1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(OVISLINK, RT3072), 250 RUN_DEV(PARA, RT3070), 251 RUN_DEV(PEGATRON, RT2870), 252 RUN_DEV(PEGATRON, RT3070), 253 RUN_DEV(PEGATRON, RT3070_2), 254 RUN_DEV(PEGATRON, RT3070_3), 255 RUN_DEV(PHILIPS, RT2870), 256 RUN_DEV(PLANEX2, GWUS300MINIS), 257 RUN_DEV(PLANEX2, GWUSMICRON), 258 RUN_DEV(PLANEX2, RT2870), 259 RUN_DEV(PLANEX2, RT3070), 260 RUN_DEV(QCOM, RT2870), 261 RUN_DEV(QUANTA, RT3070), 262 RUN_DEV(RALINK, RT2070), 263 RUN_DEV(RALINK, RT2770), 264 RUN_DEV(RALINK, RT2870), 265 RUN_DEV(RALINK, RT3070), 266 RUN_DEV(RALINK, RT3071), 267 RUN_DEV(RALINK, RT3072), 268 RUN_DEV(RALINK, RT3370), 269 RUN_DEV(RALINK, RT3572), 270 RUN_DEV(RALINK, RT3573), 271 RUN_DEV(RALINK, RT5370), 272 RUN_DEV(RALINK, RT5572), 273 RUN_DEV(RALINK, RT8070), 274 RUN_DEV(SAMSUNG, WIS09ABGN), 275 RUN_DEV(SAMSUNG2, RT2870_1), 276 RUN_DEV(SENAO, RT2870_1), 277 RUN_DEV(SENAO, RT2870_2), 278 RUN_DEV(SENAO, RT2870_3), 279 RUN_DEV(SENAO, RT2870_4), 280 RUN_DEV(SENAO, RT3070), 281 RUN_DEV(SENAO, RT3071), 282 RUN_DEV(SENAO, RT3072_1), 283 RUN_DEV(SENAO, RT3072_2), 284 RUN_DEV(SENAO, RT3072_3), 285 RUN_DEV(SENAO, RT3072_4), 286 RUN_DEV(SENAO, RT3072_5), 287 RUN_DEV(SITECOMEU, RT2770), 288 RUN_DEV(SITECOMEU, RT2870_1), 289 RUN_DEV(SITECOMEU, RT2870_2), 290 RUN_DEV(SITECOMEU, RT2870_3), 291 RUN_DEV(SITECOMEU, RT2870_4), 292 RUN_DEV(SITECOMEU, RT3070), 293 RUN_DEV(SITECOMEU, RT3070_2), 294 RUN_DEV(SITECOMEU, RT3070_3), 295 RUN_DEV(SITECOMEU, RT3070_4), 296 RUN_DEV(SITECOMEU, RT3071), 297 RUN_DEV(SITECOMEU, RT3072_1), 298 RUN_DEV(SITECOMEU, RT3072_2), 299 RUN_DEV(SITECOMEU, RT3072_3), 300 RUN_DEV(SITECOMEU, RT3072_4), 301 RUN_DEV(SITECOMEU, RT3072_5), 302 RUN_DEV(SITECOMEU, RT3072_6), 303 RUN_DEV(SITECOMEU, WL608), 304 RUN_DEV(SPARKLAN, RT2870_1), 305 RUN_DEV(SPARKLAN, RT3070), 306 RUN_DEV(SWEEX2, LW153), 307 RUN_DEV(SWEEX2, LW303), 308 RUN_DEV(SWEEX2, LW313), 309 RUN_DEV(TOSHIBA, RT3070), 310 RUN_DEV(UMEDIA, RT2870_1), 311 RUN_DEV(ZCOM, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_2), 313 RUN_DEV(ZINWELL, RT2870_1), 314 RUN_DEV(ZINWELL, RT2870_2), 315 RUN_DEV(ZINWELL, RT3070), 316 RUN_DEV(ZINWELL, RT3072_1), 317 RUN_DEV(ZINWELL, RT3072_2), 318 RUN_DEV(ZYXEL, RT2870_1), 319 RUN_DEV(ZYXEL, RT2870_2), 320 RUN_DEV(ZYXEL, RT3070), 321 RUN_DEV_EJECT(ZYXEL, NWD2705), 322 RUN_DEV_EJECT(RALINK, RT_STOR), 323 #undef RUN_DEV_EJECT 324 #undef RUN_DEV 325 }; 326 327 static device_probe_t run_match; 328 static device_attach_t run_attach; 329 static device_detach_t run_detach; 330 331 static usb_callback_t run_bulk_rx_callback; 332 static usb_callback_t run_bulk_tx_callback0; 333 static usb_callback_t run_bulk_tx_callback1; 334 static usb_callback_t run_bulk_tx_callback2; 335 static usb_callback_t run_bulk_tx_callback3; 336 static usb_callback_t run_bulk_tx_callback4; 337 static usb_callback_t run_bulk_tx_callback5; 338 339 static void run_autoinst(void *, struct usb_device *, 340 struct usb_attach_arg *); 341 static int run_driver_loaded(struct module *, int, void *); 342 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 343 usb_error_t error, u_int index); 344 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 345 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 346 const uint8_t [IEEE80211_ADDR_LEN], 347 const uint8_t [IEEE80211_ADDR_LEN]); 348 static void run_vap_delete(struct ieee80211vap *); 349 static void run_cmdq_cb(void *, int); 350 static void run_setup_tx_list(struct run_softc *, 351 struct run_endpoint_queue *); 352 static void run_unsetup_tx_list(struct run_softc *, 353 struct run_endpoint_queue *); 354 static int run_load_microcode(struct run_softc *); 355 static int run_reset(struct run_softc *); 356 static usb_error_t run_do_request(struct run_softc *, 357 struct usb_device_request *, void *); 358 static int run_read(struct run_softc *, uint16_t, uint32_t *); 359 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 360 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 361 static int run_write(struct run_softc *, uint16_t, uint32_t); 362 static int run_write_region_1(struct run_softc *, uint16_t, 363 const uint8_t *, int); 364 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 365 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 366 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 367 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 369 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 370 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 371 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 372 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 373 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 374 static const char *run_get_rf(uint16_t); 375 static void run_rt3593_get_txpower(struct run_softc *); 376 static void run_get_txpower(struct run_softc *); 377 static int run_read_eeprom(struct run_softc *); 378 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 379 const uint8_t mac[IEEE80211_ADDR_LEN]); 380 static int run_media_change(struct ifnet *); 381 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 382 static int run_wme_update(struct ieee80211com *); 383 static void run_wme_update_cb(void *); 384 static void run_key_set_cb(void *); 385 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 386 const uint8_t mac[IEEE80211_ADDR_LEN]); 387 static void run_key_delete_cb(void *); 388 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 389 static void run_ratectl_to(void *); 390 static void run_ratectl_cb(void *, int); 391 static void run_drain_fifo(void *); 392 static void run_iter_func(void *, struct ieee80211_node *); 393 static void run_newassoc_cb(void *); 394 static void run_newassoc(struct ieee80211_node *, int); 395 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 396 static void run_tx_free(struct run_endpoint_queue *pq, 397 struct run_tx_data *, int); 398 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 399 static int run_tx(struct run_softc *, struct mbuf *, 400 struct ieee80211_node *); 401 static int run_tx_mgt(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *); 403 static int run_sendprot(struct run_softc *, const struct mbuf *, 404 struct ieee80211_node *, int, int); 405 static int run_tx_param(struct run_softc *, struct mbuf *, 406 struct ieee80211_node *, 407 const struct ieee80211_bpf_params *); 408 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 409 const struct ieee80211_bpf_params *); 410 static int run_transmit(struct ieee80211com *, struct mbuf *); 411 static void run_start(struct run_softc *); 412 static void run_parent(struct ieee80211com *); 413 static void run_iq_calib(struct run_softc *, u_int); 414 static void run_set_agc(struct run_softc *, uint8_t); 415 static void run_select_chan_group(struct run_softc *, int); 416 static void run_set_rx_antenna(struct run_softc *, int); 417 static void run_rt2870_set_chan(struct run_softc *, u_int); 418 static void run_rt3070_set_chan(struct run_softc *, u_int); 419 static void run_rt3572_set_chan(struct run_softc *, u_int); 420 static void run_rt3593_set_chan(struct run_softc *, u_int); 421 static void run_rt5390_set_chan(struct run_softc *, u_int); 422 static void run_rt5592_set_chan(struct run_softc *, u_int); 423 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 424 static void run_set_channel(struct ieee80211com *); 425 static void run_scan_start(struct ieee80211com *); 426 static void run_scan_end(struct ieee80211com *); 427 static void run_update_beacon(struct ieee80211vap *, int); 428 static void run_update_beacon_cb(void *); 429 static void run_updateprot(struct ieee80211com *); 430 static void run_updateprot_cb(void *); 431 static void run_usb_timeout_cb(void *); 432 static void run_reset_livelock(struct run_softc *); 433 static void run_enable_tsf_sync(struct run_softc *); 434 static void run_enable_tsf(struct run_softc *); 435 static void run_get_tsf(struct run_softc *, uint64_t *); 436 static void run_enable_mrr(struct run_softc *); 437 static void run_set_txpreamble(struct run_softc *); 438 static void run_set_basicrates(struct run_softc *); 439 static void run_set_leds(struct run_softc *, uint16_t); 440 static void run_set_bssid(struct run_softc *, const uint8_t *); 441 static void run_set_macaddr(struct run_softc *, const uint8_t *); 442 static void run_updateslot(struct ieee80211com *); 443 static void run_updateslot_cb(void *); 444 static void run_update_mcast(struct ieee80211com *); 445 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 446 static void run_update_promisc_locked(struct run_softc *); 447 static void run_update_promisc(struct ieee80211com *); 448 static void run_rt5390_bbp_init(struct run_softc *); 449 static int run_bbp_init(struct run_softc *); 450 static int run_rt3070_rf_init(struct run_softc *); 451 static void run_rt3593_rf_init(struct run_softc *); 452 static void run_rt5390_rf_init(struct run_softc *); 453 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 454 uint8_t *); 455 static void run_rt3070_rf_setup(struct run_softc *); 456 static void run_rt3593_rf_setup(struct run_softc *); 457 static void run_rt5390_rf_setup(struct run_softc *); 458 static int run_txrx_enable(struct run_softc *); 459 static void run_adjust_freq_offset(struct run_softc *); 460 static void run_init_locked(struct run_softc *); 461 static void run_stop(void *); 462 static void run_delay(struct run_softc *, u_int); 463 464 static eventhandler_tag run_etag; 465 466 static const struct rt2860_rate { 467 uint8_t rate; 468 uint8_t mcs; 469 enum ieee80211_phytype phy; 470 uint8_t ctl_ridx; 471 uint16_t sp_ack_dur; 472 uint16_t lp_ack_dur; 473 } rt2860_rates[] = { 474 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 475 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 476 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 477 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 478 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 479 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 480 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 481 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 482 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 483 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 484 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 485 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 486 }; 487 488 static const struct { 489 uint16_t reg; 490 uint32_t val; 491 } rt2870_def_mac[] = { 492 RT2870_DEF_MAC 493 }; 494 495 static const struct { 496 uint8_t reg; 497 uint8_t val; 498 } rt2860_def_bbp[] = { 499 RT2860_DEF_BBP 500 },rt5390_def_bbp[] = { 501 RT5390_DEF_BBP 502 },rt5592_def_bbp[] = { 503 RT5592_DEF_BBP 504 }; 505 506 /* 507 * Default values for BBP register R196 for RT5592. 508 */ 509 static const uint8_t rt5592_bbp_r196[] = { 510 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 511 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 512 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 513 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 514 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 515 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 516 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 517 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 518 0x2e, 0x36, 0x30, 0x6e 519 }; 520 521 static const struct rfprog { 522 uint8_t chan; 523 uint32_t r1, r2, r3, r4; 524 } rt2860_rf2850[] = { 525 RT2860_RF2850 526 }; 527 528 struct { 529 uint8_t n, r, k; 530 } rt3070_freqs[] = { 531 RT3070_RF3052 532 }; 533 534 static const struct rt5592_freqs { 535 uint16_t n; 536 uint8_t k, m, r; 537 } rt5592_freqs_20mhz[] = { 538 RT5592_RF5592_20MHZ 539 },rt5592_freqs_40mhz[] = { 540 RT5592_RF5592_40MHZ 541 }; 542 543 static const struct { 544 uint8_t reg; 545 uint8_t val; 546 } rt3070_def_rf[] = { 547 RT3070_DEF_RF 548 },rt3572_def_rf[] = { 549 RT3572_DEF_RF 550 },rt3593_def_rf[] = { 551 RT3593_DEF_RF 552 },rt5390_def_rf[] = { 553 RT5390_DEF_RF 554 },rt5392_def_rf[] = { 555 RT5392_DEF_RF 556 },rt5592_def_rf[] = { 557 RT5592_DEF_RF 558 },rt5592_2ghz_def_rf[] = { 559 RT5592_2GHZ_DEF_RF 560 },rt5592_5ghz_def_rf[] = { 561 RT5592_5GHZ_DEF_RF 562 }; 563 564 static const struct { 565 u_int firstchan; 566 u_int lastchan; 567 uint8_t reg; 568 uint8_t val; 569 } rt5592_chan_5ghz[] = { 570 RT5592_CHAN_5GHZ 571 }; 572 573 static const struct usb_config run_config[RUN_N_XFER] = { 574 [RUN_BULK_TX_BE] = { 575 .type = UE_BULK, 576 .endpoint = UE_ADDR_ANY, 577 .ep_index = 0, 578 .direction = UE_DIR_OUT, 579 .bufsize = RUN_MAX_TXSZ, 580 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 581 .callback = run_bulk_tx_callback0, 582 .timeout = 5000, /* ms */ 583 }, 584 [RUN_BULK_TX_BK] = { 585 .type = UE_BULK, 586 .endpoint = UE_ADDR_ANY, 587 .direction = UE_DIR_OUT, 588 .ep_index = 1, 589 .bufsize = RUN_MAX_TXSZ, 590 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 591 .callback = run_bulk_tx_callback1, 592 .timeout = 5000, /* ms */ 593 }, 594 [RUN_BULK_TX_VI] = { 595 .type = UE_BULK, 596 .endpoint = UE_ADDR_ANY, 597 .direction = UE_DIR_OUT, 598 .ep_index = 2, 599 .bufsize = RUN_MAX_TXSZ, 600 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 601 .callback = run_bulk_tx_callback2, 602 .timeout = 5000, /* ms */ 603 }, 604 [RUN_BULK_TX_VO] = { 605 .type = UE_BULK, 606 .endpoint = UE_ADDR_ANY, 607 .direction = UE_DIR_OUT, 608 .ep_index = 3, 609 .bufsize = RUN_MAX_TXSZ, 610 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 611 .callback = run_bulk_tx_callback3, 612 .timeout = 5000, /* ms */ 613 }, 614 [RUN_BULK_TX_HCCA] = { 615 .type = UE_BULK, 616 .endpoint = UE_ADDR_ANY, 617 .direction = UE_DIR_OUT, 618 .ep_index = 4, 619 .bufsize = RUN_MAX_TXSZ, 620 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 621 .callback = run_bulk_tx_callback4, 622 .timeout = 5000, /* ms */ 623 }, 624 [RUN_BULK_TX_PRIO] = { 625 .type = UE_BULK, 626 .endpoint = UE_ADDR_ANY, 627 .direction = UE_DIR_OUT, 628 .ep_index = 5, 629 .bufsize = RUN_MAX_TXSZ, 630 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 631 .callback = run_bulk_tx_callback5, 632 .timeout = 5000, /* ms */ 633 }, 634 [RUN_BULK_RX] = { 635 .type = UE_BULK, 636 .endpoint = UE_ADDR_ANY, 637 .direction = UE_DIR_IN, 638 .bufsize = RUN_MAX_RXSZ, 639 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 640 .callback = run_bulk_rx_callback, 641 } 642 }; 643 644 static void 645 run_autoinst(void *arg, struct usb_device *udev, 646 struct usb_attach_arg *uaa) 647 { 648 struct usb_interface *iface; 649 struct usb_interface_descriptor *id; 650 651 if (uaa->dev_state != UAA_DEV_READY) 652 return; 653 654 iface = usbd_get_iface(udev, 0); 655 if (iface == NULL) 656 return; 657 id = iface->idesc; 658 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 659 return; 660 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 661 return; 662 663 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 664 uaa->dev_state = UAA_DEV_EJECTING; 665 } 666 667 static int 668 run_driver_loaded(struct module *mod, int what, void *arg) 669 { 670 switch (what) { 671 case MOD_LOAD: 672 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 673 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 674 break; 675 case MOD_UNLOAD: 676 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 677 break; 678 default: 679 return (EOPNOTSUPP); 680 } 681 return (0); 682 } 683 684 static int 685 run_match(device_t self) 686 { 687 struct usb_attach_arg *uaa = device_get_ivars(self); 688 689 if (uaa->usb_mode != USB_MODE_HOST) 690 return (ENXIO); 691 if (uaa->info.bConfigIndex != 0) 692 return (ENXIO); 693 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 694 return (ENXIO); 695 696 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 697 } 698 699 static int 700 run_attach(device_t self) 701 { 702 struct run_softc *sc = device_get_softc(self); 703 struct usb_attach_arg *uaa = device_get_ivars(self); 704 struct ieee80211com *ic = &sc->sc_ic; 705 uint32_t ver; 706 int ntries, error; 707 uint8_t iface_index, bands; 708 709 device_set_usb_desc(self); 710 sc->sc_udev = uaa->device; 711 sc->sc_dev = self; 712 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 713 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 714 715 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 716 MTX_NETWORK_LOCK, MTX_DEF); 717 mbufq_init(&sc->sc_snd, ifqmaxlen); 718 719 iface_index = RT2860_IFACE_INDEX; 720 721 error = usbd_transfer_setup(uaa->device, &iface_index, 722 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 723 if (error) { 724 device_printf(self, "could not allocate USB transfers, " 725 "err=%s\n", usbd_errstr(error)); 726 goto detach; 727 } 728 729 RUN_LOCK(sc); 730 731 /* wait for the chip to settle */ 732 for (ntries = 0; ntries < 100; ntries++) { 733 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 734 RUN_UNLOCK(sc); 735 goto detach; 736 } 737 if (ver != 0 && ver != 0xffffffff) 738 break; 739 run_delay(sc, 10); 740 } 741 if (ntries == 100) { 742 device_printf(sc->sc_dev, 743 "timeout waiting for NIC to initialize\n"); 744 RUN_UNLOCK(sc); 745 goto detach; 746 } 747 sc->mac_ver = ver >> 16; 748 sc->mac_rev = ver & 0xffff; 749 750 /* retrieve RF rev. no and various other things from EEPROM */ 751 run_read_eeprom(sc); 752 753 device_printf(sc->sc_dev, 754 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 755 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 756 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 757 758 RUN_UNLOCK(sc); 759 760 ic->ic_softc = sc; 761 ic->ic_name = device_get_nameunit(self); 762 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 763 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 764 765 /* set device capabilities */ 766 ic->ic_caps = 767 IEEE80211_C_STA | /* station mode supported */ 768 IEEE80211_C_MONITOR | /* monitor mode supported */ 769 IEEE80211_C_IBSS | 770 IEEE80211_C_HOSTAP | 771 IEEE80211_C_WDS | /* 4-address traffic works */ 772 IEEE80211_C_MBSS | 773 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 774 IEEE80211_C_SHSLOT | /* short slot time supported */ 775 IEEE80211_C_WME | /* WME */ 776 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 777 778 ic->ic_cryptocaps = 779 IEEE80211_CRYPTO_WEP | 780 IEEE80211_CRYPTO_AES_CCM | 781 IEEE80211_CRYPTO_TKIPMIC | 782 IEEE80211_CRYPTO_TKIP; 783 784 ic->ic_flags |= IEEE80211_F_DATAPAD; 785 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 786 787 bands = 0; 788 setbit(&bands, IEEE80211_MODE_11B); 789 setbit(&bands, IEEE80211_MODE_11G); 790 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 791 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 792 sc->rf_rev == RT5592_RF_5592) 793 setbit(&bands, IEEE80211_MODE_11A); 794 ieee80211_init_channels(ic, NULL, &bands); 795 796 ieee80211_ifattach(ic); 797 798 ic->ic_scan_start = run_scan_start; 799 ic->ic_scan_end = run_scan_end; 800 ic->ic_set_channel = run_set_channel; 801 ic->ic_node_alloc = run_node_alloc; 802 ic->ic_newassoc = run_newassoc; 803 ic->ic_updateslot = run_updateslot; 804 ic->ic_update_mcast = run_update_mcast; 805 ic->ic_wme.wme_update = run_wme_update; 806 ic->ic_raw_xmit = run_raw_xmit; 807 ic->ic_update_promisc = run_update_promisc; 808 ic->ic_vap_create = run_vap_create; 809 ic->ic_vap_delete = run_vap_delete; 810 ic->ic_transmit = run_transmit; 811 ic->ic_parent = run_parent; 812 813 ieee80211_radiotap_attach(ic, 814 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 815 RUN_TX_RADIOTAP_PRESENT, 816 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 817 RUN_RX_RADIOTAP_PRESENT); 818 819 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 820 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 821 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 822 823 if (bootverbose) 824 ieee80211_announce(ic); 825 826 return (0); 827 828 detach: 829 run_detach(self); 830 return (ENXIO); 831 } 832 833 static int 834 run_detach(device_t self) 835 { 836 struct run_softc *sc = device_get_softc(self); 837 struct ieee80211com *ic = &sc->sc_ic; 838 int i; 839 840 RUN_LOCK(sc); 841 sc->sc_detached = 1; 842 RUN_UNLOCK(sc); 843 844 /* stop all USB transfers */ 845 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 846 847 RUN_LOCK(sc); 848 sc->ratectl_run = RUN_RATECTL_OFF; 849 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 850 851 /* free TX list, if any */ 852 for (i = 0; i != RUN_EP_QUEUES; i++) 853 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 854 RUN_UNLOCK(sc); 855 856 if (sc->sc_ic.ic_softc == sc) { 857 /* drain tasks */ 858 usb_callout_drain(&sc->ratectl_ch); 859 ieee80211_draintask(ic, &sc->cmdq_task); 860 ieee80211_draintask(ic, &sc->ratectl_task); 861 ieee80211_ifdetach(ic); 862 } 863 864 mbufq_drain(&sc->sc_snd); 865 mtx_destroy(&sc->sc_mtx); 866 867 return (0); 868 } 869 870 static struct ieee80211vap * 871 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 872 enum ieee80211_opmode opmode, int flags, 873 const uint8_t bssid[IEEE80211_ADDR_LEN], 874 const uint8_t mac[IEEE80211_ADDR_LEN]) 875 { 876 struct run_softc *sc = ic->ic_softc; 877 struct run_vap *rvp; 878 struct ieee80211vap *vap; 879 int i; 880 881 if (sc->rvp_cnt >= RUN_VAP_MAX) { 882 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 883 return (NULL); 884 } 885 886 switch (opmode) { 887 case IEEE80211_M_STA: 888 /* enable s/w bmiss handling for sta mode */ 889 flags |= IEEE80211_CLONE_NOBEACONS; 890 /* fall though */ 891 case IEEE80211_M_IBSS: 892 case IEEE80211_M_MONITOR: 893 case IEEE80211_M_HOSTAP: 894 case IEEE80211_M_MBSS: 895 /* other than WDS vaps, only one at a time */ 896 if (!TAILQ_EMPTY(&ic->ic_vaps)) 897 return (NULL); 898 break; 899 case IEEE80211_M_WDS: 900 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 901 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 902 continue; 903 /* WDS vap's always share the local mac address. */ 904 flags &= ~IEEE80211_CLONE_BSSID; 905 break; 906 } 907 if (vap == NULL) { 908 device_printf(sc->sc_dev, 909 "wds only supported in ap mode\n"); 910 return (NULL); 911 } 912 break; 913 default: 914 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 915 return (NULL); 916 } 917 918 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 919 vap = &rvp->vap; 920 921 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 922 bssid) != 0) { 923 /* out of memory */ 924 free(rvp, M_80211_VAP); 925 return (NULL); 926 } 927 928 vap->iv_update_beacon = run_update_beacon; 929 vap->iv_max_aid = RT2870_WCID_MAX; 930 /* 931 * To delete the right key from h/w, we need wcid. 932 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 933 * and matching wcid will be written into there. So, cast 934 * some spells to remove 'const' from ieee80211_key{} 935 */ 936 vap->iv_key_delete = (void *)run_key_delete; 937 vap->iv_key_set = (void *)run_key_set; 938 939 /* override state transition machine */ 940 rvp->newstate = vap->iv_newstate; 941 vap->iv_newstate = run_newstate; 942 943 ieee80211_ratectl_init(vap); 944 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 945 946 /* complete setup */ 947 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 948 mac); 949 950 /* make sure id is always unique */ 951 for (i = 0; i < RUN_VAP_MAX; i++) { 952 if((sc->rvp_bmap & 1 << i) == 0){ 953 sc->rvp_bmap |= 1 << i; 954 rvp->rvp_id = i; 955 break; 956 } 957 } 958 if (sc->rvp_cnt++ == 0) 959 ic->ic_opmode = opmode; 960 961 if (opmode == IEEE80211_M_HOSTAP) 962 sc->cmdq_run = RUN_CMDQ_GO; 963 964 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 965 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 966 967 return (vap); 968 } 969 970 static void 971 run_vap_delete(struct ieee80211vap *vap) 972 { 973 struct run_vap *rvp = RUN_VAP(vap); 974 struct ieee80211com *ic; 975 struct run_softc *sc; 976 uint8_t rvp_id; 977 978 if (vap == NULL) 979 return; 980 981 ic = vap->iv_ic; 982 sc = ic->ic_softc; 983 984 RUN_LOCK(sc); 985 986 m_freem(rvp->beacon_mbuf); 987 rvp->beacon_mbuf = NULL; 988 989 rvp_id = rvp->rvp_id; 990 sc->ratectl_run &= ~(1 << rvp_id); 991 sc->rvp_bmap &= ~(1 << rvp_id); 992 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 993 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 994 --sc->rvp_cnt; 995 996 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 997 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 998 999 RUN_UNLOCK(sc); 1000 1001 ieee80211_ratectl_deinit(vap); 1002 ieee80211_vap_detach(vap); 1003 free(rvp, M_80211_VAP); 1004 } 1005 1006 /* 1007 * There are numbers of functions need to be called in context thread. 1008 * Rather than creating taskqueue event for each of those functions, 1009 * here is all-for-one taskqueue callback function. This function 1010 * gurantees deferred functions are executed in the same order they 1011 * were enqueued. 1012 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1013 */ 1014 static void 1015 run_cmdq_cb(void *arg, int pending) 1016 { 1017 struct run_softc *sc = arg; 1018 uint8_t i; 1019 1020 /* call cmdq[].func locked */ 1021 RUN_LOCK(sc); 1022 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1023 i = sc->cmdq_exec, pending--) { 1024 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1025 if (sc->cmdq_run == RUN_CMDQ_GO) { 1026 /* 1027 * If arg0 is NULL, callback func needs more 1028 * than one arg. So, pass ptr to cmdq struct. 1029 */ 1030 if (sc->cmdq[i].arg0) 1031 sc->cmdq[i].func(sc->cmdq[i].arg0); 1032 else 1033 sc->cmdq[i].func(&sc->cmdq[i]); 1034 } 1035 sc->cmdq[i].arg0 = NULL; 1036 sc->cmdq[i].func = NULL; 1037 sc->cmdq_exec++; 1038 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1039 } 1040 RUN_UNLOCK(sc); 1041 } 1042 1043 static void 1044 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1045 { 1046 struct run_tx_data *data; 1047 1048 memset(pq, 0, sizeof(*pq)); 1049 1050 STAILQ_INIT(&pq->tx_qh); 1051 STAILQ_INIT(&pq->tx_fh); 1052 1053 for (data = &pq->tx_data[0]; 1054 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1055 data->sc = sc; 1056 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1057 } 1058 pq->tx_nfree = RUN_TX_RING_COUNT; 1059 } 1060 1061 static void 1062 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1063 { 1064 struct run_tx_data *data; 1065 1066 /* make sure any subsequent use of the queues will fail */ 1067 pq->tx_nfree = 0; 1068 STAILQ_INIT(&pq->tx_fh); 1069 STAILQ_INIT(&pq->tx_qh); 1070 1071 /* free up all node references and mbufs */ 1072 for (data = &pq->tx_data[0]; 1073 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1074 if (data->m != NULL) { 1075 m_freem(data->m); 1076 data->m = NULL; 1077 } 1078 if (data->ni != NULL) { 1079 ieee80211_free_node(data->ni); 1080 data->ni = NULL; 1081 } 1082 } 1083 } 1084 1085 static int 1086 run_load_microcode(struct run_softc *sc) 1087 { 1088 usb_device_request_t req; 1089 const struct firmware *fw; 1090 const u_char *base; 1091 uint32_t tmp; 1092 int ntries, error; 1093 const uint64_t *temp; 1094 uint64_t bytes; 1095 1096 RUN_UNLOCK(sc); 1097 fw = firmware_get("runfw"); 1098 RUN_LOCK(sc); 1099 if (fw == NULL) { 1100 device_printf(sc->sc_dev, 1101 "failed loadfirmware of file %s\n", "runfw"); 1102 return ENOENT; 1103 } 1104 1105 if (fw->datasize != 8192) { 1106 device_printf(sc->sc_dev, 1107 "invalid firmware size (should be 8KB)\n"); 1108 error = EINVAL; 1109 goto fail; 1110 } 1111 1112 /* 1113 * RT3071/RT3072 use a different firmware 1114 * run-rt2870 (8KB) contains both, 1115 * first half (4KB) is for rt2870, 1116 * last half is for rt3071. 1117 */ 1118 base = fw->data; 1119 if ((sc->mac_ver) != 0x2860 && 1120 (sc->mac_ver) != 0x2872 && 1121 (sc->mac_ver) != 0x3070) { 1122 base += 4096; 1123 } 1124 1125 /* cheap sanity check */ 1126 temp = fw->data; 1127 bytes = *temp; 1128 if (bytes != be64toh(0xffffff0210280210ULL)) { 1129 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1130 error = EINVAL; 1131 goto fail; 1132 } 1133 1134 /* write microcode image */ 1135 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1136 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1137 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1138 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1139 } 1140 1141 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1142 req.bRequest = RT2870_RESET; 1143 USETW(req.wValue, 8); 1144 USETW(req.wIndex, 0); 1145 USETW(req.wLength, 0); 1146 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1147 != 0) { 1148 device_printf(sc->sc_dev, "firmware reset failed\n"); 1149 goto fail; 1150 } 1151 1152 run_delay(sc, 10); 1153 1154 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1155 run_write(sc, RT2860_H2M_MAILBOX, 0); 1156 run_write(sc, RT2860_H2M_INTSRC, 0); 1157 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1158 goto fail; 1159 1160 /* wait until microcontroller is ready */ 1161 for (ntries = 0; ntries < 1000; ntries++) { 1162 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1163 goto fail; 1164 if (tmp & RT2860_MCU_READY) 1165 break; 1166 run_delay(sc, 10); 1167 } 1168 if (ntries == 1000) { 1169 device_printf(sc->sc_dev, 1170 "timeout waiting for MCU to initialize\n"); 1171 error = ETIMEDOUT; 1172 goto fail; 1173 } 1174 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1175 (base == fw->data) ? "RT2870" : "RT3071", 1176 *(base + 4092), *(base + 4093)); 1177 1178 fail: 1179 firmware_put(fw, FIRMWARE_UNLOAD); 1180 return (error); 1181 } 1182 1183 static int 1184 run_reset(struct run_softc *sc) 1185 { 1186 usb_device_request_t req; 1187 1188 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1189 req.bRequest = RT2870_RESET; 1190 USETW(req.wValue, 1); 1191 USETW(req.wIndex, 0); 1192 USETW(req.wLength, 0); 1193 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1194 } 1195 1196 static usb_error_t 1197 run_do_request(struct run_softc *sc, 1198 struct usb_device_request *req, void *data) 1199 { 1200 usb_error_t err; 1201 int ntries = 10; 1202 1203 RUN_LOCK_ASSERT(sc, MA_OWNED); 1204 1205 while (ntries--) { 1206 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1207 req, data, 0, NULL, 250 /* ms */); 1208 if (err == 0) 1209 break; 1210 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1211 usbd_errstr(err)); 1212 run_delay(sc, 10); 1213 } 1214 return (err); 1215 } 1216 1217 static int 1218 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1219 { 1220 uint32_t tmp; 1221 int error; 1222 1223 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1224 if (error == 0) 1225 *val = le32toh(tmp); 1226 else 1227 *val = 0xffffffff; 1228 return (error); 1229 } 1230 1231 static int 1232 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1233 { 1234 usb_device_request_t req; 1235 1236 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1237 req.bRequest = RT2870_READ_REGION_1; 1238 USETW(req.wValue, 0); 1239 USETW(req.wIndex, reg); 1240 USETW(req.wLength, len); 1241 1242 return (run_do_request(sc, &req, buf)); 1243 } 1244 1245 static int 1246 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1247 { 1248 usb_device_request_t req; 1249 1250 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1251 req.bRequest = RT2870_WRITE_2; 1252 USETW(req.wValue, val); 1253 USETW(req.wIndex, reg); 1254 USETW(req.wLength, 0); 1255 1256 return (run_do_request(sc, &req, NULL)); 1257 } 1258 1259 static int 1260 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1261 { 1262 int error; 1263 1264 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1265 error = run_write_2(sc, reg + 2, val >> 16); 1266 return (error); 1267 } 1268 1269 static int 1270 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1271 int len) 1272 { 1273 #if 1 1274 int i, error = 0; 1275 /* 1276 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1277 * We thus issue multiple WRITE_2 commands instead. 1278 */ 1279 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1280 for (i = 0; i < len && error == 0; i += 2) 1281 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1282 return (error); 1283 #else 1284 usb_device_request_t req; 1285 int error = 0; 1286 1287 /* 1288 * NOTE: It appears the WRITE_REGION_1 command cannot be 1289 * passed a huge amount of data, which will crash the 1290 * firmware. Limit amount of data passed to 64-bytes at a 1291 * time. 1292 */ 1293 while (len > 0) { 1294 int delta = 64; 1295 if (delta > len) 1296 delta = len; 1297 1298 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1299 req.bRequest = RT2870_WRITE_REGION_1; 1300 USETW(req.wValue, 0); 1301 USETW(req.wIndex, reg); 1302 USETW(req.wLength, delta); 1303 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1304 if (error != 0) 1305 break; 1306 reg += delta; 1307 buf += delta; 1308 len -= delta; 1309 } 1310 return (error); 1311 #endif 1312 } 1313 1314 static int 1315 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1316 { 1317 int i, error = 0; 1318 1319 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1320 for (i = 0; i < len && error == 0; i += 4) 1321 error = run_write(sc, reg + i, val); 1322 return (error); 1323 } 1324 1325 static int 1326 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1327 { 1328 uint32_t tmp; 1329 uint16_t reg; 1330 int error, ntries; 1331 1332 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1333 return (error); 1334 1335 if (count == 2) 1336 addr *= 2; 1337 /*- 1338 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1339 * DATA0: F E D C 1340 * DATA1: B A 9 8 1341 * DATA2: 7 6 5 4 1342 * DATA3: 3 2 1 0 1343 */ 1344 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1345 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1346 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1347 for (ntries = 0; ntries < 100; ntries++) { 1348 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1349 return (error); 1350 if (!(tmp & RT3070_EFSROM_KICK)) 1351 break; 1352 run_delay(sc, 2); 1353 } 1354 if (ntries == 100) 1355 return (ETIMEDOUT); 1356 1357 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1358 *val = 0xffff; /* address not found */ 1359 return (0); 1360 } 1361 /* determine to which 32-bit register our 16-bit word belongs */ 1362 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1363 if ((error = run_read(sc, reg, &tmp)) != 0) 1364 return (error); 1365 1366 tmp >>= (8 * (addr & 0x3)); 1367 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1368 1369 return (0); 1370 } 1371 1372 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1373 static int 1374 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1375 { 1376 return (run_efuse_read(sc, addr, val, 2)); 1377 } 1378 1379 static int 1380 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1381 { 1382 usb_device_request_t req; 1383 uint16_t tmp; 1384 int error; 1385 1386 addr *= 2; 1387 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1388 req.bRequest = RT2870_EEPROM_READ; 1389 USETW(req.wValue, 0); 1390 USETW(req.wIndex, addr); 1391 USETW(req.wLength, sizeof(tmp)); 1392 1393 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1394 if (error == 0) 1395 *val = le16toh(tmp); 1396 else 1397 *val = 0xffff; 1398 return (error); 1399 } 1400 1401 static __inline int 1402 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1403 { 1404 /* either eFUSE ROM or EEPROM */ 1405 return sc->sc_srom_read(sc, addr, val); 1406 } 1407 1408 static int 1409 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1410 { 1411 uint32_t tmp; 1412 int error, ntries; 1413 1414 for (ntries = 0; ntries < 10; ntries++) { 1415 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1416 return (error); 1417 if (!(tmp & RT2860_RF_REG_CTRL)) 1418 break; 1419 } 1420 if (ntries == 10) 1421 return (ETIMEDOUT); 1422 1423 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1424 } 1425 1426 static int 1427 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1428 { 1429 uint32_t tmp; 1430 int error, ntries; 1431 1432 for (ntries = 0; ntries < 100; ntries++) { 1433 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1434 return (error); 1435 if (!(tmp & RT3070_RF_KICK)) 1436 break; 1437 } 1438 if (ntries == 100) 1439 return (ETIMEDOUT); 1440 1441 tmp = RT3070_RF_KICK | reg << 8; 1442 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1443 return (error); 1444 1445 for (ntries = 0; ntries < 100; ntries++) { 1446 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1447 return (error); 1448 if (!(tmp & RT3070_RF_KICK)) 1449 break; 1450 } 1451 if (ntries == 100) 1452 return (ETIMEDOUT); 1453 1454 *val = tmp & 0xff; 1455 return (0); 1456 } 1457 1458 static int 1459 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1460 { 1461 uint32_t tmp; 1462 int error, ntries; 1463 1464 for (ntries = 0; ntries < 10; ntries++) { 1465 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1466 return (error); 1467 if (!(tmp & RT3070_RF_KICK)) 1468 break; 1469 } 1470 if (ntries == 10) 1471 return (ETIMEDOUT); 1472 1473 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1474 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1475 } 1476 1477 static int 1478 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1479 { 1480 uint32_t tmp; 1481 int ntries, error; 1482 1483 for (ntries = 0; ntries < 10; ntries++) { 1484 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1485 return (error); 1486 if (!(tmp & RT2860_BBP_CSR_KICK)) 1487 break; 1488 } 1489 if (ntries == 10) 1490 return (ETIMEDOUT); 1491 1492 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1493 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1494 return (error); 1495 1496 for (ntries = 0; ntries < 10; ntries++) { 1497 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1498 return (error); 1499 if (!(tmp & RT2860_BBP_CSR_KICK)) 1500 break; 1501 } 1502 if (ntries == 10) 1503 return (ETIMEDOUT); 1504 1505 *val = tmp & 0xff; 1506 return (0); 1507 } 1508 1509 static int 1510 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1511 { 1512 uint32_t tmp; 1513 int ntries, error; 1514 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1517 return (error); 1518 if (!(tmp & RT2860_BBP_CSR_KICK)) 1519 break; 1520 } 1521 if (ntries == 10) 1522 return (ETIMEDOUT); 1523 1524 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1525 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1526 } 1527 1528 /* 1529 * Send a command to the 8051 microcontroller unit. 1530 */ 1531 static int 1532 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1533 { 1534 uint32_t tmp; 1535 int error, ntries; 1536 1537 for (ntries = 0; ntries < 100; ntries++) { 1538 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1539 return error; 1540 if (!(tmp & RT2860_H2M_BUSY)) 1541 break; 1542 } 1543 if (ntries == 100) 1544 return ETIMEDOUT; 1545 1546 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1547 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1548 error = run_write(sc, RT2860_HOST_CMD, cmd); 1549 return (error); 1550 } 1551 1552 /* 1553 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1554 * Used to adjust per-rate Tx power registers. 1555 */ 1556 static __inline uint32_t 1557 b4inc(uint32_t b32, int8_t delta) 1558 { 1559 int8_t i, b4; 1560 1561 for (i = 0; i < 8; i++) { 1562 b4 = b32 & 0xf; 1563 b4 += delta; 1564 if (b4 < 0) 1565 b4 = 0; 1566 else if (b4 > 0xf) 1567 b4 = 0xf; 1568 b32 = b32 >> 4 | b4 << 28; 1569 } 1570 return (b32); 1571 } 1572 1573 static const char * 1574 run_get_rf(uint16_t rev) 1575 { 1576 switch (rev) { 1577 case RT2860_RF_2820: return "RT2820"; 1578 case RT2860_RF_2850: return "RT2850"; 1579 case RT2860_RF_2720: return "RT2720"; 1580 case RT2860_RF_2750: return "RT2750"; 1581 case RT3070_RF_3020: return "RT3020"; 1582 case RT3070_RF_2020: return "RT2020"; 1583 case RT3070_RF_3021: return "RT3021"; 1584 case RT3070_RF_3022: return "RT3022"; 1585 case RT3070_RF_3052: return "RT3052"; 1586 case RT3593_RF_3053: return "RT3053"; 1587 case RT5592_RF_5592: return "RT5592"; 1588 case RT5390_RF_5370: return "RT5370"; 1589 case RT5390_RF_5372: return "RT5372"; 1590 } 1591 return ("unknown"); 1592 } 1593 1594 static void 1595 run_rt3593_get_txpower(struct run_softc *sc) 1596 { 1597 uint16_t addr, val; 1598 int i; 1599 1600 /* Read power settings for 2GHz channels. */ 1601 for (i = 0; i < 14; i += 2) { 1602 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1603 RT2860_EEPROM_PWR2GHZ_BASE1; 1604 run_srom_read(sc, addr + i / 2, &val); 1605 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1606 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1607 1608 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1609 RT2860_EEPROM_PWR2GHZ_BASE2; 1610 run_srom_read(sc, addr + i / 2, &val); 1611 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1612 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1613 1614 if (sc->ntxchains == 3) { 1615 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1616 &val); 1617 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1618 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1619 } 1620 } 1621 /* Fix broken Tx power entries. */ 1622 for (i = 0; i < 14; i++) { 1623 if (sc->txpow1[i] > 31) 1624 sc->txpow1[i] = 5; 1625 if (sc->txpow2[i] > 31) 1626 sc->txpow2[i] = 5; 1627 if (sc->ntxchains == 3) { 1628 if (sc->txpow3[i] > 31) 1629 sc->txpow3[i] = 5; 1630 } 1631 } 1632 /* Read power settings for 5GHz channels. */ 1633 for (i = 0; i < 40; i += 2) { 1634 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1635 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1636 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1637 1638 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1639 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1640 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1641 1642 if (sc->ntxchains == 3) { 1643 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1644 &val); 1645 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1646 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1647 } 1648 } 1649 } 1650 1651 static void 1652 run_get_txpower(struct run_softc *sc) 1653 { 1654 uint16_t val; 1655 int i; 1656 1657 /* Read power settings for 2GHz channels. */ 1658 for (i = 0; i < 14; i += 2) { 1659 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1660 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1661 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1662 1663 if (sc->mac_ver != 0x5390) { 1664 run_srom_read(sc, 1665 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1666 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1667 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1668 } 1669 } 1670 /* Fix broken Tx power entries. */ 1671 for (i = 0; i < 14; i++) { 1672 if (sc->mac_ver >= 0x5390) { 1673 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1674 sc->txpow1[i] = 5; 1675 } else { 1676 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1677 sc->txpow1[i] = 5; 1678 } 1679 if (sc->mac_ver > 0x5390) { 1680 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1681 sc->txpow2[i] = 5; 1682 } else if (sc->mac_ver < 0x5390) { 1683 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1684 sc->txpow2[i] = 5; 1685 } 1686 DPRINTF("chan %d: power1=%d, power2=%d\n", 1687 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1688 } 1689 /* Read power settings for 5GHz channels. */ 1690 for (i = 0; i < 40; i += 2) { 1691 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1692 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1693 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1694 1695 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1696 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1697 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1698 } 1699 /* Fix broken Tx power entries. */ 1700 for (i = 0; i < 40; i++ ) { 1701 if (sc->mac_ver != 0x5592) { 1702 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1703 sc->txpow1[14 + i] = 5; 1704 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1705 sc->txpow2[14 + i] = 5; 1706 } 1707 DPRINTF("chan %d: power1=%d, power2=%d\n", 1708 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1709 sc->txpow2[14 + i]); 1710 } 1711 } 1712 1713 static int 1714 run_read_eeprom(struct run_softc *sc) 1715 { 1716 struct ieee80211com *ic = &sc->sc_ic; 1717 int8_t delta_2ghz, delta_5ghz; 1718 uint32_t tmp; 1719 uint16_t val; 1720 int ridx, ant, i; 1721 1722 /* check whether the ROM is eFUSE ROM or EEPROM */ 1723 sc->sc_srom_read = run_eeprom_read_2; 1724 if (sc->mac_ver >= 0x3070) { 1725 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1726 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1727 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1728 sc->sc_srom_read = run_efuse_read_2; 1729 } 1730 1731 /* read ROM version */ 1732 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1733 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1734 1735 /* read MAC address */ 1736 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1737 ic->ic_macaddr[0] = val & 0xff; 1738 ic->ic_macaddr[1] = val >> 8; 1739 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1740 ic->ic_macaddr[2] = val & 0xff; 1741 ic->ic_macaddr[3] = val >> 8; 1742 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1743 ic->ic_macaddr[4] = val & 0xff; 1744 ic->ic_macaddr[5] = val >> 8; 1745 1746 if (sc->mac_ver < 0x3593) { 1747 /* read vender BBP settings */ 1748 for (i = 0; i < 10; i++) { 1749 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1750 sc->bbp[i].val = val & 0xff; 1751 sc->bbp[i].reg = val >> 8; 1752 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1753 sc->bbp[i].val); 1754 } 1755 if (sc->mac_ver >= 0x3071) { 1756 /* read vendor RF settings */ 1757 for (i = 0; i < 10; i++) { 1758 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1759 &val); 1760 sc->rf[i].val = val & 0xff; 1761 sc->rf[i].reg = val >> 8; 1762 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1763 sc->rf[i].val); 1764 } 1765 } 1766 } 1767 1768 /* read RF frequency offset from EEPROM */ 1769 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1770 RT3593_EEPROM_FREQ, &val); 1771 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1772 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1773 1774 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1775 RT3593_EEPROM_FREQ_LEDS, &val); 1776 if (val >> 8 != 0xff) { 1777 /* read LEDs operating mode */ 1778 sc->leds = val >> 8; 1779 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1780 RT3593_EEPROM_LED1, &sc->led[0]); 1781 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1782 RT3593_EEPROM_LED2, &sc->led[1]); 1783 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1784 RT3593_EEPROM_LED3, &sc->led[2]); 1785 } else { 1786 /* broken EEPROM, use default settings */ 1787 sc->leds = 0x01; 1788 sc->led[0] = 0x5555; 1789 sc->led[1] = 0x2221; 1790 sc->led[2] = 0x5627; /* differs from RT2860 */ 1791 } 1792 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1793 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1794 1795 /* read RF information */ 1796 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1797 run_srom_read(sc, 0x00, &val); 1798 else 1799 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1800 1801 if (val == 0xffff) { 1802 device_printf(sc->sc_dev, 1803 "invalid EEPROM antenna info, using default\n"); 1804 DPRINTF("invalid EEPROM antenna info, using default\n"); 1805 if (sc->mac_ver == 0x3572) { 1806 /* default to RF3052 2T2R */ 1807 sc->rf_rev = RT3070_RF_3052; 1808 sc->ntxchains = 2; 1809 sc->nrxchains = 2; 1810 } else if (sc->mac_ver >= 0x3070) { 1811 /* default to RF3020 1T1R */ 1812 sc->rf_rev = RT3070_RF_3020; 1813 sc->ntxchains = 1; 1814 sc->nrxchains = 1; 1815 } else { 1816 /* default to RF2820 1T2R */ 1817 sc->rf_rev = RT2860_RF_2820; 1818 sc->ntxchains = 1; 1819 sc->nrxchains = 2; 1820 } 1821 } else { 1822 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1823 sc->rf_rev = val; 1824 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1825 } else 1826 sc->rf_rev = (val >> 8) & 0xf; 1827 sc->ntxchains = (val >> 4) & 0xf; 1828 sc->nrxchains = val & 0xf; 1829 } 1830 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1831 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1832 1833 /* check if RF supports automatic Tx access gain control */ 1834 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1835 DPRINTF("EEPROM CFG 0x%04x\n", val); 1836 /* check if driver should patch the DAC issue */ 1837 if ((val >> 8) != 0xff) 1838 sc->patch_dac = (val >> 15) & 1; 1839 if ((val & 0xff) != 0xff) { 1840 sc->ext_5ghz_lna = (val >> 3) & 1; 1841 sc->ext_2ghz_lna = (val >> 2) & 1; 1842 /* check if RF supports automatic Tx access gain control */ 1843 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1844 /* check if we have a hardware radio switch */ 1845 sc->rfswitch = val & 1; 1846 } 1847 1848 /* Read Tx power settings. */ 1849 if (sc->mac_ver == 0x3593) 1850 run_rt3593_get_txpower(sc); 1851 else 1852 run_get_txpower(sc); 1853 1854 /* read Tx power compensation for each Tx rate */ 1855 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1856 delta_2ghz = delta_5ghz = 0; 1857 if ((val & 0xff) != 0xff && (val & 0x80)) { 1858 delta_2ghz = val & 0xf; 1859 if (!(val & 0x40)) /* negative number */ 1860 delta_2ghz = -delta_2ghz; 1861 } 1862 val >>= 8; 1863 if ((val & 0xff) != 0xff && (val & 0x80)) { 1864 delta_5ghz = val & 0xf; 1865 if (!(val & 0x40)) /* negative number */ 1866 delta_5ghz = -delta_5ghz; 1867 } 1868 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1869 delta_2ghz, delta_5ghz); 1870 1871 for (ridx = 0; ridx < 5; ridx++) { 1872 uint32_t reg; 1873 1874 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1875 reg = val; 1876 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1877 reg |= (uint32_t)val << 16; 1878 1879 sc->txpow20mhz[ridx] = reg; 1880 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1881 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1882 1883 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1884 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1885 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1886 } 1887 1888 /* Read RSSI offsets and LNA gains from EEPROM. */ 1889 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1890 RT3593_EEPROM_RSSI1_2GHZ, &val); 1891 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1892 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1893 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1894 RT3593_EEPROM_RSSI2_2GHZ, &val); 1895 if (sc->mac_ver >= 0x3070) { 1896 if (sc->mac_ver == 0x3593) { 1897 sc->txmixgain_2ghz = 0; 1898 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1899 } else { 1900 /* 1901 * On RT3070 chips (limited to 2 Rx chains), this ROM 1902 * field contains the Tx mixer gain for the 2GHz band. 1903 */ 1904 if ((val & 0xff) != 0xff) 1905 sc->txmixgain_2ghz = val & 0x7; 1906 } 1907 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1908 } else 1909 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1910 if (sc->mac_ver == 0x3593) 1911 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1912 sc->lna[2] = val >> 8; /* channel group 2 */ 1913 1914 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1915 RT3593_EEPROM_RSSI1_5GHZ, &val); 1916 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1917 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1918 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1919 RT3593_EEPROM_RSSI2_5GHZ, &val); 1920 if (sc->mac_ver == 0x3572) { 1921 /* 1922 * On RT3572 chips (limited to 2 Rx chains), this ROM 1923 * field contains the Tx mixer gain for the 5GHz band. 1924 */ 1925 if ((val & 0xff) != 0xff) 1926 sc->txmixgain_5ghz = val & 0x7; 1927 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1928 } else 1929 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1930 if (sc->mac_ver == 0x3593) { 1931 sc->txmixgain_5ghz = 0; 1932 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1933 } 1934 sc->lna[3] = val >> 8; /* channel group 3 */ 1935 1936 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1937 RT3593_EEPROM_LNA, &val); 1938 sc->lna[0] = val & 0xff; /* channel group 0 */ 1939 sc->lna[1] = val >> 8; /* channel group 1 */ 1940 1941 /* fix broken 5GHz LNA entries */ 1942 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1943 DPRINTF("invalid LNA for channel group %d\n", 2); 1944 sc->lna[2] = sc->lna[1]; 1945 } 1946 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1947 DPRINTF("invalid LNA for channel group %d\n", 3); 1948 sc->lna[3] = sc->lna[1]; 1949 } 1950 1951 /* fix broken RSSI offset entries */ 1952 for (ant = 0; ant < 3; ant++) { 1953 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1954 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1955 ant + 1, sc->rssi_2ghz[ant]); 1956 sc->rssi_2ghz[ant] = 0; 1957 } 1958 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1959 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1960 ant + 1, sc->rssi_5ghz[ant]); 1961 sc->rssi_5ghz[ant] = 0; 1962 } 1963 } 1964 return (0); 1965 } 1966 1967 static struct ieee80211_node * 1968 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1969 { 1970 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1971 } 1972 1973 static int 1974 run_media_change(struct ifnet *ifp) 1975 { 1976 struct ieee80211vap *vap = ifp->if_softc; 1977 struct ieee80211com *ic = vap->iv_ic; 1978 const struct ieee80211_txparam *tp; 1979 struct run_softc *sc = ic->ic_softc; 1980 uint8_t rate, ridx; 1981 int error; 1982 1983 RUN_LOCK(sc); 1984 1985 error = ieee80211_media_change(ifp); 1986 if (error != ENETRESET) { 1987 RUN_UNLOCK(sc); 1988 return (error); 1989 } 1990 1991 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1992 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1993 struct ieee80211_node *ni; 1994 struct run_node *rn; 1995 1996 rate = ic->ic_sup_rates[ic->ic_curmode]. 1997 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1998 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1999 if (rt2860_rates[ridx].rate == rate) 2000 break; 2001 ni = ieee80211_ref_node(vap->iv_bss); 2002 rn = RUN_NODE(ni); 2003 rn->fix_ridx = ridx; 2004 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2005 ieee80211_free_node(ni); 2006 } 2007 2008 #if 0 2009 if ((ifp->if_flags & IFF_UP) && 2010 (ifp->if_drv_flags & RUN_RUNNING)){ 2011 run_init_locked(sc); 2012 } 2013 #endif 2014 2015 RUN_UNLOCK(sc); 2016 2017 return (0); 2018 } 2019 2020 static int 2021 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2022 { 2023 const struct ieee80211_txparam *tp; 2024 struct ieee80211com *ic = vap->iv_ic; 2025 struct run_softc *sc = ic->ic_softc; 2026 struct run_vap *rvp = RUN_VAP(vap); 2027 enum ieee80211_state ostate; 2028 uint32_t sta[3]; 2029 uint32_t tmp; 2030 uint8_t ratectl; 2031 uint8_t restart_ratectl = 0; 2032 uint8_t bid = 1 << rvp->rvp_id; 2033 2034 ostate = vap->iv_state; 2035 DPRINTF("%s -> %s\n", 2036 ieee80211_state_name[ostate], 2037 ieee80211_state_name[nstate]); 2038 2039 IEEE80211_UNLOCK(ic); 2040 RUN_LOCK(sc); 2041 2042 ratectl = sc->ratectl_run; /* remember current state */ 2043 sc->ratectl_run = RUN_RATECTL_OFF; 2044 usb_callout_stop(&sc->ratectl_ch); 2045 2046 if (ostate == IEEE80211_S_RUN) { 2047 /* turn link LED off */ 2048 run_set_leds(sc, RT2860_LED_RADIO); 2049 } 2050 2051 switch (nstate) { 2052 case IEEE80211_S_INIT: 2053 restart_ratectl = 1; 2054 2055 if (ostate != IEEE80211_S_RUN) 2056 break; 2057 2058 ratectl &= ~bid; 2059 sc->runbmap &= ~bid; 2060 2061 /* abort TSF synchronization if there is no vap running */ 2062 if (--sc->running == 0) { 2063 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2064 run_write(sc, RT2860_BCN_TIME_CFG, 2065 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2066 RT2860_TBTT_TIMER_EN)); 2067 } 2068 break; 2069 2070 case IEEE80211_S_RUN: 2071 if (!(sc->runbmap & bid)) { 2072 if(sc->running++) 2073 restart_ratectl = 1; 2074 sc->runbmap |= bid; 2075 } 2076 2077 m_freem(rvp->beacon_mbuf); 2078 rvp->beacon_mbuf = NULL; 2079 2080 switch (vap->iv_opmode) { 2081 case IEEE80211_M_HOSTAP: 2082 case IEEE80211_M_MBSS: 2083 sc->ap_running |= bid; 2084 ic->ic_opmode = vap->iv_opmode; 2085 run_update_beacon_cb(vap); 2086 break; 2087 case IEEE80211_M_IBSS: 2088 sc->adhoc_running |= bid; 2089 if (!sc->ap_running) 2090 ic->ic_opmode = vap->iv_opmode; 2091 run_update_beacon_cb(vap); 2092 break; 2093 case IEEE80211_M_STA: 2094 sc->sta_running |= bid; 2095 if (!sc->ap_running && !sc->adhoc_running) 2096 ic->ic_opmode = vap->iv_opmode; 2097 2098 /* read statistic counters (clear on read) */ 2099 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2100 (uint8_t *)sta, sizeof sta); 2101 2102 break; 2103 default: 2104 ic->ic_opmode = vap->iv_opmode; 2105 break; 2106 } 2107 2108 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2109 struct ieee80211_node *ni; 2110 2111 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2112 RUN_UNLOCK(sc); 2113 IEEE80211_LOCK(ic); 2114 return (-1); 2115 } 2116 run_updateslot(ic); 2117 run_enable_mrr(sc); 2118 run_set_txpreamble(sc); 2119 run_set_basicrates(sc); 2120 ni = ieee80211_ref_node(vap->iv_bss); 2121 IEEE80211_ADDR_COPY(ic->ic_macaddr, ni->ni_bssid); 2122 run_set_bssid(sc, ni->ni_bssid); 2123 ieee80211_free_node(ni); 2124 run_enable_tsf_sync(sc); 2125 2126 /* enable automatic rate adaptation */ 2127 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2128 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2129 ratectl |= bid; 2130 } else 2131 run_enable_tsf(sc); 2132 2133 /* turn link LED on */ 2134 run_set_leds(sc, RT2860_LED_RADIO | 2135 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2136 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2137 2138 break; 2139 default: 2140 DPRINTFN(6, "undefined case\n"); 2141 break; 2142 } 2143 2144 /* restart amrr for running VAPs */ 2145 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2146 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2147 2148 RUN_UNLOCK(sc); 2149 IEEE80211_LOCK(ic); 2150 2151 return(rvp->newstate(vap, nstate, arg)); 2152 } 2153 2154 /* ARGSUSED */ 2155 static void 2156 run_wme_update_cb(void *arg) 2157 { 2158 struct ieee80211com *ic = arg; 2159 struct run_softc *sc = ic->ic_softc; 2160 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2161 int aci, error = 0; 2162 2163 RUN_LOCK_ASSERT(sc, MA_OWNED); 2164 2165 /* update MAC TX configuration registers */ 2166 for (aci = 0; aci < WME_NUM_AC; aci++) { 2167 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2168 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2169 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2170 wmesp->wme_params[aci].wmep_aifsn << 8 | 2171 wmesp->wme_params[aci].wmep_txopLimit); 2172 if (error) goto err; 2173 } 2174 2175 /* update SCH/DMA registers too */ 2176 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2177 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2178 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2179 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2180 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2181 if (error) goto err; 2182 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2183 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2184 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2185 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2186 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2187 if (error) goto err; 2188 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2189 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2190 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2191 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2192 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2193 if (error) goto err; 2194 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2195 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2196 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2197 if (error) goto err; 2198 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2199 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2200 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2201 2202 err: 2203 if (error) 2204 DPRINTF("WME update failed\n"); 2205 2206 return; 2207 } 2208 2209 static int 2210 run_wme_update(struct ieee80211com *ic) 2211 { 2212 struct run_softc *sc = ic->ic_softc; 2213 2214 /* sometime called wothout lock */ 2215 if (mtx_owned(&ic->ic_comlock.mtx)) { 2216 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2217 DPRINTF("cmdq_store=%d\n", i); 2218 sc->cmdq[i].func = run_wme_update_cb; 2219 sc->cmdq[i].arg0 = ic; 2220 ieee80211_runtask(ic, &sc->cmdq_task); 2221 return (0); 2222 } 2223 2224 RUN_LOCK(sc); 2225 run_wme_update_cb(ic); 2226 RUN_UNLOCK(sc); 2227 2228 /* return whatever, upper layer doesn't care anyway */ 2229 return (0); 2230 } 2231 2232 static void 2233 run_key_set_cb(void *arg) 2234 { 2235 struct run_cmdq *cmdq = arg; 2236 struct ieee80211vap *vap = cmdq->arg1; 2237 struct ieee80211_key *k = cmdq->k; 2238 struct ieee80211com *ic = vap->iv_ic; 2239 struct run_softc *sc = ic->ic_softc; 2240 struct ieee80211_node *ni; 2241 u_int cipher = k->wk_cipher->ic_cipher; 2242 uint32_t attr; 2243 uint16_t base, associd; 2244 uint8_t mode, wcid, iv[8]; 2245 2246 RUN_LOCK_ASSERT(sc, MA_OWNED); 2247 2248 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2249 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2250 else 2251 ni = vap->iv_bss; 2252 associd = (ni != NULL) ? ni->ni_associd : 0; 2253 2254 /* map net80211 cipher to RT2860 security mode */ 2255 switch (cipher) { 2256 case IEEE80211_CIPHER_WEP: 2257 if(k->wk_keylen < 8) 2258 mode = RT2860_MODE_WEP40; 2259 else 2260 mode = RT2860_MODE_WEP104; 2261 break; 2262 case IEEE80211_CIPHER_TKIP: 2263 mode = RT2860_MODE_TKIP; 2264 break; 2265 case IEEE80211_CIPHER_AES_CCM: 2266 mode = RT2860_MODE_AES_CCMP; 2267 break; 2268 default: 2269 DPRINTF("undefined case\n"); 2270 return; 2271 } 2272 2273 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2274 associd, k->wk_keyix, mode, 2275 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2276 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2277 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2278 2279 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2280 wcid = 0; /* NB: update WCID0 for group keys */ 2281 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2282 } else { 2283 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2284 1 : RUN_AID2WCID(associd); 2285 base = RT2860_PKEY(wcid); 2286 } 2287 2288 if (cipher == IEEE80211_CIPHER_TKIP) { 2289 if(run_write_region_1(sc, base, k->wk_key, 16)) 2290 return; 2291 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2292 return; 2293 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2294 return; 2295 } else { 2296 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2297 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2298 return; 2299 } 2300 2301 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2302 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2303 /* set initial packet number in IV+EIV */ 2304 if (cipher == IEEE80211_CIPHER_WEP) { 2305 memset(iv, 0, sizeof iv); 2306 iv[3] = vap->iv_def_txkey << 6; 2307 } else { 2308 if (cipher == IEEE80211_CIPHER_TKIP) { 2309 iv[0] = k->wk_keytsc >> 8; 2310 iv[1] = (iv[0] | 0x20) & 0x7f; 2311 iv[2] = k->wk_keytsc; 2312 } else /* CCMP */ { 2313 iv[0] = k->wk_keytsc; 2314 iv[1] = k->wk_keytsc >> 8; 2315 iv[2] = 0; 2316 } 2317 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2318 iv[4] = k->wk_keytsc >> 16; 2319 iv[5] = k->wk_keytsc >> 24; 2320 iv[6] = k->wk_keytsc >> 32; 2321 iv[7] = k->wk_keytsc >> 40; 2322 } 2323 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2324 return; 2325 } 2326 2327 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2328 /* install group key */ 2329 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2330 return; 2331 attr &= ~(0xf << (k->wk_keyix * 4)); 2332 attr |= mode << (k->wk_keyix * 4); 2333 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2334 return; 2335 } else { 2336 /* install pairwise key */ 2337 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2338 return; 2339 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2340 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2341 return; 2342 } 2343 2344 /* TODO create a pass-thru key entry? */ 2345 2346 /* need wcid to delete the right key later */ 2347 k->wk_pad = wcid; 2348 } 2349 2350 /* 2351 * Don't have to be deferred, but in order to keep order of 2352 * execution, i.e. with run_key_delete(), defer this and let 2353 * run_cmdq_cb() maintain the order. 2354 * 2355 * return 0 on error 2356 */ 2357 static int 2358 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2359 const uint8_t mac[IEEE80211_ADDR_LEN]) 2360 { 2361 struct ieee80211com *ic = vap->iv_ic; 2362 struct run_softc *sc = ic->ic_softc; 2363 uint32_t i; 2364 2365 i = RUN_CMDQ_GET(&sc->cmdq_store); 2366 DPRINTF("cmdq_store=%d\n", i); 2367 sc->cmdq[i].func = run_key_set_cb; 2368 sc->cmdq[i].arg0 = NULL; 2369 sc->cmdq[i].arg1 = vap; 2370 sc->cmdq[i].k = k; 2371 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2372 ieee80211_runtask(ic, &sc->cmdq_task); 2373 2374 /* 2375 * To make sure key will be set when hostapd 2376 * calls iv_key_set() before if_init(). 2377 */ 2378 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2379 RUN_LOCK(sc); 2380 sc->cmdq_key_set = RUN_CMDQ_GO; 2381 RUN_UNLOCK(sc); 2382 } 2383 2384 return (1); 2385 } 2386 2387 /* 2388 * If wlan is destroyed without being brought down i.e. without 2389 * wlan down or wpa_cli terminate, this function is called after 2390 * vap is gone. Don't refer it. 2391 */ 2392 static void 2393 run_key_delete_cb(void *arg) 2394 { 2395 struct run_cmdq *cmdq = arg; 2396 struct run_softc *sc = cmdq->arg1; 2397 struct ieee80211_key *k = &cmdq->key; 2398 uint32_t attr; 2399 uint8_t wcid; 2400 2401 RUN_LOCK_ASSERT(sc, MA_OWNED); 2402 2403 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2404 /* remove group key */ 2405 DPRINTF("removing group key\n"); 2406 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2407 attr &= ~(0xf << (k->wk_keyix * 4)); 2408 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2409 } else { 2410 /* remove pairwise key */ 2411 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2412 /* matching wcid was written to wk_pad in run_key_set() */ 2413 wcid = k->wk_pad; 2414 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2415 attr &= ~0xf; 2416 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2417 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2418 } 2419 2420 k->wk_pad = 0; 2421 } 2422 2423 /* 2424 * return 0 on error 2425 */ 2426 static int 2427 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2428 { 2429 struct ieee80211com *ic = vap->iv_ic; 2430 struct run_softc *sc = ic->ic_softc; 2431 struct ieee80211_key *k0; 2432 uint32_t i; 2433 2434 /* 2435 * When called back, key might be gone. So, make a copy 2436 * of some values need to delete keys before deferring. 2437 * But, because of LOR with node lock, cannot use lock here. 2438 * So, use atomic instead. 2439 */ 2440 i = RUN_CMDQ_GET(&sc->cmdq_store); 2441 DPRINTF("cmdq_store=%d\n", i); 2442 sc->cmdq[i].func = run_key_delete_cb; 2443 sc->cmdq[i].arg0 = NULL; 2444 sc->cmdq[i].arg1 = sc; 2445 k0 = &sc->cmdq[i].key; 2446 k0->wk_flags = k->wk_flags; 2447 k0->wk_keyix = k->wk_keyix; 2448 /* matching wcid was written to wk_pad in run_key_set() */ 2449 k0->wk_pad = k->wk_pad; 2450 ieee80211_runtask(ic, &sc->cmdq_task); 2451 return (1); /* return fake success */ 2452 2453 } 2454 2455 static void 2456 run_ratectl_to(void *arg) 2457 { 2458 struct run_softc *sc = arg; 2459 2460 /* do it in a process context, so it can go sleep */ 2461 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2462 /* next timeout will be rescheduled in the callback task */ 2463 } 2464 2465 /* ARGSUSED */ 2466 static void 2467 run_ratectl_cb(void *arg, int pending) 2468 { 2469 struct run_softc *sc = arg; 2470 struct ieee80211com *ic = &sc->sc_ic; 2471 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2472 2473 if (vap == NULL) 2474 return; 2475 2476 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2477 /* 2478 * run_reset_livelock() doesn't do anything with AMRR, 2479 * but Ralink wants us to call it every 1 sec. So, we 2480 * piggyback here rather than creating another callout. 2481 * Livelock may occur only in HOSTAP or IBSS mode 2482 * (when h/w is sending beacons). 2483 */ 2484 RUN_LOCK(sc); 2485 run_reset_livelock(sc); 2486 /* just in case, there are some stats to drain */ 2487 run_drain_fifo(sc); 2488 RUN_UNLOCK(sc); 2489 } 2490 2491 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2492 2493 RUN_LOCK(sc); 2494 if(sc->ratectl_run != RUN_RATECTL_OFF) 2495 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2496 RUN_UNLOCK(sc); 2497 } 2498 2499 static void 2500 run_drain_fifo(void *arg) 2501 { 2502 struct run_softc *sc = arg; 2503 uint32_t stat; 2504 uint16_t (*wstat)[3]; 2505 uint8_t wcid, mcs, pid; 2506 int8_t retry; 2507 2508 RUN_LOCK_ASSERT(sc, MA_OWNED); 2509 2510 for (;;) { 2511 /* drain Tx status FIFO (maxsize = 16) */ 2512 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2513 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2514 if (!(stat & RT2860_TXQ_VLD)) 2515 break; 2516 2517 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2518 2519 /* if no ACK was requested, no feedback is available */ 2520 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2521 wcid == 0) 2522 continue; 2523 2524 /* 2525 * Even though each stat is Tx-complete-status like format, 2526 * the device can poll stats. Because there is no guarantee 2527 * that the referring node is still around when read the stats. 2528 * So that, if we use ieee80211_ratectl_tx_update(), we will 2529 * have hard time not to refer already freed node. 2530 * 2531 * To eliminate such page faults, we poll stats in softc. 2532 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2533 */ 2534 wstat = &(sc->wcid_stats[wcid]); 2535 (*wstat)[RUN_TXCNT]++; 2536 if (stat & RT2860_TXQ_OK) 2537 (*wstat)[RUN_SUCCESS]++; 2538 else 2539 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2540 /* 2541 * Check if there were retries, ie if the Tx success rate is 2542 * different from the requested rate. Note that it works only 2543 * because we do not allow rate fallback from OFDM to CCK. 2544 */ 2545 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2546 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2547 if ((retry = pid -1 - mcs) > 0) { 2548 (*wstat)[RUN_TXCNT] += retry; 2549 (*wstat)[RUN_RETRY] += retry; 2550 } 2551 } 2552 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2553 2554 sc->fifo_cnt = 0; 2555 } 2556 2557 static void 2558 run_iter_func(void *arg, struct ieee80211_node *ni) 2559 { 2560 struct run_softc *sc = arg; 2561 struct ieee80211vap *vap = ni->ni_vap; 2562 struct run_node *rn = RUN_NODE(ni); 2563 union run_stats sta[2]; 2564 uint16_t (*wstat)[3]; 2565 int txcnt, success, retrycnt, error; 2566 2567 RUN_LOCK(sc); 2568 2569 /* Check for special case */ 2570 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2571 ni != vap->iv_bss) 2572 goto fail; 2573 2574 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2575 vap->iv_opmode == IEEE80211_M_STA)) { 2576 /* read statistic counters (clear on read) and update AMRR state */ 2577 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2578 sizeof sta); 2579 if (error != 0) 2580 goto fail; 2581 2582 /* count failed TX as errors */ 2583 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2584 le16toh(sta[0].error.fail)); 2585 2586 retrycnt = le16toh(sta[1].tx.retry); 2587 success = le16toh(sta[1].tx.success); 2588 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2589 2590 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2591 retrycnt, success, le16toh(sta[0].error.fail)); 2592 } else { 2593 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2594 2595 if (wstat == &(sc->wcid_stats[0]) || 2596 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2597 goto fail; 2598 2599 txcnt = (*wstat)[RUN_TXCNT]; 2600 success = (*wstat)[RUN_SUCCESS]; 2601 retrycnt = (*wstat)[RUN_RETRY]; 2602 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2603 retrycnt, txcnt, success); 2604 2605 memset(wstat, 0, sizeof(*wstat)); 2606 } 2607 2608 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2609 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2610 2611 fail: 2612 RUN_UNLOCK(sc); 2613 2614 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2615 } 2616 2617 static void 2618 run_newassoc_cb(void *arg) 2619 { 2620 struct run_cmdq *cmdq = arg; 2621 struct ieee80211_node *ni = cmdq->arg1; 2622 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2623 uint8_t wcid = cmdq->wcid; 2624 2625 RUN_LOCK_ASSERT(sc, MA_OWNED); 2626 2627 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2628 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2629 2630 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2631 } 2632 2633 static void 2634 run_newassoc(struct ieee80211_node *ni, int isnew) 2635 { 2636 struct run_node *rn = RUN_NODE(ni); 2637 struct ieee80211_rateset *rs = &ni->ni_rates; 2638 struct ieee80211vap *vap = ni->ni_vap; 2639 struct ieee80211com *ic = vap->iv_ic; 2640 struct run_softc *sc = ic->ic_softc; 2641 uint8_t rate; 2642 uint8_t ridx; 2643 uint8_t wcid; 2644 int i, j; 2645 2646 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2647 1 : RUN_AID2WCID(ni->ni_associd); 2648 2649 if (wcid > RT2870_WCID_MAX) { 2650 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2651 return; 2652 } 2653 2654 /* only interested in true associations */ 2655 if (isnew && ni->ni_associd != 0) { 2656 2657 /* 2658 * This function could is called though timeout function. 2659 * Need to defer. 2660 */ 2661 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2662 DPRINTF("cmdq_store=%d\n", cnt); 2663 sc->cmdq[cnt].func = run_newassoc_cb; 2664 sc->cmdq[cnt].arg0 = NULL; 2665 sc->cmdq[cnt].arg1 = ni; 2666 sc->cmdq[cnt].wcid = wcid; 2667 ieee80211_runtask(ic, &sc->cmdq_task); 2668 } 2669 2670 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2671 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2672 2673 for (i = 0; i < rs->rs_nrates; i++) { 2674 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2675 /* convert 802.11 rate to hardware rate index */ 2676 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2677 if (rt2860_rates[ridx].rate == rate) 2678 break; 2679 rn->ridx[i] = ridx; 2680 /* determine rate of control response frames */ 2681 for (j = i; j >= 0; j--) { 2682 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2683 rt2860_rates[rn->ridx[i]].phy == 2684 rt2860_rates[rn->ridx[j]].phy) 2685 break; 2686 } 2687 if (j >= 0) { 2688 rn->ctl_ridx[i] = rn->ridx[j]; 2689 } else { 2690 /* no basic rate found, use mandatory one */ 2691 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2692 } 2693 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2694 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2695 } 2696 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2697 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2698 if (rt2860_rates[ridx].rate == rate) 2699 break; 2700 rn->mgt_ridx = ridx; 2701 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2702 2703 RUN_LOCK(sc); 2704 if(sc->ratectl_run != RUN_RATECTL_OFF) 2705 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2706 RUN_UNLOCK(sc); 2707 } 2708 2709 /* 2710 * Return the Rx chain with the highest RSSI for a given frame. 2711 */ 2712 static __inline uint8_t 2713 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2714 { 2715 uint8_t rxchain = 0; 2716 2717 if (sc->nrxchains > 1) { 2718 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2719 rxchain = 1; 2720 if (sc->nrxchains > 2) 2721 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2722 rxchain = 2; 2723 } 2724 return (rxchain); 2725 } 2726 2727 static void 2728 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2729 { 2730 struct ieee80211com *ic = &sc->sc_ic; 2731 struct ieee80211_frame *wh; 2732 struct ieee80211_node *ni; 2733 struct rt2870_rxd *rxd; 2734 struct rt2860_rxwi *rxwi; 2735 uint32_t flags; 2736 uint16_t len, rxwisize; 2737 uint8_t ant, rssi; 2738 int8_t nf; 2739 2740 rxwi = mtod(m, struct rt2860_rxwi *); 2741 len = le16toh(rxwi->len) & 0xfff; 2742 rxwisize = sizeof(struct rt2860_rxwi); 2743 if (sc->mac_ver == 0x5592) 2744 rxwisize += sizeof(uint64_t); 2745 else if (sc->mac_ver == 0x3593) 2746 rxwisize += sizeof(uint32_t); 2747 if (__predict_false(len > dmalen)) { 2748 m_freem(m); 2749 counter_u64_add(ic->ic_ierrors, 1); 2750 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2751 return; 2752 } 2753 /* Rx descriptor is located at the end */ 2754 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2755 flags = le32toh(rxd->flags); 2756 2757 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2758 m_freem(m); 2759 counter_u64_add(ic->ic_ierrors, 1); 2760 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2761 return; 2762 } 2763 2764 m->m_data += rxwisize; 2765 m->m_pkthdr.len = m->m_len -= rxwisize; 2766 2767 wh = mtod(m, struct ieee80211_frame *); 2768 2769 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2770 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2771 m->m_flags |= M_WEP; 2772 } 2773 2774 if (flags & RT2860_RX_L2PAD) { 2775 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2776 len += 2; 2777 } 2778 2779 ni = ieee80211_find_rxnode(ic, 2780 mtod(m, struct ieee80211_frame_min *)); 2781 2782 if (__predict_false(flags & RT2860_RX_MICERR)) { 2783 /* report MIC failures to net80211 for TKIP */ 2784 if (ni != NULL) 2785 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2786 rxwi->keyidx); 2787 m_freem(m); 2788 counter_u64_add(ic->ic_ierrors, 1); 2789 DPRINTF("MIC error. Someone is lying.\n"); 2790 return; 2791 } 2792 2793 ant = run_maxrssi_chain(sc, rxwi); 2794 rssi = rxwi->rssi[ant]; 2795 nf = run_rssi2dbm(sc, rssi, ant); 2796 2797 m->m_pkthdr.len = m->m_len = len; 2798 2799 if (ni != NULL) { 2800 (void)ieee80211_input(ni, m, rssi, nf); 2801 ieee80211_free_node(ni); 2802 } else { 2803 (void)ieee80211_input_all(ic, m, rssi, nf); 2804 } 2805 2806 if (__predict_false(ieee80211_radiotap_active(ic))) { 2807 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2808 uint16_t phy; 2809 2810 tap->wr_flags = 0; 2811 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2812 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2813 tap->wr_antsignal = rssi; 2814 tap->wr_antenna = ant; 2815 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2816 tap->wr_rate = 2; /* in case it can't be found below */ 2817 run_get_tsf(sc, &tap->wr_tsf); 2818 phy = le16toh(rxwi->phy); 2819 switch (phy & RT2860_PHY_MODE) { 2820 case RT2860_PHY_CCK: 2821 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2822 case 0: tap->wr_rate = 2; break; 2823 case 1: tap->wr_rate = 4; break; 2824 case 2: tap->wr_rate = 11; break; 2825 case 3: tap->wr_rate = 22; break; 2826 } 2827 if (phy & RT2860_PHY_SHPRE) 2828 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2829 break; 2830 case RT2860_PHY_OFDM: 2831 switch (phy & RT2860_PHY_MCS) { 2832 case 0: tap->wr_rate = 12; break; 2833 case 1: tap->wr_rate = 18; break; 2834 case 2: tap->wr_rate = 24; break; 2835 case 3: tap->wr_rate = 36; break; 2836 case 4: tap->wr_rate = 48; break; 2837 case 5: tap->wr_rate = 72; break; 2838 case 6: tap->wr_rate = 96; break; 2839 case 7: tap->wr_rate = 108; break; 2840 } 2841 break; 2842 } 2843 } 2844 } 2845 2846 static void 2847 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2848 { 2849 struct run_softc *sc = usbd_xfer_softc(xfer); 2850 struct ieee80211com *ic = &sc->sc_ic; 2851 struct mbuf *m = NULL; 2852 struct mbuf *m0; 2853 uint32_t dmalen; 2854 uint16_t rxwisize; 2855 int xferlen; 2856 2857 rxwisize = sizeof(struct rt2860_rxwi); 2858 if (sc->mac_ver == 0x5592) 2859 rxwisize += sizeof(uint64_t); 2860 else if (sc->mac_ver == 0x3593) 2861 rxwisize += sizeof(uint32_t); 2862 2863 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2864 2865 switch (USB_GET_STATE(xfer)) { 2866 case USB_ST_TRANSFERRED: 2867 2868 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2869 2870 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2871 sizeof(struct rt2870_rxd))) { 2872 DPRINTF("xfer too short %d\n", xferlen); 2873 goto tr_setup; 2874 } 2875 2876 m = sc->rx_m; 2877 sc->rx_m = NULL; 2878 2879 /* FALLTHROUGH */ 2880 case USB_ST_SETUP: 2881 tr_setup: 2882 if (sc->rx_m == NULL) { 2883 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2884 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2885 } 2886 if (sc->rx_m == NULL) { 2887 DPRINTF("could not allocate mbuf - idle with stall\n"); 2888 counter_u64_add(ic->ic_ierrors, 1); 2889 usbd_xfer_set_stall(xfer); 2890 usbd_xfer_set_frames(xfer, 0); 2891 } else { 2892 /* 2893 * Directly loading a mbuf cluster into DMA to 2894 * save some data copying. This works because 2895 * there is only one cluster. 2896 */ 2897 usbd_xfer_set_frame_data(xfer, 0, 2898 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2899 usbd_xfer_set_frames(xfer, 1); 2900 } 2901 usbd_transfer_submit(xfer); 2902 break; 2903 2904 default: /* Error */ 2905 if (error != USB_ERR_CANCELLED) { 2906 /* try to clear stall first */ 2907 usbd_xfer_set_stall(xfer); 2908 if (error == USB_ERR_TIMEOUT) 2909 device_printf(sc->sc_dev, "device timeout\n"); 2910 counter_u64_add(ic->ic_ierrors, 1); 2911 goto tr_setup; 2912 } 2913 if (sc->rx_m != NULL) { 2914 m_freem(sc->rx_m); 2915 sc->rx_m = NULL; 2916 } 2917 break; 2918 } 2919 2920 if (m == NULL) 2921 return; 2922 2923 /* inputting all the frames must be last */ 2924 2925 RUN_UNLOCK(sc); 2926 2927 m->m_pkthdr.len = m->m_len = xferlen; 2928 2929 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2930 for(;;) { 2931 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2932 2933 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2934 ((dmalen & 3) != 0)) { 2935 DPRINTF("bad DMA length %u\n", dmalen); 2936 break; 2937 } 2938 if ((dmalen + 8) > (uint32_t)xferlen) { 2939 DPRINTF("bad DMA length %u > %d\n", 2940 dmalen + 8, xferlen); 2941 break; 2942 } 2943 2944 /* If it is the last one or a single frame, we won't copy. */ 2945 if ((xferlen -= dmalen + 8) <= 8) { 2946 /* trim 32-bit DMA-len header */ 2947 m->m_data += 4; 2948 m->m_pkthdr.len = m->m_len -= 4; 2949 run_rx_frame(sc, m, dmalen); 2950 m = NULL; /* don't free source buffer */ 2951 break; 2952 } 2953 2954 /* copy aggregated frames to another mbuf */ 2955 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2956 if (__predict_false(m0 == NULL)) { 2957 DPRINTF("could not allocate mbuf\n"); 2958 counter_u64_add(ic->ic_ierrors, 1); 2959 break; 2960 } 2961 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2962 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2963 m0->m_pkthdr.len = m0->m_len = 2964 dmalen + sizeof(struct rt2870_rxd); 2965 run_rx_frame(sc, m0, dmalen); 2966 2967 /* update data ptr */ 2968 m->m_data += dmalen + 8; 2969 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2970 } 2971 2972 /* make sure we free the source buffer, if any */ 2973 m_freem(m); 2974 2975 RUN_LOCK(sc); 2976 } 2977 2978 static void 2979 run_tx_free(struct run_endpoint_queue *pq, 2980 struct run_tx_data *data, int txerr) 2981 { 2982 if (data->m != NULL) { 2983 if (data->m->m_flags & M_TXCB) 2984 ieee80211_process_callback(data->ni, data->m, 2985 txerr ? ETIMEDOUT : 0); 2986 m_freem(data->m); 2987 data->m = NULL; 2988 2989 if (data->ni == NULL) { 2990 DPRINTF("no node\n"); 2991 } else { 2992 ieee80211_free_node(data->ni); 2993 data->ni = NULL; 2994 } 2995 } 2996 2997 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2998 pq->tx_nfree++; 2999 } 3000 3001 static void 3002 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3003 { 3004 struct run_softc *sc = usbd_xfer_softc(xfer); 3005 struct ieee80211com *ic = &sc->sc_ic; 3006 struct run_tx_data *data; 3007 struct ieee80211vap *vap = NULL; 3008 struct usb_page_cache *pc; 3009 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3010 struct mbuf *m; 3011 usb_frlength_t size; 3012 int actlen; 3013 int sumlen; 3014 3015 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3016 3017 switch (USB_GET_STATE(xfer)) { 3018 case USB_ST_TRANSFERRED: 3019 DPRINTFN(11, "transfer complete: %d " 3020 "bytes @ index %d\n", actlen, index); 3021 3022 data = usbd_xfer_get_priv(xfer); 3023 run_tx_free(pq, data, 0); 3024 usbd_xfer_set_priv(xfer, NULL); 3025 3026 /* FALLTHROUGH */ 3027 case USB_ST_SETUP: 3028 tr_setup: 3029 data = STAILQ_FIRST(&pq->tx_qh); 3030 if (data == NULL) 3031 break; 3032 3033 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3034 3035 m = data->m; 3036 size = (sc->mac_ver == 0x5592) ? 3037 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3038 if ((m->m_pkthdr.len + 3039 size + 3 + 8) > RUN_MAX_TXSZ) { 3040 DPRINTF("data overflow, %u bytes\n", 3041 m->m_pkthdr.len); 3042 run_tx_free(pq, data, 1); 3043 goto tr_setup; 3044 } 3045 3046 pc = usbd_xfer_get_frame(xfer, 0); 3047 usbd_copy_in(pc, 0, &data->desc, size); 3048 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3049 size += m->m_pkthdr.len; 3050 /* 3051 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3052 * 4-byte padding), and be sure to zero those trailing 3053 * bytes: 3054 */ 3055 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3056 size += ((-size) & 3) + 8; 3057 3058 vap = data->ni->ni_vap; 3059 if (ieee80211_radiotap_active_vap(vap)) { 3060 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3061 struct rt2860_txwi *txwi = 3062 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3063 tap->wt_flags = 0; 3064 tap->wt_rate = rt2860_rates[data->ridx].rate; 3065 run_get_tsf(sc, &tap->wt_tsf); 3066 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3067 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3068 tap->wt_hwqueue = index; 3069 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3070 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3071 3072 ieee80211_radiotap_tx(vap, m); 3073 } 3074 3075 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3076 m->m_pkthdr.len, size, index); 3077 3078 usbd_xfer_set_frame_len(xfer, 0, size); 3079 usbd_xfer_set_priv(xfer, data); 3080 usbd_transfer_submit(xfer); 3081 run_start(sc); 3082 3083 break; 3084 3085 default: 3086 DPRINTF("USB transfer error, %s\n", 3087 usbd_errstr(error)); 3088 3089 data = usbd_xfer_get_priv(xfer); 3090 3091 if (data != NULL) { 3092 if(data->ni != NULL) 3093 vap = data->ni->ni_vap; 3094 run_tx_free(pq, data, error); 3095 usbd_xfer_set_priv(xfer, NULL); 3096 } 3097 3098 if (vap == NULL) 3099 vap = TAILQ_FIRST(&ic->ic_vaps); 3100 3101 if (error != USB_ERR_CANCELLED) { 3102 if (error == USB_ERR_TIMEOUT) { 3103 device_printf(sc->sc_dev, "device timeout\n"); 3104 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3105 DPRINTF("cmdq_store=%d\n", i); 3106 sc->cmdq[i].func = run_usb_timeout_cb; 3107 sc->cmdq[i].arg0 = vap; 3108 ieee80211_runtask(ic, &sc->cmdq_task); 3109 } 3110 3111 /* 3112 * Try to clear stall first, also if other 3113 * errors occur, hence clearing stall 3114 * introduces a 50 ms delay: 3115 */ 3116 usbd_xfer_set_stall(xfer); 3117 goto tr_setup; 3118 } 3119 break; 3120 } 3121 } 3122 3123 static void 3124 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3125 { 3126 run_bulk_tx_callbackN(xfer, error, 0); 3127 } 3128 3129 static void 3130 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3131 { 3132 run_bulk_tx_callbackN(xfer, error, 1); 3133 } 3134 3135 static void 3136 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3137 { 3138 run_bulk_tx_callbackN(xfer, error, 2); 3139 } 3140 3141 static void 3142 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3143 { 3144 run_bulk_tx_callbackN(xfer, error, 3); 3145 } 3146 3147 static void 3148 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3149 { 3150 run_bulk_tx_callbackN(xfer, error, 4); 3151 } 3152 3153 static void 3154 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3155 { 3156 run_bulk_tx_callbackN(xfer, error, 5); 3157 } 3158 3159 static void 3160 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3161 { 3162 struct mbuf *m = data->m; 3163 struct ieee80211com *ic = &sc->sc_ic; 3164 struct ieee80211vap *vap = data->ni->ni_vap; 3165 struct ieee80211_frame *wh; 3166 struct rt2870_txd *txd; 3167 struct rt2860_txwi *txwi; 3168 uint16_t xferlen, txwisize; 3169 uint16_t mcs; 3170 uint8_t ridx = data->ridx; 3171 uint8_t pad; 3172 3173 /* get MCS code from rate index */ 3174 mcs = rt2860_rates[ridx].mcs; 3175 3176 txwisize = (sc->mac_ver == 0x5592) ? 3177 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3178 xferlen = txwisize + m->m_pkthdr.len; 3179 3180 /* roundup to 32-bit alignment */ 3181 xferlen = (xferlen + 3) & ~3; 3182 3183 txd = (struct rt2870_txd *)&data->desc; 3184 txd->len = htole16(xferlen); 3185 3186 wh = mtod(m, struct ieee80211_frame *); 3187 3188 /* 3189 * Ether both are true or both are false, the header 3190 * are nicely aligned to 32-bit. So, no L2 padding. 3191 */ 3192 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3193 pad = 0; 3194 else 3195 pad = 2; 3196 3197 /* setup TX Wireless Information */ 3198 txwi = (struct rt2860_txwi *)(txd + 1); 3199 txwi->len = htole16(m->m_pkthdr.len - pad); 3200 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3201 mcs |= RT2860_PHY_CCK; 3202 if (ridx != RT2860_RIDX_CCK1 && 3203 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3204 mcs |= RT2860_PHY_SHPRE; 3205 } else 3206 mcs |= RT2860_PHY_OFDM; 3207 txwi->phy = htole16(mcs); 3208 3209 /* check if RTS/CTS or CTS-to-self protection is required */ 3210 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3211 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3212 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3213 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3214 txwi->txop |= RT2860_TX_TXOP_HT; 3215 else 3216 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3217 3218 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3219 txwi->xflags |= RT2860_TX_NSEQ; 3220 } 3221 3222 /* This function must be called locked */ 3223 static int 3224 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3225 { 3226 struct ieee80211com *ic = &sc->sc_ic; 3227 struct ieee80211vap *vap = ni->ni_vap; 3228 struct ieee80211_frame *wh; 3229 struct ieee80211_channel *chan; 3230 const struct ieee80211_txparam *tp; 3231 struct run_node *rn = RUN_NODE(ni); 3232 struct run_tx_data *data; 3233 struct rt2870_txd *txd; 3234 struct rt2860_txwi *txwi; 3235 uint16_t qos; 3236 uint16_t dur; 3237 uint16_t qid; 3238 uint8_t type; 3239 uint8_t tid; 3240 uint8_t ridx; 3241 uint8_t ctl_ridx; 3242 uint8_t qflags; 3243 uint8_t xflags = 0; 3244 int hasqos; 3245 3246 RUN_LOCK_ASSERT(sc, MA_OWNED); 3247 3248 wh = mtod(m, struct ieee80211_frame *); 3249 3250 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3251 3252 /* 3253 * There are 7 bulk endpoints: 1 for RX 3254 * and 6 for TX (4 EDCAs + HCCA + Prio). 3255 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3256 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3257 */ 3258 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3259 uint8_t *frm; 3260 3261 if(IEEE80211_HAS_ADDR4(wh)) 3262 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3263 else 3264 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3265 3266 qos = le16toh(*(const uint16_t *)frm); 3267 tid = qos & IEEE80211_QOS_TID; 3268 qid = TID_TO_WME_AC(tid); 3269 } else { 3270 qos = 0; 3271 tid = 0; 3272 qid = WME_AC_BE; 3273 } 3274 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3275 3276 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3277 qos, qid, tid, qflags); 3278 3279 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3280 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3281 3282 /* pickup a rate index */ 3283 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3284 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3285 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3286 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3287 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3288 } else { 3289 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3290 ridx = rn->fix_ridx; 3291 else 3292 ridx = rn->amrr_ridx; 3293 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3294 } 3295 3296 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3297 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3298 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3299 xflags |= RT2860_TX_ACK; 3300 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3301 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3302 else 3303 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3304 USETW(wh->i_dur, dur); 3305 } 3306 3307 /* reserve slots for mgmt packets, just in case */ 3308 if (sc->sc_epq[qid].tx_nfree < 3) { 3309 DPRINTFN(10, "tx ring %d is full\n", qid); 3310 return (-1); 3311 } 3312 3313 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3314 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3315 sc->sc_epq[qid].tx_nfree--; 3316 3317 txd = (struct rt2870_txd *)&data->desc; 3318 txd->flags = qflags; 3319 txwi = (struct rt2860_txwi *)(txd + 1); 3320 txwi->xflags = xflags; 3321 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3322 txwi->wcid = 0; 3323 else 3324 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3325 1 : RUN_AID2WCID(ni->ni_associd); 3326 3327 /* clear leftover garbage bits */ 3328 txwi->flags = 0; 3329 txwi->txop = 0; 3330 3331 data->m = m; 3332 data->ni = ni; 3333 data->ridx = ridx; 3334 3335 run_set_tx_desc(sc, data); 3336 3337 /* 3338 * The chip keeps track of 2 kind of Tx stats, 3339 * * TX_STAT_FIFO, for per WCID stats, and 3340 * * TX_STA_CNT0 for all-TX-in-one stats. 3341 * 3342 * To use FIFO stats, we need to store MCS into the driver-private 3343 * PacketID field. So that, we can tell whose stats when we read them. 3344 * We add 1 to the MCS because setting the PacketID field to 0 means 3345 * that we don't want feedback in TX_STAT_FIFO. 3346 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3347 * 3348 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3349 */ 3350 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3351 vap->iv_opmode == IEEE80211_M_MBSS) { 3352 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3353 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3354 3355 /* 3356 * Unlike PCI based devices, we don't get any interrupt from 3357 * USB devices, so we simulate FIFO-is-full interrupt here. 3358 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3359 * quickly get fulled. To prevent overflow, increment a counter on 3360 * every FIFO stat request, so we know how many slots are left. 3361 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3362 * are used only in those modes. 3363 * We just drain stats. AMRR gets updated every 1 sec by 3364 * run_ratectl_cb() via callout. 3365 * Call it early. Otherwise overflow. 3366 */ 3367 if (sc->fifo_cnt++ == 10) { 3368 /* 3369 * With multiple vaps or if_bridge, if_start() is called 3370 * with a non-sleepable lock, tcpinp. So, need to defer. 3371 */ 3372 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3373 DPRINTFN(6, "cmdq_store=%d\n", i); 3374 sc->cmdq[i].func = run_drain_fifo; 3375 sc->cmdq[i].arg0 = sc; 3376 ieee80211_runtask(ic, &sc->cmdq_task); 3377 } 3378 } 3379 3380 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3381 3382 usbd_transfer_start(sc->sc_xfer[qid]); 3383 3384 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3385 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3386 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3387 3388 return (0); 3389 } 3390 3391 static int 3392 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3393 { 3394 struct ieee80211com *ic = &sc->sc_ic; 3395 struct run_node *rn = RUN_NODE(ni); 3396 struct run_tx_data *data; 3397 struct ieee80211_frame *wh; 3398 struct rt2870_txd *txd; 3399 struct rt2860_txwi *txwi; 3400 uint16_t dur; 3401 uint8_t ridx = rn->mgt_ridx; 3402 uint8_t type; 3403 uint8_t xflags = 0; 3404 uint8_t wflags = 0; 3405 3406 RUN_LOCK_ASSERT(sc, MA_OWNED); 3407 3408 wh = mtod(m, struct ieee80211_frame *); 3409 3410 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3411 3412 /* tell hardware to add timestamp for probe responses */ 3413 if ((wh->i_fc[0] & 3414 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3415 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3416 wflags |= RT2860_TX_TS; 3417 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3418 xflags |= RT2860_TX_ACK; 3419 3420 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3421 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3422 USETW(wh->i_dur, dur); 3423 } 3424 3425 if (sc->sc_epq[0].tx_nfree == 0) 3426 /* let caller free mbuf */ 3427 return (EIO); 3428 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3429 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3430 sc->sc_epq[0].tx_nfree--; 3431 3432 txd = (struct rt2870_txd *)&data->desc; 3433 txd->flags = RT2860_TX_QSEL_EDCA; 3434 txwi = (struct rt2860_txwi *)(txd + 1); 3435 txwi->wcid = 0xff; 3436 txwi->flags = wflags; 3437 txwi->xflags = xflags; 3438 txwi->txop = 0; /* clear leftover garbage bits */ 3439 3440 data->m = m; 3441 data->ni = ni; 3442 data->ridx = ridx; 3443 3444 run_set_tx_desc(sc, data); 3445 3446 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3447 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3448 rt2860_rates[ridx].rate); 3449 3450 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3451 3452 usbd_transfer_start(sc->sc_xfer[0]); 3453 3454 return (0); 3455 } 3456 3457 static int 3458 run_sendprot(struct run_softc *sc, 3459 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3460 { 3461 struct ieee80211com *ic = ni->ni_ic; 3462 struct ieee80211_frame *wh; 3463 struct run_tx_data *data; 3464 struct rt2870_txd *txd; 3465 struct rt2860_txwi *txwi; 3466 struct mbuf *mprot; 3467 int ridx; 3468 int protrate; 3469 int ackrate; 3470 int pktlen; 3471 int isshort; 3472 uint16_t dur; 3473 uint8_t type; 3474 uint8_t wflags = 0; 3475 uint8_t xflags = 0; 3476 3477 RUN_LOCK_ASSERT(sc, MA_OWNED); 3478 3479 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3480 ("protection %d", prot)); 3481 3482 wh = mtod(m, struct ieee80211_frame *); 3483 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3484 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3485 3486 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3487 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3488 3489 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3490 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3491 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3492 wflags = RT2860_TX_FRAG; 3493 3494 /* check that there are free slots before allocating the mbuf */ 3495 if (sc->sc_epq[0].tx_nfree == 0) 3496 /* let caller free mbuf */ 3497 return (ENOBUFS); 3498 3499 if (prot == IEEE80211_PROT_RTSCTS) { 3500 /* NB: CTS is the same size as an ACK */ 3501 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3502 xflags |= RT2860_TX_ACK; 3503 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3504 } else { 3505 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3506 } 3507 if (mprot == NULL) { 3508 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3509 DPRINTF("could not allocate mbuf\n"); 3510 return (ENOBUFS); 3511 } 3512 3513 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3514 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3515 sc->sc_epq[0].tx_nfree--; 3516 3517 txd = (struct rt2870_txd *)&data->desc; 3518 txd->flags = RT2860_TX_QSEL_EDCA; 3519 txwi = (struct rt2860_txwi *)(txd + 1); 3520 txwi->wcid = 0xff; 3521 txwi->flags = wflags; 3522 txwi->xflags = xflags; 3523 txwi->txop = 0; /* clear leftover garbage bits */ 3524 3525 data->m = mprot; 3526 data->ni = ieee80211_ref_node(ni); 3527 3528 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3529 if (rt2860_rates[ridx].rate == protrate) 3530 break; 3531 data->ridx = ridx; 3532 3533 run_set_tx_desc(sc, data); 3534 3535 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3536 m->m_pkthdr.len, rate); 3537 3538 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3539 3540 usbd_transfer_start(sc->sc_xfer[0]); 3541 3542 return (0); 3543 } 3544 3545 static int 3546 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3547 const struct ieee80211_bpf_params *params) 3548 { 3549 struct ieee80211com *ic = ni->ni_ic; 3550 struct ieee80211_frame *wh; 3551 struct run_tx_data *data; 3552 struct rt2870_txd *txd; 3553 struct rt2860_txwi *txwi; 3554 uint8_t type; 3555 uint8_t ridx; 3556 uint8_t rate; 3557 uint8_t opflags = 0; 3558 uint8_t xflags = 0; 3559 int error; 3560 3561 RUN_LOCK_ASSERT(sc, MA_OWNED); 3562 3563 KASSERT(params != NULL, ("no raw xmit params")); 3564 3565 wh = mtod(m, struct ieee80211_frame *); 3566 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3567 3568 rate = params->ibp_rate0; 3569 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3570 /* let caller free mbuf */ 3571 return (EINVAL); 3572 } 3573 3574 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3575 xflags |= RT2860_TX_ACK; 3576 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3577 error = run_sendprot(sc, m, ni, 3578 params->ibp_flags & IEEE80211_BPF_RTS ? 3579 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3580 rate); 3581 if (error) { 3582 /* let caller free mbuf */ 3583 return error; 3584 } 3585 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3586 } 3587 3588 if (sc->sc_epq[0].tx_nfree == 0) { 3589 /* let caller free mbuf */ 3590 DPRINTF("sending raw frame, but tx ring is full\n"); 3591 return (EIO); 3592 } 3593 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3594 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3595 sc->sc_epq[0].tx_nfree--; 3596 3597 txd = (struct rt2870_txd *)&data->desc; 3598 txd->flags = RT2860_TX_QSEL_EDCA; 3599 txwi = (struct rt2860_txwi *)(txd + 1); 3600 txwi->wcid = 0xff; 3601 txwi->xflags = xflags; 3602 txwi->txop = opflags; 3603 txwi->flags = 0; /* clear leftover garbage bits */ 3604 3605 data->m = m; 3606 data->ni = ni; 3607 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3608 if (rt2860_rates[ridx].rate == rate) 3609 break; 3610 data->ridx = ridx; 3611 3612 run_set_tx_desc(sc, data); 3613 3614 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3615 m->m_pkthdr.len, rate); 3616 3617 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3618 3619 usbd_transfer_start(sc->sc_xfer[0]); 3620 3621 return (0); 3622 } 3623 3624 static int 3625 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3626 const struct ieee80211_bpf_params *params) 3627 { 3628 struct run_softc *sc = ni->ni_ic->ic_softc; 3629 int error = 0; 3630 3631 RUN_LOCK(sc); 3632 3633 /* prevent management frames from being sent if we're not ready */ 3634 if (!(sc->sc_flags & RUN_RUNNING)) { 3635 error = ENETDOWN; 3636 goto done; 3637 } 3638 3639 if (params == NULL) { 3640 /* tx mgt packet */ 3641 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3642 DPRINTF("mgt tx failed\n"); 3643 goto done; 3644 } 3645 } else { 3646 /* tx raw packet with param */ 3647 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3648 DPRINTF("tx with param failed\n"); 3649 goto done; 3650 } 3651 } 3652 3653 done: 3654 RUN_UNLOCK(sc); 3655 3656 if (error != 0) { 3657 if(m != NULL) 3658 m_freem(m); 3659 ieee80211_free_node(ni); 3660 } 3661 3662 return (error); 3663 } 3664 3665 static int 3666 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3667 { 3668 struct run_softc *sc = ic->ic_softc; 3669 int error; 3670 3671 RUN_LOCK(sc); 3672 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3673 RUN_UNLOCK(sc); 3674 return (ENXIO); 3675 } 3676 error = mbufq_enqueue(&sc->sc_snd, m); 3677 if (error) { 3678 RUN_UNLOCK(sc); 3679 return (error); 3680 } 3681 run_start(sc); 3682 RUN_UNLOCK(sc); 3683 3684 return (0); 3685 } 3686 3687 static void 3688 run_start(struct run_softc *sc) 3689 { 3690 struct ieee80211_node *ni; 3691 struct mbuf *m; 3692 3693 RUN_LOCK_ASSERT(sc, MA_OWNED); 3694 3695 if ((sc->sc_flags & RUN_RUNNING) == 0) 3696 return; 3697 3698 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3699 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3700 if (run_tx(sc, m, ni) != 0) { 3701 mbufq_prepend(&sc->sc_snd, m); 3702 break; 3703 } 3704 } 3705 } 3706 3707 static void 3708 run_parent(struct ieee80211com *ic) 3709 { 3710 struct run_softc *sc = ic->ic_softc; 3711 int startall = 0; 3712 3713 RUN_LOCK(sc); 3714 if (sc->sc_detached) { 3715 RUN_UNLOCK(sc); 3716 return; 3717 } 3718 3719 if (ic->ic_nrunning > 0) { 3720 if (!(sc->sc_flags & RUN_RUNNING)) { 3721 startall = 1; 3722 run_init_locked(sc); 3723 } else 3724 run_update_promisc_locked(sc); 3725 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3726 run_stop(sc); 3727 RUN_UNLOCK(sc); 3728 if (startall) 3729 ieee80211_start_all(ic); 3730 } 3731 3732 static void 3733 run_iq_calib(struct run_softc *sc, u_int chan) 3734 { 3735 uint16_t val; 3736 3737 /* Tx0 IQ gain. */ 3738 run_bbp_write(sc, 158, 0x2c); 3739 if (chan <= 14) 3740 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3741 else if (chan <= 64) { 3742 run_efuse_read(sc, 3743 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3744 &val, 1); 3745 } else if (chan <= 138) { 3746 run_efuse_read(sc, 3747 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3748 &val, 1); 3749 } else if (chan <= 165) { 3750 run_efuse_read(sc, 3751 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3752 &val, 1); 3753 } else 3754 val = 0; 3755 run_bbp_write(sc, 159, val); 3756 3757 /* Tx0 IQ phase. */ 3758 run_bbp_write(sc, 158, 0x2d); 3759 if (chan <= 14) { 3760 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3761 &val, 1); 3762 } else if (chan <= 64) { 3763 run_efuse_read(sc, 3764 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3765 &val, 1); 3766 } else if (chan <= 138) { 3767 run_efuse_read(sc, 3768 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3769 &val, 1); 3770 } else if (chan <= 165) { 3771 run_efuse_read(sc, 3772 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3773 &val, 1); 3774 } else 3775 val = 0; 3776 run_bbp_write(sc, 159, val); 3777 3778 /* Tx1 IQ gain. */ 3779 run_bbp_write(sc, 158, 0x4a); 3780 if (chan <= 14) { 3781 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3782 &val, 1); 3783 } else if (chan <= 64) { 3784 run_efuse_read(sc, 3785 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3786 &val, 1); 3787 } else if (chan <= 138) { 3788 run_efuse_read(sc, 3789 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3790 &val, 1); 3791 } else if (chan <= 165) { 3792 run_efuse_read(sc, 3793 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3794 &val, 1); 3795 } else 3796 val = 0; 3797 run_bbp_write(sc, 159, val); 3798 3799 /* Tx1 IQ phase. */ 3800 run_bbp_write(sc, 158, 0x4b); 3801 if (chan <= 14) { 3802 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3803 &val, 1); 3804 } else if (chan <= 64) { 3805 run_efuse_read(sc, 3806 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3807 &val, 1); 3808 } else if (chan <= 138) { 3809 run_efuse_read(sc, 3810 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3811 &val, 1); 3812 } else if (chan <= 165) { 3813 run_efuse_read(sc, 3814 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3815 &val, 1); 3816 } else 3817 val = 0; 3818 run_bbp_write(sc, 159, val); 3819 3820 /* RF IQ compensation control. */ 3821 run_bbp_write(sc, 158, 0x04); 3822 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3823 &val, 1); 3824 run_bbp_write(sc, 159, val); 3825 3826 /* RF IQ imbalance compensation control. */ 3827 run_bbp_write(sc, 158, 0x03); 3828 run_efuse_read(sc, 3829 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3830 run_bbp_write(sc, 159, val); 3831 } 3832 3833 static void 3834 run_set_agc(struct run_softc *sc, uint8_t agc) 3835 { 3836 uint8_t bbp; 3837 3838 if (sc->mac_ver == 0x3572) { 3839 run_bbp_read(sc, 27, &bbp); 3840 bbp &= ~(0x3 << 5); 3841 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3842 run_bbp_write(sc, 66, agc); 3843 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3844 run_bbp_write(sc, 66, agc); 3845 } else 3846 run_bbp_write(sc, 66, agc); 3847 } 3848 3849 static void 3850 run_select_chan_group(struct run_softc *sc, int group) 3851 { 3852 uint32_t tmp; 3853 uint8_t agc; 3854 3855 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3856 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3857 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3858 if (sc->mac_ver < 0x3572) 3859 run_bbp_write(sc, 86, 0x00); 3860 3861 if (sc->mac_ver == 0x3593) { 3862 run_bbp_write(sc, 77, 0x98); 3863 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3864 } 3865 3866 if (group == 0) { 3867 if (sc->ext_2ghz_lna) { 3868 if (sc->mac_ver >= 0x5390) 3869 run_bbp_write(sc, 75, 0x52); 3870 else { 3871 run_bbp_write(sc, 82, 0x62); 3872 run_bbp_write(sc, 75, 0x46); 3873 } 3874 } else { 3875 if (sc->mac_ver == 0x5592) { 3876 run_bbp_write(sc, 79, 0x1c); 3877 run_bbp_write(sc, 80, 0x0e); 3878 run_bbp_write(sc, 81, 0x3a); 3879 run_bbp_write(sc, 82, 0x62); 3880 3881 run_bbp_write(sc, 195, 0x80); 3882 run_bbp_write(sc, 196, 0xe0); 3883 run_bbp_write(sc, 195, 0x81); 3884 run_bbp_write(sc, 196, 0x1f); 3885 run_bbp_write(sc, 195, 0x82); 3886 run_bbp_write(sc, 196, 0x38); 3887 run_bbp_write(sc, 195, 0x83); 3888 run_bbp_write(sc, 196, 0x32); 3889 run_bbp_write(sc, 195, 0x85); 3890 run_bbp_write(sc, 196, 0x28); 3891 run_bbp_write(sc, 195, 0x86); 3892 run_bbp_write(sc, 196, 0x19); 3893 } else if (sc->mac_ver >= 0x5390) 3894 run_bbp_write(sc, 75, 0x50); 3895 else { 3896 run_bbp_write(sc, 82, 3897 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3898 run_bbp_write(sc, 75, 0x50); 3899 } 3900 } 3901 } else { 3902 if (sc->mac_ver == 0x5592) { 3903 run_bbp_write(sc, 79, 0x18); 3904 run_bbp_write(sc, 80, 0x08); 3905 run_bbp_write(sc, 81, 0x38); 3906 run_bbp_write(sc, 82, 0x92); 3907 3908 run_bbp_write(sc, 195, 0x80); 3909 run_bbp_write(sc, 196, 0xf0); 3910 run_bbp_write(sc, 195, 0x81); 3911 run_bbp_write(sc, 196, 0x1e); 3912 run_bbp_write(sc, 195, 0x82); 3913 run_bbp_write(sc, 196, 0x28); 3914 run_bbp_write(sc, 195, 0x83); 3915 run_bbp_write(sc, 196, 0x20); 3916 run_bbp_write(sc, 195, 0x85); 3917 run_bbp_write(sc, 196, 0x7f); 3918 run_bbp_write(sc, 195, 0x86); 3919 run_bbp_write(sc, 196, 0x7f); 3920 } else if (sc->mac_ver == 0x3572) 3921 run_bbp_write(sc, 82, 0x94); 3922 else 3923 run_bbp_write(sc, 82, 3924 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3925 if (sc->ext_5ghz_lna) 3926 run_bbp_write(sc, 75, 0x46); 3927 else 3928 run_bbp_write(sc, 75, 0x50); 3929 } 3930 3931 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3932 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3933 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3934 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3935 3936 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3937 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3938 if (sc->mac_ver == 0x3593) 3939 tmp |= 1 << 29 | 1 << 28; 3940 if (sc->nrxchains > 1) 3941 tmp |= RT2860_LNA_PE1_EN; 3942 if (group == 0) { /* 2GHz */ 3943 tmp |= RT2860_PA_PE_G0_EN; 3944 if (sc->ntxchains > 1) 3945 tmp |= RT2860_PA_PE_G1_EN; 3946 if (sc->mac_ver == 0x3593) { 3947 if (sc->ntxchains > 2) 3948 tmp |= 1 << 25; 3949 } 3950 } else { /* 5GHz */ 3951 tmp |= RT2860_PA_PE_A0_EN; 3952 if (sc->ntxchains > 1) 3953 tmp |= RT2860_PA_PE_A1_EN; 3954 } 3955 if (sc->mac_ver == 0x3572) { 3956 run_rt3070_rf_write(sc, 8, 0x00); 3957 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3958 run_rt3070_rf_write(sc, 8, 0x80); 3959 } else 3960 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3961 3962 if (sc->mac_ver == 0x5592) { 3963 run_bbp_write(sc, 195, 0x8d); 3964 run_bbp_write(sc, 196, 0x1a); 3965 } 3966 3967 if (sc->mac_ver == 0x3593) { 3968 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3969 tmp &= ~0x01010000; 3970 if (group == 0) 3971 tmp |= 0x00010000; 3972 tmp = (tmp & ~0x00009090) | 0x00000090; 3973 run_write(sc, RT2860_GPIO_CTRL, tmp); 3974 } 3975 3976 /* set initial AGC value */ 3977 if (group == 0) { /* 2GHz band */ 3978 if (sc->mac_ver >= 0x3070) 3979 agc = 0x1c + sc->lna[0] * 2; 3980 else 3981 agc = 0x2e + sc->lna[0]; 3982 } else { /* 5GHz band */ 3983 if (sc->mac_ver == 0x5592) 3984 agc = 0x24 + sc->lna[group] * 2; 3985 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 3986 agc = 0x22 + (sc->lna[group] * 5) / 3; 3987 else 3988 agc = 0x32 + (sc->lna[group] * 5) / 3; 3989 } 3990 run_set_agc(sc, agc); 3991 } 3992 3993 static void 3994 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 3995 { 3996 const struct rfprog *rfprog = rt2860_rf2850; 3997 uint32_t r2, r3, r4; 3998 int8_t txpow1, txpow2; 3999 int i; 4000 4001 /* find the settings for this channel (we know it exists) */ 4002 for (i = 0; rfprog[i].chan != chan; i++); 4003 4004 r2 = rfprog[i].r2; 4005 if (sc->ntxchains == 1) 4006 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4007 if (sc->nrxchains == 1) 4008 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4009 else if (sc->nrxchains == 2) 4010 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4011 4012 /* use Tx power values from EEPROM */ 4013 txpow1 = sc->txpow1[i]; 4014 txpow2 = sc->txpow2[i]; 4015 4016 /* Initialize RF R3 and R4. */ 4017 r3 = rfprog[i].r3 & 0xffffc1ff; 4018 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4019 if (chan > 14) { 4020 if (txpow1 >= 0) { 4021 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4022 r3 |= (txpow1 << 10) | (1 << 9); 4023 } else { 4024 txpow1 += 7; 4025 4026 /* txpow1 is not possible larger than 15. */ 4027 r3 |= (txpow1 << 10); 4028 } 4029 if (txpow2 >= 0) { 4030 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4031 r4 |= (txpow2 << 7) | (1 << 6); 4032 } else { 4033 txpow2 += 7; 4034 r4 |= (txpow2 << 7); 4035 } 4036 } else { 4037 /* Set Tx0 power. */ 4038 r3 |= (txpow1 << 9); 4039 4040 /* Set frequency offset and Tx1 power. */ 4041 r4 |= (txpow2 << 6); 4042 } 4043 4044 run_rt2870_rf_write(sc, rfprog[i].r1); 4045 run_rt2870_rf_write(sc, r2); 4046 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4047 run_rt2870_rf_write(sc, r4); 4048 4049 run_delay(sc, 10); 4050 4051 run_rt2870_rf_write(sc, rfprog[i].r1); 4052 run_rt2870_rf_write(sc, r2); 4053 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4054 run_rt2870_rf_write(sc, r4); 4055 4056 run_delay(sc, 10); 4057 4058 run_rt2870_rf_write(sc, rfprog[i].r1); 4059 run_rt2870_rf_write(sc, r2); 4060 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4061 run_rt2870_rf_write(sc, r4); 4062 } 4063 4064 static void 4065 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4066 { 4067 int8_t txpow1, txpow2; 4068 uint8_t rf; 4069 int i; 4070 4071 /* find the settings for this channel (we know it exists) */ 4072 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4073 4074 /* use Tx power values from EEPROM */ 4075 txpow1 = sc->txpow1[i]; 4076 txpow2 = sc->txpow2[i]; 4077 4078 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4079 4080 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4081 run_rt3070_rf_read(sc, 3, &rf); 4082 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4083 run_rt3070_rf_write(sc, 3, rf); 4084 4085 run_rt3070_rf_read(sc, 6, &rf); 4086 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4087 run_rt3070_rf_write(sc, 6, rf); 4088 4089 /* set Tx0 power */ 4090 run_rt3070_rf_read(sc, 12, &rf); 4091 rf = (rf & ~0x1f) | txpow1; 4092 run_rt3070_rf_write(sc, 12, rf); 4093 4094 /* set Tx1 power */ 4095 run_rt3070_rf_read(sc, 13, &rf); 4096 rf = (rf & ~0x1f) | txpow2; 4097 run_rt3070_rf_write(sc, 13, rf); 4098 4099 run_rt3070_rf_read(sc, 1, &rf); 4100 rf &= ~0xfc; 4101 if (sc->ntxchains == 1) 4102 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4103 else if (sc->ntxchains == 2) 4104 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4105 if (sc->nrxchains == 1) 4106 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4107 else if (sc->nrxchains == 2) 4108 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4109 run_rt3070_rf_write(sc, 1, rf); 4110 4111 /* set RF offset */ 4112 run_rt3070_rf_read(sc, 23, &rf); 4113 rf = (rf & ~0x7f) | sc->freq; 4114 run_rt3070_rf_write(sc, 23, rf); 4115 4116 /* program RF filter */ 4117 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4118 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4119 run_rt3070_rf_write(sc, 24, rf); 4120 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4121 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4122 run_rt3070_rf_write(sc, 31, rf); 4123 4124 /* enable RF tuning */ 4125 run_rt3070_rf_read(sc, 7, &rf); 4126 run_rt3070_rf_write(sc, 7, rf | 0x01); 4127 } 4128 4129 static void 4130 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4131 { 4132 int8_t txpow1, txpow2; 4133 uint32_t tmp; 4134 uint8_t rf; 4135 int i; 4136 4137 /* find the settings for this channel (we know it exists) */ 4138 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4139 4140 /* use Tx power values from EEPROM */ 4141 txpow1 = sc->txpow1[i]; 4142 txpow2 = sc->txpow2[i]; 4143 4144 if (chan <= 14) { 4145 run_bbp_write(sc, 25, sc->bbp25); 4146 run_bbp_write(sc, 26, sc->bbp26); 4147 } else { 4148 /* enable IQ phase correction */ 4149 run_bbp_write(sc, 25, 0x09); 4150 run_bbp_write(sc, 26, 0xff); 4151 } 4152 4153 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4154 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4155 run_rt3070_rf_read(sc, 6, &rf); 4156 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4157 rf |= (chan <= 14) ? 0x08 : 0x04; 4158 run_rt3070_rf_write(sc, 6, rf); 4159 4160 /* set PLL mode */ 4161 run_rt3070_rf_read(sc, 5, &rf); 4162 rf &= ~(0x08 | 0x04); 4163 rf |= (chan <= 14) ? 0x04 : 0x08; 4164 run_rt3070_rf_write(sc, 5, rf); 4165 4166 /* set Tx power for chain 0 */ 4167 if (chan <= 14) 4168 rf = 0x60 | txpow1; 4169 else 4170 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4171 run_rt3070_rf_write(sc, 12, rf); 4172 4173 /* set Tx power for chain 1 */ 4174 if (chan <= 14) 4175 rf = 0x60 | txpow2; 4176 else 4177 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4178 run_rt3070_rf_write(sc, 13, rf); 4179 4180 /* set Tx/Rx streams */ 4181 run_rt3070_rf_read(sc, 1, &rf); 4182 rf &= ~0xfc; 4183 if (sc->ntxchains == 1) 4184 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4185 else if (sc->ntxchains == 2) 4186 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4187 if (sc->nrxchains == 1) 4188 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4189 else if (sc->nrxchains == 2) 4190 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4191 run_rt3070_rf_write(sc, 1, rf); 4192 4193 /* set RF offset */ 4194 run_rt3070_rf_read(sc, 23, &rf); 4195 rf = (rf & ~0x7f) | sc->freq; 4196 run_rt3070_rf_write(sc, 23, rf); 4197 4198 /* program RF filter */ 4199 rf = sc->rf24_20mhz; 4200 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4201 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4202 4203 /* enable RF tuning */ 4204 run_rt3070_rf_read(sc, 7, &rf); 4205 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4206 run_rt3070_rf_write(sc, 7, rf); 4207 4208 /* TSSI */ 4209 rf = (chan <= 14) ? 0xc3 : 0xc0; 4210 run_rt3070_rf_write(sc, 9, rf); 4211 4212 /* set loop filter 1 */ 4213 run_rt3070_rf_write(sc, 10, 0xf1); 4214 /* set loop filter 2 */ 4215 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4216 4217 /* set tx_mx2_ic */ 4218 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4219 /* set tx_mx1_ic */ 4220 if (chan <= 14) 4221 rf = 0x48 | sc->txmixgain_2ghz; 4222 else 4223 rf = 0x78 | sc->txmixgain_5ghz; 4224 run_rt3070_rf_write(sc, 16, rf); 4225 4226 /* set tx_lo1 */ 4227 run_rt3070_rf_write(sc, 17, 0x23); 4228 /* set tx_lo2 */ 4229 if (chan <= 14) 4230 rf = 0x93; 4231 else if (chan <= 64) 4232 rf = 0xb7; 4233 else if (chan <= 128) 4234 rf = 0x74; 4235 else 4236 rf = 0x72; 4237 run_rt3070_rf_write(sc, 19, rf); 4238 4239 /* set rx_lo1 */ 4240 if (chan <= 14) 4241 rf = 0xb3; 4242 else if (chan <= 64) 4243 rf = 0xf6; 4244 else if (chan <= 128) 4245 rf = 0xf4; 4246 else 4247 rf = 0xf3; 4248 run_rt3070_rf_write(sc, 20, rf); 4249 4250 /* set pfd_delay */ 4251 if (chan <= 14) 4252 rf = 0x15; 4253 else if (chan <= 64) 4254 rf = 0x3d; 4255 else 4256 rf = 0x01; 4257 run_rt3070_rf_write(sc, 25, rf); 4258 4259 /* set rx_lo2 */ 4260 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4261 /* set ldo_rf_vc */ 4262 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4263 /* set drv_cc */ 4264 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4265 4266 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4267 tmp &= ~0x8080; 4268 if (chan <= 14) 4269 tmp |= 0x80; 4270 run_write(sc, RT2860_GPIO_CTRL, tmp); 4271 4272 /* enable RF tuning */ 4273 run_rt3070_rf_read(sc, 7, &rf); 4274 run_rt3070_rf_write(sc, 7, rf | 0x01); 4275 4276 run_delay(sc, 2); 4277 } 4278 4279 static void 4280 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4281 { 4282 int8_t txpow1, txpow2, txpow3; 4283 uint8_t h20mhz, rf; 4284 int i; 4285 4286 /* find the settings for this channel (we know it exists) */ 4287 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4288 4289 /* use Tx power values from EEPROM */ 4290 txpow1 = sc->txpow1[i]; 4291 txpow2 = sc->txpow2[i]; 4292 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4293 4294 if (chan <= 14) { 4295 run_bbp_write(sc, 25, sc->bbp25); 4296 run_bbp_write(sc, 26, sc->bbp26); 4297 } else { 4298 /* Enable IQ phase correction. */ 4299 run_bbp_write(sc, 25, 0x09); 4300 run_bbp_write(sc, 26, 0xff); 4301 } 4302 4303 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4304 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4305 run_rt3070_rf_read(sc, 11, &rf); 4306 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4307 run_rt3070_rf_write(sc, 11, rf); 4308 4309 /* Set pll_idoh. */ 4310 run_rt3070_rf_read(sc, 11, &rf); 4311 rf &= ~0x4c; 4312 rf |= (chan <= 14) ? 0x44 : 0x48; 4313 run_rt3070_rf_write(sc, 11, rf); 4314 4315 if (chan <= 14) 4316 rf = txpow1 & 0x1f; 4317 else 4318 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4319 run_rt3070_rf_write(sc, 53, rf); 4320 4321 if (chan <= 14) 4322 rf = txpow2 & 0x1f; 4323 else 4324 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4325 run_rt3070_rf_write(sc, 55, rf); 4326 4327 if (chan <= 14) 4328 rf = txpow3 & 0x1f; 4329 else 4330 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4331 run_rt3070_rf_write(sc, 54, rf); 4332 4333 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4334 if (sc->ntxchains == 3) 4335 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4336 else 4337 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4338 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4339 run_rt3070_rf_write(sc, 1, rf); 4340 4341 run_adjust_freq_offset(sc); 4342 4343 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4344 4345 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4346 run_rt3070_rf_read(sc, 30, &rf); 4347 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4348 run_rt3070_rf_write(sc, 30, rf); 4349 4350 run_rt3070_rf_read(sc, 36, &rf); 4351 if (chan <= 14) 4352 rf |= 0x80; 4353 else 4354 rf &= ~0x80; 4355 run_rt3070_rf_write(sc, 36, rf); 4356 4357 /* Set vcolo_bs. */ 4358 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4359 /* Set pfd_delay. */ 4360 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4361 4362 /* Set vco bias current control. */ 4363 run_rt3070_rf_read(sc, 6, &rf); 4364 rf &= ~0xc0; 4365 if (chan <= 14) 4366 rf |= 0x40; 4367 else if (chan <= 128) 4368 rf |= 0x80; 4369 else 4370 rf |= 0x40; 4371 run_rt3070_rf_write(sc, 6, rf); 4372 4373 run_rt3070_rf_read(sc, 30, &rf); 4374 rf = (rf & ~0x18) | 0x10; 4375 run_rt3070_rf_write(sc, 30, rf); 4376 4377 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4378 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4379 4380 run_rt3070_rf_read(sc, 51, &rf); 4381 rf = (rf & ~0x03) | 0x01; 4382 run_rt3070_rf_write(sc, 51, rf); 4383 /* Set tx_mx1_cc. */ 4384 run_rt3070_rf_read(sc, 51, &rf); 4385 rf &= ~0x1c; 4386 rf |= (chan <= 14) ? 0x14 : 0x10; 4387 run_rt3070_rf_write(sc, 51, rf); 4388 /* Set tx_mx1_ic. */ 4389 run_rt3070_rf_read(sc, 51, &rf); 4390 rf &= ~0xe0; 4391 rf |= (chan <= 14) ? 0x60 : 0x40; 4392 run_rt3070_rf_write(sc, 51, rf); 4393 /* Set tx_lo1_ic. */ 4394 run_rt3070_rf_read(sc, 49, &rf); 4395 rf &= ~0x1c; 4396 rf |= (chan <= 14) ? 0x0c : 0x08; 4397 run_rt3070_rf_write(sc, 49, rf); 4398 /* Set tx_lo1_en. */ 4399 run_rt3070_rf_read(sc, 50, &rf); 4400 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4401 /* Set drv_cc. */ 4402 run_rt3070_rf_read(sc, 57, &rf); 4403 rf &= ~0xfc; 4404 rf |= (chan <= 14) ? 0x6c : 0x3c; 4405 run_rt3070_rf_write(sc, 57, rf); 4406 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4407 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4408 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4409 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4410 /* Enable VCO calibration. */ 4411 run_rt3070_rf_read(sc, 3, &rf); 4412 rf &= ~RT5390_VCOCAL; 4413 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4414 run_rt3070_rf_write(sc, 3, rf); 4415 4416 if (chan <= 14) 4417 rf = 0x23; 4418 else if (chan <= 64) 4419 rf = 0x36; 4420 else if (chan <= 128) 4421 rf = 0x32; 4422 else 4423 rf = 0x30; 4424 run_rt3070_rf_write(sc, 39, rf); 4425 if (chan <= 14) 4426 rf = 0xbb; 4427 else if (chan <= 64) 4428 rf = 0xeb; 4429 else if (chan <= 128) 4430 rf = 0xb3; 4431 else 4432 rf = 0x9b; 4433 run_rt3070_rf_write(sc, 45, rf); 4434 4435 /* Set FEQ/AEQ control. */ 4436 run_bbp_write(sc, 105, 0x34); 4437 } 4438 4439 static void 4440 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4441 { 4442 int8_t txpow1, txpow2; 4443 uint8_t rf; 4444 int i; 4445 4446 /* find the settings for this channel (we know it exists) */ 4447 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4448 4449 /* use Tx power values from EEPROM */ 4450 txpow1 = sc->txpow1[i]; 4451 txpow2 = sc->txpow2[i]; 4452 4453 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4454 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4455 run_rt3070_rf_read(sc, 11, &rf); 4456 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4457 run_rt3070_rf_write(sc, 11, rf); 4458 4459 run_rt3070_rf_read(sc, 49, &rf); 4460 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4461 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4462 if ((rf & 0x3f) > 0x27) 4463 rf = (rf & ~0x3f) | 0x27; 4464 run_rt3070_rf_write(sc, 49, rf); 4465 4466 if (sc->mac_ver == 0x5392) { 4467 run_rt3070_rf_read(sc, 50, &rf); 4468 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4469 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4470 if ((rf & 0x3f) > 0x27) 4471 rf = (rf & ~0x3f) | 0x27; 4472 run_rt3070_rf_write(sc, 50, rf); 4473 } 4474 4475 run_rt3070_rf_read(sc, 1, &rf); 4476 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4477 if (sc->mac_ver == 0x5392) 4478 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4479 run_rt3070_rf_write(sc, 1, rf); 4480 4481 if (sc->mac_ver != 0x5392) { 4482 run_rt3070_rf_read(sc, 2, &rf); 4483 rf |= 0x80; 4484 run_rt3070_rf_write(sc, 2, rf); 4485 run_delay(sc, 10); 4486 rf &= 0x7f; 4487 run_rt3070_rf_write(sc, 2, rf); 4488 } 4489 4490 run_adjust_freq_offset(sc); 4491 4492 if (sc->mac_ver == 0x5392) { 4493 /* Fix for RT5392C. */ 4494 if (sc->mac_rev >= 0x0223) { 4495 if (chan <= 4) 4496 rf = 0x0f; 4497 else if (chan >= 5 && chan <= 7) 4498 rf = 0x0e; 4499 else 4500 rf = 0x0d; 4501 run_rt3070_rf_write(sc, 23, rf); 4502 4503 if (chan <= 4) 4504 rf = 0x0c; 4505 else if (chan == 5) 4506 rf = 0x0b; 4507 else if (chan >= 6 && chan <= 7) 4508 rf = 0x0a; 4509 else if (chan >= 8 && chan <= 10) 4510 rf = 0x09; 4511 else 4512 rf = 0x08; 4513 run_rt3070_rf_write(sc, 59, rf); 4514 } else { 4515 if (chan <= 11) 4516 rf = 0x0f; 4517 else 4518 rf = 0x0b; 4519 run_rt3070_rf_write(sc, 59, rf); 4520 } 4521 } else { 4522 /* Fix for RT5390F. */ 4523 if (sc->mac_rev >= 0x0502) { 4524 if (chan <= 11) 4525 rf = 0x43; 4526 else 4527 rf = 0x23; 4528 run_rt3070_rf_write(sc, 55, rf); 4529 4530 if (chan <= 11) 4531 rf = 0x0f; 4532 else if (chan == 12) 4533 rf = 0x0d; 4534 else 4535 rf = 0x0b; 4536 run_rt3070_rf_write(sc, 59, rf); 4537 } else { 4538 run_rt3070_rf_write(sc, 55, 0x44); 4539 run_rt3070_rf_write(sc, 59, 0x8f); 4540 } 4541 } 4542 4543 /* Enable VCO calibration. */ 4544 run_rt3070_rf_read(sc, 3, &rf); 4545 rf |= RT5390_VCOCAL; 4546 run_rt3070_rf_write(sc, 3, rf); 4547 } 4548 4549 static void 4550 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4551 { 4552 const struct rt5592_freqs *freqs; 4553 uint32_t tmp; 4554 uint8_t reg, rf, txpow_bound; 4555 int8_t txpow1, txpow2; 4556 int i; 4557 4558 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4559 freqs = (tmp & RT5592_SEL_XTAL) ? 4560 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4561 4562 /* find the settings for this channel (we know it exists) */ 4563 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4564 4565 /* use Tx power values from EEPROM */ 4566 txpow1 = sc->txpow1[i]; 4567 txpow2 = sc->txpow2[i]; 4568 4569 run_read(sc, RT3070_LDO_CFG0, &tmp); 4570 tmp &= ~0x1c000000; 4571 if (chan > 14) 4572 tmp |= 0x14000000; 4573 run_write(sc, RT3070_LDO_CFG0, tmp); 4574 4575 /* N setting. */ 4576 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4577 run_rt3070_rf_read(sc, 9, &rf); 4578 rf &= ~(1 << 4); 4579 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4580 run_rt3070_rf_write(sc, 9, rf); 4581 4582 /* K setting. */ 4583 run_rt3070_rf_read(sc, 9, &rf); 4584 rf &= ~0x0f; 4585 rf |= (freqs->k & 0x0f); 4586 run_rt3070_rf_write(sc, 9, rf); 4587 4588 /* Mode setting. */ 4589 run_rt3070_rf_read(sc, 11, &rf); 4590 rf &= ~0x0c; 4591 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4592 run_rt3070_rf_write(sc, 11, rf); 4593 run_rt3070_rf_read(sc, 9, &rf); 4594 rf &= ~(1 << 7); 4595 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4596 run_rt3070_rf_write(sc, 9, rf); 4597 4598 /* R setting. */ 4599 run_rt3070_rf_read(sc, 11, &rf); 4600 rf &= ~0x03; 4601 rf |= (freqs->r - 0x1); 4602 run_rt3070_rf_write(sc, 11, rf); 4603 4604 if (chan <= 14) { 4605 /* Initialize RF registers for 2GHZ. */ 4606 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4607 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4608 rt5592_2ghz_def_rf[i].val); 4609 } 4610 4611 rf = (chan <= 10) ? 0x07 : 0x06; 4612 run_rt3070_rf_write(sc, 23, rf); 4613 run_rt3070_rf_write(sc, 59, rf); 4614 4615 run_rt3070_rf_write(sc, 55, 0x43); 4616 4617 /* 4618 * RF R49/R50 Tx power ALC code. 4619 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4620 */ 4621 reg = 2; 4622 txpow_bound = 0x27; 4623 } else { 4624 /* Initialize RF registers for 5GHZ. */ 4625 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4626 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4627 rt5592_5ghz_def_rf[i].val); 4628 } 4629 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4630 if (chan >= rt5592_chan_5ghz[i].firstchan && 4631 chan <= rt5592_chan_5ghz[i].lastchan) { 4632 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4633 rt5592_chan_5ghz[i].val); 4634 } 4635 } 4636 4637 /* 4638 * RF R49/R50 Tx power ALC code. 4639 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4640 */ 4641 reg = 3; 4642 txpow_bound = 0x2b; 4643 } 4644 4645 /* RF R49 ch0 Tx power ALC code. */ 4646 run_rt3070_rf_read(sc, 49, &rf); 4647 rf &= ~0xc0; 4648 rf |= (reg << 6); 4649 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4650 if ((rf & 0x3f) > txpow_bound) 4651 rf = (rf & ~0x3f) | txpow_bound; 4652 run_rt3070_rf_write(sc, 49, rf); 4653 4654 /* RF R50 ch1 Tx power ALC code. */ 4655 run_rt3070_rf_read(sc, 50, &rf); 4656 rf &= ~(1 << 7 | 1 << 6); 4657 rf |= (reg << 6); 4658 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4659 if ((rf & 0x3f) > txpow_bound) 4660 rf = (rf & ~0x3f) | txpow_bound; 4661 run_rt3070_rf_write(sc, 50, rf); 4662 4663 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4664 run_rt3070_rf_read(sc, 1, &rf); 4665 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4666 if (sc->ntxchains > 1) 4667 rf |= RT3070_TX1_PD; 4668 if (sc->nrxchains > 1) 4669 rf |= RT3070_RX1_PD; 4670 run_rt3070_rf_write(sc, 1, rf); 4671 4672 run_rt3070_rf_write(sc, 6, 0xe4); 4673 4674 run_rt3070_rf_write(sc, 30, 0x10); 4675 run_rt3070_rf_write(sc, 31, 0x80); 4676 run_rt3070_rf_write(sc, 32, 0x80); 4677 4678 run_adjust_freq_offset(sc); 4679 4680 /* Enable VCO calibration. */ 4681 run_rt3070_rf_read(sc, 3, &rf); 4682 rf |= RT5390_VCOCAL; 4683 run_rt3070_rf_write(sc, 3, rf); 4684 } 4685 4686 static void 4687 run_set_rx_antenna(struct run_softc *sc, int aux) 4688 { 4689 uint32_t tmp; 4690 uint8_t bbp152; 4691 4692 if (aux) { 4693 if (sc->rf_rev == RT5390_RF_5370) { 4694 run_bbp_read(sc, 152, &bbp152); 4695 run_bbp_write(sc, 152, bbp152 & ~0x80); 4696 } else { 4697 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4698 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4699 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4700 } 4701 } else { 4702 if (sc->rf_rev == RT5390_RF_5370) { 4703 run_bbp_read(sc, 152, &bbp152); 4704 run_bbp_write(sc, 152, bbp152 | 0x80); 4705 } else { 4706 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4707 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4708 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4709 } 4710 } 4711 } 4712 4713 static int 4714 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4715 { 4716 struct ieee80211com *ic = &sc->sc_ic; 4717 u_int chan, group; 4718 4719 chan = ieee80211_chan2ieee(ic, c); 4720 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4721 return (EINVAL); 4722 4723 if (sc->mac_ver == 0x5592) 4724 run_rt5592_set_chan(sc, chan); 4725 else if (sc->mac_ver >= 0x5390) 4726 run_rt5390_set_chan(sc, chan); 4727 else if (sc->mac_ver == 0x3593) 4728 run_rt3593_set_chan(sc, chan); 4729 else if (sc->mac_ver == 0x3572) 4730 run_rt3572_set_chan(sc, chan); 4731 else if (sc->mac_ver >= 0x3070) 4732 run_rt3070_set_chan(sc, chan); 4733 else 4734 run_rt2870_set_chan(sc, chan); 4735 4736 /* determine channel group */ 4737 if (chan <= 14) 4738 group = 0; 4739 else if (chan <= 64) 4740 group = 1; 4741 else if (chan <= 128) 4742 group = 2; 4743 else 4744 group = 3; 4745 4746 /* XXX necessary only when group has changed! */ 4747 run_select_chan_group(sc, group); 4748 4749 run_delay(sc, 10); 4750 4751 /* Perform IQ calibration. */ 4752 if (sc->mac_ver >= 0x5392) 4753 run_iq_calib(sc, chan); 4754 4755 return (0); 4756 } 4757 4758 static void 4759 run_set_channel(struct ieee80211com *ic) 4760 { 4761 struct run_softc *sc = ic->ic_softc; 4762 4763 RUN_LOCK(sc); 4764 run_set_chan(sc, ic->ic_curchan); 4765 RUN_UNLOCK(sc); 4766 4767 return; 4768 } 4769 4770 static void 4771 run_scan_start(struct ieee80211com *ic) 4772 { 4773 struct run_softc *sc = ic->ic_softc; 4774 uint32_t tmp; 4775 4776 RUN_LOCK(sc); 4777 4778 /* abort TSF synchronization */ 4779 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4780 run_write(sc, RT2860_BCN_TIME_CFG, 4781 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4782 RT2860_TBTT_TIMER_EN)); 4783 run_set_bssid(sc, ieee80211broadcastaddr); 4784 4785 RUN_UNLOCK(sc); 4786 4787 return; 4788 } 4789 4790 static void 4791 run_scan_end(struct ieee80211com *ic) 4792 { 4793 struct run_softc *sc = ic->ic_softc; 4794 4795 RUN_LOCK(sc); 4796 4797 run_enable_tsf_sync(sc); 4798 /* XXX keep local copy */ 4799 run_set_bssid(sc, ic->ic_macaddr); 4800 4801 RUN_UNLOCK(sc); 4802 4803 return; 4804 } 4805 4806 /* 4807 * Could be called from ieee80211_node_timeout() 4808 * (non-sleepable thread) 4809 */ 4810 static void 4811 run_update_beacon(struct ieee80211vap *vap, int item) 4812 { 4813 struct ieee80211com *ic = vap->iv_ic; 4814 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4815 struct ieee80211_node *ni = vap->iv_bss; 4816 struct run_softc *sc = ic->ic_softc; 4817 struct run_vap *rvp = RUN_VAP(vap); 4818 int mcast = 0; 4819 uint32_t i; 4820 4821 switch (item) { 4822 case IEEE80211_BEACON_ERP: 4823 run_updateslot(ic); 4824 break; 4825 case IEEE80211_BEACON_HTINFO: 4826 run_updateprot(ic); 4827 break; 4828 case IEEE80211_BEACON_TIM: 4829 mcast = 1; /*TODO*/ 4830 break; 4831 default: 4832 break; 4833 } 4834 4835 setbit(bo->bo_flags, item); 4836 if (rvp->beacon_mbuf == NULL) { 4837 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni, bo); 4838 if (rvp->beacon_mbuf == NULL) 4839 return; 4840 } 4841 ieee80211_beacon_update(ni, bo, rvp->beacon_mbuf, mcast); 4842 4843 i = RUN_CMDQ_GET(&sc->cmdq_store); 4844 DPRINTF("cmdq_store=%d\n", i); 4845 sc->cmdq[i].func = run_update_beacon_cb; 4846 sc->cmdq[i].arg0 = vap; 4847 ieee80211_runtask(ic, &sc->cmdq_task); 4848 4849 return; 4850 } 4851 4852 static void 4853 run_update_beacon_cb(void *arg) 4854 { 4855 struct ieee80211vap *vap = arg; 4856 struct ieee80211_node *ni = vap->iv_bss; 4857 struct run_vap *rvp = RUN_VAP(vap); 4858 struct ieee80211com *ic = vap->iv_ic; 4859 struct run_softc *sc = ic->ic_softc; 4860 struct rt2860_txwi txwi; 4861 struct mbuf *m; 4862 uint16_t txwisize; 4863 uint8_t ridx; 4864 4865 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4866 return; 4867 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4868 return; 4869 4870 /* 4871 * No need to call ieee80211_beacon_update(), run_update_beacon() 4872 * is taking care of apropriate calls. 4873 */ 4874 if (rvp->beacon_mbuf == NULL) { 4875 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni, 4876 &vap->iv_bcn_off); 4877 if (rvp->beacon_mbuf == NULL) 4878 return; 4879 } 4880 m = rvp->beacon_mbuf; 4881 4882 memset(&txwi, 0, sizeof(txwi)); 4883 txwi.wcid = 0xff; 4884 txwi.len = htole16(m->m_pkthdr.len); 4885 4886 /* send beacons at the lowest available rate */ 4887 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4888 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4889 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4890 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4891 txwi.phy |= htole16(RT2860_PHY_OFDM); 4892 txwi.txop = RT2860_TX_TXOP_HT; 4893 txwi.flags = RT2860_TX_TS; 4894 txwi.xflags = RT2860_TX_NSEQ; 4895 4896 txwisize = (sc->mac_ver == 0x5592) ? 4897 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4898 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4899 txwisize); 4900 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4901 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4902 } 4903 4904 static void 4905 run_updateprot(struct ieee80211com *ic) 4906 { 4907 struct run_softc *sc = ic->ic_softc; 4908 uint32_t i; 4909 4910 i = RUN_CMDQ_GET(&sc->cmdq_store); 4911 DPRINTF("cmdq_store=%d\n", i); 4912 sc->cmdq[i].func = run_updateprot_cb; 4913 sc->cmdq[i].arg0 = ic; 4914 ieee80211_runtask(ic, &sc->cmdq_task); 4915 } 4916 4917 static void 4918 run_updateprot_cb(void *arg) 4919 { 4920 struct ieee80211com *ic = arg; 4921 struct run_softc *sc = ic->ic_softc; 4922 uint32_t tmp; 4923 4924 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4925 /* setup protection frame rate (MCS code) */ 4926 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4927 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4928 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4929 4930 /* CCK frames don't require protection */ 4931 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4932 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4933 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4934 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4935 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4936 tmp |= RT2860_PROT_CTRL_CTS; 4937 } 4938 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4939 } 4940 4941 static void 4942 run_usb_timeout_cb(void *arg) 4943 { 4944 struct ieee80211vap *vap = arg; 4945 struct run_softc *sc = vap->iv_ic->ic_softc; 4946 4947 RUN_LOCK_ASSERT(sc, MA_OWNED); 4948 4949 if(vap->iv_state == IEEE80211_S_RUN && 4950 vap->iv_opmode != IEEE80211_M_STA) 4951 run_reset_livelock(sc); 4952 else if (vap->iv_state == IEEE80211_S_SCAN) { 4953 DPRINTF("timeout caused by scan\n"); 4954 /* cancel bgscan */ 4955 ieee80211_cancel_scan(vap); 4956 } else 4957 DPRINTF("timeout by unknown cause\n"); 4958 } 4959 4960 static void 4961 run_reset_livelock(struct run_softc *sc) 4962 { 4963 uint32_t tmp; 4964 4965 RUN_LOCK_ASSERT(sc, MA_OWNED); 4966 4967 /* 4968 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4969 * can run into a livelock and start sending CTS-to-self frames like 4970 * crazy if protection is enabled. Reset MAC/BBP for a while 4971 */ 4972 run_read(sc, RT2860_DEBUG, &tmp); 4973 DPRINTFN(3, "debug reg %08x\n", tmp); 4974 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4975 DPRINTF("CTS-to-self livelock detected\n"); 4976 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4977 run_delay(sc, 1); 4978 run_write(sc, RT2860_MAC_SYS_CTRL, 4979 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4980 } 4981 } 4982 4983 static void 4984 run_update_promisc_locked(struct run_softc *sc) 4985 { 4986 uint32_t tmp; 4987 4988 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4989 4990 tmp |= RT2860_DROP_UC_NOME; 4991 if (sc->sc_ic.ic_promisc > 0) 4992 tmp &= ~RT2860_DROP_UC_NOME; 4993 4994 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4995 4996 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 4997 "entering" : "leaving"); 4998 } 4999 5000 static void 5001 run_update_promisc(struct ieee80211com *ic) 5002 { 5003 struct run_softc *sc = ic->ic_softc; 5004 5005 if ((sc->sc_flags & RUN_RUNNING) == 0) 5006 return; 5007 5008 RUN_LOCK(sc); 5009 run_update_promisc_locked(sc); 5010 RUN_UNLOCK(sc); 5011 } 5012 5013 static void 5014 run_enable_tsf_sync(struct run_softc *sc) 5015 { 5016 struct ieee80211com *ic = &sc->sc_ic; 5017 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5018 uint32_t tmp; 5019 5020 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5021 ic->ic_opmode); 5022 5023 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5024 tmp &= ~0x1fffff; 5025 tmp |= vap->iv_bss->ni_intval * 16; 5026 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5027 5028 if (ic->ic_opmode == IEEE80211_M_STA) { 5029 /* 5030 * Local TSF is always updated with remote TSF on beacon 5031 * reception. 5032 */ 5033 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5034 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5035 tmp |= RT2860_BCN_TX_EN; 5036 /* 5037 * Local TSF is updated with remote TSF on beacon reception 5038 * only if the remote TSF is greater than local TSF. 5039 */ 5040 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5041 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5042 ic->ic_opmode == IEEE80211_M_MBSS) { 5043 tmp |= RT2860_BCN_TX_EN; 5044 /* SYNC with nobody */ 5045 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5046 } else { 5047 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5048 return; 5049 } 5050 5051 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5052 } 5053 5054 static void 5055 run_enable_tsf(struct run_softc *sc) 5056 { 5057 uint32_t tmp; 5058 5059 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5060 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5061 tmp |= RT2860_TSF_TIMER_EN; 5062 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5063 } 5064 } 5065 5066 static void 5067 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5068 { 5069 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5070 sizeof(*buf)); 5071 } 5072 5073 static void 5074 run_enable_mrr(struct run_softc *sc) 5075 { 5076 #define CCK(mcs) (mcs) 5077 #define OFDM(mcs) (1 << 3 | (mcs)) 5078 run_write(sc, RT2860_LG_FBK_CFG0, 5079 OFDM(6) << 28 | /* 54->48 */ 5080 OFDM(5) << 24 | /* 48->36 */ 5081 OFDM(4) << 20 | /* 36->24 */ 5082 OFDM(3) << 16 | /* 24->18 */ 5083 OFDM(2) << 12 | /* 18->12 */ 5084 OFDM(1) << 8 | /* 12-> 9 */ 5085 OFDM(0) << 4 | /* 9-> 6 */ 5086 OFDM(0)); /* 6-> 6 */ 5087 5088 run_write(sc, RT2860_LG_FBK_CFG1, 5089 CCK(2) << 12 | /* 11->5.5 */ 5090 CCK(1) << 8 | /* 5.5-> 2 */ 5091 CCK(0) << 4 | /* 2-> 1 */ 5092 CCK(0)); /* 1-> 1 */ 5093 #undef OFDM 5094 #undef CCK 5095 } 5096 5097 static void 5098 run_set_txpreamble(struct run_softc *sc) 5099 { 5100 struct ieee80211com *ic = &sc->sc_ic; 5101 uint32_t tmp; 5102 5103 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5104 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5105 tmp |= RT2860_CCK_SHORT_EN; 5106 else 5107 tmp &= ~RT2860_CCK_SHORT_EN; 5108 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5109 } 5110 5111 static void 5112 run_set_basicrates(struct run_softc *sc) 5113 { 5114 struct ieee80211com *ic = &sc->sc_ic; 5115 5116 /* set basic rates mask */ 5117 if (ic->ic_curmode == IEEE80211_MODE_11B) 5118 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5119 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5120 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5121 else /* 11g */ 5122 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5123 } 5124 5125 static void 5126 run_set_leds(struct run_softc *sc, uint16_t which) 5127 { 5128 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5129 which | (sc->leds & 0x7f)); 5130 } 5131 5132 static void 5133 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5134 { 5135 run_write(sc, RT2860_MAC_BSSID_DW0, 5136 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5137 run_write(sc, RT2860_MAC_BSSID_DW1, 5138 bssid[4] | bssid[5] << 8); 5139 } 5140 5141 static void 5142 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5143 { 5144 run_write(sc, RT2860_MAC_ADDR_DW0, 5145 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5146 run_write(sc, RT2860_MAC_ADDR_DW1, 5147 addr[4] | addr[5] << 8 | 0xff << 16); 5148 } 5149 5150 static void 5151 run_updateslot(struct ieee80211com *ic) 5152 { 5153 struct run_softc *sc = ic->ic_softc; 5154 uint32_t i; 5155 5156 i = RUN_CMDQ_GET(&sc->cmdq_store); 5157 DPRINTF("cmdq_store=%d\n", i); 5158 sc->cmdq[i].func = run_updateslot_cb; 5159 sc->cmdq[i].arg0 = ic; 5160 ieee80211_runtask(ic, &sc->cmdq_task); 5161 5162 return; 5163 } 5164 5165 /* ARGSUSED */ 5166 static void 5167 run_updateslot_cb(void *arg) 5168 { 5169 struct ieee80211com *ic = arg; 5170 struct run_softc *sc = ic->ic_softc; 5171 uint32_t tmp; 5172 5173 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5174 tmp &= ~0xff; 5175 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5176 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5177 } 5178 5179 static void 5180 run_update_mcast(struct ieee80211com *ic) 5181 { 5182 } 5183 5184 static int8_t 5185 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5186 { 5187 struct ieee80211com *ic = &sc->sc_ic; 5188 struct ieee80211_channel *c = ic->ic_curchan; 5189 int delta; 5190 5191 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5192 u_int chan = ieee80211_chan2ieee(ic, c); 5193 delta = sc->rssi_5ghz[rxchain]; 5194 5195 /* determine channel group */ 5196 if (chan <= 64) 5197 delta -= sc->lna[1]; 5198 else if (chan <= 128) 5199 delta -= sc->lna[2]; 5200 else 5201 delta -= sc->lna[3]; 5202 } else 5203 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5204 5205 return (-12 - delta - rssi); 5206 } 5207 5208 static void 5209 run_rt5390_bbp_init(struct run_softc *sc) 5210 { 5211 int i; 5212 uint8_t bbp; 5213 5214 /* Apply maximum likelihood detection for 2 stream case. */ 5215 run_bbp_read(sc, 105, &bbp); 5216 if (sc->nrxchains > 1) 5217 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5218 5219 /* Avoid data lost and CRC error. */ 5220 run_bbp_read(sc, 4, &bbp); 5221 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5222 5223 if (sc->mac_ver == 0x5592) { 5224 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5225 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5226 rt5592_def_bbp[i].val); 5227 } 5228 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5229 run_bbp_write(sc, 195, i + 0x80); 5230 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5231 } 5232 } else { 5233 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5234 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5235 rt5390_def_bbp[i].val); 5236 } 5237 } 5238 if (sc->mac_ver == 0x5392) { 5239 run_bbp_write(sc, 88, 0x90); 5240 run_bbp_write(sc, 95, 0x9a); 5241 run_bbp_write(sc, 98, 0x12); 5242 run_bbp_write(sc, 106, 0x12); 5243 run_bbp_write(sc, 134, 0xd0); 5244 run_bbp_write(sc, 135, 0xf6); 5245 run_bbp_write(sc, 148, 0x84); 5246 } 5247 5248 run_bbp_read(sc, 152, &bbp); 5249 run_bbp_write(sc, 152, bbp | 0x80); 5250 5251 /* Fix BBP254 for RT5592C. */ 5252 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5253 run_bbp_read(sc, 254, &bbp); 5254 run_bbp_write(sc, 254, bbp | 0x80); 5255 } 5256 5257 /* Disable hardware antenna diversity. */ 5258 if (sc->mac_ver == 0x5390) 5259 run_bbp_write(sc, 154, 0); 5260 5261 /* Initialize Rx CCK/OFDM frequency offset report. */ 5262 run_bbp_write(sc, 142, 1); 5263 run_bbp_write(sc, 143, 57); 5264 } 5265 5266 static int 5267 run_bbp_init(struct run_softc *sc) 5268 { 5269 int i, error, ntries; 5270 uint8_t bbp0; 5271 5272 /* wait for BBP to wake up */ 5273 for (ntries = 0; ntries < 20; ntries++) { 5274 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5275 return error; 5276 if (bbp0 != 0 && bbp0 != 0xff) 5277 break; 5278 } 5279 if (ntries == 20) 5280 return (ETIMEDOUT); 5281 5282 /* initialize BBP registers to default values */ 5283 if (sc->mac_ver >= 0x5390) 5284 run_rt5390_bbp_init(sc); 5285 else { 5286 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5287 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5288 rt2860_def_bbp[i].val); 5289 } 5290 } 5291 5292 if (sc->mac_ver == 0x3593) { 5293 run_bbp_write(sc, 79, 0x13); 5294 run_bbp_write(sc, 80, 0x05); 5295 run_bbp_write(sc, 81, 0x33); 5296 run_bbp_write(sc, 86, 0x46); 5297 run_bbp_write(sc, 137, 0x0f); 5298 } 5299 5300 /* fix BBP84 for RT2860E */ 5301 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5302 run_bbp_write(sc, 84, 0x19); 5303 5304 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5305 sc->mac_ver != 0x5592)) { 5306 run_bbp_write(sc, 79, 0x13); 5307 run_bbp_write(sc, 80, 0x05); 5308 run_bbp_write(sc, 81, 0x33); 5309 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5310 run_bbp_write(sc, 69, 0x16); 5311 run_bbp_write(sc, 73, 0x12); 5312 } 5313 return (0); 5314 } 5315 5316 static int 5317 run_rt3070_rf_init(struct run_softc *sc) 5318 { 5319 uint32_t tmp; 5320 uint8_t bbp4, mingain, rf, target; 5321 int i; 5322 5323 run_rt3070_rf_read(sc, 30, &rf); 5324 /* toggle RF R30 bit 7 */ 5325 run_rt3070_rf_write(sc, 30, rf | 0x80); 5326 run_delay(sc, 10); 5327 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5328 5329 /* initialize RF registers to default value */ 5330 if (sc->mac_ver == 0x3572) { 5331 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5332 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5333 rt3572_def_rf[i].val); 5334 } 5335 } else { 5336 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5337 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5338 rt3070_def_rf[i].val); 5339 } 5340 } 5341 5342 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5343 /* 5344 * Change voltage from 1.2V to 1.35V for RT3070. 5345 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5346 * in RT3070(F). 5347 */ 5348 run_read(sc, RT3070_LDO_CFG0, &tmp); 5349 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5350 run_write(sc, RT3070_LDO_CFG0, tmp); 5351 5352 } else if (sc->mac_ver == 0x3071) { 5353 run_rt3070_rf_read(sc, 6, &rf); 5354 run_rt3070_rf_write(sc, 6, rf | 0x40); 5355 run_rt3070_rf_write(sc, 31, 0x14); 5356 5357 run_read(sc, RT3070_LDO_CFG0, &tmp); 5358 tmp &= ~0x1f000000; 5359 if (sc->mac_rev < 0x0211) 5360 tmp |= 0x0d000000; /* 1.3V */ 5361 else 5362 tmp |= 0x01000000; /* 1.2V */ 5363 run_write(sc, RT3070_LDO_CFG0, tmp); 5364 5365 /* patch LNA_PE_G1 */ 5366 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5367 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5368 5369 } else if (sc->mac_ver == 0x3572) { 5370 run_rt3070_rf_read(sc, 6, &rf); 5371 run_rt3070_rf_write(sc, 6, rf | 0x40); 5372 5373 /* increase voltage from 1.2V to 1.35V */ 5374 run_read(sc, RT3070_LDO_CFG0, &tmp); 5375 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5376 run_write(sc, RT3070_LDO_CFG0, tmp); 5377 5378 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5379 run_delay(sc, 1); /* wait for 1msec */ 5380 /* decrease voltage back to 1.2V */ 5381 tmp = (tmp & ~0x1f000000) | 0x01000000; 5382 run_write(sc, RT3070_LDO_CFG0, tmp); 5383 } 5384 } 5385 5386 /* select 20MHz bandwidth */ 5387 run_rt3070_rf_read(sc, 31, &rf); 5388 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5389 5390 /* calibrate filter for 20MHz bandwidth */ 5391 sc->rf24_20mhz = 0x1f; /* default value */ 5392 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5393 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5394 5395 /* select 40MHz bandwidth */ 5396 run_bbp_read(sc, 4, &bbp4); 5397 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5398 run_rt3070_rf_read(sc, 31, &rf); 5399 run_rt3070_rf_write(sc, 31, rf | 0x20); 5400 5401 /* calibrate filter for 40MHz bandwidth */ 5402 sc->rf24_40mhz = 0x2f; /* default value */ 5403 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5404 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5405 5406 /* go back to 20MHz bandwidth */ 5407 run_bbp_read(sc, 4, &bbp4); 5408 run_bbp_write(sc, 4, bbp4 & ~0x18); 5409 5410 if (sc->mac_ver == 0x3572) { 5411 /* save default BBP registers 25 and 26 values */ 5412 run_bbp_read(sc, 25, &sc->bbp25); 5413 run_bbp_read(sc, 26, &sc->bbp26); 5414 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5415 run_rt3070_rf_write(sc, 27, 0x03); 5416 5417 run_read(sc, RT3070_OPT_14, &tmp); 5418 run_write(sc, RT3070_OPT_14, tmp | 1); 5419 5420 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5421 run_rt3070_rf_read(sc, 17, &rf); 5422 rf &= ~RT3070_TX_LO1; 5423 if ((sc->mac_ver == 0x3070 || 5424 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5425 !sc->ext_2ghz_lna) 5426 rf |= 0x20; /* fix for long range Rx issue */ 5427 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5428 if (sc->txmixgain_2ghz >= mingain) 5429 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5430 run_rt3070_rf_write(sc, 17, rf); 5431 } 5432 5433 if (sc->mac_ver == 0x3071) { 5434 run_rt3070_rf_read(sc, 1, &rf); 5435 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5436 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5437 run_rt3070_rf_write(sc, 1, rf); 5438 5439 run_rt3070_rf_read(sc, 15, &rf); 5440 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5441 5442 run_rt3070_rf_read(sc, 20, &rf); 5443 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5444 5445 run_rt3070_rf_read(sc, 21, &rf); 5446 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5447 } 5448 5449 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5450 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5451 run_rt3070_rf_read(sc, 27, &rf); 5452 rf &= ~0x77; 5453 if (sc->mac_rev < 0x0211) 5454 rf |= 0x03; 5455 run_rt3070_rf_write(sc, 27, rf); 5456 } 5457 return (0); 5458 } 5459 5460 static void 5461 run_rt3593_rf_init(struct run_softc *sc) 5462 { 5463 uint32_t tmp; 5464 uint8_t rf; 5465 int i; 5466 5467 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5468 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5469 tmp &= ~(1 << 4 | 1 << 7); 5470 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5471 5472 /* Initialize RF registers to default value. */ 5473 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5474 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5475 rt3593_def_rf[i].val); 5476 } 5477 5478 /* Toggle RF R2 to initiate calibration. */ 5479 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5480 5481 /* Initialize RF frequency offset. */ 5482 run_adjust_freq_offset(sc); 5483 5484 run_rt3070_rf_read(sc, 18, &rf); 5485 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5486 5487 /* 5488 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5489 * decrease voltage back to 1.2V. 5490 */ 5491 run_read(sc, RT3070_LDO_CFG0, &tmp); 5492 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5493 run_write(sc, RT3070_LDO_CFG0, tmp); 5494 run_delay(sc, 1); 5495 tmp = (tmp & ~0x1f000000) | 0x01000000; 5496 run_write(sc, RT3070_LDO_CFG0, tmp); 5497 5498 sc->rf24_20mhz = 0x1f; 5499 sc->rf24_40mhz = 0x2f; 5500 5501 /* Save default BBP registers 25 and 26 values. */ 5502 run_bbp_read(sc, 25, &sc->bbp25); 5503 run_bbp_read(sc, 26, &sc->bbp26); 5504 5505 run_read(sc, RT3070_OPT_14, &tmp); 5506 run_write(sc, RT3070_OPT_14, tmp | 1); 5507 } 5508 5509 static void 5510 run_rt5390_rf_init(struct run_softc *sc) 5511 { 5512 uint32_t tmp; 5513 uint8_t rf; 5514 int i; 5515 5516 /* Toggle RF R2 to initiate calibration. */ 5517 if (sc->mac_ver == 0x5390) { 5518 run_rt3070_rf_read(sc, 2, &rf); 5519 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5520 run_delay(sc, 10); 5521 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5522 } else { 5523 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5524 run_delay(sc, 10); 5525 } 5526 5527 /* Initialize RF registers to default value. */ 5528 if (sc->mac_ver == 0x5592) { 5529 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5530 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5531 rt5592_def_rf[i].val); 5532 } 5533 /* Initialize RF frequency offset. */ 5534 run_adjust_freq_offset(sc); 5535 } else if (sc->mac_ver == 0x5392) { 5536 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5537 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5538 rt5392_def_rf[i].val); 5539 } 5540 if (sc->mac_rev >= 0x0223) { 5541 run_rt3070_rf_write(sc, 23, 0x0f); 5542 run_rt3070_rf_write(sc, 24, 0x3e); 5543 run_rt3070_rf_write(sc, 51, 0x32); 5544 run_rt3070_rf_write(sc, 53, 0x22); 5545 run_rt3070_rf_write(sc, 56, 0xc1); 5546 run_rt3070_rf_write(sc, 59, 0x0f); 5547 } 5548 } else { 5549 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5550 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5551 rt5390_def_rf[i].val); 5552 } 5553 if (sc->mac_rev >= 0x0502) { 5554 run_rt3070_rf_write(sc, 6, 0xe0); 5555 run_rt3070_rf_write(sc, 25, 0x80); 5556 run_rt3070_rf_write(sc, 46, 0x73); 5557 run_rt3070_rf_write(sc, 53, 0x00); 5558 run_rt3070_rf_write(sc, 56, 0x42); 5559 run_rt3070_rf_write(sc, 61, 0xd1); 5560 } 5561 } 5562 5563 sc->rf24_20mhz = 0x1f; /* default value */ 5564 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5565 5566 if (sc->mac_rev < 0x0211) 5567 run_rt3070_rf_write(sc, 27, 0x3); 5568 5569 run_read(sc, RT3070_OPT_14, &tmp); 5570 run_write(sc, RT3070_OPT_14, tmp | 1); 5571 } 5572 5573 static int 5574 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5575 uint8_t *val) 5576 { 5577 uint8_t rf22, rf24; 5578 uint8_t bbp55_pb, bbp55_sb, delta; 5579 int ntries; 5580 5581 /* program filter */ 5582 run_rt3070_rf_read(sc, 24, &rf24); 5583 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5584 run_rt3070_rf_write(sc, 24, rf24); 5585 5586 /* enable baseband loopback mode */ 5587 run_rt3070_rf_read(sc, 22, &rf22); 5588 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5589 5590 /* set power and frequency of passband test tone */ 5591 run_bbp_write(sc, 24, 0x00); 5592 for (ntries = 0; ntries < 100; ntries++) { 5593 /* transmit test tone */ 5594 run_bbp_write(sc, 25, 0x90); 5595 run_delay(sc, 10); 5596 /* read received power */ 5597 run_bbp_read(sc, 55, &bbp55_pb); 5598 if (bbp55_pb != 0) 5599 break; 5600 } 5601 if (ntries == 100) 5602 return (ETIMEDOUT); 5603 5604 /* set power and frequency of stopband test tone */ 5605 run_bbp_write(sc, 24, 0x06); 5606 for (ntries = 0; ntries < 100; ntries++) { 5607 /* transmit test tone */ 5608 run_bbp_write(sc, 25, 0x90); 5609 run_delay(sc, 10); 5610 /* read received power */ 5611 run_bbp_read(sc, 55, &bbp55_sb); 5612 5613 delta = bbp55_pb - bbp55_sb; 5614 if (delta > target) 5615 break; 5616 5617 /* reprogram filter */ 5618 rf24++; 5619 run_rt3070_rf_write(sc, 24, rf24); 5620 } 5621 if (ntries < 100) { 5622 if (rf24 != init) 5623 rf24--; /* backtrack */ 5624 *val = rf24; 5625 run_rt3070_rf_write(sc, 24, rf24); 5626 } 5627 5628 /* restore initial state */ 5629 run_bbp_write(sc, 24, 0x00); 5630 5631 /* disable baseband loopback mode */ 5632 run_rt3070_rf_read(sc, 22, &rf22); 5633 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5634 5635 return (0); 5636 } 5637 5638 static void 5639 run_rt3070_rf_setup(struct run_softc *sc) 5640 { 5641 uint8_t bbp, rf; 5642 int i; 5643 5644 if (sc->mac_ver == 0x3572) { 5645 /* enable DC filter */ 5646 if (sc->mac_rev >= 0x0201) 5647 run_bbp_write(sc, 103, 0xc0); 5648 5649 run_bbp_read(sc, 138, &bbp); 5650 if (sc->ntxchains == 1) 5651 bbp |= 0x20; /* turn off DAC1 */ 5652 if (sc->nrxchains == 1) 5653 bbp &= ~0x02; /* turn off ADC1 */ 5654 run_bbp_write(sc, 138, bbp); 5655 5656 if (sc->mac_rev >= 0x0211) { 5657 /* improve power consumption */ 5658 run_bbp_read(sc, 31, &bbp); 5659 run_bbp_write(sc, 31, bbp & ~0x03); 5660 } 5661 5662 run_rt3070_rf_read(sc, 16, &rf); 5663 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5664 run_rt3070_rf_write(sc, 16, rf); 5665 5666 } else if (sc->mac_ver == 0x3071) { 5667 if (sc->mac_rev >= 0x0211) { 5668 /* enable DC filter */ 5669 run_bbp_write(sc, 103, 0xc0); 5670 5671 /* improve power consumption */ 5672 run_bbp_read(sc, 31, &bbp); 5673 run_bbp_write(sc, 31, bbp & ~0x03); 5674 } 5675 5676 run_bbp_read(sc, 138, &bbp); 5677 if (sc->ntxchains == 1) 5678 bbp |= 0x20; /* turn off DAC1 */ 5679 if (sc->nrxchains == 1) 5680 bbp &= ~0x02; /* turn off ADC1 */ 5681 run_bbp_write(sc, 138, bbp); 5682 5683 run_write(sc, RT2860_TX_SW_CFG1, 0); 5684 if (sc->mac_rev < 0x0211) { 5685 run_write(sc, RT2860_TX_SW_CFG2, 5686 sc->patch_dac ? 0x2c : 0x0f); 5687 } else 5688 run_write(sc, RT2860_TX_SW_CFG2, 0); 5689 5690 } else if (sc->mac_ver == 0x3070) { 5691 if (sc->mac_rev >= 0x0201) { 5692 /* enable DC filter */ 5693 run_bbp_write(sc, 103, 0xc0); 5694 5695 /* improve power consumption */ 5696 run_bbp_read(sc, 31, &bbp); 5697 run_bbp_write(sc, 31, bbp & ~0x03); 5698 } 5699 5700 if (sc->mac_rev < 0x0201) { 5701 run_write(sc, RT2860_TX_SW_CFG1, 0); 5702 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5703 } else 5704 run_write(sc, RT2860_TX_SW_CFG2, 0); 5705 } 5706 5707 /* initialize RF registers from ROM for >=RT3071*/ 5708 if (sc->mac_ver >= 0x3071) { 5709 for (i = 0; i < 10; i++) { 5710 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5711 continue; 5712 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5713 } 5714 } 5715 } 5716 5717 static void 5718 run_rt3593_rf_setup(struct run_softc *sc) 5719 { 5720 uint8_t bbp, rf; 5721 5722 if (sc->mac_rev >= 0x0211) { 5723 /* Enable DC filter. */ 5724 run_bbp_write(sc, 103, 0xc0); 5725 } 5726 run_write(sc, RT2860_TX_SW_CFG1, 0); 5727 if (sc->mac_rev < 0x0211) { 5728 run_write(sc, RT2860_TX_SW_CFG2, 5729 sc->patch_dac ? 0x2c : 0x0f); 5730 } else 5731 run_write(sc, RT2860_TX_SW_CFG2, 0); 5732 5733 run_rt3070_rf_read(sc, 50, &rf); 5734 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5735 5736 run_rt3070_rf_read(sc, 51, &rf); 5737 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5738 ((sc->txmixgain_2ghz & 0x07) << 2); 5739 run_rt3070_rf_write(sc, 51, rf); 5740 5741 run_rt3070_rf_read(sc, 38, &rf); 5742 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5743 5744 run_rt3070_rf_read(sc, 39, &rf); 5745 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5746 5747 run_rt3070_rf_read(sc, 1, &rf); 5748 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5749 5750 run_rt3070_rf_read(sc, 30, &rf); 5751 rf = (rf & ~0x18) | 0x10; 5752 run_rt3070_rf_write(sc, 30, rf); 5753 5754 /* Apply maximum likelihood detection for 2 stream case. */ 5755 run_bbp_read(sc, 105, &bbp); 5756 if (sc->nrxchains > 1) 5757 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5758 5759 /* Avoid data lost and CRC error. */ 5760 run_bbp_read(sc, 4, &bbp); 5761 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5762 5763 run_bbp_write(sc, 92, 0x02); 5764 run_bbp_write(sc, 82, 0x82); 5765 run_bbp_write(sc, 106, 0x05); 5766 run_bbp_write(sc, 104, 0x92); 5767 run_bbp_write(sc, 88, 0x90); 5768 run_bbp_write(sc, 148, 0xc8); 5769 run_bbp_write(sc, 47, 0x48); 5770 run_bbp_write(sc, 120, 0x50); 5771 5772 run_bbp_write(sc, 163, 0x9d); 5773 5774 /* SNR mapping. */ 5775 run_bbp_write(sc, 142, 0x06); 5776 run_bbp_write(sc, 143, 0xa0); 5777 run_bbp_write(sc, 142, 0x07); 5778 run_bbp_write(sc, 143, 0xa1); 5779 run_bbp_write(sc, 142, 0x08); 5780 run_bbp_write(sc, 143, 0xa2); 5781 5782 run_bbp_write(sc, 31, 0x08); 5783 run_bbp_write(sc, 68, 0x0b); 5784 run_bbp_write(sc, 105, 0x04); 5785 } 5786 5787 static void 5788 run_rt5390_rf_setup(struct run_softc *sc) 5789 { 5790 uint8_t bbp, rf; 5791 5792 if (sc->mac_rev >= 0x0211) { 5793 /* Enable DC filter. */ 5794 run_bbp_write(sc, 103, 0xc0); 5795 5796 if (sc->mac_ver != 0x5592) { 5797 /* Improve power consumption. */ 5798 run_bbp_read(sc, 31, &bbp); 5799 run_bbp_write(sc, 31, bbp & ~0x03); 5800 } 5801 } 5802 5803 run_bbp_read(sc, 138, &bbp); 5804 if (sc->ntxchains == 1) 5805 bbp |= 0x20; /* turn off DAC1 */ 5806 if (sc->nrxchains == 1) 5807 bbp &= ~0x02; /* turn off ADC1 */ 5808 run_bbp_write(sc, 138, bbp); 5809 5810 run_rt3070_rf_read(sc, 38, &rf); 5811 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5812 5813 run_rt3070_rf_read(sc, 39, &rf); 5814 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5815 5816 /* Avoid data lost and CRC error. */ 5817 run_bbp_read(sc, 4, &bbp); 5818 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5819 5820 run_rt3070_rf_read(sc, 30, &rf); 5821 rf = (rf & ~0x18) | 0x10; 5822 run_rt3070_rf_write(sc, 30, rf); 5823 5824 if (sc->mac_ver != 0x5592) { 5825 run_write(sc, RT2860_TX_SW_CFG1, 0); 5826 if (sc->mac_rev < 0x0211) { 5827 run_write(sc, RT2860_TX_SW_CFG2, 5828 sc->patch_dac ? 0x2c : 0x0f); 5829 } else 5830 run_write(sc, RT2860_TX_SW_CFG2, 0); 5831 } 5832 } 5833 5834 static int 5835 run_txrx_enable(struct run_softc *sc) 5836 { 5837 struct ieee80211com *ic = &sc->sc_ic; 5838 uint32_t tmp; 5839 int error, ntries; 5840 5841 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5842 for (ntries = 0; ntries < 200; ntries++) { 5843 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5844 return (error); 5845 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5846 break; 5847 run_delay(sc, 50); 5848 } 5849 if (ntries == 200) 5850 return (ETIMEDOUT); 5851 5852 run_delay(sc, 50); 5853 5854 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5855 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5856 5857 /* enable Rx bulk aggregation (set timeout and limit) */ 5858 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5859 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5860 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5861 5862 /* set Rx filter */ 5863 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5864 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5865 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5866 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5867 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5868 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5869 if (ic->ic_opmode == IEEE80211_M_STA) 5870 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5871 } 5872 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5873 5874 run_write(sc, RT2860_MAC_SYS_CTRL, 5875 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5876 5877 return (0); 5878 } 5879 5880 static void 5881 run_adjust_freq_offset(struct run_softc *sc) 5882 { 5883 uint8_t rf, tmp; 5884 5885 run_rt3070_rf_read(sc, 17, &rf); 5886 tmp = rf; 5887 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5888 rf = MIN(rf, 0x5f); 5889 5890 if (tmp != rf) 5891 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5892 } 5893 5894 static void 5895 run_init_locked(struct run_softc *sc) 5896 { 5897 struct ieee80211com *ic = &sc->sc_ic; 5898 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5899 uint32_t tmp; 5900 uint8_t bbp1, bbp3; 5901 int i; 5902 int ridx; 5903 int ntries; 5904 5905 if (ic->ic_nrunning > 1) 5906 return; 5907 5908 run_stop(sc); 5909 5910 if (run_load_microcode(sc) != 0) { 5911 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5912 goto fail; 5913 } 5914 5915 for (ntries = 0; ntries < 100; ntries++) { 5916 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5917 goto fail; 5918 if (tmp != 0 && tmp != 0xffffffff) 5919 break; 5920 run_delay(sc, 10); 5921 } 5922 if (ntries == 100) 5923 goto fail; 5924 5925 for (i = 0; i != RUN_EP_QUEUES; i++) 5926 run_setup_tx_list(sc, &sc->sc_epq[i]); 5927 5928 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5929 5930 for (ntries = 0; ntries < 100; ntries++) { 5931 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5932 goto fail; 5933 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5934 break; 5935 run_delay(sc, 10); 5936 } 5937 if (ntries == 100) { 5938 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5939 goto fail; 5940 } 5941 tmp &= 0xff0; 5942 tmp |= RT2860_TX_WB_DDONE; 5943 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5944 5945 /* turn off PME_OEN to solve high-current issue */ 5946 run_read(sc, RT2860_SYS_CTRL, &tmp); 5947 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5948 5949 run_write(sc, RT2860_MAC_SYS_CTRL, 5950 RT2860_BBP_HRST | RT2860_MAC_SRST); 5951 run_write(sc, RT2860_USB_DMA_CFG, 0); 5952 5953 if (run_reset(sc) != 0) { 5954 device_printf(sc->sc_dev, "could not reset chipset\n"); 5955 goto fail; 5956 } 5957 5958 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5959 5960 /* init Tx power for all Tx rates (from EEPROM) */ 5961 for (ridx = 0; ridx < 5; ridx++) { 5962 if (sc->txpow20mhz[ridx] == 0xffffffff) 5963 continue; 5964 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5965 } 5966 5967 for (i = 0; i < nitems(rt2870_def_mac); i++) 5968 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5969 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5970 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5971 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5972 5973 if (sc->mac_ver >= 0x5390) { 5974 run_write(sc, RT2860_TX_SW_CFG0, 5975 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5976 if (sc->mac_ver >= 0x5392) { 5977 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5978 if (sc->mac_ver == 0x5592) { 5979 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5980 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5981 } else { 5982 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5983 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5984 } 5985 } 5986 } else if (sc->mac_ver == 0x3593) { 5987 run_write(sc, RT2860_TX_SW_CFG0, 5988 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 5989 } else if (sc->mac_ver >= 0x3070) { 5990 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 5991 run_write(sc, RT2860_TX_SW_CFG0, 5992 4 << RT2860_DLY_PAPE_EN_SHIFT); 5993 } 5994 5995 /* wait while MAC is busy */ 5996 for (ntries = 0; ntries < 100; ntries++) { 5997 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 5998 goto fail; 5999 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6000 break; 6001 run_delay(sc, 10); 6002 } 6003 if (ntries == 100) 6004 goto fail; 6005 6006 /* clear Host to MCU mailbox */ 6007 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6008 run_write(sc, RT2860_H2M_MAILBOX, 0); 6009 run_delay(sc, 10); 6010 6011 if (run_bbp_init(sc) != 0) { 6012 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6013 goto fail; 6014 } 6015 6016 /* abort TSF synchronization */ 6017 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6018 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6019 RT2860_TBTT_TIMER_EN); 6020 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6021 6022 /* clear RX WCID search table */ 6023 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6024 /* clear WCID attribute table */ 6025 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6026 6027 /* hostapd sets a key before init. So, don't clear it. */ 6028 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6029 /* clear shared key table */ 6030 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6031 /* clear shared key mode */ 6032 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6033 } 6034 6035 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6036 tmp = (tmp & ~0xff) | 0x1e; 6037 run_write(sc, RT2860_US_CYC_CNT, tmp); 6038 6039 if (sc->mac_rev != 0x0101) 6040 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6041 6042 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6043 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6044 6045 /* write vendor-specific BBP values (from EEPROM) */ 6046 if (sc->mac_ver < 0x3593) { 6047 for (i = 0; i < 10; i++) { 6048 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6049 continue; 6050 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6051 } 6052 } 6053 6054 /* select Main antenna for 1T1R devices */ 6055 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6056 run_set_rx_antenna(sc, 0); 6057 6058 /* send LEDs operating mode to microcontroller */ 6059 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6060 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6061 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6062 6063 if (sc->mac_ver >= 0x5390) 6064 run_rt5390_rf_init(sc); 6065 else if (sc->mac_ver == 0x3593) 6066 run_rt3593_rf_init(sc); 6067 else if (sc->mac_ver >= 0x3070) 6068 run_rt3070_rf_init(sc); 6069 6070 /* disable non-existing Rx chains */ 6071 run_bbp_read(sc, 3, &bbp3); 6072 bbp3 &= ~(1 << 3 | 1 << 4); 6073 if (sc->nrxchains == 2) 6074 bbp3 |= 1 << 3; 6075 else if (sc->nrxchains == 3) 6076 bbp3 |= 1 << 4; 6077 run_bbp_write(sc, 3, bbp3); 6078 6079 /* disable non-existing Tx chains */ 6080 run_bbp_read(sc, 1, &bbp1); 6081 if (sc->ntxchains == 1) 6082 bbp1 &= ~(1 << 3 | 1 << 4); 6083 run_bbp_write(sc, 1, bbp1); 6084 6085 if (sc->mac_ver >= 0x5390) 6086 run_rt5390_rf_setup(sc); 6087 else if (sc->mac_ver == 0x3593) 6088 run_rt3593_rf_setup(sc); 6089 else if (sc->mac_ver >= 0x3070) 6090 run_rt3070_rf_setup(sc); 6091 6092 /* select default channel */ 6093 run_set_chan(sc, ic->ic_curchan); 6094 6095 /* setup initial protection mode */ 6096 run_updateprot_cb(ic); 6097 6098 /* turn radio LED on */ 6099 run_set_leds(sc, RT2860_LED_RADIO); 6100 6101 sc->sc_flags |= RUN_RUNNING; 6102 sc->cmdq_run = RUN_CMDQ_GO; 6103 6104 for (i = 0; i != RUN_N_XFER; i++) 6105 usbd_xfer_set_stall(sc->sc_xfer[i]); 6106 6107 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6108 6109 if (run_txrx_enable(sc) != 0) 6110 goto fail; 6111 6112 return; 6113 6114 fail: 6115 run_stop(sc); 6116 } 6117 6118 static void 6119 run_stop(void *arg) 6120 { 6121 struct run_softc *sc = (struct run_softc *)arg; 6122 uint32_t tmp; 6123 int i; 6124 int ntries; 6125 6126 RUN_LOCK_ASSERT(sc, MA_OWNED); 6127 6128 if (sc->sc_flags & RUN_RUNNING) 6129 run_set_leds(sc, 0); /* turn all LEDs off */ 6130 6131 sc->sc_flags &= ~RUN_RUNNING; 6132 6133 sc->ratectl_run = RUN_RATECTL_OFF; 6134 sc->cmdq_run = sc->cmdq_key_set; 6135 6136 RUN_UNLOCK(sc); 6137 6138 for(i = 0; i < RUN_N_XFER; i++) 6139 usbd_transfer_drain(sc->sc_xfer[i]); 6140 6141 RUN_LOCK(sc); 6142 6143 if (sc->rx_m != NULL) { 6144 m_free(sc->rx_m); 6145 sc->rx_m = NULL; 6146 } 6147 6148 /* Disable Tx/Rx DMA. */ 6149 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6150 return; 6151 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6152 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6153 6154 for (ntries = 0; ntries < 100; ntries++) { 6155 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6156 return; 6157 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6158 break; 6159 run_delay(sc, 10); 6160 } 6161 if (ntries == 100) { 6162 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6163 return; 6164 } 6165 6166 /* disable Tx/Rx */ 6167 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6168 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6169 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6170 6171 /* wait for pending Tx to complete */ 6172 for (ntries = 0; ntries < 100; ntries++) { 6173 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6174 DPRINTF("Cannot read Tx queue count\n"); 6175 break; 6176 } 6177 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6178 DPRINTF("All Tx cleared\n"); 6179 break; 6180 } 6181 run_delay(sc, 10); 6182 } 6183 if (ntries >= 100) 6184 DPRINTF("There are still pending Tx\n"); 6185 run_delay(sc, 10); 6186 run_write(sc, RT2860_USB_DMA_CFG, 0); 6187 6188 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6189 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6190 6191 for (i = 0; i != RUN_EP_QUEUES; i++) 6192 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6193 } 6194 6195 static void 6196 run_delay(struct run_softc *sc, u_int ms) 6197 { 6198 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6199 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6200 } 6201 6202 static device_method_t run_methods[] = { 6203 /* Device interface */ 6204 DEVMETHOD(device_probe, run_match), 6205 DEVMETHOD(device_attach, run_attach), 6206 DEVMETHOD(device_detach, run_detach), 6207 DEVMETHOD_END 6208 }; 6209 6210 static driver_t run_driver = { 6211 .name = "run", 6212 .methods = run_methods, 6213 .size = sizeof(struct run_softc) 6214 }; 6215 6216 static devclass_t run_devclass; 6217 6218 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6219 MODULE_DEPEND(run, wlan, 1, 1, 1); 6220 MODULE_DEPEND(run, usb, 1, 1, 1); 6221 MODULE_DEPEND(run, firmware, 1, 1, 1); 6222 MODULE_VERSION(run, 1); 6223