1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) \ 92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 93 94 /* 95 * Because of LOR in run_key_delete(), use atomic instead. 96 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 97 */ 98 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 99 100 static const STRUCT_USB_HOST_ID run_devs[] = { 101 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 102 #define RUN_DEV_EJECT(v,p) \ 103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, 0) } 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USB_N53), 143 RUN_DEV(ASUS2, USBN11), 144 RUN_DEV(AZUREWAVE, RT2870_1), 145 RUN_DEV(AZUREWAVE, RT2870_2), 146 RUN_DEV(AZUREWAVE, RT3070_1), 147 RUN_DEV(AZUREWAVE, RT3070_2), 148 RUN_DEV(AZUREWAVE, RT3070_3), 149 RUN_DEV(BELKIN, F5D8053V3), 150 RUN_DEV(BELKIN, F5D8055), 151 RUN_DEV(BELKIN, F5D8055V2), 152 RUN_DEV(BELKIN, F6D4050V1), 153 RUN_DEV(BELKIN, F6D4050V2), 154 RUN_DEV(BELKIN, RT2870_1), 155 RUN_DEV(BELKIN, RT2870_2), 156 RUN_DEV(CISCOLINKSYS, AE1000), 157 RUN_DEV(CISCOLINKSYS2, RT3070), 158 RUN_DEV(CISCOLINKSYS3, RT3070), 159 RUN_DEV(CONCEPTRONIC2, RT2870_1), 160 RUN_DEV(CONCEPTRONIC2, RT2870_2), 161 RUN_DEV(CONCEPTRONIC2, RT2870_3), 162 RUN_DEV(CONCEPTRONIC2, RT2870_4), 163 RUN_DEV(CONCEPTRONIC2, RT2870_5), 164 RUN_DEV(CONCEPTRONIC2, RT2870_6), 165 RUN_DEV(CONCEPTRONIC2, RT2870_7), 166 RUN_DEV(CONCEPTRONIC2, RT2870_8), 167 RUN_DEV(CONCEPTRONIC2, RT3070_1), 168 RUN_DEV(CONCEPTRONIC2, RT3070_2), 169 RUN_DEV(CONCEPTRONIC2, VIGORN61), 170 RUN_DEV(COREGA, CGWLUSB300GNM), 171 RUN_DEV(COREGA, RT2870_1), 172 RUN_DEV(COREGA, RT2870_2), 173 RUN_DEV(COREGA, RT2870_3), 174 RUN_DEV(COREGA, RT3070), 175 RUN_DEV(CYBERTAN, RT2870), 176 RUN_DEV(DLINK, RT2870), 177 RUN_DEV(DLINK, RT3072), 178 RUN_DEV(DLINK, DWA127), 179 RUN_DEV(DLINK, DWA140B3), 180 RUN_DEV(DLINK, DWA160B2), 181 RUN_DEV(DLINK, DWA140D1), 182 RUN_DEV(DLINK2, DWA130), 183 RUN_DEV(DLINK2, RT2870_1), 184 RUN_DEV(DLINK2, RT2870_2), 185 RUN_DEV(DLINK2, RT3070_1), 186 RUN_DEV(DLINK2, RT3070_2), 187 RUN_DEV(DLINK2, RT3070_3), 188 RUN_DEV(DLINK2, RT3070_4), 189 RUN_DEV(DLINK2, RT3070_5), 190 RUN_DEV(DLINK2, RT3072), 191 RUN_DEV(DLINK2, RT3072_1), 192 RUN_DEV(EDIMAX, EW7717), 193 RUN_DEV(EDIMAX, EW7718), 194 RUN_DEV(EDIMAX, RT2870_1), 195 RUN_DEV(ENCORE, RT3070_1), 196 RUN_DEV(ENCORE, RT3070_2), 197 RUN_DEV(ENCORE, RT3070_3), 198 RUN_DEV(GIGABYTE, GNWB31N), 199 RUN_DEV(GIGABYTE, GNWB32L), 200 RUN_DEV(GIGABYTE, RT2870_1), 201 RUN_DEV(GIGASET, RT3070_1), 202 RUN_DEV(GIGASET, RT3070_2), 203 RUN_DEV(GUILLEMOT, HWNU300), 204 RUN_DEV(HAWKING, HWUN2), 205 RUN_DEV(HAWKING, RT2870_1), 206 RUN_DEV(HAWKING, RT2870_2), 207 RUN_DEV(HAWKING, RT3070), 208 RUN_DEV(IODATA, RT3072_1), 209 RUN_DEV(IODATA, RT3072_2), 210 RUN_DEV(IODATA, RT3072_3), 211 RUN_DEV(IODATA, RT3072_4), 212 RUN_DEV(LINKSYS4, RT3070), 213 RUN_DEV(LINKSYS4, WUSB100), 214 RUN_DEV(LINKSYS4, WUSB54GCV3), 215 RUN_DEV(LINKSYS4, WUSB600N), 216 RUN_DEV(LINKSYS4, WUSB600NV2), 217 RUN_DEV(LOGITEC, RT2870_1), 218 RUN_DEV(LOGITEC, RT2870_2), 219 RUN_DEV(LOGITEC, RT2870_3), 220 RUN_DEV(LOGITEC, LANW300NU2), 221 RUN_DEV(LOGITEC, LANW150NU2), 222 RUN_DEV(LOGITEC, LANW300NU2S), 223 RUN_DEV(MELCO, RT2870_1), 224 RUN_DEV(MELCO, RT2870_2), 225 RUN_DEV(MELCO, WLIUCAG300N), 226 RUN_DEV(MELCO, WLIUCG300N), 227 RUN_DEV(MELCO, WLIUCG301N), 228 RUN_DEV(MELCO, WLIUCGN), 229 RUN_DEV(MELCO, WLIUCGNM), 230 RUN_DEV(MELCO, WLIUCGNM2), 231 RUN_DEV(MOTOROLA4, RT2770), 232 RUN_DEV(MOTOROLA4, RT3070), 233 RUN_DEV(MSI, RT3070_1), 234 RUN_DEV(MSI, RT3070_2), 235 RUN_DEV(MSI, RT3070_3), 236 RUN_DEV(MSI, RT3070_4), 237 RUN_DEV(MSI, RT3070_5), 238 RUN_DEV(MSI, RT3070_6), 239 RUN_DEV(MSI, RT3070_7), 240 RUN_DEV(MSI, RT3070_8), 241 RUN_DEV(MSI, RT3070_9), 242 RUN_DEV(MSI, RT3070_10), 243 RUN_DEV(MSI, RT3070_11), 244 RUN_DEV(OVISLINK, RT3072), 245 RUN_DEV(PARA, RT3070), 246 RUN_DEV(PEGATRON, RT2870), 247 RUN_DEV(PEGATRON, RT3070), 248 RUN_DEV(PEGATRON, RT3070_2), 249 RUN_DEV(PEGATRON, RT3070_3), 250 RUN_DEV(PHILIPS, RT2870), 251 RUN_DEV(PLANEX2, GWUS300MINIS), 252 RUN_DEV(PLANEX2, GWUSMICRON), 253 RUN_DEV(PLANEX2, RT2870), 254 RUN_DEV(PLANEX2, RT3070), 255 RUN_DEV(QCOM, RT2870), 256 RUN_DEV(QUANTA, RT3070), 257 RUN_DEV(RALINK, RT2070), 258 RUN_DEV(RALINK, RT2770), 259 RUN_DEV(RALINK, RT2870), 260 RUN_DEV(RALINK, RT3070), 261 RUN_DEV(RALINK, RT3071), 262 RUN_DEV(RALINK, RT3072), 263 RUN_DEV(RALINK, RT3370), 264 RUN_DEV(RALINK, RT3572), 265 RUN_DEV(RALINK, RT5370), 266 RUN_DEV(RALINK, RT5572), 267 RUN_DEV(RALINK, RT8070), 268 RUN_DEV(SAMSUNG, WIS09ABGN), 269 RUN_DEV(SAMSUNG2, RT2870_1), 270 RUN_DEV(SENAO, RT2870_1), 271 RUN_DEV(SENAO, RT2870_2), 272 RUN_DEV(SENAO, RT2870_3), 273 RUN_DEV(SENAO, RT2870_4), 274 RUN_DEV(SENAO, RT3070), 275 RUN_DEV(SENAO, RT3071), 276 RUN_DEV(SENAO, RT3072_1), 277 RUN_DEV(SENAO, RT3072_2), 278 RUN_DEV(SENAO, RT3072_3), 279 RUN_DEV(SENAO, RT3072_4), 280 RUN_DEV(SENAO, RT3072_5), 281 RUN_DEV(SITECOMEU, RT2770), 282 RUN_DEV(SITECOMEU, RT2870_1), 283 RUN_DEV(SITECOMEU, RT2870_2), 284 RUN_DEV(SITECOMEU, RT2870_3), 285 RUN_DEV(SITECOMEU, RT2870_4), 286 RUN_DEV(SITECOMEU, RT3070), 287 RUN_DEV(SITECOMEU, RT3070_2), 288 RUN_DEV(SITECOMEU, RT3070_3), 289 RUN_DEV(SITECOMEU, RT3070_4), 290 RUN_DEV(SITECOMEU, RT3071), 291 RUN_DEV(SITECOMEU, RT3072_1), 292 RUN_DEV(SITECOMEU, RT3072_2), 293 RUN_DEV(SITECOMEU, RT3072_3), 294 RUN_DEV(SITECOMEU, RT3072_4), 295 RUN_DEV(SITECOMEU, RT3072_5), 296 RUN_DEV(SITECOMEU, RT3072_6), 297 RUN_DEV(SITECOMEU, WL608), 298 RUN_DEV(SPARKLAN, RT2870_1), 299 RUN_DEV(SPARKLAN, RT3070), 300 RUN_DEV(SWEEX2, LW153), 301 RUN_DEV(SWEEX2, LW303), 302 RUN_DEV(SWEEX2, LW313), 303 RUN_DEV(TOSHIBA, RT3070), 304 RUN_DEV(UMEDIA, RT2870_1), 305 RUN_DEV(ZCOM, RT2870_1), 306 RUN_DEV(ZCOM, RT2870_2), 307 RUN_DEV(ZINWELL, RT2870_1), 308 RUN_DEV(ZINWELL, RT2870_2), 309 RUN_DEV(ZINWELL, RT3070), 310 RUN_DEV(ZINWELL, RT3072_1), 311 RUN_DEV(ZINWELL, RT3072_2), 312 RUN_DEV(ZYXEL, RT2870_1), 313 RUN_DEV(ZYXEL, RT2870_2), 314 RUN_DEV_EJECT(RALINK, RT_STOR), 315 #undef RUN_DEV_EJECT 316 #undef RUN_DEV 317 }; 318 319 static device_probe_t run_match; 320 static device_attach_t run_attach; 321 static device_detach_t run_detach; 322 323 static usb_callback_t run_bulk_rx_callback; 324 static usb_callback_t run_bulk_tx_callback0; 325 static usb_callback_t run_bulk_tx_callback1; 326 static usb_callback_t run_bulk_tx_callback2; 327 static usb_callback_t run_bulk_tx_callback3; 328 static usb_callback_t run_bulk_tx_callback4; 329 static usb_callback_t run_bulk_tx_callback5; 330 331 static void run_autoinst(void *, struct usb_device *, 332 struct usb_attach_arg *); 333 static int run_driver_loaded(struct module *, int, void *); 334 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 335 usb_error_t error, u_int index); 336 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 337 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 338 const uint8_t [IEEE80211_ADDR_LEN], 339 const uint8_t [IEEE80211_ADDR_LEN]); 340 static void run_vap_delete(struct ieee80211vap *); 341 static void run_cmdq_cb(void *, int); 342 static void run_setup_tx_list(struct run_softc *, 343 struct run_endpoint_queue *); 344 static void run_unsetup_tx_list(struct run_softc *, 345 struct run_endpoint_queue *); 346 static int run_load_microcode(struct run_softc *); 347 static int run_reset(struct run_softc *); 348 static usb_error_t run_do_request(struct run_softc *, 349 struct usb_device_request *, void *); 350 static int run_read(struct run_softc *, uint16_t, uint32_t *); 351 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 352 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 353 static int run_write(struct run_softc *, uint16_t, uint32_t); 354 static int run_write_region_1(struct run_softc *, uint16_t, 355 const uint8_t *, int); 356 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 357 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 358 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 359 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 360 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 361 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 362 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 363 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 364 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 365 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 366 static const char *run_get_rf(uint16_t); 367 static int run_read_eeprom(struct run_softc *); 368 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 369 const uint8_t mac[IEEE80211_ADDR_LEN]); 370 static int run_media_change(struct ifnet *); 371 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 372 static int run_wme_update(struct ieee80211com *); 373 static void run_wme_update_cb(void *); 374 static void run_key_update_begin(struct ieee80211vap *); 375 static void run_key_update_end(struct ieee80211vap *); 376 static void run_key_set_cb(void *); 377 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 378 const uint8_t mac[IEEE80211_ADDR_LEN]); 379 static void run_key_delete_cb(void *); 380 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 381 static void run_ratectl_to(void *); 382 static void run_ratectl_cb(void *, int); 383 static void run_drain_fifo(void *); 384 static void run_iter_func(void *, struct ieee80211_node *); 385 static void run_newassoc_cb(void *); 386 static void run_newassoc(struct ieee80211_node *, int); 387 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 388 static void run_tx_free(struct run_endpoint_queue *pq, 389 struct run_tx_data *, int); 390 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 391 static int run_tx(struct run_softc *, struct mbuf *, 392 struct ieee80211_node *); 393 static int run_tx_mgt(struct run_softc *, struct mbuf *, 394 struct ieee80211_node *); 395 static int run_sendprot(struct run_softc *, const struct mbuf *, 396 struct ieee80211_node *, int, int); 397 static int run_tx_param(struct run_softc *, struct mbuf *, 398 struct ieee80211_node *, 399 const struct ieee80211_bpf_params *); 400 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 401 const struct ieee80211_bpf_params *); 402 static void run_start(struct ifnet *); 403 static int run_ioctl(struct ifnet *, u_long, caddr_t); 404 static void run_iq_calib(struct run_softc *, u_int); 405 static void run_set_agc(struct run_softc *, uint8_t); 406 static void run_select_chan_group(struct run_softc *, int); 407 static void run_set_rx_antenna(struct run_softc *, int); 408 static void run_rt2870_set_chan(struct run_softc *, u_int); 409 static void run_rt3070_set_chan(struct run_softc *, u_int); 410 static void run_rt3572_set_chan(struct run_softc *, u_int); 411 static void run_rt5390_set_chan(struct run_softc *, u_int); 412 static void run_rt5592_set_chan(struct run_softc *, u_int); 413 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 414 static void run_set_channel(struct ieee80211com *); 415 static void run_scan_start(struct ieee80211com *); 416 static void run_scan_end(struct ieee80211com *); 417 static void run_update_beacon(struct ieee80211vap *, int); 418 static void run_update_beacon_cb(void *); 419 static void run_updateprot(struct ieee80211com *); 420 static void run_updateprot_cb(void *); 421 static void run_usb_timeout_cb(void *); 422 static void run_reset_livelock(struct run_softc *); 423 static void run_enable_tsf_sync(struct run_softc *); 424 static void run_enable_mrr(struct run_softc *); 425 static void run_set_txpreamble(struct run_softc *); 426 static void run_set_basicrates(struct run_softc *); 427 static void run_set_leds(struct run_softc *, uint16_t); 428 static void run_set_bssid(struct run_softc *, const uint8_t *); 429 static void run_set_macaddr(struct run_softc *, const uint8_t *); 430 static void run_updateslot(struct ifnet *); 431 static void run_updateslot_cb(void *); 432 static void run_update_mcast(struct ifnet *); 433 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 434 static void run_update_promisc_locked(struct ifnet *); 435 static void run_update_promisc(struct ifnet *); 436 static void run_rt5390_bbp_init(struct run_softc *); 437 static int run_bbp_init(struct run_softc *); 438 static int run_rt3070_rf_init(struct run_softc *); 439 static void run_rt5390_rf_init(struct run_softc *); 440 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 441 uint8_t *); 442 static void run_rt3070_rf_setup(struct run_softc *); 443 static int run_txrx_enable(struct run_softc *); 444 static void run_adjust_freq_offset(struct run_softc *); 445 static void run_init(void *); 446 static void run_init_locked(struct run_softc *); 447 static void run_stop(void *); 448 static void run_delay(struct run_softc *, u_int); 449 450 static eventhandler_tag run_etag; 451 452 static const struct rt2860_rate { 453 uint8_t rate; 454 uint8_t mcs; 455 enum ieee80211_phytype phy; 456 uint8_t ctl_ridx; 457 uint16_t sp_ack_dur; 458 uint16_t lp_ack_dur; 459 } rt2860_rates[] = { 460 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 461 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 462 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 463 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 464 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 465 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 466 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 467 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 468 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 469 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 470 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 471 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 472 }; 473 474 static const struct { 475 uint16_t reg; 476 uint32_t val; 477 } rt2870_def_mac[] = { 478 RT2870_DEF_MAC 479 }; 480 481 static const struct { 482 uint8_t reg; 483 uint8_t val; 484 } rt2860_def_bbp[] = { 485 RT2860_DEF_BBP 486 },rt5390_def_bbp[] = { 487 RT5390_DEF_BBP 488 },rt5592_def_bbp[] = { 489 RT5592_DEF_BBP 490 }; 491 492 /* 493 * Default values for BBP register R196 for RT5592. 494 */ 495 static const uint8_t rt5592_bbp_r196[] = { 496 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 497 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 498 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 499 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 500 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 501 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 502 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 503 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 504 0x2e, 0x36, 0x30, 0x6e 505 }; 506 507 static const struct rfprog { 508 uint8_t chan; 509 uint32_t r1, r2, r3, r4; 510 } rt2860_rf2850[] = { 511 RT2860_RF2850 512 }; 513 514 struct { 515 uint8_t n, r, k; 516 } rt3070_freqs[] = { 517 RT3070_RF3052 518 }; 519 520 static const struct rt5592_freqs { 521 uint16_t n; 522 uint8_t k, m, r; 523 } rt5592_freqs_20mhz[] = { 524 RT5592_RF5592_20MHZ 525 },rt5592_freqs_40mhz[] = { 526 RT5592_RF5592_40MHZ 527 }; 528 529 static const struct { 530 uint8_t reg; 531 uint8_t val; 532 } rt3070_def_rf[] = { 533 RT3070_DEF_RF 534 },rt3572_def_rf[] = { 535 RT3572_DEF_RF 536 },rt5390_def_rf[] = { 537 RT5390_DEF_RF 538 },rt5392_def_rf[] = { 539 RT5392_DEF_RF 540 },rt5592_def_rf[] = { 541 RT5592_DEF_RF 542 },rt5592_2ghz_def_rf[] = { 543 RT5592_2GHZ_DEF_RF 544 },rt5592_5ghz_def_rf[] = { 545 RT5592_5GHZ_DEF_RF 546 }; 547 548 static const struct { 549 u_int firstchan; 550 u_int lastchan; 551 uint8_t reg; 552 uint8_t val; 553 } rt5592_chan_5ghz[] = { 554 RT5592_CHAN_5GHZ 555 }; 556 557 static const struct usb_config run_config[RUN_N_XFER] = { 558 [RUN_BULK_TX_BE] = { 559 .type = UE_BULK, 560 .endpoint = UE_ADDR_ANY, 561 .ep_index = 0, 562 .direction = UE_DIR_OUT, 563 .bufsize = RUN_MAX_TXSZ, 564 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 565 .callback = run_bulk_tx_callback0, 566 .timeout = 5000, /* ms */ 567 }, 568 [RUN_BULK_TX_BK] = { 569 .type = UE_BULK, 570 .endpoint = UE_ADDR_ANY, 571 .direction = UE_DIR_OUT, 572 .ep_index = 1, 573 .bufsize = RUN_MAX_TXSZ, 574 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 575 .callback = run_bulk_tx_callback1, 576 .timeout = 5000, /* ms */ 577 }, 578 [RUN_BULK_TX_VI] = { 579 .type = UE_BULK, 580 .endpoint = UE_ADDR_ANY, 581 .direction = UE_DIR_OUT, 582 .ep_index = 2, 583 .bufsize = RUN_MAX_TXSZ, 584 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 585 .callback = run_bulk_tx_callback2, 586 .timeout = 5000, /* ms */ 587 }, 588 [RUN_BULK_TX_VO] = { 589 .type = UE_BULK, 590 .endpoint = UE_ADDR_ANY, 591 .direction = UE_DIR_OUT, 592 .ep_index = 3, 593 .bufsize = RUN_MAX_TXSZ, 594 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 595 .callback = run_bulk_tx_callback3, 596 .timeout = 5000, /* ms */ 597 }, 598 [RUN_BULK_TX_HCCA] = { 599 .type = UE_BULK, 600 .endpoint = UE_ADDR_ANY, 601 .direction = UE_DIR_OUT, 602 .ep_index = 4, 603 .bufsize = RUN_MAX_TXSZ, 604 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 605 .callback = run_bulk_tx_callback4, 606 .timeout = 5000, /* ms */ 607 }, 608 [RUN_BULK_TX_PRIO] = { 609 .type = UE_BULK, 610 .endpoint = UE_ADDR_ANY, 611 .direction = UE_DIR_OUT, 612 .ep_index = 5, 613 .bufsize = RUN_MAX_TXSZ, 614 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 615 .callback = run_bulk_tx_callback5, 616 .timeout = 5000, /* ms */ 617 }, 618 [RUN_BULK_RX] = { 619 .type = UE_BULK, 620 .endpoint = UE_ADDR_ANY, 621 .direction = UE_DIR_IN, 622 .bufsize = RUN_MAX_RXSZ, 623 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 624 .callback = run_bulk_rx_callback, 625 } 626 }; 627 628 static void 629 run_autoinst(void *arg, struct usb_device *udev, 630 struct usb_attach_arg *uaa) 631 { 632 struct usb_interface *iface; 633 struct usb_interface_descriptor *id; 634 635 if (uaa->dev_state != UAA_DEV_READY) 636 return; 637 638 iface = usbd_get_iface(udev, 0); 639 if (iface == NULL) 640 return; 641 id = iface->idesc; 642 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 643 return; 644 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 645 return; 646 647 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 648 uaa->dev_state = UAA_DEV_EJECTING; 649 } 650 651 static int 652 run_driver_loaded(struct module *mod, int what, void *arg) 653 { 654 switch (what) { 655 case MOD_LOAD: 656 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 657 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 658 break; 659 case MOD_UNLOAD: 660 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 661 break; 662 default: 663 return (EOPNOTSUPP); 664 } 665 return (0); 666 } 667 668 static int 669 run_match(device_t self) 670 { 671 struct usb_attach_arg *uaa = device_get_ivars(self); 672 673 if (uaa->usb_mode != USB_MODE_HOST) 674 return (ENXIO); 675 if (uaa->info.bConfigIndex != 0) 676 return (ENXIO); 677 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 678 return (ENXIO); 679 680 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 681 } 682 683 static int 684 run_attach(device_t self) 685 { 686 struct run_softc *sc = device_get_softc(self); 687 struct usb_attach_arg *uaa = device_get_ivars(self); 688 struct ieee80211com *ic; 689 struct ifnet *ifp; 690 uint32_t ver; 691 int ntries, error; 692 uint8_t iface_index, bands; 693 694 device_set_usb_desc(self); 695 sc->sc_udev = uaa->device; 696 sc->sc_dev = self; 697 698 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 699 MTX_NETWORK_LOCK, MTX_DEF); 700 701 iface_index = RT2860_IFACE_INDEX; 702 703 error = usbd_transfer_setup(uaa->device, &iface_index, 704 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 705 if (error) { 706 device_printf(self, "could not allocate USB transfers, " 707 "err=%s\n", usbd_errstr(error)); 708 goto detach; 709 } 710 711 RUN_LOCK(sc); 712 713 /* wait for the chip to settle */ 714 for (ntries = 0; ntries < 100; ntries++) { 715 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 716 RUN_UNLOCK(sc); 717 goto detach; 718 } 719 if (ver != 0 && ver != 0xffffffff) 720 break; 721 run_delay(sc, 10); 722 } 723 if (ntries == 100) { 724 device_printf(sc->sc_dev, 725 "timeout waiting for NIC to initialize\n"); 726 RUN_UNLOCK(sc); 727 goto detach; 728 } 729 sc->mac_ver = ver >> 16; 730 sc->mac_rev = ver & 0xffff; 731 732 /* retrieve RF rev. no and various other things from EEPROM */ 733 run_read_eeprom(sc); 734 735 device_printf(sc->sc_dev, 736 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 737 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 738 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 739 740 RUN_UNLOCK(sc); 741 742 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 743 if (ifp == NULL) { 744 device_printf(sc->sc_dev, "can not if_alloc()\n"); 745 goto detach; 746 } 747 ic = ifp->if_l2com; 748 749 ifp->if_softc = sc; 750 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 751 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 752 ifp->if_init = run_init; 753 ifp->if_ioctl = run_ioctl; 754 ifp->if_start = run_start; 755 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 756 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 757 IFQ_SET_READY(&ifp->if_snd); 758 759 ic->ic_ifp = ifp; 760 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 761 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 762 763 /* set device capabilities */ 764 ic->ic_caps = 765 IEEE80211_C_STA | /* station mode supported */ 766 IEEE80211_C_MONITOR | /* monitor mode supported */ 767 IEEE80211_C_IBSS | 768 IEEE80211_C_HOSTAP | 769 IEEE80211_C_WDS | /* 4-address traffic works */ 770 IEEE80211_C_MBSS | 771 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 772 IEEE80211_C_SHSLOT | /* short slot time supported */ 773 IEEE80211_C_WME | /* WME */ 774 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 775 776 ic->ic_cryptocaps = 777 IEEE80211_CRYPTO_WEP | 778 IEEE80211_CRYPTO_AES_CCM | 779 IEEE80211_CRYPTO_TKIPMIC | 780 IEEE80211_CRYPTO_TKIP; 781 782 ic->ic_flags |= IEEE80211_F_DATAPAD; 783 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 784 785 bands = 0; 786 setbit(&bands, IEEE80211_MODE_11B); 787 setbit(&bands, IEEE80211_MODE_11G); 788 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 789 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT5592_RF_5592) 790 setbit(&bands, IEEE80211_MODE_11A); 791 ieee80211_init_channels(ic, NULL, &bands); 792 793 ieee80211_ifattach(ic, sc->sc_bssid); 794 795 ic->ic_scan_start = run_scan_start; 796 ic->ic_scan_end = run_scan_end; 797 ic->ic_set_channel = run_set_channel; 798 ic->ic_node_alloc = run_node_alloc; 799 ic->ic_newassoc = run_newassoc; 800 ic->ic_updateslot = run_updateslot; 801 ic->ic_update_mcast = run_update_mcast; 802 ic->ic_wme.wme_update = run_wme_update; 803 ic->ic_raw_xmit = run_raw_xmit; 804 ic->ic_update_promisc = run_update_promisc; 805 806 ic->ic_vap_create = run_vap_create; 807 ic->ic_vap_delete = run_vap_delete; 808 809 ieee80211_radiotap_attach(ic, 810 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 811 RUN_TX_RADIOTAP_PRESENT, 812 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 813 RUN_RX_RADIOTAP_PRESENT); 814 815 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 816 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 817 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 818 819 if (bootverbose) 820 ieee80211_announce(ic); 821 822 return (0); 823 824 detach: 825 run_detach(self); 826 return (ENXIO); 827 } 828 829 static int 830 run_detach(device_t self) 831 { 832 struct run_softc *sc = device_get_softc(self); 833 struct ifnet *ifp = sc->sc_ifp; 834 struct ieee80211com *ic; 835 int i; 836 837 RUN_LOCK(sc); 838 sc->sc_detached = 1; 839 RUN_UNLOCK(sc); 840 841 /* stop all USB transfers */ 842 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 843 844 RUN_LOCK(sc); 845 sc->ratectl_run = RUN_RATECTL_OFF; 846 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 847 848 /* free TX list, if any */ 849 for (i = 0; i != RUN_EP_QUEUES; i++) 850 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 851 RUN_UNLOCK(sc); 852 853 if (ifp) { 854 ic = ifp->if_l2com; 855 /* drain tasks */ 856 usb_callout_drain(&sc->ratectl_ch); 857 ieee80211_draintask(ic, &sc->cmdq_task); 858 ieee80211_draintask(ic, &sc->ratectl_task); 859 ieee80211_ifdetach(ic); 860 if_free(ifp); 861 } 862 863 mtx_destroy(&sc->sc_mtx); 864 865 return (0); 866 } 867 868 static struct ieee80211vap * 869 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 870 enum ieee80211_opmode opmode, int flags, 871 const uint8_t bssid[IEEE80211_ADDR_LEN], 872 const uint8_t mac[IEEE80211_ADDR_LEN]) 873 { 874 struct ifnet *ifp = ic->ic_ifp; 875 struct run_softc *sc = ifp->if_softc; 876 struct run_vap *rvp; 877 struct ieee80211vap *vap; 878 int i; 879 880 if (sc->rvp_cnt >= RUN_VAP_MAX) { 881 if_printf(ifp, "number of VAPs maxed out\n"); 882 return (NULL); 883 } 884 885 switch (opmode) { 886 case IEEE80211_M_STA: 887 /* enable s/w bmiss handling for sta mode */ 888 flags |= IEEE80211_CLONE_NOBEACONS; 889 /* fall though */ 890 case IEEE80211_M_IBSS: 891 case IEEE80211_M_MONITOR: 892 case IEEE80211_M_HOSTAP: 893 case IEEE80211_M_MBSS: 894 /* other than WDS vaps, only one at a time */ 895 if (!TAILQ_EMPTY(&ic->ic_vaps)) 896 return (NULL); 897 break; 898 case IEEE80211_M_WDS: 899 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 900 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 901 continue; 902 /* WDS vap's always share the local mac address. */ 903 flags &= ~IEEE80211_CLONE_BSSID; 904 break; 905 } 906 if (vap == NULL) { 907 if_printf(ifp, "wds only supported in ap mode\n"); 908 return (NULL); 909 } 910 break; 911 default: 912 if_printf(ifp, "unknown opmode %d\n", opmode); 913 return (NULL); 914 } 915 916 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 917 M_80211_VAP, M_NOWAIT | M_ZERO); 918 if (rvp == NULL) 919 return (NULL); 920 vap = &rvp->vap; 921 922 if (ieee80211_vap_setup(ic, vap, name, unit, 923 opmode, flags, bssid, mac) != 0) { 924 /* out of memory */ 925 free(rvp, M_80211_VAP); 926 return (NULL); 927 } 928 929 vap->iv_key_update_begin = run_key_update_begin; 930 vap->iv_key_update_end = run_key_update_end; 931 vap->iv_update_beacon = run_update_beacon; 932 vap->iv_max_aid = RT2870_WCID_MAX; 933 /* 934 * To delete the right key from h/w, we need wcid. 935 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 936 * and matching wcid will be written into there. So, cast 937 * some spells to remove 'const' from ieee80211_key{} 938 */ 939 vap->iv_key_delete = (void *)run_key_delete; 940 vap->iv_key_set = (void *)run_key_set; 941 942 /* override state transition machine */ 943 rvp->newstate = vap->iv_newstate; 944 vap->iv_newstate = run_newstate; 945 946 ieee80211_ratectl_init(vap); 947 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 948 949 /* complete setup */ 950 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 951 952 /* make sure id is always unique */ 953 for (i = 0; i < RUN_VAP_MAX; i++) { 954 if((sc->rvp_bmap & 1 << i) == 0){ 955 sc->rvp_bmap |= 1 << i; 956 rvp->rvp_id = i; 957 break; 958 } 959 } 960 if (sc->rvp_cnt++ == 0) 961 ic->ic_opmode = opmode; 962 963 if (opmode == IEEE80211_M_HOSTAP) 964 sc->cmdq_run = RUN_CMDQ_GO; 965 966 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 967 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 968 969 return (vap); 970 } 971 972 static void 973 run_vap_delete(struct ieee80211vap *vap) 974 { 975 struct run_vap *rvp = RUN_VAP(vap); 976 struct ifnet *ifp; 977 struct ieee80211com *ic; 978 struct run_softc *sc; 979 uint8_t rvp_id; 980 981 if (vap == NULL) 982 return; 983 984 ic = vap->iv_ic; 985 ifp = ic->ic_ifp; 986 987 sc = ifp->if_softc; 988 989 RUN_LOCK(sc); 990 991 m_freem(rvp->beacon_mbuf); 992 rvp->beacon_mbuf = NULL; 993 994 rvp_id = rvp->rvp_id; 995 sc->ratectl_run &= ~(1 << rvp_id); 996 sc->rvp_bmap &= ~(1 << rvp_id); 997 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 998 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 999 --sc->rvp_cnt; 1000 1001 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1002 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1003 1004 RUN_UNLOCK(sc); 1005 1006 ieee80211_ratectl_deinit(vap); 1007 ieee80211_vap_detach(vap); 1008 free(rvp, M_80211_VAP); 1009 } 1010 1011 /* 1012 * There are numbers of functions need to be called in context thread. 1013 * Rather than creating taskqueue event for each of those functions, 1014 * here is all-for-one taskqueue callback function. This function 1015 * gurantees deferred functions are executed in the same order they 1016 * were enqueued. 1017 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1018 */ 1019 static void 1020 run_cmdq_cb(void *arg, int pending) 1021 { 1022 struct run_softc *sc = arg; 1023 uint8_t i; 1024 1025 /* call cmdq[].func locked */ 1026 RUN_LOCK(sc); 1027 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1028 i = sc->cmdq_exec, pending--) { 1029 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1030 if (sc->cmdq_run == RUN_CMDQ_GO) { 1031 /* 1032 * If arg0 is NULL, callback func needs more 1033 * than one arg. So, pass ptr to cmdq struct. 1034 */ 1035 if (sc->cmdq[i].arg0) 1036 sc->cmdq[i].func(sc->cmdq[i].arg0); 1037 else 1038 sc->cmdq[i].func(&sc->cmdq[i]); 1039 } 1040 sc->cmdq[i].arg0 = NULL; 1041 sc->cmdq[i].func = NULL; 1042 sc->cmdq_exec++; 1043 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1044 } 1045 RUN_UNLOCK(sc); 1046 } 1047 1048 static void 1049 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1050 { 1051 struct run_tx_data *data; 1052 1053 memset(pq, 0, sizeof(*pq)); 1054 1055 STAILQ_INIT(&pq->tx_qh); 1056 STAILQ_INIT(&pq->tx_fh); 1057 1058 for (data = &pq->tx_data[0]; 1059 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1060 data->sc = sc; 1061 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1062 } 1063 pq->tx_nfree = RUN_TX_RING_COUNT; 1064 } 1065 1066 static void 1067 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1068 { 1069 struct run_tx_data *data; 1070 1071 /* make sure any subsequent use of the queues will fail */ 1072 pq->tx_nfree = 0; 1073 STAILQ_INIT(&pq->tx_fh); 1074 STAILQ_INIT(&pq->tx_qh); 1075 1076 /* free up all node references and mbufs */ 1077 for (data = &pq->tx_data[0]; 1078 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1079 if (data->m != NULL) { 1080 m_freem(data->m); 1081 data->m = NULL; 1082 } 1083 if (data->ni != NULL) { 1084 ieee80211_free_node(data->ni); 1085 data->ni = NULL; 1086 } 1087 } 1088 } 1089 1090 static int 1091 run_load_microcode(struct run_softc *sc) 1092 { 1093 usb_device_request_t req; 1094 const struct firmware *fw; 1095 const u_char *base; 1096 uint32_t tmp; 1097 int ntries, error; 1098 const uint64_t *temp; 1099 uint64_t bytes; 1100 1101 RUN_UNLOCK(sc); 1102 fw = firmware_get("runfw"); 1103 RUN_LOCK(sc); 1104 if (fw == NULL) { 1105 device_printf(sc->sc_dev, 1106 "failed loadfirmware of file %s\n", "runfw"); 1107 return ENOENT; 1108 } 1109 1110 if (fw->datasize != 8192) { 1111 device_printf(sc->sc_dev, 1112 "invalid firmware size (should be 8KB)\n"); 1113 error = EINVAL; 1114 goto fail; 1115 } 1116 1117 /* 1118 * RT3071/RT3072 use a different firmware 1119 * run-rt2870 (8KB) contains both, 1120 * first half (4KB) is for rt2870, 1121 * last half is for rt3071. 1122 */ 1123 base = fw->data; 1124 if ((sc->mac_ver) != 0x2860 && 1125 (sc->mac_ver) != 0x2872 && 1126 (sc->mac_ver) != 0x3070) { 1127 base += 4096; 1128 } 1129 1130 /* cheap sanity check */ 1131 temp = fw->data; 1132 bytes = *temp; 1133 if (bytes != be64toh(0xffffff0210280210ULL)) { 1134 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1135 error = EINVAL; 1136 goto fail; 1137 } 1138 1139 /* write microcode image */ 1140 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1141 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1142 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1143 1144 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1145 req.bRequest = RT2870_RESET; 1146 USETW(req.wValue, 8); 1147 USETW(req.wIndex, 0); 1148 USETW(req.wLength, 0); 1149 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1150 != 0) { 1151 device_printf(sc->sc_dev, "firmware reset failed\n"); 1152 goto fail; 1153 } 1154 1155 run_delay(sc, 10); 1156 1157 run_write(sc, RT2860_H2M_MAILBOX, 0); 1158 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1159 goto fail; 1160 1161 /* wait until microcontroller is ready */ 1162 for (ntries = 0; ntries < 1000; ntries++) { 1163 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1164 goto fail; 1165 } 1166 if (tmp & RT2860_MCU_READY) 1167 break; 1168 run_delay(sc, 10); 1169 } 1170 if (ntries == 1000) { 1171 device_printf(sc->sc_dev, 1172 "timeout waiting for MCU to initialize\n"); 1173 error = ETIMEDOUT; 1174 goto fail; 1175 } 1176 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1177 (base == fw->data) ? "RT2870" : "RT3071", 1178 *(base + 4092), *(base + 4093)); 1179 1180 fail: 1181 firmware_put(fw, FIRMWARE_UNLOAD); 1182 return (error); 1183 } 1184 1185 static int 1186 run_reset(struct run_softc *sc) 1187 { 1188 usb_device_request_t req; 1189 1190 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1191 req.bRequest = RT2870_RESET; 1192 USETW(req.wValue, 1); 1193 USETW(req.wIndex, 0); 1194 USETW(req.wLength, 0); 1195 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1196 } 1197 1198 static usb_error_t 1199 run_do_request(struct run_softc *sc, 1200 struct usb_device_request *req, void *data) 1201 { 1202 usb_error_t err; 1203 int ntries = 10; 1204 1205 RUN_LOCK_ASSERT(sc, MA_OWNED); 1206 1207 while (ntries--) { 1208 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1209 req, data, 0, NULL, 250 /* ms */); 1210 if (err == 0) 1211 break; 1212 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1213 usbd_errstr(err)); 1214 run_delay(sc, 10); 1215 } 1216 return (err); 1217 } 1218 1219 static int 1220 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1221 { 1222 uint32_t tmp; 1223 int error; 1224 1225 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1226 if (error == 0) 1227 *val = le32toh(tmp); 1228 else 1229 *val = 0xffffffff; 1230 return (error); 1231 } 1232 1233 static int 1234 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1235 { 1236 usb_device_request_t req; 1237 1238 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1239 req.bRequest = RT2870_READ_REGION_1; 1240 USETW(req.wValue, 0); 1241 USETW(req.wIndex, reg); 1242 USETW(req.wLength, len); 1243 1244 return (run_do_request(sc, &req, buf)); 1245 } 1246 1247 static int 1248 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1249 { 1250 usb_device_request_t req; 1251 1252 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1253 req.bRequest = RT2870_WRITE_2; 1254 USETW(req.wValue, val); 1255 USETW(req.wIndex, reg); 1256 USETW(req.wLength, 0); 1257 1258 return (run_do_request(sc, &req, NULL)); 1259 } 1260 1261 static int 1262 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1263 { 1264 int error; 1265 1266 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1267 error = run_write_2(sc, reg + 2, val >> 16); 1268 return (error); 1269 } 1270 1271 static int 1272 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1273 int len) 1274 { 1275 #if 1 1276 int i, error = 0; 1277 /* 1278 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1279 * We thus issue multiple WRITE_2 commands instead. 1280 */ 1281 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1282 for (i = 0; i < len && error == 0; i += 2) 1283 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1284 return (error); 1285 #else 1286 usb_device_request_t req; 1287 int error = 0; 1288 1289 /* 1290 * NOTE: It appears the WRITE_REGION_1 command cannot be 1291 * passed a huge amount of data, which will crash the 1292 * firmware. Limit amount of data passed to 64-bytes at a 1293 * time. 1294 */ 1295 while (len > 0) { 1296 int delta = 64; 1297 if (delta > len) 1298 delta = len; 1299 1300 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1301 req.bRequest = RT2870_WRITE_REGION_1; 1302 USETW(req.wValue, 0); 1303 USETW(req.wIndex, reg); 1304 USETW(req.wLength, delta); 1305 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1306 if (error != 0) 1307 break; 1308 reg += delta; 1309 buf += delta; 1310 len -= delta; 1311 } 1312 return (error); 1313 #endif 1314 } 1315 1316 static int 1317 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1318 { 1319 int i, error = 0; 1320 1321 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1322 for (i = 0; i < len && error == 0; i += 4) 1323 error = run_write(sc, reg + i, val); 1324 return (error); 1325 } 1326 1327 static int 1328 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1329 { 1330 uint32_t tmp; 1331 uint16_t reg; 1332 int error, ntries; 1333 1334 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1335 return (error); 1336 1337 if (count == 2) 1338 addr *= 2; 1339 /*- 1340 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1341 * DATA0: F E D C 1342 * DATA1: B A 9 8 1343 * DATA2: 7 6 5 4 1344 * DATA3: 3 2 1 0 1345 */ 1346 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1347 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1348 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1349 for (ntries = 0; ntries < 100; ntries++) { 1350 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1351 return (error); 1352 if (!(tmp & RT3070_EFSROM_KICK)) 1353 break; 1354 run_delay(sc, 2); 1355 } 1356 if (ntries == 100) 1357 return (ETIMEDOUT); 1358 1359 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1360 *val = 0xffff; /* address not found */ 1361 return (0); 1362 } 1363 /* determine to which 32-bit register our 16-bit word belongs */ 1364 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1365 if ((error = run_read(sc, reg, &tmp)) != 0) 1366 return (error); 1367 1368 if (count == 2) 1369 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1370 else { 1371 tmp >>= (8 *(addr & 0x3)); 1372 memmove(val, &tmp, sizeof(*val)); 1373 } 1374 return (0); 1375 } 1376 1377 1378 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1379 static int 1380 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1381 { 1382 return (run_efuse_read(sc, addr, val, 2)); 1383 } 1384 1385 static int 1386 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1387 { 1388 usb_device_request_t req; 1389 uint16_t tmp; 1390 int error; 1391 1392 addr *= 2; 1393 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1394 req.bRequest = RT2870_EEPROM_READ; 1395 USETW(req.wValue, 0); 1396 USETW(req.wIndex, addr); 1397 USETW(req.wLength, sizeof tmp); 1398 1399 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1400 if (error == 0) 1401 *val = le16toh(tmp); 1402 else 1403 *val = 0xffff; 1404 return (error); 1405 } 1406 1407 static __inline int 1408 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1409 { 1410 /* either eFUSE ROM or EEPROM */ 1411 return sc->sc_srom_read(sc, addr, val); 1412 } 1413 1414 static int 1415 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1416 { 1417 uint32_t tmp; 1418 int error, ntries; 1419 1420 for (ntries = 0; ntries < 10; ntries++) { 1421 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1422 return (error); 1423 if (!(tmp & RT2860_RF_REG_CTRL)) 1424 break; 1425 } 1426 if (ntries == 10) 1427 return (ETIMEDOUT); 1428 1429 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1430 } 1431 1432 static int 1433 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1434 { 1435 uint32_t tmp; 1436 int error, ntries; 1437 1438 for (ntries = 0; ntries < 100; ntries++) { 1439 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1440 return (error); 1441 if (!(tmp & RT3070_RF_KICK)) 1442 break; 1443 } 1444 if (ntries == 100) 1445 return (ETIMEDOUT); 1446 1447 tmp = RT3070_RF_KICK | reg << 8; 1448 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1449 return (error); 1450 1451 for (ntries = 0; ntries < 100; ntries++) { 1452 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1453 return (error); 1454 if (!(tmp & RT3070_RF_KICK)) 1455 break; 1456 } 1457 if (ntries == 100) 1458 return (ETIMEDOUT); 1459 1460 *val = tmp & 0xff; 1461 return (0); 1462 } 1463 1464 static int 1465 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1466 { 1467 uint32_t tmp; 1468 int error, ntries; 1469 1470 for (ntries = 0; ntries < 10; ntries++) { 1471 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1472 return (error); 1473 if (!(tmp & RT3070_RF_KICK)) 1474 break; 1475 } 1476 if (ntries == 10) 1477 return (ETIMEDOUT); 1478 1479 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1480 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1481 } 1482 1483 static int 1484 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1485 { 1486 uint32_t tmp; 1487 int ntries, error; 1488 1489 for (ntries = 0; ntries < 10; ntries++) { 1490 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1491 return (error); 1492 if (!(tmp & RT2860_BBP_CSR_KICK)) 1493 break; 1494 } 1495 if (ntries == 10) 1496 return (ETIMEDOUT); 1497 1498 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1499 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1500 return (error); 1501 1502 for (ntries = 0; ntries < 10; ntries++) { 1503 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1504 return (error); 1505 if (!(tmp & RT2860_BBP_CSR_KICK)) 1506 break; 1507 } 1508 if (ntries == 10) 1509 return (ETIMEDOUT); 1510 1511 *val = tmp & 0xff; 1512 return (0); 1513 } 1514 1515 static int 1516 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1517 { 1518 uint32_t tmp; 1519 int ntries, error; 1520 1521 for (ntries = 0; ntries < 10; ntries++) { 1522 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1523 return (error); 1524 if (!(tmp & RT2860_BBP_CSR_KICK)) 1525 break; 1526 } 1527 if (ntries == 10) 1528 return (ETIMEDOUT); 1529 1530 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1531 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1532 } 1533 1534 /* 1535 * Send a command to the 8051 microcontroller unit. 1536 */ 1537 static int 1538 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1539 { 1540 uint32_t tmp; 1541 int error, ntries; 1542 1543 for (ntries = 0; ntries < 100; ntries++) { 1544 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1545 return error; 1546 if (!(tmp & RT2860_H2M_BUSY)) 1547 break; 1548 } 1549 if (ntries == 100) 1550 return ETIMEDOUT; 1551 1552 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1553 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1554 error = run_write(sc, RT2860_HOST_CMD, cmd); 1555 return (error); 1556 } 1557 1558 /* 1559 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1560 * Used to adjust per-rate Tx power registers. 1561 */ 1562 static __inline uint32_t 1563 b4inc(uint32_t b32, int8_t delta) 1564 { 1565 int8_t i, b4; 1566 1567 for (i = 0; i < 8; i++) { 1568 b4 = b32 & 0xf; 1569 b4 += delta; 1570 if (b4 < 0) 1571 b4 = 0; 1572 else if (b4 > 0xf) 1573 b4 = 0xf; 1574 b32 = b32 >> 4 | b4 << 28; 1575 } 1576 return (b32); 1577 } 1578 1579 static const char * 1580 run_get_rf(uint16_t rev) 1581 { 1582 switch (rev) { 1583 case RT2860_RF_2820: return "RT2820"; 1584 case RT2860_RF_2850: return "RT2850"; 1585 case RT2860_RF_2720: return "RT2720"; 1586 case RT2860_RF_2750: return "RT2750"; 1587 case RT3070_RF_3020: return "RT3020"; 1588 case RT3070_RF_2020: return "RT2020"; 1589 case RT3070_RF_3021: return "RT3021"; 1590 case RT3070_RF_3022: return "RT3022"; 1591 case RT3070_RF_3052: return "RT3052"; 1592 case RT5592_RF_5592: return "RT5592"; 1593 case RT5390_RF_5370: return "RT5370"; 1594 case RT5390_RF_5372: return "RT5372"; 1595 } 1596 return ("unknown"); 1597 } 1598 1599 static int 1600 run_read_eeprom(struct run_softc *sc) 1601 { 1602 int8_t delta_2ghz, delta_5ghz; 1603 uint32_t tmp; 1604 uint16_t val; 1605 int ridx, ant, i; 1606 1607 /* check whether the ROM is eFUSE ROM or EEPROM */ 1608 sc->sc_srom_read = run_eeprom_read_2; 1609 if (sc->mac_ver >= 0x3070) { 1610 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1611 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1612 if (tmp & RT3070_SEL_EFUSE) 1613 sc->sc_srom_read = run_efuse_read_2; 1614 } 1615 1616 /* read ROM version */ 1617 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1618 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1619 1620 /* read MAC address */ 1621 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1622 sc->sc_bssid[0] = val & 0xff; 1623 sc->sc_bssid[1] = val >> 8; 1624 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1625 sc->sc_bssid[2] = val & 0xff; 1626 sc->sc_bssid[3] = val >> 8; 1627 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1628 sc->sc_bssid[4] = val & 0xff; 1629 sc->sc_bssid[5] = val >> 8; 1630 1631 if (sc->mac_ver < 0x5390) { 1632 /* read vender BBP settings */ 1633 for (i = 0; i < 10; i++) { 1634 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1635 sc->bbp[i].val = val & 0xff; 1636 sc->bbp[i].reg = val >> 8; 1637 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1638 sc->bbp[i].val); 1639 } 1640 if (sc->mac_ver >= 0x3071) { 1641 /* read vendor RF settings */ 1642 for (i = 0; i < 10; i++) { 1643 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1644 &val); 1645 sc->rf[i].val = val & 0xff; 1646 sc->rf[i].reg = val >> 8; 1647 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1648 sc->rf[i].val); 1649 } 1650 } 1651 } 1652 1653 /* read RF frequency offset from EEPROM */ 1654 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1655 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1656 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1657 1658 if (val >> 8 != 0xff) { 1659 /* read LEDs operating mode */ 1660 sc->leds = val >> 8; 1661 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1662 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1663 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1664 } else { 1665 /* broken EEPROM, use default settings */ 1666 sc->leds = 0x01; 1667 sc->led[0] = 0x5555; 1668 sc->led[1] = 0x2221; 1669 sc->led[2] = 0x5627; /* differs from RT2860 */ 1670 } 1671 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1672 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1673 1674 /* read RF information */ 1675 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1676 run_srom_read(sc, 0x00, &val); 1677 else 1678 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1679 1680 if (val == 0xffff) { 1681 DPRINTF("invalid EEPROM antenna info, using default\n"); 1682 if (sc->mac_ver == 0x3572) { 1683 /* default to RF3052 2T2R */ 1684 sc->rf_rev = RT3070_RF_3052; 1685 sc->ntxchains = 2; 1686 sc->nrxchains = 2; 1687 } else if (sc->mac_ver >= 0x3070) { 1688 /* default to RF3020 1T1R */ 1689 sc->rf_rev = RT3070_RF_3020; 1690 sc->ntxchains = 1; 1691 sc->nrxchains = 1; 1692 } else { 1693 /* default to RF2820 1T2R */ 1694 sc->rf_rev = RT2860_RF_2820; 1695 sc->ntxchains = 1; 1696 sc->nrxchains = 2; 1697 } 1698 } else { 1699 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1700 sc->rf_rev = val; 1701 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1702 } else 1703 sc->rf_rev = (val >> 8) & 0xf; 1704 sc->ntxchains = (val >> 4) & 0xf; 1705 sc->nrxchains = val & 0xf; 1706 } 1707 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1708 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1709 1710 /* check if RF supports automatic Tx access gain control */ 1711 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1712 DPRINTF("EEPROM CFG 0x%04x\n", val); 1713 /* check if driver should patch the DAC issue */ 1714 if ((val >> 8) != 0xff) 1715 sc->patch_dac = (val >> 15) & 1; 1716 if ((val & 0xff) != 0xff) { 1717 sc->ext_5ghz_lna = (val >> 3) & 1; 1718 sc->ext_2ghz_lna = (val >> 2) & 1; 1719 /* check if RF supports automatic Tx access gain control */ 1720 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1721 /* check if we have a hardware radio switch */ 1722 sc->rfswitch = val & 1; 1723 } 1724 1725 /* read power settings for 2GHz channels */ 1726 for (i = 0; i < 14; i += 2) { 1727 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1728 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1729 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1730 1731 if (sc->mac_ver != 0x5390) { 1732 run_srom_read(sc, 1733 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1734 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1735 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1736 } 1737 } 1738 /* fix broken Tx power entries */ 1739 for (i = 0; i < 14; i++) { 1740 if (sc->mac_ver >= 0x5390) { 1741 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1742 sc->txpow1[i] = 5; 1743 } else { 1744 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1745 sc->txpow1[i] = 5; 1746 } 1747 if (sc->mac_ver > 0x5390) { 1748 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1749 sc->txpow2[i] = 5; 1750 } else if (sc->mac_ver < 0x5390) { 1751 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1752 sc->txpow2[i] = 5; 1753 } 1754 DPRINTF("chan %d: power1=%d, power2=%d\n", 1755 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1756 } 1757 /* read power settings for 5GHz channels */ 1758 for (i = 0; i < 40; i += 2) { 1759 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1760 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1761 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1762 1763 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1764 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1765 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1766 } 1767 /* fix broken Tx power entries */ 1768 for (i = 0; i < 40; i++ ) { 1769 if (sc->mac_ver != 0x5592) { 1770 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1771 sc->txpow1[14 + i] = 5; 1772 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1773 sc->txpow2[14 + i] = 5; 1774 } 1775 DPRINTF("chan %d: power1=%d, power2=%d\n", 1776 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1777 sc->txpow2[14 + i]); 1778 } 1779 1780 /* read Tx power compensation for each Tx rate */ 1781 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1782 delta_2ghz = delta_5ghz = 0; 1783 if ((val & 0xff) != 0xff && (val & 0x80)) { 1784 delta_2ghz = val & 0xf; 1785 if (!(val & 0x40)) /* negative number */ 1786 delta_2ghz = -delta_2ghz; 1787 } 1788 val >>= 8; 1789 if ((val & 0xff) != 0xff && (val & 0x80)) { 1790 delta_5ghz = val & 0xf; 1791 if (!(val & 0x40)) /* negative number */ 1792 delta_5ghz = -delta_5ghz; 1793 } 1794 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1795 delta_2ghz, delta_5ghz); 1796 1797 for (ridx = 0; ridx < 5; ridx++) { 1798 uint32_t reg; 1799 1800 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1801 reg = val; 1802 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1803 reg |= (uint32_t)val << 16; 1804 1805 sc->txpow20mhz[ridx] = reg; 1806 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1807 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1808 1809 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1810 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1811 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1812 } 1813 1814 /* read RSSI offsets and LNA gains from EEPROM */ 1815 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1816 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1817 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1818 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1819 if (sc->mac_ver >= 0x3070) { 1820 /* 1821 * On RT3070 chips (limited to 2 Rx chains), this ROM 1822 * field contains the Tx mixer gain for the 2GHz band. 1823 */ 1824 if ((val & 0xff) != 0xff) 1825 sc->txmixgain_2ghz = val & 0x7; 1826 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1827 } else 1828 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1829 sc->lna[2] = val >> 8; /* channel group 2 */ 1830 1831 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1832 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1833 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1834 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1835 if (sc->mac_ver == 0x3572) { 1836 /* 1837 * On RT3572 chips (limited to 2 Rx chains), this ROM 1838 * field contains the Tx mixer gain for the 5GHz band. 1839 */ 1840 if ((val & 0xff) != 0xff) 1841 sc->txmixgain_5ghz = val & 0x7; 1842 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1843 } else 1844 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1845 sc->lna[3] = val >> 8; /* channel group 3 */ 1846 1847 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1848 sc->lna[0] = val & 0xff; /* channel group 0 */ 1849 sc->lna[1] = val >> 8; /* channel group 1 */ 1850 1851 /* fix broken 5GHz LNA entries */ 1852 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1853 DPRINTF("invalid LNA for channel group %d\n", 2); 1854 sc->lna[2] = sc->lna[1]; 1855 } 1856 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1857 DPRINTF("invalid LNA for channel group %d\n", 3); 1858 sc->lna[3] = sc->lna[1]; 1859 } 1860 1861 /* fix broken RSSI offset entries */ 1862 for (ant = 0; ant < 3; ant++) { 1863 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1864 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1865 ant + 1, sc->rssi_2ghz[ant]); 1866 sc->rssi_2ghz[ant] = 0; 1867 } 1868 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1869 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1870 ant + 1, sc->rssi_5ghz[ant]); 1871 sc->rssi_5ghz[ant] = 0; 1872 } 1873 } 1874 return (0); 1875 } 1876 1877 static struct ieee80211_node * 1878 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1879 { 1880 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1881 } 1882 1883 static int 1884 run_media_change(struct ifnet *ifp) 1885 { 1886 struct ieee80211vap *vap = ifp->if_softc; 1887 struct ieee80211com *ic = vap->iv_ic; 1888 const struct ieee80211_txparam *tp; 1889 struct run_softc *sc = ic->ic_ifp->if_softc; 1890 uint8_t rate, ridx; 1891 int error; 1892 1893 RUN_LOCK(sc); 1894 1895 error = ieee80211_media_change(ifp); 1896 if (error != ENETRESET) { 1897 RUN_UNLOCK(sc); 1898 return (error); 1899 } 1900 1901 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1902 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1903 struct ieee80211_node *ni; 1904 struct run_node *rn; 1905 1906 rate = ic->ic_sup_rates[ic->ic_curmode]. 1907 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1908 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1909 if (rt2860_rates[ridx].rate == rate) 1910 break; 1911 ni = ieee80211_ref_node(vap->iv_bss); 1912 rn = (struct run_node *)ni; 1913 rn->fix_ridx = ridx; 1914 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1915 ieee80211_free_node(ni); 1916 } 1917 1918 #if 0 1919 if ((ifp->if_flags & IFF_UP) && 1920 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1921 run_init_locked(sc); 1922 } 1923 #endif 1924 1925 RUN_UNLOCK(sc); 1926 1927 return (0); 1928 } 1929 1930 static int 1931 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1932 { 1933 const struct ieee80211_txparam *tp; 1934 struct ieee80211com *ic = vap->iv_ic; 1935 struct run_softc *sc = ic->ic_ifp->if_softc; 1936 struct run_vap *rvp = RUN_VAP(vap); 1937 enum ieee80211_state ostate; 1938 uint32_t sta[3]; 1939 uint32_t tmp; 1940 uint8_t ratectl; 1941 uint8_t restart_ratectl = 0; 1942 uint8_t bid = 1 << rvp->rvp_id; 1943 1944 ostate = vap->iv_state; 1945 DPRINTF("%s -> %s\n", 1946 ieee80211_state_name[ostate], 1947 ieee80211_state_name[nstate]); 1948 1949 IEEE80211_UNLOCK(ic); 1950 RUN_LOCK(sc); 1951 1952 ratectl = sc->ratectl_run; /* remember current state */ 1953 sc->ratectl_run = RUN_RATECTL_OFF; 1954 usb_callout_stop(&sc->ratectl_ch); 1955 1956 if (ostate == IEEE80211_S_RUN) { 1957 /* turn link LED off */ 1958 run_set_leds(sc, RT2860_LED_RADIO); 1959 } 1960 1961 switch (nstate) { 1962 case IEEE80211_S_INIT: 1963 restart_ratectl = 1; 1964 1965 if (ostate != IEEE80211_S_RUN) 1966 break; 1967 1968 ratectl &= ~bid; 1969 sc->runbmap &= ~bid; 1970 1971 /* abort TSF synchronization if there is no vap running */ 1972 if (--sc->running == 0) { 1973 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1974 run_write(sc, RT2860_BCN_TIME_CFG, 1975 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1976 RT2860_TBTT_TIMER_EN)); 1977 } 1978 break; 1979 1980 case IEEE80211_S_RUN: 1981 if (!(sc->runbmap & bid)) { 1982 if(sc->running++) 1983 restart_ratectl = 1; 1984 sc->runbmap |= bid; 1985 } 1986 1987 m_freem(rvp->beacon_mbuf); 1988 rvp->beacon_mbuf = NULL; 1989 1990 switch (vap->iv_opmode) { 1991 case IEEE80211_M_HOSTAP: 1992 case IEEE80211_M_MBSS: 1993 sc->ap_running |= bid; 1994 ic->ic_opmode = vap->iv_opmode; 1995 run_update_beacon_cb(vap); 1996 break; 1997 case IEEE80211_M_IBSS: 1998 sc->adhoc_running |= bid; 1999 if (!sc->ap_running) 2000 ic->ic_opmode = vap->iv_opmode; 2001 run_update_beacon_cb(vap); 2002 break; 2003 case IEEE80211_M_STA: 2004 sc->sta_running |= bid; 2005 if (!sc->ap_running && !sc->adhoc_running) 2006 ic->ic_opmode = vap->iv_opmode; 2007 2008 /* read statistic counters (clear on read) */ 2009 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2010 (uint8_t *)sta, sizeof sta); 2011 2012 break; 2013 default: 2014 ic->ic_opmode = vap->iv_opmode; 2015 break; 2016 } 2017 2018 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2019 struct ieee80211_node *ni; 2020 2021 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2022 RUN_UNLOCK(sc); 2023 IEEE80211_LOCK(ic); 2024 return (-1); 2025 } 2026 run_updateslot(ic->ic_ifp); 2027 run_enable_mrr(sc); 2028 run_set_txpreamble(sc); 2029 run_set_basicrates(sc); 2030 ni = ieee80211_ref_node(vap->iv_bss); 2031 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2032 run_set_bssid(sc, ni->ni_bssid); 2033 ieee80211_free_node(ni); 2034 run_enable_tsf_sync(sc); 2035 2036 /* enable automatic rate adaptation */ 2037 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2038 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2039 ratectl |= bid; 2040 } 2041 2042 /* turn link LED on */ 2043 run_set_leds(sc, RT2860_LED_RADIO | 2044 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2045 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2046 2047 break; 2048 default: 2049 DPRINTFN(6, "undefined case\n"); 2050 break; 2051 } 2052 2053 /* restart amrr for running VAPs */ 2054 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2055 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2056 2057 RUN_UNLOCK(sc); 2058 IEEE80211_LOCK(ic); 2059 2060 return(rvp->newstate(vap, nstate, arg)); 2061 } 2062 2063 /* ARGSUSED */ 2064 static void 2065 run_wme_update_cb(void *arg) 2066 { 2067 struct ieee80211com *ic = arg; 2068 struct run_softc *sc = ic->ic_ifp->if_softc; 2069 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2070 int aci, error = 0; 2071 2072 RUN_LOCK_ASSERT(sc, MA_OWNED); 2073 2074 /* update MAC TX configuration registers */ 2075 for (aci = 0; aci < WME_NUM_AC; aci++) { 2076 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2077 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2078 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2079 wmesp->wme_params[aci].wmep_aifsn << 8 | 2080 wmesp->wme_params[aci].wmep_txopLimit); 2081 if (error) goto err; 2082 } 2083 2084 /* update SCH/DMA registers too */ 2085 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2086 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2087 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2088 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2089 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2090 if (error) goto err; 2091 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2092 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2093 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2094 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2095 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2096 if (error) goto err; 2097 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2098 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2099 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2100 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2101 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2102 if (error) goto err; 2103 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2104 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2105 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2106 if (error) goto err; 2107 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2108 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2109 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2110 2111 err: 2112 if (error) 2113 DPRINTF("WME update failed\n"); 2114 2115 return; 2116 } 2117 2118 static int 2119 run_wme_update(struct ieee80211com *ic) 2120 { 2121 struct run_softc *sc = ic->ic_ifp->if_softc; 2122 2123 /* sometime called wothout lock */ 2124 if (mtx_owned(&ic->ic_comlock.mtx)) { 2125 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2126 DPRINTF("cmdq_store=%d\n", i); 2127 sc->cmdq[i].func = run_wme_update_cb; 2128 sc->cmdq[i].arg0 = ic; 2129 ieee80211_runtask(ic, &sc->cmdq_task); 2130 return (0); 2131 } 2132 2133 RUN_LOCK(sc); 2134 run_wme_update_cb(ic); 2135 RUN_UNLOCK(sc); 2136 2137 /* return whatever, upper layer desn't care anyway */ 2138 return (0); 2139 } 2140 2141 static void 2142 run_key_update_begin(struct ieee80211vap *vap) 2143 { 2144 /* 2145 * To avoid out-of-order events, both run_key_set() and 2146 * _delete() are deferred and handled by run_cmdq_cb(). 2147 * So, there is nothing we need to do here. 2148 */ 2149 } 2150 2151 static void 2152 run_key_update_end(struct ieee80211vap *vap) 2153 { 2154 /* null */ 2155 } 2156 2157 static void 2158 run_key_set_cb(void *arg) 2159 { 2160 struct run_cmdq *cmdq = arg; 2161 struct ieee80211vap *vap = cmdq->arg1; 2162 struct ieee80211_key *k = cmdq->k; 2163 struct ieee80211com *ic = vap->iv_ic; 2164 struct run_softc *sc = ic->ic_ifp->if_softc; 2165 struct ieee80211_node *ni; 2166 uint32_t attr; 2167 uint16_t base, associd; 2168 uint8_t mode, wcid, iv[8]; 2169 2170 RUN_LOCK_ASSERT(sc, MA_OWNED); 2171 2172 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2173 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2174 else 2175 ni = vap->iv_bss; 2176 associd = (ni != NULL) ? ni->ni_associd : 0; 2177 2178 /* map net80211 cipher to RT2860 security mode */ 2179 switch (k->wk_cipher->ic_cipher) { 2180 case IEEE80211_CIPHER_WEP: 2181 if(k->wk_keylen < 8) 2182 mode = RT2860_MODE_WEP40; 2183 else 2184 mode = RT2860_MODE_WEP104; 2185 break; 2186 case IEEE80211_CIPHER_TKIP: 2187 mode = RT2860_MODE_TKIP; 2188 break; 2189 case IEEE80211_CIPHER_AES_CCM: 2190 mode = RT2860_MODE_AES_CCMP; 2191 break; 2192 default: 2193 DPRINTF("undefined case\n"); 2194 return; 2195 } 2196 2197 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2198 associd, k->wk_keyix, mode, 2199 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2200 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2201 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2202 2203 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2204 wcid = 0; /* NB: update WCID0 for group keys */ 2205 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2206 } else { 2207 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2208 1 : RUN_AID2WCID(associd); 2209 base = RT2860_PKEY(wcid); 2210 } 2211 2212 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2213 if(run_write_region_1(sc, base, k->wk_key, 16)) 2214 return; 2215 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2216 return; 2217 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2218 return; 2219 } else { 2220 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2221 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2222 return; 2223 } 2224 2225 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2226 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2227 /* set initial packet number in IV+EIV */ 2228 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2229 memset(iv, 0, sizeof iv); 2230 iv[3] = vap->iv_def_txkey << 6; 2231 } else { 2232 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2233 iv[0] = k->wk_keytsc >> 8; 2234 iv[1] = (iv[0] | 0x20) & 0x7f; 2235 iv[2] = k->wk_keytsc; 2236 } else /* CCMP */ { 2237 iv[0] = k->wk_keytsc; 2238 iv[1] = k->wk_keytsc >> 8; 2239 iv[2] = 0; 2240 } 2241 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2242 iv[4] = k->wk_keytsc >> 16; 2243 iv[5] = k->wk_keytsc >> 24; 2244 iv[6] = k->wk_keytsc >> 32; 2245 iv[7] = k->wk_keytsc >> 40; 2246 } 2247 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2248 return; 2249 } 2250 2251 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2252 /* install group key */ 2253 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2254 return; 2255 attr &= ~(0xf << (k->wk_keyix * 4)); 2256 attr |= mode << (k->wk_keyix * 4); 2257 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2258 return; 2259 } else { 2260 /* install pairwise key */ 2261 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2262 return; 2263 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2264 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2265 return; 2266 } 2267 2268 /* TODO create a pass-thru key entry? */ 2269 2270 /* need wcid to delete the right key later */ 2271 k->wk_pad = wcid; 2272 } 2273 2274 /* 2275 * Don't have to be deferred, but in order to keep order of 2276 * execution, i.e. with run_key_delete(), defer this and let 2277 * run_cmdq_cb() maintain the order. 2278 * 2279 * return 0 on error 2280 */ 2281 static int 2282 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2283 const uint8_t mac[IEEE80211_ADDR_LEN]) 2284 { 2285 struct ieee80211com *ic = vap->iv_ic; 2286 struct run_softc *sc = ic->ic_ifp->if_softc; 2287 uint32_t i; 2288 2289 i = RUN_CMDQ_GET(&sc->cmdq_store); 2290 DPRINTF("cmdq_store=%d\n", i); 2291 sc->cmdq[i].func = run_key_set_cb; 2292 sc->cmdq[i].arg0 = NULL; 2293 sc->cmdq[i].arg1 = vap; 2294 sc->cmdq[i].k = k; 2295 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2296 ieee80211_runtask(ic, &sc->cmdq_task); 2297 2298 /* 2299 * To make sure key will be set when hostapd 2300 * calls iv_key_set() before if_init(). 2301 */ 2302 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2303 RUN_LOCK(sc); 2304 sc->cmdq_key_set = RUN_CMDQ_GO; 2305 RUN_UNLOCK(sc); 2306 } 2307 2308 return (1); 2309 } 2310 2311 /* 2312 * If wlan is destroyed without being brought down i.e. without 2313 * wlan down or wpa_cli terminate, this function is called after 2314 * vap is gone. Don't refer it. 2315 */ 2316 static void 2317 run_key_delete_cb(void *arg) 2318 { 2319 struct run_cmdq *cmdq = arg; 2320 struct run_softc *sc = cmdq->arg1; 2321 struct ieee80211_key *k = &cmdq->key; 2322 uint32_t attr; 2323 uint8_t wcid; 2324 2325 RUN_LOCK_ASSERT(sc, MA_OWNED); 2326 2327 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2328 /* remove group key */ 2329 DPRINTF("removing group key\n"); 2330 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2331 attr &= ~(0xf << (k->wk_keyix * 4)); 2332 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2333 } else { 2334 /* remove pairwise key */ 2335 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2336 /* matching wcid was written to wk_pad in run_key_set() */ 2337 wcid = k->wk_pad; 2338 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2339 attr &= ~0xf; 2340 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2341 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2342 } 2343 2344 k->wk_pad = 0; 2345 } 2346 2347 /* 2348 * return 0 on error 2349 */ 2350 static int 2351 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2352 { 2353 struct ieee80211com *ic = vap->iv_ic; 2354 struct run_softc *sc = ic->ic_ifp->if_softc; 2355 struct ieee80211_key *k0; 2356 uint32_t i; 2357 2358 /* 2359 * When called back, key might be gone. So, make a copy 2360 * of some values need to delete keys before deferring. 2361 * But, because of LOR with node lock, cannot use lock here. 2362 * So, use atomic instead. 2363 */ 2364 i = RUN_CMDQ_GET(&sc->cmdq_store); 2365 DPRINTF("cmdq_store=%d\n", i); 2366 sc->cmdq[i].func = run_key_delete_cb; 2367 sc->cmdq[i].arg0 = NULL; 2368 sc->cmdq[i].arg1 = sc; 2369 k0 = &sc->cmdq[i].key; 2370 k0->wk_flags = k->wk_flags; 2371 k0->wk_keyix = k->wk_keyix; 2372 /* matching wcid was written to wk_pad in run_key_set() */ 2373 k0->wk_pad = k->wk_pad; 2374 ieee80211_runtask(ic, &sc->cmdq_task); 2375 return (1); /* return fake success */ 2376 2377 } 2378 2379 static void 2380 run_ratectl_to(void *arg) 2381 { 2382 struct run_softc *sc = arg; 2383 2384 /* do it in a process context, so it can go sleep */ 2385 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2386 /* next timeout will be rescheduled in the callback task */ 2387 } 2388 2389 /* ARGSUSED */ 2390 static void 2391 run_ratectl_cb(void *arg, int pending) 2392 { 2393 struct run_softc *sc = arg; 2394 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2395 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2396 2397 if (vap == NULL) 2398 return; 2399 2400 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2401 run_iter_func(sc, vap->iv_bss); 2402 else { 2403 /* 2404 * run_reset_livelock() doesn't do anything with AMRR, 2405 * but Ralink wants us to call it every 1 sec. So, we 2406 * piggyback here rather than creating another callout. 2407 * Livelock may occur only in HOSTAP or IBSS mode 2408 * (when h/w is sending beacons). 2409 */ 2410 RUN_LOCK(sc); 2411 run_reset_livelock(sc); 2412 /* just in case, there are some stats to drain */ 2413 run_drain_fifo(sc); 2414 RUN_UNLOCK(sc); 2415 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2416 } 2417 2418 RUN_LOCK(sc); 2419 if(sc->ratectl_run != RUN_RATECTL_OFF) 2420 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2421 RUN_UNLOCK(sc); 2422 } 2423 2424 static void 2425 run_drain_fifo(void *arg) 2426 { 2427 struct run_softc *sc = arg; 2428 struct ifnet *ifp = sc->sc_ifp; 2429 uint32_t stat; 2430 uint16_t (*wstat)[3]; 2431 uint8_t wcid, mcs, pid; 2432 int8_t retry; 2433 2434 RUN_LOCK_ASSERT(sc, MA_OWNED); 2435 2436 for (;;) { 2437 /* drain Tx status FIFO (maxsize = 16) */ 2438 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2439 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2440 if (!(stat & RT2860_TXQ_VLD)) 2441 break; 2442 2443 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2444 2445 /* if no ACK was requested, no feedback is available */ 2446 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2447 wcid == 0) 2448 continue; 2449 2450 /* 2451 * Even though each stat is Tx-complete-status like format, 2452 * the device can poll stats. Because there is no guarantee 2453 * that the referring node is still around when read the stats. 2454 * So that, if we use ieee80211_ratectl_tx_update(), we will 2455 * have hard time not to refer already freed node. 2456 * 2457 * To eliminate such page faults, we poll stats in softc. 2458 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2459 */ 2460 wstat = &(sc->wcid_stats[wcid]); 2461 (*wstat)[RUN_TXCNT]++; 2462 if (stat & RT2860_TXQ_OK) 2463 (*wstat)[RUN_SUCCESS]++; 2464 else 2465 ifp->if_oerrors++; 2466 /* 2467 * Check if there were retries, ie if the Tx success rate is 2468 * different from the requested rate. Note that it works only 2469 * because we do not allow rate fallback from OFDM to CCK. 2470 */ 2471 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2472 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2473 if ((retry = pid -1 - mcs) > 0) { 2474 (*wstat)[RUN_TXCNT] += retry; 2475 (*wstat)[RUN_RETRY] += retry; 2476 } 2477 } 2478 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2479 2480 sc->fifo_cnt = 0; 2481 } 2482 2483 static void 2484 run_iter_func(void *arg, struct ieee80211_node *ni) 2485 { 2486 struct run_softc *sc = arg; 2487 struct ieee80211vap *vap = ni->ni_vap; 2488 struct ieee80211com *ic = ni->ni_ic; 2489 struct ifnet *ifp = ic->ic_ifp; 2490 struct run_node *rn = (void *)ni; 2491 union run_stats sta[2]; 2492 uint16_t (*wstat)[3]; 2493 int txcnt, success, retrycnt, error; 2494 2495 RUN_LOCK(sc); 2496 2497 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2498 vap->iv_opmode == IEEE80211_M_STA)) { 2499 /* read statistic counters (clear on read) and update AMRR state */ 2500 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2501 sizeof sta); 2502 if (error != 0) 2503 goto fail; 2504 2505 /* count failed TX as errors */ 2506 ifp->if_oerrors += le16toh(sta[0].error.fail); 2507 2508 retrycnt = le16toh(sta[1].tx.retry); 2509 success = le16toh(sta[1].tx.success); 2510 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2511 2512 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2513 retrycnt, success, le16toh(sta[0].error.fail)); 2514 } else { 2515 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2516 2517 if (wstat == &(sc->wcid_stats[0]) || 2518 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2519 goto fail; 2520 2521 txcnt = (*wstat)[RUN_TXCNT]; 2522 success = (*wstat)[RUN_SUCCESS]; 2523 retrycnt = (*wstat)[RUN_RETRY]; 2524 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2525 retrycnt, txcnt, success); 2526 2527 memset(wstat, 0, sizeof(*wstat)); 2528 } 2529 2530 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2531 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2532 2533 fail: 2534 RUN_UNLOCK(sc); 2535 2536 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2537 } 2538 2539 static void 2540 run_newassoc_cb(void *arg) 2541 { 2542 struct run_cmdq *cmdq = arg; 2543 struct ieee80211_node *ni = cmdq->arg1; 2544 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2545 uint8_t wcid = cmdq->wcid; 2546 2547 RUN_LOCK_ASSERT(sc, MA_OWNED); 2548 2549 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2550 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2551 2552 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2553 } 2554 2555 static void 2556 run_newassoc(struct ieee80211_node *ni, int isnew) 2557 { 2558 struct run_node *rn = (void *)ni; 2559 struct ieee80211_rateset *rs = &ni->ni_rates; 2560 struct ieee80211vap *vap = ni->ni_vap; 2561 struct ieee80211com *ic = vap->iv_ic; 2562 struct run_softc *sc = ic->ic_ifp->if_softc; 2563 uint8_t rate; 2564 uint8_t ridx; 2565 uint8_t wcid; 2566 int i, j; 2567 2568 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2569 1 : RUN_AID2WCID(ni->ni_associd); 2570 2571 if (wcid > RT2870_WCID_MAX) { 2572 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2573 return; 2574 } 2575 2576 /* only interested in true associations */ 2577 if (isnew && ni->ni_associd != 0) { 2578 2579 /* 2580 * This function could is called though timeout function. 2581 * Need to defer. 2582 */ 2583 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2584 DPRINTF("cmdq_store=%d\n", cnt); 2585 sc->cmdq[cnt].func = run_newassoc_cb; 2586 sc->cmdq[cnt].arg0 = NULL; 2587 sc->cmdq[cnt].arg1 = ni; 2588 sc->cmdq[cnt].wcid = wcid; 2589 ieee80211_runtask(ic, &sc->cmdq_task); 2590 } 2591 2592 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2593 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2594 2595 for (i = 0; i < rs->rs_nrates; i++) { 2596 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2597 /* convert 802.11 rate to hardware rate index */ 2598 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2599 if (rt2860_rates[ridx].rate == rate) 2600 break; 2601 rn->ridx[i] = ridx; 2602 /* determine rate of control response frames */ 2603 for (j = i; j >= 0; j--) { 2604 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2605 rt2860_rates[rn->ridx[i]].phy == 2606 rt2860_rates[rn->ridx[j]].phy) 2607 break; 2608 } 2609 if (j >= 0) { 2610 rn->ctl_ridx[i] = rn->ridx[j]; 2611 } else { 2612 /* no basic rate found, use mandatory one */ 2613 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2614 } 2615 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2616 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2617 } 2618 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2619 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2620 if (rt2860_rates[ridx].rate == rate) 2621 break; 2622 rn->mgt_ridx = ridx; 2623 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2624 2625 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2626 } 2627 2628 /* 2629 * Return the Rx chain with the highest RSSI for a given frame. 2630 */ 2631 static __inline uint8_t 2632 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2633 { 2634 uint8_t rxchain = 0; 2635 2636 if (sc->nrxchains > 1) { 2637 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2638 rxchain = 1; 2639 if (sc->nrxchains > 2) 2640 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2641 rxchain = 2; 2642 } 2643 return (rxchain); 2644 } 2645 2646 static void 2647 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2648 { 2649 struct ifnet *ifp = sc->sc_ifp; 2650 struct ieee80211com *ic = ifp->if_l2com; 2651 struct ieee80211_frame *wh; 2652 struct ieee80211_node *ni; 2653 struct rt2870_rxd *rxd; 2654 struct rt2860_rxwi *rxwi; 2655 uint32_t flags; 2656 uint16_t len, rxwisize; 2657 uint8_t ant, rssi; 2658 int8_t nf; 2659 2660 rxwi = mtod(m, struct rt2860_rxwi *); 2661 len = le16toh(rxwi->len) & 0xfff; 2662 rxwisize = (sc->mac_ver == 0x5592) ? 2663 sizeof(struct rt2860_rxwi) + sizeof(uint64_t) : 2664 sizeof(struct rt2860_rxwi); 2665 if (__predict_false(len > dmalen)) { 2666 m_freem(m); 2667 ifp->if_ierrors++; 2668 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2669 return; 2670 } 2671 /* Rx descriptor is located at the end */ 2672 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2673 flags = le32toh(rxd->flags); 2674 2675 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2676 m_freem(m); 2677 ifp->if_ierrors++; 2678 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2679 return; 2680 } 2681 2682 m->m_data += rxwisize; 2683 m->m_pkthdr.len = m->m_len -= rxwisize; 2684 2685 wh = mtod(m, struct ieee80211_frame *); 2686 2687 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2688 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2689 m->m_flags |= M_WEP; 2690 } 2691 2692 if (flags & RT2860_RX_L2PAD) { 2693 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2694 len += 2; 2695 } 2696 2697 ni = ieee80211_find_rxnode(ic, 2698 mtod(m, struct ieee80211_frame_min *)); 2699 2700 if (__predict_false(flags & RT2860_RX_MICERR)) { 2701 /* report MIC failures to net80211 for TKIP */ 2702 if (ni != NULL) 2703 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2704 rxwi->keyidx); 2705 m_freem(m); 2706 ifp->if_ierrors++; 2707 DPRINTF("MIC error. Someone is lying.\n"); 2708 return; 2709 } 2710 2711 ant = run_maxrssi_chain(sc, rxwi); 2712 rssi = rxwi->rssi[ant]; 2713 nf = run_rssi2dbm(sc, rssi, ant); 2714 2715 m->m_pkthdr.rcvif = ifp; 2716 m->m_pkthdr.len = m->m_len = len; 2717 2718 if (ni != NULL) { 2719 (void)ieee80211_input(ni, m, rssi, nf); 2720 ieee80211_free_node(ni); 2721 } else { 2722 (void)ieee80211_input_all(ic, m, rssi, nf); 2723 } 2724 2725 if (__predict_false(ieee80211_radiotap_active(ic))) { 2726 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2727 uint16_t phy; 2728 2729 tap->wr_flags = 0; 2730 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2731 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2732 tap->wr_antsignal = rssi; 2733 tap->wr_antenna = ant; 2734 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2735 tap->wr_rate = 2; /* in case it can't be found below */ 2736 phy = le16toh(rxwi->phy); 2737 switch (phy & RT2860_PHY_MODE) { 2738 case RT2860_PHY_CCK: 2739 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2740 case 0: tap->wr_rate = 2; break; 2741 case 1: tap->wr_rate = 4; break; 2742 case 2: tap->wr_rate = 11; break; 2743 case 3: tap->wr_rate = 22; break; 2744 } 2745 if (phy & RT2860_PHY_SHPRE) 2746 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2747 break; 2748 case RT2860_PHY_OFDM: 2749 switch (phy & RT2860_PHY_MCS) { 2750 case 0: tap->wr_rate = 12; break; 2751 case 1: tap->wr_rate = 18; break; 2752 case 2: tap->wr_rate = 24; break; 2753 case 3: tap->wr_rate = 36; break; 2754 case 4: tap->wr_rate = 48; break; 2755 case 5: tap->wr_rate = 72; break; 2756 case 6: tap->wr_rate = 96; break; 2757 case 7: tap->wr_rate = 108; break; 2758 } 2759 break; 2760 } 2761 } 2762 } 2763 2764 static void 2765 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2766 { 2767 struct run_softc *sc = usbd_xfer_softc(xfer); 2768 struct ifnet *ifp = sc->sc_ifp; 2769 struct mbuf *m = NULL; 2770 struct mbuf *m0; 2771 uint32_t dmalen; 2772 uint16_t rxwisize; 2773 int xferlen; 2774 2775 rxwisize = (sc->mac_ver == 0x5592) ? 2776 sizeof(struct rt2860_rxwi) + sizeof(uint64_t) : 2777 sizeof(struct rt2860_rxwi); 2778 2779 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2780 2781 switch (USB_GET_STATE(xfer)) { 2782 case USB_ST_TRANSFERRED: 2783 2784 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2785 2786 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2787 sizeof(struct rt2870_rxd))) { 2788 DPRINTF("xfer too short %d\n", xferlen); 2789 goto tr_setup; 2790 } 2791 2792 m = sc->rx_m; 2793 sc->rx_m = NULL; 2794 2795 /* FALLTHROUGH */ 2796 case USB_ST_SETUP: 2797 tr_setup: 2798 if (sc->rx_m == NULL) { 2799 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2800 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2801 } 2802 if (sc->rx_m == NULL) { 2803 DPRINTF("could not allocate mbuf - idle with stall\n"); 2804 ifp->if_ierrors++; 2805 usbd_xfer_set_stall(xfer); 2806 usbd_xfer_set_frames(xfer, 0); 2807 } else { 2808 /* 2809 * Directly loading a mbuf cluster into DMA to 2810 * save some data copying. This works because 2811 * there is only one cluster. 2812 */ 2813 usbd_xfer_set_frame_data(xfer, 0, 2814 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2815 usbd_xfer_set_frames(xfer, 1); 2816 } 2817 usbd_transfer_submit(xfer); 2818 break; 2819 2820 default: /* Error */ 2821 if (error != USB_ERR_CANCELLED) { 2822 /* try to clear stall first */ 2823 usbd_xfer_set_stall(xfer); 2824 2825 if (error == USB_ERR_TIMEOUT) 2826 device_printf(sc->sc_dev, "device timeout\n"); 2827 2828 ifp->if_ierrors++; 2829 2830 goto tr_setup; 2831 } 2832 if (sc->rx_m != NULL) { 2833 m_freem(sc->rx_m); 2834 sc->rx_m = NULL; 2835 } 2836 break; 2837 } 2838 2839 if (m == NULL) 2840 return; 2841 2842 /* inputting all the frames must be last */ 2843 2844 RUN_UNLOCK(sc); 2845 2846 m->m_pkthdr.len = m->m_len = xferlen; 2847 2848 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2849 for(;;) { 2850 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2851 2852 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2853 ((dmalen & 3) != 0)) { 2854 DPRINTF("bad DMA length %u\n", dmalen); 2855 break; 2856 } 2857 if ((dmalen + 8) > (uint32_t)xferlen) { 2858 DPRINTF("bad DMA length %u > %d\n", 2859 dmalen + 8, xferlen); 2860 break; 2861 } 2862 2863 /* If it is the last one or a single frame, we won't copy. */ 2864 if ((xferlen -= dmalen + 8) <= 8) { 2865 /* trim 32-bit DMA-len header */ 2866 m->m_data += 4; 2867 m->m_pkthdr.len = m->m_len -= 4; 2868 run_rx_frame(sc, m, dmalen); 2869 m = NULL; /* don't free source buffer */ 2870 break; 2871 } 2872 2873 /* copy aggregated frames to another mbuf */ 2874 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2875 if (__predict_false(m0 == NULL)) { 2876 DPRINTF("could not allocate mbuf\n"); 2877 ifp->if_ierrors++; 2878 break; 2879 } 2880 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2881 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2882 m0->m_pkthdr.len = m0->m_len = 2883 dmalen + sizeof(struct rt2870_rxd); 2884 run_rx_frame(sc, m0, dmalen); 2885 2886 /* update data ptr */ 2887 m->m_data += dmalen + 8; 2888 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2889 } 2890 2891 /* make sure we free the source buffer, if any */ 2892 m_freem(m); 2893 2894 RUN_LOCK(sc); 2895 } 2896 2897 static void 2898 run_tx_free(struct run_endpoint_queue *pq, 2899 struct run_tx_data *data, int txerr) 2900 { 2901 if (data->m != NULL) { 2902 if (data->m->m_flags & M_TXCB) 2903 ieee80211_process_callback(data->ni, data->m, 2904 txerr ? ETIMEDOUT : 0); 2905 m_freem(data->m); 2906 data->m = NULL; 2907 2908 if (data->ni == NULL) { 2909 DPRINTF("no node\n"); 2910 } else { 2911 ieee80211_free_node(data->ni); 2912 data->ni = NULL; 2913 } 2914 } 2915 2916 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2917 pq->tx_nfree++; 2918 } 2919 2920 static void 2921 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 2922 { 2923 struct run_softc *sc = usbd_xfer_softc(xfer); 2924 struct ifnet *ifp = sc->sc_ifp; 2925 struct ieee80211com *ic = ifp->if_l2com; 2926 struct run_tx_data *data; 2927 struct ieee80211vap *vap = NULL; 2928 struct usb_page_cache *pc; 2929 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2930 struct mbuf *m; 2931 usb_frlength_t size; 2932 int actlen; 2933 int sumlen; 2934 2935 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2936 2937 switch (USB_GET_STATE(xfer)) { 2938 case USB_ST_TRANSFERRED: 2939 DPRINTFN(11, "transfer complete: %d " 2940 "bytes @ index %d\n", actlen, index); 2941 2942 data = usbd_xfer_get_priv(xfer); 2943 2944 run_tx_free(pq, data, 0); 2945 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2946 2947 usbd_xfer_set_priv(xfer, NULL); 2948 2949 ifp->if_opackets++; 2950 2951 /* FALLTHROUGH */ 2952 case USB_ST_SETUP: 2953 tr_setup: 2954 data = STAILQ_FIRST(&pq->tx_qh); 2955 if (data == NULL) 2956 break; 2957 2958 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2959 2960 m = data->m; 2961 size = (sc->mac_ver == 0x5592) ? 2962 RUN_MAX_TXSZ + sizeof(uint32_t) : RUN_MAX_TXSZ; 2963 if ((m->m_pkthdr.len + 2964 sizeof(data->desc) + 3 + 8) > size) { 2965 DPRINTF("data overflow, %u bytes\n", 2966 m->m_pkthdr.len); 2967 2968 ifp->if_oerrors++; 2969 2970 run_tx_free(pq, data, 1); 2971 2972 goto tr_setup; 2973 } 2974 2975 pc = usbd_xfer_get_frame(xfer, 0); 2976 size = (sc->mac_ver == 0x5592) ? 2977 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 2978 usbd_copy_in(pc, 0, &data->desc, size); 2979 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2980 size += m->m_pkthdr.len; 2981 /* 2982 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 2983 * 4-byte padding), and be sure to zero those trailing 2984 * bytes: 2985 */ 2986 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 2987 size += ((-size) & 3) + 8; 2988 2989 vap = data->ni->ni_vap; 2990 if (ieee80211_radiotap_active_vap(vap)) { 2991 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2992 struct rt2860_txwi *txwi = 2993 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2994 tap->wt_flags = 0; 2995 tap->wt_rate = rt2860_rates[data->ridx].rate; 2996 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2997 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2998 tap->wt_hwqueue = index; 2999 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3000 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3001 3002 ieee80211_radiotap_tx(vap, m); 3003 } 3004 3005 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3006 m->m_pkthdr.len, size, index); 3007 3008 usbd_xfer_set_frame_len(xfer, 0, size); 3009 usbd_xfer_set_priv(xfer, data); 3010 3011 usbd_transfer_submit(xfer); 3012 3013 RUN_UNLOCK(sc); 3014 run_start(ifp); 3015 RUN_LOCK(sc); 3016 3017 break; 3018 3019 default: 3020 DPRINTF("USB transfer error, %s\n", 3021 usbd_errstr(error)); 3022 3023 data = usbd_xfer_get_priv(xfer); 3024 3025 ifp->if_oerrors++; 3026 3027 if (data != NULL) { 3028 if(data->ni != NULL) 3029 vap = data->ni->ni_vap; 3030 run_tx_free(pq, data, error); 3031 usbd_xfer_set_priv(xfer, NULL); 3032 } 3033 if (vap == NULL) 3034 vap = TAILQ_FIRST(&ic->ic_vaps); 3035 3036 if (error != USB_ERR_CANCELLED) { 3037 if (error == USB_ERR_TIMEOUT) { 3038 device_printf(sc->sc_dev, "device timeout\n"); 3039 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3040 DPRINTF("cmdq_store=%d\n", i); 3041 sc->cmdq[i].func = run_usb_timeout_cb; 3042 sc->cmdq[i].arg0 = vap; 3043 ieee80211_runtask(ic, &sc->cmdq_task); 3044 } 3045 3046 /* 3047 * Try to clear stall first, also if other 3048 * errors occur, hence clearing stall 3049 * introduces a 50 ms delay: 3050 */ 3051 usbd_xfer_set_stall(xfer); 3052 goto tr_setup; 3053 } 3054 break; 3055 } 3056 } 3057 3058 static void 3059 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3060 { 3061 run_bulk_tx_callbackN(xfer, error, 0); 3062 } 3063 3064 static void 3065 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3066 { 3067 run_bulk_tx_callbackN(xfer, error, 1); 3068 } 3069 3070 static void 3071 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3072 { 3073 run_bulk_tx_callbackN(xfer, error, 2); 3074 } 3075 3076 static void 3077 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3078 { 3079 run_bulk_tx_callbackN(xfer, error, 3); 3080 } 3081 3082 static void 3083 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3084 { 3085 run_bulk_tx_callbackN(xfer, error, 4); 3086 } 3087 3088 static void 3089 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3090 { 3091 run_bulk_tx_callbackN(xfer, error, 5); 3092 } 3093 3094 static void 3095 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3096 { 3097 struct mbuf *m = data->m; 3098 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3099 struct ieee80211vap *vap = data->ni->ni_vap; 3100 struct ieee80211_frame *wh; 3101 struct rt2870_txd *txd; 3102 struct rt2860_txwi *txwi; 3103 uint16_t xferlen, txwisize; 3104 uint16_t mcs; 3105 uint8_t ridx = data->ridx; 3106 uint8_t pad; 3107 3108 /* get MCS code from rate index */ 3109 mcs = rt2860_rates[ridx].mcs; 3110 3111 txwisize = (sc->mac_ver == 0x5592) ? 3112 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3113 xferlen = txwisize + m->m_pkthdr.len; 3114 3115 /* roundup to 32-bit alignment */ 3116 xferlen = (xferlen + 3) & ~3; 3117 3118 txd = (struct rt2870_txd *)&data->desc; 3119 txd->len = htole16(xferlen); 3120 3121 wh = mtod(m, struct ieee80211_frame *); 3122 3123 /* 3124 * Ether both are true or both are false, the header 3125 * are nicely aligned to 32-bit. So, no L2 padding. 3126 */ 3127 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3128 pad = 0; 3129 else 3130 pad = 2; 3131 3132 /* setup TX Wireless Information */ 3133 txwi = (struct rt2860_txwi *)(txd + 1); 3134 txwi->len = htole16(m->m_pkthdr.len - pad); 3135 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3136 txwi->phy = htole16(RT2860_PHY_CCK); 3137 if (ridx != RT2860_RIDX_CCK1 && 3138 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3139 mcs |= RT2860_PHY_SHPRE; 3140 } else 3141 txwi->phy = htole16(RT2860_PHY_OFDM); 3142 txwi->phy |= htole16(mcs); 3143 3144 /* check if RTS/CTS or CTS-to-self protection is required */ 3145 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3146 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3147 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3148 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3149 txwi->txop |= RT2860_TX_TXOP_HT; 3150 else 3151 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3152 3153 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3154 txwi->xflags |= RT2860_TX_NSEQ; 3155 } 3156 3157 /* This function must be called locked */ 3158 static int 3159 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3160 { 3161 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3162 struct ieee80211vap *vap = ni->ni_vap; 3163 struct ieee80211_frame *wh; 3164 struct ieee80211_channel *chan; 3165 const struct ieee80211_txparam *tp; 3166 struct run_node *rn = (void *)ni; 3167 struct run_tx_data *data; 3168 struct rt2870_txd *txd; 3169 struct rt2860_txwi *txwi; 3170 uint16_t qos; 3171 uint16_t dur; 3172 uint16_t qid; 3173 uint8_t type; 3174 uint8_t tid; 3175 uint8_t ridx; 3176 uint8_t ctl_ridx; 3177 uint8_t qflags; 3178 uint8_t xflags = 0; 3179 int hasqos; 3180 3181 RUN_LOCK_ASSERT(sc, MA_OWNED); 3182 3183 wh = mtod(m, struct ieee80211_frame *); 3184 3185 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3186 3187 /* 3188 * There are 7 bulk endpoints: 1 for RX 3189 * and 6 for TX (4 EDCAs + HCCA + Prio). 3190 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3191 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3192 */ 3193 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3194 uint8_t *frm; 3195 3196 if(IEEE80211_HAS_ADDR4(wh)) 3197 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3198 else 3199 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3200 3201 qos = le16toh(*(const uint16_t *)frm); 3202 tid = qos & IEEE80211_QOS_TID; 3203 qid = TID_TO_WME_AC(tid); 3204 } else { 3205 qos = 0; 3206 tid = 0; 3207 qid = WME_AC_BE; 3208 } 3209 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3210 3211 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3212 qos, qid, tid, qflags); 3213 3214 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3215 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3216 3217 /* pickup a rate index */ 3218 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3219 type != IEEE80211_FC0_TYPE_DATA) { 3220 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3221 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3222 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3223 } else { 3224 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3225 ridx = rn->fix_ridx; 3226 else 3227 ridx = rn->amrr_ridx; 3228 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3229 } 3230 3231 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3232 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3233 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3234 xflags |= RT2860_TX_ACK; 3235 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3236 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3237 else 3238 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3239 USETW(wh->i_dur, dur); 3240 } 3241 3242 /* reserve slots for mgmt packets, just in case */ 3243 if (sc->sc_epq[qid].tx_nfree < 3) { 3244 DPRINTFN(10, "tx ring %d is full\n", qid); 3245 return (-1); 3246 } 3247 3248 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3249 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3250 sc->sc_epq[qid].tx_nfree--; 3251 3252 txd = (struct rt2870_txd *)&data->desc; 3253 txd->flags = qflags; 3254 txwi = (struct rt2860_txwi *)(txd + 1); 3255 txwi->xflags = xflags; 3256 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3257 txwi->wcid = 0; 3258 else 3259 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3260 1 : RUN_AID2WCID(ni->ni_associd); 3261 3262 /* clear leftover garbage bits */ 3263 txwi->flags = 0; 3264 txwi->txop = 0; 3265 3266 data->m = m; 3267 data->ni = ni; 3268 data->ridx = ridx; 3269 3270 run_set_tx_desc(sc, data); 3271 3272 /* 3273 * The chip keeps track of 2 kind of Tx stats, 3274 * * TX_STAT_FIFO, for per WCID stats, and 3275 * * TX_STA_CNT0 for all-TX-in-one stats. 3276 * 3277 * To use FIFO stats, we need to store MCS into the driver-private 3278 * PacketID field. So that, we can tell whose stats when we read them. 3279 * We add 1 to the MCS because setting the PacketID field to 0 means 3280 * that we don't want feedback in TX_STAT_FIFO. 3281 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3282 * 3283 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3284 */ 3285 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3286 vap->iv_opmode == IEEE80211_M_MBSS) { 3287 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3288 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3289 3290 /* 3291 * Unlike PCI based devices, we don't get any interrupt from 3292 * USB devices, so we simulate FIFO-is-full interrupt here. 3293 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3294 * quickly get fulled. To prevent overflow, increment a counter on 3295 * every FIFO stat request, so we know how many slots are left. 3296 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3297 * are used only in those modes. 3298 * We just drain stats. AMRR gets updated every 1 sec by 3299 * run_ratectl_cb() via callout. 3300 * Call it early. Otherwise overflow. 3301 */ 3302 if (sc->fifo_cnt++ == 10) { 3303 /* 3304 * With multiple vaps or if_bridge, if_start() is called 3305 * with a non-sleepable lock, tcpinp. So, need to defer. 3306 */ 3307 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3308 DPRINTFN(6, "cmdq_store=%d\n", i); 3309 sc->cmdq[i].func = run_drain_fifo; 3310 sc->cmdq[i].arg0 = sc; 3311 ieee80211_runtask(ic, &sc->cmdq_task); 3312 } 3313 } 3314 3315 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3316 3317 usbd_transfer_start(sc->sc_xfer[qid]); 3318 3319 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3320 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3321 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3322 3323 return (0); 3324 } 3325 3326 static int 3327 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3328 { 3329 struct ifnet *ifp = sc->sc_ifp; 3330 struct ieee80211com *ic = ifp->if_l2com; 3331 struct run_node *rn = (void *)ni; 3332 struct run_tx_data *data; 3333 struct ieee80211_frame *wh; 3334 struct rt2870_txd *txd; 3335 struct rt2860_txwi *txwi; 3336 uint16_t dur; 3337 uint8_t ridx = rn->mgt_ridx; 3338 uint8_t type; 3339 uint8_t xflags = 0; 3340 uint8_t wflags = 0; 3341 3342 RUN_LOCK_ASSERT(sc, MA_OWNED); 3343 3344 wh = mtod(m, struct ieee80211_frame *); 3345 3346 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3347 3348 /* tell hardware to add timestamp for probe responses */ 3349 if ((wh->i_fc[0] & 3350 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3351 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3352 wflags |= RT2860_TX_TS; 3353 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3354 xflags |= RT2860_TX_ACK; 3355 3356 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3357 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3358 USETW(wh->i_dur, dur); 3359 } 3360 3361 if (sc->sc_epq[0].tx_nfree == 0) { 3362 /* let caller free mbuf */ 3363 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3364 return (EIO); 3365 } 3366 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3367 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3368 sc->sc_epq[0].tx_nfree--; 3369 3370 txd = (struct rt2870_txd *)&data->desc; 3371 txd->flags = RT2860_TX_QSEL_EDCA; 3372 txwi = (struct rt2860_txwi *)(txd + 1); 3373 txwi->wcid = 0xff; 3374 txwi->flags = wflags; 3375 txwi->xflags = xflags; 3376 txwi->txop = 0; /* clear leftover garbage bits */ 3377 3378 data->m = m; 3379 data->ni = ni; 3380 data->ridx = ridx; 3381 3382 run_set_tx_desc(sc, data); 3383 3384 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3385 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3386 rt2860_rates[ridx].rate); 3387 3388 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3389 3390 usbd_transfer_start(sc->sc_xfer[0]); 3391 3392 return (0); 3393 } 3394 3395 static int 3396 run_sendprot(struct run_softc *sc, 3397 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3398 { 3399 struct ieee80211com *ic = ni->ni_ic; 3400 struct ieee80211_frame *wh; 3401 struct run_tx_data *data; 3402 struct rt2870_txd *txd; 3403 struct rt2860_txwi *txwi; 3404 struct mbuf *mprot; 3405 int ridx; 3406 int protrate; 3407 int ackrate; 3408 int pktlen; 3409 int isshort; 3410 uint16_t dur; 3411 uint8_t type; 3412 uint8_t wflags = 0; 3413 uint8_t xflags = 0; 3414 3415 RUN_LOCK_ASSERT(sc, MA_OWNED); 3416 3417 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3418 ("protection %d", prot)); 3419 3420 wh = mtod(m, struct ieee80211_frame *); 3421 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3422 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3423 3424 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3425 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3426 3427 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3428 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3429 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3430 wflags = RT2860_TX_FRAG; 3431 3432 /* check that there are free slots before allocating the mbuf */ 3433 if (sc->sc_epq[0].tx_nfree == 0) { 3434 /* let caller free mbuf */ 3435 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3436 return (ENOBUFS); 3437 } 3438 3439 if (prot == IEEE80211_PROT_RTSCTS) { 3440 /* NB: CTS is the same size as an ACK */ 3441 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3442 xflags |= RT2860_TX_ACK; 3443 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3444 } else { 3445 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3446 } 3447 if (mprot == NULL) { 3448 sc->sc_ifp->if_oerrors++; 3449 DPRINTF("could not allocate mbuf\n"); 3450 return (ENOBUFS); 3451 } 3452 3453 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3454 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3455 sc->sc_epq[0].tx_nfree--; 3456 3457 txd = (struct rt2870_txd *)&data->desc; 3458 txd->flags = RT2860_TX_QSEL_EDCA; 3459 txwi = (struct rt2860_txwi *)(txd + 1); 3460 txwi->wcid = 0xff; 3461 txwi->flags = wflags; 3462 txwi->xflags = xflags; 3463 txwi->txop = 0; /* clear leftover garbage bits */ 3464 3465 data->m = mprot; 3466 data->ni = ieee80211_ref_node(ni); 3467 3468 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3469 if (rt2860_rates[ridx].rate == protrate) 3470 break; 3471 data->ridx = ridx; 3472 3473 run_set_tx_desc(sc, data); 3474 3475 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3476 m->m_pkthdr.len, rate); 3477 3478 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3479 3480 usbd_transfer_start(sc->sc_xfer[0]); 3481 3482 return (0); 3483 } 3484 3485 static int 3486 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3487 const struct ieee80211_bpf_params *params) 3488 { 3489 struct ieee80211com *ic = ni->ni_ic; 3490 struct ieee80211_frame *wh; 3491 struct run_tx_data *data; 3492 struct rt2870_txd *txd; 3493 struct rt2860_txwi *txwi; 3494 uint8_t type; 3495 uint8_t ridx; 3496 uint8_t rate; 3497 uint8_t opflags = 0; 3498 uint8_t xflags = 0; 3499 int error; 3500 3501 RUN_LOCK_ASSERT(sc, MA_OWNED); 3502 3503 KASSERT(params != NULL, ("no raw xmit params")); 3504 3505 wh = mtod(m, struct ieee80211_frame *); 3506 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3507 3508 rate = params->ibp_rate0; 3509 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3510 /* let caller free mbuf */ 3511 return (EINVAL); 3512 } 3513 3514 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3515 xflags |= RT2860_TX_ACK; 3516 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3517 error = run_sendprot(sc, m, ni, 3518 params->ibp_flags & IEEE80211_BPF_RTS ? 3519 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3520 rate); 3521 if (error) { 3522 /* let caller free mbuf */ 3523 return error; 3524 } 3525 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3526 } 3527 3528 if (sc->sc_epq[0].tx_nfree == 0) { 3529 /* let caller free mbuf */ 3530 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3531 DPRINTF("sending raw frame, but tx ring is full\n"); 3532 return (EIO); 3533 } 3534 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3535 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3536 sc->sc_epq[0].tx_nfree--; 3537 3538 txd = (struct rt2870_txd *)&data->desc; 3539 txd->flags = RT2860_TX_QSEL_EDCA; 3540 txwi = (struct rt2860_txwi *)(txd + 1); 3541 txwi->wcid = 0xff; 3542 txwi->xflags = xflags; 3543 txwi->txop = opflags; 3544 txwi->flags = 0; /* clear leftover garbage bits */ 3545 3546 data->m = m; 3547 data->ni = ni; 3548 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3549 if (rt2860_rates[ridx].rate == rate) 3550 break; 3551 data->ridx = ridx; 3552 3553 run_set_tx_desc(sc, data); 3554 3555 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3556 m->m_pkthdr.len, rate); 3557 3558 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3559 3560 usbd_transfer_start(sc->sc_xfer[0]); 3561 3562 return (0); 3563 } 3564 3565 static int 3566 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3567 const struct ieee80211_bpf_params *params) 3568 { 3569 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3570 struct run_softc *sc = ifp->if_softc; 3571 int error = 0; 3572 3573 RUN_LOCK(sc); 3574 3575 /* prevent management frames from being sent if we're not ready */ 3576 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3577 error = ENETDOWN; 3578 goto done; 3579 } 3580 3581 if (params == NULL) { 3582 /* tx mgt packet */ 3583 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3584 ifp->if_oerrors++; 3585 DPRINTF("mgt tx failed\n"); 3586 goto done; 3587 } 3588 } else { 3589 /* tx raw packet with param */ 3590 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3591 ifp->if_oerrors++; 3592 DPRINTF("tx with param failed\n"); 3593 goto done; 3594 } 3595 } 3596 3597 ifp->if_opackets++; 3598 3599 done: 3600 RUN_UNLOCK(sc); 3601 3602 if (error != 0) { 3603 if(m != NULL) 3604 m_freem(m); 3605 ieee80211_free_node(ni); 3606 } 3607 3608 return (error); 3609 } 3610 3611 static void 3612 run_start(struct ifnet *ifp) 3613 { 3614 struct run_softc *sc = ifp->if_softc; 3615 struct ieee80211_node *ni; 3616 struct mbuf *m; 3617 3618 RUN_LOCK(sc); 3619 3620 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3621 RUN_UNLOCK(sc); 3622 return; 3623 } 3624 3625 for (;;) { 3626 /* send data frames */ 3627 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3628 if (m == NULL) 3629 break; 3630 3631 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3632 if (run_tx(sc, m, ni) != 0) { 3633 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3634 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3635 break; 3636 } 3637 } 3638 3639 RUN_UNLOCK(sc); 3640 } 3641 3642 static int 3643 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3644 { 3645 struct run_softc *sc = ifp->if_softc; 3646 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3647 struct ifreq *ifr = (struct ifreq *) data; 3648 int startall = 0; 3649 int error; 3650 3651 RUN_LOCK(sc); 3652 error = sc->sc_detached ? ENXIO : 0; 3653 RUN_UNLOCK(sc); 3654 if (error) 3655 return (error); 3656 3657 switch (cmd) { 3658 case SIOCSIFFLAGS: 3659 RUN_LOCK(sc); 3660 if (ifp->if_flags & IFF_UP) { 3661 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3662 startall = 1; 3663 run_init_locked(sc); 3664 } else 3665 run_update_promisc_locked(ifp); 3666 } else { 3667 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3668 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3669 run_stop(sc); 3670 } 3671 } 3672 RUN_UNLOCK(sc); 3673 if (startall) 3674 ieee80211_start_all(ic); 3675 break; 3676 case SIOCGIFMEDIA: 3677 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3678 break; 3679 case SIOCGIFADDR: 3680 error = ether_ioctl(ifp, cmd, data); 3681 break; 3682 default: 3683 error = EINVAL; 3684 break; 3685 } 3686 3687 return (error); 3688 } 3689 3690 static void 3691 run_iq_calib(struct run_softc *sc, u_int chan) 3692 { 3693 uint16_t val; 3694 3695 /* Tx0 IQ gain. */ 3696 run_bbp_write(sc, 158, 0x2c); 3697 if (chan <= 14) 3698 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3699 else if (chan <= 64) { 3700 run_efuse_read(sc, 3701 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3702 &val, 1); 3703 } else if (chan <= 138) { 3704 run_efuse_read(sc, 3705 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3706 &val, 1); 3707 } else if (chan <= 165) { 3708 run_efuse_read(sc, 3709 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3710 &val, 1); 3711 } else 3712 val = 0; 3713 run_bbp_write(sc, 159, val); 3714 3715 /* Tx0 IQ phase. */ 3716 run_bbp_write(sc, 158, 0x2d); 3717 if (chan <= 14) { 3718 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3719 &val, 1); 3720 } else if (chan <= 64) { 3721 run_efuse_read(sc, 3722 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3723 &val, 1); 3724 } else if (chan <= 138) { 3725 run_efuse_read(sc, 3726 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3727 &val, 1); 3728 } else if (chan <= 165) { 3729 run_efuse_read(sc, 3730 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3731 &val, 1); 3732 } else 3733 val = 0; 3734 run_bbp_write(sc, 159, val); 3735 3736 /* Tx1 IQ gain. */ 3737 run_bbp_write(sc, 158, 0x4a); 3738 if (chan <= 14) { 3739 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3740 &val, 1); 3741 } else if (chan <= 64) { 3742 run_efuse_read(sc, 3743 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3744 &val, 1); 3745 } else if (chan <= 138) { 3746 run_efuse_read(sc, 3747 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3748 &val, 1); 3749 } else if (chan <= 165) { 3750 run_efuse_read(sc, 3751 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3752 &val, 1); 3753 } else 3754 val = 0; 3755 run_bbp_write(sc, 159, val); 3756 3757 /* Tx1 IQ phase. */ 3758 run_bbp_write(sc, 158, 0x4b); 3759 if (chan <= 14) { 3760 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3761 &val, 1); 3762 } else if (chan <= 64) { 3763 run_efuse_read(sc, 3764 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3765 &val, 1); 3766 } else if (chan <= 138) { 3767 run_efuse_read(sc, 3768 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3769 &val, 1); 3770 } else if (chan <= 165) { 3771 run_efuse_read(sc, 3772 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3773 &val, 1); 3774 } else 3775 val = 0; 3776 run_bbp_write(sc, 159, val); 3777 3778 /* RF IQ compensation control. */ 3779 run_bbp_write(sc, 158, 0x04); 3780 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3781 &val, 1); 3782 run_bbp_write(sc, 159, val); 3783 3784 /* RF IQ imbalance compensation control. */ 3785 run_bbp_write(sc, 158, 0x03); 3786 run_efuse_read(sc, 3787 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3788 run_bbp_write(sc, 159, val); 3789 } 3790 3791 static void 3792 run_set_agc(struct run_softc *sc, uint8_t agc) 3793 { 3794 uint8_t bbp; 3795 3796 if (sc->mac_ver == 0x3572) { 3797 run_bbp_read(sc, 27, &bbp); 3798 bbp &= ~(0x3 << 5); 3799 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3800 run_bbp_write(sc, 66, agc); 3801 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3802 run_bbp_write(sc, 66, agc); 3803 } else 3804 run_bbp_write(sc, 66, agc); 3805 } 3806 3807 static void 3808 run_select_chan_group(struct run_softc *sc, int group) 3809 { 3810 uint32_t tmp; 3811 uint8_t agc; 3812 3813 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3814 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3815 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3816 if (sc->mac_ver < 0x3572) 3817 run_bbp_write(sc, 86, 0x00); 3818 3819 if (group == 0) { 3820 if (sc->ext_2ghz_lna) { 3821 if (sc->mac_ver >= 0x5390) 3822 run_bbp_write(sc, 75, 0x52); 3823 else { 3824 run_bbp_write(sc, 82, 0x62); 3825 run_bbp_write(sc, 75, 0x46); 3826 } 3827 } else { 3828 if (sc->mac_ver == 0x5592) { 3829 run_bbp_write(sc, 79, 0x1c); 3830 run_bbp_write(sc, 80, 0x0e); 3831 run_bbp_write(sc, 81, 0x3a); 3832 run_bbp_write(sc, 82, 0x62); 3833 3834 run_bbp_write(sc, 195, 0x80); 3835 run_bbp_write(sc, 196, 0xe0); 3836 run_bbp_write(sc, 195, 0x81); 3837 run_bbp_write(sc, 196, 0x1f); 3838 run_bbp_write(sc, 195, 0x82); 3839 run_bbp_write(sc, 196, 0x38); 3840 run_bbp_write(sc, 195, 0x83); 3841 run_bbp_write(sc, 196, 0x32); 3842 run_bbp_write(sc, 195, 0x85); 3843 run_bbp_write(sc, 196, 0x28); 3844 run_bbp_write(sc, 195, 0x86); 3845 run_bbp_write(sc, 196, 0x19); 3846 } else if (sc->mac_ver >= 0x5390) 3847 run_bbp_write(sc, 75, 0x50); 3848 else { 3849 run_bbp_write(sc, 82, 0x84); 3850 run_bbp_write(sc, 75, 0x50); 3851 } 3852 } 3853 } else { 3854 if (sc->mac_ver == 0x5592) { 3855 run_bbp_write(sc, 79, 0x18); 3856 run_bbp_write(sc, 80, 0x08); 3857 run_bbp_write(sc, 81, 0x38); 3858 run_bbp_write(sc, 82, 0x92); 3859 3860 run_bbp_write(sc, 195, 0x80); 3861 run_bbp_write(sc, 196, 0xf0); 3862 run_bbp_write(sc, 195, 0x81); 3863 run_bbp_write(sc, 196, 0x1e); 3864 run_bbp_write(sc, 195, 0x82); 3865 run_bbp_write(sc, 196, 0x28); 3866 run_bbp_write(sc, 195, 0x83); 3867 run_bbp_write(sc, 196, 0x20); 3868 run_bbp_write(sc, 195, 0x85); 3869 run_bbp_write(sc, 196, 0x7f); 3870 run_bbp_write(sc, 195, 0x86); 3871 run_bbp_write(sc, 196, 0x7f); 3872 } else if (sc->mac_ver == 0x3572) 3873 run_bbp_write(sc, 82, 0x94); 3874 else 3875 run_bbp_write(sc, 82, 0xf2); 3876 if (sc->ext_5ghz_lna) 3877 run_bbp_write(sc, 75, 0x46); 3878 else 3879 run_bbp_write(sc, 75, 0x50); 3880 } 3881 3882 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3883 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3884 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3885 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3886 3887 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3888 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3889 if (sc->nrxchains > 1) 3890 tmp |= RT2860_LNA_PE1_EN; 3891 if (group == 0) { /* 2GHz */ 3892 tmp |= RT2860_PA_PE_G0_EN; 3893 if (sc->ntxchains > 1) 3894 tmp |= RT2860_PA_PE_G1_EN; 3895 } else { /* 5GHz */ 3896 tmp |= RT2860_PA_PE_A0_EN; 3897 if (sc->ntxchains > 1) 3898 tmp |= RT2860_PA_PE_A1_EN; 3899 } 3900 if (sc->mac_ver == 0x3572) { 3901 run_rt3070_rf_write(sc, 8, 0x00); 3902 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3903 run_rt3070_rf_write(sc, 8, 0x80); 3904 } else 3905 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3906 3907 if (sc->mac_ver == 0x5592) { 3908 run_bbp_write(sc, 195, 0x8d); 3909 run_bbp_write(sc, 196, 0x1a); 3910 } 3911 3912 /* set initial AGC value */ 3913 if (group == 0) { /* 2GHz band */ 3914 if (sc->mac_ver >= 0x3070) 3915 agc = 0x1c + sc->lna[0] * 2; 3916 else 3917 agc = 0x2e + sc->lna[0]; 3918 } else { /* 5GHz band */ 3919 if (sc->mac_ver == 0x5592) 3920 agc = 0x24 + sc->lna[group] * 2; 3921 else if (sc->mac_ver == 0x3572) 3922 agc = 0x22 + (sc->lna[group] * 5) / 3; 3923 else 3924 agc = 0x32 + (sc->lna[group] * 5) / 3; 3925 } 3926 run_set_agc(sc, agc); 3927 } 3928 3929 static void 3930 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 3931 { 3932 const struct rfprog *rfprog = rt2860_rf2850; 3933 uint32_t r2, r3, r4; 3934 int8_t txpow1, txpow2; 3935 int i; 3936 3937 /* find the settings for this channel (we know it exists) */ 3938 for (i = 0; rfprog[i].chan != chan; i++); 3939 3940 r2 = rfprog[i].r2; 3941 if (sc->ntxchains == 1) 3942 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 3943 if (sc->nrxchains == 1) 3944 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 3945 else if (sc->nrxchains == 2) 3946 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 3947 3948 /* use Tx power values from EEPROM */ 3949 txpow1 = sc->txpow1[i]; 3950 txpow2 = sc->txpow2[i]; 3951 3952 /* Initialize RF R3 and R4. */ 3953 r3 = rfprog[i].r3 & 0xffffc1ff; 3954 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 3955 if (chan > 14) { 3956 if (txpow1 >= 0) { 3957 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 3958 r3 |= (txpow1 << 10) | (1 << 9); 3959 } else { 3960 txpow1 += 7; 3961 3962 /* txpow1 is not possible larger than 15. */ 3963 r3 |= (txpow1 << 10); 3964 } 3965 if (txpow2 >= 0) { 3966 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 3967 r4 |= (txpow2 << 7) | (1 << 6); 3968 } else { 3969 txpow2 += 7; 3970 r4 |= (txpow2 << 7); 3971 } 3972 } else { 3973 /* Set Tx0 power. */ 3974 r3 |= (txpow1 << 9); 3975 3976 /* Set frequency offset and Tx1 power. */ 3977 r4 |= (txpow2 << 6); 3978 } 3979 3980 run_rt2870_rf_write(sc, rfprog[i].r1); 3981 run_rt2870_rf_write(sc, r2); 3982 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 3983 run_rt2870_rf_write(sc, r4); 3984 3985 run_delay(sc, 10); 3986 3987 run_rt2870_rf_write(sc, rfprog[i].r1); 3988 run_rt2870_rf_write(sc, r2); 3989 run_rt2870_rf_write(sc, r3 | (1 << 2)); 3990 run_rt2870_rf_write(sc, r4); 3991 3992 run_delay(sc, 10); 3993 3994 run_rt2870_rf_write(sc, rfprog[i].r1); 3995 run_rt2870_rf_write(sc, r2); 3996 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 3997 run_rt2870_rf_write(sc, r4); 3998 } 3999 4000 static void 4001 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4002 { 4003 int8_t txpow1, txpow2; 4004 uint8_t rf; 4005 int i; 4006 4007 /* find the settings for this channel (we know it exists) */ 4008 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4009 4010 /* use Tx power values from EEPROM */ 4011 txpow1 = sc->txpow1[i]; 4012 txpow2 = sc->txpow2[i]; 4013 4014 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4015 4016 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4017 run_rt3070_rf_read(sc, 3, &rf); 4018 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4019 run_rt3070_rf_write(sc, 3, rf); 4020 4021 run_rt3070_rf_read(sc, 6, &rf); 4022 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4023 run_rt3070_rf_write(sc, 6, rf); 4024 4025 /* set Tx0 power */ 4026 run_rt3070_rf_read(sc, 12, &rf); 4027 rf = (rf & ~0x1f) | txpow1; 4028 run_rt3070_rf_write(sc, 12, rf); 4029 4030 /* set Tx1 power */ 4031 run_rt3070_rf_read(sc, 13, &rf); 4032 rf = (rf & ~0x1f) | txpow2; 4033 run_rt3070_rf_write(sc, 13, rf); 4034 4035 run_rt3070_rf_read(sc, 1, &rf); 4036 rf &= ~0xfc; 4037 if (sc->ntxchains == 1) 4038 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4039 else if (sc->ntxchains == 2) 4040 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4041 if (sc->nrxchains == 1) 4042 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4043 else if (sc->nrxchains == 2) 4044 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4045 run_rt3070_rf_write(sc, 1, rf); 4046 4047 /* set RF offset */ 4048 run_rt3070_rf_read(sc, 23, &rf); 4049 rf = (rf & ~0x7f) | sc->freq; 4050 run_rt3070_rf_write(sc, 23, rf); 4051 4052 /* program RF filter */ 4053 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4054 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4055 run_rt3070_rf_write(sc, 24, rf); 4056 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4057 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4058 run_rt3070_rf_write(sc, 31, rf); 4059 4060 /* enable RF tuning */ 4061 run_rt3070_rf_read(sc, 7, &rf); 4062 run_rt3070_rf_write(sc, 7, rf | 0x01); 4063 } 4064 4065 static void 4066 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4067 { 4068 int8_t txpow1, txpow2; 4069 uint32_t tmp; 4070 uint8_t rf; 4071 int i; 4072 4073 /* find the settings for this channel (we know it exists) */ 4074 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4075 4076 /* use Tx power values from EEPROM */ 4077 txpow1 = sc->txpow1[i]; 4078 txpow2 = sc->txpow2[i]; 4079 4080 if (chan <= 14) { 4081 run_bbp_write(sc, 25, sc->bbp25); 4082 run_bbp_write(sc, 26, sc->bbp26); 4083 } else { 4084 /* enable IQ phase correction */ 4085 run_bbp_write(sc, 25, 0x09); 4086 run_bbp_write(sc, 26, 0xff); 4087 } 4088 4089 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4090 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4091 run_rt3070_rf_read(sc, 6, &rf); 4092 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4093 rf |= (chan <= 14) ? 0x08 : 0x04; 4094 run_rt3070_rf_write(sc, 6, rf); 4095 4096 /* set PLL mode */ 4097 run_rt3070_rf_read(sc, 5, &rf); 4098 rf &= ~(0x08 | 0x04); 4099 rf |= (chan <= 14) ? 0x04 : 0x08; 4100 run_rt3070_rf_write(sc, 5, rf); 4101 4102 /* set Tx power for chain 0 */ 4103 if (chan <= 14) 4104 rf = 0x60 | txpow1; 4105 else 4106 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4107 run_rt3070_rf_write(sc, 12, rf); 4108 4109 /* set Tx power for chain 1 */ 4110 if (chan <= 14) 4111 rf = 0x60 | txpow2; 4112 else 4113 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4114 run_rt3070_rf_write(sc, 13, rf); 4115 4116 /* set Tx/Rx streams */ 4117 run_rt3070_rf_read(sc, 1, &rf); 4118 rf &= ~0xfc; 4119 if (sc->ntxchains == 1) 4120 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4121 else if (sc->ntxchains == 2) 4122 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4123 if (sc->nrxchains == 1) 4124 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4125 else if (sc->nrxchains == 2) 4126 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4127 run_rt3070_rf_write(sc, 1, rf); 4128 4129 /* set RF offset */ 4130 run_rt3070_rf_read(sc, 23, &rf); 4131 rf = (rf & ~0x7f) | sc->freq; 4132 run_rt3070_rf_write(sc, 23, rf); 4133 4134 /* program RF filter */ 4135 rf = sc->rf24_20mhz; 4136 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4137 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4138 4139 /* enable RF tuning */ 4140 run_rt3070_rf_read(sc, 7, &rf); 4141 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4142 run_rt3070_rf_write(sc, 7, rf); 4143 4144 /* TSSI */ 4145 rf = (chan <= 14) ? 0xc3 : 0xc0; 4146 run_rt3070_rf_write(sc, 9, rf); 4147 4148 /* set loop filter 1 */ 4149 run_rt3070_rf_write(sc, 10, 0xf1); 4150 /* set loop filter 2 */ 4151 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4152 4153 /* set tx_mx2_ic */ 4154 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4155 /* set tx_mx1_ic */ 4156 if (chan <= 14) 4157 rf = 0x48 | sc->txmixgain_2ghz; 4158 else 4159 rf = 0x78 | sc->txmixgain_5ghz; 4160 run_rt3070_rf_write(sc, 16, rf); 4161 4162 /* set tx_lo1 */ 4163 run_rt3070_rf_write(sc, 17, 0x23); 4164 /* set tx_lo2 */ 4165 if (chan <= 14) 4166 rf = 0x93; 4167 else if (chan <= 64) 4168 rf = 0xb7; 4169 else if (chan <= 128) 4170 rf = 0x74; 4171 else 4172 rf = 0x72; 4173 run_rt3070_rf_write(sc, 19, rf); 4174 4175 /* set rx_lo1 */ 4176 if (chan <= 14) 4177 rf = 0xb3; 4178 else if (chan <= 64) 4179 rf = 0xf6; 4180 else if (chan <= 128) 4181 rf = 0xf4; 4182 else 4183 rf = 0xf3; 4184 run_rt3070_rf_write(sc, 20, rf); 4185 4186 /* set pfd_delay */ 4187 if (chan <= 14) 4188 rf = 0x15; 4189 else if (chan <= 64) 4190 rf = 0x3d; 4191 else 4192 rf = 0x01; 4193 run_rt3070_rf_write(sc, 25, rf); 4194 4195 /* set rx_lo2 */ 4196 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4197 /* set ldo_rf_vc */ 4198 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4199 /* set drv_cc */ 4200 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4201 4202 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4203 tmp &= ~0x8080; 4204 if (chan <= 14) 4205 tmp |= 0x80; 4206 run_write(sc, RT2860_GPIO_CTRL, tmp); 4207 4208 /* enable RF tuning */ 4209 run_rt3070_rf_read(sc, 7, &rf); 4210 run_rt3070_rf_write(sc, 7, rf | 0x01); 4211 4212 run_delay(sc, 2); 4213 } 4214 4215 static void 4216 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4217 { 4218 int8_t txpow1, txpow2; 4219 uint8_t rf; 4220 int i; 4221 4222 /* find the settings for this channel (we know it exists) */ 4223 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4224 4225 /* use Tx power values from EEPROM */ 4226 txpow1 = sc->txpow1[i]; 4227 txpow2 = sc->txpow2[i]; 4228 4229 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4230 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4231 run_rt3070_rf_read(sc, 11, &rf); 4232 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4233 run_rt3070_rf_write(sc, 11, rf); 4234 4235 run_rt3070_rf_read(sc, 49, &rf); 4236 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4237 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4238 if ((rf & 0x3f) > 0x27) 4239 rf = (rf & ~0x3f) | 0x27; 4240 run_rt3070_rf_write(sc, 49, rf); 4241 4242 if (sc->mac_ver == 0x5392) { 4243 run_rt3070_rf_read(sc, 50, &rf); 4244 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4245 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4246 if ((rf & 0x3f) > 0x27) 4247 rf = (rf & ~0x3f) | 0x27; 4248 run_rt3070_rf_write(sc, 50, rf); 4249 } 4250 4251 run_rt3070_rf_read(sc, 1, &rf); 4252 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4253 if (sc->mac_ver == 0x5392) 4254 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4255 run_rt3070_rf_write(sc, 1, rf); 4256 4257 if (sc->mac_ver != 0x5392) { 4258 run_rt3070_rf_read(sc, 2, &rf); 4259 rf |= 0x80; 4260 run_rt3070_rf_write(sc, 2, rf); 4261 run_delay(sc, 10); 4262 rf &= 0x7f; 4263 run_rt3070_rf_write(sc, 2, rf); 4264 } 4265 4266 run_adjust_freq_offset(sc); 4267 4268 if (sc->mac_ver == 0x5392) { 4269 /* Fix for RT5392C. */ 4270 if (sc->mac_rev >= 0x0223) { 4271 if (chan <= 4) 4272 rf = 0x0f; 4273 else if (chan >= 5 && chan <= 7) 4274 rf = 0x0e; 4275 else 4276 rf = 0x0d; 4277 run_rt3070_rf_write(sc, 23, rf); 4278 4279 if (chan <= 4) 4280 rf = 0x0c; 4281 else if (chan == 5) 4282 rf = 0x0b; 4283 else if (chan >= 6 && chan <= 7) 4284 rf = 0x0a; 4285 else if (chan >= 8 && chan <= 10) 4286 rf = 0x09; 4287 else 4288 rf = 0x08; 4289 run_rt3070_rf_write(sc, 59, rf); 4290 } else { 4291 if (chan <= 11) 4292 rf = 0x0f; 4293 else 4294 rf = 0x0b; 4295 run_rt3070_rf_write(sc, 59, rf); 4296 } 4297 } else { 4298 /* Fix for RT5390F. */ 4299 if (sc->mac_rev >= 0x0502) { 4300 if (chan <= 11) 4301 rf = 0x43; 4302 else 4303 rf = 0x23; 4304 run_rt3070_rf_write(sc, 55, rf); 4305 4306 if (chan <= 11) 4307 rf = 0x0f; 4308 else if (chan == 12) 4309 rf = 0x0d; 4310 else 4311 rf = 0x0b; 4312 run_rt3070_rf_write(sc, 59, rf); 4313 } else { 4314 run_rt3070_rf_write(sc, 55, 0x44); 4315 run_rt3070_rf_write(sc, 59, 0x8f); 4316 } 4317 } 4318 4319 /* Enable VCO calibration. */ 4320 run_rt3070_rf_read(sc, 3, &rf); 4321 rf |= RT5390_VCOCAL; 4322 run_rt3070_rf_write(sc, 3, rf); 4323 } 4324 4325 static void 4326 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4327 { 4328 const struct rt5592_freqs *freqs; 4329 uint32_t tmp; 4330 uint8_t reg, rf, txpow_bound; 4331 int8_t txpow1, txpow2; 4332 int i; 4333 4334 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4335 freqs = (tmp & RT5592_SEL_XTAL) ? 4336 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4337 4338 /* find the settings for this channel (we know it exists) */ 4339 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4340 4341 /* use Tx power values from EEPROM */ 4342 txpow1 = sc->txpow1[i]; 4343 txpow2 = sc->txpow2[i]; 4344 4345 run_read(sc, RT3070_LDO_CFG0, &tmp); 4346 tmp &= ~0x1c000000; 4347 if (chan > 14) 4348 tmp |= 0x14000000; 4349 run_write(sc, RT3070_LDO_CFG0, tmp); 4350 4351 /* N setting. */ 4352 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4353 run_rt3070_rf_read(sc, 9, &rf); 4354 rf &= ~(1 << 4); 4355 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4356 run_rt3070_rf_write(sc, 9, rf); 4357 4358 /* K setting. */ 4359 run_rt3070_rf_read(sc, 9, &rf); 4360 rf &= ~0x0f; 4361 rf |= (freqs->k & 0x0f); 4362 run_rt3070_rf_write(sc, 9, rf); 4363 4364 /* Mode setting. */ 4365 run_rt3070_rf_read(sc, 11, &rf); 4366 rf &= ~0x0c; 4367 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4368 run_rt3070_rf_write(sc, 11, rf); 4369 run_rt3070_rf_read(sc, 9, &rf); 4370 rf &= ~(1 << 7); 4371 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4372 run_rt3070_rf_write(sc, 9, rf); 4373 4374 /* R setting. */ 4375 run_rt3070_rf_read(sc, 11, &rf); 4376 rf &= ~0x03; 4377 rf |= (freqs->r - 0x1); 4378 run_rt3070_rf_write(sc, 11, rf); 4379 4380 if (chan <= 14) { 4381 /* Initialize RF registers for 2GHZ. */ 4382 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4383 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4384 rt5592_2ghz_def_rf[i].val); 4385 } 4386 4387 rf = (chan <= 10) ? 0x07 : 0x06; 4388 run_rt3070_rf_write(sc, 23, rf); 4389 run_rt3070_rf_write(sc, 59, rf); 4390 4391 run_rt3070_rf_write(sc, 55, 0x43); 4392 4393 /* 4394 * RF R49/R50 Tx power ALC code. 4395 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4396 */ 4397 reg = 2; 4398 txpow_bound = 0x27; 4399 } else { 4400 /* Initialize RF registers for 5GHZ. */ 4401 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4402 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4403 rt5592_5ghz_def_rf[i].val); 4404 } 4405 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4406 if (chan >= rt5592_chan_5ghz[i].firstchan && 4407 chan <= rt5592_chan_5ghz[i].lastchan) { 4408 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4409 rt5592_chan_5ghz[i].val); 4410 } 4411 } 4412 4413 /* 4414 * RF R49/R50 Tx power ALC code. 4415 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4416 */ 4417 reg = 3; 4418 txpow_bound = 0x2b; 4419 } 4420 4421 /* RF R49 ch0 Tx power ALC code. */ 4422 run_rt3070_rf_read(sc, 49, &rf); 4423 rf &= ~0xc0; 4424 rf |= (reg << 6); 4425 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4426 if ((rf & 0x3f) > txpow_bound) 4427 rf = (rf & ~0x3f) | txpow_bound; 4428 run_rt3070_rf_write(sc, 49, rf); 4429 4430 /* RF R50 ch1 Tx power ALC code. */ 4431 run_rt3070_rf_read(sc, 50, &rf); 4432 rf &= ~(1 << 7 | 1 << 6); 4433 rf |= (reg << 6); 4434 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4435 if ((rf & 0x3f) > txpow_bound) 4436 rf = (rf & ~0x3f) | txpow_bound; 4437 run_rt3070_rf_write(sc, 50, rf); 4438 4439 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4440 run_rt3070_rf_read(sc, 1, &rf); 4441 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4442 if (sc->ntxchains > 1) 4443 rf |= RT3070_TX1_PD; 4444 if (sc->nrxchains > 1) 4445 rf |= RT3070_RX1_PD; 4446 run_rt3070_rf_write(sc, 1, rf); 4447 4448 run_rt3070_rf_write(sc, 6, 0xe4); 4449 4450 run_rt3070_rf_write(sc, 30, 0x10); 4451 run_rt3070_rf_write(sc, 31, 0x80); 4452 run_rt3070_rf_write(sc, 32, 0x80); 4453 4454 run_adjust_freq_offset(sc); 4455 4456 /* Enable VCO calibration. */ 4457 run_rt3070_rf_read(sc, 3, &rf); 4458 rf |= RT5390_VCOCAL; 4459 run_rt3070_rf_write(sc, 3, rf); 4460 } 4461 4462 static void 4463 run_set_rx_antenna(struct run_softc *sc, int aux) 4464 { 4465 uint32_t tmp; 4466 uint8_t bbp152; 4467 4468 if (aux) { 4469 if (sc->rf_rev == RT5390_RF_5370) { 4470 run_bbp_read(sc, 152, &bbp152); 4471 run_bbp_write(sc, 152, bbp152 & ~0x80); 4472 } else { 4473 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4474 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4475 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4476 } 4477 } else { 4478 if (sc->rf_rev == RT5390_RF_5370) { 4479 run_bbp_read(sc, 152, &bbp152); 4480 run_bbp_write(sc, 152, bbp152 | 0x80); 4481 } else { 4482 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4483 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4484 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4485 } 4486 } 4487 } 4488 4489 static int 4490 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4491 { 4492 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4493 u_int chan, group; 4494 4495 chan = ieee80211_chan2ieee(ic, c); 4496 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4497 return (EINVAL); 4498 4499 if (sc->mac_ver == 0x5592) 4500 run_rt5592_set_chan(sc, chan); 4501 else if (sc->mac_ver >= 0x5390) 4502 run_rt5390_set_chan(sc, chan); 4503 else if (sc->mac_ver == 0x3572) 4504 run_rt3572_set_chan(sc, chan); 4505 else if (sc->mac_ver >= 0x3070) 4506 run_rt3070_set_chan(sc, chan); 4507 else 4508 run_rt2870_set_chan(sc, chan); 4509 4510 /* determine channel group */ 4511 if (chan <= 14) 4512 group = 0; 4513 else if (chan <= 64) 4514 group = 1; 4515 else if (chan <= 128) 4516 group = 2; 4517 else 4518 group = 3; 4519 4520 /* XXX necessary only when group has changed! */ 4521 run_select_chan_group(sc, group); 4522 4523 run_delay(sc, 10); 4524 4525 /* Perform IQ calibration. */ 4526 if (sc->mac_ver >= 0x5392) 4527 run_iq_calib(sc, chan); 4528 4529 return (0); 4530 } 4531 4532 static void 4533 run_set_channel(struct ieee80211com *ic) 4534 { 4535 struct run_softc *sc = ic->ic_ifp->if_softc; 4536 4537 RUN_LOCK(sc); 4538 run_set_chan(sc, ic->ic_curchan); 4539 RUN_UNLOCK(sc); 4540 4541 return; 4542 } 4543 4544 static void 4545 run_scan_start(struct ieee80211com *ic) 4546 { 4547 struct run_softc *sc = ic->ic_ifp->if_softc; 4548 uint32_t tmp; 4549 4550 RUN_LOCK(sc); 4551 4552 /* abort TSF synchronization */ 4553 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4554 run_write(sc, RT2860_BCN_TIME_CFG, 4555 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4556 RT2860_TBTT_TIMER_EN)); 4557 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4558 4559 RUN_UNLOCK(sc); 4560 4561 return; 4562 } 4563 4564 static void 4565 run_scan_end(struct ieee80211com *ic) 4566 { 4567 struct run_softc *sc = ic->ic_ifp->if_softc; 4568 4569 RUN_LOCK(sc); 4570 4571 run_enable_tsf_sync(sc); 4572 /* XXX keep local copy */ 4573 run_set_bssid(sc, sc->sc_bssid); 4574 4575 RUN_UNLOCK(sc); 4576 4577 return; 4578 } 4579 4580 /* 4581 * Could be called from ieee80211_node_timeout() 4582 * (non-sleepable thread) 4583 */ 4584 static void 4585 run_update_beacon(struct ieee80211vap *vap, int item) 4586 { 4587 struct ieee80211com *ic = vap->iv_ic; 4588 struct run_softc *sc = ic->ic_ifp->if_softc; 4589 struct run_vap *rvp = RUN_VAP(vap); 4590 int mcast = 0; 4591 uint32_t i; 4592 4593 KASSERT(vap != NULL, ("no beacon")); 4594 4595 switch (item) { 4596 case IEEE80211_BEACON_ERP: 4597 run_updateslot(ic->ic_ifp); 4598 break; 4599 case IEEE80211_BEACON_HTINFO: 4600 run_updateprot(ic); 4601 break; 4602 case IEEE80211_BEACON_TIM: 4603 mcast = 1; /*TODO*/ 4604 break; 4605 default: 4606 break; 4607 } 4608 4609 setbit(rvp->bo.bo_flags, item); 4610 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4611 4612 i = RUN_CMDQ_GET(&sc->cmdq_store); 4613 DPRINTF("cmdq_store=%d\n", i); 4614 sc->cmdq[i].func = run_update_beacon_cb; 4615 sc->cmdq[i].arg0 = vap; 4616 ieee80211_runtask(ic, &sc->cmdq_task); 4617 4618 return; 4619 } 4620 4621 static void 4622 run_update_beacon_cb(void *arg) 4623 { 4624 struct ieee80211vap *vap = arg; 4625 struct run_vap *rvp = RUN_VAP(vap); 4626 struct ieee80211com *ic = vap->iv_ic; 4627 struct run_softc *sc = ic->ic_ifp->if_softc; 4628 struct rt2860_txwi txwi; 4629 struct mbuf *m; 4630 uint16_t txwisize; 4631 uint8_t ridx; 4632 4633 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4634 return; 4635 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4636 return; 4637 4638 /* 4639 * No need to call ieee80211_beacon_update(), run_update_beacon() 4640 * is taking care of apropriate calls. 4641 */ 4642 if (rvp->beacon_mbuf == NULL) { 4643 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4644 &rvp->bo); 4645 if (rvp->beacon_mbuf == NULL) 4646 return; 4647 } 4648 m = rvp->beacon_mbuf; 4649 4650 memset(&txwi, 0, sizeof(txwi)); 4651 txwi.wcid = 0xff; 4652 txwi.len = htole16(m->m_pkthdr.len); 4653 4654 /* send beacons at the lowest available rate */ 4655 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4656 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4657 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4658 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4659 txwi.phy |= htole16(RT2860_PHY_OFDM); 4660 txwi.txop = RT2860_TX_TXOP_HT; 4661 txwi.flags = RT2860_TX_TS; 4662 txwi.xflags = RT2860_TX_NSEQ; 4663 4664 txwisize = (sc->mac_ver == 0x5592) ? 4665 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4666 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4667 txwisize); 4668 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4669 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4670 } 4671 4672 static void 4673 run_updateprot(struct ieee80211com *ic) 4674 { 4675 struct run_softc *sc = ic->ic_ifp->if_softc; 4676 uint32_t i; 4677 4678 i = RUN_CMDQ_GET(&sc->cmdq_store); 4679 DPRINTF("cmdq_store=%d\n", i); 4680 sc->cmdq[i].func = run_updateprot_cb; 4681 sc->cmdq[i].arg0 = ic; 4682 ieee80211_runtask(ic, &sc->cmdq_task); 4683 } 4684 4685 static void 4686 run_updateprot_cb(void *arg) 4687 { 4688 struct ieee80211com *ic = arg; 4689 struct run_softc *sc = ic->ic_ifp->if_softc; 4690 uint32_t tmp; 4691 4692 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4693 /* setup protection frame rate (MCS code) */ 4694 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4695 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4696 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4697 4698 /* CCK frames don't require protection */ 4699 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4700 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4701 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4702 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4703 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4704 tmp |= RT2860_PROT_CTRL_CTS; 4705 } 4706 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4707 } 4708 4709 static void 4710 run_usb_timeout_cb(void *arg) 4711 { 4712 struct ieee80211vap *vap = arg; 4713 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4714 4715 RUN_LOCK_ASSERT(sc, MA_OWNED); 4716 4717 if(vap->iv_state == IEEE80211_S_RUN && 4718 vap->iv_opmode != IEEE80211_M_STA) 4719 run_reset_livelock(sc); 4720 else if (vap->iv_state == IEEE80211_S_SCAN) { 4721 DPRINTF("timeout caused by scan\n"); 4722 /* cancel bgscan */ 4723 ieee80211_cancel_scan(vap); 4724 } else 4725 DPRINTF("timeout by unknown cause\n"); 4726 } 4727 4728 static void 4729 run_reset_livelock(struct run_softc *sc) 4730 { 4731 uint32_t tmp; 4732 4733 RUN_LOCK_ASSERT(sc, MA_OWNED); 4734 4735 /* 4736 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4737 * can run into a livelock and start sending CTS-to-self frames like 4738 * crazy if protection is enabled. Reset MAC/BBP for a while 4739 */ 4740 run_read(sc, RT2860_DEBUG, &tmp); 4741 DPRINTFN(3, "debug reg %08x\n", tmp); 4742 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4743 DPRINTF("CTS-to-self livelock detected\n"); 4744 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4745 run_delay(sc, 1); 4746 run_write(sc, RT2860_MAC_SYS_CTRL, 4747 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4748 } 4749 } 4750 4751 static void 4752 run_update_promisc_locked(struct ifnet *ifp) 4753 { 4754 struct run_softc *sc = ifp->if_softc; 4755 uint32_t tmp; 4756 4757 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4758 4759 tmp |= RT2860_DROP_UC_NOME; 4760 if (ifp->if_flags & IFF_PROMISC) 4761 tmp &= ~RT2860_DROP_UC_NOME; 4762 4763 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4764 4765 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4766 "entering" : "leaving"); 4767 } 4768 4769 static void 4770 run_update_promisc(struct ifnet *ifp) 4771 { 4772 struct run_softc *sc = ifp->if_softc; 4773 4774 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4775 return; 4776 4777 RUN_LOCK(sc); 4778 run_update_promisc_locked(ifp); 4779 RUN_UNLOCK(sc); 4780 } 4781 4782 static void 4783 run_enable_tsf_sync(struct run_softc *sc) 4784 { 4785 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4786 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4787 uint32_t tmp; 4788 4789 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 4790 ic->ic_opmode); 4791 4792 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4793 tmp &= ~0x1fffff; 4794 tmp |= vap->iv_bss->ni_intval * 16; 4795 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4796 4797 if (ic->ic_opmode == IEEE80211_M_STA) { 4798 /* 4799 * Local TSF is always updated with remote TSF on beacon 4800 * reception. 4801 */ 4802 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4803 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4804 tmp |= RT2860_BCN_TX_EN; 4805 /* 4806 * Local TSF is updated with remote TSF on beacon reception 4807 * only if the remote TSF is greater than local TSF. 4808 */ 4809 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4810 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4811 ic->ic_opmode == IEEE80211_M_MBSS) { 4812 tmp |= RT2860_BCN_TX_EN; 4813 /* SYNC with nobody */ 4814 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4815 } else { 4816 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4817 return; 4818 } 4819 4820 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4821 } 4822 4823 static void 4824 run_enable_mrr(struct run_softc *sc) 4825 { 4826 #define CCK(mcs) (mcs) 4827 #define OFDM(mcs) (1 << 3 | (mcs)) 4828 run_write(sc, RT2860_LG_FBK_CFG0, 4829 OFDM(6) << 28 | /* 54->48 */ 4830 OFDM(5) << 24 | /* 48->36 */ 4831 OFDM(4) << 20 | /* 36->24 */ 4832 OFDM(3) << 16 | /* 24->18 */ 4833 OFDM(2) << 12 | /* 18->12 */ 4834 OFDM(1) << 8 | /* 12-> 9 */ 4835 OFDM(0) << 4 | /* 9-> 6 */ 4836 OFDM(0)); /* 6-> 6 */ 4837 4838 run_write(sc, RT2860_LG_FBK_CFG1, 4839 CCK(2) << 12 | /* 11->5.5 */ 4840 CCK(1) << 8 | /* 5.5-> 2 */ 4841 CCK(0) << 4 | /* 2-> 1 */ 4842 CCK(0)); /* 1-> 1 */ 4843 #undef OFDM 4844 #undef CCK 4845 } 4846 4847 static void 4848 run_set_txpreamble(struct run_softc *sc) 4849 { 4850 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4851 uint32_t tmp; 4852 4853 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4854 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4855 tmp |= RT2860_CCK_SHORT_EN; 4856 else 4857 tmp &= ~RT2860_CCK_SHORT_EN; 4858 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4859 } 4860 4861 static void 4862 run_set_basicrates(struct run_softc *sc) 4863 { 4864 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4865 4866 /* set basic rates mask */ 4867 if (ic->ic_curmode == IEEE80211_MODE_11B) 4868 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4869 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4870 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4871 else /* 11g */ 4872 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4873 } 4874 4875 static void 4876 run_set_leds(struct run_softc *sc, uint16_t which) 4877 { 4878 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4879 which | (sc->leds & 0x7f)); 4880 } 4881 4882 static void 4883 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4884 { 4885 run_write(sc, RT2860_MAC_BSSID_DW0, 4886 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4887 run_write(sc, RT2860_MAC_BSSID_DW1, 4888 bssid[4] | bssid[5] << 8); 4889 } 4890 4891 static void 4892 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4893 { 4894 run_write(sc, RT2860_MAC_ADDR_DW0, 4895 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4896 run_write(sc, RT2860_MAC_ADDR_DW1, 4897 addr[4] | addr[5] << 8 | 0xff << 16); 4898 } 4899 4900 static void 4901 run_updateslot(struct ifnet *ifp) 4902 { 4903 struct run_softc *sc = ifp->if_softc; 4904 struct ieee80211com *ic = ifp->if_l2com; 4905 uint32_t i; 4906 4907 i = RUN_CMDQ_GET(&sc->cmdq_store); 4908 DPRINTF("cmdq_store=%d\n", i); 4909 sc->cmdq[i].func = run_updateslot_cb; 4910 sc->cmdq[i].arg0 = ifp; 4911 ieee80211_runtask(ic, &sc->cmdq_task); 4912 4913 return; 4914 } 4915 4916 /* ARGSUSED */ 4917 static void 4918 run_updateslot_cb(void *arg) 4919 { 4920 struct ifnet *ifp = arg; 4921 struct run_softc *sc = ifp->if_softc; 4922 struct ieee80211com *ic = ifp->if_l2com; 4923 uint32_t tmp; 4924 4925 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4926 tmp &= ~0xff; 4927 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4928 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4929 } 4930 4931 static void 4932 run_update_mcast(struct ifnet *ifp) 4933 { 4934 /* h/w filter supports getting everything or nothing */ 4935 ifp->if_flags |= IFF_ALLMULTI; 4936 } 4937 4938 static int8_t 4939 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4940 { 4941 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4942 struct ieee80211_channel *c = ic->ic_curchan; 4943 int delta; 4944 4945 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4946 u_int chan = ieee80211_chan2ieee(ic, c); 4947 delta = sc->rssi_5ghz[rxchain]; 4948 4949 /* determine channel group */ 4950 if (chan <= 64) 4951 delta -= sc->lna[1]; 4952 else if (chan <= 128) 4953 delta -= sc->lna[2]; 4954 else 4955 delta -= sc->lna[3]; 4956 } else 4957 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4958 4959 return (-12 - delta - rssi); 4960 } 4961 4962 static void 4963 run_rt5390_bbp_init(struct run_softc *sc) 4964 { 4965 int i; 4966 uint8_t bbp; 4967 4968 /* Apply maximum likelihood detection for 2 stream case. */ 4969 run_bbp_read(sc, 105, &bbp); 4970 if (sc->nrxchains > 1) 4971 run_bbp_write(sc, 105, bbp | RT5390_MLD); 4972 4973 /* Avoid data lost and CRC error. */ 4974 run_bbp_read(sc, 4, &bbp); 4975 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 4976 4977 if (sc->mac_ver == 0x5592) { 4978 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 4979 run_bbp_write(sc, rt5592_def_bbp[i].reg, 4980 rt5592_def_bbp[i].val); 4981 } 4982 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 4983 run_bbp_write(sc, 195, i + 0x80); 4984 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 4985 } 4986 } else { 4987 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 4988 run_bbp_write(sc, rt5390_def_bbp[i].reg, 4989 rt5390_def_bbp[i].val); 4990 } 4991 } 4992 if (sc->mac_ver == 0x5392) { 4993 run_bbp_write(sc, 88, 0x90); 4994 run_bbp_write(sc, 95, 0x9a); 4995 run_bbp_write(sc, 98, 0x12); 4996 run_bbp_write(sc, 106, 0x12); 4997 run_bbp_write(sc, 134, 0xd0); 4998 run_bbp_write(sc, 135, 0xf6); 4999 run_bbp_write(sc, 148, 0x84); 5000 } 5001 5002 run_bbp_read(sc, 152, &bbp); 5003 run_bbp_write(sc, 152, bbp | 0x80); 5004 5005 /* Fix BBP254 for RT5592C. */ 5006 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5007 run_bbp_read(sc, 254, &bbp); 5008 run_bbp_write(sc, 254, bbp | 0x80); 5009 } 5010 5011 /* Disable hardware antenna diversity. */ 5012 if (sc->mac_ver == 0x5390) 5013 run_bbp_write(sc, 154, 0); 5014 5015 /* Initialize Rx CCK/OFDM frequency offset report. */ 5016 run_bbp_write(sc, 142, 1); 5017 run_bbp_write(sc, 143, 57); 5018 } 5019 5020 static int 5021 run_bbp_init(struct run_softc *sc) 5022 { 5023 int i, error, ntries; 5024 uint8_t bbp0; 5025 5026 /* wait for BBP to wake up */ 5027 for (ntries = 0; ntries < 20; ntries++) { 5028 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5029 return error; 5030 if (bbp0 != 0 && bbp0 != 0xff) 5031 break; 5032 } 5033 if (ntries == 20) 5034 return (ETIMEDOUT); 5035 5036 /* initialize BBP registers to default values */ 5037 if (sc->mac_ver >= 0x5390) 5038 run_rt5390_bbp_init(sc); 5039 else { 5040 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5041 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5042 rt2860_def_bbp[i].val); 5043 } 5044 } 5045 5046 /* fix BBP84 for RT2860E */ 5047 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5048 run_bbp_write(sc, 84, 0x19); 5049 5050 if (sc->mac_ver >= 0x3070 && sc->mac_ver != 0x5592) { 5051 run_bbp_write(sc, 79, 0x13); 5052 run_bbp_write(sc, 80, 0x05); 5053 run_bbp_write(sc, 81, 0x33); 5054 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5055 run_bbp_write(sc, 69, 0x16); 5056 run_bbp_write(sc, 73, 0x12); 5057 } 5058 return (0); 5059 } 5060 5061 static int 5062 run_rt3070_rf_init(struct run_softc *sc) 5063 { 5064 uint32_t tmp; 5065 uint8_t bbp4, mingain, rf, target; 5066 int i; 5067 5068 run_rt3070_rf_read(sc, 30, &rf); 5069 /* toggle RF R30 bit 7 */ 5070 run_rt3070_rf_write(sc, 30, rf | 0x80); 5071 run_delay(sc, 10); 5072 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5073 5074 /* initialize RF registers to default value */ 5075 if (sc->mac_ver == 0x3572) { 5076 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5077 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5078 rt3572_def_rf[i].val); 5079 } 5080 } else { 5081 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5082 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5083 rt3070_def_rf[i].val); 5084 } 5085 } 5086 5087 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5088 /* 5089 * Change voltage from 1.2V to 1.35V for RT3070. 5090 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5091 * in RT3070(F). 5092 */ 5093 run_read(sc, RT3070_LDO_CFG0, &tmp); 5094 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5095 run_write(sc, RT3070_LDO_CFG0, tmp); 5096 5097 } else if (sc->mac_ver == 0x3071) { 5098 run_rt3070_rf_read(sc, 6, &rf); 5099 run_rt3070_rf_write(sc, 6, rf | 0x40); 5100 run_rt3070_rf_write(sc, 31, 0x14); 5101 5102 run_read(sc, RT3070_LDO_CFG0, &tmp); 5103 tmp &= ~0x1f000000; 5104 if (sc->mac_rev < 0x0211) 5105 tmp |= 0x0d000000; /* 1.3V */ 5106 else 5107 tmp |= 0x01000000; /* 1.2V */ 5108 run_write(sc, RT3070_LDO_CFG0, tmp); 5109 5110 /* patch LNA_PE_G1 */ 5111 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5112 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5113 5114 } else if (sc->mac_ver == 0x3572) { 5115 run_rt3070_rf_read(sc, 6, &rf); 5116 run_rt3070_rf_write(sc, 6, rf | 0x40); 5117 5118 /* increase voltage from 1.2V to 1.35V */ 5119 run_read(sc, RT3070_LDO_CFG0, &tmp); 5120 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5121 run_write(sc, RT3070_LDO_CFG0, tmp); 5122 5123 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5124 run_delay(sc, 1); /* wait for 1msec */ 5125 /* decrease voltage back to 1.2V */ 5126 tmp = (tmp & ~0x1f000000) | 0x01000000; 5127 run_write(sc, RT3070_LDO_CFG0, tmp); 5128 } 5129 } 5130 5131 /* select 20MHz bandwidth */ 5132 run_rt3070_rf_read(sc, 31, &rf); 5133 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5134 5135 /* calibrate filter for 20MHz bandwidth */ 5136 sc->rf24_20mhz = 0x1f; /* default value */ 5137 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5138 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5139 5140 /* select 40MHz bandwidth */ 5141 run_bbp_read(sc, 4, &bbp4); 5142 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5143 run_rt3070_rf_read(sc, 31, &rf); 5144 run_rt3070_rf_write(sc, 31, rf | 0x20); 5145 5146 /* calibrate filter for 40MHz bandwidth */ 5147 sc->rf24_40mhz = 0x2f; /* default value */ 5148 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5149 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5150 5151 /* go back to 20MHz bandwidth */ 5152 run_bbp_read(sc, 4, &bbp4); 5153 run_bbp_write(sc, 4, bbp4 & ~0x18); 5154 5155 if (sc->mac_ver == 0x3572) { 5156 /* save default BBP registers 25 and 26 values */ 5157 run_bbp_read(sc, 25, &sc->bbp25); 5158 run_bbp_read(sc, 26, &sc->bbp26); 5159 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5160 run_rt3070_rf_write(sc, 27, 0x03); 5161 5162 run_read(sc, RT3070_OPT_14, &tmp); 5163 run_write(sc, RT3070_OPT_14, tmp | 1); 5164 5165 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5166 run_rt3070_rf_read(sc, 17, &rf); 5167 rf &= ~RT3070_TX_LO1; 5168 if ((sc->mac_ver == 0x3070 || 5169 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5170 !sc->ext_2ghz_lna) 5171 rf |= 0x20; /* fix for long range Rx issue */ 5172 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5173 if (sc->txmixgain_2ghz >= mingain) 5174 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5175 run_rt3070_rf_write(sc, 17, rf); 5176 } 5177 5178 if (sc->mac_rev == 0x3071) { 5179 run_rt3070_rf_read(sc, 1, &rf); 5180 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5181 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5182 run_rt3070_rf_write(sc, 1, rf); 5183 5184 run_rt3070_rf_read(sc, 15, &rf); 5185 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5186 5187 run_rt3070_rf_read(sc, 20, &rf); 5188 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5189 5190 run_rt3070_rf_read(sc, 21, &rf); 5191 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5192 } 5193 5194 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5195 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5196 run_rt3070_rf_read(sc, 27, &rf); 5197 rf &= ~0x77; 5198 if (sc->mac_rev < 0x0211) 5199 rf |= 0x03; 5200 run_rt3070_rf_write(sc, 27, rf); 5201 } 5202 return (0); 5203 } 5204 5205 static void 5206 run_rt5390_rf_init(struct run_softc *sc) 5207 { 5208 uint32_t tmp; 5209 uint8_t rf; 5210 int i; 5211 5212 /* Toggle RF R2 to initiate calibration. */ 5213 if (sc->mac_ver == 0x5390) { 5214 run_rt3070_rf_read(sc, 2, &rf); 5215 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5216 run_delay(sc, 10); 5217 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5218 } else { 5219 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5220 run_delay(sc, 10); 5221 } 5222 5223 /* Initialize RF registers to default value. */ 5224 if (sc->mac_ver == 0x5592) { 5225 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5226 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5227 rt5592_def_rf[i].val); 5228 } 5229 /* Initialize RF frequency offset. */ 5230 run_adjust_freq_offset(sc); 5231 } else if (sc->mac_ver == 0x5392) { 5232 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5233 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5234 rt5392_def_rf[i].val); 5235 } 5236 if (sc->mac_rev >= 0x0223) { 5237 run_rt3070_rf_write(sc, 23, 0x0f); 5238 run_rt3070_rf_write(sc, 24, 0x3e); 5239 run_rt3070_rf_write(sc, 51, 0x32); 5240 run_rt3070_rf_write(sc, 53, 0x22); 5241 run_rt3070_rf_write(sc, 56, 0xc1); 5242 run_rt3070_rf_write(sc, 59, 0x0f); 5243 } 5244 } else { 5245 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5246 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5247 rt5390_def_rf[i].val); 5248 } 5249 if (sc->mac_rev >= 0x0502) { 5250 run_rt3070_rf_write(sc, 6, 0xe0); 5251 run_rt3070_rf_write(sc, 25, 0x80); 5252 run_rt3070_rf_write(sc, 46, 0x73); 5253 run_rt3070_rf_write(sc, 53, 0x00); 5254 run_rt3070_rf_write(sc, 56, 0x42); 5255 run_rt3070_rf_write(sc, 61, 0xd1); 5256 } 5257 } 5258 5259 sc->rf24_20mhz = 0x1f; /* default value */ 5260 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5261 5262 if (sc->mac_rev < 0x0211) 5263 run_rt3070_rf_write(sc, 27, 0x3); 5264 5265 run_read(sc, RT3070_OPT_14, &tmp); 5266 run_write(sc, RT3070_OPT_14, tmp | 1); 5267 } 5268 5269 static int 5270 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5271 uint8_t *val) 5272 { 5273 uint8_t rf22, rf24; 5274 uint8_t bbp55_pb, bbp55_sb, delta; 5275 int ntries; 5276 5277 /* program filter */ 5278 run_rt3070_rf_read(sc, 24, &rf24); 5279 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5280 run_rt3070_rf_write(sc, 24, rf24); 5281 5282 /* enable baseband loopback mode */ 5283 run_rt3070_rf_read(sc, 22, &rf22); 5284 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5285 5286 /* set power and frequency of passband test tone */ 5287 run_bbp_write(sc, 24, 0x00); 5288 for (ntries = 0; ntries < 100; ntries++) { 5289 /* transmit test tone */ 5290 run_bbp_write(sc, 25, 0x90); 5291 run_delay(sc, 10); 5292 /* read received power */ 5293 run_bbp_read(sc, 55, &bbp55_pb); 5294 if (bbp55_pb != 0) 5295 break; 5296 } 5297 if (ntries == 100) 5298 return (ETIMEDOUT); 5299 5300 /* set power and frequency of stopband test tone */ 5301 run_bbp_write(sc, 24, 0x06); 5302 for (ntries = 0; ntries < 100; ntries++) { 5303 /* transmit test tone */ 5304 run_bbp_write(sc, 25, 0x90); 5305 run_delay(sc, 10); 5306 /* read received power */ 5307 run_bbp_read(sc, 55, &bbp55_sb); 5308 5309 delta = bbp55_pb - bbp55_sb; 5310 if (delta > target) 5311 break; 5312 5313 /* reprogram filter */ 5314 rf24++; 5315 run_rt3070_rf_write(sc, 24, rf24); 5316 } 5317 if (ntries < 100) { 5318 if (rf24 != init) 5319 rf24--; /* backtrack */ 5320 *val = rf24; 5321 run_rt3070_rf_write(sc, 24, rf24); 5322 } 5323 5324 /* restore initial state */ 5325 run_bbp_write(sc, 24, 0x00); 5326 5327 /* disable baseband loopback mode */ 5328 run_rt3070_rf_read(sc, 22, &rf22); 5329 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5330 5331 return (0); 5332 } 5333 5334 static void 5335 run_rt3070_rf_setup(struct run_softc *sc) 5336 { 5337 uint8_t bbp, rf; 5338 int i; 5339 5340 if (sc->mac_ver >= 0x5390) { 5341 if (sc->mac_rev >= 0x0211) { 5342 /* Enable DC filter. */ 5343 run_bbp_write(sc, 103, 0xc0); 5344 5345 if (sc->mac_ver != 0x5592) { 5346 /* Improve power consumption. */ 5347 run_bbp_read(sc, 31, &bbp); 5348 run_bbp_write(sc, 31, bbp & ~0x03); 5349 } 5350 } 5351 5352 run_bbp_read(sc, 138, &bbp); 5353 if (sc->ntxchains == 1) 5354 bbp |= 0x20; /* turn off DAC1 */ 5355 if (sc->nrxchains == 1) 5356 bbp &= ~0x02; /* turn off ADC1 */ 5357 run_bbp_write(sc, 138, bbp); 5358 5359 run_rt3070_rf_read(sc, 38, &rf); 5360 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5361 5362 run_rt3070_rf_read(sc, 39, &rf); 5363 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5364 5365 /* Avoid data lost and CRC error. */ 5366 run_bbp_read(sc, 4, &bbp); 5367 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5368 5369 run_rt3070_rf_read(sc, 30, &rf); 5370 rf = (rf & ~0x18) | 0x10; 5371 run_rt3070_rf_write(sc, 30, rf); 5372 5373 if (sc->mac_ver != 0x5592) { 5374 run_write(sc, RT2860_TX_SW_CFG1, 0); 5375 if (sc->mac_rev < 0x0211) { 5376 run_write(sc, RT2860_TX_SW_CFG2, 5377 sc->patch_dac ? 0x2c : 0x0f); 5378 } else 5379 run_write(sc, RT2860_TX_SW_CFG2, 0); 5380 } 5381 5382 } else if (sc->mac_ver == 0x3572) { 5383 /* enable DC filter */ 5384 if (sc->mac_rev >= 0x0201) 5385 run_bbp_write(sc, 103, 0xc0); 5386 5387 run_bbp_read(sc, 138, &bbp); 5388 if (sc->ntxchains == 1) 5389 bbp |= 0x20; /* turn off DAC1 */ 5390 if (sc->nrxchains == 1) 5391 bbp &= ~0x02; /* turn off ADC1 */ 5392 run_bbp_write(sc, 138, bbp); 5393 5394 if (sc->mac_rev >= 0x0211) { 5395 /* improve power consumption */ 5396 run_bbp_read(sc, 31, &bbp); 5397 run_bbp_write(sc, 31, bbp & ~0x03); 5398 } 5399 5400 run_rt3070_rf_read(sc, 16, &rf); 5401 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5402 run_rt3070_rf_write(sc, 16, rf); 5403 5404 } else if (sc->mac_ver == 0x3071) { 5405 if (sc->mac_rev >= 0x0211) { 5406 /* enable DC filter */ 5407 run_bbp_write(sc, 103, 0xc0); 5408 5409 /* improve power consumption */ 5410 run_bbp_read(sc, 31, &bbp); 5411 run_bbp_write(sc, 31, bbp & ~0x03); 5412 } 5413 5414 run_bbp_read(sc, 138, &bbp); 5415 if (sc->ntxchains == 1) 5416 bbp |= 0x20; /* turn off DAC1 */ 5417 if (sc->nrxchains == 1) 5418 bbp &= ~0x02; /* turn off ADC1 */ 5419 run_bbp_write(sc, 138, bbp); 5420 5421 run_write(sc, RT2860_TX_SW_CFG1, 0); 5422 if (sc->mac_rev < 0x0211) { 5423 run_write(sc, RT2860_TX_SW_CFG2, 5424 sc->patch_dac ? 0x2c : 0x0f); 5425 } else 5426 run_write(sc, RT2860_TX_SW_CFG2, 0); 5427 5428 } else if (sc->mac_ver == 0x3070) { 5429 if (sc->mac_rev >= 0x0201) { 5430 /* enable DC filter */ 5431 run_bbp_write(sc, 103, 0xc0); 5432 5433 /* improve power consumption */ 5434 run_bbp_read(sc, 31, &bbp); 5435 run_bbp_write(sc, 31, bbp & ~0x03); 5436 } 5437 5438 if (sc->mac_rev < 0x0201) { 5439 run_write(sc, RT2860_TX_SW_CFG1, 0); 5440 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5441 } else 5442 run_write(sc, RT2860_TX_SW_CFG2, 0); 5443 } 5444 5445 /* initialize RF registers from ROM for >=RT3071*/ 5446 if (sc->mac_ver >= 0x3071 && sc->mac_ver < 0x5390) { 5447 for (i = 0; i < 10; i++) { 5448 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5449 continue; 5450 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5451 } 5452 } 5453 } 5454 5455 static int 5456 run_txrx_enable(struct run_softc *sc) 5457 { 5458 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5459 uint32_t tmp; 5460 int error, ntries; 5461 5462 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5463 for (ntries = 0; ntries < 200; ntries++) { 5464 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5465 return (error); 5466 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5467 break; 5468 run_delay(sc, 50); 5469 } 5470 if (ntries == 200) 5471 return (ETIMEDOUT); 5472 5473 run_delay(sc, 50); 5474 5475 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5476 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5477 5478 /* enable Rx bulk aggregation (set timeout and limit) */ 5479 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5480 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5481 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5482 5483 /* set Rx filter */ 5484 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5485 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5486 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5487 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5488 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5489 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5490 if (ic->ic_opmode == IEEE80211_M_STA) 5491 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5492 } 5493 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5494 5495 run_write(sc, RT2860_MAC_SYS_CTRL, 5496 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5497 5498 return (0); 5499 } 5500 5501 static void 5502 run_adjust_freq_offset(struct run_softc *sc) 5503 { 5504 uint8_t rf, tmp; 5505 5506 run_rt3070_rf_read(sc, 17, &rf); 5507 tmp = rf; 5508 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5509 rf = MIN(rf, 0x5f); 5510 5511 if (tmp != rf) 5512 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5513 } 5514 5515 static void 5516 run_init_locked(struct run_softc *sc) 5517 { 5518 struct ifnet *ifp = sc->sc_ifp; 5519 struct ieee80211com *ic = ifp->if_l2com; 5520 uint32_t tmp; 5521 uint8_t bbp1, bbp3; 5522 int i; 5523 int ridx; 5524 int ntries; 5525 5526 if (ic->ic_nrunning > 1) 5527 return; 5528 5529 run_stop(sc); 5530 5531 if (run_load_microcode(sc) != 0) { 5532 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5533 goto fail; 5534 } 5535 5536 for (ntries = 0; ntries < 100; ntries++) { 5537 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5538 goto fail; 5539 if (tmp != 0 && tmp != 0xffffffff) 5540 break; 5541 run_delay(sc, 10); 5542 } 5543 if (ntries == 100) 5544 goto fail; 5545 5546 for (i = 0; i != RUN_EP_QUEUES; i++) 5547 run_setup_tx_list(sc, &sc->sc_epq[i]); 5548 5549 run_set_macaddr(sc, IF_LLADDR(ifp)); 5550 5551 for (ntries = 0; ntries < 100; ntries++) { 5552 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5553 goto fail; 5554 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5555 break; 5556 run_delay(sc, 10); 5557 } 5558 if (ntries == 100) { 5559 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5560 goto fail; 5561 } 5562 tmp &= 0xff0; 5563 tmp |= RT2860_TX_WB_DDONE; 5564 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5565 5566 /* turn off PME_OEN to solve high-current issue */ 5567 run_read(sc, RT2860_SYS_CTRL, &tmp); 5568 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5569 5570 run_write(sc, RT2860_MAC_SYS_CTRL, 5571 RT2860_BBP_HRST | RT2860_MAC_SRST); 5572 run_write(sc, RT2860_USB_DMA_CFG, 0); 5573 5574 if (run_reset(sc) != 0) { 5575 device_printf(sc->sc_dev, "could not reset chipset\n"); 5576 goto fail; 5577 } 5578 5579 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5580 5581 /* init Tx power for all Tx rates (from EEPROM) */ 5582 for (ridx = 0; ridx < 5; ridx++) { 5583 if (sc->txpow20mhz[ridx] == 0xffffffff) 5584 continue; 5585 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5586 } 5587 5588 for (i = 0; i < nitems(rt2870_def_mac); i++) 5589 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5590 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5591 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5592 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5593 5594 if (sc->mac_ver >= 0x5390) { 5595 run_write(sc, RT2860_TX_SW_CFG0, 5596 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5597 if (sc->mac_ver >= 0x5392) { 5598 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5599 if (sc->mac_ver == 0x5592) { 5600 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5601 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5602 } else { 5603 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5604 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5605 } 5606 } 5607 } else if (sc->mac_ver >= 0x3070) { 5608 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 5609 run_write(sc, RT2860_TX_SW_CFG0, 5610 4 << RT2860_DLY_PAPE_EN_SHIFT); 5611 } 5612 5613 /* wait while MAC is busy */ 5614 for (ntries = 0; ntries < 100; ntries++) { 5615 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 5616 goto fail; 5617 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 5618 break; 5619 run_delay(sc, 10); 5620 } 5621 if (ntries == 100) 5622 goto fail; 5623 5624 /* clear Host to MCU mailbox */ 5625 run_write(sc, RT2860_H2M_BBPAGENT, 0); 5626 run_write(sc, RT2860_H2M_MAILBOX, 0); 5627 run_delay(sc, 10); 5628 5629 if (run_bbp_init(sc) != 0) { 5630 device_printf(sc->sc_dev, "could not initialize BBP\n"); 5631 goto fail; 5632 } 5633 5634 /* abort TSF synchronization */ 5635 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5636 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5637 RT2860_TBTT_TIMER_EN); 5638 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5639 5640 /* clear RX WCID search table */ 5641 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 5642 /* clear WCID attribute table */ 5643 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 5644 5645 /* hostapd sets a key before init. So, don't clear it. */ 5646 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 5647 /* clear shared key table */ 5648 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 5649 /* clear shared key mode */ 5650 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 5651 } 5652 5653 run_read(sc, RT2860_US_CYC_CNT, &tmp); 5654 tmp = (tmp & ~0xff) | 0x1e; 5655 run_write(sc, RT2860_US_CYC_CNT, tmp); 5656 5657 if (sc->mac_rev != 0x0101) 5658 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 5659 5660 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 5661 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 5662 5663 /* write vendor-specific BBP values (from EEPROM) */ 5664 if (sc->mac_ver < 0x5390) { 5665 for (i = 0; i < 10; i++) { 5666 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 5667 continue; 5668 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 5669 } 5670 } 5671 5672 /* select Main antenna for 1T1R devices */ 5673 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 5674 run_set_rx_antenna(sc, 0); 5675 5676 /* send LEDs operating mode to microcontroller */ 5677 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 5678 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 5679 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 5680 5681 if (sc->mac_ver >= 0x5390) 5682 run_rt5390_rf_init(sc); 5683 else if (sc->mac_ver >= 0x3070) 5684 run_rt3070_rf_init(sc); 5685 5686 /* disable non-existing Rx chains */ 5687 run_bbp_read(sc, 3, &bbp3); 5688 bbp3 &= ~(1 << 3 | 1 << 4); 5689 if (sc->nrxchains == 2) 5690 bbp3 |= 1 << 3; 5691 else if (sc->nrxchains == 3) 5692 bbp3 |= 1 << 4; 5693 run_bbp_write(sc, 3, bbp3); 5694 5695 /* disable non-existing Tx chains */ 5696 run_bbp_read(sc, 1, &bbp1); 5697 if (sc->ntxchains == 1) 5698 bbp1 &= ~(1 << 3 | 1 << 4); 5699 run_bbp_write(sc, 1, bbp1); 5700 5701 if (sc->mac_ver >= 0x3070) 5702 run_rt3070_rf_setup(sc); 5703 5704 /* select default channel */ 5705 run_set_chan(sc, ic->ic_curchan); 5706 5707 /* setup initial protection mode */ 5708 run_updateprot_cb(ic); 5709 5710 /* turn radio LED on */ 5711 run_set_leds(sc, RT2860_LED_RADIO); 5712 5713 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 5714 ifp->if_drv_flags |= IFF_DRV_RUNNING; 5715 sc->cmdq_run = RUN_CMDQ_GO; 5716 5717 for (i = 0; i != RUN_N_XFER; i++) 5718 usbd_xfer_set_stall(sc->sc_xfer[i]); 5719 5720 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 5721 5722 if (run_txrx_enable(sc) != 0) 5723 goto fail; 5724 5725 return; 5726 5727 fail: 5728 run_stop(sc); 5729 } 5730 5731 static void 5732 run_init(void *arg) 5733 { 5734 struct run_softc *sc = arg; 5735 struct ifnet *ifp = sc->sc_ifp; 5736 struct ieee80211com *ic = ifp->if_l2com; 5737 5738 RUN_LOCK(sc); 5739 run_init_locked(sc); 5740 RUN_UNLOCK(sc); 5741 5742 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 5743 ieee80211_start_all(ic); 5744 } 5745 5746 static void 5747 run_stop(void *arg) 5748 { 5749 struct run_softc *sc = (struct run_softc *)arg; 5750 struct ifnet *ifp = sc->sc_ifp; 5751 uint32_t tmp; 5752 int i; 5753 int ntries; 5754 5755 RUN_LOCK_ASSERT(sc, MA_OWNED); 5756 5757 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 5758 run_set_leds(sc, 0); /* turn all LEDs off */ 5759 5760 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5761 5762 sc->ratectl_run = RUN_RATECTL_OFF; 5763 sc->cmdq_run = sc->cmdq_key_set; 5764 5765 RUN_UNLOCK(sc); 5766 5767 for(i = 0; i < RUN_N_XFER; i++) 5768 usbd_transfer_drain(sc->sc_xfer[i]); 5769 5770 RUN_LOCK(sc); 5771 5772 if (sc->rx_m != NULL) { 5773 m_free(sc->rx_m); 5774 sc->rx_m = NULL; 5775 } 5776 5777 /* Disable Tx/Rx DMA. */ 5778 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5779 return; 5780 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 5781 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5782 5783 for (ntries = 0; ntries < 100; ntries++) { 5784 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5785 return; 5786 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5787 break; 5788 run_delay(sc, 10); 5789 } 5790 if (ntries == 100) { 5791 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5792 return; 5793 } 5794 5795 /* disable Tx/Rx */ 5796 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 5797 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5798 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 5799 5800 /* wait for pending Tx to complete */ 5801 for (ntries = 0; ntries < 100; ntries++) { 5802 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 5803 DPRINTF("Cannot read Tx queue count\n"); 5804 break; 5805 } 5806 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 5807 DPRINTF("All Tx cleared\n"); 5808 break; 5809 } 5810 run_delay(sc, 10); 5811 } 5812 if (ntries >= 100) 5813 DPRINTF("There are still pending Tx\n"); 5814 run_delay(sc, 10); 5815 run_write(sc, RT2860_USB_DMA_CFG, 0); 5816 5817 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 5818 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5819 5820 for (i = 0; i != RUN_EP_QUEUES; i++) 5821 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 5822 } 5823 5824 static void 5825 run_delay(struct run_softc *sc, u_int ms) 5826 { 5827 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 5828 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 5829 } 5830 5831 static device_method_t run_methods[] = { 5832 /* Device interface */ 5833 DEVMETHOD(device_probe, run_match), 5834 DEVMETHOD(device_attach, run_attach), 5835 DEVMETHOD(device_detach, run_detach), 5836 DEVMETHOD_END 5837 }; 5838 5839 static driver_t run_driver = { 5840 .name = "run", 5841 .methods = run_methods, 5842 .size = sizeof(struct run_softc) 5843 }; 5844 5845 static devclass_t run_devclass; 5846 5847 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 5848 MODULE_DEPEND(run, wlan, 1, 1, 1); 5849 MODULE_DEPEND(run, usb, 1, 1, 1); 5850 MODULE_DEPEND(run, firmware, 1, 1, 1); 5851 MODULE_VERSION(run, 1); 5852