 int ntries, error; 1565 1566 for (ntries = 0; ntries < 10; ntries++) { 1567 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1568 return (error); 1569 if (!(tmp & RT2860_BBP_CSR_KICK)) 1570 break; 1571 } 1572 if (ntries == 10) 1573 return (ETIMEDOUT); 1574 1575 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1576 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1577 } 1578 1579 /* 1580 * Send a command to the 8051 microcontroller unit. 1581 */ 1582 static int 1583 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1584 { 1585 uint32_t tmp; 1586 int error, ntries; 1587 1588 for (ntries = 0; ntries < 100; ntries++) { 1589 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1590 return error; 1591 if (!(tmp & RT2860_H2M_BUSY)) 1592 break; 1593 } 1594 if (ntries == 100) 1595 return ETIMEDOUT; 1596 1597 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1598 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1599 error = run_write(sc, RT2860_HOST_CMD, cmd); 1600 return (error); 1601 } 1602 1603 /* 1604 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1605 * Used to adjust per-rate Tx power registers. 1606 */ 1607 static __inline uint32_t 1608 b4inc(uint32_t b32, int8_t delta) 1609 { 1610 int8_t i, b4; 1611 1612 for (i = 0; i < 8; i++) { 1613 b4 = b32 & 0xf; 1614 b4 += delta; 1615 if (b4 < 0) 1616 b4 = 0; 1617 else if (b4 > 0xf) 1618 b4 = 0xf; 1619 b32 = b32 >> 4 | b4 << 28; 1620 } 1621 return (b32); 1622 } 1623 1624 static const char * 1625 run_get_rf(uint16_t rev) 1626 { 1627 switch (rev) { 1628 case RT2860_RF_2820: return "RT2820"; 1629 case RT2860_RF_2850: return "RT2850"; 1630 case RT2860_RF_2720: return "RT2720"; 1631 case RT2860_RF_2750: return "RT2750"; 1632 case RT3070_RF_3020: return "RT3020"; 1633 case RT3070_RF_2020: return "RT2020"; 1634 case RT3070_RF_3021: return "RT3021"; 1635 case RT3070_RF_3022: return "RT3022"; 1636 case RT3070_RF_3052: return "RT3052"; 1637 case RT3593_RF_3053: return "RT3053"; 1638 case RT5592_RF_5592: return "RT5592"; 1639 case RT5390_RF_5370: return "RT5370"; 1640 case RT5390_RF_5372: return "RT5372"; 1641 } 1642 return ("unknown"); 1643 } 1644 1645 static void 1646 run_rt3593_get_txpower(struct run_softc *sc) 1647 { 1648 uint16_t addr, val; 1649 int i; 1650 1651 /* Read power settings for 2GHz channels. */ 1652 for (i = 0; i < 14; i += 2) { 1653 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1654 RT2860_EEPROM_PWR2GHZ_BASE1; 1655 run_srom_read(sc, addr + i / 2, &val); 1656 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1657 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1658 1659 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1660 RT2860_EEPROM_PWR2GHZ_BASE2; 1661 run_srom_read(sc, addr + i / 2, &val); 1662 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1670 } 1671 } 1672 /* Fix broken Tx power entries. */ 1673 for (i = 0; i < 14; i++) { 1674 if (sc->txpow1[i] > 31) 1675 sc->txpow1[i] = 5; 1676 if (sc->txpow2[i] > 31) 1677 sc->txpow2[i] = 5; 1678 if (sc->ntxchains == 3) { 1679 if (sc->txpow3[i] > 31) 1680 sc->txpow3[i] = 5; 1681 } 1682 } 1683 /* Read power settings for 5GHz channels. */ 1684 for (i = 0; i < 40; i += 2) { 1685 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1686 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1687 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1688 1689 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1690 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1691 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1692 1693 if (sc->ntxchains == 3) { 1694 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1695 &val); 1696 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1697 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1698 } 1699 } 1700 } 1701 1702 static void 1703 run_get_txpower(struct run_softc *sc) 1704 { 1705 uint16_t val; 1706 int i; 1707 1708 /* Read power settings for 2GHz channels. */ 1709 for (i = 0; i < 14; i += 2) { 1710 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1711 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1712 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1713 1714 if (sc->mac_ver != 0x5390) { 1715 run_srom_read(sc, 1716 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1717 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1718 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1719 } 1720 } 1721 /* Fix broken Tx power entries. */ 1722 for (i = 0; i < 14; i++) { 1723 if (sc->mac_ver >= 0x5390) { 1724 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1725 sc->txpow1[i] = 5; 1726 } else { 1727 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1728 sc->txpow1[i] = 5; 1729 } 1730 if (sc->mac_ver > 0x5390) { 1731 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1732 sc->txpow2[i] = 5; 1733 } else if (sc->mac_ver < 0x5390) { 1734 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1735 sc->txpow2[i] = 5; 1736 } 1737 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1738 "chan %d: power1=%d, power2=%d\n", 1739 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1740 } 1741 /* Read power settings for 5GHz channels. */ 1742 for (i = 0; i < 40; i += 2) { 1743 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1744 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1745 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1746 1747 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1748 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1749 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1750 } 1751 /* Fix broken Tx power entries. */ 1752 for (i = 0; i < 40; i++ ) { 1753 if (sc->mac_ver != 0x5592) { 1754 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1755 sc->txpow1[14 + i] = 5; 1756 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1757 sc->txpow2[14 + i] = 5; 1758 } 1759 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1760 "chan %d: power1=%d, power2=%d\n", 1761 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1762 sc->txpow2[14 + i]); 1763 } 1764 } 1765 1766 static int 1767 run_read_eeprom(struct run_softc *sc) 1768 { 1769 struct ieee80211com *ic = &sc->sc_ic; 1770 int8_t delta_2ghz, delta_5ghz; 1771 uint32_t tmp; 1772 uint16_t val; 1773 int ridx, ant, i; 1774 1775 /* check whether the ROM is eFUSE ROM or EEPROM */ 1776 sc->sc_srom_read = run_eeprom_read_2; 1777 if (sc->mac_ver >= 0x3070) { 1778 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1779 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1780 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1781 sc->sc_srom_read = run_efuse_read_2; 1782 } 1783 1784 /* read ROM version */ 1785 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1786 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1787 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1788 1789 /* read MAC address */ 1790 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1791 ic->ic_macaddr[0] = val & 0xff; 1792 ic->ic_macaddr[1] = val >> 8; 1793 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1794 ic->ic_macaddr[2] = val & 0xff; 1795 ic->ic_macaddr[3] = val >> 8; 1796 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1797 ic->ic_macaddr[4] = val & 0xff; 1798 ic->ic_macaddr[5] = val >> 8; 1799 1800 if (sc->mac_ver < 0x3593) { 1801 /* read vender BBP settings */ 1802 for (i = 0; i < 10; i++) { 1803 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1804 sc->bbp[i].val = val & 0xff; 1805 sc->bbp[i].reg = val >> 8; 1806 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1807 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1808 } 1809 if (sc->mac_ver >= 0x3071) { 1810 /* read vendor RF settings */ 1811 for (i = 0; i < 10; i++) { 1812 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1813 &val); 1814 sc->rf[i].val = val & 0xff; 1815 sc->rf[i].reg = val >> 8; 1816 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1817 sc->rf[i].reg, sc->rf[i].val); 1818 } 1819 } 1820 } 1821 1822 /* read RF frequency offset from EEPROM */ 1823 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1824 RT3593_EEPROM_FREQ, &val); 1825 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1826 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1827 sc->freq & 0xff); 1828 1829 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1830 RT3593_EEPROM_FREQ_LEDS, &val); 1831 if (val >> 8 != 0xff) { 1832 /* read LEDs operating mode */ 1833 sc->leds = val >> 8; 1834 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1835 RT3593_EEPROM_LED1, &sc->led[0]); 1836 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1837 RT3593_EEPROM_LED2, &sc->led[1]); 1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1839 RT3593_EEPROM_LED3, &sc->led[2]); 1840 } else { 1841 /* broken EEPROM, use default settings */ 1842 sc->leds = 0x01; 1843 sc->led[0] = 0x5555; 1844 sc->led[1] = 0x2221; 1845 sc->led[2] = 0x5627; /* differs from RT2860 */ 1846 } 1847 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1848 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1849 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1850 1851 /* read RF information */ 1852 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1853 run_srom_read(sc, 0x00, &val); 1854 else 1855 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1856 1857 if (val == 0xffff) { 1858 device_printf(sc->sc_dev, 1859 "invalid EEPROM antenna info, using default\n"); 1860 if (sc->mac_ver == 0x3572) { 1861 /* default to RF3052 2T2R */ 1862 sc->rf_rev = RT3070_RF_3052; 1863 sc->ntxchains = 2; 1864 sc->nrxchains = 2; 1865 } else if (sc->mac_ver >= 0x3070) { 1866 /* default to RF3020 1T1R */ 1867 sc->rf_rev = RT3070_RF_3020; 1868 sc->ntxchains = 1; 1869 sc->nrxchains = 1; 1870 } else { 1871 /* default to RF2820 1T2R */ 1872 sc->rf_rev = RT2860_RF_2820; 1873 sc->ntxchains = 1; 1874 sc->nrxchains = 2; 1875 } 1876 } else { 1877 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1878 sc->rf_rev = val; 1879 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1880 } else 1881 sc->rf_rev = (val >> 8) & 0xf; 1882 sc->ntxchains = (val >> 4) & 0xf; 1883 sc->nrxchains = val & 0xf; 1884 } 1885 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1886 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1887 1888 /* check if RF supports automatic Tx access gain control */ 1889 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1890 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1891 /* check if driver should patch the DAC issue */ 1892 if ((val >> 8) != 0xff) 1893 sc->patch_dac = (val >> 15) & 1; 1894 if ((val & 0xff) != 0xff) { 1895 sc->ext_5ghz_lna = (val >> 3) & 1; 1896 sc->ext_2ghz_lna = (val >> 2) & 1; 1897 /* check if RF supports automatic Tx access gain control */ 1898 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1899 /* check if we have a hardware radio switch */ 1900 sc->rfswitch = val & 1; 1901 } 1902 1903 /* Read Tx power settings. */ 1904 if (sc->mac_ver == 0x3593) 1905 run_rt3593_get_txpower(sc); 1906 else 1907 run_get_txpower(sc); 1908 1909 /* read Tx power compensation for each Tx rate */ 1910 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1911 delta_2ghz = delta_5ghz = 0; 1912 if ((val & 0xff) != 0xff && (val & 0x80)) { 1913 delta_2ghz = val & 0xf; 1914 if (!(val & 0x40)) /* negative number */ 1915 delta_2ghz = -delta_2ghz; 1916 } 1917 val >>= 8; 1918 if ((val & 0xff) != 0xff && (val & 0x80)) { 1919 delta_5ghz = val & 0xf; 1920 if (!(val & 0x40)) /* negative number */ 1921 delta_5ghz = -delta_5ghz; 1922 } 1923 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1924 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1925 1926 for (ridx = 0; ridx < 5; ridx++) { 1927 uint32_t reg; 1928 1929 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1930 reg = val; 1931 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1932 reg |= (uint32_t)val << 16; 1933 1934 sc->txpow20mhz[ridx] = reg; 1935 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1936 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1937 1938 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1939 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1940 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1941 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1942 } 1943 1944 /* Read RSSI offsets and LNA gains from EEPROM. */ 1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1946 RT3593_EEPROM_RSSI1_2GHZ, &val); 1947 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1948 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1949 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1950 RT3593_EEPROM_RSSI2_2GHZ, &val); 1951 if (sc->mac_ver >= 0x3070) { 1952 if (sc->mac_ver == 0x3593) { 1953 sc->txmixgain_2ghz = 0; 1954 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1955 } else { 1956 /* 1957 * On RT3070 chips (limited to 2 Rx chains), this ROM 1958 * field contains the Tx mixer gain for the 2GHz band. 1959 */ 1960 if ((val & 0xff) != 0xff) 1961 sc->txmixgain_2ghz = val & 0x7; 1962 } 1963 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1964 sc->txmixgain_2ghz); 1965 } else 1966 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1967 if (sc->mac_ver == 0x3593) 1968 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1969 sc->lna[2] = val >> 8; /* channel group 2 */ 1970 1971 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1972 RT3593_EEPROM_RSSI1_5GHZ, &val); 1973 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1974 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1975 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1976 RT3593_EEPROM_RSSI2_5GHZ, &val); 1977 if (sc->mac_ver == 0x3572) { 1978 /* 1979 * On RT3572 chips (limited to 2 Rx chains), this ROM 1980 * field contains the Tx mixer gain for the 5GHz band. 1981 */ 1982 if ((val & 0xff) != 0xff) 1983 sc->txmixgain_5ghz = val & 0x7; 1984 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1985 sc->txmixgain_5ghz); 1986 } else 1987 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1988 if (sc->mac_ver == 0x3593) { 1989 sc->txmixgain_5ghz = 0; 1990 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1991 } 1992 sc->lna[3] = val >> 8; /* channel group 3 */ 1993 1994 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1995 RT3593_EEPROM_LNA, &val); 1996 sc->lna[0] = val & 0xff; /* channel group 0 */ 1997 sc->lna[1] = val >> 8; /* channel group 1 */ 1998 1999 /* fix broken 5GHz LNA entries */ 2000 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2001 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2002 "invalid LNA for channel group %d\n", 2); 2003 sc->lna[2] = sc->lna[1]; 2004 } 2005 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2006 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2007 "invalid LNA for channel group %d\n", 3); 2008 sc->lna[3] = sc->lna[1]; 2009 } 2010 2011 /* fix broken RSSI offset entries */ 2012 for (ant = 0; ant < 3; ant++) { 2013 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2014 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2015 "invalid RSSI%d offset: %d (2GHz)\n", 2016 ant + 1, sc->rssi_2ghz[ant]); 2017 sc->rssi_2ghz[ant] = 0; 2018 } 2019 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2020 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2021 "invalid RSSI%d offset: %d (5GHz)\n", 2022 ant + 1, sc->rssi_5ghz[ant]); 2023 sc->rssi_5ghz[ant] = 0; 2024 } 2025 } 2026 return (0); 2027 } 2028 2029 static struct ieee80211_node * 2030 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2031 { 2032 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 2033 } 2034 2035 static int 2036 run_media_change(struct ifnet *ifp) 2037 { 2038 struct ieee80211vap *vap = ifp->if_softc; 2039 struct ieee80211com *ic = vap->iv_ic; 2040 const struct ieee80211_txparam *tp; 2041 struct run_softc *sc = ic->ic_softc; 2042 uint8_t rate, ridx; 2043 int error; 2044 2045 RUN_LOCK(sc); 2046 2047 error = ieee80211_media_change(ifp); 2048 if (error != ENETRESET) { 2049 RUN_UNLOCK(sc); 2050 return (error); 2051 } 2052 2053 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2054 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2055 struct ieee80211_node *ni; 2056 struct run_node *rn; 2057 2058 rate = ic->ic_sup_rates[ic->ic_curmode]. 2059 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2060 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2061 if (rt2860_rates[ridx].rate == rate) 2062 break; 2063 ni = ieee80211_ref_node(vap->iv_bss); 2064 rn = RUN_NODE(ni); 2065 rn->fix_ridx = ridx; 2066 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2067 rate, rn->fix_ridx); 2068 ieee80211_free_node(ni); 2069 } 2070 2071 #if 0 2072 if ((ifp->if_flags & IFF_UP) && 2073 (ifp->if_drv_flags & RUN_RUNNING)){ 2074 run_init_locked(sc); 2075 } 2076 #endif 2077 2078 RUN_UNLOCK(sc); 2079 2080 return (0); 2081 } 2082 2083 static int 2084 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2085 { 2086 const struct ieee80211_txparam *tp; 2087 struct ieee80211com *ic = vap->iv_ic; 2088 struct run_softc *sc = ic->ic_softc; 2089 struct run_vap *rvp = RUN_VAP(vap); 2090 enum ieee80211_state ostate; 2091 uint32_t sta[3]; 2092 uint32_t tmp; 2093 uint8_t ratectl; 2094 uint8_t restart_ratectl = 0; 2095 uint8_t bid = 1 << rvp->rvp_id; 2096 2097 ostate = vap->iv_state; 2098 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2099 ieee80211_state_name[ostate], 2100 ieee80211_state_name[nstate]); 2101 2102 IEEE80211_UNLOCK(ic); 2103 RUN_LOCK(sc); 2104 2105 ratectl = sc->ratectl_run; /* remember current state */ 2106 sc->ratectl_run = RUN_RATECTL_OFF; 2107 usb_callout_stop(&sc->ratectl_ch); 2108 2109 if (ostate == IEEE80211_S_RUN) { 2110 /* turn link LED off */ 2111 run_set_leds(sc, RT2860_LED_RADIO); 2112 } 2113 2114 switch (nstate) { 2115 case IEEE80211_S_INIT: 2116 restart_ratectl = 1; 2117 2118 if (ostate != IEEE80211_S_RUN) 2119 break; 2120 2121 ratectl &= ~bid; 2122 sc->runbmap &= ~bid; 2123 2124 /* abort TSF synchronization if there is no vap running */ 2125 if (--sc->running == 0) { 2126 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2127 run_write(sc, RT2860_BCN_TIME_CFG, 2128 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2129 RT2860_TBTT_TIMER_EN)); 2130 } 2131 break; 2132 2133 case IEEE80211_S_RUN: 2134 if (!(sc->runbmap & bid)) { 2135 if(sc->running++) 2136 restart_ratectl = 1; 2137 sc->runbmap |= bid; 2138 } 2139 2140 m_freem(rvp->beacon_mbuf); 2141 rvp->beacon_mbuf = NULL; 2142 2143 switch (vap->iv_opmode) { 2144 case IEEE80211_M_HOSTAP: 2145 case IEEE80211_M_MBSS: 2146 sc->ap_running |= bid; 2147 ic->ic_opmode = vap->iv_opmode; 2148 run_update_beacon_cb(vap); 2149 break; 2150 case IEEE80211_M_IBSS: 2151 sc->adhoc_running |= bid; 2152 if (!sc->ap_running) 2153 ic->ic_opmode = vap->iv_opmode; 2154 run_update_beacon_cb(vap); 2155 break; 2156 case IEEE80211_M_STA: 2157 sc->sta_running |= bid; 2158 if (!sc->ap_running && !sc->adhoc_running) 2159 ic->ic_opmode = vap->iv_opmode; 2160 2161 /* read statistic counters (clear on read) */ 2162 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2163 (uint8_t *)sta, sizeof sta); 2164 2165 break; 2166 default: 2167 ic->ic_opmode = vap->iv_opmode; 2168 break; 2169 } 2170 2171 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2172 struct ieee80211_node *ni; 2173 2174 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2175 RUN_UNLOCK(sc); 2176 IEEE80211_LOCK(ic); 2177 return (-1); 2178 } 2179 run_updateslot(ic); 2180 run_enable_mrr(sc); 2181 run_set_txpreamble(sc); 2182 run_set_basicrates(sc); 2183 ni = ieee80211_ref_node(vap->iv_bss); 2184 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2185 run_set_bssid(sc, sc->sc_bssid); 2186 ieee80211_free_node(ni); 2187 run_enable_tsf_sync(sc); 2188 2189 /* enable automatic rate adaptation */ 2190 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2191 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2192 ratectl |= bid; 2193 } else 2194 run_enable_tsf(sc); 2195 2196 /* turn link LED on */ 2197 run_set_leds(sc, RT2860_LED_RADIO | 2198 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2199 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2200 2201 break; 2202 default: 2203 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2204 break; 2205 } 2206 2207 /* restart amrr for running VAPs */ 2208 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2209 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2210 2211 RUN_UNLOCK(sc); 2212 IEEE80211_LOCK(ic); 2213 2214 return(rvp->newstate(vap, nstate, arg)); 2215 } 2216 2217 static int 2218 run_wme_update(struct ieee80211com *ic) 2219 { 2220 struct run_softc *sc = ic->ic_softc; 2221 const struct wmeParams *ac = 2222 ic->ic_wme.wme_chanParams.cap_wmeParams; 2223 int aci, error = 0; 2224 2225 /* update MAC TX configuration registers */ 2226 RUN_LOCK(sc); 2227 for (aci = 0; aci < WME_NUM_AC; aci++) { 2228 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2229 ac[aci].wmep_logcwmax << 16 | 2230 ac[aci].wmep_logcwmin << 12 | 2231 ac[aci].wmep_aifsn << 8 | 2232 ac[aci].wmep_txopLimit); 2233 if (error) goto err; 2234 } 2235 2236 /* update SCH/DMA registers too */ 2237 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2238 ac[WME_AC_VO].wmep_aifsn << 12 | 2239 ac[WME_AC_VI].wmep_aifsn << 8 | 2240 ac[WME_AC_BK].wmep_aifsn << 4 | 2241 ac[WME_AC_BE].wmep_aifsn); 2242 if (error) goto err; 2243 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2244 ac[WME_AC_VO].wmep_logcwmin << 12 | 2245 ac[WME_AC_VI].wmep_logcwmin << 8 | 2246 ac[WME_AC_BK].wmep_logcwmin << 4 | 2247 ac[WME_AC_BE].wmep_logcwmin); 2248 if (error) goto err; 2249 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2250 ac[WME_AC_VO].wmep_logcwmax << 12 | 2251 ac[WME_AC_VI].wmep_logcwmax << 8 | 2252 ac[WME_AC_BK].wmep_logcwmax << 4 | 2253 ac[WME_AC_BE].wmep_logcwmax); 2254 if (error) goto err; 2255 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2256 ac[WME_AC_BK].wmep_txopLimit << 16 | 2257 ac[WME_AC_BE].wmep_txopLimit); 2258 if (error) goto err; 2259 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2260 ac[WME_AC_VO].wmep_txopLimit << 16 | 2261 ac[WME_AC_VI].wmep_txopLimit); 2262 2263 err: 2264 RUN_UNLOCK(sc); 2265 if (error) 2266 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2267 2268 return (error); 2269 } 2270 2271 static void 2272 run_key_set_cb(void *arg) 2273 { 2274 struct run_cmdq *cmdq = arg; 2275 struct ieee80211vap *vap = cmdq->arg1; 2276 struct ieee80211_key *k = cmdq->k; 2277 struct ieee80211com *ic = vap->iv_ic; 2278 struct run_softc *sc = ic->ic_softc; 2279 struct ieee80211_node *ni; 2280 u_int cipher = k->wk_cipher->ic_cipher; 2281 uint32_t attr; 2282 uint16_t base, associd; 2283 uint8_t mode, wcid, iv[8]; 2284 2285 RUN_LOCK_ASSERT(sc, MA_OWNED); 2286 2287 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2288 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2289 else 2290 ni = vap->iv_bss; 2291 associd = (ni != NULL) ? ni->ni_associd : 0; 2292 2293 /* map net80211 cipher to RT2860 security mode */ 2294 switch (cipher) { 2295 case IEEE80211_CIPHER_WEP: 2296 if(k->wk_keylen < 8) 2297 mode = RT2860_MODE_WEP40; 2298 else 2299 mode = RT2860_MODE_WEP104; 2300 break; 2301 case IEEE80211_CIPHER_TKIP: 2302 mode = RT2860_MODE_TKIP; 2303 break; 2304 case IEEE80211_CIPHER_AES_CCM: 2305 mode = RT2860_MODE_AES_CCMP; 2306 break; 2307 default: 2308 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2309 return; 2310 } 2311 2312 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2313 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2314 associd, k->wk_keyix, mode, 2315 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2316 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2317 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2318 2319 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2320 wcid = 0; /* NB: update WCID0 for group keys */ 2321 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2322 } else { 2323 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2324 1 : RUN_AID2WCID(associd); 2325 base = RT2860_PKEY(wcid); 2326 } 2327 2328 if (cipher == IEEE80211_CIPHER_TKIP) { 2329 if(run_write_region_1(sc, base, k->wk_key, 16)) 2330 return; 2331 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2332 return; 2333 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2334 return; 2335 } else { 2336 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2337 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2338 return; 2339 } 2340 2341 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2342 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2343 /* set initial packet number in IV+EIV */ 2344 if (cipher == IEEE80211_CIPHER_WEP) { 2345 memset(iv, 0, sizeof iv); 2346 iv[3] = vap->iv_def_txkey << 6; 2347 } else { 2348 if (cipher == IEEE80211_CIPHER_TKIP) { 2349 iv[0] = k->wk_keytsc >> 8; 2350 iv[1] = (iv[0] | 0x20) & 0x7f; 2351 iv[2] = k->wk_keytsc; 2352 } else /* CCMP */ { 2353 iv[0] = k->wk_keytsc; 2354 iv[1] = k->wk_keytsc >> 8; 2355 iv[2] = 0; 2356 } 2357 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2358 iv[4] = k->wk_keytsc >> 16; 2359 iv[5] = k->wk_keytsc >> 24; 2360 iv[6] = k->wk_keytsc >> 32; 2361 iv[7] = k->wk_keytsc >> 40; 2362 } 2363 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2364 return; 2365 } 2366 2367 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2368 /* install group key */ 2369 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2370 return; 2371 attr &= ~(0xf << (k->wk_keyix * 4)); 2372 attr |= mode << (k->wk_keyix * 4); 2373 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2374 return; 2375 } else { 2376 /* install pairwise key */ 2377 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2378 return; 2379 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2380 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2381 return; 2382 } 2383 2384 /* TODO create a pass-thru key entry? */ 2385 2386 /* need wcid to delete the right key later */ 2387 k->wk_pad = wcid; 2388 } 2389 2390 /* 2391 * Don't have to be deferred, but in order to keep order of 2392 * execution, i.e. with run_key_delete(), defer this and let 2393 * run_cmdq_cb() maintain the order. 2394 * 2395 * return 0 on error 2396 */ 2397 static int 2398 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2399 { 2400 struct ieee80211com *ic = vap->iv_ic; 2401 struct run_softc *sc = ic->ic_softc; 2402 uint32_t i; 2403 2404 i = RUN_CMDQ_GET(&sc->cmdq_store); 2405 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2406 sc->cmdq[i].func = run_key_set_cb; 2407 sc->cmdq[i].arg0 = NULL; 2408 sc->cmdq[i].arg1 = vap; 2409 sc->cmdq[i].k = k; 2410 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2411 ieee80211_runtask(ic, &sc->cmdq_task); 2412 2413 /* 2414 * To make sure key will be set when hostapd 2415 * calls iv_key_set() before if_init(). 2416 */ 2417 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2418 RUN_LOCK(sc); 2419 sc->cmdq_key_set = RUN_CMDQ_GO; 2420 RUN_UNLOCK(sc); 2421 } 2422 2423 return (1); 2424 } 2425 2426 /* 2427 * If wlan is destroyed without being brought down i.e. without 2428 * wlan down or wpa_cli terminate, this function is called after 2429 * vap is gone. Don't refer it. 2430 */ 2431 static void 2432 run_key_delete_cb(void *arg) 2433 { 2434 struct run_cmdq *cmdq = arg; 2435 struct run_softc *sc = cmdq->arg1; 2436 struct ieee80211_key *k = &cmdq->key; 2437 uint32_t attr; 2438 uint8_t wcid; 2439 2440 RUN_LOCK_ASSERT(sc, MA_OWNED); 2441 2442 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2443 /* remove group key */ 2444 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2445 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2446 attr &= ~(0xf << (k->wk_keyix * 4)); 2447 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2448 } else { 2449 /* remove pairwise key */ 2450 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2451 "removing key for wcid %x\n", k->wk_pad); 2452 /* matching wcid was written to wk_pad in run_key_set() */ 2453 wcid = k->wk_pad; 2454 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2455 attr &= ~0xf; 2456 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2457 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2458 } 2459 2460 k->wk_pad = 0; 2461 } 2462 2463 /* 2464 * return 0 on error 2465 */ 2466 static int 2467 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2468 { 2469 struct ieee80211com *ic = vap->iv_ic; 2470 struct run_softc *sc = ic->ic_softc; 2471 struct ieee80211_key *k0; 2472 uint32_t i; 2473 2474 /* 2475 * When called back, key might be gone. So, make a copy 2476 * of some values need to delete keys before deferring. 2477 * But, because of LOR with node lock, cannot use lock here. 2478 * So, use atomic instead. 2479 */ 2480 i = RUN_CMDQ_GET(&sc->cmdq_store); 2481 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2482 sc->cmdq[i].func = run_key_delete_cb; 2483 sc->cmdq[i].arg0 = NULL; 2484 sc->cmdq[i].arg1 = sc; 2485 k0 = &sc->cmdq[i].key; 2486 k0->wk_flags = k->wk_flags; 2487 k0->wk_keyix = k->wk_keyix; 2488 /* matching wcid was written to wk_pad in run_key_set() */ 2489 k0->wk_pad = k->wk_pad; 2490 ieee80211_runtask(ic, &sc->cmdq_task); 2491 return (1); /* return fake success */ 2492 2493 } 2494 2495 static void 2496 run_ratectl_to(void *arg) 2497 { 2498 struct run_softc *sc = arg; 2499 2500 /* do it in a process context, so it can go sleep */ 2501 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2502 /* next timeout will be rescheduled in the callback task */ 2503 } 2504 2505 /* ARGSUSED */ 2506 static void 2507 run_ratectl_cb(void *arg, int pending) 2508 { 2509 struct run_softc *sc = arg; 2510 struct ieee80211com *ic = &sc->sc_ic; 2511 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2512 2513 if (vap == NULL) 2514 return; 2515 2516 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2517 /* 2518 * run_reset_livelock() doesn't do anything with AMRR, 2519 * but Ralink wants us to call it every 1 sec. So, we 2520 * piggyback here rather than creating another callout. 2521 * Livelock may occur only in HOSTAP or IBSS mode 2522 * (when h/w is sending beacons). 2523 */ 2524 RUN_LOCK(sc); 2525 run_reset_livelock(sc); 2526 /* just in case, there are some stats to drain */ 2527 run_drain_fifo(sc); 2528 RUN_UNLOCK(sc); 2529 } 2530 2531 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2532 2533 RUN_LOCK(sc); 2534 if(sc->ratectl_run != RUN_RATECTL_OFF) 2535 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2536 RUN_UNLOCK(sc); 2537 } 2538 2539 static void 2540 run_drain_fifo(void *arg) 2541 { 2542 struct run_softc *sc = arg; 2543 uint32_t stat; 2544 uint16_t (*wstat)[3]; 2545 uint8_t wcid, mcs, pid; 2546 int8_t retry; 2547 2548 RUN_LOCK_ASSERT(sc, MA_OWNED); 2549 2550 for (;;) { 2551 /* drain Tx status FIFO (maxsize = 16) */ 2552 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2553 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2554 if (!(stat & RT2860_TXQ_VLD)) 2555 break; 2556 2557 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2558 2559 /* if no ACK was requested, no feedback is available */ 2560 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2561 wcid == 0) 2562 continue; 2563 2564 /* 2565 * Even though each stat is Tx-complete-status like format, 2566 * the device can poll stats. Because there is no guarantee 2567 * that the referring node is still around when read the stats. 2568 * So that, if we use ieee80211_ratectl_tx_update(), we will 2569 * have hard time not to refer already freed node. 2570 * 2571 * To eliminate such page faults, we poll stats in softc. 2572 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2573 */ 2574 wstat = &(sc->wcid_stats[wcid]); 2575 (*wstat)[RUN_TXCNT]++; 2576 if (stat & RT2860_TXQ_OK) 2577 (*wstat)[RUN_SUCCESS]++; 2578 else 2579 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2580 /* 2581 * Check if there were retries, ie if the Tx success rate is 2582 * different from the requested rate. Note that it works only 2583 * because we do not allow rate fallback from OFDM to CCK. 2584 */ 2585 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2586 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2587 if ((retry = pid -1 - mcs) > 0) { 2588 (*wstat)[RUN_TXCNT] += retry; 2589 (*wstat)[RUN_RETRY] += retry; 2590 } 2591 } 2592 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2593 2594 sc->fifo_cnt = 0; 2595 } 2596 2597 static void 2598 run_iter_func(void *arg, struct ieee80211_node *ni) 2599 { 2600 struct run_softc *sc = arg; 2601 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2602 struct ieee80211vap *vap = ni->ni_vap; 2603 struct run_node *rn = RUN_NODE(ni); 2604 union run_stats sta[2]; 2605 uint16_t (*wstat)[3]; 2606 int error; 2607 2608 RUN_LOCK(sc); 2609 2610 /* Check for special case */ 2611 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2612 ni != vap->iv_bss) 2613 goto fail; 2614 2615 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2616 IEEE80211_RATECTL_TX_STATS_RETRIES; 2617 txs->ni = ni; 2618 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2619 vap->iv_opmode == IEEE80211_M_STA)) { 2620 /* read statistic counters (clear on read) and update AMRR state */ 2621 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2622 sizeof sta); 2623 if (error != 0) 2624 goto fail; 2625 2626 /* count failed TX as errors */ 2627 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2628 le16toh(sta[0].error.fail)); 2629 2630 txs->nretries = le16toh(sta[1].tx.retry); 2631 txs->nsuccess = le16toh(sta[1].tx.success); 2632 /* nretries??? */ 2633 txs->nframes = txs->nretries + txs->nsuccess + 2634 le16toh(sta[0].error.fail); 2635 2636 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2637 "retrycnt=%d success=%d failcnt=%d\n", 2638 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2639 } else { 2640 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2641 2642 if (wstat == &(sc->wcid_stats[0]) || 2643 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2644 goto fail; 2645 2646 txs->nretries = (*wstat)[RUN_RETRY]; 2647 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2648 txs->nframes = (*wstat)[RUN_TXCNT]; 2649 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2650 "retrycnt=%d txcnt=%d success=%d\n", 2651 txs->nretries, txs->nframes, txs->nsuccess); 2652 2653 memset(wstat, 0, sizeof(*wstat)); 2654 } 2655 2656 ieee80211_ratectl_tx_update(vap, txs); 2657 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2658 2659 fail: 2660 RUN_UNLOCK(sc); 2661 2662 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2663 } 2664 2665 static void 2666 run_newassoc_cb(void *arg) 2667 { 2668 struct run_cmdq *cmdq = arg; 2669 struct ieee80211_node *ni = cmdq->arg1; 2670 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2671 uint8_t wcid = cmdq->wcid; 2672 2673 RUN_LOCK_ASSERT(sc, MA_OWNED); 2674 2675 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2676 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2677 2678 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2679 } 2680 2681 static void 2682 run_newassoc(struct ieee80211_node *ni, int isnew) 2683 { 2684 struct run_node *rn = RUN_NODE(ni); 2685 struct ieee80211_rateset *rs = &ni->ni_rates; 2686 struct ieee80211vap *vap = ni->ni_vap; 2687 struct ieee80211com *ic = vap->iv_ic; 2688 struct run_softc *sc = ic->ic_softc; 2689 uint8_t rate; 2690 uint8_t ridx; 2691 uint8_t wcid; 2692 int i, j; 2693 2694 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2695 1 : RUN_AID2WCID(ni->ni_associd); 2696 2697 if (wcid > RT2870_WCID_MAX) { 2698 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2699 return; 2700 } 2701 2702 /* only interested in true associations */ 2703 if (isnew && ni->ni_associd != 0) { 2704 2705 /* 2706 * This function could is called though timeout function. 2707 * Need to defer. 2708 */ 2709 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2710 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2711 sc->cmdq[cnt].func = run_newassoc_cb; 2712 sc->cmdq[cnt].arg0 = NULL; 2713 sc->cmdq[cnt].arg1 = ni; 2714 sc->cmdq[cnt].wcid = wcid; 2715 ieee80211_runtask(ic, &sc->cmdq_task); 2716 } 2717 2718 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2719 "new assoc isnew=%d associd=%x addr=%s\n", 2720 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2721 2722 for (i = 0; i < rs->rs_nrates; i++) { 2723 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2724 /* convert 802.11 rate to hardware rate index */ 2725 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2726 if (rt2860_rates[ridx].rate == rate) 2727 break; 2728 rn->ridx[i] = ridx; 2729 /* determine rate of control response frames */ 2730 for (j = i; j >= 0; j--) { 2731 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2732 rt2860_rates[rn->ridx[i]].phy == 2733 rt2860_rates[rn->ridx[j]].phy) 2734 break; 2735 } 2736 if (j >= 0) { 2737 rn->ctl_ridx[i] = rn->ridx[j]; 2738 } else { 2739 /* no basic rate found, use mandatory one */ 2740 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2741 } 2742 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2743 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2744 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2745 } 2746 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2747 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2748 if (rt2860_rates[ridx].rate == rate) 2749 break; 2750 rn->mgt_ridx = ridx; 2751 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2752 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2753 2754 RUN_LOCK(sc); 2755 if(sc->ratectl_run != RUN_RATECTL_OFF) 2756 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2757 RUN_UNLOCK(sc); 2758 } 2759 2760 /* 2761 * Return the Rx chain with the highest RSSI for a given frame. 2762 */ 2763 static __inline uint8_t 2764 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2765 { 2766 uint8_t rxchain = 0; 2767 2768 if (sc->nrxchains > 1) { 2769 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2770 rxchain = 1; 2771 if (sc->nrxchains > 2) 2772 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2773 rxchain = 2; 2774 } 2775 return (rxchain); 2776 } 2777 2778 static void 2779 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2780 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2781 { 2782 struct ieee80211vap *vap = ni->ni_vap; 2783 struct run_softc *sc = vap->iv_ic->ic_softc; 2784 struct run_vap *rvp = RUN_VAP(vap); 2785 uint64_t ni_tstamp, rx_tstamp; 2786 2787 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2788 2789 if (vap->iv_state == IEEE80211_S_RUN && 2790 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2791 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2792 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2793 RUN_LOCK(sc); 2794 run_get_tsf(sc, &rx_tstamp); 2795 RUN_UNLOCK(sc); 2796 rx_tstamp = le64toh(rx_tstamp); 2797 2798 if (ni_tstamp >= rx_tstamp) { 2799 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2800 "ibss merge, tsf %ju tstamp %ju\n", 2801 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2802 (void) ieee80211_ibss_merge(ni); 2803 } 2804 } 2805 } 2806 2807 static void 2808 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2809 { 2810 struct ieee80211com *ic = &sc->sc_ic; 2811 struct ieee80211_frame *wh; 2812 struct ieee80211_node *ni; 2813 struct rt2870_rxd *rxd; 2814 struct rt2860_rxwi *rxwi; 2815 uint32_t flags; 2816 uint16_t len, rxwisize; 2817 uint8_t ant, rssi; 2818 int8_t nf; 2819 2820 rxwi = mtod(m, struct rt2860_rxwi *); 2821 len = le16toh(rxwi->len) & 0xfff; 2822 rxwisize = sizeof(struct rt2860_rxwi); 2823 if (sc->mac_ver == 0x5592) 2824 rxwisize += sizeof(uint64_t); 2825 else if (sc->mac_ver == 0x3593) 2826 rxwisize += sizeof(uint32_t); 2827 if (__predict_false(len > dmalen)) { 2828 m_freem(m); 2829 counter_u64_add(ic->ic_ierrors, 1); 2830 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2831 "bad RXWI length %u > %u\n", len, dmalen); 2832 return; 2833 } 2834 /* Rx descriptor is located at the end */ 2835 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2836 flags = le32toh(rxd->flags); 2837 2838 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2839 m_freem(m); 2840 counter_u64_add(ic->ic_ierrors, 1); 2841 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2842 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2843 return; 2844 } 2845 2846 m->m_data += rxwisize; 2847 m->m_pkthdr.len = m->m_len -= rxwisize; 2848 2849 wh = mtod(m, struct ieee80211_frame *); 2850 2851 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2852 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2853 m->m_flags |= M_WEP; 2854 } 2855 2856 if (flags & RT2860_RX_L2PAD) { 2857 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2858 "received RT2860_RX_L2PAD frame\n"); 2859 len += 2; 2860 } 2861 2862 ni = ieee80211_find_rxnode(ic, 2863 mtod(m, struct ieee80211_frame_min *)); 2864 2865 if (__predict_false(flags & RT2860_RX_MICERR)) { 2866 /* report MIC failures to net80211 for TKIP */ 2867 if (ni != NULL) 2868 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2869 rxwi->keyidx); 2870 m_freem(m); 2871 counter_u64_add(ic->ic_ierrors, 1); 2872 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2873 "MIC error. Someone is lying.\n"); 2874 return; 2875 } 2876 2877 ant = run_maxrssi_chain(sc, rxwi); 2878 rssi = rxwi->rssi[ant]; 2879 nf = run_rssi2dbm(sc, rssi, ant); 2880 2881 m->m_pkthdr.len = m->m_len = len; 2882 2883 if (__predict_false(ieee80211_radiotap_active(ic))) { 2884 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2885 uint16_t phy; 2886 2887 tap->wr_flags = 0; 2888 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2889 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2890 tap->wr_antsignal = rssi; 2891 tap->wr_antenna = ant; 2892 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2893 tap->wr_rate = 2; /* in case it can't be found below */ 2894 RUN_LOCK(sc); 2895 run_get_tsf(sc, &tap->wr_tsf); 2896 RUN_UNLOCK(sc); 2897 phy = le16toh(rxwi->phy); 2898 switch (phy & RT2860_PHY_MODE) { 2899 case RT2860_PHY_CCK: 2900 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2901 case 0: tap->wr_rate = 2; break; 2902 case 1: tap->wr_rate = 4; break; 2903 case 2: tap->wr_rate = 11; break; 2904 case 3: tap->wr_rate = 22; break; 2905 } 2906 if (phy & RT2860_PHY_SHPRE) 2907 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2908 break; 2909 case RT2860_PHY_OFDM: 2910 switch (phy & RT2860_PHY_MCS) { 2911 case 0: tap->wr_rate = 12; break; 2912 case 1: tap->wr_rate = 18; break; 2913 case 2: tap->wr_rate = 24; break; 2914 case 3: tap->wr_rate = 36; break; 2915 case 4: tap->wr_rate = 48; break; 2916 case 5: tap->wr_rate = 72; break; 2917 case 6: tap->wr_rate = 96; break; 2918 case 7: tap->wr_rate = 108; break; 2919 } 2920 break; 2921 } 2922 } 2923 2924 if (ni != NULL) { 2925 (void)ieee80211_input(ni, m, rssi, nf); 2926 ieee80211_free_node(ni); 2927 } else { 2928 (void)ieee80211_input_all(ic, m, rssi, nf); 2929 } 2930 } 2931 2932 static void 2933 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2934 { 2935 struct run_softc *sc = usbd_xfer_softc(xfer); 2936 struct ieee80211com *ic = &sc->sc_ic; 2937 struct mbuf *m = NULL; 2938 struct mbuf *m0; 2939 uint32_t dmalen; 2940 uint16_t rxwisize; 2941 int xferlen; 2942 2943 rxwisize = sizeof(struct rt2860_rxwi); 2944 if (sc->mac_ver == 0x5592) 2945 rxwisize += sizeof(uint64_t); 2946 else if (sc->mac_ver == 0x3593) 2947 rxwisize += sizeof(uint32_t); 2948 2949 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2950 2951 switch (USB_GET_STATE(xfer)) { 2952 case USB_ST_TRANSFERRED: 2953 2954 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2955 "rx done, actlen=%d\n", xferlen); 2956 2957 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2958 sizeof(struct rt2870_rxd))) { 2959 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2960 "xfer too short %d\n", xferlen); 2961 goto tr_setup; 2962 } 2963 2964 m = sc->rx_m; 2965 sc->rx_m = NULL; 2966 2967 /* FALLTHROUGH */ 2968 case USB_ST_SETUP: 2969 tr_setup: 2970 if (sc->rx_m == NULL) { 2971 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2972 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2973 } 2974 if (sc->rx_m == NULL) { 2975 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2976 "could not allocate mbuf - idle with stall\n"); 2977 counter_u64_add(ic->ic_ierrors, 1); 2978 usbd_xfer_set_stall(xfer); 2979 usbd_xfer_set_frames(xfer, 0); 2980 } else { 2981 /* 2982 * Directly loading a mbuf cluster into DMA to 2983 * save some data copying. This works because 2984 * there is only one cluster. 2985 */ 2986 usbd_xfer_set_frame_data(xfer, 0, 2987 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2988 usbd_xfer_set_frames(xfer, 1); 2989 } 2990 usbd_transfer_submit(xfer); 2991 break; 2992 2993 default: /* Error */ 2994 if (error != USB_ERR_CANCELLED) { 2995 /* try to clear stall first */ 2996 usbd_xfer_set_stall(xfer); 2997 if (error == USB_ERR_TIMEOUT) 2998 device_printf(sc->sc_dev, "device timeout\n"); 2999 counter_u64_add(ic->ic_ierrors, 1); 3000 goto tr_setup; 3001 } 3002 if (sc->rx_m != NULL) { 3003 m_freem(sc->rx_m); 3004 sc->rx_m = NULL; 3005 } 3006 break; 3007 } 3008 3009 if (m == NULL) 3010 return; 3011 3012 /* inputting all the frames must be last */ 3013 3014 RUN_UNLOCK(sc); 3015 3016 m->m_pkthdr.len = m->m_len = xferlen; 3017 3018 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3019 for(;;) { 3020 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3021 3022 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3023 ((dmalen & 3) != 0)) { 3024 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3025 "bad DMA length %u\n", dmalen); 3026 break; 3027 } 3028 if ((dmalen + 8) > (uint32_t)xferlen) { 3029 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3030 "bad DMA length %u > %d\n", 3031 dmalen + 8, xferlen); 3032 break; 3033 } 3034 3035 /* If it is the last one or a single frame, we won't copy. */ 3036 if ((xferlen -= dmalen + 8) <= 8) { 3037 /* trim 32-bit DMA-len header */ 3038 m->m_data += 4; 3039 m->m_pkthdr.len = m->m_len -= 4; 3040 run_rx_frame(sc, m, dmalen); 3041 m = NULL; /* don't free source buffer */ 3042 break; 3043 } 3044 3045 /* copy aggregated frames to another mbuf */ 3046 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3047 if (__predict_false(m0 == NULL)) { 3048 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3049 "could not allocate mbuf\n"); 3050 counter_u64_add(ic->ic_ierrors, 1); 3051 break; 3052 } 3053 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3054 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3055 m0->m_pkthdr.len = m0->m_len = 3056 dmalen + sizeof(struct rt2870_rxd); 3057 run_rx_frame(sc, m0, dmalen); 3058 3059 /* update data ptr */ 3060 m->m_data += dmalen + 8; 3061 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3062 } 3063 3064 /* make sure we free the source buffer, if any */ 3065 m_freem(m); 3066 3067 RUN_LOCK(sc); 3068 } 3069 3070 static void 3071 run_tx_free(struct run_endpoint_queue *pq, 3072 struct run_tx_data *data, int txerr) 3073 { 3074 3075 ieee80211_tx_complete(data->ni, data->m, txerr); 3076 3077 data->m = NULL; 3078 data->ni = NULL; 3079 3080 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3081 pq->tx_nfree++; 3082 } 3083 3084 static void 3085 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3086 { 3087 struct run_softc *sc = usbd_xfer_softc(xfer); 3088 struct ieee80211com *ic = &sc->sc_ic; 3089 struct run_tx_data *data; 3090 struct ieee80211vap *vap = NULL; 3091 struct usb_page_cache *pc; 3092 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3093 struct mbuf *m; 3094 usb_frlength_t size; 3095 int actlen; 3096 int sumlen; 3097 3098 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3099 3100 switch (USB_GET_STATE(xfer)) { 3101 case USB_ST_TRANSFERRED: 3102 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3103 "transfer complete: %d bytes @ index %d\n", actlen, index); 3104 3105 data = usbd_xfer_get_priv(xfer); 3106 run_tx_free(pq, data, 0); 3107 usbd_xfer_set_priv(xfer, NULL); 3108 3109 /* FALLTHROUGH */ 3110 case USB_ST_SETUP: 3111 tr_setup: 3112 data = STAILQ_FIRST(&pq->tx_qh); 3113 if (data == NULL) 3114 break; 3115 3116 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3117 3118 m = data->m; 3119 size = (sc->mac_ver == 0x5592) ? 3120 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3121 if ((m->m_pkthdr.len + 3122 size + 3 + 8) > RUN_MAX_TXSZ) { 3123 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3124 "data overflow, %u bytes\n", m->m_pkthdr.len); 3125 run_tx_free(pq, data, 1); 3126 goto tr_setup; 3127 } 3128 3129 pc = usbd_xfer_get_frame(xfer, 0); 3130 usbd_copy_in(pc, 0, &data->desc, size); 3131 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3132 size += m->m_pkthdr.len; 3133 /* 3134 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3135 * 4-byte padding), and be sure to zero those trailing 3136 * bytes: 3137 */ 3138 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3139 size += ((-size) & 3) + 8; 3140 3141 vap = data->ni->ni_vap; 3142 if (ieee80211_radiotap_active_vap(vap)) { 3143 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3144 struct rt2860_txwi *txwi = 3145 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3146 tap->wt_flags = 0; 3147 tap->wt_rate = rt2860_rates[data->ridx].rate; 3148 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3149 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3150 tap->wt_hwqueue = index; 3151 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3152 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3153 3154 ieee80211_radiotap_tx(vap, m); 3155 } 3156 3157 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3158 "sending frame len=%u/%u @ index %d\n", 3159 m->m_pkthdr.len, size, index); 3160 3161 usbd_xfer_set_frame_len(xfer, 0, size); 3162 usbd_xfer_set_priv(xfer, data); 3163 usbd_transfer_submit(xfer); 3164 run_start(sc); 3165 3166 break; 3167 3168 default: 3169 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3170 "USB transfer error, %s\n", usbd_errstr(error)); 3171 3172 data = usbd_xfer_get_priv(xfer); 3173 3174 if (data != NULL) { 3175 if(data->ni != NULL) 3176 vap = data->ni->ni_vap; 3177 run_tx_free(pq, data, error); 3178 usbd_xfer_set_priv(xfer, NULL); 3179 } 3180 3181 if (vap == NULL) 3182 vap = TAILQ_FIRST(&ic->ic_vaps); 3183 3184 if (error != USB_ERR_CANCELLED) { 3185 if (error == USB_ERR_TIMEOUT) { 3186 device_printf(sc->sc_dev, "device timeout\n"); 3187 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3188 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3189 "cmdq_store=%d\n", i); 3190 sc->cmdq[i].func = run_usb_timeout_cb; 3191 sc->cmdq[i].arg0 = vap; 3192 ieee80211_runtask(ic, &sc->cmdq_task); 3193 } 3194 3195 /* 3196 * Try to clear stall first, also if other 3197 * errors occur, hence clearing stall 3198 * introduces a 50 ms delay: 3199 */ 3200 usbd_xfer_set_stall(xfer); 3201 goto tr_setup; 3202 } 3203 break; 3204 } 3205 } 3206 3207 static void 3208 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3209 { 3210 run_bulk_tx_callbackN(xfer, error, 0); 3211 } 3212 3213 static void 3214 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3215 { 3216 run_bulk_tx_callbackN(xfer, error, 1); 3217 } 3218 3219 static void 3220 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3221 { 3222 run_bulk_tx_callbackN(xfer, error, 2); 3223 } 3224 3225 static void 3226 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3227 { 3228 run_bulk_tx_callbackN(xfer, error, 3); 3229 } 3230 3231 static void 3232 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3233 { 3234 run_bulk_tx_callbackN(xfer, error, 4); 3235 } 3236 3237 static void 3238 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3239 { 3240 run_bulk_tx_callbackN(xfer, error, 5); 3241 } 3242 3243 static void 3244 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3245 { 3246 struct mbuf *m = data->m; 3247 struct ieee80211com *ic = &sc->sc_ic; 3248 struct ieee80211vap *vap = data->ni->ni_vap; 3249 struct ieee80211_frame *wh; 3250 struct rt2870_txd *txd; 3251 struct rt2860_txwi *txwi; 3252 uint16_t xferlen, txwisize; 3253 uint16_t mcs; 3254 uint8_t ridx = data->ridx; 3255 uint8_t pad; 3256 3257 /* get MCS code from rate index */ 3258 mcs = rt2860_rates[ridx].mcs; 3259 3260 txwisize = (sc->mac_ver == 0x5592) ? 3261 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3262 xferlen = txwisize + m->m_pkthdr.len; 3263 3264 /* roundup to 32-bit alignment */ 3265 xferlen = (xferlen + 3) & ~3; 3266 3267 txd = (struct rt2870_txd *)&data->desc; 3268 txd->len = htole16(xferlen); 3269 3270 wh = mtod(m, struct ieee80211_frame *); 3271 3272 /* 3273 * Ether both are true or both are false, the header 3274 * are nicely aligned to 32-bit. So, no L2 padding. 3275 */ 3276 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3277 pad = 0; 3278 else 3279 pad = 2; 3280 3281 /* setup TX Wireless Information */ 3282 txwi = (struct rt2860_txwi *)(txd + 1); 3283 txwi->len = htole16(m->m_pkthdr.len - pad); 3284 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3285 mcs |= RT2860_PHY_CCK; 3286 if (ridx != RT2860_RIDX_CCK1 && 3287 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3288 mcs |= RT2860_PHY_SHPRE; 3289 } else 3290 mcs |= RT2860_PHY_OFDM; 3291 txwi->phy = htole16(mcs); 3292 3293 /* check if RTS/CTS or CTS-to-self protection is required */ 3294 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3295 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3296 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3297 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3298 txwi->txop |= RT2860_TX_TXOP_HT; 3299 else 3300 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3301 3302 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3303 txwi->xflags |= RT2860_TX_NSEQ; 3304 } 3305 3306 /* This function must be called locked */ 3307 static int 3308 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3309 { 3310 struct ieee80211com *ic = &sc->sc_ic; 3311 struct ieee80211vap *vap = ni->ni_vap; 3312 struct ieee80211_frame *wh; 3313 struct ieee80211_channel *chan; 3314 const struct ieee80211_txparam *tp; 3315 struct run_node *rn = RUN_NODE(ni); 3316 struct run_tx_data *data; 3317 struct rt2870_txd *txd; 3318 struct rt2860_txwi *txwi; 3319 uint16_t qos; 3320 uint16_t dur; 3321 uint16_t qid; 3322 uint8_t type; 3323 uint8_t tid; 3324 uint8_t ridx; 3325 uint8_t ctl_ridx; 3326 uint8_t qflags; 3327 uint8_t xflags = 0; 3328 int hasqos; 3329 3330 RUN_LOCK_ASSERT(sc, MA_OWNED); 3331 3332 wh = mtod(m, struct ieee80211_frame *); 3333 3334 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3335 3336 /* 3337 * There are 7 bulk endpoints: 1 for RX 3338 * and 6 for TX (4 EDCAs + HCCA + Prio). 3339 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3340 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3341 */ 3342 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3343 uint8_t *frm; 3344 3345 if(IEEE80211_HAS_ADDR4(wh)) 3346 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3347 else 3348 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3349 3350 qos = le16toh(*(const uint16_t *)frm); 3351 tid = qos & IEEE80211_QOS_TID; 3352 qid = TID_TO_WME_AC(tid); 3353 } else { 3354 qos = 0; 3355 tid = 0; 3356 qid = WME_AC_BE; 3357 } 3358 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3359 3360 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3361 qos, qid, tid, qflags); 3362 3363 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3364 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3365 3366 /* pickup a rate index */ 3367 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3368 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3369 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3370 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3371 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3372 } else { 3373 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3374 ridx = rn->fix_ridx; 3375 else 3376 ridx = rn->amrr_ridx; 3377 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3378 } 3379 3380 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3381 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3382 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3383 xflags |= RT2860_TX_ACK; 3384 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3385 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3386 else 3387 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3388 USETW(wh->i_dur, dur); 3389 } 3390 3391 /* reserve slots for mgmt packets, just in case */ 3392 if (sc->sc_epq[qid].tx_nfree < 3) { 3393 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3394 return (-1); 3395 } 3396 3397 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3398 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3399 sc->sc_epq[qid].tx_nfree--; 3400 3401 txd = (struct rt2870_txd *)&data->desc; 3402 txd->flags = qflags; 3403 txwi = (struct rt2860_txwi *)(txd + 1); 3404 txwi->xflags = xflags; 3405 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3406 txwi->wcid = 0; 3407 else 3408 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3409 1 : RUN_AID2WCID(ni->ni_associd); 3410 3411 /* clear leftover garbage bits */ 3412 txwi->flags = 0; 3413 txwi->txop = 0; 3414 3415 data->m = m; 3416 data->ni = ni; 3417 data->ridx = ridx; 3418 3419 run_set_tx_desc(sc, data); 3420 3421 /* 3422 * The chip keeps track of 2 kind of Tx stats, 3423 * * TX_STAT_FIFO, for per WCID stats, and 3424 * * TX_STA_CNT0 for all-TX-in-one stats. 3425 * 3426 * To use FIFO stats, we need to store MCS into the driver-private 3427 * PacketID field. So that, we can tell whose stats when we read them. 3428 * We add 1 to the MCS because setting the PacketID field to 0 means 3429 * that we don't want feedback in TX_STAT_FIFO. 3430 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3431 * 3432 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3433 */ 3434 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3435 vap->iv_opmode == IEEE80211_M_MBSS) { 3436 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3437 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3438 3439 /* 3440 * Unlike PCI based devices, we don't get any interrupt from 3441 * USB devices, so we simulate FIFO-is-full interrupt here. 3442 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3443 * quickly get fulled. To prevent overflow, increment a counter on 3444 * every FIFO stat request, so we know how many slots are left. 3445 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3446 * are used only in those modes. 3447 * We just drain stats. AMRR gets updated every 1 sec by 3448 * run_ratectl_cb() via callout. 3449 * Call it early. Otherwise overflow. 3450 */ 3451 if (sc->fifo_cnt++ == 10) { 3452 /* 3453 * With multiple vaps or if_bridge, if_start() is called 3454 * with a non-sleepable lock, tcpinp. So, need to defer. 3455 */ 3456 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3457 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3458 sc->cmdq[i].func = run_drain_fifo; 3459 sc->cmdq[i].arg0 = sc; 3460 ieee80211_runtask(ic, &sc->cmdq_task); 3461 } 3462 } 3463 3464 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3465 3466 usbd_transfer_start(sc->sc_xfer[qid]); 3467 3468 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3469 "sending data frame len=%d rate=%d qid=%d\n", 3470 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3471 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3472 3473 return (0); 3474 } 3475 3476 static int 3477 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3478 { 3479 struct ieee80211com *ic = &sc->sc_ic; 3480 struct run_node *rn = RUN_NODE(ni); 3481 struct run_tx_data *data; 3482 struct ieee80211_frame *wh; 3483 struct rt2870_txd *txd; 3484 struct rt2860_txwi *txwi; 3485 uint16_t dur; 3486 uint8_t ridx = rn->mgt_ridx; 3487 uint8_t type; 3488 uint8_t xflags = 0; 3489 uint8_t wflags = 0; 3490 3491 RUN_LOCK_ASSERT(sc, MA_OWNED); 3492 3493 wh = mtod(m, struct ieee80211_frame *); 3494 3495 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3496 3497 /* tell hardware to add timestamp for probe responses */ 3498 if ((wh->i_fc[0] & 3499 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3500 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3501 wflags |= RT2860_TX_TS; 3502 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3503 xflags |= RT2860_TX_ACK; 3504 3505 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3506 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3507 USETW(wh->i_dur, dur); 3508 } 3509 3510 if (sc->sc_epq[0].tx_nfree == 0) 3511 /* let caller free mbuf */ 3512 return (EIO); 3513 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3514 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3515 sc->sc_epq[0].tx_nfree--; 3516 3517 txd = (struct rt2870_txd *)&data->desc; 3518 txd->flags = RT2860_TX_QSEL_EDCA; 3519 txwi = (struct rt2860_txwi *)(txd + 1); 3520 txwi->wcid = 0xff; 3521 txwi->flags = wflags; 3522 txwi->xflags = xflags; 3523 txwi->txop = 0; /* clear leftover garbage bits */ 3524 3525 data->m = m; 3526 data->ni = ni; 3527 data->ridx = ridx; 3528 3529 run_set_tx_desc(sc, data); 3530 3531 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3532 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3533 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3534 3535 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3536 3537 usbd_transfer_start(sc->sc_xfer[0]); 3538 3539 return (0); 3540 } 3541 3542 static int 3543 run_sendprot(struct run_softc *sc, 3544 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3545 { 3546 struct ieee80211com *ic = ni->ni_ic; 3547 struct ieee80211_frame *wh; 3548 struct run_tx_data *data; 3549 struct rt2870_txd *txd; 3550 struct rt2860_txwi *txwi; 3551 struct mbuf *mprot; 3552 int ridx; 3553 int protrate; 3554 int ackrate; 3555 int pktlen; 3556 int isshort; 3557 uint16_t dur; 3558 uint8_t type; 3559 uint8_t wflags = 0; 3560 uint8_t xflags = 0; 3561 3562 RUN_LOCK_ASSERT(sc, MA_OWNED); 3563 3564 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3565 ("protection %d", prot)); 3566 3567 wh = mtod(m, struct ieee80211_frame *); 3568 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3569 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3570 3571 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3572 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3573 3574 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3575 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3576 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3577 wflags = RT2860_TX_FRAG; 3578 3579 /* check that there are free slots before allocating the mbuf */ 3580 if (sc->sc_epq[0].tx_nfree == 0) 3581 /* let caller free mbuf */ 3582 return (ENOBUFS); 3583 3584 if (prot == IEEE80211_PROT_RTSCTS) { 3585 /* NB: CTS is the same size as an ACK */ 3586 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3587 xflags |= RT2860_TX_ACK; 3588 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3589 } else { 3590 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3591 } 3592 if (mprot == NULL) { 3593 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3594 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3595 return (ENOBUFS); 3596 } 3597 3598 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3599 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3600 sc->sc_epq[0].tx_nfree--; 3601 3602 txd = (struct rt2870_txd *)&data->desc; 3603 txd->flags = RT2860_TX_QSEL_EDCA; 3604 txwi = (struct rt2860_txwi *)(txd + 1); 3605 txwi->wcid = 0xff; 3606 txwi->flags = wflags; 3607 txwi->xflags = xflags; 3608 txwi->txop = 0; /* clear leftover garbage bits */ 3609 3610 data->m = mprot; 3611 data->ni = ieee80211_ref_node(ni); 3612 3613 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3614 if (rt2860_rates[ridx].rate == protrate) 3615 break; 3616 data->ridx = ridx; 3617 3618 run_set_tx_desc(sc, data); 3619 3620 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3621 m->m_pkthdr.len, rate); 3622 3623 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3624 3625 usbd_transfer_start(sc->sc_xfer[0]); 3626 3627 return (0); 3628 } 3629 3630 static int 3631 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3632 const struct ieee80211_bpf_params *params) 3633 { 3634 struct ieee80211com *ic = ni->ni_ic; 3635 struct ieee80211_frame *wh; 3636 struct run_tx_data *data; 3637 struct rt2870_txd *txd; 3638 struct rt2860_txwi *txwi; 3639 uint8_t type; 3640 uint8_t ridx; 3641 uint8_t rate; 3642 uint8_t opflags = 0; 3643 uint8_t xflags = 0; 3644 int error; 3645 3646 RUN_LOCK_ASSERT(sc, MA_OWNED); 3647 3648 KASSERT(params != NULL, ("no raw xmit params")); 3649 3650 wh = mtod(m, struct ieee80211_frame *); 3651 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3652 3653 rate = params->ibp_rate0; 3654 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3655 /* let caller free mbuf */ 3656 return (EINVAL); 3657 } 3658 3659 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3660 xflags |= RT2860_TX_ACK; 3661 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3662 error = run_sendprot(sc, m, ni, 3663 params->ibp_flags & IEEE80211_BPF_RTS ? 3664 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3665 rate); 3666 if (error) { 3667 /* let caller free mbuf */ 3668 return error; 3669 } 3670 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3671 } 3672 3673 if (sc->sc_epq[0].tx_nfree == 0) { 3674 /* let caller free mbuf */ 3675 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3676 "sending raw frame, but tx ring is full\n"); 3677 return (EIO); 3678 } 3679 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3680 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3681 sc->sc_epq[0].tx_nfree--; 3682 3683 txd = (struct rt2870_txd *)&data->desc; 3684 txd->flags = RT2860_TX_QSEL_EDCA; 3685 txwi = (struct rt2860_txwi *)(txd + 1); 3686 txwi->wcid = 0xff; 3687 txwi->xflags = xflags; 3688 txwi->txop = opflags; 3689 txwi->flags = 0; /* clear leftover garbage bits */ 3690 3691 data->m = m; 3692 data->ni = ni; 3693 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3694 if (rt2860_rates[ridx].rate == rate) 3695 break; 3696 data->ridx = ridx; 3697 3698 run_set_tx_desc(sc, data); 3699 3700 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3701 m->m_pkthdr.len, rate); 3702 3703 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3704 3705 usbd_transfer_start(sc->sc_xfer[0]); 3706 3707 return (0); 3708 } 3709 3710 static int 3711 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3712 const struct ieee80211_bpf_params *params) 3713 { 3714 struct run_softc *sc = ni->ni_ic->ic_softc; 3715 int error = 0; 3716 3717 RUN_LOCK(sc); 3718 3719 /* prevent management frames from being sent if we're not ready */ 3720 if (!(sc->sc_flags & RUN_RUNNING)) { 3721 error = ENETDOWN; 3722 goto done; 3723 } 3724 3725 if (params == NULL) { 3726 /* tx mgt packet */ 3727 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3728 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3729 goto done; 3730 } 3731 } else { 3732 /* tx raw packet with param */ 3733 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3734 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3735 goto done; 3736 } 3737 } 3738 3739 done: 3740 RUN_UNLOCK(sc); 3741 3742 if (error != 0) { 3743 if(m != NULL) 3744 m_freem(m); 3745 } 3746 3747 return (error); 3748 } 3749 3750 static int 3751 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3752 { 3753 struct run_softc *sc = ic->ic_softc; 3754 int error; 3755 3756 RUN_LOCK(sc); 3757 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3758 RUN_UNLOCK(sc); 3759 return (ENXIO); 3760 } 3761 error = mbufq_enqueue(&sc->sc_snd, m); 3762 if (error) { 3763 RUN_UNLOCK(sc); 3764 return (error); 3765 } 3766 run_start(sc); 3767 RUN_UNLOCK(sc); 3768 3769 return (0); 3770 } 3771 3772 static void 3773 run_start(struct run_softc *sc) 3774 { 3775 struct ieee80211_node *ni; 3776 struct mbuf *m; 3777 3778 RUN_LOCK_ASSERT(sc, MA_OWNED); 3779 3780 if ((sc->sc_flags & RUN_RUNNING) == 0) 3781 return; 3782 3783 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3784 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3785 if (run_tx(sc, m, ni) != 0) { 3786 mbufq_prepend(&sc->sc_snd, m); 3787 break; 3788 } 3789 } 3790 } 3791 3792 static void 3793 run_parent(struct ieee80211com *ic) 3794 { 3795 struct run_softc *sc = ic->ic_softc; 3796 int startall = 0; 3797 3798 RUN_LOCK(sc); 3799 if (sc->sc_detached) { 3800 RUN_UNLOCK(sc); 3801 return; 3802 } 3803 3804 if (ic->ic_nrunning > 0) { 3805 if (!(sc->sc_flags & RUN_RUNNING)) { 3806 startall = 1; 3807 run_init_locked(sc); 3808 } else 3809 run_update_promisc_locked(sc); 3810 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3811 run_stop(sc); 3812 RUN_UNLOCK(sc); 3813 if (startall) 3814 ieee80211_start_all(ic); 3815 } 3816 3817 static void 3818 run_iq_calib(struct run_softc *sc, u_int chan) 3819 { 3820 uint16_t val; 3821 3822 /* Tx0 IQ gain. */ 3823 run_bbp_write(sc, 158, 0x2c); 3824 if (chan <= 14) 3825 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3826 else if (chan <= 64) { 3827 run_efuse_read(sc, 3828 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3829 &val, 1); 3830 } else if (chan <= 138) { 3831 run_efuse_read(sc, 3832 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3833 &val, 1); 3834 } else if (chan <= 165) { 3835 run_efuse_read(sc, 3836 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3837 &val, 1); 3838 } else 3839 val = 0; 3840 run_bbp_write(sc, 159, val); 3841 3842 /* Tx0 IQ phase. */ 3843 run_bbp_write(sc, 158, 0x2d); 3844 if (chan <= 14) { 3845 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3846 &val, 1); 3847 } else if (chan <= 64) { 3848 run_efuse_read(sc, 3849 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3850 &val, 1); 3851 } else if (chan <= 138) { 3852 run_efuse_read(sc, 3853 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3854 &val, 1); 3855 } else if (chan <= 165) { 3856 run_efuse_read(sc, 3857 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3858 &val, 1); 3859 } else 3860 val = 0; 3861 run_bbp_write(sc, 159, val); 3862 3863 /* Tx1 IQ gain. */ 3864 run_bbp_write(sc, 158, 0x4a); 3865 if (chan <= 14) { 3866 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3867 &val, 1); 3868 } else if (chan <= 64) { 3869 run_efuse_read(sc, 3870 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3871 &val, 1); 3872 } else if (chan <= 138) { 3873 run_efuse_read(sc, 3874 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3875 &val, 1); 3876 } else if (chan <= 165) { 3877 run_efuse_read(sc, 3878 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3879 &val, 1); 3880 } else 3881 val = 0; 3882 run_bbp_write(sc, 159, val); 3883 3884 /* Tx1 IQ phase. */ 3885 run_bbp_write(sc, 158, 0x4b); 3886 if (chan <= 14) { 3887 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3888 &val, 1); 3889 } else if (chan <= 64) { 3890 run_efuse_read(sc, 3891 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3892 &val, 1); 3893 } else if (chan <= 138) { 3894 run_efuse_read(sc, 3895 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3896 &val, 1); 3897 } else if (chan <= 165) { 3898 run_efuse_read(sc, 3899 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3900 &val, 1); 3901 } else 3902 val = 0; 3903 run_bbp_write(sc, 159, val); 3904 3905 /* RF IQ compensation control. */ 3906 run_bbp_write(sc, 158, 0x04); 3907 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3908 &val, 1); 3909 run_bbp_write(sc, 159, val); 3910 3911 /* RF IQ imbalance compensation control. */ 3912 run_bbp_write(sc, 158, 0x03); 3913 run_efuse_read(sc, 3914 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3915 run_bbp_write(sc, 159, val); 3916 } 3917 3918 static void 3919 run_set_agc(struct run_softc *sc, uint8_t agc) 3920 { 3921 uint8_t bbp; 3922 3923 if (sc->mac_ver == 0x3572) { 3924 run_bbp_read(sc, 27, &bbp); 3925 bbp &= ~(0x3 << 5); 3926 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3927 run_bbp_write(sc, 66, agc); 3928 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3929 run_bbp_write(sc, 66, agc); 3930 } else 3931 run_bbp_write(sc, 66, agc); 3932 } 3933 3934 static void 3935 run_select_chan_group(struct run_softc *sc, int group) 3936 { 3937 uint32_t tmp; 3938 uint8_t agc; 3939 3940 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3941 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3942 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3943 if (sc->mac_ver < 0x3572) 3944 run_bbp_write(sc, 86, 0x00); 3945 3946 if (sc->mac_ver == 0x3593) { 3947 run_bbp_write(sc, 77, 0x98); 3948 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3949 } 3950 3951 if (group == 0) { 3952 if (sc->ext_2ghz_lna) { 3953 if (sc->mac_ver >= 0x5390) 3954 run_bbp_write(sc, 75, 0x52); 3955 else { 3956 run_bbp_write(sc, 82, 0x62); 3957 run_bbp_write(sc, 75, 0x46); 3958 } 3959 } else { 3960 if (sc->mac_ver == 0x5592) { 3961 run_bbp_write(sc, 79, 0x1c); 3962 run_bbp_write(sc, 80, 0x0e); 3963 run_bbp_write(sc, 81, 0x3a); 3964 run_bbp_write(sc, 82, 0x62); 3965 3966 run_bbp_write(sc, 195, 0x80); 3967 run_bbp_write(sc, 196, 0xe0); 3968 run_bbp_write(sc, 195, 0x81); 3969 run_bbp_write(sc, 196, 0x1f); 3970 run_bbp_write(sc, 195, 0x82); 3971 run_bbp_write(sc, 196, 0x38); 3972 run_bbp_write(sc, 195, 0x83); 3973 run_bbp_write(sc, 196, 0x32); 3974 run_bbp_write(sc, 195, 0x85); 3975 run_bbp_write(sc, 196, 0x28); 3976 run_bbp_write(sc, 195, 0x86); 3977 run_bbp_write(sc, 196, 0x19); 3978 } else if (sc->mac_ver >= 0x5390) 3979 run_bbp_write(sc, 75, 0x50); 3980 else { 3981 run_bbp_write(sc, 82, 3982 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3983 run_bbp_write(sc, 75, 0x50); 3984 } 3985 } 3986 } else { 3987 if (sc->mac_ver == 0x5592) { 3988 run_bbp_write(sc, 79, 0x18); 3989 run_bbp_write(sc, 80, 0x08); 3990 run_bbp_write(sc, 81, 0x38); 3991 run_bbp_write(sc, 82, 0x92); 3992 3993 run_bbp_write(sc, 195, 0x80); 3994 run_bbp_write(sc, 196, 0xf0); 3995 run_bbp_write(sc, 195, 0x81); 3996 run_bbp_write(sc, 196, 0x1e); 3997 run_bbp_write(sc, 195, 0x82); 3998 run_bbp_write(sc, 196, 0x28); 3999 run_bbp_write(sc, 195, 0x83); 4000 run_bbp_write(sc, 196, 0x20); 4001 run_bbp_write(sc, 195, 0x85); 4002 run_bbp_write(sc, 196, 0x7f); 4003 run_bbp_write(sc, 195, 0x86); 4004 run_bbp_write(sc, 196, 0x7f); 4005 } else if (sc->mac_ver == 0x3572) 4006 run_bbp_write(sc, 82, 0x94); 4007 else 4008 run_bbp_write(sc, 82, 4009 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4010 if (sc->ext_5ghz_lna) 4011 run_bbp_write(sc, 75, 0x46); 4012 else 4013 run_bbp_write(sc, 75, 0x50); 4014 } 4015 4016 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4017 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4018 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4019 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4020 4021 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4022 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4023 if (sc->mac_ver == 0x3593) 4024 tmp |= 1 << 29 | 1 << 28; 4025 if (sc->nrxchains > 1) 4026 tmp |= RT2860_LNA_PE1_EN; 4027 if (group == 0) { /* 2GHz */ 4028 tmp |= RT2860_PA_PE_G0_EN; 4029 if (sc->ntxchains > 1) 4030 tmp |= RT2860_PA_PE_G1_EN; 4031 if (sc->mac_ver == 0x3593) { 4032 if (sc->ntxchains > 2) 4033 tmp |= 1 << 25; 4034 } 4035 } else { /* 5GHz */ 4036 tmp |= RT2860_PA_PE_A0_EN; 4037 if (sc->ntxchains > 1) 4038 tmp |= RT2860_PA_PE_A1_EN; 4039 } 4040 if (sc->mac_ver == 0x3572) { 4041 run_rt3070_rf_write(sc, 8, 0x00); 4042 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4043 run_rt3070_rf_write(sc, 8, 0x80); 4044 } else 4045 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4046 4047 if (sc->mac_ver == 0x5592) { 4048 run_bbp_write(sc, 195, 0x8d); 4049 run_bbp_write(sc, 196, 0x1a); 4050 } 4051 4052 if (sc->mac_ver == 0x3593) { 4053 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4054 tmp &= ~0x01010000; 4055 if (group == 0) 4056 tmp |= 0x00010000; 4057 tmp = (tmp & ~0x00009090) | 0x00000090; 4058 run_write(sc, RT2860_GPIO_CTRL, tmp); 4059 } 4060 4061 /* set initial AGC value */ 4062 if (group == 0) { /* 2GHz band */ 4063 if (sc->mac_ver >= 0x3070) 4064 agc = 0x1c + sc->lna[0] * 2; 4065 else 4066 agc = 0x2e + sc->lna[0]; 4067 } else { /* 5GHz band */ 4068 if (sc->mac_ver == 0x5592) 4069 agc = 0x24 + sc->lna[group] * 2; 4070 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4071 agc = 0x22 + (sc->lna[group] * 5) / 3; 4072 else 4073 agc = 0x32 + (sc->lna[group] * 5) / 3; 4074 } 4075 run_set_agc(sc, agc); 4076 } 4077 4078 static void 4079 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4080 { 4081 const struct rfprog *rfprog = rt2860_rf2850; 4082 uint32_t r2, r3, r4; 4083 int8_t txpow1, txpow2; 4084 int i; 4085 4086 /* find the settings for this channel (we know it exists) */ 4087 for (i = 0; rfprog[i].chan != chan; i++); 4088 4089 r2 = rfprog[i].r2; 4090 if (sc->ntxchains == 1) 4091 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4092 if (sc->nrxchains == 1) 4093 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4094 else if (sc->nrxchains == 2) 4095 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4096 4097 /* use Tx power values from EEPROM */ 4098 txpow1 = sc->txpow1[i]; 4099 txpow2 = sc->txpow2[i]; 4100 4101 /* Initialize RF R3 and R4. */ 4102 r3 = rfprog[i].r3 & 0xffffc1ff; 4103 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4104 if (chan > 14) { 4105 if (txpow1 >= 0) { 4106 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4107 r3 |= (txpow1 << 10) | (1 << 9); 4108 } else { 4109 txpow1 += 7; 4110 4111 /* txpow1 is not possible larger than 15. */ 4112 r3 |= (txpow1 << 10); 4113 } 4114 if (txpow2 >= 0) { 4115 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4116 r4 |= (txpow2 << 7) | (1 << 6); 4117 } else { 4118 txpow2 += 7; 4119 r4 |= (txpow2 << 7); 4120 } 4121 } else { 4122 /* Set Tx0 power. */ 4123 r3 |= (txpow1 << 9); 4124 4125 /* Set frequency offset and Tx1 power. */ 4126 r4 |= (txpow2 << 6); 4127 } 4128 4129 run_rt2870_rf_write(sc, rfprog[i].r1); 4130 run_rt2870_rf_write(sc, r2); 4131 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4132 run_rt2870_rf_write(sc, r4); 4133 4134 run_delay(sc, 10); 4135 4136 run_rt2870_rf_write(sc, rfprog[i].r1); 4137 run_rt2870_rf_write(sc, r2); 4138 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4139 run_rt2870_rf_write(sc, r4); 4140 4141 run_delay(sc, 10); 4142 4143 run_rt2870_rf_write(sc, rfprog[i].r1); 4144 run_rt2870_rf_write(sc, r2); 4145 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4146 run_rt2870_rf_write(sc, r4); 4147 } 4148 4149 static void 4150 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4151 { 4152 int8_t txpow1, txpow2; 4153 uint8_t rf; 4154 int i; 4155 4156 /* find the settings for this channel (we know it exists) */ 4157 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4158 4159 /* use Tx power values from EEPROM */ 4160 txpow1 = sc->txpow1[i]; 4161 txpow2 = sc->txpow2[i]; 4162 4163 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4164 4165 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4166 run_rt3070_rf_read(sc, 3, &rf); 4167 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4168 run_rt3070_rf_write(sc, 3, rf); 4169 4170 run_rt3070_rf_read(sc, 6, &rf); 4171 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4172 run_rt3070_rf_write(sc, 6, rf); 4173 4174 /* set Tx0 power */ 4175 run_rt3070_rf_read(sc, 12, &rf); 4176 rf = (rf & ~0x1f) | txpow1; 4177 run_rt3070_rf_write(sc, 12, rf); 4178 4179 /* set Tx1 power */ 4180 run_rt3070_rf_read(sc, 13, &rf); 4181 rf = (rf & ~0x1f) | txpow2; 4182 run_rt3070_rf_write(sc, 13, rf); 4183 4184 run_rt3070_rf_read(sc, 1, &rf); 4185 rf &= ~0xfc; 4186 if (sc->ntxchains == 1) 4187 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4188 else if (sc->ntxchains == 2) 4189 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4190 if (sc->nrxchains == 1) 4191 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4192 else if (sc->nrxchains == 2) 4193 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4194 run_rt3070_rf_write(sc, 1, rf); 4195 4196 /* set RF offset */ 4197 run_rt3070_rf_read(sc, 23, &rf); 4198 rf = (rf & ~0x7f) | sc->freq; 4199 run_rt3070_rf_write(sc, 23, rf); 4200 4201 /* program RF filter */ 4202 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4203 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4204 run_rt3070_rf_write(sc, 24, rf); 4205 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4206 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4207 run_rt3070_rf_write(sc, 31, rf); 4208 4209 /* enable RF tuning */ 4210 run_rt3070_rf_read(sc, 7, &rf); 4211 run_rt3070_rf_write(sc, 7, rf | 0x01); 4212 } 4213 4214 static void 4215 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4216 { 4217 int8_t txpow1, txpow2; 4218 uint32_t tmp; 4219 uint8_t rf; 4220 int i; 4221 4222 /* find the settings for this channel (we know it exists) */ 4223 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4224 4225 /* use Tx power values from EEPROM */ 4226 txpow1 = sc->txpow1[i]; 4227 txpow2 = sc->txpow2[i]; 4228 4229 if (chan <= 14) { 4230 run_bbp_write(sc, 25, sc->bbp25); 4231 run_bbp_write(sc, 26, sc->bbp26); 4232 } else { 4233 /* enable IQ phase correction */ 4234 run_bbp_write(sc, 25, 0x09); 4235 run_bbp_write(sc, 26, 0xff); 4236 } 4237 4238 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4239 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4240 run_rt3070_rf_read(sc, 6, &rf); 4241 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4242 rf |= (chan <= 14) ? 0x08 : 0x04; 4243 run_rt3070_rf_write(sc, 6, rf); 4244 4245 /* set PLL mode */ 4246 run_rt3070_rf_read(sc, 5, &rf); 4247 rf &= ~(0x08 | 0x04); 4248 rf |= (chan <= 14) ? 0x04 : 0x08; 4249 run_rt3070_rf_write(sc, 5, rf); 4250 4251 /* set Tx power for chain 0 */ 4252 if (chan <= 14) 4253 rf = 0x60 | txpow1; 4254 else 4255 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4256 run_rt3070_rf_write(sc, 12, rf); 4257 4258 /* set Tx power for chain 1 */ 4259 if (chan <= 14) 4260 rf = 0x60 | txpow2; 4261 else 4262 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4263 run_rt3070_rf_write(sc, 13, rf); 4264 4265 /* set Tx/Rx streams */ 4266 run_rt3070_rf_read(sc, 1, &rf); 4267 rf &= ~0xfc; 4268 if (sc->ntxchains == 1) 4269 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4270 else if (sc->ntxchains == 2) 4271 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4272 if (sc->nrxchains == 1) 4273 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4274 else if (sc->nrxchains == 2) 4275 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4276 run_rt3070_rf_write(sc, 1, rf); 4277 4278 /* set RF offset */ 4279 run_rt3070_rf_read(sc, 23, &rf); 4280 rf = (rf & ~0x7f) | sc->freq; 4281 run_rt3070_rf_write(sc, 23, rf); 4282 4283 /* program RF filter */ 4284 rf = sc->rf24_20mhz; 4285 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4286 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4287 4288 /* enable RF tuning */ 4289 run_rt3070_rf_read(sc, 7, &rf); 4290 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4291 run_rt3070_rf_write(sc, 7, rf); 4292 4293 /* TSSI */ 4294 rf = (chan <= 14) ? 0xc3 : 0xc0; 4295 run_rt3070_rf_write(sc, 9, rf); 4296 4297 /* set loop filter 1 */ 4298 run_rt3070_rf_write(sc, 10, 0xf1); 4299 /* set loop filter 2 */ 4300 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4301 4302 /* set tx_mx2_ic */ 4303 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4304 /* set tx_mx1_ic */ 4305 if (chan <= 14) 4306 rf = 0x48 | sc->txmixgain_2ghz; 4307 else 4308 rf = 0x78 | sc->txmixgain_5ghz; 4309 run_rt3070_rf_write(sc, 16, rf); 4310 4311 /* set tx_lo1 */ 4312 run_rt3070_rf_write(sc, 17, 0x23); 4313 /* set tx_lo2 */ 4314 if (chan <= 14) 4315 rf = 0x93; 4316 else if (chan <= 64) 4317 rf = 0xb7; 4318 else if (chan <= 128) 4319 rf = 0x74; 4320 else 4321 rf = 0x72; 4322 run_rt3070_rf_write(sc, 19, rf); 4323 4324 /* set rx_lo1 */ 4325 if (chan <= 14) 4326 rf = 0xb3; 4327 else if (chan <= 64) 4328 rf = 0xf6; 4329 else if (chan <= 128) 4330 rf = 0xf4; 4331 else 4332 rf = 0xf3; 4333 run_rt3070_rf_write(sc, 20, rf); 4334 4335 /* set pfd_delay */ 4336 if (chan <= 14) 4337 rf = 0x15; 4338 else if (chan <= 64) 4339 rf = 0x3d; 4340 else 4341 rf = 0x01; 4342 run_rt3070_rf_write(sc, 25, rf); 4343 4344 /* set rx_lo2 */ 4345 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4346 /* set ldo_rf_vc */ 4347 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4348 /* set drv_cc */ 4349 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4350 4351 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4352 tmp &= ~0x8080; 4353 if (chan <= 14) 4354 tmp |= 0x80; 4355 run_write(sc, RT2860_GPIO_CTRL, tmp); 4356 4357 /* enable RF tuning */ 4358 run_rt3070_rf_read(sc, 7, &rf); 4359 run_rt3070_rf_write(sc, 7, rf | 0x01); 4360 4361 run_delay(sc, 2); 4362 } 4363 4364 static void 4365 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4366 { 4367 int8_t txpow1, txpow2, txpow3; 4368 uint8_t h20mhz, rf; 4369 int i; 4370 4371 /* find the settings for this channel (we know it exists) */ 4372 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4373 4374 /* use Tx power values from EEPROM */ 4375 txpow1 = sc->txpow1[i]; 4376 txpow2 = sc->txpow2[i]; 4377 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4378 4379 if (chan <= 14) { 4380 run_bbp_write(sc, 25, sc->bbp25); 4381 run_bbp_write(sc, 26, sc->bbp26); 4382 } else { 4383 /* Enable IQ phase correction. */ 4384 run_bbp_write(sc, 25, 0x09); 4385 run_bbp_write(sc, 26, 0xff); 4386 } 4387 4388 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4389 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4390 run_rt3070_rf_read(sc, 11, &rf); 4391 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4392 run_rt3070_rf_write(sc, 11, rf); 4393 4394 /* Set pll_idoh. */ 4395 run_rt3070_rf_read(sc, 11, &rf); 4396 rf &= ~0x4c; 4397 rf |= (chan <= 14) ? 0x44 : 0x48; 4398 run_rt3070_rf_write(sc, 11, rf); 4399 4400 if (chan <= 14) 4401 rf = txpow1 & 0x1f; 4402 else 4403 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4404 run_rt3070_rf_write(sc, 53, rf); 4405 4406 if (chan <= 14) 4407 rf = txpow2 & 0x1f; 4408 else 4409 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4410 run_rt3070_rf_write(sc, 55, rf); 4411 4412 if (chan <= 14) 4413 rf = txpow3 & 0x1f; 4414 else 4415 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4416 run_rt3070_rf_write(sc, 54, rf); 4417 4418 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4419 if (sc->ntxchains == 3) 4420 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4421 else 4422 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4423 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4424 run_rt3070_rf_write(sc, 1, rf); 4425 4426 run_adjust_freq_offset(sc); 4427 4428 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4429 4430 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4431 run_rt3070_rf_read(sc, 30, &rf); 4432 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4433 run_rt3070_rf_write(sc, 30, rf); 4434 4435 run_rt3070_rf_read(sc, 36, &rf); 4436 if (chan <= 14) 4437 rf |= 0x80; 4438 else 4439 rf &= ~0x80; 4440 run_rt3070_rf_write(sc, 36, rf); 4441 4442 /* Set vcolo_bs. */ 4443 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4444 /* Set pfd_delay. */ 4445 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4446 4447 /* Set vco bias current control. */ 4448 run_rt3070_rf_read(sc, 6, &rf); 4449 rf &= ~0xc0; 4450 if (chan <= 14) 4451 rf |= 0x40; 4452 else if (chan <= 128) 4453 rf |= 0x80; 4454 else 4455 rf |= 0x40; 4456 run_rt3070_rf_write(sc, 6, rf); 4457 4458 run_rt3070_rf_read(sc, 30, &rf); 4459 rf = (rf & ~0x18) | 0x10; 4460 run_rt3070_rf_write(sc, 30, rf); 4461 4462 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4463 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4464 4465 run_rt3070_rf_read(sc, 51, &rf); 4466 rf = (rf & ~0x03) | 0x01; 4467 run_rt3070_rf_write(sc, 51, rf); 4468 /* Set tx_mx1_cc. */ 4469 run_rt3070_rf_read(sc, 51, &rf); 4470 rf &= ~0x1c; 4471 rf |= (chan <= 14) ? 0x14 : 0x10; 4472 run_rt3070_rf_write(sc, 51, rf); 4473 /* Set tx_mx1_ic. */ 4474 run_rt3070_rf_read(sc, 51, &rf); 4475 rf &= ~0xe0; 4476 rf |= (chan <= 14) ? 0x60 : 0x40; 4477 run_rt3070_rf_write(sc, 51, rf); 4478 /* Set tx_lo1_ic. */ 4479 run_rt3070_rf_read(sc, 49, &rf); 4480 rf &= ~0x1c; 4481 rf |= (chan <= 14) ? 0x0c : 0x08; 4482 run_rt3070_rf_write(sc, 49, rf); 4483 /* Set tx_lo1_en. */ 4484 run_rt3070_rf_read(sc, 50, &rf); 4485 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4486 /* Set drv_cc. */ 4487 run_rt3070_rf_read(sc, 57, &rf); 4488 rf &= ~0xfc; 4489 rf |= (chan <= 14) ? 0x6c : 0x3c; 4490 run_rt3070_rf_write(sc, 57, rf); 4491 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4492 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4493 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4494 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4495 /* Enable VCO calibration. */ 4496 run_rt3070_rf_read(sc, 3, &rf); 4497 rf &= ~RT5390_VCOCAL; 4498 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4499 run_rt3070_rf_write(sc, 3, rf); 4500 4501 if (chan <= 14) 4502 rf = 0x23; 4503 else if (chan <= 64) 4504 rf = 0x36; 4505 else if (chan <= 128) 4506 rf = 0x32; 4507 else 4508 rf = 0x30; 4509 run_rt3070_rf_write(sc, 39, rf); 4510 if (chan <= 14) 4511 rf = 0xbb; 4512 else if (chan <= 64) 4513 rf = 0xeb; 4514 else if (chan <= 128) 4515 rf = 0xb3; 4516 else 4517 rf = 0x9b; 4518 run_rt3070_rf_write(sc, 45, rf); 4519 4520 /* Set FEQ/AEQ control. */ 4521 run_bbp_write(sc, 105, 0x34); 4522 } 4523 4524 static void 4525 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4526 { 4527 int8_t txpow1, txpow2; 4528 uint8_t rf; 4529 int i; 4530 4531 /* find the settings for this channel (we know it exists) */ 4532 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4533 4534 /* use Tx power values from EEPROM */ 4535 txpow1 = sc->txpow1[i]; 4536 txpow2 = sc->txpow2[i]; 4537 4538 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4539 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4540 run_rt3070_rf_read(sc, 11, &rf); 4541 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4542 run_rt3070_rf_write(sc, 11, rf); 4543 4544 run_rt3070_rf_read(sc, 49, &rf); 4545 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4546 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4547 if ((rf & 0x3f) > 0x27) 4548 rf = (rf & ~0x3f) | 0x27; 4549 run_rt3070_rf_write(sc, 49, rf); 4550 4551 if (sc->mac_ver == 0x5392) { 4552 run_rt3070_rf_read(sc, 50, &rf); 4553 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4554 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4555 if ((rf & 0x3f) > 0x27) 4556 rf = (rf & ~0x3f) | 0x27; 4557 run_rt3070_rf_write(sc, 50, rf); 4558 } 4559 4560 run_rt3070_rf_read(sc, 1, &rf); 4561 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4562 if (sc->mac_ver == 0x5392) 4563 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4564 run_rt3070_rf_write(sc, 1, rf); 4565 4566 if (sc->mac_ver != 0x5392) { 4567 run_rt3070_rf_read(sc, 2, &rf); 4568 rf |= 0x80; 4569 run_rt3070_rf_write(sc, 2, rf); 4570 run_delay(sc, 10); 4571 rf &= 0x7f; 4572 run_rt3070_rf_write(sc, 2, rf); 4573 } 4574 4575 run_adjust_freq_offset(sc); 4576 4577 if (sc->mac_ver == 0x5392) { 4578 /* Fix for RT5392C. */ 4579 if (sc->mac_rev >= 0x0223) { 4580 if (chan <= 4) 4581 rf = 0x0f; 4582 else if (chan >= 5 && chan <= 7) 4583 rf = 0x0e; 4584 else 4585 rf = 0x0d; 4586 run_rt3070_rf_write(sc, 23, rf); 4587 4588 if (chan <= 4) 4589 rf = 0x0c; 4590 else if (chan == 5) 4591 rf = 0x0b; 4592 else if (chan >= 6 && chan <= 7) 4593 rf = 0x0a; 4594 else if (chan >= 8 && chan <= 10) 4595 rf = 0x09; 4596 else 4597 rf = 0x08; 4598 run_rt3070_rf_write(sc, 59, rf); 4599 } else { 4600 if (chan <= 11) 4601 rf = 0x0f; 4602 else 4603 rf = 0x0b; 4604 run_rt3070_rf_write(sc, 59, rf); 4605 } 4606 } else { 4607 /* Fix for RT5390F. */ 4608 if (sc->mac_rev >= 0x0502) { 4609 if (chan <= 11) 4610 rf = 0x43; 4611 else 4612 rf = 0x23; 4613 run_rt3070_rf_write(sc, 55, rf); 4614 4615 if (chan <= 11) 4616 rf = 0x0f; 4617 else if (chan == 12) 4618 rf = 0x0d; 4619 else 4620 rf = 0x0b; 4621 run_rt3070_rf_write(sc, 59, rf); 4622 } else { 4623 run_rt3070_rf_write(sc, 55, 0x44); 4624 run_rt3070_rf_write(sc, 59, 0x8f); 4625 } 4626 } 4627 4628 /* Enable VCO calibration. */ 4629 run_rt3070_rf_read(sc, 3, &rf); 4630 rf |= RT5390_VCOCAL; 4631 run_rt3070_rf_write(sc, 3, rf); 4632 } 4633 4634 static void 4635 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4636 { 4637 const struct rt5592_freqs *freqs; 4638 uint32_t tmp; 4639 uint8_t reg, rf, txpow_bound; 4640 int8_t txpow1, txpow2; 4641 int i; 4642 4643 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4644 freqs = (tmp & RT5592_SEL_XTAL) ? 4645 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4646 4647 /* find the settings for this channel (we know it exists) */ 4648 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4649 4650 /* use Tx power values from EEPROM */ 4651 txpow1 = sc->txpow1[i]; 4652 txpow2 = sc->txpow2[i]; 4653 4654 run_read(sc, RT3070_LDO_CFG0, &tmp); 4655 tmp &= ~0x1c000000; 4656 if (chan > 14) 4657 tmp |= 0x14000000; 4658 run_write(sc, RT3070_LDO_CFG0, tmp); 4659 4660 /* N setting. */ 4661 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4662 run_rt3070_rf_read(sc, 9, &rf); 4663 rf &= ~(1 << 4); 4664 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4665 run_rt3070_rf_write(sc, 9, rf); 4666 4667 /* K setting. */ 4668 run_rt3070_rf_read(sc, 9, &rf); 4669 rf &= ~0x0f; 4670 rf |= (freqs->k & 0x0f); 4671 run_rt3070_rf_write(sc, 9, rf); 4672 4673 /* Mode setting. */ 4674 run_rt3070_rf_read(sc, 11, &rf); 4675 rf &= ~0x0c; 4676 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4677 run_rt3070_rf_write(sc, 11, rf); 4678 run_rt3070_rf_read(sc, 9, &rf); 4679 rf &= ~(1 << 7); 4680 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4681 run_rt3070_rf_write(sc, 9, rf); 4682 4683 /* R setting. */ 4684 run_rt3070_rf_read(sc, 11, &rf); 4685 rf &= ~0x03; 4686 rf |= (freqs->r - 0x1); 4687 run_rt3070_rf_write(sc, 11, rf); 4688 4689 if (chan <= 14) { 4690 /* Initialize RF registers for 2GHZ. */ 4691 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4692 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4693 rt5592_2ghz_def_rf[i].val); 4694 } 4695 4696 rf = (chan <= 10) ? 0x07 : 0x06; 4697 run_rt3070_rf_write(sc, 23, rf); 4698 run_rt3070_rf_write(sc, 59, rf); 4699 4700 run_rt3070_rf_write(sc, 55, 0x43); 4701 4702 /* 4703 * RF R49/R50 Tx power ALC code. 4704 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4705 */ 4706 reg = 2; 4707 txpow_bound = 0x27; 4708 } else { 4709 /* Initialize RF registers for 5GHZ. */ 4710 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4711 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4712 rt5592_5ghz_def_rf[i].val); 4713 } 4714 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4715 if (chan >= rt5592_chan_5ghz[i].firstchan && 4716 chan <= rt5592_chan_5ghz[i].lastchan) { 4717 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4718 rt5592_chan_5ghz[i].val); 4719 } 4720 } 4721 4722 /* 4723 * RF R49/R50 Tx power ALC code. 4724 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4725 */ 4726 reg = 3; 4727 txpow_bound = 0x2b; 4728 } 4729 4730 /* RF R49 ch0 Tx power ALC code. */ 4731 run_rt3070_rf_read(sc, 49, &rf); 4732 rf &= ~0xc0; 4733 rf |= (reg << 6); 4734 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4735 if ((rf & 0x3f) > txpow_bound) 4736 rf = (rf & ~0x3f) | txpow_bound; 4737 run_rt3070_rf_write(sc, 49, rf); 4738 4739 /* RF R50 ch1 Tx power ALC code. */ 4740 run_rt3070_rf_read(sc, 50, &rf); 4741 rf &= ~(1 << 7 | 1 << 6); 4742 rf |= (reg << 6); 4743 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4744 if ((rf & 0x3f) > txpow_bound) 4745 rf = (rf & ~0x3f) | txpow_bound; 4746 run_rt3070_rf_write(sc, 50, rf); 4747 4748 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4749 run_rt3070_rf_read(sc, 1, &rf); 4750 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4751 if (sc->ntxchains > 1) 4752 rf |= RT3070_TX1_PD; 4753 if (sc->nrxchains > 1) 4754 rf |= RT3070_RX1_PD; 4755 run_rt3070_rf_write(sc, 1, rf); 4756 4757 run_rt3070_rf_write(sc, 6, 0xe4); 4758 4759 run_rt3070_rf_write(sc, 30, 0x10); 4760 run_rt3070_rf_write(sc, 31, 0x80); 4761 run_rt3070_rf_write(sc, 32, 0x80); 4762 4763 run_adjust_freq_offset(sc); 4764 4765 /* Enable VCO calibration. */ 4766 run_rt3070_rf_read(sc, 3, &rf); 4767 rf |= RT5390_VCOCAL; 4768 run_rt3070_rf_write(sc, 3, rf); 4769 } 4770 4771 static void 4772 run_set_rx_antenna(struct run_softc *sc, int aux) 4773 { 4774 uint32_t tmp; 4775 uint8_t bbp152; 4776 4777 if (aux) { 4778 if (sc->rf_rev == RT5390_RF_5370) { 4779 run_bbp_read(sc, 152, &bbp152); 4780 run_bbp_write(sc, 152, bbp152 & ~0x80); 4781 } else { 4782 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4783 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4784 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4785 } 4786 } else { 4787 if (sc->rf_rev == RT5390_RF_5370) { 4788 run_bbp_read(sc, 152, &bbp152); 4789 run_bbp_write(sc, 152, bbp152 | 0x80); 4790 } else { 4791 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4792 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4793 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4794 } 4795 } 4796 } 4797 4798 static int 4799 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4800 { 4801 struct ieee80211com *ic = &sc->sc_ic; 4802 u_int chan, group; 4803 4804 chan = ieee80211_chan2ieee(ic, c); 4805 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4806 return (EINVAL); 4807 4808 if (sc->mac_ver == 0x5592) 4809 run_rt5592_set_chan(sc, chan); 4810 else if (sc->mac_ver >= 0x5390) 4811 run_rt5390_set_chan(sc, chan); 4812 else if (sc->mac_ver == 0x3593) 4813 run_rt3593_set_chan(sc, chan); 4814 else if (sc->mac_ver == 0x3572) 4815 run_rt3572_set_chan(sc, chan); 4816 else if (sc->mac_ver >= 0x3070) 4817 run_rt3070_set_chan(sc, chan); 4818 else 4819 run_rt2870_set_chan(sc, chan); 4820 4821 /* determine channel group */ 4822 if (chan <= 14) 4823 group = 0; 4824 else if (chan <= 64) 4825 group = 1; 4826 else if (chan <= 128) 4827 group = 2; 4828 else 4829 group = 3; 4830 4831 /* XXX necessary only when group has changed! */ 4832 run_select_chan_group(sc, group); 4833 4834 run_delay(sc, 10); 4835 4836 /* Perform IQ calibration. */ 4837 if (sc->mac_ver >= 0x5392) 4838 run_iq_calib(sc, chan); 4839 4840 return (0); 4841 } 4842 4843 static void 4844 run_set_channel(struct ieee80211com *ic) 4845 { 4846 struct run_softc *sc = ic->ic_softc; 4847 4848 RUN_LOCK(sc); 4849 run_set_chan(sc, ic->ic_curchan); 4850 RUN_UNLOCK(sc); 4851 4852 return; 4853 } 4854 4855 static void 4856 run_getradiocaps(struct ieee80211com *ic, 4857 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4858 { 4859 struct run_softc *sc = ic->ic_softc; 4860 uint8_t bands[IEEE80211_MODE_BYTES]; 4861 4862 memset(bands, 0, sizeof(bands)); 4863 setbit(bands, IEEE80211_MODE_11B); 4864 setbit(bands, IEEE80211_MODE_11G); 4865 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4866 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4867 4868 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4869 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4870 sc->rf_rev == RT5592_RF_5592) { 4871 setbit(bands, IEEE80211_MODE_11A); 4872 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4873 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4874 } 4875 } 4876 4877 static void 4878 run_scan_start(struct ieee80211com *ic) 4879 { 4880 struct run_softc *sc = ic->ic_softc; 4881 uint32_t tmp; 4882 4883 RUN_LOCK(sc); 4884 4885 /* abort TSF synchronization */ 4886 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4887 run_write(sc, RT2860_BCN_TIME_CFG, 4888 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4889 RT2860_TBTT_TIMER_EN)); 4890 run_set_bssid(sc, ieee80211broadcastaddr); 4891 4892 RUN_UNLOCK(sc); 4893 4894 return; 4895 } 4896 4897 static void 4898 run_scan_end(struct ieee80211com *ic) 4899 { 4900 struct run_softc *sc = ic->ic_softc; 4901 4902 RUN_LOCK(sc); 4903 4904 run_enable_tsf_sync(sc); 4905 run_set_bssid(sc, sc->sc_bssid); 4906 4907 RUN_UNLOCK(sc); 4908 4909 return; 4910 } 4911 4912 /* 4913 * Could be called from ieee80211_node_timeout() 4914 * (non-sleepable thread) 4915 */ 4916 static void 4917 run_update_beacon(struct ieee80211vap *vap, int item) 4918 { 4919 struct ieee80211com *ic = vap->iv_ic; 4920 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4921 struct ieee80211_node *ni = vap->iv_bss; 4922 struct run_softc *sc = ic->ic_softc; 4923 struct run_vap *rvp = RUN_VAP(vap); 4924 int mcast = 0; 4925 uint32_t i; 4926 4927 switch (item) { 4928 case IEEE80211_BEACON_ERP: 4929 run_updateslot(ic); 4930 break; 4931 case IEEE80211_BEACON_HTINFO: 4932 run_updateprot(ic); 4933 break; 4934 case IEEE80211_BEACON_TIM: 4935 mcast = 1; /*TODO*/ 4936 break; 4937 default: 4938 break; 4939 } 4940 4941 setbit(bo->bo_flags, item); 4942 if (rvp->beacon_mbuf == NULL) { 4943 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4944 if (rvp->beacon_mbuf == NULL) 4945 return; 4946 } 4947 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4948 4949 i = RUN_CMDQ_GET(&sc->cmdq_store); 4950 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4951 sc->cmdq[i].func = run_update_beacon_cb; 4952 sc->cmdq[i].arg0 = vap; 4953 ieee80211_runtask(ic, &sc->cmdq_task); 4954 4955 return; 4956 } 4957 4958 static void 4959 run_update_beacon_cb(void *arg) 4960 { 4961 struct ieee80211vap *vap = arg; 4962 struct ieee80211_node *ni = vap->iv_bss; 4963 struct run_vap *rvp = RUN_VAP(vap); 4964 struct ieee80211com *ic = vap->iv_ic; 4965 struct run_softc *sc = ic->ic_softc; 4966 struct rt2860_txwi txwi; 4967 struct mbuf *m; 4968 uint16_t txwisize; 4969 uint8_t ridx; 4970 4971 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4972 return; 4973 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4974 return; 4975 4976 /* 4977 * No need to call ieee80211_beacon_update(), run_update_beacon() 4978 * is taking care of appropriate calls. 4979 */ 4980 if (rvp->beacon_mbuf == NULL) { 4981 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4982 if (rvp->beacon_mbuf == NULL) 4983 return; 4984 } 4985 m = rvp->beacon_mbuf; 4986 4987 memset(&txwi, 0, sizeof(txwi)); 4988 txwi.wcid = 0xff; 4989 txwi.len = htole16(m->m_pkthdr.len); 4990 4991 /* send beacons at the lowest available rate */ 4992 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4993 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4994 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4995 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4996 txwi.phy |= htole16(RT2860_PHY_OFDM); 4997 txwi.txop = RT2860_TX_TXOP_HT; 4998 txwi.flags = RT2860_TX_TS; 4999 txwi.xflags = RT2860_TX_NSEQ; 5000 5001 txwisize = (sc->mac_ver == 0x5592) ? 5002 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 5003 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 5004 txwisize); 5005 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 5006 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5007 } 5008 5009 static void 5010 run_updateprot(struct ieee80211com *ic) 5011 { 5012 struct run_softc *sc = ic->ic_softc; 5013 uint32_t i; 5014 5015 i = RUN_CMDQ_GET(&sc->cmdq_store); 5016 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5017 sc->cmdq[i].func = run_updateprot_cb; 5018 sc->cmdq[i].arg0 = ic; 5019 ieee80211_runtask(ic, &sc->cmdq_task); 5020 } 5021 5022 static void 5023 run_updateprot_cb(void *arg) 5024 { 5025 struct ieee80211com *ic = arg; 5026 struct run_softc *sc = ic->ic_softc; 5027 uint32_t tmp; 5028 5029 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5030 /* setup protection frame rate (MCS code) */ 5031 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5032 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5033 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5034 5035 /* CCK frames don't require protection */ 5036 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5037 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5038 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5039 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5040 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5041 tmp |= RT2860_PROT_CTRL_CTS; 5042 } 5043 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5044 } 5045 5046 static void 5047 run_usb_timeout_cb(void *arg) 5048 { 5049 struct ieee80211vap *vap = arg; 5050 struct run_softc *sc = vap->iv_ic->ic_softc; 5051 5052 RUN_LOCK_ASSERT(sc, MA_OWNED); 5053 5054 if(vap->iv_state == IEEE80211_S_RUN && 5055 vap->iv_opmode != IEEE80211_M_STA) 5056 run_reset_livelock(sc); 5057 else if (vap->iv_state == IEEE80211_S_SCAN) { 5058 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5059 "timeout caused by scan\n"); 5060 /* cancel bgscan */ 5061 ieee80211_cancel_scan(vap); 5062 } else 5063 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5064 "timeout by unknown cause\n"); 5065 } 5066 5067 static void 5068 run_reset_livelock(struct run_softc *sc) 5069 { 5070 uint32_t tmp; 5071 5072 RUN_LOCK_ASSERT(sc, MA_OWNED); 5073 5074 /* 5075 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5076 * can run into a livelock and start sending CTS-to-self frames like 5077 * crazy if protection is enabled. Reset MAC/BBP for a while 5078 */ 5079 run_read(sc, RT2860_DEBUG, &tmp); 5080 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5081 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5082 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5083 "CTS-to-self livelock detected\n"); 5084 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5085 run_delay(sc, 1); 5086 run_write(sc, RT2860_MAC_SYS_CTRL, 5087 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5088 } 5089 } 5090 5091 static void 5092 run_update_promisc_locked(struct run_softc *sc) 5093 { 5094 uint32_t tmp; 5095 5096 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5097 5098 tmp |= RT2860_DROP_UC_NOME; 5099 if (sc->sc_ic.ic_promisc > 0) 5100 tmp &= ~RT2860_DROP_UC_NOME; 5101 5102 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5103 5104 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5105 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5106 } 5107 5108 static void 5109 run_update_promisc(struct ieee80211com *ic) 5110 { 5111 struct run_softc *sc = ic->ic_softc; 5112 5113 if ((sc->sc_flags & RUN_RUNNING) == 0) 5114 return; 5115 5116 RUN_LOCK(sc); 5117 run_update_promisc_locked(sc); 5118 RUN_UNLOCK(sc); 5119 } 5120 5121 static void 5122 run_enable_tsf_sync(struct run_softc *sc) 5123 { 5124 struct ieee80211com *ic = &sc->sc_ic; 5125 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5126 uint32_t tmp; 5127 5128 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5129 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5130 5131 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5132 tmp &= ~0x1fffff; 5133 tmp |= vap->iv_bss->ni_intval * 16; 5134 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5135 5136 if (ic->ic_opmode == IEEE80211_M_STA) { 5137 /* 5138 * Local TSF is always updated with remote TSF on beacon 5139 * reception. 5140 */ 5141 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5142 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5143 tmp |= RT2860_BCN_TX_EN; 5144 /* 5145 * Local TSF is updated with remote TSF on beacon reception 5146 * only if the remote TSF is greater than local TSF. 5147 */ 5148 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5149 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5150 ic->ic_opmode == IEEE80211_M_MBSS) { 5151 tmp |= RT2860_BCN_TX_EN; 5152 /* SYNC with nobody */ 5153 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5154 } else { 5155 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5156 "Enabling TSF failed. undefined opmode\n"); 5157 return; 5158 } 5159 5160 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5161 } 5162 5163 static void 5164 run_enable_tsf(struct run_softc *sc) 5165 { 5166 uint32_t tmp; 5167 5168 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5169 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5170 tmp |= RT2860_TSF_TIMER_EN; 5171 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5172 } 5173 } 5174 5175 static void 5176 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5177 { 5178 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5179 sizeof(*buf)); 5180 } 5181 5182 static void 5183 run_enable_mrr(struct run_softc *sc) 5184 { 5185 #define CCK(mcs) (mcs) 5186 #define OFDM(mcs) (1 << 3 | (mcs)) 5187 run_write(sc, RT2860_LG_FBK_CFG0, 5188 OFDM(6) << 28 | /* 54->48 */ 5189 OFDM(5) << 24 | /* 48->36 */ 5190 OFDM(4) << 20 | /* 36->24 */ 5191 OFDM(3) << 16 | /* 24->18 */ 5192 OFDM(2) << 12 | /* 18->12 */ 5193 OFDM(1) << 8 | /* 12-> 9 */ 5194 OFDM(0) << 4 | /* 9-> 6 */ 5195 OFDM(0)); /* 6-> 6 */ 5196 5197 run_write(sc, RT2860_LG_FBK_CFG1, 5198 CCK(2) << 12 | /* 11->5.5 */ 5199 CCK(1) << 8 | /* 5.5-> 2 */ 5200 CCK(0) << 4 | /* 2-> 1 */ 5201 CCK(0)); /* 1-> 1 */ 5202 #undef OFDM 5203 #undef CCK 5204 } 5205 5206 static void 5207 run_set_txpreamble(struct run_softc *sc) 5208 { 5209 struct ieee80211com *ic = &sc->sc_ic; 5210 uint32_t tmp; 5211 5212 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5213 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5214 tmp |= RT2860_CCK_SHORT_EN; 5215 else 5216 tmp &= ~RT2860_CCK_SHORT_EN; 5217 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5218 } 5219 5220 static void 5221 run_set_basicrates(struct run_softc *sc) 5222 { 5223 struct ieee80211com *ic = &sc->sc_ic; 5224 5225 /* set basic rates mask */ 5226 if (ic->ic_curmode == IEEE80211_MODE_11B) 5227 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5228 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5229 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5230 else /* 11g */ 5231 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5232 } 5233 5234 static void 5235 run_set_leds(struct run_softc *sc, uint16_t which) 5236 { 5237 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5238 which | (sc->leds & 0x7f)); 5239 } 5240 5241 static void 5242 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5243 { 5244 run_write(sc, RT2860_MAC_BSSID_DW0, 5245 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5246 run_write(sc, RT2860_MAC_BSSID_DW1, 5247 bssid[4] | bssid[5] << 8); 5248 } 5249 5250 static void 5251 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5252 { 5253 run_write(sc, RT2860_MAC_ADDR_DW0, 5254 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5255 run_write(sc, RT2860_MAC_ADDR_DW1, 5256 addr[4] | addr[5] << 8 | 0xff << 16); 5257 } 5258 5259 static void 5260 run_updateslot(struct ieee80211com *ic) 5261 { 5262 struct run_softc *sc = ic->ic_softc; 5263 uint32_t i; 5264 5265 i = RUN_CMDQ_GET(&sc->cmdq_store); 5266 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5267 sc->cmdq[i].func = run_updateslot_cb; 5268 sc->cmdq[i].arg0 = ic; 5269 ieee80211_runtask(ic, &sc->cmdq_task); 5270 5271 return; 5272 } 5273 5274 /* ARGSUSED */ 5275 static void 5276 run_updateslot_cb(void *arg) 5277 { 5278 struct ieee80211com *ic = arg; 5279 struct run_softc *sc = ic->ic_softc; 5280 uint32_t tmp; 5281 5282 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5283 tmp &= ~0xff; 5284 tmp |= IEEE80211_GET_SLOTTIME(ic); 5285 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5286 } 5287 5288 static void 5289 run_update_mcast(struct ieee80211com *ic) 5290 { 5291 } 5292 5293 static int8_t 5294 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5295 { 5296 struct ieee80211com *ic = &sc->sc_ic; 5297 struct ieee80211_channel *c = ic->ic_curchan; 5298 int delta; 5299 5300 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5301 u_int chan = ieee80211_chan2ieee(ic, c); 5302 delta = sc->rssi_5ghz[rxchain]; 5303 5304 /* determine channel group */ 5305 if (chan <= 64) 5306 delta -= sc->lna[1]; 5307 else if (chan <= 128) 5308 delta -= sc->lna[2]; 5309 else 5310 delta -= sc->lna[3]; 5311 } else 5312 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5313 5314 return (-12 - delta - rssi); 5315 } 5316 5317 static void 5318 run_rt5390_bbp_init(struct run_softc *sc) 5319 { 5320 u_int i; 5321 uint8_t bbp; 5322 5323 /* Apply maximum likelihood detection for 2 stream case. */ 5324 run_bbp_read(sc, 105, &bbp); 5325 if (sc->nrxchains > 1) 5326 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5327 5328 /* Avoid data lost and CRC error. */ 5329 run_bbp_read(sc, 4, &bbp); 5330 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5331 5332 if (sc->mac_ver == 0x5592) { 5333 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5334 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5335 rt5592_def_bbp[i].val); 5336 } 5337 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5338 run_bbp_write(sc, 195, i + 0x80); 5339 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5340 } 5341 } else { 5342 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5343 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5344 rt5390_def_bbp[i].val); 5345 } 5346 } 5347 if (sc->mac_ver == 0x5392) { 5348 run_bbp_write(sc, 88, 0x90); 5349 run_bbp_write(sc, 95, 0x9a); 5350 run_bbp_write(sc, 98, 0x12); 5351 run_bbp_write(sc, 106, 0x12); 5352 run_bbp_write(sc, 134, 0xd0); 5353 run_bbp_write(sc, 135, 0xf6); 5354 run_bbp_write(sc, 148, 0x84); 5355 } 5356 5357 run_bbp_read(sc, 152, &bbp); 5358 run_bbp_write(sc, 152, bbp | 0x80); 5359 5360 /* Fix BBP254 for RT5592C. */ 5361 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5362 run_bbp_read(sc, 254, &bbp); 5363 run_bbp_write(sc, 254, bbp | 0x80); 5364 } 5365 5366 /* Disable hardware antenna diversity. */ 5367 if (sc->mac_ver == 0x5390) 5368 run_bbp_write(sc, 154, 0); 5369 5370 /* Initialize Rx CCK/OFDM frequency offset report. */ 5371 run_bbp_write(sc, 142, 1); 5372 run_bbp_write(sc, 143, 57); 5373 } 5374 5375 static int 5376 run_bbp_init(struct run_softc *sc) 5377 { 5378 int i, error, ntries; 5379 uint8_t bbp0; 5380 5381 /* wait for BBP to wake up */ 5382 for (ntries = 0; ntries < 20; ntries++) { 5383 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5384 return error; 5385 if (bbp0 != 0 && bbp0 != 0xff) 5386 break; 5387 } 5388 if (ntries == 20) 5389 return (ETIMEDOUT); 5390 5391 /* initialize BBP registers to default values */ 5392 if (sc->mac_ver >= 0x5390) 5393 run_rt5390_bbp_init(sc); 5394 else { 5395 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5396 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5397 rt2860_def_bbp[i].val); 5398 } 5399 } 5400 5401 if (sc->mac_ver == 0x3593) { 5402 run_bbp_write(sc, 79, 0x13); 5403 run_bbp_write(sc, 80, 0x05); 5404 run_bbp_write(sc, 81, 0x33); 5405 run_bbp_write(sc, 86, 0x46); 5406 run_bbp_write(sc, 137, 0x0f); 5407 } 5408 5409 /* fix BBP84 for RT2860E */ 5410 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5411 run_bbp_write(sc, 84, 0x19); 5412 5413 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5414 sc->mac_ver != 0x5592)) { 5415 run_bbp_write(sc, 79, 0x13); 5416 run_bbp_write(sc, 80, 0x05); 5417 run_bbp_write(sc, 81, 0x33); 5418 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5419 run_bbp_write(sc, 69, 0x16); 5420 run_bbp_write(sc, 73, 0x12); 5421 } 5422 return (0); 5423 } 5424 5425 static int 5426 run_rt3070_rf_init(struct run_softc *sc) 5427 { 5428 uint32_t tmp; 5429 uint8_t bbp4, mingain, rf, target; 5430 u_int i; 5431 5432 run_rt3070_rf_read(sc, 30, &rf); 5433 /* toggle RF R30 bit 7 */ 5434 run_rt3070_rf_write(sc, 30, rf | 0x80); 5435 run_delay(sc, 10); 5436 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5437 5438 /* initialize RF registers to default value */ 5439 if (sc->mac_ver == 0x3572) { 5440 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5441 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5442 rt3572_def_rf[i].val); 5443 } 5444 } else { 5445 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5446 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5447 rt3070_def_rf[i].val); 5448 } 5449 } 5450 5451 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5452 /* 5453 * Change voltage from 1.2V to 1.35V for RT3070. 5454 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5455 * in RT3070(F). 5456 */ 5457 run_read(sc, RT3070_LDO_CFG0, &tmp); 5458 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5459 run_write(sc, RT3070_LDO_CFG0, tmp); 5460 5461 } else if (sc->mac_ver == 0x3071) { 5462 run_rt3070_rf_read(sc, 6, &rf); 5463 run_rt3070_rf_write(sc, 6, rf | 0x40); 5464 run_rt3070_rf_write(sc, 31, 0x14); 5465 5466 run_read(sc, RT3070_LDO_CFG0, &tmp); 5467 tmp &= ~0x1f000000; 5468 if (sc->mac_rev < 0x0211) 5469 tmp |= 0x0d000000; /* 1.3V */ 5470 else 5471 tmp |= 0x01000000; /* 1.2V */ 5472 run_write(sc, RT3070_LDO_CFG0, tmp); 5473 5474 /* patch LNA_PE_G1 */ 5475 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5476 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5477 5478 } else if (sc->mac_ver == 0x3572) { 5479 run_rt3070_rf_read(sc, 6, &rf); 5480 run_rt3070_rf_write(sc, 6, rf | 0x40); 5481 5482 /* increase voltage from 1.2V to 1.35V */ 5483 run_read(sc, RT3070_LDO_CFG0, &tmp); 5484 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5485 run_write(sc, RT3070_LDO_CFG0, tmp); 5486 5487 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5488 run_delay(sc, 1); /* wait for 1msec */ 5489 /* decrease voltage back to 1.2V */ 5490 tmp = (tmp & ~0x1f000000) | 0x01000000; 5491 run_write(sc, RT3070_LDO_CFG0, tmp); 5492 } 5493 } 5494 5495 /* select 20MHz bandwidth */ 5496 run_rt3070_rf_read(sc, 31, &rf); 5497 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5498 5499 /* calibrate filter for 20MHz bandwidth */ 5500 sc->rf24_20mhz = 0x1f; /* default value */ 5501 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5502 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5503 5504 /* select 40MHz bandwidth */ 5505 run_bbp_read(sc, 4, &bbp4); 5506 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5507 run_rt3070_rf_read(sc, 31, &rf); 5508 run_rt3070_rf_write(sc, 31, rf | 0x20); 5509 5510 /* calibrate filter for 40MHz bandwidth */ 5511 sc->rf24_40mhz = 0x2f; /* default value */ 5512 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5513 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5514 5515 /* go back to 20MHz bandwidth */ 5516 run_bbp_read(sc, 4, &bbp4); 5517 run_bbp_write(sc, 4, bbp4 & ~0x18); 5518 5519 if (sc->mac_ver == 0x3572) { 5520 /* save default BBP registers 25 and 26 values */ 5521 run_bbp_read(sc, 25, &sc->bbp25); 5522 run_bbp_read(sc, 26, &sc->bbp26); 5523 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5524 run_rt3070_rf_write(sc, 27, 0x03); 5525 5526 run_read(sc, RT3070_OPT_14, &tmp); 5527 run_write(sc, RT3070_OPT_14, tmp | 1); 5528 5529 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5530 run_rt3070_rf_read(sc, 17, &rf); 5531 rf &= ~RT3070_TX_LO1; 5532 if ((sc->mac_ver == 0x3070 || 5533 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5534 !sc->ext_2ghz_lna) 5535 rf |= 0x20; /* fix for long range Rx issue */ 5536 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5537 if (sc->txmixgain_2ghz >= mingain) 5538 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5539 run_rt3070_rf_write(sc, 17, rf); 5540 } 5541 5542 if (sc->mac_ver == 0x3071) { 5543 run_rt3070_rf_read(sc, 1, &rf); 5544 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5545 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5546 run_rt3070_rf_write(sc, 1, rf); 5547 5548 run_rt3070_rf_read(sc, 15, &rf); 5549 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5550 5551 run_rt3070_rf_read(sc, 20, &rf); 5552 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5553 5554 run_rt3070_rf_read(sc, 21, &rf); 5555 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5556 } 5557 5558 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5559 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5560 run_rt3070_rf_read(sc, 27, &rf); 5561 rf &= ~0x77; 5562 if (sc->mac_rev < 0x0211) 5563 rf |= 0x03; 5564 run_rt3070_rf_write(sc, 27, rf); 5565 } 5566 return (0); 5567 } 5568 5569 static void 5570 run_rt3593_rf_init(struct run_softc *sc) 5571 { 5572 uint32_t tmp; 5573 uint8_t rf; 5574 u_int i; 5575 5576 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5577 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5578 tmp &= ~(1 << 4 | 1 << 7); 5579 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5580 5581 /* Initialize RF registers to default value. */ 5582 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5583 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5584 rt3593_def_rf[i].val); 5585 } 5586 5587 /* Toggle RF R2 to initiate calibration. */ 5588 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5589 5590 /* Initialize RF frequency offset. */ 5591 run_adjust_freq_offset(sc); 5592 5593 run_rt3070_rf_read(sc, 18, &rf); 5594 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5595 5596 /* 5597 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5598 * decrease voltage back to 1.2V. 5599 */ 5600 run_read(sc, RT3070_LDO_CFG0, &tmp); 5601 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5602 run_write(sc, RT3070_LDO_CFG0, tmp); 5603 run_delay(sc, 1); 5604 tmp = (tmp & ~0x1f000000) | 0x01000000; 5605 run_write(sc, RT3070_LDO_CFG0, tmp); 5606 5607 sc->rf24_20mhz = 0x1f; 5608 sc->rf24_40mhz = 0x2f; 5609 5610 /* Save default BBP registers 25 and 26 values. */ 5611 run_bbp_read(sc, 25, &sc->bbp25); 5612 run_bbp_read(sc, 26, &sc->bbp26); 5613 5614 run_read(sc, RT3070_OPT_14, &tmp); 5615 run_write(sc, RT3070_OPT_14, tmp | 1); 5616 } 5617 5618 static void 5619 run_rt5390_rf_init(struct run_softc *sc) 5620 { 5621 uint32_t tmp; 5622 uint8_t rf; 5623 u_int i; 5624 5625 /* Toggle RF R2 to initiate calibration. */ 5626 if (sc->mac_ver == 0x5390) { 5627 run_rt3070_rf_read(sc, 2, &rf); 5628 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5629 run_delay(sc, 10); 5630 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5631 } else { 5632 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5633 run_delay(sc, 10); 5634 } 5635 5636 /* Initialize RF registers to default value. */ 5637 if (sc->mac_ver == 0x5592) { 5638 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5639 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5640 rt5592_def_rf[i].val); 5641 } 5642 /* Initialize RF frequency offset. */ 5643 run_adjust_freq_offset(sc); 5644 } else if (sc->mac_ver == 0x5392) { 5645 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5646 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5647 rt5392_def_rf[i].val); 5648 } 5649 if (sc->mac_rev >= 0x0223) { 5650 run_rt3070_rf_write(sc, 23, 0x0f); 5651 run_rt3070_rf_write(sc, 24, 0x3e); 5652 run_rt3070_rf_write(sc, 51, 0x32); 5653 run_rt3070_rf_write(sc, 53, 0x22); 5654 run_rt3070_rf_write(sc, 56, 0xc1); 5655 run_rt3070_rf_write(sc, 59, 0x0f); 5656 } 5657 } else { 5658 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5659 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5660 rt5390_def_rf[i].val); 5661 } 5662 if (sc->mac_rev >= 0x0502) { 5663 run_rt3070_rf_write(sc, 6, 0xe0); 5664 run_rt3070_rf_write(sc, 25, 0x80); 5665 run_rt3070_rf_write(sc, 46, 0x73); 5666 run_rt3070_rf_write(sc, 53, 0x00); 5667 run_rt3070_rf_write(sc, 56, 0x42); 5668 run_rt3070_rf_write(sc, 61, 0xd1); 5669 } 5670 } 5671 5672 sc->rf24_20mhz = 0x1f; /* default value */ 5673 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5674 5675 if (sc->mac_rev < 0x0211) 5676 run_rt3070_rf_write(sc, 27, 0x3); 5677 5678 run_read(sc, RT3070_OPT_14, &tmp); 5679 run_write(sc, RT3070_OPT_14, tmp | 1); 5680 } 5681 5682 static int 5683 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5684 uint8_t *val) 5685 { 5686 uint8_t rf22, rf24; 5687 uint8_t bbp55_pb, bbp55_sb, delta; 5688 int ntries; 5689 5690 /* program filter */ 5691 run_rt3070_rf_read(sc, 24, &rf24); 5692 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5693 run_rt3070_rf_write(sc, 24, rf24); 5694 5695 /* enable baseband loopback mode */ 5696 run_rt3070_rf_read(sc, 22, &rf22); 5697 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5698 5699 /* set power and frequency of passband test tone */ 5700 run_bbp_write(sc, 24, 0x00); 5701 for (ntries = 0; ntries < 100; ntries++) { 5702 /* transmit test tone */ 5703 run_bbp_write(sc, 25, 0x90); 5704 run_delay(sc, 10); 5705 /* read received power */ 5706 run_bbp_read(sc, 55, &bbp55_pb); 5707 if (bbp55_pb != 0) 5708 break; 5709 } 5710 if (ntries == 100) 5711 return (ETIMEDOUT); 5712 5713 /* set power and frequency of stopband test tone */ 5714 run_bbp_write(sc, 24, 0x06); 5715 for (ntries = 0; ntries < 100; ntries++) { 5716 /* transmit test tone */ 5717 run_bbp_write(sc, 25, 0x90); 5718 run_delay(sc, 10); 5719 /* read received power */ 5720 run_bbp_read(sc, 55, &bbp55_sb); 5721 5722 delta = bbp55_pb - bbp55_sb; 5723 if (delta > target) 5724 break; 5725 5726 /* reprogram filter */ 5727 rf24++; 5728 run_rt3070_rf_write(sc, 24, rf24); 5729 } 5730 if (ntries < 100) { 5731 if (rf24 != init) 5732 rf24--; /* backtrack */ 5733 *val = rf24; 5734 run_rt3070_rf_write(sc, 24, rf24); 5735 } 5736 5737 /* restore initial state */ 5738 run_bbp_write(sc, 24, 0x00); 5739 5740 /* disable baseband loopback mode */ 5741 run_rt3070_rf_read(sc, 22, &rf22); 5742 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5743 5744 return (0); 5745 } 5746 5747 static void 5748 run_rt3070_rf_setup(struct run_softc *sc) 5749 { 5750 uint8_t bbp, rf; 5751 int i; 5752 5753 if (sc->mac_ver == 0x3572) { 5754 /* enable DC filter */ 5755 if (sc->mac_rev >= 0x0201) 5756 run_bbp_write(sc, 103, 0xc0); 5757 5758 run_bbp_read(sc, 138, &bbp); 5759 if (sc->ntxchains == 1) 5760 bbp |= 0x20; /* turn off DAC1 */ 5761 if (sc->nrxchains == 1) 5762 bbp &= ~0x02; /* turn off ADC1 */ 5763 run_bbp_write(sc, 138, bbp); 5764 5765 if (sc->mac_rev >= 0x0211) { 5766 /* improve power consumption */ 5767 run_bbp_read(sc, 31, &bbp); 5768 run_bbp_write(sc, 31, bbp & ~0x03); 5769 } 5770 5771 run_rt3070_rf_read(sc, 16, &rf); 5772 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5773 run_rt3070_rf_write(sc, 16, rf); 5774 5775 } else if (sc->mac_ver == 0x3071) { 5776 if (sc->mac_rev >= 0x0211) { 5777 /* enable DC filter */ 5778 run_bbp_write(sc, 103, 0xc0); 5779 5780 /* improve power consumption */ 5781 run_bbp_read(sc, 31, &bbp); 5782 run_bbp_write(sc, 31, bbp & ~0x03); 5783 } 5784 5785 run_bbp_read(sc, 138, &bbp); 5786 if (sc->ntxchains == 1) 5787 bbp |= 0x20; /* turn off DAC1 */ 5788 if (sc->nrxchains == 1) 5789 bbp &= ~0x02; /* turn off ADC1 */ 5790 run_bbp_write(sc, 138, bbp); 5791 5792 run_write(sc, RT2860_TX_SW_CFG1, 0); 5793 if (sc->mac_rev < 0x0211) { 5794 run_write(sc, RT2860_TX_SW_CFG2, 5795 sc->patch_dac ? 0x2c : 0x0f); 5796 } else 5797 run_write(sc, RT2860_TX_SW_CFG2, 0); 5798 5799 } else if (sc->mac_ver == 0x3070) { 5800 if (sc->mac_rev >= 0x0201) { 5801 /* enable DC filter */ 5802 run_bbp_write(sc, 103, 0xc0); 5803 5804 /* improve power consumption */ 5805 run_bbp_read(sc, 31, &bbp); 5806 run_bbp_write(sc, 31, bbp & ~0x03); 5807 } 5808 5809 if (sc->mac_rev < 0x0201) { 5810 run_write(sc, RT2860_TX_SW_CFG1, 0); 5811 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5812 } else 5813 run_write(sc, RT2860_TX_SW_CFG2, 0); 5814 } 5815 5816 /* initialize RF registers from ROM for >=RT3071*/ 5817 if (sc->mac_ver >= 0x3071) { 5818 for (i = 0; i < 10; i++) { 5819 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5820 continue; 5821 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5822 } 5823 } 5824 } 5825 5826 static void 5827 run_rt3593_rf_setup(struct run_softc *sc) 5828 { 5829 uint8_t bbp, rf; 5830 5831 if (sc->mac_rev >= 0x0211) { 5832 /* Enable DC filter. */ 5833 run_bbp_write(sc, 103, 0xc0); 5834 } 5835 run_write(sc, RT2860_TX_SW_CFG1, 0); 5836 if (sc->mac_rev < 0x0211) { 5837 run_write(sc, RT2860_TX_SW_CFG2, 5838 sc->patch_dac ? 0x2c : 0x0f); 5839 } else 5840 run_write(sc, RT2860_TX_SW_CFG2, 0); 5841 5842 run_rt3070_rf_read(sc, 50, &rf); 5843 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5844 5845 run_rt3070_rf_read(sc, 51, &rf); 5846 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5847 ((sc->txmixgain_2ghz & 0x07) << 2); 5848 run_rt3070_rf_write(sc, 51, rf); 5849 5850 run_rt3070_rf_read(sc, 38, &rf); 5851 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5852 5853 run_rt3070_rf_read(sc, 39, &rf); 5854 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5855 5856 run_rt3070_rf_read(sc, 1, &rf); 5857 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5858 5859 run_rt3070_rf_read(sc, 30, &rf); 5860 rf = (rf & ~0x18) | 0x10; 5861 run_rt3070_rf_write(sc, 30, rf); 5862 5863 /* Apply maximum likelihood detection for 2 stream case. */ 5864 run_bbp_read(sc, 105, &bbp); 5865 if (sc->nrxchains > 1) 5866 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5867 5868 /* Avoid data lost and CRC error. */ 5869 run_bbp_read(sc, 4, &bbp); 5870 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5871 5872 run_bbp_write(sc, 92, 0x02); 5873 run_bbp_write(sc, 82, 0x82); 5874 run_bbp_write(sc, 106, 0x05); 5875 run_bbp_write(sc, 104, 0x92); 5876 run_bbp_write(sc, 88, 0x90); 5877 run_bbp_write(sc, 148, 0xc8); 5878 run_bbp_write(sc, 47, 0x48); 5879 run_bbp_write(sc, 120, 0x50); 5880 5881 run_bbp_write(sc, 163, 0x9d); 5882 5883 /* SNR mapping. */ 5884 run_bbp_write(sc, 142, 0x06); 5885 run_bbp_write(sc, 143, 0xa0); 5886 run_bbp_write(sc, 142, 0x07); 5887 run_bbp_write(sc, 143, 0xa1); 5888 run_bbp_write(sc, 142, 0x08); 5889 run_bbp_write(sc, 143, 0xa2); 5890 5891 run_bbp_write(sc, 31, 0x08); 5892 run_bbp_write(sc, 68, 0x0b); 5893 run_bbp_write(sc, 105, 0x04); 5894 } 5895 5896 static void 5897 run_rt5390_rf_setup(struct run_softc *sc) 5898 { 5899 uint8_t bbp, rf; 5900 5901 if (sc->mac_rev >= 0x0211) { 5902 /* Enable DC filter. */ 5903 run_bbp_write(sc, 103, 0xc0); 5904 5905 if (sc->mac_ver != 0x5592) { 5906 /* Improve power consumption. */ 5907 run_bbp_read(sc, 31, &bbp); 5908 run_bbp_write(sc, 31, bbp & ~0x03); 5909 } 5910 } 5911 5912 run_bbp_read(sc, 138, &bbp); 5913 if (sc->ntxchains == 1) 5914 bbp |= 0x20; /* turn off DAC1 */ 5915 if (sc->nrxchains == 1) 5916 bbp &= ~0x02; /* turn off ADC1 */ 5917 run_bbp_write(sc, 138, bbp); 5918 5919 run_rt3070_rf_read(sc, 38, &rf); 5920 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5921 5922 run_rt3070_rf_read(sc, 39, &rf); 5923 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5924 5925 /* Avoid data lost and CRC error. */ 5926 run_bbp_read(sc, 4, &bbp); 5927 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5928 5929 run_rt3070_rf_read(sc, 30, &rf); 5930 rf = (rf & ~0x18) | 0x10; 5931 run_rt3070_rf_write(sc, 30, rf); 5932 5933 if (sc->mac_ver != 0x5592) { 5934 run_write(sc, RT2860_TX_SW_CFG1, 0); 5935 if (sc->mac_rev < 0x0211) { 5936 run_write(sc, RT2860_TX_SW_CFG2, 5937 sc->patch_dac ? 0x2c : 0x0f); 5938 } else 5939 run_write(sc, RT2860_TX_SW_CFG2, 0); 5940 } 5941 } 5942 5943 static int 5944 run_txrx_enable(struct run_softc *sc) 5945 { 5946 struct ieee80211com *ic = &sc->sc_ic; 5947 uint32_t tmp; 5948 int error, ntries; 5949 5950 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5951 for (ntries = 0; ntries < 200; ntries++) { 5952 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5953 return (error); 5954 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5955 break; 5956 run_delay(sc, 50); 5957 } 5958 if (ntries == 200) 5959 return (ETIMEDOUT); 5960 5961 run_delay(sc, 50); 5962 5963 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5964 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5965 5966 /* enable Rx bulk aggregation (set timeout and limit) */ 5967 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5968 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5969 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5970 5971 /* set Rx filter */ 5972 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5973 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5974 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5975 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5976 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5977 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5978 if (ic->ic_opmode == IEEE80211_M_STA) 5979 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5980 } 5981 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5982 5983 run_write(sc, RT2860_MAC_SYS_CTRL, 5984 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5985 5986 return (0); 5987 } 5988 5989 static void 5990 run_adjust_freq_offset(struct run_softc *sc) 5991 { 5992 uint8_t rf, tmp; 5993 5994 run_rt3070_rf_read(sc, 17, &rf); 5995 tmp = rf; 5996 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5997 rf = MIN(rf, 0x5f); 5998 5999 if (tmp != rf) 6000 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6001 } 6002 6003 static void 6004 run_init_locked(struct run_softc *sc) 6005 { 6006 struct ieee80211com *ic = &sc->sc_ic; 6007 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6008 uint32_t tmp; 6009 uint8_t bbp1, bbp3; 6010 int i; 6011 int ridx; 6012 int ntries; 6013 6014 if (ic->ic_nrunning > 1) 6015 return; 6016 6017 run_stop(sc); 6018 6019 if (run_load_microcode(sc) != 0) { 6020 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6021 goto fail; 6022 } 6023 6024 for (ntries = 0; ntries < 100; ntries++) { 6025 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6026 goto fail; 6027 if (tmp != 0 && tmp != 0xffffffff) 6028 break; 6029 run_delay(sc, 10); 6030 } 6031 if (ntries == 100) 6032 goto fail; 6033 6034 for (i = 0; i != RUN_EP_QUEUES; i++) 6035 run_setup_tx_list(sc, &sc->sc_epq[i]); 6036 6037 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6038 6039 for (ntries = 0; ntries < 100; ntries++) { 6040 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6041 goto fail; 6042 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6043 break; 6044 run_delay(sc, 10); 6045 } 6046 if (ntries == 100) { 6047 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6048 goto fail; 6049 } 6050 tmp &= 0xff0; 6051 tmp |= RT2860_TX_WB_DDONE; 6052 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6053 6054 /* turn off PME_OEN to solve high-current issue */ 6055 run_read(sc, RT2860_SYS_CTRL, &tmp); 6056 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6057 6058 run_write(sc, RT2860_MAC_SYS_CTRL, 6059 RT2860_BBP_HRST | RT2860_MAC_SRST); 6060 run_write(sc, RT2860_USB_DMA_CFG, 0); 6061 6062 if (run_reset(sc) != 0) { 6063 device_printf(sc->sc_dev, "could not reset chipset\n"); 6064 goto fail; 6065 } 6066 6067 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6068 6069 /* init Tx power for all Tx rates (from EEPROM) */ 6070 for (ridx = 0; ridx < 5; ridx++) { 6071 if (sc->txpow20mhz[ridx] == 0xffffffff) 6072 continue; 6073 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6074 } 6075 6076 for (i = 0; i < nitems(rt2870_def_mac); i++) 6077 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6078 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6079 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6080 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6081 6082 if (sc->mac_ver >= 0x5390) { 6083 run_write(sc, RT2860_TX_SW_CFG0, 6084 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6085 if (sc->mac_ver >= 0x5392) { 6086 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6087 if (sc->mac_ver == 0x5592) { 6088 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6089 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6090 } else { 6091 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6092 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6093 } 6094 } 6095 } else if (sc->mac_ver == 0x3593) { 6096 run_write(sc, RT2860_TX_SW_CFG0, 6097 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6098 } else if (sc->mac_ver >= 0x3070) { 6099 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6100 run_write(sc, RT2860_TX_SW_CFG0, 6101 4 << RT2860_DLY_PAPE_EN_SHIFT); 6102 } 6103 6104 /* wait while MAC is busy */ 6105 for (ntries = 0; ntries < 100; ntries++) { 6106 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6107 goto fail; 6108 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6109 break; 6110 run_delay(sc, 10); 6111 } 6112 if (ntries == 100) 6113 goto fail; 6114 6115 /* clear Host to MCU mailbox */ 6116 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6117 run_write(sc, RT2860_H2M_MAILBOX, 0); 6118 run_delay(sc, 10); 6119 6120 if (run_bbp_init(sc) != 0) { 6121 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6122 goto fail; 6123 } 6124 6125 /* abort TSF synchronization */ 6126 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6127 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6128 RT2860_TBTT_TIMER_EN); 6129 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6130 6131 /* clear RX WCID search table */ 6132 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6133 /* clear WCID attribute table */ 6134 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6135 6136 /* hostapd sets a key before init. So, don't clear it. */ 6137 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6138 /* clear shared key table */ 6139 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6140 /* clear shared key mode */ 6141 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6142 } 6143 6144 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6145 tmp = (tmp & ~0xff) | 0x1e; 6146 run_write(sc, RT2860_US_CYC_CNT, tmp); 6147 6148 if (sc->mac_rev != 0x0101) 6149 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6150 6151 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6152 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6153 6154 /* write vendor-specific BBP values (from EEPROM) */ 6155 if (sc->mac_ver < 0x3593) { 6156 for (i = 0; i < 10; i++) { 6157 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6158 continue; 6159 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6160 } 6161 } 6162 6163 /* select Main antenna for 1T1R devices */ 6164 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6165 run_set_rx_antenna(sc, 0); 6166 6167 /* send LEDs operating mode to microcontroller */ 6168 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6169 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6170 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6171 6172 if (sc->mac_ver >= 0x5390) 6173 run_rt5390_rf_init(sc); 6174 else if (sc->mac_ver == 0x3593) 6175 run_rt3593_rf_init(sc); 6176 else if (sc->mac_ver >= 0x3070) 6177 run_rt3070_rf_init(sc); 6178 6179 /* disable non-existing Rx chains */ 6180 run_bbp_read(sc, 3, &bbp3); 6181 bbp3 &= ~(1 << 3 | 1 << 4); 6182 if (sc->nrxchains == 2) 6183 bbp3 |= 1 << 3; 6184 else if (sc->nrxchains == 3) 6185 bbp3 |= 1 << 4; 6186 run_bbp_write(sc, 3, bbp3); 6187 6188 /* disable non-existing Tx chains */ 6189 run_bbp_read(sc, 1, &bbp1); 6190 if (sc->ntxchains == 1) 6191 bbp1 &= ~(1 << 3 | 1 << 4); 6192 run_bbp_write(sc, 1, bbp1); 6193 6194 if (sc->mac_ver >= 0x5390) 6195 run_rt5390_rf_setup(sc); 6196 else if (sc->mac_ver == 0x3593) 6197 run_rt3593_rf_setup(sc); 6198 else if (sc->mac_ver >= 0x3070) 6199 run_rt3070_rf_setup(sc); 6200 6201 /* select default channel */ 6202 run_set_chan(sc, ic->ic_curchan); 6203 6204 /* setup initial protection mode */ 6205 run_updateprot_cb(ic); 6206 6207 /* turn radio LED on */ 6208 run_set_leds(sc, RT2860_LED_RADIO); 6209 6210 sc->sc_flags |= RUN_RUNNING; 6211 sc->cmdq_run = RUN_CMDQ_GO; 6212 6213 for (i = 0; i != RUN_N_XFER; i++) 6214 usbd_xfer_set_stall(sc->sc_xfer[i]); 6215 6216 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6217 6218 if (run_txrx_enable(sc) != 0) 6219 goto fail; 6220 6221 return; 6222 6223 fail: 6224 run_stop(sc); 6225 } 6226 6227 static void 6228 run_stop(void *arg) 6229 { 6230 struct run_softc *sc = (struct run_softc *)arg; 6231 uint32_t tmp; 6232 int i; 6233 int ntries; 6234 6235 RUN_LOCK_ASSERT(sc, MA_OWNED); 6236 6237 if (sc->sc_flags & RUN_RUNNING) 6238 run_set_leds(sc, 0); /* turn all LEDs off */ 6239 6240 sc->sc_flags &= ~RUN_RUNNING; 6241 6242 sc->ratectl_run = RUN_RATECTL_OFF; 6243 sc->cmdq_run = sc->cmdq_key_set; 6244 6245 RUN_UNLOCK(sc); 6246 6247 for(i = 0; i < RUN_N_XFER; i++) 6248 usbd_transfer_drain(sc->sc_xfer[i]); 6249 6250 RUN_LOCK(sc); 6251 6252 run_drain_mbufq(sc); 6253 6254 if (sc->rx_m != NULL) { 6255 m_free(sc->rx_m); 6256 sc->rx_m = NULL; 6257 } 6258 6259 /* Disable Tx/Rx DMA. */ 6260 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6261 return; 6262 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6263 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6264 6265 for (ntries = 0; ntries < 100; ntries++) { 6266 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6267 return; 6268 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6269 break; 6270 run_delay(sc, 10); 6271 } 6272 if (ntries == 100) { 6273 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6274 return; 6275 } 6276 6277 /* disable Tx/Rx */ 6278 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6279 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6280 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6281 6282 /* wait for pending Tx to complete */ 6283 for (ntries = 0; ntries < 100; ntries++) { 6284 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6285 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6286 "Cannot read Tx queue count\n"); 6287 break; 6288 } 6289 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6290 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6291 "All Tx cleared\n"); 6292 break; 6293 } 6294 run_delay(sc, 10); 6295 } 6296 if (ntries >= 100) 6297 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6298 "There are still pending Tx\n"); 6299 run_delay(sc, 10); 6300 run_write(sc, RT2860_USB_DMA_CFG, 0); 6301 6302 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6303 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6304 6305 for (i = 0; i != RUN_EP_QUEUES; i++) 6306 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6307 } 6308 6309 static void 6310 run_delay(struct run_softc *sc, u_int ms) 6311 { 6312 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6313 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6314 } 6315 6316 static device_method_t run_methods[] = { 6317 /* Device interface */ 6318 DEVMETHOD(device_probe, run_match), 6319 DEVMETHOD(device_attach, run_attach), 6320 DEVMETHOD(device_detach, run_detach), 6321 DEVMETHOD_END 6322 }; 6323 6324 static driver_t run_driver = { 6325 .name = "run", 6326 .methods = run_methods, 6327 .size = sizeof(struct run_softc) 6328 }; 6329 6330 static devclass_t run_devclass; 6331 6332 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6333 MODULE_DEPEND(run, wlan, 1, 1, 1); 6334 MODULE_DEPEND(run, usb, 1, 1, 1); 6335 MODULE_DEPEND(run, firmware, 1, 1, 1); 6336 MODULE_VERSION(run, 1); 6337 USB_PNP_HOST_INFO(run_devs); 6338