1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_key_set_cb(void *); 385 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 386 static void run_key_delete_cb(void *); 387 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 388 static void run_ratectl_to(void *); 389 static void run_ratectl_cb(void *, int); 390 static void run_drain_fifo(void *); 391 static void run_iter_func(void *, struct ieee80211_node *); 392 static void run_newassoc_cb(void *); 393 static void run_newassoc(struct ieee80211_node *, int); 394 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 395 const struct ieee80211_rx_stats *, int, int); 396 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 397 static void run_tx_free(struct run_endpoint_queue *pq, 398 struct run_tx_data *, int); 399 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 400 static int run_tx(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402 static int run_tx_mgt(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_sendprot(struct run_softc *, const struct mbuf *, 405 struct ieee80211_node *, int, int); 406 static int run_tx_param(struct run_softc *, struct mbuf *, 407 struct ieee80211_node *, 408 const struct ieee80211_bpf_params *); 409 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 410 const struct ieee80211_bpf_params *); 411 static int run_transmit(struct ieee80211com *, struct mbuf *); 412 static void run_start(struct run_softc *); 413 static void run_parent(struct ieee80211com *); 414 static void run_iq_calib(struct run_softc *, u_int); 415 static void run_set_agc(struct run_softc *, uint8_t); 416 static void run_select_chan_group(struct run_softc *, int); 417 static void run_set_rx_antenna(struct run_softc *, int); 418 static void run_rt2870_set_chan(struct run_softc *, u_int); 419 static void run_rt3070_set_chan(struct run_softc *, u_int); 420 static void run_rt3572_set_chan(struct run_softc *, u_int); 421 static void run_rt3593_set_chan(struct run_softc *, u_int); 422 static void run_rt5390_set_chan(struct run_softc *, u_int); 423 static void run_rt5592_set_chan(struct run_softc *, u_int); 424 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 425 static void run_set_channel(struct ieee80211com *); 426 static void run_scan_start(struct ieee80211com *); 427 static void run_scan_end(struct ieee80211com *); 428 static void run_update_beacon(struct ieee80211vap *, int); 429 static void run_update_beacon_cb(void *); 430 static void run_updateprot(struct ieee80211com *); 431 static void run_updateprot_cb(void *); 432 static void run_usb_timeout_cb(void *); 433 static void run_reset_livelock(struct run_softc *); 434 static void run_enable_tsf_sync(struct run_softc *); 435 static void run_enable_tsf(struct run_softc *); 436 static void run_get_tsf(struct run_softc *, uint64_t *); 437 static void run_enable_mrr(struct run_softc *); 438 static void run_set_txpreamble(struct run_softc *); 439 static void run_set_basicrates(struct run_softc *); 440 static void run_set_leds(struct run_softc *, uint16_t); 441 static void run_set_bssid(struct run_softc *, const uint8_t *); 442 static void run_set_macaddr(struct run_softc *, const uint8_t *); 443 static void run_updateslot(struct ieee80211com *); 444 static void run_updateslot_cb(void *); 445 static void run_update_mcast(struct ieee80211com *); 446 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 447 static void run_update_promisc_locked(struct run_softc *); 448 static void run_update_promisc(struct ieee80211com *); 449 static void run_rt5390_bbp_init(struct run_softc *); 450 static int run_bbp_init(struct run_softc *); 451 static int run_rt3070_rf_init(struct run_softc *); 452 static void run_rt3593_rf_init(struct run_softc *); 453 static void run_rt5390_rf_init(struct run_softc *); 454 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 455 uint8_t *); 456 static void run_rt3070_rf_setup(struct run_softc *); 457 static void run_rt3593_rf_setup(struct run_softc *); 458 static void run_rt5390_rf_setup(struct run_softc *); 459 static int run_txrx_enable(struct run_softc *); 460 static void run_adjust_freq_offset(struct run_softc *); 461 static void run_init_locked(struct run_softc *); 462 static void run_stop(void *); 463 static void run_delay(struct run_softc *, u_int); 464 465 static eventhandler_tag run_etag; 466 467 static const struct rt2860_rate { 468 uint8_t rate; 469 uint8_t mcs; 470 enum ieee80211_phytype phy; 471 uint8_t ctl_ridx; 472 uint16_t sp_ack_dur; 473 uint16_t lp_ack_dur; 474 } rt2860_rates[] = { 475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 487 }; 488 489 static const struct { 490 uint16_t reg; 491 uint32_t val; 492 } rt2870_def_mac[] = { 493 RT2870_DEF_MAC 494 }; 495 496 static const struct { 497 uint8_t reg; 498 uint8_t val; 499 } rt2860_def_bbp[] = { 500 RT2860_DEF_BBP 501 },rt5390_def_bbp[] = { 502 RT5390_DEF_BBP 503 },rt5592_def_bbp[] = { 504 RT5592_DEF_BBP 505 }; 506 507 /* 508 * Default values for BBP register R196 for RT5592. 509 */ 510 static const uint8_t rt5592_bbp_r196[] = { 511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 519 0x2e, 0x36, 0x30, 0x6e 520 }; 521 522 static const struct rfprog { 523 uint8_t chan; 524 uint32_t r1, r2, r3, r4; 525 } rt2860_rf2850[] = { 526 RT2860_RF2850 527 }; 528 529 struct { 530 uint8_t n, r, k; 531 } rt3070_freqs[] = { 532 RT3070_RF3052 533 }; 534 535 static const struct rt5592_freqs { 536 uint16_t n; 537 uint8_t k, m, r; 538 } rt5592_freqs_20mhz[] = { 539 RT5592_RF5592_20MHZ 540 },rt5592_freqs_40mhz[] = { 541 RT5592_RF5592_40MHZ 542 }; 543 544 static const struct { 545 uint8_t reg; 546 uint8_t val; 547 } rt3070_def_rf[] = { 548 RT3070_DEF_RF 549 },rt3572_def_rf[] = { 550 RT3572_DEF_RF 551 },rt3593_def_rf[] = { 552 RT3593_DEF_RF 553 },rt5390_def_rf[] = { 554 RT5390_DEF_RF 555 },rt5392_def_rf[] = { 556 RT5392_DEF_RF 557 },rt5592_def_rf[] = { 558 RT5592_DEF_RF 559 },rt5592_2ghz_def_rf[] = { 560 RT5592_2GHZ_DEF_RF 561 },rt5592_5ghz_def_rf[] = { 562 RT5592_5GHZ_DEF_RF 563 }; 564 565 static const struct { 566 u_int firstchan; 567 u_int lastchan; 568 uint8_t reg; 569 uint8_t val; 570 } rt5592_chan_5ghz[] = { 571 RT5592_CHAN_5GHZ 572 }; 573 574 static const struct usb_config run_config[RUN_N_XFER] = { 575 [RUN_BULK_TX_BE] = { 576 .type = UE_BULK, 577 .endpoint = UE_ADDR_ANY, 578 .ep_index = 0, 579 .direction = UE_DIR_OUT, 580 .bufsize = RUN_MAX_TXSZ, 581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 582 .callback = run_bulk_tx_callback0, 583 .timeout = 5000, /* ms */ 584 }, 585 [RUN_BULK_TX_BK] = { 586 .type = UE_BULK, 587 .endpoint = UE_ADDR_ANY, 588 .direction = UE_DIR_OUT, 589 .ep_index = 1, 590 .bufsize = RUN_MAX_TXSZ, 591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 592 .callback = run_bulk_tx_callback1, 593 .timeout = 5000, /* ms */ 594 }, 595 [RUN_BULK_TX_VI] = { 596 .type = UE_BULK, 597 .endpoint = UE_ADDR_ANY, 598 .direction = UE_DIR_OUT, 599 .ep_index = 2, 600 .bufsize = RUN_MAX_TXSZ, 601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 602 .callback = run_bulk_tx_callback2, 603 .timeout = 5000, /* ms */ 604 }, 605 [RUN_BULK_TX_VO] = { 606 .type = UE_BULK, 607 .endpoint = UE_ADDR_ANY, 608 .direction = UE_DIR_OUT, 609 .ep_index = 3, 610 .bufsize = RUN_MAX_TXSZ, 611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 612 .callback = run_bulk_tx_callback3, 613 .timeout = 5000, /* ms */ 614 }, 615 [RUN_BULK_TX_HCCA] = { 616 .type = UE_BULK, 617 .endpoint = UE_ADDR_ANY, 618 .direction = UE_DIR_OUT, 619 .ep_index = 4, 620 .bufsize = RUN_MAX_TXSZ, 621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 622 .callback = run_bulk_tx_callback4, 623 .timeout = 5000, /* ms */ 624 }, 625 [RUN_BULK_TX_PRIO] = { 626 .type = UE_BULK, 627 .endpoint = UE_ADDR_ANY, 628 .direction = UE_DIR_OUT, 629 .ep_index = 5, 630 .bufsize = RUN_MAX_TXSZ, 631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 632 .callback = run_bulk_tx_callback5, 633 .timeout = 5000, /* ms */ 634 }, 635 [RUN_BULK_RX] = { 636 .type = UE_BULK, 637 .endpoint = UE_ADDR_ANY, 638 .direction = UE_DIR_IN, 639 .bufsize = RUN_MAX_RXSZ, 640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 641 .callback = run_bulk_rx_callback, 642 } 643 }; 644 645 static void 646 run_autoinst(void *arg, struct usb_device *udev, 647 struct usb_attach_arg *uaa) 648 { 649 struct usb_interface *iface; 650 struct usb_interface_descriptor *id; 651 652 if (uaa->dev_state != UAA_DEV_READY) 653 return; 654 655 iface = usbd_get_iface(udev, 0); 656 if (iface == NULL) 657 return; 658 id = iface->idesc; 659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 660 return; 661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 662 return; 663 664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 665 uaa->dev_state = UAA_DEV_EJECTING; 666 } 667 668 static int 669 run_driver_loaded(struct module *mod, int what, void *arg) 670 { 671 switch (what) { 672 case MOD_LOAD: 673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 675 break; 676 case MOD_UNLOAD: 677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 678 break; 679 default: 680 return (EOPNOTSUPP); 681 } 682 return (0); 683 } 684 685 static int 686 run_match(device_t self) 687 { 688 struct usb_attach_arg *uaa = device_get_ivars(self); 689 690 if (uaa->usb_mode != USB_MODE_HOST) 691 return (ENXIO); 692 if (uaa->info.bConfigIndex != 0) 693 return (ENXIO); 694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 695 return (ENXIO); 696 697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 698 } 699 700 static int 701 run_attach(device_t self) 702 { 703 struct run_softc *sc = device_get_softc(self); 704 struct usb_attach_arg *uaa = device_get_ivars(self); 705 struct ieee80211com *ic = &sc->sc_ic; 706 uint32_t ver; 707 int ntries, error; 708 uint8_t iface_index, bands; 709 710 device_set_usb_desc(self); 711 sc->sc_udev = uaa->device; 712 sc->sc_dev = self; 713 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 714 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 715 716 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 717 MTX_NETWORK_LOCK, MTX_DEF); 718 mbufq_init(&sc->sc_snd, ifqmaxlen); 719 720 iface_index = RT2860_IFACE_INDEX; 721 722 error = usbd_transfer_setup(uaa->device, &iface_index, 723 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 724 if (error) { 725 device_printf(self, "could not allocate USB transfers, " 726 "err=%s\n", usbd_errstr(error)); 727 goto detach; 728 } 729 730 RUN_LOCK(sc); 731 732 /* wait for the chip to settle */ 733 for (ntries = 0; ntries < 100; ntries++) { 734 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 735 RUN_UNLOCK(sc); 736 goto detach; 737 } 738 if (ver != 0 && ver != 0xffffffff) 739 break; 740 run_delay(sc, 10); 741 } 742 if (ntries == 100) { 743 device_printf(sc->sc_dev, 744 "timeout waiting for NIC to initialize\n"); 745 RUN_UNLOCK(sc); 746 goto detach; 747 } 748 sc->mac_ver = ver >> 16; 749 sc->mac_rev = ver & 0xffff; 750 751 /* retrieve RF rev. no and various other things from EEPROM */ 752 run_read_eeprom(sc); 753 754 device_printf(sc->sc_dev, 755 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 756 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 757 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 758 759 RUN_UNLOCK(sc); 760 761 ic->ic_softc = sc; 762 ic->ic_name = device_get_nameunit(self); 763 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 764 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 765 766 /* set device capabilities */ 767 ic->ic_caps = 768 IEEE80211_C_STA | /* station mode supported */ 769 IEEE80211_C_MONITOR | /* monitor mode supported */ 770 IEEE80211_C_IBSS | 771 IEEE80211_C_HOSTAP | 772 IEEE80211_C_WDS | /* 4-address traffic works */ 773 IEEE80211_C_MBSS | 774 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 775 IEEE80211_C_SHSLOT | /* short slot time supported */ 776 IEEE80211_C_WME | /* WME */ 777 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 778 779 ic->ic_cryptocaps = 780 IEEE80211_CRYPTO_WEP | 781 IEEE80211_CRYPTO_AES_CCM | 782 IEEE80211_CRYPTO_TKIPMIC | 783 IEEE80211_CRYPTO_TKIP; 784 785 ic->ic_flags |= IEEE80211_F_DATAPAD; 786 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 787 788 bands = 0; 789 setbit(&bands, IEEE80211_MODE_11B); 790 setbit(&bands, IEEE80211_MODE_11G); 791 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 792 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 793 sc->rf_rev == RT5592_RF_5592) 794 setbit(&bands, IEEE80211_MODE_11A); 795 ieee80211_init_channels(ic, NULL, &bands); 796 797 ieee80211_ifattach(ic); 798 799 ic->ic_scan_start = run_scan_start; 800 ic->ic_scan_end = run_scan_end; 801 ic->ic_set_channel = run_set_channel; 802 ic->ic_node_alloc = run_node_alloc; 803 ic->ic_newassoc = run_newassoc; 804 ic->ic_updateslot = run_updateslot; 805 ic->ic_update_mcast = run_update_mcast; 806 ic->ic_wme.wme_update = run_wme_update; 807 ic->ic_raw_xmit = run_raw_xmit; 808 ic->ic_update_promisc = run_update_promisc; 809 ic->ic_vap_create = run_vap_create; 810 ic->ic_vap_delete = run_vap_delete; 811 ic->ic_transmit = run_transmit; 812 ic->ic_parent = run_parent; 813 814 ieee80211_radiotap_attach(ic, 815 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 816 RUN_TX_RADIOTAP_PRESENT, 817 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 818 RUN_RX_RADIOTAP_PRESENT); 819 820 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 821 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 822 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 823 824 if (bootverbose) 825 ieee80211_announce(ic); 826 827 return (0); 828 829 detach: 830 run_detach(self); 831 return (ENXIO); 832 } 833 834 static void 835 run_drain_mbufq(struct run_softc *sc) 836 { 837 struct mbuf *m; 838 struct ieee80211_node *ni; 839 840 RUN_LOCK_ASSERT(sc, MA_OWNED); 841 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 842 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 843 m->m_pkthdr.rcvif = NULL; 844 ieee80211_free_node(ni); 845 m_freem(m); 846 } 847 } 848 849 static int 850 run_detach(device_t self) 851 { 852 struct run_softc *sc = device_get_softc(self); 853 struct ieee80211com *ic = &sc->sc_ic; 854 int i; 855 856 RUN_LOCK(sc); 857 sc->sc_detached = 1; 858 RUN_UNLOCK(sc); 859 860 /* stop all USB transfers */ 861 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 862 863 RUN_LOCK(sc); 864 sc->ratectl_run = RUN_RATECTL_OFF; 865 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 866 867 /* free TX list, if any */ 868 for (i = 0; i != RUN_EP_QUEUES; i++) 869 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 870 871 /* Free TX queue */ 872 run_drain_mbufq(sc); 873 RUN_UNLOCK(sc); 874 875 if (sc->sc_ic.ic_softc == sc) { 876 /* drain tasks */ 877 usb_callout_drain(&sc->ratectl_ch); 878 ieee80211_draintask(ic, &sc->cmdq_task); 879 ieee80211_draintask(ic, &sc->ratectl_task); 880 ieee80211_ifdetach(ic); 881 } 882 883 mtx_destroy(&sc->sc_mtx); 884 885 return (0); 886 } 887 888 static struct ieee80211vap * 889 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 890 enum ieee80211_opmode opmode, int flags, 891 const uint8_t bssid[IEEE80211_ADDR_LEN], 892 const uint8_t mac[IEEE80211_ADDR_LEN]) 893 { 894 struct run_softc *sc = ic->ic_softc; 895 struct run_vap *rvp; 896 struct ieee80211vap *vap; 897 int i; 898 899 if (sc->rvp_cnt >= RUN_VAP_MAX) { 900 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 901 return (NULL); 902 } 903 904 switch (opmode) { 905 case IEEE80211_M_STA: 906 /* enable s/w bmiss handling for sta mode */ 907 flags |= IEEE80211_CLONE_NOBEACONS; 908 /* fall though */ 909 case IEEE80211_M_IBSS: 910 case IEEE80211_M_MONITOR: 911 case IEEE80211_M_HOSTAP: 912 case IEEE80211_M_MBSS: 913 /* other than WDS vaps, only one at a time */ 914 if (!TAILQ_EMPTY(&ic->ic_vaps)) 915 return (NULL); 916 break; 917 case IEEE80211_M_WDS: 918 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 919 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 920 continue; 921 /* WDS vap's always share the local mac address. */ 922 flags &= ~IEEE80211_CLONE_BSSID; 923 break; 924 } 925 if (vap == NULL) { 926 device_printf(sc->sc_dev, 927 "wds only supported in ap mode\n"); 928 return (NULL); 929 } 930 break; 931 default: 932 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 933 return (NULL); 934 } 935 936 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 937 vap = &rvp->vap; 938 939 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 940 bssid) != 0) { 941 /* out of memory */ 942 free(rvp, M_80211_VAP); 943 return (NULL); 944 } 945 946 vap->iv_update_beacon = run_update_beacon; 947 vap->iv_max_aid = RT2870_WCID_MAX; 948 /* 949 * To delete the right key from h/w, we need wcid. 950 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 951 * and matching wcid will be written into there. So, cast 952 * some spells to remove 'const' from ieee80211_key{} 953 */ 954 vap->iv_key_delete = (void *)run_key_delete; 955 vap->iv_key_set = (void *)run_key_set; 956 957 /* override state transition machine */ 958 rvp->newstate = vap->iv_newstate; 959 vap->iv_newstate = run_newstate; 960 if (opmode == IEEE80211_M_IBSS) { 961 rvp->recv_mgmt = vap->iv_recv_mgmt; 962 vap->iv_recv_mgmt = run_recv_mgmt; 963 } 964 965 ieee80211_ratectl_init(vap); 966 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 967 968 /* complete setup */ 969 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 970 mac); 971 972 /* make sure id is always unique */ 973 for (i = 0; i < RUN_VAP_MAX; i++) { 974 if((sc->rvp_bmap & 1 << i) == 0){ 975 sc->rvp_bmap |= 1 << i; 976 rvp->rvp_id = i; 977 break; 978 } 979 } 980 if (sc->rvp_cnt++ == 0) 981 ic->ic_opmode = opmode; 982 983 if (opmode == IEEE80211_M_HOSTAP) 984 sc->cmdq_run = RUN_CMDQ_GO; 985 986 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 987 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 988 989 return (vap); 990 } 991 992 static void 993 run_vap_delete(struct ieee80211vap *vap) 994 { 995 struct run_vap *rvp = RUN_VAP(vap); 996 struct ieee80211com *ic; 997 struct run_softc *sc; 998 uint8_t rvp_id; 999 1000 if (vap == NULL) 1001 return; 1002 1003 ic = vap->iv_ic; 1004 sc = ic->ic_softc; 1005 1006 RUN_LOCK(sc); 1007 1008 m_freem(rvp->beacon_mbuf); 1009 rvp->beacon_mbuf = NULL; 1010 1011 rvp_id = rvp->rvp_id; 1012 sc->ratectl_run &= ~(1 << rvp_id); 1013 sc->rvp_bmap &= ~(1 << rvp_id); 1014 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1015 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1016 --sc->rvp_cnt; 1017 1018 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1019 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1020 1021 RUN_UNLOCK(sc); 1022 1023 ieee80211_ratectl_deinit(vap); 1024 ieee80211_vap_detach(vap); 1025 free(rvp, M_80211_VAP); 1026 } 1027 1028 /* 1029 * There are numbers of functions need to be called in context thread. 1030 * Rather than creating taskqueue event for each of those functions, 1031 * here is all-for-one taskqueue callback function. This function 1032 * gurantees deferred functions are executed in the same order they 1033 * were enqueued. 1034 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1035 */ 1036 static void 1037 run_cmdq_cb(void *arg, int pending) 1038 { 1039 struct run_softc *sc = arg; 1040 uint8_t i; 1041 1042 /* call cmdq[].func locked */ 1043 RUN_LOCK(sc); 1044 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1045 i = sc->cmdq_exec, pending--) { 1046 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1047 if (sc->cmdq_run == RUN_CMDQ_GO) { 1048 /* 1049 * If arg0 is NULL, callback func needs more 1050 * than one arg. So, pass ptr to cmdq struct. 1051 */ 1052 if (sc->cmdq[i].arg0) 1053 sc->cmdq[i].func(sc->cmdq[i].arg0); 1054 else 1055 sc->cmdq[i].func(&sc->cmdq[i]); 1056 } 1057 sc->cmdq[i].arg0 = NULL; 1058 sc->cmdq[i].func = NULL; 1059 sc->cmdq_exec++; 1060 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1061 } 1062 RUN_UNLOCK(sc); 1063 } 1064 1065 static void 1066 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1067 { 1068 struct run_tx_data *data; 1069 1070 memset(pq, 0, sizeof(*pq)); 1071 1072 STAILQ_INIT(&pq->tx_qh); 1073 STAILQ_INIT(&pq->tx_fh); 1074 1075 for (data = &pq->tx_data[0]; 1076 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1077 data->sc = sc; 1078 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1079 } 1080 pq->tx_nfree = RUN_TX_RING_COUNT; 1081 } 1082 1083 static void 1084 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1085 { 1086 struct run_tx_data *data; 1087 1088 /* make sure any subsequent use of the queues will fail */ 1089 pq->tx_nfree = 0; 1090 STAILQ_INIT(&pq->tx_fh); 1091 STAILQ_INIT(&pq->tx_qh); 1092 1093 /* free up all node references and mbufs */ 1094 for (data = &pq->tx_data[0]; 1095 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1096 if (data->m != NULL) { 1097 m_freem(data->m); 1098 data->m = NULL; 1099 } 1100 if (data->ni != NULL) { 1101 ieee80211_free_node(data->ni); 1102 data->ni = NULL; 1103 } 1104 } 1105 } 1106 1107 static int 1108 run_load_microcode(struct run_softc *sc) 1109 { 1110 usb_device_request_t req; 1111 const struct firmware *fw; 1112 const u_char *base; 1113 uint32_t tmp; 1114 int ntries, error; 1115 const uint64_t *temp; 1116 uint64_t bytes; 1117 1118 RUN_UNLOCK(sc); 1119 fw = firmware_get("runfw"); 1120 RUN_LOCK(sc); 1121 if (fw == NULL) { 1122 device_printf(sc->sc_dev, 1123 "failed loadfirmware of file %s\n", "runfw"); 1124 return ENOENT; 1125 } 1126 1127 if (fw->datasize != 8192) { 1128 device_printf(sc->sc_dev, 1129 "invalid firmware size (should be 8KB)\n"); 1130 error = EINVAL; 1131 goto fail; 1132 } 1133 1134 /* 1135 * RT3071/RT3072 use a different firmware 1136 * run-rt2870 (8KB) contains both, 1137 * first half (4KB) is for rt2870, 1138 * last half is for rt3071. 1139 */ 1140 base = fw->data; 1141 if ((sc->mac_ver) != 0x2860 && 1142 (sc->mac_ver) != 0x2872 && 1143 (sc->mac_ver) != 0x3070) { 1144 base += 4096; 1145 } 1146 1147 /* cheap sanity check */ 1148 temp = fw->data; 1149 bytes = *temp; 1150 if (bytes != be64toh(0xffffff0210280210ULL)) { 1151 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1152 error = EINVAL; 1153 goto fail; 1154 } 1155 1156 /* write microcode image */ 1157 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1158 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1159 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1160 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1161 } 1162 1163 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1164 req.bRequest = RT2870_RESET; 1165 USETW(req.wValue, 8); 1166 USETW(req.wIndex, 0); 1167 USETW(req.wLength, 0); 1168 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1169 != 0) { 1170 device_printf(sc->sc_dev, "firmware reset failed\n"); 1171 goto fail; 1172 } 1173 1174 run_delay(sc, 10); 1175 1176 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1177 run_write(sc, RT2860_H2M_MAILBOX, 0); 1178 run_write(sc, RT2860_H2M_INTSRC, 0); 1179 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1180 goto fail; 1181 1182 /* wait until microcontroller is ready */ 1183 for (ntries = 0; ntries < 1000; ntries++) { 1184 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1185 goto fail; 1186 if (tmp & RT2860_MCU_READY) 1187 break; 1188 run_delay(sc, 10); 1189 } 1190 if (ntries == 1000) { 1191 device_printf(sc->sc_dev, 1192 "timeout waiting for MCU to initialize\n"); 1193 error = ETIMEDOUT; 1194 goto fail; 1195 } 1196 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1197 (base == fw->data) ? "RT2870" : "RT3071", 1198 *(base + 4092), *(base + 4093)); 1199 1200 fail: 1201 firmware_put(fw, FIRMWARE_UNLOAD); 1202 return (error); 1203 } 1204 1205 static int 1206 run_reset(struct run_softc *sc) 1207 { 1208 usb_device_request_t req; 1209 1210 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1211 req.bRequest = RT2870_RESET; 1212 USETW(req.wValue, 1); 1213 USETW(req.wIndex, 0); 1214 USETW(req.wLength, 0); 1215 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1216 } 1217 1218 static usb_error_t 1219 run_do_request(struct run_softc *sc, 1220 struct usb_device_request *req, void *data) 1221 { 1222 usb_error_t err; 1223 int ntries = 10; 1224 1225 RUN_LOCK_ASSERT(sc, MA_OWNED); 1226 1227 while (ntries--) { 1228 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1229 req, data, 0, NULL, 250 /* ms */); 1230 if (err == 0) 1231 break; 1232 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1233 usbd_errstr(err)); 1234 run_delay(sc, 10); 1235 } 1236 return (err); 1237 } 1238 1239 static int 1240 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1241 { 1242 uint32_t tmp; 1243 int error; 1244 1245 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1246 if (error == 0) 1247 *val = le32toh(tmp); 1248 else 1249 *val = 0xffffffff; 1250 return (error); 1251 } 1252 1253 static int 1254 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1255 { 1256 usb_device_request_t req; 1257 1258 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1259 req.bRequest = RT2870_READ_REGION_1; 1260 USETW(req.wValue, 0); 1261 USETW(req.wIndex, reg); 1262 USETW(req.wLength, len); 1263 1264 return (run_do_request(sc, &req, buf)); 1265 } 1266 1267 static int 1268 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1269 { 1270 usb_device_request_t req; 1271 1272 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1273 req.bRequest = RT2870_WRITE_2; 1274 USETW(req.wValue, val); 1275 USETW(req.wIndex, reg); 1276 USETW(req.wLength, 0); 1277 1278 return (run_do_request(sc, &req, NULL)); 1279 } 1280 1281 static int 1282 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1283 { 1284 int error; 1285 1286 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1287 error = run_write_2(sc, reg + 2, val >> 16); 1288 return (error); 1289 } 1290 1291 static int 1292 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1293 int len) 1294 { 1295 #if 1 1296 int i, error = 0; 1297 /* 1298 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1299 * We thus issue multiple WRITE_2 commands instead. 1300 */ 1301 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1302 for (i = 0; i < len && error == 0; i += 2) 1303 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1304 return (error); 1305 #else 1306 usb_device_request_t req; 1307 int error = 0; 1308 1309 /* 1310 * NOTE: It appears the WRITE_REGION_1 command cannot be 1311 * passed a huge amount of data, which will crash the 1312 * firmware. Limit amount of data passed to 64-bytes at a 1313 * time. 1314 */ 1315 while (len > 0) { 1316 int delta = 64; 1317 if (delta > len) 1318 delta = len; 1319 1320 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1321 req.bRequest = RT2870_WRITE_REGION_1; 1322 USETW(req.wValue, 0); 1323 USETW(req.wIndex, reg); 1324 USETW(req.wLength, delta); 1325 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1326 if (error != 0) 1327 break; 1328 reg += delta; 1329 buf += delta; 1330 len -= delta; 1331 } 1332 return (error); 1333 #endif 1334 } 1335 1336 static int 1337 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1338 { 1339 int i, error = 0; 1340 1341 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1342 for (i = 0; i < len && error == 0; i += 4) 1343 error = run_write(sc, reg + i, val); 1344 return (error); 1345 } 1346 1347 static int 1348 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1349 { 1350 uint32_t tmp; 1351 uint16_t reg; 1352 int error, ntries; 1353 1354 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1355 return (error); 1356 1357 if (count == 2) 1358 addr *= 2; 1359 /*- 1360 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1361 * DATA0: F E D C 1362 * DATA1: B A 9 8 1363 * DATA2: 7 6 5 4 1364 * DATA3: 3 2 1 0 1365 */ 1366 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1367 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1368 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1369 for (ntries = 0; ntries < 100; ntries++) { 1370 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1371 return (error); 1372 if (!(tmp & RT3070_EFSROM_KICK)) 1373 break; 1374 run_delay(sc, 2); 1375 } 1376 if (ntries == 100) 1377 return (ETIMEDOUT); 1378 1379 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1380 *val = 0xffff; /* address not found */ 1381 return (0); 1382 } 1383 /* determine to which 32-bit register our 16-bit word belongs */ 1384 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1385 if ((error = run_read(sc, reg, &tmp)) != 0) 1386 return (error); 1387 1388 tmp >>= (8 * (addr & 0x3)); 1389 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1390 1391 return (0); 1392 } 1393 1394 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1395 static int 1396 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1397 { 1398 return (run_efuse_read(sc, addr, val, 2)); 1399 } 1400 1401 static int 1402 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1403 { 1404 usb_device_request_t req; 1405 uint16_t tmp; 1406 int error; 1407 1408 addr *= 2; 1409 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1410 req.bRequest = RT2870_EEPROM_READ; 1411 USETW(req.wValue, 0); 1412 USETW(req.wIndex, addr); 1413 USETW(req.wLength, sizeof(tmp)); 1414 1415 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1416 if (error == 0) 1417 *val = le16toh(tmp); 1418 else 1419 *val = 0xffff; 1420 return (error); 1421 } 1422 1423 static __inline int 1424 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1425 { 1426 /* either eFUSE ROM or EEPROM */ 1427 return sc->sc_srom_read(sc, addr, val); 1428 } 1429 1430 static int 1431 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1432 { 1433 uint32_t tmp; 1434 int error, ntries; 1435 1436 for (ntries = 0; ntries < 10; ntries++) { 1437 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1438 return (error); 1439 if (!(tmp & RT2860_RF_REG_CTRL)) 1440 break; 1441 } 1442 if (ntries == 10) 1443 return (ETIMEDOUT); 1444 1445 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1446 } 1447 1448 static int 1449 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1450 { 1451 uint32_t tmp; 1452 int error, ntries; 1453 1454 for (ntries = 0; ntries < 100; ntries++) { 1455 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1456 return (error); 1457 if (!(tmp & RT3070_RF_KICK)) 1458 break; 1459 } 1460 if (ntries == 100) 1461 return (ETIMEDOUT); 1462 1463 tmp = RT3070_RF_KICK | reg << 8; 1464 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1465 return (error); 1466 1467 for (ntries = 0; ntries < 100; ntries++) { 1468 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1469 return (error); 1470 if (!(tmp & RT3070_RF_KICK)) 1471 break; 1472 } 1473 if (ntries == 100) 1474 return (ETIMEDOUT); 1475 1476 *val = tmp & 0xff; 1477 return (0); 1478 } 1479 1480 static int 1481 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1482 { 1483 uint32_t tmp; 1484 int error, ntries; 1485 1486 for (ntries = 0; ntries < 10; ntries++) { 1487 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1488 return (error); 1489 if (!(tmp & RT3070_RF_KICK)) 1490 break; 1491 } 1492 if (ntries == 10) 1493 return (ETIMEDOUT); 1494 1495 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1496 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1497 } 1498 1499 static int 1500 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1501 { 1502 uint32_t tmp; 1503 int ntries, error; 1504 1505 for (ntries = 0; ntries < 10; ntries++) { 1506 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1507 return (error); 1508 if (!(tmp & RT2860_BBP_CSR_KICK)) 1509 break; 1510 } 1511 if (ntries == 10) 1512 return (ETIMEDOUT); 1513 1514 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1515 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1516 return (error); 1517 1518 for (ntries = 0; ntries < 10; ntries++) { 1519 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1520 return (error); 1521 if (!(tmp & RT2860_BBP_CSR_KICK)) 1522 break; 1523 } 1524 if (ntries == 10) 1525 return (ETIMEDOUT); 1526 1527 *val = tmp & 0xff; 1528 return (0); 1529 } 1530 1531 static int 1532 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1533 { 1534 uint32_t tmp; 1535 int ntries, error; 1536 1537 for (ntries = 0; ntries < 10; ntries++) { 1538 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1539 return (error); 1540 if (!(tmp & RT2860_BBP_CSR_KICK)) 1541 break; 1542 } 1543 if (ntries == 10) 1544 return (ETIMEDOUT); 1545 1546 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1547 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1548 } 1549 1550 /* 1551 * Send a command to the 8051 microcontroller unit. 1552 */ 1553 static int 1554 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1555 { 1556 uint32_t tmp; 1557 int error, ntries; 1558 1559 for (ntries = 0; ntries < 100; ntries++) { 1560 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1561 return error; 1562 if (!(tmp & RT2860_H2M_BUSY)) 1563 break; 1564 } 1565 if (ntries == 100) 1566 return ETIMEDOUT; 1567 1568 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1569 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1570 error = run_write(sc, RT2860_HOST_CMD, cmd); 1571 return (error); 1572 } 1573 1574 /* 1575 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1576 * Used to adjust per-rate Tx power registers. 1577 */ 1578 static __inline uint32_t 1579 b4inc(uint32_t b32, int8_t delta) 1580 { 1581 int8_t i, b4; 1582 1583 for (i = 0; i < 8; i++) { 1584 b4 = b32 & 0xf; 1585 b4 += delta; 1586 if (b4 < 0) 1587 b4 = 0; 1588 else if (b4 > 0xf) 1589 b4 = 0xf; 1590 b32 = b32 >> 4 | b4 << 28; 1591 } 1592 return (b32); 1593 } 1594 1595 static const char * 1596 run_get_rf(uint16_t rev) 1597 { 1598 switch (rev) { 1599 case RT2860_RF_2820: return "RT2820"; 1600 case RT2860_RF_2850: return "RT2850"; 1601 case RT2860_RF_2720: return "RT2720"; 1602 case RT2860_RF_2750: return "RT2750"; 1603 case RT3070_RF_3020: return "RT3020"; 1604 case RT3070_RF_2020: return "RT2020"; 1605 case RT3070_RF_3021: return "RT3021"; 1606 case RT3070_RF_3022: return "RT3022"; 1607 case RT3070_RF_3052: return "RT3052"; 1608 case RT3593_RF_3053: return "RT3053"; 1609 case RT5592_RF_5592: return "RT5592"; 1610 case RT5390_RF_5370: return "RT5370"; 1611 case RT5390_RF_5372: return "RT5372"; 1612 } 1613 return ("unknown"); 1614 } 1615 1616 static void 1617 run_rt3593_get_txpower(struct run_softc *sc) 1618 { 1619 uint16_t addr, val; 1620 int i; 1621 1622 /* Read power settings for 2GHz channels. */ 1623 for (i = 0; i < 14; i += 2) { 1624 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1625 RT2860_EEPROM_PWR2GHZ_BASE1; 1626 run_srom_read(sc, addr + i / 2, &val); 1627 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1628 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1629 1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1631 RT2860_EEPROM_PWR2GHZ_BASE2; 1632 run_srom_read(sc, addr + i / 2, &val); 1633 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1634 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1635 1636 if (sc->ntxchains == 3) { 1637 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1638 &val); 1639 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1640 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1641 } 1642 } 1643 /* Fix broken Tx power entries. */ 1644 for (i = 0; i < 14; i++) { 1645 if (sc->txpow1[i] > 31) 1646 sc->txpow1[i] = 5; 1647 if (sc->txpow2[i] > 31) 1648 sc->txpow2[i] = 5; 1649 if (sc->ntxchains == 3) { 1650 if (sc->txpow3[i] > 31) 1651 sc->txpow3[i] = 5; 1652 } 1653 } 1654 /* Read power settings for 5GHz channels. */ 1655 for (i = 0; i < 40; i += 2) { 1656 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1657 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1658 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1659 1660 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1661 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1662 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1663 1664 if (sc->ntxchains == 3) { 1665 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1666 &val); 1667 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1668 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1669 } 1670 } 1671 } 1672 1673 static void 1674 run_get_txpower(struct run_softc *sc) 1675 { 1676 uint16_t val; 1677 int i; 1678 1679 /* Read power settings for 2GHz channels. */ 1680 for (i = 0; i < 14; i += 2) { 1681 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1682 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1683 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1684 1685 if (sc->mac_ver != 0x5390) { 1686 run_srom_read(sc, 1687 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1688 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1689 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1690 } 1691 } 1692 /* Fix broken Tx power entries. */ 1693 for (i = 0; i < 14; i++) { 1694 if (sc->mac_ver >= 0x5390) { 1695 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1696 sc->txpow1[i] = 5; 1697 } else { 1698 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1699 sc->txpow1[i] = 5; 1700 } 1701 if (sc->mac_ver > 0x5390) { 1702 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1703 sc->txpow2[i] = 5; 1704 } else if (sc->mac_ver < 0x5390) { 1705 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1706 sc->txpow2[i] = 5; 1707 } 1708 DPRINTF("chan %d: power1=%d, power2=%d\n", 1709 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1710 } 1711 /* Read power settings for 5GHz channels. */ 1712 for (i = 0; i < 40; i += 2) { 1713 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1714 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1715 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1716 1717 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1718 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1719 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1720 } 1721 /* Fix broken Tx power entries. */ 1722 for (i = 0; i < 40; i++ ) { 1723 if (sc->mac_ver != 0x5592) { 1724 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1725 sc->txpow1[14 + i] = 5; 1726 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1727 sc->txpow2[14 + i] = 5; 1728 } 1729 DPRINTF("chan %d: power1=%d, power2=%d\n", 1730 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1731 sc->txpow2[14 + i]); 1732 } 1733 } 1734 1735 static int 1736 run_read_eeprom(struct run_softc *sc) 1737 { 1738 struct ieee80211com *ic = &sc->sc_ic; 1739 int8_t delta_2ghz, delta_5ghz; 1740 uint32_t tmp; 1741 uint16_t val; 1742 int ridx, ant, i; 1743 1744 /* check whether the ROM is eFUSE ROM or EEPROM */ 1745 sc->sc_srom_read = run_eeprom_read_2; 1746 if (sc->mac_ver >= 0x3070) { 1747 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1748 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1749 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1750 sc->sc_srom_read = run_efuse_read_2; 1751 } 1752 1753 /* read ROM version */ 1754 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1755 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1756 1757 /* read MAC address */ 1758 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1759 ic->ic_macaddr[0] = val & 0xff; 1760 ic->ic_macaddr[1] = val >> 8; 1761 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1762 ic->ic_macaddr[2] = val & 0xff; 1763 ic->ic_macaddr[3] = val >> 8; 1764 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1765 ic->ic_macaddr[4] = val & 0xff; 1766 ic->ic_macaddr[5] = val >> 8; 1767 1768 if (sc->mac_ver < 0x3593) { 1769 /* read vender BBP settings */ 1770 for (i = 0; i < 10; i++) { 1771 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1772 sc->bbp[i].val = val & 0xff; 1773 sc->bbp[i].reg = val >> 8; 1774 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1775 sc->bbp[i].val); 1776 } 1777 if (sc->mac_ver >= 0x3071) { 1778 /* read vendor RF settings */ 1779 for (i = 0; i < 10; i++) { 1780 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1781 &val); 1782 sc->rf[i].val = val & 0xff; 1783 sc->rf[i].reg = val >> 8; 1784 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1785 sc->rf[i].val); 1786 } 1787 } 1788 } 1789 1790 /* read RF frequency offset from EEPROM */ 1791 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1792 RT3593_EEPROM_FREQ, &val); 1793 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1794 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1795 1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1797 RT3593_EEPROM_FREQ_LEDS, &val); 1798 if (val >> 8 != 0xff) { 1799 /* read LEDs operating mode */ 1800 sc->leds = val >> 8; 1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1802 RT3593_EEPROM_LED1, &sc->led[0]); 1803 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1804 RT3593_EEPROM_LED2, &sc->led[1]); 1805 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1806 RT3593_EEPROM_LED3, &sc->led[2]); 1807 } else { 1808 /* broken EEPROM, use default settings */ 1809 sc->leds = 0x01; 1810 sc->led[0] = 0x5555; 1811 sc->led[1] = 0x2221; 1812 sc->led[2] = 0x5627; /* differs from RT2860 */ 1813 } 1814 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1815 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1816 1817 /* read RF information */ 1818 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1819 run_srom_read(sc, 0x00, &val); 1820 else 1821 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1822 1823 if (val == 0xffff) { 1824 device_printf(sc->sc_dev, 1825 "invalid EEPROM antenna info, using default\n"); 1826 DPRINTF("invalid EEPROM antenna info, using default\n"); 1827 if (sc->mac_ver == 0x3572) { 1828 /* default to RF3052 2T2R */ 1829 sc->rf_rev = RT3070_RF_3052; 1830 sc->ntxchains = 2; 1831 sc->nrxchains = 2; 1832 } else if (sc->mac_ver >= 0x3070) { 1833 /* default to RF3020 1T1R */ 1834 sc->rf_rev = RT3070_RF_3020; 1835 sc->ntxchains = 1; 1836 sc->nrxchains = 1; 1837 } else { 1838 /* default to RF2820 1T2R */ 1839 sc->rf_rev = RT2860_RF_2820; 1840 sc->ntxchains = 1; 1841 sc->nrxchains = 2; 1842 } 1843 } else { 1844 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1845 sc->rf_rev = val; 1846 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1847 } else 1848 sc->rf_rev = (val >> 8) & 0xf; 1849 sc->ntxchains = (val >> 4) & 0xf; 1850 sc->nrxchains = val & 0xf; 1851 } 1852 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1853 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1854 1855 /* check if RF supports automatic Tx access gain control */ 1856 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1857 DPRINTF("EEPROM CFG 0x%04x\n", val); 1858 /* check if driver should patch the DAC issue */ 1859 if ((val >> 8) != 0xff) 1860 sc->patch_dac = (val >> 15) & 1; 1861 if ((val & 0xff) != 0xff) { 1862 sc->ext_5ghz_lna = (val >> 3) & 1; 1863 sc->ext_2ghz_lna = (val >> 2) & 1; 1864 /* check if RF supports automatic Tx access gain control */ 1865 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1866 /* check if we have a hardware radio switch */ 1867 sc->rfswitch = val & 1; 1868 } 1869 1870 /* Read Tx power settings. */ 1871 if (sc->mac_ver == 0x3593) 1872 run_rt3593_get_txpower(sc); 1873 else 1874 run_get_txpower(sc); 1875 1876 /* read Tx power compensation for each Tx rate */ 1877 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1878 delta_2ghz = delta_5ghz = 0; 1879 if ((val & 0xff) != 0xff && (val & 0x80)) { 1880 delta_2ghz = val & 0xf; 1881 if (!(val & 0x40)) /* negative number */ 1882 delta_2ghz = -delta_2ghz; 1883 } 1884 val >>= 8; 1885 if ((val & 0xff) != 0xff && (val & 0x80)) { 1886 delta_5ghz = val & 0xf; 1887 if (!(val & 0x40)) /* negative number */ 1888 delta_5ghz = -delta_5ghz; 1889 } 1890 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1891 delta_2ghz, delta_5ghz); 1892 1893 for (ridx = 0; ridx < 5; ridx++) { 1894 uint32_t reg; 1895 1896 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1897 reg = val; 1898 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1899 reg |= (uint32_t)val << 16; 1900 1901 sc->txpow20mhz[ridx] = reg; 1902 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1903 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1904 1905 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1906 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1907 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1908 } 1909 1910 /* Read RSSI offsets and LNA gains from EEPROM. */ 1911 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1912 RT3593_EEPROM_RSSI1_2GHZ, &val); 1913 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1914 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1915 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1916 RT3593_EEPROM_RSSI2_2GHZ, &val); 1917 if (sc->mac_ver >= 0x3070) { 1918 if (sc->mac_ver == 0x3593) { 1919 sc->txmixgain_2ghz = 0; 1920 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1921 } else { 1922 /* 1923 * On RT3070 chips (limited to 2 Rx chains), this ROM 1924 * field contains the Tx mixer gain for the 2GHz band. 1925 */ 1926 if ((val & 0xff) != 0xff) 1927 sc->txmixgain_2ghz = val & 0x7; 1928 } 1929 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1930 } else 1931 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1932 if (sc->mac_ver == 0x3593) 1933 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1934 sc->lna[2] = val >> 8; /* channel group 2 */ 1935 1936 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1937 RT3593_EEPROM_RSSI1_5GHZ, &val); 1938 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1939 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1940 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1941 RT3593_EEPROM_RSSI2_5GHZ, &val); 1942 if (sc->mac_ver == 0x3572) { 1943 /* 1944 * On RT3572 chips (limited to 2 Rx chains), this ROM 1945 * field contains the Tx mixer gain for the 5GHz band. 1946 */ 1947 if ((val & 0xff) != 0xff) 1948 sc->txmixgain_5ghz = val & 0x7; 1949 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1950 } else 1951 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1952 if (sc->mac_ver == 0x3593) { 1953 sc->txmixgain_5ghz = 0; 1954 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1955 } 1956 sc->lna[3] = val >> 8; /* channel group 3 */ 1957 1958 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1959 RT3593_EEPROM_LNA, &val); 1960 sc->lna[0] = val & 0xff; /* channel group 0 */ 1961 sc->lna[1] = val >> 8; /* channel group 1 */ 1962 1963 /* fix broken 5GHz LNA entries */ 1964 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1965 DPRINTF("invalid LNA for channel group %d\n", 2); 1966 sc->lna[2] = sc->lna[1]; 1967 } 1968 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1969 DPRINTF("invalid LNA for channel group %d\n", 3); 1970 sc->lna[3] = sc->lna[1]; 1971 } 1972 1973 /* fix broken RSSI offset entries */ 1974 for (ant = 0; ant < 3; ant++) { 1975 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1976 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1977 ant + 1, sc->rssi_2ghz[ant]); 1978 sc->rssi_2ghz[ant] = 0; 1979 } 1980 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1981 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1982 ant + 1, sc->rssi_5ghz[ant]); 1983 sc->rssi_5ghz[ant] = 0; 1984 } 1985 } 1986 return (0); 1987 } 1988 1989 static struct ieee80211_node * 1990 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1991 { 1992 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1993 } 1994 1995 static int 1996 run_media_change(struct ifnet *ifp) 1997 { 1998 struct ieee80211vap *vap = ifp->if_softc; 1999 struct ieee80211com *ic = vap->iv_ic; 2000 const struct ieee80211_txparam *tp; 2001 struct run_softc *sc = ic->ic_softc; 2002 uint8_t rate, ridx; 2003 int error; 2004 2005 RUN_LOCK(sc); 2006 2007 error = ieee80211_media_change(ifp); 2008 if (error != ENETRESET) { 2009 RUN_UNLOCK(sc); 2010 return (error); 2011 } 2012 2013 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2014 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2015 struct ieee80211_node *ni; 2016 struct run_node *rn; 2017 2018 rate = ic->ic_sup_rates[ic->ic_curmode]. 2019 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2020 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2021 if (rt2860_rates[ridx].rate == rate) 2022 break; 2023 ni = ieee80211_ref_node(vap->iv_bss); 2024 rn = RUN_NODE(ni); 2025 rn->fix_ridx = ridx; 2026 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2027 ieee80211_free_node(ni); 2028 } 2029 2030 #if 0 2031 if ((ifp->if_flags & IFF_UP) && 2032 (ifp->if_drv_flags & RUN_RUNNING)){ 2033 run_init_locked(sc); 2034 } 2035 #endif 2036 2037 RUN_UNLOCK(sc); 2038 2039 return (0); 2040 } 2041 2042 static int 2043 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2044 { 2045 const struct ieee80211_txparam *tp; 2046 struct ieee80211com *ic = vap->iv_ic; 2047 struct run_softc *sc = ic->ic_softc; 2048 struct run_vap *rvp = RUN_VAP(vap); 2049 enum ieee80211_state ostate; 2050 uint32_t sta[3]; 2051 uint32_t tmp; 2052 uint8_t ratectl; 2053 uint8_t restart_ratectl = 0; 2054 uint8_t bid = 1 << rvp->rvp_id; 2055 2056 ostate = vap->iv_state; 2057 DPRINTF("%s -> %s\n", 2058 ieee80211_state_name[ostate], 2059 ieee80211_state_name[nstate]); 2060 2061 IEEE80211_UNLOCK(ic); 2062 RUN_LOCK(sc); 2063 2064 ratectl = sc->ratectl_run; /* remember current state */ 2065 sc->ratectl_run = RUN_RATECTL_OFF; 2066 usb_callout_stop(&sc->ratectl_ch); 2067 2068 if (ostate == IEEE80211_S_RUN) { 2069 /* turn link LED off */ 2070 run_set_leds(sc, RT2860_LED_RADIO); 2071 } 2072 2073 switch (nstate) { 2074 case IEEE80211_S_INIT: 2075 restart_ratectl = 1; 2076 2077 if (ostate != IEEE80211_S_RUN) 2078 break; 2079 2080 ratectl &= ~bid; 2081 sc->runbmap &= ~bid; 2082 2083 /* abort TSF synchronization if there is no vap running */ 2084 if (--sc->running == 0) { 2085 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2086 run_write(sc, RT2860_BCN_TIME_CFG, 2087 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2088 RT2860_TBTT_TIMER_EN)); 2089 } 2090 break; 2091 2092 case IEEE80211_S_RUN: 2093 if (!(sc->runbmap & bid)) { 2094 if(sc->running++) 2095 restart_ratectl = 1; 2096 sc->runbmap |= bid; 2097 } 2098 2099 m_freem(rvp->beacon_mbuf); 2100 rvp->beacon_mbuf = NULL; 2101 2102 switch (vap->iv_opmode) { 2103 case IEEE80211_M_HOSTAP: 2104 case IEEE80211_M_MBSS: 2105 sc->ap_running |= bid; 2106 ic->ic_opmode = vap->iv_opmode; 2107 run_update_beacon_cb(vap); 2108 break; 2109 case IEEE80211_M_IBSS: 2110 sc->adhoc_running |= bid; 2111 if (!sc->ap_running) 2112 ic->ic_opmode = vap->iv_opmode; 2113 run_update_beacon_cb(vap); 2114 break; 2115 case IEEE80211_M_STA: 2116 sc->sta_running |= bid; 2117 if (!sc->ap_running && !sc->adhoc_running) 2118 ic->ic_opmode = vap->iv_opmode; 2119 2120 /* read statistic counters (clear on read) */ 2121 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2122 (uint8_t *)sta, sizeof sta); 2123 2124 break; 2125 default: 2126 ic->ic_opmode = vap->iv_opmode; 2127 break; 2128 } 2129 2130 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2131 struct ieee80211_node *ni; 2132 2133 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2134 RUN_UNLOCK(sc); 2135 IEEE80211_LOCK(ic); 2136 return (-1); 2137 } 2138 run_updateslot(ic); 2139 run_enable_mrr(sc); 2140 run_set_txpreamble(sc); 2141 run_set_basicrates(sc); 2142 ni = ieee80211_ref_node(vap->iv_bss); 2143 IEEE80211_ADDR_COPY(ic->ic_macaddr, ni->ni_bssid); 2144 run_set_bssid(sc, ni->ni_bssid); 2145 ieee80211_free_node(ni); 2146 run_enable_tsf_sync(sc); 2147 2148 /* enable automatic rate adaptation */ 2149 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2150 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2151 ratectl |= bid; 2152 } else 2153 run_enable_tsf(sc); 2154 2155 /* turn link LED on */ 2156 run_set_leds(sc, RT2860_LED_RADIO | 2157 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2158 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2159 2160 break; 2161 default: 2162 DPRINTFN(6, "undefined case\n"); 2163 break; 2164 } 2165 2166 /* restart amrr for running VAPs */ 2167 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2168 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2169 2170 RUN_UNLOCK(sc); 2171 IEEE80211_LOCK(ic); 2172 2173 return(rvp->newstate(vap, nstate, arg)); 2174 } 2175 2176 static int 2177 run_wme_update(struct ieee80211com *ic) 2178 { 2179 struct run_softc *sc = ic->ic_softc; 2180 const struct wmeParams *ac = 2181 ic->ic_wme.wme_chanParams.cap_wmeParams; 2182 int aci, error = 0; 2183 2184 /* update MAC TX configuration registers */ 2185 RUN_LOCK(sc); 2186 for (aci = 0; aci < WME_NUM_AC; aci++) { 2187 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2188 ac[aci].wmep_logcwmax << 16 | 2189 ac[aci].wmep_logcwmin << 12 | 2190 ac[aci].wmep_aifsn << 8 | 2191 ac[aci].wmep_txopLimit); 2192 if (error) goto err; 2193 } 2194 2195 /* update SCH/DMA registers too */ 2196 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2197 ac[WME_AC_VO].wmep_aifsn << 12 | 2198 ac[WME_AC_VI].wmep_aifsn << 8 | 2199 ac[WME_AC_BK].wmep_aifsn << 4 | 2200 ac[WME_AC_BE].wmep_aifsn); 2201 if (error) goto err; 2202 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2203 ac[WME_AC_VO].wmep_logcwmin << 12 | 2204 ac[WME_AC_VI].wmep_logcwmin << 8 | 2205 ac[WME_AC_BK].wmep_logcwmin << 4 | 2206 ac[WME_AC_BE].wmep_logcwmin); 2207 if (error) goto err; 2208 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2209 ac[WME_AC_VO].wmep_logcwmax << 12 | 2210 ac[WME_AC_VI].wmep_logcwmax << 8 | 2211 ac[WME_AC_BK].wmep_logcwmax << 4 | 2212 ac[WME_AC_BE].wmep_logcwmax); 2213 if (error) goto err; 2214 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2215 ac[WME_AC_BK].wmep_txopLimit << 16 | 2216 ac[WME_AC_BE].wmep_txopLimit); 2217 if (error) goto err; 2218 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2219 ac[WME_AC_VO].wmep_txopLimit << 16 | 2220 ac[WME_AC_VI].wmep_txopLimit); 2221 2222 err: 2223 RUN_UNLOCK(sc); 2224 if (error) 2225 DPRINTF("WME update failed\n"); 2226 2227 return (error); 2228 } 2229 2230 static void 2231 run_key_set_cb(void *arg) 2232 { 2233 struct run_cmdq *cmdq = arg; 2234 struct ieee80211vap *vap = cmdq->arg1; 2235 struct ieee80211_key *k = cmdq->k; 2236 struct ieee80211com *ic = vap->iv_ic; 2237 struct run_softc *sc = ic->ic_softc; 2238 struct ieee80211_node *ni; 2239 u_int cipher = k->wk_cipher->ic_cipher; 2240 uint32_t attr; 2241 uint16_t base, associd; 2242 uint8_t mode, wcid, iv[8]; 2243 2244 RUN_LOCK_ASSERT(sc, MA_OWNED); 2245 2246 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2247 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2248 else 2249 ni = vap->iv_bss; 2250 associd = (ni != NULL) ? ni->ni_associd : 0; 2251 2252 /* map net80211 cipher to RT2860 security mode */ 2253 switch (cipher) { 2254 case IEEE80211_CIPHER_WEP: 2255 if(k->wk_keylen < 8) 2256 mode = RT2860_MODE_WEP40; 2257 else 2258 mode = RT2860_MODE_WEP104; 2259 break; 2260 case IEEE80211_CIPHER_TKIP: 2261 mode = RT2860_MODE_TKIP; 2262 break; 2263 case IEEE80211_CIPHER_AES_CCM: 2264 mode = RT2860_MODE_AES_CCMP; 2265 break; 2266 default: 2267 DPRINTF("undefined case\n"); 2268 return; 2269 } 2270 2271 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2272 associd, k->wk_keyix, mode, 2273 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2274 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2275 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2276 2277 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2278 wcid = 0; /* NB: update WCID0 for group keys */ 2279 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2280 } else { 2281 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2282 1 : RUN_AID2WCID(associd); 2283 base = RT2860_PKEY(wcid); 2284 } 2285 2286 if (cipher == IEEE80211_CIPHER_TKIP) { 2287 if(run_write_region_1(sc, base, k->wk_key, 16)) 2288 return; 2289 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2290 return; 2291 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2292 return; 2293 } else { 2294 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2295 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2296 return; 2297 } 2298 2299 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2300 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2301 /* set initial packet number in IV+EIV */ 2302 if (cipher == IEEE80211_CIPHER_WEP) { 2303 memset(iv, 0, sizeof iv); 2304 iv[3] = vap->iv_def_txkey << 6; 2305 } else { 2306 if (cipher == IEEE80211_CIPHER_TKIP) { 2307 iv[0] = k->wk_keytsc >> 8; 2308 iv[1] = (iv[0] | 0x20) & 0x7f; 2309 iv[2] = k->wk_keytsc; 2310 } else /* CCMP */ { 2311 iv[0] = k->wk_keytsc; 2312 iv[1] = k->wk_keytsc >> 8; 2313 iv[2] = 0; 2314 } 2315 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2316 iv[4] = k->wk_keytsc >> 16; 2317 iv[5] = k->wk_keytsc >> 24; 2318 iv[6] = k->wk_keytsc >> 32; 2319 iv[7] = k->wk_keytsc >> 40; 2320 } 2321 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2322 return; 2323 } 2324 2325 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2326 /* install group key */ 2327 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2328 return; 2329 attr &= ~(0xf << (k->wk_keyix * 4)); 2330 attr |= mode << (k->wk_keyix * 4); 2331 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2332 return; 2333 } else { 2334 /* install pairwise key */ 2335 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2336 return; 2337 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2338 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2339 return; 2340 } 2341 2342 /* TODO create a pass-thru key entry? */ 2343 2344 /* need wcid to delete the right key later */ 2345 k->wk_pad = wcid; 2346 } 2347 2348 /* 2349 * Don't have to be deferred, but in order to keep order of 2350 * execution, i.e. with run_key_delete(), defer this and let 2351 * run_cmdq_cb() maintain the order. 2352 * 2353 * return 0 on error 2354 */ 2355 static int 2356 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2357 { 2358 struct ieee80211com *ic = vap->iv_ic; 2359 struct run_softc *sc = ic->ic_softc; 2360 uint32_t i; 2361 2362 i = RUN_CMDQ_GET(&sc->cmdq_store); 2363 DPRINTF("cmdq_store=%d\n", i); 2364 sc->cmdq[i].func = run_key_set_cb; 2365 sc->cmdq[i].arg0 = NULL; 2366 sc->cmdq[i].arg1 = vap; 2367 sc->cmdq[i].k = k; 2368 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2369 ieee80211_runtask(ic, &sc->cmdq_task); 2370 2371 /* 2372 * To make sure key will be set when hostapd 2373 * calls iv_key_set() before if_init(). 2374 */ 2375 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2376 RUN_LOCK(sc); 2377 sc->cmdq_key_set = RUN_CMDQ_GO; 2378 RUN_UNLOCK(sc); 2379 } 2380 2381 return (1); 2382 } 2383 2384 /* 2385 * If wlan is destroyed without being brought down i.e. without 2386 * wlan down or wpa_cli terminate, this function is called after 2387 * vap is gone. Don't refer it. 2388 */ 2389 static void 2390 run_key_delete_cb(void *arg) 2391 { 2392 struct run_cmdq *cmdq = arg; 2393 struct run_softc *sc = cmdq->arg1; 2394 struct ieee80211_key *k = &cmdq->key; 2395 uint32_t attr; 2396 uint8_t wcid; 2397 2398 RUN_LOCK_ASSERT(sc, MA_OWNED); 2399 2400 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2401 /* remove group key */ 2402 DPRINTF("removing group key\n"); 2403 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2404 attr &= ~(0xf << (k->wk_keyix * 4)); 2405 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2406 } else { 2407 /* remove pairwise key */ 2408 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2409 /* matching wcid was written to wk_pad in run_key_set() */ 2410 wcid = k->wk_pad; 2411 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2412 attr &= ~0xf; 2413 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2414 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2415 } 2416 2417 k->wk_pad = 0; 2418 } 2419 2420 /* 2421 * return 0 on error 2422 */ 2423 static int 2424 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2425 { 2426 struct ieee80211com *ic = vap->iv_ic; 2427 struct run_softc *sc = ic->ic_softc; 2428 struct ieee80211_key *k0; 2429 uint32_t i; 2430 2431 /* 2432 * When called back, key might be gone. So, make a copy 2433 * of some values need to delete keys before deferring. 2434 * But, because of LOR with node lock, cannot use lock here. 2435 * So, use atomic instead. 2436 */ 2437 i = RUN_CMDQ_GET(&sc->cmdq_store); 2438 DPRINTF("cmdq_store=%d\n", i); 2439 sc->cmdq[i].func = run_key_delete_cb; 2440 sc->cmdq[i].arg0 = NULL; 2441 sc->cmdq[i].arg1 = sc; 2442 k0 = &sc->cmdq[i].key; 2443 k0->wk_flags = k->wk_flags; 2444 k0->wk_keyix = k->wk_keyix; 2445 /* matching wcid was written to wk_pad in run_key_set() */ 2446 k0->wk_pad = k->wk_pad; 2447 ieee80211_runtask(ic, &sc->cmdq_task); 2448 return (1); /* return fake success */ 2449 2450 } 2451 2452 static void 2453 run_ratectl_to(void *arg) 2454 { 2455 struct run_softc *sc = arg; 2456 2457 /* do it in a process context, so it can go sleep */ 2458 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2459 /* next timeout will be rescheduled in the callback task */ 2460 } 2461 2462 /* ARGSUSED */ 2463 static void 2464 run_ratectl_cb(void *arg, int pending) 2465 { 2466 struct run_softc *sc = arg; 2467 struct ieee80211com *ic = &sc->sc_ic; 2468 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2469 2470 if (vap == NULL) 2471 return; 2472 2473 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2474 /* 2475 * run_reset_livelock() doesn't do anything with AMRR, 2476 * but Ralink wants us to call it every 1 sec. So, we 2477 * piggyback here rather than creating another callout. 2478 * Livelock may occur only in HOSTAP or IBSS mode 2479 * (when h/w is sending beacons). 2480 */ 2481 RUN_LOCK(sc); 2482 run_reset_livelock(sc); 2483 /* just in case, there are some stats to drain */ 2484 run_drain_fifo(sc); 2485 RUN_UNLOCK(sc); 2486 } 2487 2488 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2489 2490 RUN_LOCK(sc); 2491 if(sc->ratectl_run != RUN_RATECTL_OFF) 2492 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2493 RUN_UNLOCK(sc); 2494 } 2495 2496 static void 2497 run_drain_fifo(void *arg) 2498 { 2499 struct run_softc *sc = arg; 2500 uint32_t stat; 2501 uint16_t (*wstat)[3]; 2502 uint8_t wcid, mcs, pid; 2503 int8_t retry; 2504 2505 RUN_LOCK_ASSERT(sc, MA_OWNED); 2506 2507 for (;;) { 2508 /* drain Tx status FIFO (maxsize = 16) */ 2509 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2510 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2511 if (!(stat & RT2860_TXQ_VLD)) 2512 break; 2513 2514 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2515 2516 /* if no ACK was requested, no feedback is available */ 2517 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2518 wcid == 0) 2519 continue; 2520 2521 /* 2522 * Even though each stat is Tx-complete-status like format, 2523 * the device can poll stats. Because there is no guarantee 2524 * that the referring node is still around when read the stats. 2525 * So that, if we use ieee80211_ratectl_tx_update(), we will 2526 * have hard time not to refer already freed node. 2527 * 2528 * To eliminate such page faults, we poll stats in softc. 2529 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2530 */ 2531 wstat = &(sc->wcid_stats[wcid]); 2532 (*wstat)[RUN_TXCNT]++; 2533 if (stat & RT2860_TXQ_OK) 2534 (*wstat)[RUN_SUCCESS]++; 2535 else 2536 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2537 /* 2538 * Check if there were retries, ie if the Tx success rate is 2539 * different from the requested rate. Note that it works only 2540 * because we do not allow rate fallback from OFDM to CCK. 2541 */ 2542 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2543 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2544 if ((retry = pid -1 - mcs) > 0) { 2545 (*wstat)[RUN_TXCNT] += retry; 2546 (*wstat)[RUN_RETRY] += retry; 2547 } 2548 } 2549 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2550 2551 sc->fifo_cnt = 0; 2552 } 2553 2554 static void 2555 run_iter_func(void *arg, struct ieee80211_node *ni) 2556 { 2557 struct run_softc *sc = arg; 2558 struct ieee80211vap *vap = ni->ni_vap; 2559 struct run_node *rn = RUN_NODE(ni); 2560 union run_stats sta[2]; 2561 uint16_t (*wstat)[3]; 2562 int txcnt, success, retrycnt, error; 2563 2564 RUN_LOCK(sc); 2565 2566 /* Check for special case */ 2567 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2568 ni != vap->iv_bss) 2569 goto fail; 2570 2571 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2572 vap->iv_opmode == IEEE80211_M_STA)) { 2573 /* read statistic counters (clear on read) and update AMRR state */ 2574 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2575 sizeof sta); 2576 if (error != 0) 2577 goto fail; 2578 2579 /* count failed TX as errors */ 2580 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2581 le16toh(sta[0].error.fail)); 2582 2583 retrycnt = le16toh(sta[1].tx.retry); 2584 success = le16toh(sta[1].tx.success); 2585 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2586 2587 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2588 retrycnt, success, le16toh(sta[0].error.fail)); 2589 } else { 2590 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2591 2592 if (wstat == &(sc->wcid_stats[0]) || 2593 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2594 goto fail; 2595 2596 txcnt = (*wstat)[RUN_TXCNT]; 2597 success = (*wstat)[RUN_SUCCESS]; 2598 retrycnt = (*wstat)[RUN_RETRY]; 2599 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2600 retrycnt, txcnt, success); 2601 2602 memset(wstat, 0, sizeof(*wstat)); 2603 } 2604 2605 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2606 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2607 2608 fail: 2609 RUN_UNLOCK(sc); 2610 2611 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2612 } 2613 2614 static void 2615 run_newassoc_cb(void *arg) 2616 { 2617 struct run_cmdq *cmdq = arg; 2618 struct ieee80211_node *ni = cmdq->arg1; 2619 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2620 uint8_t wcid = cmdq->wcid; 2621 2622 RUN_LOCK_ASSERT(sc, MA_OWNED); 2623 2624 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2625 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2626 2627 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2628 } 2629 2630 static void 2631 run_newassoc(struct ieee80211_node *ni, int isnew) 2632 { 2633 struct run_node *rn = RUN_NODE(ni); 2634 struct ieee80211_rateset *rs = &ni->ni_rates; 2635 struct ieee80211vap *vap = ni->ni_vap; 2636 struct ieee80211com *ic = vap->iv_ic; 2637 struct run_softc *sc = ic->ic_softc; 2638 uint8_t rate; 2639 uint8_t ridx; 2640 uint8_t wcid; 2641 int i, j; 2642 2643 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2644 1 : RUN_AID2WCID(ni->ni_associd); 2645 2646 if (wcid > RT2870_WCID_MAX) { 2647 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2648 return; 2649 } 2650 2651 /* only interested in true associations */ 2652 if (isnew && ni->ni_associd != 0) { 2653 2654 /* 2655 * This function could is called though timeout function. 2656 * Need to defer. 2657 */ 2658 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2659 DPRINTF("cmdq_store=%d\n", cnt); 2660 sc->cmdq[cnt].func = run_newassoc_cb; 2661 sc->cmdq[cnt].arg0 = NULL; 2662 sc->cmdq[cnt].arg1 = ni; 2663 sc->cmdq[cnt].wcid = wcid; 2664 ieee80211_runtask(ic, &sc->cmdq_task); 2665 } 2666 2667 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2668 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2669 2670 for (i = 0; i < rs->rs_nrates; i++) { 2671 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2672 /* convert 802.11 rate to hardware rate index */ 2673 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2674 if (rt2860_rates[ridx].rate == rate) 2675 break; 2676 rn->ridx[i] = ridx; 2677 /* determine rate of control response frames */ 2678 for (j = i; j >= 0; j--) { 2679 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2680 rt2860_rates[rn->ridx[i]].phy == 2681 rt2860_rates[rn->ridx[j]].phy) 2682 break; 2683 } 2684 if (j >= 0) { 2685 rn->ctl_ridx[i] = rn->ridx[j]; 2686 } else { 2687 /* no basic rate found, use mandatory one */ 2688 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2689 } 2690 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2691 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2692 } 2693 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2694 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2695 if (rt2860_rates[ridx].rate == rate) 2696 break; 2697 rn->mgt_ridx = ridx; 2698 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2699 2700 RUN_LOCK(sc); 2701 if(sc->ratectl_run != RUN_RATECTL_OFF) 2702 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2703 RUN_UNLOCK(sc); 2704 } 2705 2706 /* 2707 * Return the Rx chain with the highest RSSI for a given frame. 2708 */ 2709 static __inline uint8_t 2710 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2711 { 2712 uint8_t rxchain = 0; 2713 2714 if (sc->nrxchains > 1) { 2715 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2716 rxchain = 1; 2717 if (sc->nrxchains > 2) 2718 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2719 rxchain = 2; 2720 } 2721 return (rxchain); 2722 } 2723 2724 static void 2725 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2726 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2727 { 2728 struct ieee80211vap *vap = ni->ni_vap; 2729 struct run_softc *sc = vap->iv_ic->ic_softc; 2730 struct run_vap *rvp = RUN_VAP(vap); 2731 uint64_t ni_tstamp, rx_tstamp; 2732 2733 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2734 2735 if (vap->iv_state == IEEE80211_S_RUN && 2736 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2737 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2738 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2739 RUN_LOCK(sc); 2740 run_get_tsf(sc, &rx_tstamp); 2741 RUN_UNLOCK(sc); 2742 rx_tstamp = le64toh(rx_tstamp); 2743 2744 if (ni_tstamp >= rx_tstamp) { 2745 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2746 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2747 (void) ieee80211_ibss_merge(ni); 2748 } 2749 } 2750 } 2751 2752 static void 2753 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2754 { 2755 struct ieee80211com *ic = &sc->sc_ic; 2756 struct ieee80211_frame *wh; 2757 struct ieee80211_node *ni; 2758 struct rt2870_rxd *rxd; 2759 struct rt2860_rxwi *rxwi; 2760 uint32_t flags; 2761 uint16_t len, rxwisize; 2762 uint8_t ant, rssi; 2763 int8_t nf; 2764 2765 rxwi = mtod(m, struct rt2860_rxwi *); 2766 len = le16toh(rxwi->len) & 0xfff; 2767 rxwisize = sizeof(struct rt2860_rxwi); 2768 if (sc->mac_ver == 0x5592) 2769 rxwisize += sizeof(uint64_t); 2770 else if (sc->mac_ver == 0x3593) 2771 rxwisize += sizeof(uint32_t); 2772 if (__predict_false(len > dmalen)) { 2773 m_freem(m); 2774 counter_u64_add(ic->ic_ierrors, 1); 2775 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2776 return; 2777 } 2778 /* Rx descriptor is located at the end */ 2779 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2780 flags = le32toh(rxd->flags); 2781 2782 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2783 m_freem(m); 2784 counter_u64_add(ic->ic_ierrors, 1); 2785 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2786 return; 2787 } 2788 2789 m->m_data += rxwisize; 2790 m->m_pkthdr.len = m->m_len -= rxwisize; 2791 2792 wh = mtod(m, struct ieee80211_frame *); 2793 2794 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2795 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2796 m->m_flags |= M_WEP; 2797 } 2798 2799 if (flags & RT2860_RX_L2PAD) { 2800 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2801 len += 2; 2802 } 2803 2804 ni = ieee80211_find_rxnode(ic, 2805 mtod(m, struct ieee80211_frame_min *)); 2806 2807 if (__predict_false(flags & RT2860_RX_MICERR)) { 2808 /* report MIC failures to net80211 for TKIP */ 2809 if (ni != NULL) 2810 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2811 rxwi->keyidx); 2812 m_freem(m); 2813 counter_u64_add(ic->ic_ierrors, 1); 2814 DPRINTF("MIC error. Someone is lying.\n"); 2815 return; 2816 } 2817 2818 ant = run_maxrssi_chain(sc, rxwi); 2819 rssi = rxwi->rssi[ant]; 2820 nf = run_rssi2dbm(sc, rssi, ant); 2821 2822 m->m_pkthdr.len = m->m_len = len; 2823 2824 if (__predict_false(ieee80211_radiotap_active(ic))) { 2825 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2826 uint16_t phy; 2827 2828 tap->wr_flags = 0; 2829 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2830 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2831 tap->wr_antsignal = rssi; 2832 tap->wr_antenna = ant; 2833 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2834 tap->wr_rate = 2; /* in case it can't be found below */ 2835 run_get_tsf(sc, &tap->wr_tsf); 2836 phy = le16toh(rxwi->phy); 2837 switch (phy & RT2860_PHY_MODE) { 2838 case RT2860_PHY_CCK: 2839 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2840 case 0: tap->wr_rate = 2; break; 2841 case 1: tap->wr_rate = 4; break; 2842 case 2: tap->wr_rate = 11; break; 2843 case 3: tap->wr_rate = 22; break; 2844 } 2845 if (phy & RT2860_PHY_SHPRE) 2846 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2847 break; 2848 case RT2860_PHY_OFDM: 2849 switch (phy & RT2860_PHY_MCS) { 2850 case 0: tap->wr_rate = 12; break; 2851 case 1: tap->wr_rate = 18; break; 2852 case 2: tap->wr_rate = 24; break; 2853 case 3: tap->wr_rate = 36; break; 2854 case 4: tap->wr_rate = 48; break; 2855 case 5: tap->wr_rate = 72; break; 2856 case 6: tap->wr_rate = 96; break; 2857 case 7: tap->wr_rate = 108; break; 2858 } 2859 break; 2860 } 2861 } 2862 2863 if (ni != NULL) { 2864 (void)ieee80211_input(ni, m, rssi, nf); 2865 ieee80211_free_node(ni); 2866 } else { 2867 (void)ieee80211_input_all(ic, m, rssi, nf); 2868 } 2869 } 2870 2871 static void 2872 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2873 { 2874 struct run_softc *sc = usbd_xfer_softc(xfer); 2875 struct ieee80211com *ic = &sc->sc_ic; 2876 struct mbuf *m = NULL; 2877 struct mbuf *m0; 2878 uint32_t dmalen; 2879 uint16_t rxwisize; 2880 int xferlen; 2881 2882 rxwisize = sizeof(struct rt2860_rxwi); 2883 if (sc->mac_ver == 0x5592) 2884 rxwisize += sizeof(uint64_t); 2885 else if (sc->mac_ver == 0x3593) 2886 rxwisize += sizeof(uint32_t); 2887 2888 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2889 2890 switch (USB_GET_STATE(xfer)) { 2891 case USB_ST_TRANSFERRED: 2892 2893 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2894 2895 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2896 sizeof(struct rt2870_rxd))) { 2897 DPRINTF("xfer too short %d\n", xferlen); 2898 goto tr_setup; 2899 } 2900 2901 m = sc->rx_m; 2902 sc->rx_m = NULL; 2903 2904 /* FALLTHROUGH */ 2905 case USB_ST_SETUP: 2906 tr_setup: 2907 if (sc->rx_m == NULL) { 2908 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2909 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2910 } 2911 if (sc->rx_m == NULL) { 2912 DPRINTF("could not allocate mbuf - idle with stall\n"); 2913 counter_u64_add(ic->ic_ierrors, 1); 2914 usbd_xfer_set_stall(xfer); 2915 usbd_xfer_set_frames(xfer, 0); 2916 } else { 2917 /* 2918 * Directly loading a mbuf cluster into DMA to 2919 * save some data copying. This works because 2920 * there is only one cluster. 2921 */ 2922 usbd_xfer_set_frame_data(xfer, 0, 2923 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2924 usbd_xfer_set_frames(xfer, 1); 2925 } 2926 usbd_transfer_submit(xfer); 2927 break; 2928 2929 default: /* Error */ 2930 if (error != USB_ERR_CANCELLED) { 2931 /* try to clear stall first */ 2932 usbd_xfer_set_stall(xfer); 2933 if (error == USB_ERR_TIMEOUT) 2934 device_printf(sc->sc_dev, "device timeout\n"); 2935 counter_u64_add(ic->ic_ierrors, 1); 2936 goto tr_setup; 2937 } 2938 if (sc->rx_m != NULL) { 2939 m_freem(sc->rx_m); 2940 sc->rx_m = NULL; 2941 } 2942 break; 2943 } 2944 2945 if (m == NULL) 2946 return; 2947 2948 /* inputting all the frames must be last */ 2949 2950 RUN_UNLOCK(sc); 2951 2952 m->m_pkthdr.len = m->m_len = xferlen; 2953 2954 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2955 for(;;) { 2956 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2957 2958 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2959 ((dmalen & 3) != 0)) { 2960 DPRINTF("bad DMA length %u\n", dmalen); 2961 break; 2962 } 2963 if ((dmalen + 8) > (uint32_t)xferlen) { 2964 DPRINTF("bad DMA length %u > %d\n", 2965 dmalen + 8, xferlen); 2966 break; 2967 } 2968 2969 /* If it is the last one or a single frame, we won't copy. */ 2970 if ((xferlen -= dmalen + 8) <= 8) { 2971 /* trim 32-bit DMA-len header */ 2972 m->m_data += 4; 2973 m->m_pkthdr.len = m->m_len -= 4; 2974 run_rx_frame(sc, m, dmalen); 2975 m = NULL; /* don't free source buffer */ 2976 break; 2977 } 2978 2979 /* copy aggregated frames to another mbuf */ 2980 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2981 if (__predict_false(m0 == NULL)) { 2982 DPRINTF("could not allocate mbuf\n"); 2983 counter_u64_add(ic->ic_ierrors, 1); 2984 break; 2985 } 2986 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2987 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2988 m0->m_pkthdr.len = m0->m_len = 2989 dmalen + sizeof(struct rt2870_rxd); 2990 run_rx_frame(sc, m0, dmalen); 2991 2992 /* update data ptr */ 2993 m->m_data += dmalen + 8; 2994 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2995 } 2996 2997 /* make sure we free the source buffer, if any */ 2998 m_freem(m); 2999 3000 RUN_LOCK(sc); 3001 } 3002 3003 static void 3004 run_tx_free(struct run_endpoint_queue *pq, 3005 struct run_tx_data *data, int txerr) 3006 { 3007 3008 ieee80211_tx_complete(data->ni, data->m, txerr); 3009 3010 data->m = NULL; 3011 data->ni = NULL; 3012 3013 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3014 pq->tx_nfree++; 3015 } 3016 3017 static void 3018 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3019 { 3020 struct run_softc *sc = usbd_xfer_softc(xfer); 3021 struct ieee80211com *ic = &sc->sc_ic; 3022 struct run_tx_data *data; 3023 struct ieee80211vap *vap = NULL; 3024 struct usb_page_cache *pc; 3025 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3026 struct mbuf *m; 3027 usb_frlength_t size; 3028 int actlen; 3029 int sumlen; 3030 3031 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3032 3033 switch (USB_GET_STATE(xfer)) { 3034 case USB_ST_TRANSFERRED: 3035 DPRINTFN(11, "transfer complete: %d " 3036 "bytes @ index %d\n", actlen, index); 3037 3038 data = usbd_xfer_get_priv(xfer); 3039 run_tx_free(pq, data, 0); 3040 usbd_xfer_set_priv(xfer, NULL); 3041 3042 /* FALLTHROUGH */ 3043 case USB_ST_SETUP: 3044 tr_setup: 3045 data = STAILQ_FIRST(&pq->tx_qh); 3046 if (data == NULL) 3047 break; 3048 3049 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3050 3051 m = data->m; 3052 size = (sc->mac_ver == 0x5592) ? 3053 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3054 if ((m->m_pkthdr.len + 3055 size + 3 + 8) > RUN_MAX_TXSZ) { 3056 DPRINTF("data overflow, %u bytes\n", 3057 m->m_pkthdr.len); 3058 run_tx_free(pq, data, 1); 3059 goto tr_setup; 3060 } 3061 3062 pc = usbd_xfer_get_frame(xfer, 0); 3063 usbd_copy_in(pc, 0, &data->desc, size); 3064 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3065 size += m->m_pkthdr.len; 3066 /* 3067 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3068 * 4-byte padding), and be sure to zero those trailing 3069 * bytes: 3070 */ 3071 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3072 size += ((-size) & 3) + 8; 3073 3074 vap = data->ni->ni_vap; 3075 if (ieee80211_radiotap_active_vap(vap)) { 3076 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3077 struct rt2860_txwi *txwi = 3078 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3079 tap->wt_flags = 0; 3080 tap->wt_rate = rt2860_rates[data->ridx].rate; 3081 run_get_tsf(sc, &tap->wt_tsf); 3082 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3083 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3084 tap->wt_hwqueue = index; 3085 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3086 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3087 3088 ieee80211_radiotap_tx(vap, m); 3089 } 3090 3091 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3092 m->m_pkthdr.len, size, index); 3093 3094 usbd_xfer_set_frame_len(xfer, 0, size); 3095 usbd_xfer_set_priv(xfer, data); 3096 usbd_transfer_submit(xfer); 3097 run_start(sc); 3098 3099 break; 3100 3101 default: 3102 DPRINTF("USB transfer error, %s\n", 3103 usbd_errstr(error)); 3104 3105 data = usbd_xfer_get_priv(xfer); 3106 3107 if (data != NULL) { 3108 if(data->ni != NULL) 3109 vap = data->ni->ni_vap; 3110 run_tx_free(pq, data, error); 3111 usbd_xfer_set_priv(xfer, NULL); 3112 } 3113 3114 if (vap == NULL) 3115 vap = TAILQ_FIRST(&ic->ic_vaps); 3116 3117 if (error != USB_ERR_CANCELLED) { 3118 if (error == USB_ERR_TIMEOUT) { 3119 device_printf(sc->sc_dev, "device timeout\n"); 3120 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3121 DPRINTF("cmdq_store=%d\n", i); 3122 sc->cmdq[i].func = run_usb_timeout_cb; 3123 sc->cmdq[i].arg0 = vap; 3124 ieee80211_runtask(ic, &sc->cmdq_task); 3125 } 3126 3127 /* 3128 * Try to clear stall first, also if other 3129 * errors occur, hence clearing stall 3130 * introduces a 50 ms delay: 3131 */ 3132 usbd_xfer_set_stall(xfer); 3133 goto tr_setup; 3134 } 3135 break; 3136 } 3137 } 3138 3139 static void 3140 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3141 { 3142 run_bulk_tx_callbackN(xfer, error, 0); 3143 } 3144 3145 static void 3146 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3147 { 3148 run_bulk_tx_callbackN(xfer, error, 1); 3149 } 3150 3151 static void 3152 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3153 { 3154 run_bulk_tx_callbackN(xfer, error, 2); 3155 } 3156 3157 static void 3158 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3159 { 3160 run_bulk_tx_callbackN(xfer, error, 3); 3161 } 3162 3163 static void 3164 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3165 { 3166 run_bulk_tx_callbackN(xfer, error, 4); 3167 } 3168 3169 static void 3170 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3171 { 3172 run_bulk_tx_callbackN(xfer, error, 5); 3173 } 3174 3175 static void 3176 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3177 { 3178 struct mbuf *m = data->m; 3179 struct ieee80211com *ic = &sc->sc_ic; 3180 struct ieee80211vap *vap = data->ni->ni_vap; 3181 struct ieee80211_frame *wh; 3182 struct rt2870_txd *txd; 3183 struct rt2860_txwi *txwi; 3184 uint16_t xferlen, txwisize; 3185 uint16_t mcs; 3186 uint8_t ridx = data->ridx; 3187 uint8_t pad; 3188 3189 /* get MCS code from rate index */ 3190 mcs = rt2860_rates[ridx].mcs; 3191 3192 txwisize = (sc->mac_ver == 0x5592) ? 3193 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3194 xferlen = txwisize + m->m_pkthdr.len; 3195 3196 /* roundup to 32-bit alignment */ 3197 xferlen = (xferlen + 3) & ~3; 3198 3199 txd = (struct rt2870_txd *)&data->desc; 3200 txd->len = htole16(xferlen); 3201 3202 wh = mtod(m, struct ieee80211_frame *); 3203 3204 /* 3205 * Ether both are true or both are false, the header 3206 * are nicely aligned to 32-bit. So, no L2 padding. 3207 */ 3208 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3209 pad = 0; 3210 else 3211 pad = 2; 3212 3213 /* setup TX Wireless Information */ 3214 txwi = (struct rt2860_txwi *)(txd + 1); 3215 txwi->len = htole16(m->m_pkthdr.len - pad); 3216 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3217 mcs |= RT2860_PHY_CCK; 3218 if (ridx != RT2860_RIDX_CCK1 && 3219 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3220 mcs |= RT2860_PHY_SHPRE; 3221 } else 3222 mcs |= RT2860_PHY_OFDM; 3223 txwi->phy = htole16(mcs); 3224 3225 /* check if RTS/CTS or CTS-to-self protection is required */ 3226 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3227 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3228 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3229 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3230 txwi->txop |= RT2860_TX_TXOP_HT; 3231 else 3232 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3233 3234 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3235 txwi->xflags |= RT2860_TX_NSEQ; 3236 } 3237 3238 /* This function must be called locked */ 3239 static int 3240 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3241 { 3242 struct ieee80211com *ic = &sc->sc_ic; 3243 struct ieee80211vap *vap = ni->ni_vap; 3244 struct ieee80211_frame *wh; 3245 struct ieee80211_channel *chan; 3246 const struct ieee80211_txparam *tp; 3247 struct run_node *rn = RUN_NODE(ni); 3248 struct run_tx_data *data; 3249 struct rt2870_txd *txd; 3250 struct rt2860_txwi *txwi; 3251 uint16_t qos; 3252 uint16_t dur; 3253 uint16_t qid; 3254 uint8_t type; 3255 uint8_t tid; 3256 uint8_t ridx; 3257 uint8_t ctl_ridx; 3258 uint8_t qflags; 3259 uint8_t xflags = 0; 3260 int hasqos; 3261 3262 RUN_LOCK_ASSERT(sc, MA_OWNED); 3263 3264 wh = mtod(m, struct ieee80211_frame *); 3265 3266 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3267 3268 /* 3269 * There are 7 bulk endpoints: 1 for RX 3270 * and 6 for TX (4 EDCAs + HCCA + Prio). 3271 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3272 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3273 */ 3274 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3275 uint8_t *frm; 3276 3277 if(IEEE80211_HAS_ADDR4(wh)) 3278 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3279 else 3280 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3281 3282 qos = le16toh(*(const uint16_t *)frm); 3283 tid = qos & IEEE80211_QOS_TID; 3284 qid = TID_TO_WME_AC(tid); 3285 } else { 3286 qos = 0; 3287 tid = 0; 3288 qid = WME_AC_BE; 3289 } 3290 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3291 3292 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3293 qos, qid, tid, qflags); 3294 3295 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3296 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3297 3298 /* pickup a rate index */ 3299 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3300 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3301 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3302 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3303 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3304 } else { 3305 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3306 ridx = rn->fix_ridx; 3307 else 3308 ridx = rn->amrr_ridx; 3309 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3310 } 3311 3312 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3313 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3314 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3315 xflags |= RT2860_TX_ACK; 3316 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3317 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3318 else 3319 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3320 USETW(wh->i_dur, dur); 3321 } 3322 3323 /* reserve slots for mgmt packets, just in case */ 3324 if (sc->sc_epq[qid].tx_nfree < 3) { 3325 DPRINTFN(10, "tx ring %d is full\n", qid); 3326 return (-1); 3327 } 3328 3329 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3330 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3331 sc->sc_epq[qid].tx_nfree--; 3332 3333 txd = (struct rt2870_txd *)&data->desc; 3334 txd->flags = qflags; 3335 txwi = (struct rt2860_txwi *)(txd + 1); 3336 txwi->xflags = xflags; 3337 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3338 txwi->wcid = 0; 3339 else 3340 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3341 1 : RUN_AID2WCID(ni->ni_associd); 3342 3343 /* clear leftover garbage bits */ 3344 txwi->flags = 0; 3345 txwi->txop = 0; 3346 3347 data->m = m; 3348 data->ni = ni; 3349 data->ridx = ridx; 3350 3351 run_set_tx_desc(sc, data); 3352 3353 /* 3354 * The chip keeps track of 2 kind of Tx stats, 3355 * * TX_STAT_FIFO, for per WCID stats, and 3356 * * TX_STA_CNT0 for all-TX-in-one stats. 3357 * 3358 * To use FIFO stats, we need to store MCS into the driver-private 3359 * PacketID field. So that, we can tell whose stats when we read them. 3360 * We add 1 to the MCS because setting the PacketID field to 0 means 3361 * that we don't want feedback in TX_STAT_FIFO. 3362 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3363 * 3364 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3365 */ 3366 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3367 vap->iv_opmode == IEEE80211_M_MBSS) { 3368 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3369 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3370 3371 /* 3372 * Unlike PCI based devices, we don't get any interrupt from 3373 * USB devices, so we simulate FIFO-is-full interrupt here. 3374 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3375 * quickly get fulled. To prevent overflow, increment a counter on 3376 * every FIFO stat request, so we know how many slots are left. 3377 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3378 * are used only in those modes. 3379 * We just drain stats. AMRR gets updated every 1 sec by 3380 * run_ratectl_cb() via callout. 3381 * Call it early. Otherwise overflow. 3382 */ 3383 if (sc->fifo_cnt++ == 10) { 3384 /* 3385 * With multiple vaps or if_bridge, if_start() is called 3386 * with a non-sleepable lock, tcpinp. So, need to defer. 3387 */ 3388 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3389 DPRINTFN(6, "cmdq_store=%d\n", i); 3390 sc->cmdq[i].func = run_drain_fifo; 3391 sc->cmdq[i].arg0 = sc; 3392 ieee80211_runtask(ic, &sc->cmdq_task); 3393 } 3394 } 3395 3396 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3397 3398 usbd_transfer_start(sc->sc_xfer[qid]); 3399 3400 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3401 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3402 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3403 3404 return (0); 3405 } 3406 3407 static int 3408 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3409 { 3410 struct ieee80211com *ic = &sc->sc_ic; 3411 struct run_node *rn = RUN_NODE(ni); 3412 struct run_tx_data *data; 3413 struct ieee80211_frame *wh; 3414 struct rt2870_txd *txd; 3415 struct rt2860_txwi *txwi; 3416 uint16_t dur; 3417 uint8_t ridx = rn->mgt_ridx; 3418 uint8_t type; 3419 uint8_t xflags = 0; 3420 uint8_t wflags = 0; 3421 3422 RUN_LOCK_ASSERT(sc, MA_OWNED); 3423 3424 wh = mtod(m, struct ieee80211_frame *); 3425 3426 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3427 3428 /* tell hardware to add timestamp for probe responses */ 3429 if ((wh->i_fc[0] & 3430 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3431 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3432 wflags |= RT2860_TX_TS; 3433 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3434 xflags |= RT2860_TX_ACK; 3435 3436 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3437 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3438 USETW(wh->i_dur, dur); 3439 } 3440 3441 if (sc->sc_epq[0].tx_nfree == 0) 3442 /* let caller free mbuf */ 3443 return (EIO); 3444 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3445 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3446 sc->sc_epq[0].tx_nfree--; 3447 3448 txd = (struct rt2870_txd *)&data->desc; 3449 txd->flags = RT2860_TX_QSEL_EDCA; 3450 txwi = (struct rt2860_txwi *)(txd + 1); 3451 txwi->wcid = 0xff; 3452 txwi->flags = wflags; 3453 txwi->xflags = xflags; 3454 txwi->txop = 0; /* clear leftover garbage bits */ 3455 3456 data->m = m; 3457 data->ni = ni; 3458 data->ridx = ridx; 3459 3460 run_set_tx_desc(sc, data); 3461 3462 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3463 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3464 rt2860_rates[ridx].rate); 3465 3466 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3467 3468 usbd_transfer_start(sc->sc_xfer[0]); 3469 3470 return (0); 3471 } 3472 3473 static int 3474 run_sendprot(struct run_softc *sc, 3475 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3476 { 3477 struct ieee80211com *ic = ni->ni_ic; 3478 struct ieee80211_frame *wh; 3479 struct run_tx_data *data; 3480 struct rt2870_txd *txd; 3481 struct rt2860_txwi *txwi; 3482 struct mbuf *mprot; 3483 int ridx; 3484 int protrate; 3485 int ackrate; 3486 int pktlen; 3487 int isshort; 3488 uint16_t dur; 3489 uint8_t type; 3490 uint8_t wflags = 0; 3491 uint8_t xflags = 0; 3492 3493 RUN_LOCK_ASSERT(sc, MA_OWNED); 3494 3495 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3496 ("protection %d", prot)); 3497 3498 wh = mtod(m, struct ieee80211_frame *); 3499 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3500 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3501 3502 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3503 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3504 3505 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3506 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3507 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3508 wflags = RT2860_TX_FRAG; 3509 3510 /* check that there are free slots before allocating the mbuf */ 3511 if (sc->sc_epq[0].tx_nfree == 0) 3512 /* let caller free mbuf */ 3513 return (ENOBUFS); 3514 3515 if (prot == IEEE80211_PROT_RTSCTS) { 3516 /* NB: CTS is the same size as an ACK */ 3517 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3518 xflags |= RT2860_TX_ACK; 3519 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3520 } else { 3521 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3522 } 3523 if (mprot == NULL) { 3524 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3525 DPRINTF("could not allocate mbuf\n"); 3526 return (ENOBUFS); 3527 } 3528 3529 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3530 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3531 sc->sc_epq[0].tx_nfree--; 3532 3533 txd = (struct rt2870_txd *)&data->desc; 3534 txd->flags = RT2860_TX_QSEL_EDCA; 3535 txwi = (struct rt2860_txwi *)(txd + 1); 3536 txwi->wcid = 0xff; 3537 txwi->flags = wflags; 3538 txwi->xflags = xflags; 3539 txwi->txop = 0; /* clear leftover garbage bits */ 3540 3541 data->m = mprot; 3542 data->ni = ieee80211_ref_node(ni); 3543 3544 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3545 if (rt2860_rates[ridx].rate == protrate) 3546 break; 3547 data->ridx = ridx; 3548 3549 run_set_tx_desc(sc, data); 3550 3551 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3552 m->m_pkthdr.len, rate); 3553 3554 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3555 3556 usbd_transfer_start(sc->sc_xfer[0]); 3557 3558 return (0); 3559 } 3560 3561 static int 3562 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3563 const struct ieee80211_bpf_params *params) 3564 { 3565 struct ieee80211com *ic = ni->ni_ic; 3566 struct ieee80211_frame *wh; 3567 struct run_tx_data *data; 3568 struct rt2870_txd *txd; 3569 struct rt2860_txwi *txwi; 3570 uint8_t type; 3571 uint8_t ridx; 3572 uint8_t rate; 3573 uint8_t opflags = 0; 3574 uint8_t xflags = 0; 3575 int error; 3576 3577 RUN_LOCK_ASSERT(sc, MA_OWNED); 3578 3579 KASSERT(params != NULL, ("no raw xmit params")); 3580 3581 wh = mtod(m, struct ieee80211_frame *); 3582 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3583 3584 rate = params->ibp_rate0; 3585 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3586 /* let caller free mbuf */ 3587 return (EINVAL); 3588 } 3589 3590 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3591 xflags |= RT2860_TX_ACK; 3592 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3593 error = run_sendprot(sc, m, ni, 3594 params->ibp_flags & IEEE80211_BPF_RTS ? 3595 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3596 rate); 3597 if (error) { 3598 /* let caller free mbuf */ 3599 return error; 3600 } 3601 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3602 } 3603 3604 if (sc->sc_epq[0].tx_nfree == 0) { 3605 /* let caller free mbuf */ 3606 DPRINTF("sending raw frame, but tx ring is full\n"); 3607 return (EIO); 3608 } 3609 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3610 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3611 sc->sc_epq[0].tx_nfree--; 3612 3613 txd = (struct rt2870_txd *)&data->desc; 3614 txd->flags = RT2860_TX_QSEL_EDCA; 3615 txwi = (struct rt2860_txwi *)(txd + 1); 3616 txwi->wcid = 0xff; 3617 txwi->xflags = xflags; 3618 txwi->txop = opflags; 3619 txwi->flags = 0; /* clear leftover garbage bits */ 3620 3621 data->m = m; 3622 data->ni = ni; 3623 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3624 if (rt2860_rates[ridx].rate == rate) 3625 break; 3626 data->ridx = ridx; 3627 3628 run_set_tx_desc(sc, data); 3629 3630 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3631 m->m_pkthdr.len, rate); 3632 3633 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3634 3635 usbd_transfer_start(sc->sc_xfer[0]); 3636 3637 return (0); 3638 } 3639 3640 static int 3641 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3642 const struct ieee80211_bpf_params *params) 3643 { 3644 struct run_softc *sc = ni->ni_ic->ic_softc; 3645 int error = 0; 3646 3647 RUN_LOCK(sc); 3648 3649 /* prevent management frames from being sent if we're not ready */ 3650 if (!(sc->sc_flags & RUN_RUNNING)) { 3651 error = ENETDOWN; 3652 goto done; 3653 } 3654 3655 if (params == NULL) { 3656 /* tx mgt packet */ 3657 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3658 DPRINTF("mgt tx failed\n"); 3659 goto done; 3660 } 3661 } else { 3662 /* tx raw packet with param */ 3663 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3664 DPRINTF("tx with param failed\n"); 3665 goto done; 3666 } 3667 } 3668 3669 done: 3670 RUN_UNLOCK(sc); 3671 3672 if (error != 0) { 3673 if(m != NULL) 3674 m_freem(m); 3675 } 3676 3677 return (error); 3678 } 3679 3680 static int 3681 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3682 { 3683 struct run_softc *sc = ic->ic_softc; 3684 int error; 3685 3686 RUN_LOCK(sc); 3687 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3688 RUN_UNLOCK(sc); 3689 return (ENXIO); 3690 } 3691 error = mbufq_enqueue(&sc->sc_snd, m); 3692 if (error) { 3693 RUN_UNLOCK(sc); 3694 return (error); 3695 } 3696 run_start(sc); 3697 RUN_UNLOCK(sc); 3698 3699 return (0); 3700 } 3701 3702 static void 3703 run_start(struct run_softc *sc) 3704 { 3705 struct ieee80211_node *ni; 3706 struct mbuf *m; 3707 3708 RUN_LOCK_ASSERT(sc, MA_OWNED); 3709 3710 if ((sc->sc_flags & RUN_RUNNING) == 0) 3711 return; 3712 3713 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3714 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3715 if (run_tx(sc, m, ni) != 0) { 3716 mbufq_prepend(&sc->sc_snd, m); 3717 break; 3718 } 3719 } 3720 } 3721 3722 static void 3723 run_parent(struct ieee80211com *ic) 3724 { 3725 struct run_softc *sc = ic->ic_softc; 3726 int startall = 0; 3727 3728 RUN_LOCK(sc); 3729 if (sc->sc_detached) { 3730 RUN_UNLOCK(sc); 3731 return; 3732 } 3733 3734 if (ic->ic_nrunning > 0) { 3735 if (!(sc->sc_flags & RUN_RUNNING)) { 3736 startall = 1; 3737 run_init_locked(sc); 3738 } else 3739 run_update_promisc_locked(sc); 3740 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3741 run_stop(sc); 3742 RUN_UNLOCK(sc); 3743 if (startall) 3744 ieee80211_start_all(ic); 3745 } 3746 3747 static void 3748 run_iq_calib(struct run_softc *sc, u_int chan) 3749 { 3750 uint16_t val; 3751 3752 /* Tx0 IQ gain. */ 3753 run_bbp_write(sc, 158, 0x2c); 3754 if (chan <= 14) 3755 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3756 else if (chan <= 64) { 3757 run_efuse_read(sc, 3758 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3759 &val, 1); 3760 } else if (chan <= 138) { 3761 run_efuse_read(sc, 3762 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3763 &val, 1); 3764 } else if (chan <= 165) { 3765 run_efuse_read(sc, 3766 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3767 &val, 1); 3768 } else 3769 val = 0; 3770 run_bbp_write(sc, 159, val); 3771 3772 /* Tx0 IQ phase. */ 3773 run_bbp_write(sc, 158, 0x2d); 3774 if (chan <= 14) { 3775 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3776 &val, 1); 3777 } else if (chan <= 64) { 3778 run_efuse_read(sc, 3779 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3780 &val, 1); 3781 } else if (chan <= 138) { 3782 run_efuse_read(sc, 3783 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3784 &val, 1); 3785 } else if (chan <= 165) { 3786 run_efuse_read(sc, 3787 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3788 &val, 1); 3789 } else 3790 val = 0; 3791 run_bbp_write(sc, 159, val); 3792 3793 /* Tx1 IQ gain. */ 3794 run_bbp_write(sc, 158, 0x4a); 3795 if (chan <= 14) { 3796 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3797 &val, 1); 3798 } else if (chan <= 64) { 3799 run_efuse_read(sc, 3800 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3801 &val, 1); 3802 } else if (chan <= 138) { 3803 run_efuse_read(sc, 3804 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3805 &val, 1); 3806 } else if (chan <= 165) { 3807 run_efuse_read(sc, 3808 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3809 &val, 1); 3810 } else 3811 val = 0; 3812 run_bbp_write(sc, 159, val); 3813 3814 /* Tx1 IQ phase. */ 3815 run_bbp_write(sc, 158, 0x4b); 3816 if (chan <= 14) { 3817 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3818 &val, 1); 3819 } else if (chan <= 64) { 3820 run_efuse_read(sc, 3821 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3822 &val, 1); 3823 } else if (chan <= 138) { 3824 run_efuse_read(sc, 3825 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3826 &val, 1); 3827 } else if (chan <= 165) { 3828 run_efuse_read(sc, 3829 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3830 &val, 1); 3831 } else 3832 val = 0; 3833 run_bbp_write(sc, 159, val); 3834 3835 /* RF IQ compensation control. */ 3836 run_bbp_write(sc, 158, 0x04); 3837 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3838 &val, 1); 3839 run_bbp_write(sc, 159, val); 3840 3841 /* RF IQ imbalance compensation control. */ 3842 run_bbp_write(sc, 158, 0x03); 3843 run_efuse_read(sc, 3844 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3845 run_bbp_write(sc, 159, val); 3846 } 3847 3848 static void 3849 run_set_agc(struct run_softc *sc, uint8_t agc) 3850 { 3851 uint8_t bbp; 3852 3853 if (sc->mac_ver == 0x3572) { 3854 run_bbp_read(sc, 27, &bbp); 3855 bbp &= ~(0x3 << 5); 3856 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3857 run_bbp_write(sc, 66, agc); 3858 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3859 run_bbp_write(sc, 66, agc); 3860 } else 3861 run_bbp_write(sc, 66, agc); 3862 } 3863 3864 static void 3865 run_select_chan_group(struct run_softc *sc, int group) 3866 { 3867 uint32_t tmp; 3868 uint8_t agc; 3869 3870 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3871 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3872 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3873 if (sc->mac_ver < 0x3572) 3874 run_bbp_write(sc, 86, 0x00); 3875 3876 if (sc->mac_ver == 0x3593) { 3877 run_bbp_write(sc, 77, 0x98); 3878 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3879 } 3880 3881 if (group == 0) { 3882 if (sc->ext_2ghz_lna) { 3883 if (sc->mac_ver >= 0x5390) 3884 run_bbp_write(sc, 75, 0x52); 3885 else { 3886 run_bbp_write(sc, 82, 0x62); 3887 run_bbp_write(sc, 75, 0x46); 3888 } 3889 } else { 3890 if (sc->mac_ver == 0x5592) { 3891 run_bbp_write(sc, 79, 0x1c); 3892 run_bbp_write(sc, 80, 0x0e); 3893 run_bbp_write(sc, 81, 0x3a); 3894 run_bbp_write(sc, 82, 0x62); 3895 3896 run_bbp_write(sc, 195, 0x80); 3897 run_bbp_write(sc, 196, 0xe0); 3898 run_bbp_write(sc, 195, 0x81); 3899 run_bbp_write(sc, 196, 0x1f); 3900 run_bbp_write(sc, 195, 0x82); 3901 run_bbp_write(sc, 196, 0x38); 3902 run_bbp_write(sc, 195, 0x83); 3903 run_bbp_write(sc, 196, 0x32); 3904 run_bbp_write(sc, 195, 0x85); 3905 run_bbp_write(sc, 196, 0x28); 3906 run_bbp_write(sc, 195, 0x86); 3907 run_bbp_write(sc, 196, 0x19); 3908 } else if (sc->mac_ver >= 0x5390) 3909 run_bbp_write(sc, 75, 0x50); 3910 else { 3911 run_bbp_write(sc, 82, 3912 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3913 run_bbp_write(sc, 75, 0x50); 3914 } 3915 } 3916 } else { 3917 if (sc->mac_ver == 0x5592) { 3918 run_bbp_write(sc, 79, 0x18); 3919 run_bbp_write(sc, 80, 0x08); 3920 run_bbp_write(sc, 81, 0x38); 3921 run_bbp_write(sc, 82, 0x92); 3922 3923 run_bbp_write(sc, 195, 0x80); 3924 run_bbp_write(sc, 196, 0xf0); 3925 run_bbp_write(sc, 195, 0x81); 3926 run_bbp_write(sc, 196, 0x1e); 3927 run_bbp_write(sc, 195, 0x82); 3928 run_bbp_write(sc, 196, 0x28); 3929 run_bbp_write(sc, 195, 0x83); 3930 run_bbp_write(sc, 196, 0x20); 3931 run_bbp_write(sc, 195, 0x85); 3932 run_bbp_write(sc, 196, 0x7f); 3933 run_bbp_write(sc, 195, 0x86); 3934 run_bbp_write(sc, 196, 0x7f); 3935 } else if (sc->mac_ver == 0x3572) 3936 run_bbp_write(sc, 82, 0x94); 3937 else 3938 run_bbp_write(sc, 82, 3939 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3940 if (sc->ext_5ghz_lna) 3941 run_bbp_write(sc, 75, 0x46); 3942 else 3943 run_bbp_write(sc, 75, 0x50); 3944 } 3945 3946 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3947 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3948 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3949 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3950 3951 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3952 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3953 if (sc->mac_ver == 0x3593) 3954 tmp |= 1 << 29 | 1 << 28; 3955 if (sc->nrxchains > 1) 3956 tmp |= RT2860_LNA_PE1_EN; 3957 if (group == 0) { /* 2GHz */ 3958 tmp |= RT2860_PA_PE_G0_EN; 3959 if (sc->ntxchains > 1) 3960 tmp |= RT2860_PA_PE_G1_EN; 3961 if (sc->mac_ver == 0x3593) { 3962 if (sc->ntxchains > 2) 3963 tmp |= 1 << 25; 3964 } 3965 } else { /* 5GHz */ 3966 tmp |= RT2860_PA_PE_A0_EN; 3967 if (sc->ntxchains > 1) 3968 tmp |= RT2860_PA_PE_A1_EN; 3969 } 3970 if (sc->mac_ver == 0x3572) { 3971 run_rt3070_rf_write(sc, 8, 0x00); 3972 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3973 run_rt3070_rf_write(sc, 8, 0x80); 3974 } else 3975 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3976 3977 if (sc->mac_ver == 0x5592) { 3978 run_bbp_write(sc, 195, 0x8d); 3979 run_bbp_write(sc, 196, 0x1a); 3980 } 3981 3982 if (sc->mac_ver == 0x3593) { 3983 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3984 tmp &= ~0x01010000; 3985 if (group == 0) 3986 tmp |= 0x00010000; 3987 tmp = (tmp & ~0x00009090) | 0x00000090; 3988 run_write(sc, RT2860_GPIO_CTRL, tmp); 3989 } 3990 3991 /* set initial AGC value */ 3992 if (group == 0) { /* 2GHz band */ 3993 if (sc->mac_ver >= 0x3070) 3994 agc = 0x1c + sc->lna[0] * 2; 3995 else 3996 agc = 0x2e + sc->lna[0]; 3997 } else { /* 5GHz band */ 3998 if (sc->mac_ver == 0x5592) 3999 agc = 0x24 + sc->lna[group] * 2; 4000 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4001 agc = 0x22 + (sc->lna[group] * 5) / 3; 4002 else 4003 agc = 0x32 + (sc->lna[group] * 5) / 3; 4004 } 4005 run_set_agc(sc, agc); 4006 } 4007 4008 static void 4009 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4010 { 4011 const struct rfprog *rfprog = rt2860_rf2850; 4012 uint32_t r2, r3, r4; 4013 int8_t txpow1, txpow2; 4014 int i; 4015 4016 /* find the settings for this channel (we know it exists) */ 4017 for (i = 0; rfprog[i].chan != chan; i++); 4018 4019 r2 = rfprog[i].r2; 4020 if (sc->ntxchains == 1) 4021 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4022 if (sc->nrxchains == 1) 4023 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4024 else if (sc->nrxchains == 2) 4025 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4026 4027 /* use Tx power values from EEPROM */ 4028 txpow1 = sc->txpow1[i]; 4029 txpow2 = sc->txpow2[i]; 4030 4031 /* Initialize RF R3 and R4. */ 4032 r3 = rfprog[i].r3 & 0xffffc1ff; 4033 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4034 if (chan > 14) { 4035 if (txpow1 >= 0) { 4036 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4037 r3 |= (txpow1 << 10) | (1 << 9); 4038 } else { 4039 txpow1 += 7; 4040 4041 /* txpow1 is not possible larger than 15. */ 4042 r3 |= (txpow1 << 10); 4043 } 4044 if (txpow2 >= 0) { 4045 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4046 r4 |= (txpow2 << 7) | (1 << 6); 4047 } else { 4048 txpow2 += 7; 4049 r4 |= (txpow2 << 7); 4050 } 4051 } else { 4052 /* Set Tx0 power. */ 4053 r3 |= (txpow1 << 9); 4054 4055 /* Set frequency offset and Tx1 power. */ 4056 r4 |= (txpow2 << 6); 4057 } 4058 4059 run_rt2870_rf_write(sc, rfprog[i].r1); 4060 run_rt2870_rf_write(sc, r2); 4061 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4062 run_rt2870_rf_write(sc, r4); 4063 4064 run_delay(sc, 10); 4065 4066 run_rt2870_rf_write(sc, rfprog[i].r1); 4067 run_rt2870_rf_write(sc, r2); 4068 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4069 run_rt2870_rf_write(sc, r4); 4070 4071 run_delay(sc, 10); 4072 4073 run_rt2870_rf_write(sc, rfprog[i].r1); 4074 run_rt2870_rf_write(sc, r2); 4075 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4076 run_rt2870_rf_write(sc, r4); 4077 } 4078 4079 static void 4080 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4081 { 4082 int8_t txpow1, txpow2; 4083 uint8_t rf; 4084 int i; 4085 4086 /* find the settings for this channel (we know it exists) */ 4087 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4088 4089 /* use Tx power values from EEPROM */ 4090 txpow1 = sc->txpow1[i]; 4091 txpow2 = sc->txpow2[i]; 4092 4093 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4094 4095 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4096 run_rt3070_rf_read(sc, 3, &rf); 4097 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4098 run_rt3070_rf_write(sc, 3, rf); 4099 4100 run_rt3070_rf_read(sc, 6, &rf); 4101 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4102 run_rt3070_rf_write(sc, 6, rf); 4103 4104 /* set Tx0 power */ 4105 run_rt3070_rf_read(sc, 12, &rf); 4106 rf = (rf & ~0x1f) | txpow1; 4107 run_rt3070_rf_write(sc, 12, rf); 4108 4109 /* set Tx1 power */ 4110 run_rt3070_rf_read(sc, 13, &rf); 4111 rf = (rf & ~0x1f) | txpow2; 4112 run_rt3070_rf_write(sc, 13, rf); 4113 4114 run_rt3070_rf_read(sc, 1, &rf); 4115 rf &= ~0xfc; 4116 if (sc->ntxchains == 1) 4117 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4118 else if (sc->ntxchains == 2) 4119 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4120 if (sc->nrxchains == 1) 4121 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4122 else if (sc->nrxchains == 2) 4123 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4124 run_rt3070_rf_write(sc, 1, rf); 4125 4126 /* set RF offset */ 4127 run_rt3070_rf_read(sc, 23, &rf); 4128 rf = (rf & ~0x7f) | sc->freq; 4129 run_rt3070_rf_write(sc, 23, rf); 4130 4131 /* program RF filter */ 4132 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4133 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4134 run_rt3070_rf_write(sc, 24, rf); 4135 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4136 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4137 run_rt3070_rf_write(sc, 31, rf); 4138 4139 /* enable RF tuning */ 4140 run_rt3070_rf_read(sc, 7, &rf); 4141 run_rt3070_rf_write(sc, 7, rf | 0x01); 4142 } 4143 4144 static void 4145 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4146 { 4147 int8_t txpow1, txpow2; 4148 uint32_t tmp; 4149 uint8_t rf; 4150 int i; 4151 4152 /* find the settings for this channel (we know it exists) */ 4153 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4154 4155 /* use Tx power values from EEPROM */ 4156 txpow1 = sc->txpow1[i]; 4157 txpow2 = sc->txpow2[i]; 4158 4159 if (chan <= 14) { 4160 run_bbp_write(sc, 25, sc->bbp25); 4161 run_bbp_write(sc, 26, sc->bbp26); 4162 } else { 4163 /* enable IQ phase correction */ 4164 run_bbp_write(sc, 25, 0x09); 4165 run_bbp_write(sc, 26, 0xff); 4166 } 4167 4168 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4169 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4170 run_rt3070_rf_read(sc, 6, &rf); 4171 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4172 rf |= (chan <= 14) ? 0x08 : 0x04; 4173 run_rt3070_rf_write(sc, 6, rf); 4174 4175 /* set PLL mode */ 4176 run_rt3070_rf_read(sc, 5, &rf); 4177 rf &= ~(0x08 | 0x04); 4178 rf |= (chan <= 14) ? 0x04 : 0x08; 4179 run_rt3070_rf_write(sc, 5, rf); 4180 4181 /* set Tx power for chain 0 */ 4182 if (chan <= 14) 4183 rf = 0x60 | txpow1; 4184 else 4185 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4186 run_rt3070_rf_write(sc, 12, rf); 4187 4188 /* set Tx power for chain 1 */ 4189 if (chan <= 14) 4190 rf = 0x60 | txpow2; 4191 else 4192 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4193 run_rt3070_rf_write(sc, 13, rf); 4194 4195 /* set Tx/Rx streams */ 4196 run_rt3070_rf_read(sc, 1, &rf); 4197 rf &= ~0xfc; 4198 if (sc->ntxchains == 1) 4199 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4200 else if (sc->ntxchains == 2) 4201 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4202 if (sc->nrxchains == 1) 4203 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4204 else if (sc->nrxchains == 2) 4205 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4206 run_rt3070_rf_write(sc, 1, rf); 4207 4208 /* set RF offset */ 4209 run_rt3070_rf_read(sc, 23, &rf); 4210 rf = (rf & ~0x7f) | sc->freq; 4211 run_rt3070_rf_write(sc, 23, rf); 4212 4213 /* program RF filter */ 4214 rf = sc->rf24_20mhz; 4215 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4216 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4217 4218 /* enable RF tuning */ 4219 run_rt3070_rf_read(sc, 7, &rf); 4220 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4221 run_rt3070_rf_write(sc, 7, rf); 4222 4223 /* TSSI */ 4224 rf = (chan <= 14) ? 0xc3 : 0xc0; 4225 run_rt3070_rf_write(sc, 9, rf); 4226 4227 /* set loop filter 1 */ 4228 run_rt3070_rf_write(sc, 10, 0xf1); 4229 /* set loop filter 2 */ 4230 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4231 4232 /* set tx_mx2_ic */ 4233 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4234 /* set tx_mx1_ic */ 4235 if (chan <= 14) 4236 rf = 0x48 | sc->txmixgain_2ghz; 4237 else 4238 rf = 0x78 | sc->txmixgain_5ghz; 4239 run_rt3070_rf_write(sc, 16, rf); 4240 4241 /* set tx_lo1 */ 4242 run_rt3070_rf_write(sc, 17, 0x23); 4243 /* set tx_lo2 */ 4244 if (chan <= 14) 4245 rf = 0x93; 4246 else if (chan <= 64) 4247 rf = 0xb7; 4248 else if (chan <= 128) 4249 rf = 0x74; 4250 else 4251 rf = 0x72; 4252 run_rt3070_rf_write(sc, 19, rf); 4253 4254 /* set rx_lo1 */ 4255 if (chan <= 14) 4256 rf = 0xb3; 4257 else if (chan <= 64) 4258 rf = 0xf6; 4259 else if (chan <= 128) 4260 rf = 0xf4; 4261 else 4262 rf = 0xf3; 4263 run_rt3070_rf_write(sc, 20, rf); 4264 4265 /* set pfd_delay */ 4266 if (chan <= 14) 4267 rf = 0x15; 4268 else if (chan <= 64) 4269 rf = 0x3d; 4270 else 4271 rf = 0x01; 4272 run_rt3070_rf_write(sc, 25, rf); 4273 4274 /* set rx_lo2 */ 4275 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4276 /* set ldo_rf_vc */ 4277 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4278 /* set drv_cc */ 4279 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4280 4281 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4282 tmp &= ~0x8080; 4283 if (chan <= 14) 4284 tmp |= 0x80; 4285 run_write(sc, RT2860_GPIO_CTRL, tmp); 4286 4287 /* enable RF tuning */ 4288 run_rt3070_rf_read(sc, 7, &rf); 4289 run_rt3070_rf_write(sc, 7, rf | 0x01); 4290 4291 run_delay(sc, 2); 4292 } 4293 4294 static void 4295 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4296 { 4297 int8_t txpow1, txpow2, txpow3; 4298 uint8_t h20mhz, rf; 4299 int i; 4300 4301 /* find the settings for this channel (we know it exists) */ 4302 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4303 4304 /* use Tx power values from EEPROM */ 4305 txpow1 = sc->txpow1[i]; 4306 txpow2 = sc->txpow2[i]; 4307 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4308 4309 if (chan <= 14) { 4310 run_bbp_write(sc, 25, sc->bbp25); 4311 run_bbp_write(sc, 26, sc->bbp26); 4312 } else { 4313 /* Enable IQ phase correction. */ 4314 run_bbp_write(sc, 25, 0x09); 4315 run_bbp_write(sc, 26, 0xff); 4316 } 4317 4318 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4319 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4320 run_rt3070_rf_read(sc, 11, &rf); 4321 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4322 run_rt3070_rf_write(sc, 11, rf); 4323 4324 /* Set pll_idoh. */ 4325 run_rt3070_rf_read(sc, 11, &rf); 4326 rf &= ~0x4c; 4327 rf |= (chan <= 14) ? 0x44 : 0x48; 4328 run_rt3070_rf_write(sc, 11, rf); 4329 4330 if (chan <= 14) 4331 rf = txpow1 & 0x1f; 4332 else 4333 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4334 run_rt3070_rf_write(sc, 53, rf); 4335 4336 if (chan <= 14) 4337 rf = txpow2 & 0x1f; 4338 else 4339 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4340 run_rt3070_rf_write(sc, 55, rf); 4341 4342 if (chan <= 14) 4343 rf = txpow3 & 0x1f; 4344 else 4345 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4346 run_rt3070_rf_write(sc, 54, rf); 4347 4348 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4349 if (sc->ntxchains == 3) 4350 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4351 else 4352 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4353 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4354 run_rt3070_rf_write(sc, 1, rf); 4355 4356 run_adjust_freq_offset(sc); 4357 4358 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4359 4360 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4361 run_rt3070_rf_read(sc, 30, &rf); 4362 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4363 run_rt3070_rf_write(sc, 30, rf); 4364 4365 run_rt3070_rf_read(sc, 36, &rf); 4366 if (chan <= 14) 4367 rf |= 0x80; 4368 else 4369 rf &= ~0x80; 4370 run_rt3070_rf_write(sc, 36, rf); 4371 4372 /* Set vcolo_bs. */ 4373 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4374 /* Set pfd_delay. */ 4375 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4376 4377 /* Set vco bias current control. */ 4378 run_rt3070_rf_read(sc, 6, &rf); 4379 rf &= ~0xc0; 4380 if (chan <= 14) 4381 rf |= 0x40; 4382 else if (chan <= 128) 4383 rf |= 0x80; 4384 else 4385 rf |= 0x40; 4386 run_rt3070_rf_write(sc, 6, rf); 4387 4388 run_rt3070_rf_read(sc, 30, &rf); 4389 rf = (rf & ~0x18) | 0x10; 4390 run_rt3070_rf_write(sc, 30, rf); 4391 4392 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4393 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4394 4395 run_rt3070_rf_read(sc, 51, &rf); 4396 rf = (rf & ~0x03) | 0x01; 4397 run_rt3070_rf_write(sc, 51, rf); 4398 /* Set tx_mx1_cc. */ 4399 run_rt3070_rf_read(sc, 51, &rf); 4400 rf &= ~0x1c; 4401 rf |= (chan <= 14) ? 0x14 : 0x10; 4402 run_rt3070_rf_write(sc, 51, rf); 4403 /* Set tx_mx1_ic. */ 4404 run_rt3070_rf_read(sc, 51, &rf); 4405 rf &= ~0xe0; 4406 rf |= (chan <= 14) ? 0x60 : 0x40; 4407 run_rt3070_rf_write(sc, 51, rf); 4408 /* Set tx_lo1_ic. */ 4409 run_rt3070_rf_read(sc, 49, &rf); 4410 rf &= ~0x1c; 4411 rf |= (chan <= 14) ? 0x0c : 0x08; 4412 run_rt3070_rf_write(sc, 49, rf); 4413 /* Set tx_lo1_en. */ 4414 run_rt3070_rf_read(sc, 50, &rf); 4415 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4416 /* Set drv_cc. */ 4417 run_rt3070_rf_read(sc, 57, &rf); 4418 rf &= ~0xfc; 4419 rf |= (chan <= 14) ? 0x6c : 0x3c; 4420 run_rt3070_rf_write(sc, 57, rf); 4421 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4422 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4423 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4424 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4425 /* Enable VCO calibration. */ 4426 run_rt3070_rf_read(sc, 3, &rf); 4427 rf &= ~RT5390_VCOCAL; 4428 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4429 run_rt3070_rf_write(sc, 3, rf); 4430 4431 if (chan <= 14) 4432 rf = 0x23; 4433 else if (chan <= 64) 4434 rf = 0x36; 4435 else if (chan <= 128) 4436 rf = 0x32; 4437 else 4438 rf = 0x30; 4439 run_rt3070_rf_write(sc, 39, rf); 4440 if (chan <= 14) 4441 rf = 0xbb; 4442 else if (chan <= 64) 4443 rf = 0xeb; 4444 else if (chan <= 128) 4445 rf = 0xb3; 4446 else 4447 rf = 0x9b; 4448 run_rt3070_rf_write(sc, 45, rf); 4449 4450 /* Set FEQ/AEQ control. */ 4451 run_bbp_write(sc, 105, 0x34); 4452 } 4453 4454 static void 4455 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4456 { 4457 int8_t txpow1, txpow2; 4458 uint8_t rf; 4459 int i; 4460 4461 /* find the settings for this channel (we know it exists) */ 4462 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4463 4464 /* use Tx power values from EEPROM */ 4465 txpow1 = sc->txpow1[i]; 4466 txpow2 = sc->txpow2[i]; 4467 4468 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4469 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4470 run_rt3070_rf_read(sc, 11, &rf); 4471 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4472 run_rt3070_rf_write(sc, 11, rf); 4473 4474 run_rt3070_rf_read(sc, 49, &rf); 4475 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4476 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4477 if ((rf & 0x3f) > 0x27) 4478 rf = (rf & ~0x3f) | 0x27; 4479 run_rt3070_rf_write(sc, 49, rf); 4480 4481 if (sc->mac_ver == 0x5392) { 4482 run_rt3070_rf_read(sc, 50, &rf); 4483 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4484 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4485 if ((rf & 0x3f) > 0x27) 4486 rf = (rf & ~0x3f) | 0x27; 4487 run_rt3070_rf_write(sc, 50, rf); 4488 } 4489 4490 run_rt3070_rf_read(sc, 1, &rf); 4491 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4492 if (sc->mac_ver == 0x5392) 4493 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4494 run_rt3070_rf_write(sc, 1, rf); 4495 4496 if (sc->mac_ver != 0x5392) { 4497 run_rt3070_rf_read(sc, 2, &rf); 4498 rf |= 0x80; 4499 run_rt3070_rf_write(sc, 2, rf); 4500 run_delay(sc, 10); 4501 rf &= 0x7f; 4502 run_rt3070_rf_write(sc, 2, rf); 4503 } 4504 4505 run_adjust_freq_offset(sc); 4506 4507 if (sc->mac_ver == 0x5392) { 4508 /* Fix for RT5392C. */ 4509 if (sc->mac_rev >= 0x0223) { 4510 if (chan <= 4) 4511 rf = 0x0f; 4512 else if (chan >= 5 && chan <= 7) 4513 rf = 0x0e; 4514 else 4515 rf = 0x0d; 4516 run_rt3070_rf_write(sc, 23, rf); 4517 4518 if (chan <= 4) 4519 rf = 0x0c; 4520 else if (chan == 5) 4521 rf = 0x0b; 4522 else if (chan >= 6 && chan <= 7) 4523 rf = 0x0a; 4524 else if (chan >= 8 && chan <= 10) 4525 rf = 0x09; 4526 else 4527 rf = 0x08; 4528 run_rt3070_rf_write(sc, 59, rf); 4529 } else { 4530 if (chan <= 11) 4531 rf = 0x0f; 4532 else 4533 rf = 0x0b; 4534 run_rt3070_rf_write(sc, 59, rf); 4535 } 4536 } else { 4537 /* Fix for RT5390F. */ 4538 if (sc->mac_rev >= 0x0502) { 4539 if (chan <= 11) 4540 rf = 0x43; 4541 else 4542 rf = 0x23; 4543 run_rt3070_rf_write(sc, 55, rf); 4544 4545 if (chan <= 11) 4546 rf = 0x0f; 4547 else if (chan == 12) 4548 rf = 0x0d; 4549 else 4550 rf = 0x0b; 4551 run_rt3070_rf_write(sc, 59, rf); 4552 } else { 4553 run_rt3070_rf_write(sc, 55, 0x44); 4554 run_rt3070_rf_write(sc, 59, 0x8f); 4555 } 4556 } 4557 4558 /* Enable VCO calibration. */ 4559 run_rt3070_rf_read(sc, 3, &rf); 4560 rf |= RT5390_VCOCAL; 4561 run_rt3070_rf_write(sc, 3, rf); 4562 } 4563 4564 static void 4565 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4566 { 4567 const struct rt5592_freqs *freqs; 4568 uint32_t tmp; 4569 uint8_t reg, rf, txpow_bound; 4570 int8_t txpow1, txpow2; 4571 int i; 4572 4573 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4574 freqs = (tmp & RT5592_SEL_XTAL) ? 4575 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4576 4577 /* find the settings for this channel (we know it exists) */ 4578 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4579 4580 /* use Tx power values from EEPROM */ 4581 txpow1 = sc->txpow1[i]; 4582 txpow2 = sc->txpow2[i]; 4583 4584 run_read(sc, RT3070_LDO_CFG0, &tmp); 4585 tmp &= ~0x1c000000; 4586 if (chan > 14) 4587 tmp |= 0x14000000; 4588 run_write(sc, RT3070_LDO_CFG0, tmp); 4589 4590 /* N setting. */ 4591 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4592 run_rt3070_rf_read(sc, 9, &rf); 4593 rf &= ~(1 << 4); 4594 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4595 run_rt3070_rf_write(sc, 9, rf); 4596 4597 /* K setting. */ 4598 run_rt3070_rf_read(sc, 9, &rf); 4599 rf &= ~0x0f; 4600 rf |= (freqs->k & 0x0f); 4601 run_rt3070_rf_write(sc, 9, rf); 4602 4603 /* Mode setting. */ 4604 run_rt3070_rf_read(sc, 11, &rf); 4605 rf &= ~0x0c; 4606 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4607 run_rt3070_rf_write(sc, 11, rf); 4608 run_rt3070_rf_read(sc, 9, &rf); 4609 rf &= ~(1 << 7); 4610 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4611 run_rt3070_rf_write(sc, 9, rf); 4612 4613 /* R setting. */ 4614 run_rt3070_rf_read(sc, 11, &rf); 4615 rf &= ~0x03; 4616 rf |= (freqs->r - 0x1); 4617 run_rt3070_rf_write(sc, 11, rf); 4618 4619 if (chan <= 14) { 4620 /* Initialize RF registers for 2GHZ. */ 4621 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4622 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4623 rt5592_2ghz_def_rf[i].val); 4624 } 4625 4626 rf = (chan <= 10) ? 0x07 : 0x06; 4627 run_rt3070_rf_write(sc, 23, rf); 4628 run_rt3070_rf_write(sc, 59, rf); 4629 4630 run_rt3070_rf_write(sc, 55, 0x43); 4631 4632 /* 4633 * RF R49/R50 Tx power ALC code. 4634 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4635 */ 4636 reg = 2; 4637 txpow_bound = 0x27; 4638 } else { 4639 /* Initialize RF registers for 5GHZ. */ 4640 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4641 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4642 rt5592_5ghz_def_rf[i].val); 4643 } 4644 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4645 if (chan >= rt5592_chan_5ghz[i].firstchan && 4646 chan <= rt5592_chan_5ghz[i].lastchan) { 4647 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4648 rt5592_chan_5ghz[i].val); 4649 } 4650 } 4651 4652 /* 4653 * RF R49/R50 Tx power ALC code. 4654 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4655 */ 4656 reg = 3; 4657 txpow_bound = 0x2b; 4658 } 4659 4660 /* RF R49 ch0 Tx power ALC code. */ 4661 run_rt3070_rf_read(sc, 49, &rf); 4662 rf &= ~0xc0; 4663 rf |= (reg << 6); 4664 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4665 if ((rf & 0x3f) > txpow_bound) 4666 rf = (rf & ~0x3f) | txpow_bound; 4667 run_rt3070_rf_write(sc, 49, rf); 4668 4669 /* RF R50 ch1 Tx power ALC code. */ 4670 run_rt3070_rf_read(sc, 50, &rf); 4671 rf &= ~(1 << 7 | 1 << 6); 4672 rf |= (reg << 6); 4673 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4674 if ((rf & 0x3f) > txpow_bound) 4675 rf = (rf & ~0x3f) | txpow_bound; 4676 run_rt3070_rf_write(sc, 50, rf); 4677 4678 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4679 run_rt3070_rf_read(sc, 1, &rf); 4680 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4681 if (sc->ntxchains > 1) 4682 rf |= RT3070_TX1_PD; 4683 if (sc->nrxchains > 1) 4684 rf |= RT3070_RX1_PD; 4685 run_rt3070_rf_write(sc, 1, rf); 4686 4687 run_rt3070_rf_write(sc, 6, 0xe4); 4688 4689 run_rt3070_rf_write(sc, 30, 0x10); 4690 run_rt3070_rf_write(sc, 31, 0x80); 4691 run_rt3070_rf_write(sc, 32, 0x80); 4692 4693 run_adjust_freq_offset(sc); 4694 4695 /* Enable VCO calibration. */ 4696 run_rt3070_rf_read(sc, 3, &rf); 4697 rf |= RT5390_VCOCAL; 4698 run_rt3070_rf_write(sc, 3, rf); 4699 } 4700 4701 static void 4702 run_set_rx_antenna(struct run_softc *sc, int aux) 4703 { 4704 uint32_t tmp; 4705 uint8_t bbp152; 4706 4707 if (aux) { 4708 if (sc->rf_rev == RT5390_RF_5370) { 4709 run_bbp_read(sc, 152, &bbp152); 4710 run_bbp_write(sc, 152, bbp152 & ~0x80); 4711 } else { 4712 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4713 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4714 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4715 } 4716 } else { 4717 if (sc->rf_rev == RT5390_RF_5370) { 4718 run_bbp_read(sc, 152, &bbp152); 4719 run_bbp_write(sc, 152, bbp152 | 0x80); 4720 } else { 4721 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4722 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4723 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4724 } 4725 } 4726 } 4727 4728 static int 4729 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4730 { 4731 struct ieee80211com *ic = &sc->sc_ic; 4732 u_int chan, group; 4733 4734 chan = ieee80211_chan2ieee(ic, c); 4735 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4736 return (EINVAL); 4737 4738 if (sc->mac_ver == 0x5592) 4739 run_rt5592_set_chan(sc, chan); 4740 else if (sc->mac_ver >= 0x5390) 4741 run_rt5390_set_chan(sc, chan); 4742 else if (sc->mac_ver == 0x3593) 4743 run_rt3593_set_chan(sc, chan); 4744 else if (sc->mac_ver == 0x3572) 4745 run_rt3572_set_chan(sc, chan); 4746 else if (sc->mac_ver >= 0x3070) 4747 run_rt3070_set_chan(sc, chan); 4748 else 4749 run_rt2870_set_chan(sc, chan); 4750 4751 /* determine channel group */ 4752 if (chan <= 14) 4753 group = 0; 4754 else if (chan <= 64) 4755 group = 1; 4756 else if (chan <= 128) 4757 group = 2; 4758 else 4759 group = 3; 4760 4761 /* XXX necessary only when group has changed! */ 4762 run_select_chan_group(sc, group); 4763 4764 run_delay(sc, 10); 4765 4766 /* Perform IQ calibration. */ 4767 if (sc->mac_ver >= 0x5392) 4768 run_iq_calib(sc, chan); 4769 4770 return (0); 4771 } 4772 4773 static void 4774 run_set_channel(struct ieee80211com *ic) 4775 { 4776 struct run_softc *sc = ic->ic_softc; 4777 4778 RUN_LOCK(sc); 4779 run_set_chan(sc, ic->ic_curchan); 4780 RUN_UNLOCK(sc); 4781 4782 return; 4783 } 4784 4785 static void 4786 run_scan_start(struct ieee80211com *ic) 4787 { 4788 struct run_softc *sc = ic->ic_softc; 4789 uint32_t tmp; 4790 4791 RUN_LOCK(sc); 4792 4793 /* abort TSF synchronization */ 4794 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4795 run_write(sc, RT2860_BCN_TIME_CFG, 4796 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4797 RT2860_TBTT_TIMER_EN)); 4798 run_set_bssid(sc, ieee80211broadcastaddr); 4799 4800 RUN_UNLOCK(sc); 4801 4802 return; 4803 } 4804 4805 static void 4806 run_scan_end(struct ieee80211com *ic) 4807 { 4808 struct run_softc *sc = ic->ic_softc; 4809 4810 RUN_LOCK(sc); 4811 4812 run_enable_tsf_sync(sc); 4813 /* XXX keep local copy */ 4814 run_set_bssid(sc, ic->ic_macaddr); 4815 4816 RUN_UNLOCK(sc); 4817 4818 return; 4819 } 4820 4821 /* 4822 * Could be called from ieee80211_node_timeout() 4823 * (non-sleepable thread) 4824 */ 4825 static void 4826 run_update_beacon(struct ieee80211vap *vap, int item) 4827 { 4828 struct ieee80211com *ic = vap->iv_ic; 4829 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4830 struct ieee80211_node *ni = vap->iv_bss; 4831 struct run_softc *sc = ic->ic_softc; 4832 struct run_vap *rvp = RUN_VAP(vap); 4833 int mcast = 0; 4834 uint32_t i; 4835 4836 switch (item) { 4837 case IEEE80211_BEACON_ERP: 4838 run_updateslot(ic); 4839 break; 4840 case IEEE80211_BEACON_HTINFO: 4841 run_updateprot(ic); 4842 break; 4843 case IEEE80211_BEACON_TIM: 4844 mcast = 1; /*TODO*/ 4845 break; 4846 default: 4847 break; 4848 } 4849 4850 setbit(bo->bo_flags, item); 4851 if (rvp->beacon_mbuf == NULL) { 4852 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4853 if (rvp->beacon_mbuf == NULL) 4854 return; 4855 } 4856 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4857 4858 i = RUN_CMDQ_GET(&sc->cmdq_store); 4859 DPRINTF("cmdq_store=%d\n", i); 4860 sc->cmdq[i].func = run_update_beacon_cb; 4861 sc->cmdq[i].arg0 = vap; 4862 ieee80211_runtask(ic, &sc->cmdq_task); 4863 4864 return; 4865 } 4866 4867 static void 4868 run_update_beacon_cb(void *arg) 4869 { 4870 struct ieee80211vap *vap = arg; 4871 struct ieee80211_node *ni = vap->iv_bss; 4872 struct run_vap *rvp = RUN_VAP(vap); 4873 struct ieee80211com *ic = vap->iv_ic; 4874 struct run_softc *sc = ic->ic_softc; 4875 struct rt2860_txwi txwi; 4876 struct mbuf *m; 4877 uint16_t txwisize; 4878 uint8_t ridx; 4879 4880 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4881 return; 4882 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4883 return; 4884 4885 /* 4886 * No need to call ieee80211_beacon_update(), run_update_beacon() 4887 * is taking care of apropriate calls. 4888 */ 4889 if (rvp->beacon_mbuf == NULL) { 4890 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4891 if (rvp->beacon_mbuf == NULL) 4892 return; 4893 } 4894 m = rvp->beacon_mbuf; 4895 4896 memset(&txwi, 0, sizeof(txwi)); 4897 txwi.wcid = 0xff; 4898 txwi.len = htole16(m->m_pkthdr.len); 4899 4900 /* send beacons at the lowest available rate */ 4901 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4902 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4903 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4904 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4905 txwi.phy |= htole16(RT2860_PHY_OFDM); 4906 txwi.txop = RT2860_TX_TXOP_HT; 4907 txwi.flags = RT2860_TX_TS; 4908 txwi.xflags = RT2860_TX_NSEQ; 4909 4910 txwisize = (sc->mac_ver == 0x5592) ? 4911 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4912 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4913 txwisize); 4914 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4915 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4916 } 4917 4918 static void 4919 run_updateprot(struct ieee80211com *ic) 4920 { 4921 struct run_softc *sc = ic->ic_softc; 4922 uint32_t i; 4923 4924 i = RUN_CMDQ_GET(&sc->cmdq_store); 4925 DPRINTF("cmdq_store=%d\n", i); 4926 sc->cmdq[i].func = run_updateprot_cb; 4927 sc->cmdq[i].arg0 = ic; 4928 ieee80211_runtask(ic, &sc->cmdq_task); 4929 } 4930 4931 static void 4932 run_updateprot_cb(void *arg) 4933 { 4934 struct ieee80211com *ic = arg; 4935 struct run_softc *sc = ic->ic_softc; 4936 uint32_t tmp; 4937 4938 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4939 /* setup protection frame rate (MCS code) */ 4940 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4941 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4942 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4943 4944 /* CCK frames don't require protection */ 4945 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4946 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4947 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4948 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4949 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4950 tmp |= RT2860_PROT_CTRL_CTS; 4951 } 4952 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4953 } 4954 4955 static void 4956 run_usb_timeout_cb(void *arg) 4957 { 4958 struct ieee80211vap *vap = arg; 4959 struct run_softc *sc = vap->iv_ic->ic_softc; 4960 4961 RUN_LOCK_ASSERT(sc, MA_OWNED); 4962 4963 if(vap->iv_state == IEEE80211_S_RUN && 4964 vap->iv_opmode != IEEE80211_M_STA) 4965 run_reset_livelock(sc); 4966 else if (vap->iv_state == IEEE80211_S_SCAN) { 4967 DPRINTF("timeout caused by scan\n"); 4968 /* cancel bgscan */ 4969 ieee80211_cancel_scan(vap); 4970 } else 4971 DPRINTF("timeout by unknown cause\n"); 4972 } 4973 4974 static void 4975 run_reset_livelock(struct run_softc *sc) 4976 { 4977 uint32_t tmp; 4978 4979 RUN_LOCK_ASSERT(sc, MA_OWNED); 4980 4981 /* 4982 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4983 * can run into a livelock and start sending CTS-to-self frames like 4984 * crazy if protection is enabled. Reset MAC/BBP for a while 4985 */ 4986 run_read(sc, RT2860_DEBUG, &tmp); 4987 DPRINTFN(3, "debug reg %08x\n", tmp); 4988 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4989 DPRINTF("CTS-to-self livelock detected\n"); 4990 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4991 run_delay(sc, 1); 4992 run_write(sc, RT2860_MAC_SYS_CTRL, 4993 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4994 } 4995 } 4996 4997 static void 4998 run_update_promisc_locked(struct run_softc *sc) 4999 { 5000 uint32_t tmp; 5001 5002 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5003 5004 tmp |= RT2860_DROP_UC_NOME; 5005 if (sc->sc_ic.ic_promisc > 0) 5006 tmp &= ~RT2860_DROP_UC_NOME; 5007 5008 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5009 5010 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5011 "entering" : "leaving"); 5012 } 5013 5014 static void 5015 run_update_promisc(struct ieee80211com *ic) 5016 { 5017 struct run_softc *sc = ic->ic_softc; 5018 5019 if ((sc->sc_flags & RUN_RUNNING) == 0) 5020 return; 5021 5022 RUN_LOCK(sc); 5023 run_update_promisc_locked(sc); 5024 RUN_UNLOCK(sc); 5025 } 5026 5027 static void 5028 run_enable_tsf_sync(struct run_softc *sc) 5029 { 5030 struct ieee80211com *ic = &sc->sc_ic; 5031 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5032 uint32_t tmp; 5033 5034 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5035 ic->ic_opmode); 5036 5037 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5038 tmp &= ~0x1fffff; 5039 tmp |= vap->iv_bss->ni_intval * 16; 5040 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5041 5042 if (ic->ic_opmode == IEEE80211_M_STA) { 5043 /* 5044 * Local TSF is always updated with remote TSF on beacon 5045 * reception. 5046 */ 5047 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5048 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5049 tmp |= RT2860_BCN_TX_EN; 5050 /* 5051 * Local TSF is updated with remote TSF on beacon reception 5052 * only if the remote TSF is greater than local TSF. 5053 */ 5054 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5055 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5056 ic->ic_opmode == IEEE80211_M_MBSS) { 5057 tmp |= RT2860_BCN_TX_EN; 5058 /* SYNC with nobody */ 5059 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5060 } else { 5061 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5062 return; 5063 } 5064 5065 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5066 } 5067 5068 static void 5069 run_enable_tsf(struct run_softc *sc) 5070 { 5071 uint32_t tmp; 5072 5073 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5074 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5075 tmp |= RT2860_TSF_TIMER_EN; 5076 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5077 } 5078 } 5079 5080 static void 5081 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5082 { 5083 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5084 sizeof(*buf)); 5085 } 5086 5087 static void 5088 run_enable_mrr(struct run_softc *sc) 5089 { 5090 #define CCK(mcs) (mcs) 5091 #define OFDM(mcs) (1 << 3 | (mcs)) 5092 run_write(sc, RT2860_LG_FBK_CFG0, 5093 OFDM(6) << 28 | /* 54->48 */ 5094 OFDM(5) << 24 | /* 48->36 */ 5095 OFDM(4) << 20 | /* 36->24 */ 5096 OFDM(3) << 16 | /* 24->18 */ 5097 OFDM(2) << 12 | /* 18->12 */ 5098 OFDM(1) << 8 | /* 12-> 9 */ 5099 OFDM(0) << 4 | /* 9-> 6 */ 5100 OFDM(0)); /* 6-> 6 */ 5101 5102 run_write(sc, RT2860_LG_FBK_CFG1, 5103 CCK(2) << 12 | /* 11->5.5 */ 5104 CCK(1) << 8 | /* 5.5-> 2 */ 5105 CCK(0) << 4 | /* 2-> 1 */ 5106 CCK(0)); /* 1-> 1 */ 5107 #undef OFDM 5108 #undef CCK 5109 } 5110 5111 static void 5112 run_set_txpreamble(struct run_softc *sc) 5113 { 5114 struct ieee80211com *ic = &sc->sc_ic; 5115 uint32_t tmp; 5116 5117 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5118 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5119 tmp |= RT2860_CCK_SHORT_EN; 5120 else 5121 tmp &= ~RT2860_CCK_SHORT_EN; 5122 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5123 } 5124 5125 static void 5126 run_set_basicrates(struct run_softc *sc) 5127 { 5128 struct ieee80211com *ic = &sc->sc_ic; 5129 5130 /* set basic rates mask */ 5131 if (ic->ic_curmode == IEEE80211_MODE_11B) 5132 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5133 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5134 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5135 else /* 11g */ 5136 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5137 } 5138 5139 static void 5140 run_set_leds(struct run_softc *sc, uint16_t which) 5141 { 5142 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5143 which | (sc->leds & 0x7f)); 5144 } 5145 5146 static void 5147 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5148 { 5149 run_write(sc, RT2860_MAC_BSSID_DW0, 5150 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5151 run_write(sc, RT2860_MAC_BSSID_DW1, 5152 bssid[4] | bssid[5] << 8); 5153 } 5154 5155 static void 5156 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5157 { 5158 run_write(sc, RT2860_MAC_ADDR_DW0, 5159 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5160 run_write(sc, RT2860_MAC_ADDR_DW1, 5161 addr[4] | addr[5] << 8 | 0xff << 16); 5162 } 5163 5164 static void 5165 run_updateslot(struct ieee80211com *ic) 5166 { 5167 struct run_softc *sc = ic->ic_softc; 5168 uint32_t i; 5169 5170 i = RUN_CMDQ_GET(&sc->cmdq_store); 5171 DPRINTF("cmdq_store=%d\n", i); 5172 sc->cmdq[i].func = run_updateslot_cb; 5173 sc->cmdq[i].arg0 = ic; 5174 ieee80211_runtask(ic, &sc->cmdq_task); 5175 5176 return; 5177 } 5178 5179 /* ARGSUSED */ 5180 static void 5181 run_updateslot_cb(void *arg) 5182 { 5183 struct ieee80211com *ic = arg; 5184 struct run_softc *sc = ic->ic_softc; 5185 uint32_t tmp; 5186 5187 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5188 tmp &= ~0xff; 5189 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5190 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5191 } 5192 5193 static void 5194 run_update_mcast(struct ieee80211com *ic) 5195 { 5196 } 5197 5198 static int8_t 5199 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5200 { 5201 struct ieee80211com *ic = &sc->sc_ic; 5202 struct ieee80211_channel *c = ic->ic_curchan; 5203 int delta; 5204 5205 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5206 u_int chan = ieee80211_chan2ieee(ic, c); 5207 delta = sc->rssi_5ghz[rxchain]; 5208 5209 /* determine channel group */ 5210 if (chan <= 64) 5211 delta -= sc->lna[1]; 5212 else if (chan <= 128) 5213 delta -= sc->lna[2]; 5214 else 5215 delta -= sc->lna[3]; 5216 } else 5217 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5218 5219 return (-12 - delta - rssi); 5220 } 5221 5222 static void 5223 run_rt5390_bbp_init(struct run_softc *sc) 5224 { 5225 int i; 5226 uint8_t bbp; 5227 5228 /* Apply maximum likelihood detection for 2 stream case. */ 5229 run_bbp_read(sc, 105, &bbp); 5230 if (sc->nrxchains > 1) 5231 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5232 5233 /* Avoid data lost and CRC error. */ 5234 run_bbp_read(sc, 4, &bbp); 5235 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5236 5237 if (sc->mac_ver == 0x5592) { 5238 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5239 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5240 rt5592_def_bbp[i].val); 5241 } 5242 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5243 run_bbp_write(sc, 195, i + 0x80); 5244 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5245 } 5246 } else { 5247 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5248 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5249 rt5390_def_bbp[i].val); 5250 } 5251 } 5252 if (sc->mac_ver == 0x5392) { 5253 run_bbp_write(sc, 88, 0x90); 5254 run_bbp_write(sc, 95, 0x9a); 5255 run_bbp_write(sc, 98, 0x12); 5256 run_bbp_write(sc, 106, 0x12); 5257 run_bbp_write(sc, 134, 0xd0); 5258 run_bbp_write(sc, 135, 0xf6); 5259 run_bbp_write(sc, 148, 0x84); 5260 } 5261 5262 run_bbp_read(sc, 152, &bbp); 5263 run_bbp_write(sc, 152, bbp | 0x80); 5264 5265 /* Fix BBP254 for RT5592C. */ 5266 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5267 run_bbp_read(sc, 254, &bbp); 5268 run_bbp_write(sc, 254, bbp | 0x80); 5269 } 5270 5271 /* Disable hardware antenna diversity. */ 5272 if (sc->mac_ver == 0x5390) 5273 run_bbp_write(sc, 154, 0); 5274 5275 /* Initialize Rx CCK/OFDM frequency offset report. */ 5276 run_bbp_write(sc, 142, 1); 5277 run_bbp_write(sc, 143, 57); 5278 } 5279 5280 static int 5281 run_bbp_init(struct run_softc *sc) 5282 { 5283 int i, error, ntries; 5284 uint8_t bbp0; 5285 5286 /* wait for BBP to wake up */ 5287 for (ntries = 0; ntries < 20; ntries++) { 5288 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5289 return error; 5290 if (bbp0 != 0 && bbp0 != 0xff) 5291 break; 5292 } 5293 if (ntries == 20) 5294 return (ETIMEDOUT); 5295 5296 /* initialize BBP registers to default values */ 5297 if (sc->mac_ver >= 0x5390) 5298 run_rt5390_bbp_init(sc); 5299 else { 5300 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5301 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5302 rt2860_def_bbp[i].val); 5303 } 5304 } 5305 5306 if (sc->mac_ver == 0x3593) { 5307 run_bbp_write(sc, 79, 0x13); 5308 run_bbp_write(sc, 80, 0x05); 5309 run_bbp_write(sc, 81, 0x33); 5310 run_bbp_write(sc, 86, 0x46); 5311 run_bbp_write(sc, 137, 0x0f); 5312 } 5313 5314 /* fix BBP84 for RT2860E */ 5315 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5316 run_bbp_write(sc, 84, 0x19); 5317 5318 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5319 sc->mac_ver != 0x5592)) { 5320 run_bbp_write(sc, 79, 0x13); 5321 run_bbp_write(sc, 80, 0x05); 5322 run_bbp_write(sc, 81, 0x33); 5323 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5324 run_bbp_write(sc, 69, 0x16); 5325 run_bbp_write(sc, 73, 0x12); 5326 } 5327 return (0); 5328 } 5329 5330 static int 5331 run_rt3070_rf_init(struct run_softc *sc) 5332 { 5333 uint32_t tmp; 5334 uint8_t bbp4, mingain, rf, target; 5335 int i; 5336 5337 run_rt3070_rf_read(sc, 30, &rf); 5338 /* toggle RF R30 bit 7 */ 5339 run_rt3070_rf_write(sc, 30, rf | 0x80); 5340 run_delay(sc, 10); 5341 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5342 5343 /* initialize RF registers to default value */ 5344 if (sc->mac_ver == 0x3572) { 5345 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5346 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5347 rt3572_def_rf[i].val); 5348 } 5349 } else { 5350 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5351 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5352 rt3070_def_rf[i].val); 5353 } 5354 } 5355 5356 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5357 /* 5358 * Change voltage from 1.2V to 1.35V for RT3070. 5359 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5360 * in RT3070(F). 5361 */ 5362 run_read(sc, RT3070_LDO_CFG0, &tmp); 5363 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5364 run_write(sc, RT3070_LDO_CFG0, tmp); 5365 5366 } else if (sc->mac_ver == 0x3071) { 5367 run_rt3070_rf_read(sc, 6, &rf); 5368 run_rt3070_rf_write(sc, 6, rf | 0x40); 5369 run_rt3070_rf_write(sc, 31, 0x14); 5370 5371 run_read(sc, RT3070_LDO_CFG0, &tmp); 5372 tmp &= ~0x1f000000; 5373 if (sc->mac_rev < 0x0211) 5374 tmp |= 0x0d000000; /* 1.3V */ 5375 else 5376 tmp |= 0x01000000; /* 1.2V */ 5377 run_write(sc, RT3070_LDO_CFG0, tmp); 5378 5379 /* patch LNA_PE_G1 */ 5380 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5381 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5382 5383 } else if (sc->mac_ver == 0x3572) { 5384 run_rt3070_rf_read(sc, 6, &rf); 5385 run_rt3070_rf_write(sc, 6, rf | 0x40); 5386 5387 /* increase voltage from 1.2V to 1.35V */ 5388 run_read(sc, RT3070_LDO_CFG0, &tmp); 5389 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5390 run_write(sc, RT3070_LDO_CFG0, tmp); 5391 5392 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5393 run_delay(sc, 1); /* wait for 1msec */ 5394 /* decrease voltage back to 1.2V */ 5395 tmp = (tmp & ~0x1f000000) | 0x01000000; 5396 run_write(sc, RT3070_LDO_CFG0, tmp); 5397 } 5398 } 5399 5400 /* select 20MHz bandwidth */ 5401 run_rt3070_rf_read(sc, 31, &rf); 5402 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5403 5404 /* calibrate filter for 20MHz bandwidth */ 5405 sc->rf24_20mhz = 0x1f; /* default value */ 5406 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5407 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5408 5409 /* select 40MHz bandwidth */ 5410 run_bbp_read(sc, 4, &bbp4); 5411 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5412 run_rt3070_rf_read(sc, 31, &rf); 5413 run_rt3070_rf_write(sc, 31, rf | 0x20); 5414 5415 /* calibrate filter for 40MHz bandwidth */ 5416 sc->rf24_40mhz = 0x2f; /* default value */ 5417 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5418 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5419 5420 /* go back to 20MHz bandwidth */ 5421 run_bbp_read(sc, 4, &bbp4); 5422 run_bbp_write(sc, 4, bbp4 & ~0x18); 5423 5424 if (sc->mac_ver == 0x3572) { 5425 /* save default BBP registers 25 and 26 values */ 5426 run_bbp_read(sc, 25, &sc->bbp25); 5427 run_bbp_read(sc, 26, &sc->bbp26); 5428 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5429 run_rt3070_rf_write(sc, 27, 0x03); 5430 5431 run_read(sc, RT3070_OPT_14, &tmp); 5432 run_write(sc, RT3070_OPT_14, tmp | 1); 5433 5434 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5435 run_rt3070_rf_read(sc, 17, &rf); 5436 rf &= ~RT3070_TX_LO1; 5437 if ((sc->mac_ver == 0x3070 || 5438 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5439 !sc->ext_2ghz_lna) 5440 rf |= 0x20; /* fix for long range Rx issue */ 5441 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5442 if (sc->txmixgain_2ghz >= mingain) 5443 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5444 run_rt3070_rf_write(sc, 17, rf); 5445 } 5446 5447 if (sc->mac_ver == 0x3071) { 5448 run_rt3070_rf_read(sc, 1, &rf); 5449 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5450 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5451 run_rt3070_rf_write(sc, 1, rf); 5452 5453 run_rt3070_rf_read(sc, 15, &rf); 5454 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5455 5456 run_rt3070_rf_read(sc, 20, &rf); 5457 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5458 5459 run_rt3070_rf_read(sc, 21, &rf); 5460 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5461 } 5462 5463 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5464 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5465 run_rt3070_rf_read(sc, 27, &rf); 5466 rf &= ~0x77; 5467 if (sc->mac_rev < 0x0211) 5468 rf |= 0x03; 5469 run_rt3070_rf_write(sc, 27, rf); 5470 } 5471 return (0); 5472 } 5473 5474 static void 5475 run_rt3593_rf_init(struct run_softc *sc) 5476 { 5477 uint32_t tmp; 5478 uint8_t rf; 5479 int i; 5480 5481 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5482 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5483 tmp &= ~(1 << 4 | 1 << 7); 5484 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5485 5486 /* Initialize RF registers to default value. */ 5487 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5488 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5489 rt3593_def_rf[i].val); 5490 } 5491 5492 /* Toggle RF R2 to initiate calibration. */ 5493 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5494 5495 /* Initialize RF frequency offset. */ 5496 run_adjust_freq_offset(sc); 5497 5498 run_rt3070_rf_read(sc, 18, &rf); 5499 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5500 5501 /* 5502 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5503 * decrease voltage back to 1.2V. 5504 */ 5505 run_read(sc, RT3070_LDO_CFG0, &tmp); 5506 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5507 run_write(sc, RT3070_LDO_CFG0, tmp); 5508 run_delay(sc, 1); 5509 tmp = (tmp & ~0x1f000000) | 0x01000000; 5510 run_write(sc, RT3070_LDO_CFG0, tmp); 5511 5512 sc->rf24_20mhz = 0x1f; 5513 sc->rf24_40mhz = 0x2f; 5514 5515 /* Save default BBP registers 25 and 26 values. */ 5516 run_bbp_read(sc, 25, &sc->bbp25); 5517 run_bbp_read(sc, 26, &sc->bbp26); 5518 5519 run_read(sc, RT3070_OPT_14, &tmp); 5520 run_write(sc, RT3070_OPT_14, tmp | 1); 5521 } 5522 5523 static void 5524 run_rt5390_rf_init(struct run_softc *sc) 5525 { 5526 uint32_t tmp; 5527 uint8_t rf; 5528 int i; 5529 5530 /* Toggle RF R2 to initiate calibration. */ 5531 if (sc->mac_ver == 0x5390) { 5532 run_rt3070_rf_read(sc, 2, &rf); 5533 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5534 run_delay(sc, 10); 5535 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5536 } else { 5537 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5538 run_delay(sc, 10); 5539 } 5540 5541 /* Initialize RF registers to default value. */ 5542 if (sc->mac_ver == 0x5592) { 5543 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5544 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5545 rt5592_def_rf[i].val); 5546 } 5547 /* Initialize RF frequency offset. */ 5548 run_adjust_freq_offset(sc); 5549 } else if (sc->mac_ver == 0x5392) { 5550 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5551 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5552 rt5392_def_rf[i].val); 5553 } 5554 if (sc->mac_rev >= 0x0223) { 5555 run_rt3070_rf_write(sc, 23, 0x0f); 5556 run_rt3070_rf_write(sc, 24, 0x3e); 5557 run_rt3070_rf_write(sc, 51, 0x32); 5558 run_rt3070_rf_write(sc, 53, 0x22); 5559 run_rt3070_rf_write(sc, 56, 0xc1); 5560 run_rt3070_rf_write(sc, 59, 0x0f); 5561 } 5562 } else { 5563 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5564 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5565 rt5390_def_rf[i].val); 5566 } 5567 if (sc->mac_rev >= 0x0502) { 5568 run_rt3070_rf_write(sc, 6, 0xe0); 5569 run_rt3070_rf_write(sc, 25, 0x80); 5570 run_rt3070_rf_write(sc, 46, 0x73); 5571 run_rt3070_rf_write(sc, 53, 0x00); 5572 run_rt3070_rf_write(sc, 56, 0x42); 5573 run_rt3070_rf_write(sc, 61, 0xd1); 5574 } 5575 } 5576 5577 sc->rf24_20mhz = 0x1f; /* default value */ 5578 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5579 5580 if (sc->mac_rev < 0x0211) 5581 run_rt3070_rf_write(sc, 27, 0x3); 5582 5583 run_read(sc, RT3070_OPT_14, &tmp); 5584 run_write(sc, RT3070_OPT_14, tmp | 1); 5585 } 5586 5587 static int 5588 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5589 uint8_t *val) 5590 { 5591 uint8_t rf22, rf24; 5592 uint8_t bbp55_pb, bbp55_sb, delta; 5593 int ntries; 5594 5595 /* program filter */ 5596 run_rt3070_rf_read(sc, 24, &rf24); 5597 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5598 run_rt3070_rf_write(sc, 24, rf24); 5599 5600 /* enable baseband loopback mode */ 5601 run_rt3070_rf_read(sc, 22, &rf22); 5602 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5603 5604 /* set power and frequency of passband test tone */ 5605 run_bbp_write(sc, 24, 0x00); 5606 for (ntries = 0; ntries < 100; ntries++) { 5607 /* transmit test tone */ 5608 run_bbp_write(sc, 25, 0x90); 5609 run_delay(sc, 10); 5610 /* read received power */ 5611 run_bbp_read(sc, 55, &bbp55_pb); 5612 if (bbp55_pb != 0) 5613 break; 5614 } 5615 if (ntries == 100) 5616 return (ETIMEDOUT); 5617 5618 /* set power and frequency of stopband test tone */ 5619 run_bbp_write(sc, 24, 0x06); 5620 for (ntries = 0; ntries < 100; ntries++) { 5621 /* transmit test tone */ 5622 run_bbp_write(sc, 25, 0x90); 5623 run_delay(sc, 10); 5624 /* read received power */ 5625 run_bbp_read(sc, 55, &bbp55_sb); 5626 5627 delta = bbp55_pb - bbp55_sb; 5628 if (delta > target) 5629 break; 5630 5631 /* reprogram filter */ 5632 rf24++; 5633 run_rt3070_rf_write(sc, 24, rf24); 5634 } 5635 if (ntries < 100) { 5636 if (rf24 != init) 5637 rf24--; /* backtrack */ 5638 *val = rf24; 5639 run_rt3070_rf_write(sc, 24, rf24); 5640 } 5641 5642 /* restore initial state */ 5643 run_bbp_write(sc, 24, 0x00); 5644 5645 /* disable baseband loopback mode */ 5646 run_rt3070_rf_read(sc, 22, &rf22); 5647 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5648 5649 return (0); 5650 } 5651 5652 static void 5653 run_rt3070_rf_setup(struct run_softc *sc) 5654 { 5655 uint8_t bbp, rf; 5656 int i; 5657 5658 if (sc->mac_ver == 0x3572) { 5659 /* enable DC filter */ 5660 if (sc->mac_rev >= 0x0201) 5661 run_bbp_write(sc, 103, 0xc0); 5662 5663 run_bbp_read(sc, 138, &bbp); 5664 if (sc->ntxchains == 1) 5665 bbp |= 0x20; /* turn off DAC1 */ 5666 if (sc->nrxchains == 1) 5667 bbp &= ~0x02; /* turn off ADC1 */ 5668 run_bbp_write(sc, 138, bbp); 5669 5670 if (sc->mac_rev >= 0x0211) { 5671 /* improve power consumption */ 5672 run_bbp_read(sc, 31, &bbp); 5673 run_bbp_write(sc, 31, bbp & ~0x03); 5674 } 5675 5676 run_rt3070_rf_read(sc, 16, &rf); 5677 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5678 run_rt3070_rf_write(sc, 16, rf); 5679 5680 } else if (sc->mac_ver == 0x3071) { 5681 if (sc->mac_rev >= 0x0211) { 5682 /* enable DC filter */ 5683 run_bbp_write(sc, 103, 0xc0); 5684 5685 /* improve power consumption */ 5686 run_bbp_read(sc, 31, &bbp); 5687 run_bbp_write(sc, 31, bbp & ~0x03); 5688 } 5689 5690 run_bbp_read(sc, 138, &bbp); 5691 if (sc->ntxchains == 1) 5692 bbp |= 0x20; /* turn off DAC1 */ 5693 if (sc->nrxchains == 1) 5694 bbp &= ~0x02; /* turn off ADC1 */ 5695 run_bbp_write(sc, 138, bbp); 5696 5697 run_write(sc, RT2860_TX_SW_CFG1, 0); 5698 if (sc->mac_rev < 0x0211) { 5699 run_write(sc, RT2860_TX_SW_CFG2, 5700 sc->patch_dac ? 0x2c : 0x0f); 5701 } else 5702 run_write(sc, RT2860_TX_SW_CFG2, 0); 5703 5704 } else if (sc->mac_ver == 0x3070) { 5705 if (sc->mac_rev >= 0x0201) { 5706 /* enable DC filter */ 5707 run_bbp_write(sc, 103, 0xc0); 5708 5709 /* improve power consumption */ 5710 run_bbp_read(sc, 31, &bbp); 5711 run_bbp_write(sc, 31, bbp & ~0x03); 5712 } 5713 5714 if (sc->mac_rev < 0x0201) { 5715 run_write(sc, RT2860_TX_SW_CFG1, 0); 5716 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5717 } else 5718 run_write(sc, RT2860_TX_SW_CFG2, 0); 5719 } 5720 5721 /* initialize RF registers from ROM for >=RT3071*/ 5722 if (sc->mac_ver >= 0x3071) { 5723 for (i = 0; i < 10; i++) { 5724 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5725 continue; 5726 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5727 } 5728 } 5729 } 5730 5731 static void 5732 run_rt3593_rf_setup(struct run_softc *sc) 5733 { 5734 uint8_t bbp, rf; 5735 5736 if (sc->mac_rev >= 0x0211) { 5737 /* Enable DC filter. */ 5738 run_bbp_write(sc, 103, 0xc0); 5739 } 5740 run_write(sc, RT2860_TX_SW_CFG1, 0); 5741 if (sc->mac_rev < 0x0211) { 5742 run_write(sc, RT2860_TX_SW_CFG2, 5743 sc->patch_dac ? 0x2c : 0x0f); 5744 } else 5745 run_write(sc, RT2860_TX_SW_CFG2, 0); 5746 5747 run_rt3070_rf_read(sc, 50, &rf); 5748 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5749 5750 run_rt3070_rf_read(sc, 51, &rf); 5751 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5752 ((sc->txmixgain_2ghz & 0x07) << 2); 5753 run_rt3070_rf_write(sc, 51, rf); 5754 5755 run_rt3070_rf_read(sc, 38, &rf); 5756 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5757 5758 run_rt3070_rf_read(sc, 39, &rf); 5759 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5760 5761 run_rt3070_rf_read(sc, 1, &rf); 5762 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5763 5764 run_rt3070_rf_read(sc, 30, &rf); 5765 rf = (rf & ~0x18) | 0x10; 5766 run_rt3070_rf_write(sc, 30, rf); 5767 5768 /* Apply maximum likelihood detection for 2 stream case. */ 5769 run_bbp_read(sc, 105, &bbp); 5770 if (sc->nrxchains > 1) 5771 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5772 5773 /* Avoid data lost and CRC error. */ 5774 run_bbp_read(sc, 4, &bbp); 5775 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5776 5777 run_bbp_write(sc, 92, 0x02); 5778 run_bbp_write(sc, 82, 0x82); 5779 run_bbp_write(sc, 106, 0x05); 5780 run_bbp_write(sc, 104, 0x92); 5781 run_bbp_write(sc, 88, 0x90); 5782 run_bbp_write(sc, 148, 0xc8); 5783 run_bbp_write(sc, 47, 0x48); 5784 run_bbp_write(sc, 120, 0x50); 5785 5786 run_bbp_write(sc, 163, 0x9d); 5787 5788 /* SNR mapping. */ 5789 run_bbp_write(sc, 142, 0x06); 5790 run_bbp_write(sc, 143, 0xa0); 5791 run_bbp_write(sc, 142, 0x07); 5792 run_bbp_write(sc, 143, 0xa1); 5793 run_bbp_write(sc, 142, 0x08); 5794 run_bbp_write(sc, 143, 0xa2); 5795 5796 run_bbp_write(sc, 31, 0x08); 5797 run_bbp_write(sc, 68, 0x0b); 5798 run_bbp_write(sc, 105, 0x04); 5799 } 5800 5801 static void 5802 run_rt5390_rf_setup(struct run_softc *sc) 5803 { 5804 uint8_t bbp, rf; 5805 5806 if (sc->mac_rev >= 0x0211) { 5807 /* Enable DC filter. */ 5808 run_bbp_write(sc, 103, 0xc0); 5809 5810 if (sc->mac_ver != 0x5592) { 5811 /* Improve power consumption. */ 5812 run_bbp_read(sc, 31, &bbp); 5813 run_bbp_write(sc, 31, bbp & ~0x03); 5814 } 5815 } 5816 5817 run_bbp_read(sc, 138, &bbp); 5818 if (sc->ntxchains == 1) 5819 bbp |= 0x20; /* turn off DAC1 */ 5820 if (sc->nrxchains == 1) 5821 bbp &= ~0x02; /* turn off ADC1 */ 5822 run_bbp_write(sc, 138, bbp); 5823 5824 run_rt3070_rf_read(sc, 38, &rf); 5825 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5826 5827 run_rt3070_rf_read(sc, 39, &rf); 5828 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5829 5830 /* Avoid data lost and CRC error. */ 5831 run_bbp_read(sc, 4, &bbp); 5832 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5833 5834 run_rt3070_rf_read(sc, 30, &rf); 5835 rf = (rf & ~0x18) | 0x10; 5836 run_rt3070_rf_write(sc, 30, rf); 5837 5838 if (sc->mac_ver != 0x5592) { 5839 run_write(sc, RT2860_TX_SW_CFG1, 0); 5840 if (sc->mac_rev < 0x0211) { 5841 run_write(sc, RT2860_TX_SW_CFG2, 5842 sc->patch_dac ? 0x2c : 0x0f); 5843 } else 5844 run_write(sc, RT2860_TX_SW_CFG2, 0); 5845 } 5846 } 5847 5848 static int 5849 run_txrx_enable(struct run_softc *sc) 5850 { 5851 struct ieee80211com *ic = &sc->sc_ic; 5852 uint32_t tmp; 5853 int error, ntries; 5854 5855 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5856 for (ntries = 0; ntries < 200; ntries++) { 5857 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5858 return (error); 5859 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5860 break; 5861 run_delay(sc, 50); 5862 } 5863 if (ntries == 200) 5864 return (ETIMEDOUT); 5865 5866 run_delay(sc, 50); 5867 5868 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5869 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5870 5871 /* enable Rx bulk aggregation (set timeout and limit) */ 5872 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5873 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5874 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5875 5876 /* set Rx filter */ 5877 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5878 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5879 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5880 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5881 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5882 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5883 if (ic->ic_opmode == IEEE80211_M_STA) 5884 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5885 } 5886 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5887 5888 run_write(sc, RT2860_MAC_SYS_CTRL, 5889 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5890 5891 return (0); 5892 } 5893 5894 static void 5895 run_adjust_freq_offset(struct run_softc *sc) 5896 { 5897 uint8_t rf, tmp; 5898 5899 run_rt3070_rf_read(sc, 17, &rf); 5900 tmp = rf; 5901 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5902 rf = MIN(rf, 0x5f); 5903 5904 if (tmp != rf) 5905 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5906 } 5907 5908 static void 5909 run_init_locked(struct run_softc *sc) 5910 { 5911 struct ieee80211com *ic = &sc->sc_ic; 5912 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5913 uint32_t tmp; 5914 uint8_t bbp1, bbp3; 5915 int i; 5916 int ridx; 5917 int ntries; 5918 5919 if (ic->ic_nrunning > 1) 5920 return; 5921 5922 run_stop(sc); 5923 5924 if (run_load_microcode(sc) != 0) { 5925 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5926 goto fail; 5927 } 5928 5929 for (ntries = 0; ntries < 100; ntries++) { 5930 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5931 goto fail; 5932 if (tmp != 0 && tmp != 0xffffffff) 5933 break; 5934 run_delay(sc, 10); 5935 } 5936 if (ntries == 100) 5937 goto fail; 5938 5939 for (i = 0; i != RUN_EP_QUEUES; i++) 5940 run_setup_tx_list(sc, &sc->sc_epq[i]); 5941 5942 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5943 5944 for (ntries = 0; ntries < 100; ntries++) { 5945 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5946 goto fail; 5947 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5948 break; 5949 run_delay(sc, 10); 5950 } 5951 if (ntries == 100) { 5952 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5953 goto fail; 5954 } 5955 tmp &= 0xff0; 5956 tmp |= RT2860_TX_WB_DDONE; 5957 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5958 5959 /* turn off PME_OEN to solve high-current issue */ 5960 run_read(sc, RT2860_SYS_CTRL, &tmp); 5961 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5962 5963 run_write(sc, RT2860_MAC_SYS_CTRL, 5964 RT2860_BBP_HRST | RT2860_MAC_SRST); 5965 run_write(sc, RT2860_USB_DMA_CFG, 0); 5966 5967 if (run_reset(sc) != 0) { 5968 device_printf(sc->sc_dev, "could not reset chipset\n"); 5969 goto fail; 5970 } 5971 5972 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5973 5974 /* init Tx power for all Tx rates (from EEPROM) */ 5975 for (ridx = 0; ridx < 5; ridx++) { 5976 if (sc->txpow20mhz[ridx] == 0xffffffff) 5977 continue; 5978 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5979 } 5980 5981 for (i = 0; i < nitems(rt2870_def_mac); i++) 5982 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5983 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5984 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5985 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5986 5987 if (sc->mac_ver >= 0x5390) { 5988 run_write(sc, RT2860_TX_SW_CFG0, 5989 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5990 if (sc->mac_ver >= 0x5392) { 5991 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5992 if (sc->mac_ver == 0x5592) { 5993 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5994 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5995 } else { 5996 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5997 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5998 } 5999 } 6000 } else if (sc->mac_ver == 0x3593) { 6001 run_write(sc, RT2860_TX_SW_CFG0, 6002 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6003 } else if (sc->mac_ver >= 0x3070) { 6004 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6005 run_write(sc, RT2860_TX_SW_CFG0, 6006 4 << RT2860_DLY_PAPE_EN_SHIFT); 6007 } 6008 6009 /* wait while MAC is busy */ 6010 for (ntries = 0; ntries < 100; ntries++) { 6011 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6012 goto fail; 6013 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6014 break; 6015 run_delay(sc, 10); 6016 } 6017 if (ntries == 100) 6018 goto fail; 6019 6020 /* clear Host to MCU mailbox */ 6021 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6022 run_write(sc, RT2860_H2M_MAILBOX, 0); 6023 run_delay(sc, 10); 6024 6025 if (run_bbp_init(sc) != 0) { 6026 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6027 goto fail; 6028 } 6029 6030 /* abort TSF synchronization */ 6031 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6032 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6033 RT2860_TBTT_TIMER_EN); 6034 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6035 6036 /* clear RX WCID search table */ 6037 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6038 /* clear WCID attribute table */ 6039 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6040 6041 /* hostapd sets a key before init. So, don't clear it. */ 6042 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6043 /* clear shared key table */ 6044 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6045 /* clear shared key mode */ 6046 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6047 } 6048 6049 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6050 tmp = (tmp & ~0xff) | 0x1e; 6051 run_write(sc, RT2860_US_CYC_CNT, tmp); 6052 6053 if (sc->mac_rev != 0x0101) 6054 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6055 6056 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6057 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6058 6059 /* write vendor-specific BBP values (from EEPROM) */ 6060 if (sc->mac_ver < 0x3593) { 6061 for (i = 0; i < 10; i++) { 6062 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6063 continue; 6064 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6065 } 6066 } 6067 6068 /* select Main antenna for 1T1R devices */ 6069 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6070 run_set_rx_antenna(sc, 0); 6071 6072 /* send LEDs operating mode to microcontroller */ 6073 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6074 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6075 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6076 6077 if (sc->mac_ver >= 0x5390) 6078 run_rt5390_rf_init(sc); 6079 else if (sc->mac_ver == 0x3593) 6080 run_rt3593_rf_init(sc); 6081 else if (sc->mac_ver >= 0x3070) 6082 run_rt3070_rf_init(sc); 6083 6084 /* disable non-existing Rx chains */ 6085 run_bbp_read(sc, 3, &bbp3); 6086 bbp3 &= ~(1 << 3 | 1 << 4); 6087 if (sc->nrxchains == 2) 6088 bbp3 |= 1 << 3; 6089 else if (sc->nrxchains == 3) 6090 bbp3 |= 1 << 4; 6091 run_bbp_write(sc, 3, bbp3); 6092 6093 /* disable non-existing Tx chains */ 6094 run_bbp_read(sc, 1, &bbp1); 6095 if (sc->ntxchains == 1) 6096 bbp1 &= ~(1 << 3 | 1 << 4); 6097 run_bbp_write(sc, 1, bbp1); 6098 6099 if (sc->mac_ver >= 0x5390) 6100 run_rt5390_rf_setup(sc); 6101 else if (sc->mac_ver == 0x3593) 6102 run_rt3593_rf_setup(sc); 6103 else if (sc->mac_ver >= 0x3070) 6104 run_rt3070_rf_setup(sc); 6105 6106 /* select default channel */ 6107 run_set_chan(sc, ic->ic_curchan); 6108 6109 /* setup initial protection mode */ 6110 run_updateprot_cb(ic); 6111 6112 /* turn radio LED on */ 6113 run_set_leds(sc, RT2860_LED_RADIO); 6114 6115 sc->sc_flags |= RUN_RUNNING; 6116 sc->cmdq_run = RUN_CMDQ_GO; 6117 6118 for (i = 0; i != RUN_N_XFER; i++) 6119 usbd_xfer_set_stall(sc->sc_xfer[i]); 6120 6121 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6122 6123 if (run_txrx_enable(sc) != 0) 6124 goto fail; 6125 6126 return; 6127 6128 fail: 6129 run_stop(sc); 6130 } 6131 6132 static void 6133 run_stop(void *arg) 6134 { 6135 struct run_softc *sc = (struct run_softc *)arg; 6136 uint32_t tmp; 6137 int i; 6138 int ntries; 6139 6140 RUN_LOCK_ASSERT(sc, MA_OWNED); 6141 6142 if (sc->sc_flags & RUN_RUNNING) 6143 run_set_leds(sc, 0); /* turn all LEDs off */ 6144 6145 sc->sc_flags &= ~RUN_RUNNING; 6146 6147 sc->ratectl_run = RUN_RATECTL_OFF; 6148 sc->cmdq_run = sc->cmdq_key_set; 6149 6150 RUN_UNLOCK(sc); 6151 6152 for(i = 0; i < RUN_N_XFER; i++) 6153 usbd_transfer_drain(sc->sc_xfer[i]); 6154 6155 RUN_LOCK(sc); 6156 6157 run_drain_mbufq(sc); 6158 6159 if (sc->rx_m != NULL) { 6160 m_free(sc->rx_m); 6161 sc->rx_m = NULL; 6162 } 6163 6164 /* Disable Tx/Rx DMA. */ 6165 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6166 return; 6167 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6168 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6169 6170 for (ntries = 0; ntries < 100; ntries++) { 6171 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6172 return; 6173 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6174 break; 6175 run_delay(sc, 10); 6176 } 6177 if (ntries == 100) { 6178 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6179 return; 6180 } 6181 6182 /* disable Tx/Rx */ 6183 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6184 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6185 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6186 6187 /* wait for pending Tx to complete */ 6188 for (ntries = 0; ntries < 100; ntries++) { 6189 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6190 DPRINTF("Cannot read Tx queue count\n"); 6191 break; 6192 } 6193 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6194 DPRINTF("All Tx cleared\n"); 6195 break; 6196 } 6197 run_delay(sc, 10); 6198 } 6199 if (ntries >= 100) 6200 DPRINTF("There are still pending Tx\n"); 6201 run_delay(sc, 10); 6202 run_write(sc, RT2860_USB_DMA_CFG, 0); 6203 6204 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6205 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6206 6207 for (i = 0; i != RUN_EP_QUEUES; i++) 6208 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6209 } 6210 6211 static void 6212 run_delay(struct run_softc *sc, u_int ms) 6213 { 6214 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6215 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6216 } 6217 6218 static device_method_t run_methods[] = { 6219 /* Device interface */ 6220 DEVMETHOD(device_probe, run_match), 6221 DEVMETHOD(device_attach, run_attach), 6222 DEVMETHOD(device_detach, run_detach), 6223 DEVMETHOD_END 6224 }; 6225 6226 static driver_t run_driver = { 6227 .name = "run", 6228 .methods = run_methods, 6229 .size = sizeof(struct run_softc) 6230 }; 6231 6232 static devclass_t run_devclass; 6233 6234 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6235 MODULE_DEPEND(run, wlan, 1, 1, 1); 6236 MODULE_DEPEND(run, usb, 1, 1, 1); 6237 MODULE_DEPEND(run, firmware, 1, 1, 1); 6238 MODULE_VERSION(run, 1); 6239