1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/eventhandler.h> 32 #include <sys/sockio.h> 33 #include <sys/sysctl.h> 34 #include <sys/lock.h> 35 #include <sys/mutex.h> 36 #include <sys/mbuf.h> 37 #include <sys/kernel.h> 38 #include <sys/socket.h> 39 #include <sys/systm.h> 40 #include <sys/malloc.h> 41 #include <sys/module.h> 42 #include <sys/bus.h> 43 #include <sys/endian.h> 44 #include <sys/linker.h> 45 #include <sys/firmware.h> 46 #include <sys/kdb.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_var.h> 51 #include <net/if_arp.h> 52 #include <net/ethernet.h> 53 #include <net/if_dl.h> 54 #include <net/if_media.h> 55 #include <net/if_types.h> 56 57 #include <netinet/in.h> 58 #include <netinet/in_systm.h> 59 #include <netinet/in_var.h> 60 #include <netinet/if_ether.h> 61 #include <netinet/ip.h> 62 63 #include <net80211/ieee80211_var.h> 64 #include <net80211/ieee80211_regdomain.h> 65 #include <net80211/ieee80211_radiotap.h> 66 #include <net80211/ieee80211_ratectl.h> 67 #ifdef IEEE80211_SUPPORT_SUPERG 68 #include <net80211/ieee80211_superg.h> 69 #endif 70 71 #include <dev/usb/usb.h> 72 #include <dev/usb/usbdi.h> 73 #include "usbdevs.h" 74 75 #define USB_DEBUG_VAR run_debug 76 #include <dev/usb/usb_debug.h> 77 #include <dev/usb/usb_msctest.h> 78 79 #include <dev/usb/wlan/if_runreg.h> 80 #include <dev/usb/wlan/if_runvar.h> 81 82 #ifdef USB_DEBUG 83 #define RUN_DEBUG 84 #endif 85 86 #ifdef RUN_DEBUG 87 int run_debug = 0; 88 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 89 "USB run"); 90 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 91 "run debug level"); 92 93 enum { 94 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 95 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 96 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 97 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 98 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 99 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 100 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 101 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 102 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 103 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 104 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 105 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 106 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 107 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 108 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 109 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 110 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 111 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 112 RUN_DEBUG_ANY = 0xffffffff 113 }; 114 115 #define RUN_DPRINTF(_sc, _m, ...) do { \ 116 if (run_debug & (_m)) \ 117 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 118 } while(0) 119 #else 120 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 121 #endif 122 123 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 124 125 /* 126 * Because of LOR in run_key_delete(), use atomic instead. 127 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 128 */ 129 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 130 131 static const STRUCT_USB_HOST_ID run_devs[] = { 132 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 133 #define RUN_DEV_EJECT(v,p) \ 134 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 135 #define RUN_EJECT 1 136 RUN_DEV(ABOCOM, RT2770), 137 RUN_DEV(ABOCOM, RT2870), 138 RUN_DEV(ABOCOM, RT3070), 139 RUN_DEV(ABOCOM, RT3071), 140 RUN_DEV(ABOCOM, RT3072), 141 RUN_DEV(ABOCOM2, RT2870_1), 142 RUN_DEV(ACCTON, RT2770), 143 RUN_DEV(ACCTON, RT2870_1), 144 RUN_DEV(ACCTON, RT2870_2), 145 RUN_DEV(ACCTON, RT2870_3), 146 RUN_DEV(ACCTON, RT2870_4), 147 RUN_DEV(ACCTON, RT2870_5), 148 RUN_DEV(ACCTON, RT3070), 149 RUN_DEV(ACCTON, RT3070_1), 150 RUN_DEV(ACCTON, RT3070_2), 151 RUN_DEV(ACCTON, RT3070_3), 152 RUN_DEV(ACCTON, RT3070_4), 153 RUN_DEV(ACCTON, RT3070_5), 154 RUN_DEV(AIRTIES, RT3070), 155 RUN_DEV(ALLWIN, RT2070), 156 RUN_DEV(ALLWIN, RT2770), 157 RUN_DEV(ALLWIN, RT2870), 158 RUN_DEV(ALLWIN, RT3070), 159 RUN_DEV(ALLWIN, RT3071), 160 RUN_DEV(ALLWIN, RT3072), 161 RUN_DEV(ALLWIN, RT3572), 162 RUN_DEV(AMIGO, RT2870_1), 163 RUN_DEV(AMIGO, RT2870_2), 164 RUN_DEV(AMIT, CGWLUSB2GNR), 165 RUN_DEV(AMIT, RT2870_1), 166 RUN_DEV(AMIT2, RT2870), 167 RUN_DEV(ASUS, RT2870_1), 168 RUN_DEV(ASUS, RT2870_2), 169 RUN_DEV(ASUS, RT2870_3), 170 RUN_DEV(ASUS, RT2870_4), 171 RUN_DEV(ASUS, RT2870_5), 172 RUN_DEV(ASUS, USBN13), 173 RUN_DEV(ASUS, RT3070_1), 174 RUN_DEV(ASUS, USBN66), 175 RUN_DEV(ASUS, USB_N53), 176 RUN_DEV(ASUS, USBN14), 177 RUN_DEV(ASUS2, USBN11), 178 RUN_DEV(AZUREWAVE, RT2870_1), 179 RUN_DEV(AZUREWAVE, RT2870_2), 180 RUN_DEV(AZUREWAVE, RT3070_1), 181 RUN_DEV(AZUREWAVE, RT3070_2), 182 RUN_DEV(AZUREWAVE, RT3070_3), 183 RUN_DEV(BELKIN, F9L1103), 184 RUN_DEV(BELKIN, F5D8053V3), 185 RUN_DEV(BELKIN, F5D8055), 186 RUN_DEV(BELKIN, F5D8055V2), 187 RUN_DEV(BELKIN, F6D4050V1), 188 RUN_DEV(BELKIN, F6D4050V2), 189 RUN_DEV(BELKIN, RT2870_1), 190 RUN_DEV(BELKIN, RT2870_2), 191 RUN_DEV(CISCOLINKSYS, AE1000), 192 RUN_DEV(CISCOLINKSYS2, RT3070), 193 RUN_DEV(CISCOLINKSYS3, RT3070), 194 RUN_DEV(CONCEPTRONIC2, RT2870_1), 195 RUN_DEV(CONCEPTRONIC2, RT2870_2), 196 RUN_DEV(CONCEPTRONIC2, RT2870_3), 197 RUN_DEV(CONCEPTRONIC2, RT2870_4), 198 RUN_DEV(CONCEPTRONIC2, RT2870_5), 199 RUN_DEV(CONCEPTRONIC2, RT2870_6), 200 RUN_DEV(CONCEPTRONIC2, RT2870_7), 201 RUN_DEV(CONCEPTRONIC2, RT2870_8), 202 RUN_DEV(CONCEPTRONIC2, RT3070_1), 203 RUN_DEV(CONCEPTRONIC2, RT3070_2), 204 RUN_DEV(CONCEPTRONIC2, VIGORN61), 205 RUN_DEV(COREGA, CGWLUSB300GNM), 206 RUN_DEV(COREGA, RT2870_1), 207 RUN_DEV(COREGA, RT2870_2), 208 RUN_DEV(COREGA, RT2870_3), 209 RUN_DEV(COREGA, RT3070), 210 RUN_DEV(CYBERTAN, RT2870), 211 RUN_DEV(DLINK, RT2870), 212 RUN_DEV(DLINK, RT3072), 213 RUN_DEV(DLINK, DWA125A3), 214 RUN_DEV(DLINK, DWA127), 215 RUN_DEV(DLINK, DWA140B3), 216 RUN_DEV(DLINK, DWA160B2), 217 RUN_DEV(DLINK, DWA140D1), 218 RUN_DEV(DLINK, DWA130F1), 219 RUN_DEV(DLINK, DWA162), 220 RUN_DEV(DLINK2, DWA130), 221 RUN_DEV(DLINK2, RT2870_1), 222 RUN_DEV(DLINK2, RT2870_2), 223 RUN_DEV(DLINK2, RT3070_1), 224 RUN_DEV(DLINK2, RT3070_2), 225 RUN_DEV(DLINK2, RT3070_3), 226 RUN_DEV(DLINK2, RT3070_4), 227 RUN_DEV(DLINK2, RT3070_5), 228 RUN_DEV(DLINK2, RT3072), 229 RUN_DEV(DLINK2, RT3072_1), 230 RUN_DEV(EDIMAX, EW7717), 231 RUN_DEV(EDIMAX, EW7718), 232 RUN_DEV(EDIMAX, EW7733UND), 233 RUN_DEV(EDIMAX, RT2870_1), 234 RUN_DEV(ENCORE, RT3070_1), 235 RUN_DEV(ENCORE, RT3070_2), 236 RUN_DEV(ENCORE, RT3070_3), 237 RUN_DEV(GIGABYTE, GNWB31N), 238 RUN_DEV(GIGABYTE, GNWB32L), 239 RUN_DEV(GIGABYTE, RT2870_1), 240 RUN_DEV(GIGASET, RT3070_1), 241 RUN_DEV(GIGASET, RT3070_2), 242 RUN_DEV(GUILLEMOT, HWNU300), 243 RUN_DEV(HAWKING, HWUN2), 244 RUN_DEV(HAWKING, RT2870_1), 245 RUN_DEV(HAWKING, RT2870_2), 246 RUN_DEV(HAWKING, RT3070), 247 RUN_DEV(IODATA, RT3072_1), 248 RUN_DEV(IODATA, RT3072_2), 249 RUN_DEV(IODATA, RT3072_3), 250 RUN_DEV(IODATA, RT3072_4), 251 RUN_DEV(LINKSYS4, RT3070), 252 RUN_DEV(LINKSYS4, WUSB100), 253 RUN_DEV(LINKSYS4, WUSB54GCV3), 254 RUN_DEV(LINKSYS4, WUSB600N), 255 RUN_DEV(LINKSYS4, WUSB600NV2), 256 RUN_DEV(LOGITEC, RT2870_1), 257 RUN_DEV(LOGITEC, RT2870_2), 258 RUN_DEV(LOGITEC, RT2870_3), 259 RUN_DEV(LOGITEC, LANW300NU2), 260 RUN_DEV(LOGITEC, LANW150NU2), 261 RUN_DEV(LOGITEC, LANW300NU2S), 262 RUN_DEV(MELCO, WLIUCG300HP), 263 RUN_DEV(MELCO, RT2870_2), 264 RUN_DEV(MELCO, WLIUCAG300N), 265 RUN_DEV(MELCO, WLIUCG300N), 266 RUN_DEV(MELCO, WLIUCG301N), 267 RUN_DEV(MELCO, WLIUCGN), 268 RUN_DEV(MELCO, WLIUCGNM), 269 RUN_DEV(MELCO, WLIUCG300HPV1), 270 RUN_DEV(MELCO, WLIUCGNM2), 271 RUN_DEV(MOTOROLA4, RT2770), 272 RUN_DEV(MOTOROLA4, RT3070), 273 RUN_DEV(MSI, RT3070_1), 274 RUN_DEV(MSI, RT3070_2), 275 RUN_DEV(MSI, RT3070_3), 276 RUN_DEV(MSI, RT3070_4), 277 RUN_DEV(MSI, RT3070_5), 278 RUN_DEV(MSI, RT3070_6), 279 RUN_DEV(MSI, RT3070_7), 280 RUN_DEV(MSI, RT3070_8), 281 RUN_DEV(MSI, RT3070_9), 282 RUN_DEV(MSI, RT3070_10), 283 RUN_DEV(MSI, RT3070_11), 284 RUN_DEV(NETGEAR, WNDA4100), 285 RUN_DEV(OVISLINK, RT3072), 286 RUN_DEV(PARA, RT3070), 287 RUN_DEV(PEGATRON, RT2870), 288 RUN_DEV(PEGATRON, RT3070), 289 RUN_DEV(PEGATRON, RT3070_2), 290 RUN_DEV(PEGATRON, RT3070_3), 291 RUN_DEV(PHILIPS, RT2870), 292 RUN_DEV(PLANEX2, GWUS300MINIS), 293 RUN_DEV(PLANEX2, GWUSMICRON), 294 RUN_DEV(PLANEX2, RT2870), 295 RUN_DEV(PLANEX2, RT3070), 296 RUN_DEV(QCOM, RT2870), 297 RUN_DEV(QUANTA, RT3070), 298 RUN_DEV(RALINK, RT2070), 299 RUN_DEV(RALINK, RT2770), 300 RUN_DEV(RALINK, RT2870), 301 RUN_DEV(RALINK, RT3070), 302 RUN_DEV(RALINK, RT3071), 303 RUN_DEV(RALINK, RT3072), 304 RUN_DEV(RALINK, RT3370), 305 RUN_DEV(RALINK, RT3572), 306 RUN_DEV(RALINK, RT3573), 307 RUN_DEV(RALINK, RT5370), 308 RUN_DEV(RALINK, RT5372), 309 RUN_DEV(RALINK, RT5572), 310 RUN_DEV(RALINK, RT8070), 311 RUN_DEV(SAMSUNG, WIS09ABGN), 312 RUN_DEV(SAMSUNG2, RT2870_1), 313 RUN_DEV(SENAO, RT2870_1), 314 RUN_DEV(SENAO, RT2870_2), 315 RUN_DEV(SENAO, RT2870_3), 316 RUN_DEV(SENAO, RT2870_4), 317 RUN_DEV(SENAO, RT3070), 318 RUN_DEV(SENAO, RT3071), 319 RUN_DEV(SENAO, RT3072_1), 320 RUN_DEV(SENAO, RT3072_2), 321 RUN_DEV(SENAO, RT3072_3), 322 RUN_DEV(SENAO, RT3072_4), 323 RUN_DEV(SENAO, RT3072_5), 324 RUN_DEV(SITECOMEU, RT2770), 325 RUN_DEV(SITECOMEU, RT2870_1), 326 RUN_DEV(SITECOMEU, RT2870_2), 327 RUN_DEV(SITECOMEU, RT2870_3), 328 RUN_DEV(SITECOMEU, RT2870_4), 329 RUN_DEV(SITECOMEU, RT3070), 330 RUN_DEV(SITECOMEU, RT3070_2), 331 RUN_DEV(SITECOMEU, RT3070_3), 332 RUN_DEV(SITECOMEU, RT3070_4), 333 RUN_DEV(SITECOMEU, RT3071), 334 RUN_DEV(SITECOMEU, RT3072_1), 335 RUN_DEV(SITECOMEU, RT3072_2), 336 RUN_DEV(SITECOMEU, RT3072_3), 337 RUN_DEV(SITECOMEU, RT3072_4), 338 RUN_DEV(SITECOMEU, RT3072_5), 339 RUN_DEV(SITECOMEU, RT3072_6), 340 RUN_DEV(SITECOMEU, WL608), 341 RUN_DEV(SPARKLAN, RT2870_1), 342 RUN_DEV(SPARKLAN, RT3070), 343 RUN_DEV(SWEEX2, LW153), 344 RUN_DEV(SWEEX2, LW303), 345 RUN_DEV(SWEEX2, LW313), 346 RUN_DEV(TOSHIBA, RT3070), 347 RUN_DEV(UMEDIA, RT2870_1), 348 RUN_DEV(ZCOM, RT2870_1), 349 RUN_DEV(ZCOM, RT2870_2), 350 RUN_DEV(ZINWELL, RT2870_1), 351 RUN_DEV(ZINWELL, RT2870_2), 352 RUN_DEV(ZINWELL, RT3070), 353 RUN_DEV(ZINWELL, RT3072_1), 354 RUN_DEV(ZINWELL, RT3072_2), 355 RUN_DEV(ZYXEL, RT2870_1), 356 RUN_DEV(ZYXEL, RT2870_2), 357 RUN_DEV(ZYXEL, RT3070), 358 RUN_DEV_EJECT(ZYXEL, NWD2705), 359 RUN_DEV_EJECT(RALINK, RT_STOR), 360 #undef RUN_DEV_EJECT 361 #undef RUN_DEV 362 }; 363 364 static device_probe_t run_match; 365 static device_attach_t run_attach; 366 static device_detach_t run_detach; 367 368 static usb_callback_t run_bulk_rx_callback; 369 static usb_callback_t run_bulk_tx_callback0; 370 static usb_callback_t run_bulk_tx_callback1; 371 static usb_callback_t run_bulk_tx_callback2; 372 static usb_callback_t run_bulk_tx_callback3; 373 static usb_callback_t run_bulk_tx_callback4; 374 static usb_callback_t run_bulk_tx_callback5; 375 376 static void run_autoinst(void *, struct usb_device *, 377 struct usb_attach_arg *); 378 static int run_driver_loaded(struct module *, int, void *); 379 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 380 usb_error_t error, u_int index); 381 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 382 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 383 const uint8_t [IEEE80211_ADDR_LEN], 384 const uint8_t [IEEE80211_ADDR_LEN]); 385 static void run_vap_delete(struct ieee80211vap *); 386 static void run_cmdq_cb(void *, int); 387 static void run_setup_tx_list(struct run_softc *, 388 struct run_endpoint_queue *); 389 static void run_unsetup_tx_list(struct run_softc *, 390 struct run_endpoint_queue *); 391 static int run_load_microcode(struct run_softc *); 392 static int run_reset(struct run_softc *); 393 static usb_error_t run_do_request(struct run_softc *, 394 struct usb_device_request *, void *); 395 static int run_read(struct run_softc *, uint16_t, uint32_t *); 396 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 397 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 398 static int run_write(struct run_softc *, uint16_t, uint32_t); 399 static int run_write_region_1(struct run_softc *, uint16_t, 400 const uint8_t *, int); 401 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 402 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 403 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 404 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 405 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 406 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 407 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 408 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 409 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 410 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 411 static const char *run_get_rf(uint16_t); 412 static void run_rt3593_get_txpower(struct run_softc *); 413 static void run_get_txpower(struct run_softc *); 414 static int run_read_eeprom(struct run_softc *); 415 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 416 const uint8_t mac[IEEE80211_ADDR_LEN]); 417 static int run_media_change(struct ifnet *); 418 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 419 static int run_wme_update(struct ieee80211com *); 420 static void run_key_set_cb(void *); 421 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 422 static void run_key_delete_cb(void *); 423 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 424 static void run_ratectl_to(void *); 425 static void run_ratectl_cb(void *, int); 426 static void run_drain_fifo(void *); 427 static void run_iter_func(void *, struct ieee80211_node *); 428 static void run_newassoc_cb(void *); 429 static void run_newassoc(struct ieee80211_node *, int); 430 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 431 const struct ieee80211_rx_stats *, int, int); 432 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 433 static void run_tx_free(struct run_endpoint_queue *pq, 434 struct run_tx_data *, int); 435 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 436 static int run_tx(struct run_softc *, struct mbuf *, 437 struct ieee80211_node *); 438 static int run_tx_mgt(struct run_softc *, struct mbuf *, 439 struct ieee80211_node *); 440 static int run_sendprot(struct run_softc *, const struct mbuf *, 441 struct ieee80211_node *, int, int); 442 static int run_tx_param(struct run_softc *, struct mbuf *, 443 struct ieee80211_node *, 444 const struct ieee80211_bpf_params *); 445 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 446 const struct ieee80211_bpf_params *); 447 static int run_transmit(struct ieee80211com *, struct mbuf *); 448 static void run_start(struct run_softc *); 449 static void run_parent(struct ieee80211com *); 450 static void run_iq_calib(struct run_softc *, u_int); 451 static void run_set_agc(struct run_softc *, uint8_t); 452 static void run_select_chan_group(struct run_softc *, int); 453 static void run_set_rx_antenna(struct run_softc *, int); 454 static void run_rt2870_set_chan(struct run_softc *, u_int); 455 static void run_rt3070_set_chan(struct run_softc *, u_int); 456 static void run_rt3572_set_chan(struct run_softc *, u_int); 457 static void run_rt3593_set_chan(struct run_softc *, u_int); 458 static void run_rt5390_set_chan(struct run_softc *, u_int); 459 static void run_rt5592_set_chan(struct run_softc *, u_int); 460 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 461 static void run_set_channel(struct ieee80211com *); 462 static void run_getradiocaps(struct ieee80211com *, int, int *, 463 struct ieee80211_channel[]); 464 static void run_scan_start(struct ieee80211com *); 465 static void run_scan_end(struct ieee80211com *); 466 static void run_update_beacon(struct ieee80211vap *, int); 467 static void run_update_beacon_cb(void *); 468 static void run_updateprot(struct ieee80211com *); 469 static void run_updateprot_cb(void *); 470 static void run_usb_timeout_cb(void *); 471 static void run_reset_livelock(struct run_softc *); 472 static void run_enable_tsf_sync(struct run_softc *); 473 static void run_enable_tsf(struct run_softc *); 474 static void run_disable_tsf(struct run_softc *); 475 static void run_get_tsf(struct run_softc *, uint64_t *); 476 static void run_enable_mrr(struct run_softc *); 477 static void run_set_txpreamble(struct run_softc *); 478 static void run_set_basicrates(struct run_softc *); 479 static void run_set_leds(struct run_softc *, uint16_t); 480 static void run_set_bssid(struct run_softc *, const uint8_t *); 481 static void run_set_macaddr(struct run_softc *, const uint8_t *); 482 static void run_updateslot(struct ieee80211com *); 483 static void run_updateslot_cb(void *); 484 static void run_update_mcast(struct ieee80211com *); 485 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 486 static void run_update_promisc_locked(struct run_softc *); 487 static void run_update_promisc(struct ieee80211com *); 488 static void run_rt5390_bbp_init(struct run_softc *); 489 static int run_bbp_init(struct run_softc *); 490 static int run_rt3070_rf_init(struct run_softc *); 491 static void run_rt3593_rf_init(struct run_softc *); 492 static void run_rt5390_rf_init(struct run_softc *); 493 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 494 uint8_t *); 495 static void run_rt3070_rf_setup(struct run_softc *); 496 static void run_rt3593_rf_setup(struct run_softc *); 497 static void run_rt5390_rf_setup(struct run_softc *); 498 static int run_txrx_enable(struct run_softc *); 499 static void run_adjust_freq_offset(struct run_softc *); 500 static void run_init_locked(struct run_softc *); 501 static void run_stop(void *); 502 static void run_delay(struct run_softc *, u_int); 503 static void run_update_chw(struct ieee80211com *ic); 504 static int run_ampdu_enable(struct ieee80211_node *ni, 505 struct ieee80211_tx_ampdu *tap); 506 507 static eventhandler_tag run_etag; 508 509 static const struct rt2860_rate { 510 uint8_t rate; 511 uint8_t mcs; 512 enum ieee80211_phytype phy; 513 uint8_t ctl_ridx; 514 uint16_t sp_ack_dur; 515 uint16_t lp_ack_dur; 516 } rt2860_rates[] = { 517 /* CCK rates (11b) */ 518 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 519 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 520 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 521 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 522 523 /* OFDM rates (11a / 11g) */ 524 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 525 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 526 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 527 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 528 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 529 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 530 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 531 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }, 532 533 /* MCS - single stream */ 534 { 0x80, 0, IEEE80211_T_HT, 4, 60, 60 }, 535 { 0x81, 1, IEEE80211_T_HT, 4, 60, 60 }, 536 { 0x82, 2, IEEE80211_T_HT, 4, 60, 60 }, 537 { 0x83, 3, IEEE80211_T_HT, 4, 60, 60 }, 538 { 0x84, 4, IEEE80211_T_HT, 4, 60, 60 }, 539 { 0x85, 5, IEEE80211_T_HT, 4, 60, 60 }, 540 { 0x86, 6, IEEE80211_T_HT, 4, 60, 60 }, 541 { 0x87, 7, IEEE80211_T_HT, 4, 60, 60 }, 542 543 /* MCS - 2 streams */ 544 { 0x88, 8, IEEE80211_T_HT, 4, 60, 60 }, 545 { 0x89, 9, IEEE80211_T_HT, 4, 60, 60 }, 546 { 0x8a, 10, IEEE80211_T_HT, 4, 60, 60 }, 547 { 0x8b, 11, IEEE80211_T_HT, 4, 60, 60 }, 548 { 0x8c, 12, IEEE80211_T_HT, 4, 60, 60 }, 549 { 0x8d, 13, IEEE80211_T_HT, 4, 60, 60 }, 550 { 0x8e, 14, IEEE80211_T_HT, 4, 60, 60 }, 551 { 0x8f, 15, IEEE80211_T_HT, 4, 60, 60 }, 552 553 /* MCS - 3 streams */ 554 { 0x90, 16, IEEE80211_T_HT, 4, 60, 60 }, 555 { 0x91, 17, IEEE80211_T_HT, 4, 60, 60 }, 556 { 0x92, 18, IEEE80211_T_HT, 4, 60, 60 }, 557 { 0x93, 19, IEEE80211_T_HT, 4, 60, 60 }, 558 { 0x94, 20, IEEE80211_T_HT, 4, 60, 60 }, 559 { 0x95, 21, IEEE80211_T_HT, 4, 60, 60 }, 560 { 0x96, 22, IEEE80211_T_HT, 4, 60, 60 }, 561 { 0x97, 23, IEEE80211_T_HT, 4, 60, 60 }, 562 }; 563 564 /* These are indexes into the above rt2860_rates[] array */ 565 #define RT2860_RIDX_CCK1 0 566 #define RT2860_RIDX_CCK11 3 567 #define RT2860_RIDX_OFDM6 4 568 #define RT2860_RIDX_MCS0 12 569 #define RT2860_RIDX_MAX 36 570 571 static const struct { 572 uint16_t reg; 573 uint32_t val; 574 } rt2870_def_mac[] = { 575 RT2870_DEF_MAC 576 }; 577 578 static const struct { 579 uint8_t reg; 580 uint8_t val; 581 } rt2860_def_bbp[] = { 582 RT2860_DEF_BBP 583 },rt5390_def_bbp[] = { 584 RT5390_DEF_BBP 585 },rt5592_def_bbp[] = { 586 RT5592_DEF_BBP 587 }; 588 589 /* 590 * Default values for BBP register R196 for RT5592. 591 */ 592 static const uint8_t rt5592_bbp_r196[] = { 593 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 594 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 595 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 596 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 597 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 598 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 599 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 600 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 601 0x2e, 0x36, 0x30, 0x6e 602 }; 603 604 static const struct rfprog { 605 uint8_t chan; 606 uint32_t r1, r2, r3, r4; 607 } rt2860_rf2850[] = { 608 RT2860_RF2850 609 }; 610 611 struct { 612 uint8_t n, r, k; 613 } rt3070_freqs[] = { 614 RT3070_RF3052 615 }; 616 617 static const struct rt5592_freqs { 618 uint16_t n; 619 uint8_t k, m, r; 620 } rt5592_freqs_20mhz[] = { 621 RT5592_RF5592_20MHZ 622 },rt5592_freqs_40mhz[] = { 623 RT5592_RF5592_40MHZ 624 }; 625 626 static const struct { 627 uint8_t reg; 628 uint8_t val; 629 } rt3070_def_rf[] = { 630 RT3070_DEF_RF 631 },rt3572_def_rf[] = { 632 RT3572_DEF_RF 633 },rt3593_def_rf[] = { 634 RT3593_DEF_RF 635 },rt5390_def_rf[] = { 636 RT5390_DEF_RF 637 },rt5392_def_rf[] = { 638 RT5392_DEF_RF 639 },rt5592_def_rf[] = { 640 RT5592_DEF_RF 641 },rt5592_2ghz_def_rf[] = { 642 RT5592_2GHZ_DEF_RF 643 },rt5592_5ghz_def_rf[] = { 644 RT5592_5GHZ_DEF_RF 645 }; 646 647 static const struct { 648 u_int firstchan; 649 u_int lastchan; 650 uint8_t reg; 651 uint8_t val; 652 } rt5592_chan_5ghz[] = { 653 RT5592_CHAN_5GHZ 654 }; 655 656 static const struct usb_config run_config[RUN_N_XFER] = { 657 [RUN_BULK_TX_BE] = { 658 .type = UE_BULK, 659 .endpoint = UE_ADDR_ANY, 660 .ep_index = 0, 661 .direction = UE_DIR_OUT, 662 .bufsize = RUN_MAX_TXSZ, 663 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 664 .callback = run_bulk_tx_callback0, 665 .timeout = 5000, /* ms */ 666 }, 667 [RUN_BULK_TX_BK] = { 668 .type = UE_BULK, 669 .endpoint = UE_ADDR_ANY, 670 .direction = UE_DIR_OUT, 671 .ep_index = 1, 672 .bufsize = RUN_MAX_TXSZ, 673 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 674 .callback = run_bulk_tx_callback1, 675 .timeout = 5000, /* ms */ 676 }, 677 [RUN_BULK_TX_VI] = { 678 .type = UE_BULK, 679 .endpoint = UE_ADDR_ANY, 680 .direction = UE_DIR_OUT, 681 .ep_index = 2, 682 .bufsize = RUN_MAX_TXSZ, 683 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 684 .callback = run_bulk_tx_callback2, 685 .timeout = 5000, /* ms */ 686 }, 687 [RUN_BULK_TX_VO] = { 688 .type = UE_BULK, 689 .endpoint = UE_ADDR_ANY, 690 .direction = UE_DIR_OUT, 691 .ep_index = 3, 692 .bufsize = RUN_MAX_TXSZ, 693 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 694 .callback = run_bulk_tx_callback3, 695 .timeout = 5000, /* ms */ 696 }, 697 [RUN_BULK_TX_HCCA] = { 698 .type = UE_BULK, 699 .endpoint = UE_ADDR_ANY, 700 .direction = UE_DIR_OUT, 701 .ep_index = 4, 702 .bufsize = RUN_MAX_TXSZ, 703 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 704 .callback = run_bulk_tx_callback4, 705 .timeout = 5000, /* ms */ 706 }, 707 [RUN_BULK_TX_PRIO] = { 708 .type = UE_BULK, 709 .endpoint = UE_ADDR_ANY, 710 .direction = UE_DIR_OUT, 711 .ep_index = 5, 712 .bufsize = RUN_MAX_TXSZ, 713 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 714 .callback = run_bulk_tx_callback5, 715 .timeout = 5000, /* ms */ 716 }, 717 [RUN_BULK_RX] = { 718 .type = UE_BULK, 719 .endpoint = UE_ADDR_ANY, 720 .direction = UE_DIR_IN, 721 .bufsize = RUN_MAX_RXSZ, 722 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 723 .callback = run_bulk_rx_callback, 724 } 725 }; 726 727 static void 728 run_autoinst(void *arg, struct usb_device *udev, 729 struct usb_attach_arg *uaa) 730 { 731 struct usb_interface *iface; 732 struct usb_interface_descriptor *id; 733 734 if (uaa->dev_state != UAA_DEV_READY) 735 return; 736 737 iface = usbd_get_iface(udev, 0); 738 if (iface == NULL) 739 return; 740 id = iface->idesc; 741 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 742 return; 743 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 744 return; 745 746 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 747 uaa->dev_state = UAA_DEV_EJECTING; 748 } 749 750 static int 751 run_driver_loaded(struct module *mod, int what, void *arg) 752 { 753 switch (what) { 754 case MOD_LOAD: 755 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 756 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 757 break; 758 case MOD_UNLOAD: 759 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 760 break; 761 default: 762 return (EOPNOTSUPP); 763 } 764 return (0); 765 } 766 767 static int 768 run_match(device_t self) 769 { 770 struct usb_attach_arg *uaa = device_get_ivars(self); 771 772 if (uaa->usb_mode != USB_MODE_HOST) 773 return (ENXIO); 774 if (uaa->info.bConfigIndex != 0) 775 return (ENXIO); 776 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 777 return (ENXIO); 778 779 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 780 } 781 782 static int 783 run_attach(device_t self) 784 { 785 struct run_softc *sc = device_get_softc(self); 786 struct usb_attach_arg *uaa = device_get_ivars(self); 787 struct ieee80211com *ic = &sc->sc_ic; 788 uint32_t ver; 789 uint8_t iface_index; 790 int ntries, error; 791 792 device_set_usb_desc(self); 793 sc->sc_udev = uaa->device; 794 sc->sc_dev = self; 795 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 796 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 797 798 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 799 MTX_NETWORK_LOCK, MTX_DEF); 800 mbufq_init(&sc->sc_snd, ifqmaxlen); 801 802 iface_index = RT2860_IFACE_INDEX; 803 804 error = usbd_transfer_setup(uaa->device, &iface_index, 805 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 806 if (error) { 807 device_printf(self, "could not allocate USB transfers, " 808 "err=%s\n", usbd_errstr(error)); 809 goto detach; 810 } 811 812 RUN_LOCK(sc); 813 814 /* wait for the chip to settle */ 815 for (ntries = 0; ntries < 100; ntries++) { 816 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 817 RUN_UNLOCK(sc); 818 goto detach; 819 } 820 if (ver != 0 && ver != 0xffffffff) 821 break; 822 run_delay(sc, 10); 823 } 824 if (ntries == 100) { 825 device_printf(sc->sc_dev, 826 "timeout waiting for NIC to initialize\n"); 827 RUN_UNLOCK(sc); 828 goto detach; 829 } 830 sc->mac_ver = ver >> 16; 831 sc->mac_rev = ver & 0xffff; 832 833 /* retrieve RF rev. no and various other things from EEPROM */ 834 run_read_eeprom(sc); 835 836 device_printf(sc->sc_dev, 837 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 838 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 839 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 840 841 RUN_UNLOCK(sc); 842 843 ic->ic_softc = sc; 844 ic->ic_name = device_get_nameunit(self); 845 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 846 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 847 848 /* set device capabilities */ 849 ic->ic_caps = 850 IEEE80211_C_STA | /* station mode supported */ 851 IEEE80211_C_MONITOR | /* monitor mode supported */ 852 IEEE80211_C_IBSS | 853 IEEE80211_C_HOSTAP | 854 IEEE80211_C_WDS | /* 4-address traffic works */ 855 IEEE80211_C_MBSS | 856 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 857 IEEE80211_C_SHSLOT | /* short slot time supported */ 858 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */ 859 IEEE80211_C_FF | /* Atheros fast-frames */ 860 IEEE80211_C_WME | /* WME */ 861 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 862 863 /* 864 * RF2020 is not an 11n device. 865 */ 866 if (sc->rf_rev != RT3070_RF_2020) { 867 device_printf(sc->sc_dev, "[HT] Enabling 802.11n\n"); 868 ic->ic_htcaps = 869 IEEE80211_HTC_HT | 870 IEEE80211_HTC_AMPDU | 871 IEEE80211_HTC_AMSDU | 872 IEEE80211_HTCAP_MAXAMSDU_3839 | 873 IEEE80211_HTCAP_SMPS_OFF; 874 875 ic->ic_rxstream = sc->nrxchains; 876 ic->ic_txstream = sc->ntxchains; 877 } 878 879 ic->ic_cryptocaps = 880 IEEE80211_CRYPTO_WEP | 881 IEEE80211_CRYPTO_AES_CCM | 882 IEEE80211_CRYPTO_TKIPMIC | 883 IEEE80211_CRYPTO_TKIP; 884 885 ic->ic_flags |= IEEE80211_F_DATAPAD; 886 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 887 888 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 889 ic->ic_channels); 890 891 ieee80211_ifattach(ic); 892 893 ic->ic_scan_start = run_scan_start; 894 ic->ic_scan_end = run_scan_end; 895 ic->ic_set_channel = run_set_channel; 896 ic->ic_getradiocaps = run_getradiocaps; 897 ic->ic_node_alloc = run_node_alloc; 898 ic->ic_newassoc = run_newassoc; 899 ic->ic_updateslot = run_updateslot; 900 ic->ic_update_mcast = run_update_mcast; 901 ic->ic_wme.wme_update = run_wme_update; 902 ic->ic_raw_xmit = run_raw_xmit; 903 ic->ic_update_promisc = run_update_promisc; 904 ic->ic_vap_create = run_vap_create; 905 ic->ic_vap_delete = run_vap_delete; 906 ic->ic_transmit = run_transmit; 907 ic->ic_parent = run_parent; 908 ic->ic_update_chw = run_update_chw; 909 ic->ic_ampdu_enable = run_ampdu_enable; 910 911 ieee80211_radiotap_attach(ic, 912 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 913 RUN_TX_RADIOTAP_PRESENT, 914 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 915 RUN_RX_RADIOTAP_PRESENT); 916 917 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 918 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 919 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 920 921 if (bootverbose) 922 ieee80211_announce(ic); 923 924 return (0); 925 926 detach: 927 run_detach(self); 928 return (ENXIO); 929 } 930 931 static void 932 run_drain_mbufq(struct run_softc *sc) 933 { 934 struct mbuf *m; 935 struct ieee80211_node *ni; 936 937 RUN_LOCK_ASSERT(sc, MA_OWNED); 938 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 939 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 940 m->m_pkthdr.rcvif = NULL; 941 ieee80211_free_node(ni); 942 m_freem(m); 943 } 944 } 945 946 static int 947 run_detach(device_t self) 948 { 949 struct run_softc *sc = device_get_softc(self); 950 struct ieee80211com *ic = &sc->sc_ic; 951 int i; 952 953 RUN_LOCK(sc); 954 sc->sc_detached = 1; 955 RUN_UNLOCK(sc); 956 957 /* stop all USB transfers */ 958 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 959 960 RUN_LOCK(sc); 961 sc->ratectl_run = RUN_RATECTL_OFF; 962 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 963 964 /* free TX list, if any */ 965 for (i = 0; i != RUN_EP_QUEUES; i++) 966 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 967 968 /* Free TX queue */ 969 run_drain_mbufq(sc); 970 RUN_UNLOCK(sc); 971 972 if (sc->sc_ic.ic_softc == sc) { 973 /* drain tasks */ 974 usb_callout_drain(&sc->ratectl_ch); 975 ieee80211_draintask(ic, &sc->cmdq_task); 976 ieee80211_draintask(ic, &sc->ratectl_task); 977 ieee80211_ifdetach(ic); 978 } 979 980 mtx_destroy(&sc->sc_mtx); 981 982 return (0); 983 } 984 985 static struct ieee80211vap * 986 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 987 enum ieee80211_opmode opmode, int flags, 988 const uint8_t bssid[IEEE80211_ADDR_LEN], 989 const uint8_t mac[IEEE80211_ADDR_LEN]) 990 { 991 struct run_softc *sc = ic->ic_softc; 992 struct run_vap *rvp; 993 struct ieee80211vap *vap; 994 int i; 995 996 if (sc->rvp_cnt >= RUN_VAP_MAX) { 997 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 998 return (NULL); 999 } 1000 1001 switch (opmode) { 1002 case IEEE80211_M_STA: 1003 /* enable s/w bmiss handling for sta mode */ 1004 flags |= IEEE80211_CLONE_NOBEACONS; 1005 /* fall though */ 1006 case IEEE80211_M_IBSS: 1007 case IEEE80211_M_MONITOR: 1008 case IEEE80211_M_HOSTAP: 1009 case IEEE80211_M_MBSS: 1010 /* other than WDS vaps, only one at a time */ 1011 if (!TAILQ_EMPTY(&ic->ic_vaps)) 1012 return (NULL); 1013 break; 1014 case IEEE80211_M_WDS: 1015 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 1016 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 1017 continue; 1018 /* WDS vap's always share the local mac address. */ 1019 flags &= ~IEEE80211_CLONE_BSSID; 1020 break; 1021 } 1022 if (vap == NULL) { 1023 device_printf(sc->sc_dev, 1024 "wds only supported in ap mode\n"); 1025 return (NULL); 1026 } 1027 break; 1028 default: 1029 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 1030 return (NULL); 1031 } 1032 1033 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 1034 vap = &rvp->vap; 1035 1036 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 1037 bssid) != 0) { 1038 /* out of memory */ 1039 free(rvp, M_80211_VAP); 1040 return (NULL); 1041 } 1042 1043 vap->iv_update_beacon = run_update_beacon; 1044 vap->iv_max_aid = RT2870_WCID_MAX; 1045 1046 /* 1047 * The linux rt2800 driver limits 1 stream devices to a 32KB 1048 * RX AMPDU. 1049 */ 1050 if (ic->ic_rxstream > 1) 1051 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K; 1052 else 1053 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K; 1054 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_2; /* 2uS */ 1055 1056 /* 1057 * To delete the right key from h/w, we need wcid. 1058 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 1059 * and matching wcid will be written into there. So, cast 1060 * some spells to remove 'const' from ieee80211_key{} 1061 */ 1062 vap->iv_key_delete = (void *)run_key_delete; 1063 vap->iv_key_set = (void *)run_key_set; 1064 1065 /* override state transition machine */ 1066 rvp->newstate = vap->iv_newstate; 1067 vap->iv_newstate = run_newstate; 1068 if (opmode == IEEE80211_M_IBSS) { 1069 rvp->recv_mgmt = vap->iv_recv_mgmt; 1070 vap->iv_recv_mgmt = run_recv_mgmt; 1071 } 1072 1073 ieee80211_ratectl_init(vap); 1074 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 1075 1076 /* complete setup */ 1077 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 1078 mac); 1079 1080 /* make sure id is always unique */ 1081 for (i = 0; i < RUN_VAP_MAX; i++) { 1082 if((sc->rvp_bmap & 1 << i) == 0){ 1083 sc->rvp_bmap |= 1 << i; 1084 rvp->rvp_id = i; 1085 break; 1086 } 1087 } 1088 if (sc->rvp_cnt++ == 0) 1089 ic->ic_opmode = opmode; 1090 1091 if (opmode == IEEE80211_M_HOSTAP) 1092 sc->cmdq_run = RUN_CMDQ_GO; 1093 1094 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1095 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1096 1097 return (vap); 1098 } 1099 1100 static void 1101 run_vap_delete(struct ieee80211vap *vap) 1102 { 1103 struct run_vap *rvp = RUN_VAP(vap); 1104 struct ieee80211com *ic; 1105 struct run_softc *sc; 1106 uint8_t rvp_id; 1107 1108 if (vap == NULL) 1109 return; 1110 1111 ic = vap->iv_ic; 1112 sc = ic->ic_softc; 1113 1114 RUN_LOCK(sc); 1115 1116 m_freem(rvp->beacon_mbuf); 1117 rvp->beacon_mbuf = NULL; 1118 1119 rvp_id = rvp->rvp_id; 1120 sc->ratectl_run &= ~(1 << rvp_id); 1121 sc->rvp_bmap &= ~(1 << rvp_id); 1122 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1123 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1124 --sc->rvp_cnt; 1125 1126 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1127 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1128 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1129 1130 RUN_UNLOCK(sc); 1131 1132 ieee80211_ratectl_deinit(vap); 1133 ieee80211_vap_detach(vap); 1134 free(rvp, M_80211_VAP); 1135 } 1136 1137 /* 1138 * There are numbers of functions need to be called in context thread. 1139 * Rather than creating taskqueue event for each of those functions, 1140 * here is all-for-one taskqueue callback function. This function 1141 * guarantees deferred functions are executed in the same order they 1142 * were enqueued. 1143 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1144 */ 1145 static void 1146 run_cmdq_cb(void *arg, int pending) 1147 { 1148 struct run_softc *sc = arg; 1149 uint8_t i; 1150 1151 /* call cmdq[].func locked */ 1152 RUN_LOCK(sc); 1153 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1154 i = sc->cmdq_exec, pending--) { 1155 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1156 i, pending); 1157 if (sc->cmdq_run == RUN_CMDQ_GO) { 1158 /* 1159 * If arg0 is NULL, callback func needs more 1160 * than one arg. So, pass ptr to cmdq struct. 1161 */ 1162 if (sc->cmdq[i].arg0) 1163 sc->cmdq[i].func(sc->cmdq[i].arg0); 1164 else 1165 sc->cmdq[i].func(&sc->cmdq[i]); 1166 } 1167 sc->cmdq[i].arg0 = NULL; 1168 sc->cmdq[i].func = NULL; 1169 sc->cmdq_exec++; 1170 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1171 } 1172 RUN_UNLOCK(sc); 1173 } 1174 1175 static void 1176 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1177 { 1178 struct run_tx_data *data; 1179 1180 memset(pq, 0, sizeof(*pq)); 1181 1182 STAILQ_INIT(&pq->tx_qh); 1183 STAILQ_INIT(&pq->tx_fh); 1184 1185 for (data = &pq->tx_data[0]; 1186 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1187 data->sc = sc; 1188 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1189 } 1190 pq->tx_nfree = RUN_TX_RING_COUNT; 1191 } 1192 1193 static void 1194 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1195 { 1196 struct run_tx_data *data; 1197 1198 /* make sure any subsequent use of the queues will fail */ 1199 pq->tx_nfree = 0; 1200 STAILQ_INIT(&pq->tx_fh); 1201 STAILQ_INIT(&pq->tx_qh); 1202 1203 /* free up all node references and mbufs */ 1204 for (data = &pq->tx_data[0]; 1205 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1206 if (data->m != NULL) { 1207 m_freem(data->m); 1208 data->m = NULL; 1209 } 1210 if (data->ni != NULL) { 1211 ieee80211_free_node(data->ni); 1212 data->ni = NULL; 1213 } 1214 } 1215 } 1216 1217 static int 1218 run_load_microcode(struct run_softc *sc) 1219 { 1220 usb_device_request_t req; 1221 const struct firmware *fw; 1222 const u_char *base; 1223 uint32_t tmp; 1224 int ntries, error; 1225 const uint64_t *temp; 1226 uint64_t bytes; 1227 1228 RUN_UNLOCK(sc); 1229 fw = firmware_get("runfw"); 1230 RUN_LOCK(sc); 1231 if (fw == NULL) { 1232 device_printf(sc->sc_dev, 1233 "failed loadfirmware of file %s\n", "runfw"); 1234 return ENOENT; 1235 } 1236 1237 if (fw->datasize != 8192) { 1238 device_printf(sc->sc_dev, 1239 "invalid firmware size (should be 8KB)\n"); 1240 error = EINVAL; 1241 goto fail; 1242 } 1243 1244 /* 1245 * RT3071/RT3072 use a different firmware 1246 * run-rt2870 (8KB) contains both, 1247 * first half (4KB) is for rt2870, 1248 * last half is for rt3071. 1249 */ 1250 base = fw->data; 1251 if ((sc->mac_ver) != 0x2860 && 1252 (sc->mac_ver) != 0x2872 && 1253 (sc->mac_ver) != 0x3070) { 1254 base += 4096; 1255 } 1256 1257 /* cheap sanity check */ 1258 temp = fw->data; 1259 bytes = *temp; 1260 if (bytes != be64toh(0xffffff0210280210ULL)) { 1261 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1262 error = EINVAL; 1263 goto fail; 1264 } 1265 1266 /* write microcode image */ 1267 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1268 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1269 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1270 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1271 } 1272 1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1274 req.bRequest = RT2870_RESET; 1275 USETW(req.wValue, 8); 1276 USETW(req.wIndex, 0); 1277 USETW(req.wLength, 0); 1278 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1279 != 0) { 1280 device_printf(sc->sc_dev, "firmware reset failed\n"); 1281 goto fail; 1282 } 1283 1284 run_delay(sc, 10); 1285 1286 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1287 run_write(sc, RT2860_H2M_MAILBOX, 0); 1288 run_write(sc, RT2860_H2M_INTSRC, 0); 1289 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1290 goto fail; 1291 1292 /* wait until microcontroller is ready */ 1293 for (ntries = 0; ntries < 1000; ntries++) { 1294 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1295 goto fail; 1296 if (tmp & RT2860_MCU_READY) 1297 break; 1298 run_delay(sc, 10); 1299 } 1300 if (ntries == 1000) { 1301 device_printf(sc->sc_dev, 1302 "timeout waiting for MCU to initialize\n"); 1303 error = ETIMEDOUT; 1304 goto fail; 1305 } 1306 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1307 (base == fw->data) ? "RT2870" : "RT3071", 1308 *(base + 4092), *(base + 4093)); 1309 1310 fail: 1311 firmware_put(fw, FIRMWARE_UNLOAD); 1312 return (error); 1313 } 1314 1315 static int 1316 run_reset(struct run_softc *sc) 1317 { 1318 usb_device_request_t req; 1319 1320 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1321 req.bRequest = RT2870_RESET; 1322 USETW(req.wValue, 1); 1323 USETW(req.wIndex, 0); 1324 USETW(req.wLength, 0); 1325 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1326 } 1327 1328 static usb_error_t 1329 run_do_request(struct run_softc *sc, 1330 struct usb_device_request *req, void *data) 1331 { 1332 usb_error_t err; 1333 int ntries = 10; 1334 1335 RUN_LOCK_ASSERT(sc, MA_OWNED); 1336 1337 while (ntries--) { 1338 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1339 req, data, 0, NULL, 250 /* ms */); 1340 if (err == 0) 1341 break; 1342 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1343 "Control request failed, %s (retrying)\n", 1344 usbd_errstr(err)); 1345 run_delay(sc, 10); 1346 } 1347 return (err); 1348 } 1349 1350 static int 1351 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1352 { 1353 uint32_t tmp; 1354 int error; 1355 1356 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1357 if (error == 0) 1358 *val = le32toh(tmp); 1359 else 1360 *val = 0xffffffff; 1361 return (error); 1362 } 1363 1364 static int 1365 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1366 { 1367 usb_device_request_t req; 1368 1369 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1370 req.bRequest = RT2870_READ_REGION_1; 1371 USETW(req.wValue, 0); 1372 USETW(req.wIndex, reg); 1373 USETW(req.wLength, len); 1374 1375 return (run_do_request(sc, &req, buf)); 1376 } 1377 1378 static int 1379 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1380 { 1381 usb_device_request_t req; 1382 1383 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1384 req.bRequest = RT2870_WRITE_2; 1385 USETW(req.wValue, val); 1386 USETW(req.wIndex, reg); 1387 USETW(req.wLength, 0); 1388 1389 return (run_do_request(sc, &req, NULL)); 1390 } 1391 1392 static int 1393 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1394 { 1395 int error; 1396 1397 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1398 error = run_write_2(sc, reg + 2, val >> 16); 1399 return (error); 1400 } 1401 1402 static int 1403 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1404 int len) 1405 { 1406 #if 1 1407 int i, error = 0; 1408 /* 1409 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1410 * We thus issue multiple WRITE_2 commands instead. 1411 */ 1412 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1413 for (i = 0; i < len && error == 0; i += 2) 1414 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1415 return (error); 1416 #else 1417 usb_device_request_t req; 1418 int error = 0; 1419 1420 /* 1421 * NOTE: It appears the WRITE_REGION_1 command cannot be 1422 * passed a huge amount of data, which will crash the 1423 * firmware. Limit amount of data passed to 64-bytes at a 1424 * time. 1425 */ 1426 while (len > 0) { 1427 int delta = 64; 1428 if (delta > len) 1429 delta = len; 1430 1431 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1432 req.bRequest = RT2870_WRITE_REGION_1; 1433 USETW(req.wValue, 0); 1434 USETW(req.wIndex, reg); 1435 USETW(req.wLength, delta); 1436 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1437 if (error != 0) 1438 break; 1439 reg += delta; 1440 buf += delta; 1441 len -= delta; 1442 } 1443 return (error); 1444 #endif 1445 } 1446 1447 static int 1448 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1449 { 1450 int i, error = 0; 1451 1452 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1453 for (i = 0; i < len && error == 0; i += 4) 1454 error = run_write(sc, reg + i, val); 1455 return (error); 1456 } 1457 1458 static int 1459 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1460 { 1461 uint32_t tmp; 1462 uint16_t reg; 1463 int error, ntries; 1464 1465 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1466 return (error); 1467 1468 if (count == 2) 1469 addr *= 2; 1470 /*- 1471 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1472 * DATA0: F E D C 1473 * DATA1: B A 9 8 1474 * DATA2: 7 6 5 4 1475 * DATA3: 3 2 1 0 1476 */ 1477 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1478 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1479 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1480 for (ntries = 0; ntries < 100; ntries++) { 1481 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1482 return (error); 1483 if (!(tmp & RT3070_EFSROM_KICK)) 1484 break; 1485 run_delay(sc, 2); 1486 } 1487 if (ntries == 100) 1488 return (ETIMEDOUT); 1489 1490 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1491 *val = 0xffff; /* address not found */ 1492 return (0); 1493 } 1494 /* determine to which 32-bit register our 16-bit word belongs */ 1495 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1496 if ((error = run_read(sc, reg, &tmp)) != 0) 1497 return (error); 1498 1499 tmp >>= (8 * (addr & 0x3)); 1500 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1501 1502 return (0); 1503 } 1504 1505 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1506 static int 1507 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1508 { 1509 return (run_efuse_read(sc, addr, val, 2)); 1510 } 1511 1512 static int 1513 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1514 { 1515 usb_device_request_t req; 1516 uint16_t tmp; 1517 int error; 1518 1519 addr *= 2; 1520 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1521 req.bRequest = RT2870_EEPROM_READ; 1522 USETW(req.wValue, 0); 1523 USETW(req.wIndex, addr); 1524 USETW(req.wLength, sizeof(tmp)); 1525 1526 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1527 if (error == 0) 1528 *val = le16toh(tmp); 1529 else 1530 *val = 0xffff; 1531 return (error); 1532 } 1533 1534 static __inline int 1535 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1536 { 1537 /* either eFUSE ROM or EEPROM */ 1538 return sc->sc_srom_read(sc, addr, val); 1539 } 1540 1541 static int 1542 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1543 { 1544 uint32_t tmp; 1545 int error, ntries; 1546 1547 for (ntries = 0; ntries < 10; ntries++) { 1548 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1549 return (error); 1550 if (!(tmp & RT2860_RF_REG_CTRL)) 1551 break; 1552 } 1553 if (ntries == 10) 1554 return (ETIMEDOUT); 1555 1556 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1557 } 1558 1559 static int 1560 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1561 { 1562 uint32_t tmp; 1563 int error, ntries; 1564 1565 for (ntries = 0; ntries < 100; ntries++) { 1566 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1567 return (error); 1568 if (!(tmp & RT3070_RF_KICK)) 1569 break; 1570 } 1571 if (ntries == 100) 1572 return (ETIMEDOUT); 1573 1574 tmp = RT3070_RF_KICK | reg << 8; 1575 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1576 return (error); 1577 1578 for (ntries = 0; ntries < 100; ntries++) { 1579 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1580 return (error); 1581 if (!(tmp & RT3070_RF_KICK)) 1582 break; 1583 } 1584 if (ntries == 100) 1585 return (ETIMEDOUT); 1586 1587 *val = tmp & 0xff; 1588 return (0); 1589 } 1590 1591 static int 1592 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1593 { 1594 uint32_t tmp; 1595 int error, ntries; 1596 1597 for (ntries = 0; ntries < 10; ntries++) { 1598 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1599 return (error); 1600 if (!(tmp & RT3070_RF_KICK)) 1601 break; 1602 } 1603 if (ntries == 10) 1604 return (ETIMEDOUT); 1605 1606 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1607 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1608 } 1609 1610 static int 1611 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1612 { 1613 uint32_t tmp; 1614 int ntries, error; 1615 1616 for (ntries = 0; ntries < 10; ntries++) { 1617 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1618 return (error); 1619 if (!(tmp & RT2860_BBP_CSR_KICK)) 1620 break; 1621 } 1622 if (ntries == 10) 1623 return (ETIMEDOUT); 1624 1625 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1626 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1627 return (error); 1628 1629 for (ntries = 0; ntries < 10; ntries++) { 1630 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1631 return (error); 1632 if (!(tmp & RT2860_BBP_CSR_KICK)) 1633 break; 1634 } 1635 if (ntries == 10) 1636 return (ETIMEDOUT); 1637 1638 *val = tmp & 0xff; 1639 return (0); 1640 } 1641 1642 static int 1643 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1644 { 1645 uint32_t tmp; 1646 int ntries, error; 1647 1648 for (ntries = 0; ntries < 10; ntries++) { 1649 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1650 return (error); 1651 if (!(tmp & RT2860_BBP_CSR_KICK)) 1652 break; 1653 } 1654 if (ntries == 10) 1655 return (ETIMEDOUT); 1656 1657 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1658 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1659 } 1660 1661 /* 1662 * Send a command to the 8051 microcontroller unit. 1663 */ 1664 static int 1665 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1666 { 1667 uint32_t tmp; 1668 int error, ntries; 1669 1670 for (ntries = 0; ntries < 100; ntries++) { 1671 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1672 return error; 1673 if (!(tmp & RT2860_H2M_BUSY)) 1674 break; 1675 } 1676 if (ntries == 100) 1677 return ETIMEDOUT; 1678 1679 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1680 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1681 error = run_write(sc, RT2860_HOST_CMD, cmd); 1682 return (error); 1683 } 1684 1685 /* 1686 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1687 * Used to adjust per-rate Tx power registers. 1688 */ 1689 static __inline uint32_t 1690 b4inc(uint32_t b32, int8_t delta) 1691 { 1692 int8_t i, b4; 1693 1694 for (i = 0; i < 8; i++) { 1695 b4 = b32 & 0xf; 1696 b4 += delta; 1697 if (b4 < 0) 1698 b4 = 0; 1699 else if (b4 > 0xf) 1700 b4 = 0xf; 1701 b32 = b32 >> 4 | b4 << 28; 1702 } 1703 return (b32); 1704 } 1705 1706 static const char * 1707 run_get_rf(uint16_t rev) 1708 { 1709 switch (rev) { 1710 case RT2860_RF_2820: return "RT2820"; 1711 case RT2860_RF_2850: return "RT2850"; 1712 case RT2860_RF_2720: return "RT2720"; 1713 case RT2860_RF_2750: return "RT2750"; 1714 case RT3070_RF_3020: return "RT3020"; 1715 case RT3070_RF_2020: return "RT2020"; 1716 case RT3070_RF_3021: return "RT3021"; 1717 case RT3070_RF_3022: return "RT3022"; 1718 case RT3070_RF_3052: return "RT3052"; 1719 case RT3593_RF_3053: return "RT3053"; 1720 case RT5592_RF_5592: return "RT5592"; 1721 case RT5390_RF_5370: return "RT5370"; 1722 case RT5390_RF_5372: return "RT5372"; 1723 } 1724 return ("unknown"); 1725 } 1726 1727 static void 1728 run_rt3593_get_txpower(struct run_softc *sc) 1729 { 1730 uint16_t addr, val; 1731 int i; 1732 1733 /* Read power settings for 2GHz channels. */ 1734 for (i = 0; i < 14; i += 2) { 1735 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1736 RT2860_EEPROM_PWR2GHZ_BASE1; 1737 run_srom_read(sc, addr + i / 2, &val); 1738 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1739 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1740 1741 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1742 RT2860_EEPROM_PWR2GHZ_BASE2; 1743 run_srom_read(sc, addr + i / 2, &val); 1744 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1745 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1746 1747 if (sc->ntxchains == 3) { 1748 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1749 &val); 1750 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1751 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1752 } 1753 } 1754 /* Fix broken Tx power entries. */ 1755 for (i = 0; i < 14; i++) { 1756 if (sc->txpow1[i] > 31) 1757 sc->txpow1[i] = 5; 1758 if (sc->txpow2[i] > 31) 1759 sc->txpow2[i] = 5; 1760 if (sc->ntxchains == 3) { 1761 if (sc->txpow3[i] > 31) 1762 sc->txpow3[i] = 5; 1763 } 1764 } 1765 /* Read power settings for 5GHz channels. */ 1766 for (i = 0; i < 40; i += 2) { 1767 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1768 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1769 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1770 1771 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1772 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1773 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1774 1775 if (sc->ntxchains == 3) { 1776 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1777 &val); 1778 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1779 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1780 } 1781 } 1782 } 1783 1784 static void 1785 run_get_txpower(struct run_softc *sc) 1786 { 1787 uint16_t val; 1788 int i; 1789 1790 /* Read power settings for 2GHz channels. */ 1791 for (i = 0; i < 14; i += 2) { 1792 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1793 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1794 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1795 1796 if (sc->mac_ver != 0x5390) { 1797 run_srom_read(sc, 1798 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1799 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1800 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1801 } 1802 } 1803 /* Fix broken Tx power entries. */ 1804 for (i = 0; i < 14; i++) { 1805 if (sc->mac_ver >= 0x5390) { 1806 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1807 sc->txpow1[i] = 5; 1808 } else { 1809 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1810 sc->txpow1[i] = 5; 1811 } 1812 if (sc->mac_ver > 0x5390) { 1813 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1814 sc->txpow2[i] = 5; 1815 } else if (sc->mac_ver < 0x5390) { 1816 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1817 sc->txpow2[i] = 5; 1818 } 1819 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1820 "chan %d: power1=%d, power2=%d\n", 1821 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1822 } 1823 /* Read power settings for 5GHz channels. */ 1824 for (i = 0; i < 40; i += 2) { 1825 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1826 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1827 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1828 1829 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1830 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1831 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1832 } 1833 /* Fix broken Tx power entries. */ 1834 for (i = 0; i < 40; i++ ) { 1835 if (sc->mac_ver != 0x5592) { 1836 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1837 sc->txpow1[14 + i] = 5; 1838 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1839 sc->txpow2[14 + i] = 5; 1840 } 1841 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1842 "chan %d: power1=%d, power2=%d\n", 1843 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1844 sc->txpow2[14 + i]); 1845 } 1846 } 1847 1848 static int 1849 run_read_eeprom(struct run_softc *sc) 1850 { 1851 struct ieee80211com *ic = &sc->sc_ic; 1852 int8_t delta_2ghz, delta_5ghz; 1853 uint32_t tmp; 1854 uint16_t val; 1855 int ridx, ant, i; 1856 1857 /* check whether the ROM is eFUSE ROM or EEPROM */ 1858 sc->sc_srom_read = run_eeprom_read_2; 1859 if (sc->mac_ver >= 0x3070) { 1860 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1861 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1862 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1863 sc->sc_srom_read = run_efuse_read_2; 1864 } 1865 1866 /* read ROM version */ 1867 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1868 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1869 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1870 1871 /* read MAC address */ 1872 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1873 ic->ic_macaddr[0] = val & 0xff; 1874 ic->ic_macaddr[1] = val >> 8; 1875 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1876 ic->ic_macaddr[2] = val & 0xff; 1877 ic->ic_macaddr[3] = val >> 8; 1878 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1879 ic->ic_macaddr[4] = val & 0xff; 1880 ic->ic_macaddr[5] = val >> 8; 1881 1882 if (sc->mac_ver < 0x3593) { 1883 /* read vender BBP settings */ 1884 for (i = 0; i < 10; i++) { 1885 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1886 sc->bbp[i].val = val & 0xff; 1887 sc->bbp[i].reg = val >> 8; 1888 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1889 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1890 } 1891 if (sc->mac_ver >= 0x3071) { 1892 /* read vendor RF settings */ 1893 for (i = 0; i < 10; i++) { 1894 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1895 &val); 1896 sc->rf[i].val = val & 0xff; 1897 sc->rf[i].reg = val >> 8; 1898 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1899 sc->rf[i].reg, sc->rf[i].val); 1900 } 1901 } 1902 } 1903 1904 /* read RF frequency offset from EEPROM */ 1905 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1906 RT3593_EEPROM_FREQ, &val); 1907 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1908 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1909 sc->freq & 0xff); 1910 1911 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1912 RT3593_EEPROM_FREQ_LEDS, &val); 1913 if (val >> 8 != 0xff) { 1914 /* read LEDs operating mode */ 1915 sc->leds = val >> 8; 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1917 RT3593_EEPROM_LED1, &sc->led[0]); 1918 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1919 RT3593_EEPROM_LED2, &sc->led[1]); 1920 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1921 RT3593_EEPROM_LED3, &sc->led[2]); 1922 } else { 1923 /* broken EEPROM, use default settings */ 1924 sc->leds = 0x01; 1925 sc->led[0] = 0x5555; 1926 sc->led[1] = 0x2221; 1927 sc->led[2] = 0x5627; /* differs from RT2860 */ 1928 } 1929 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1930 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1931 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1932 1933 /* read RF information */ 1934 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1935 run_srom_read(sc, 0x00, &val); 1936 else 1937 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1938 1939 if (val == 0xffff) { 1940 device_printf(sc->sc_dev, 1941 "invalid EEPROM antenna info, using default\n"); 1942 if (sc->mac_ver == 0x3572) { 1943 /* default to RF3052 2T2R */ 1944 sc->rf_rev = RT3070_RF_3052; 1945 sc->ntxchains = 2; 1946 sc->nrxchains = 2; 1947 } else if (sc->mac_ver >= 0x3070) { 1948 /* default to RF3020 1T1R */ 1949 sc->rf_rev = RT3070_RF_3020; 1950 sc->ntxchains = 1; 1951 sc->nrxchains = 1; 1952 } else { 1953 /* default to RF2820 1T2R */ 1954 sc->rf_rev = RT2860_RF_2820; 1955 sc->ntxchains = 1; 1956 sc->nrxchains = 2; 1957 } 1958 } else { 1959 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1960 sc->rf_rev = val; 1961 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1962 } else 1963 sc->rf_rev = (val >> 8) & 0xf; 1964 sc->ntxchains = (val >> 4) & 0xf; 1965 sc->nrxchains = val & 0xf; 1966 } 1967 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1968 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1969 1970 /* check if RF supports automatic Tx access gain control */ 1971 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1972 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1973 /* check if driver should patch the DAC issue */ 1974 if ((val >> 8) != 0xff) 1975 sc->patch_dac = (val >> 15) & 1; 1976 if ((val & 0xff) != 0xff) { 1977 sc->ext_5ghz_lna = (val >> 3) & 1; 1978 sc->ext_2ghz_lna = (val >> 2) & 1; 1979 /* check if RF supports automatic Tx access gain control */ 1980 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1981 /* check if we have a hardware radio switch */ 1982 sc->rfswitch = val & 1; 1983 } 1984 1985 /* Read Tx power settings. */ 1986 if (sc->mac_ver == 0x3593) 1987 run_rt3593_get_txpower(sc); 1988 else 1989 run_get_txpower(sc); 1990 1991 /* read Tx power compensation for each Tx rate */ 1992 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1993 delta_2ghz = delta_5ghz = 0; 1994 if ((val & 0xff) != 0xff && (val & 0x80)) { 1995 delta_2ghz = val & 0xf; 1996 if (!(val & 0x40)) /* negative number */ 1997 delta_2ghz = -delta_2ghz; 1998 } 1999 val >>= 8; 2000 if ((val & 0xff) != 0xff && (val & 0x80)) { 2001 delta_5ghz = val & 0xf; 2002 if (!(val & 0x40)) /* negative number */ 2003 delta_5ghz = -delta_5ghz; 2004 } 2005 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2006 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 2007 2008 for (ridx = 0; ridx < 5; ridx++) { 2009 uint32_t reg; 2010 2011 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 2012 reg = val; 2013 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 2014 reg |= (uint32_t)val << 16; 2015 2016 sc->txpow20mhz[ridx] = reg; 2017 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 2018 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 2019 2020 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2021 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 2022 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 2023 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 2024 } 2025 2026 /* Read RSSI offsets and LNA gains from EEPROM. */ 2027 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 2028 RT3593_EEPROM_RSSI1_2GHZ, &val); 2029 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 2030 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 2031 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 2032 RT3593_EEPROM_RSSI2_2GHZ, &val); 2033 if (sc->mac_ver >= 0x3070) { 2034 if (sc->mac_ver == 0x3593) { 2035 sc->txmixgain_2ghz = 0; 2036 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2037 } else { 2038 /* 2039 * On RT3070 chips (limited to 2 Rx chains), this ROM 2040 * field contains the Tx mixer gain for the 2GHz band. 2041 */ 2042 if ((val & 0xff) != 0xff) 2043 sc->txmixgain_2ghz = val & 0x7; 2044 } 2045 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 2046 sc->txmixgain_2ghz); 2047 } else 2048 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2049 if (sc->mac_ver == 0x3593) 2050 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2051 sc->lna[2] = val >> 8; /* channel group 2 */ 2052 2053 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 2054 RT3593_EEPROM_RSSI1_5GHZ, &val); 2055 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 2056 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 2057 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 2058 RT3593_EEPROM_RSSI2_5GHZ, &val); 2059 if (sc->mac_ver == 0x3572) { 2060 /* 2061 * On RT3572 chips (limited to 2 Rx chains), this ROM 2062 * field contains the Tx mixer gain for the 5GHz band. 2063 */ 2064 if ((val & 0xff) != 0xff) 2065 sc->txmixgain_5ghz = val & 0x7; 2066 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 2067 sc->txmixgain_5ghz); 2068 } else 2069 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 2070 if (sc->mac_ver == 0x3593) { 2071 sc->txmixgain_5ghz = 0; 2072 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2073 } 2074 sc->lna[3] = val >> 8; /* channel group 3 */ 2075 2076 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 2077 RT3593_EEPROM_LNA, &val); 2078 sc->lna[0] = val & 0xff; /* channel group 0 */ 2079 sc->lna[1] = val >> 8; /* channel group 1 */ 2080 2081 /* fix broken 5GHz LNA entries */ 2082 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2083 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2084 "invalid LNA for channel group %d\n", 2); 2085 sc->lna[2] = sc->lna[1]; 2086 } 2087 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2088 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2089 "invalid LNA for channel group %d\n", 3); 2090 sc->lna[3] = sc->lna[1]; 2091 } 2092 2093 /* fix broken RSSI offset entries */ 2094 for (ant = 0; ant < 3; ant++) { 2095 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2096 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2097 "invalid RSSI%d offset: %d (2GHz)\n", 2098 ant + 1, sc->rssi_2ghz[ant]); 2099 sc->rssi_2ghz[ant] = 0; 2100 } 2101 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2102 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2103 "invalid RSSI%d offset: %d (5GHz)\n", 2104 ant + 1, sc->rssi_5ghz[ant]); 2105 sc->rssi_5ghz[ant] = 0; 2106 } 2107 } 2108 return (0); 2109 } 2110 2111 static struct ieee80211_node * 2112 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2113 { 2114 return malloc(sizeof (struct run_node), M_80211_NODE, 2115 M_NOWAIT | M_ZERO); 2116 } 2117 2118 static int 2119 run_media_change(struct ifnet *ifp) 2120 { 2121 struct ieee80211vap *vap = ifp->if_softc; 2122 struct ieee80211com *ic = vap->iv_ic; 2123 const struct ieee80211_txparam *tp; 2124 struct run_softc *sc = ic->ic_softc; 2125 uint8_t rate, ridx; 2126 int error; 2127 2128 RUN_LOCK(sc); 2129 2130 error = ieee80211_media_change(ifp); 2131 if (error != 0) { 2132 RUN_UNLOCK(sc); 2133 return (error); 2134 } 2135 2136 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2137 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2138 struct ieee80211_node *ni; 2139 struct run_node *rn; 2140 2141 /* XXX TODO: methodize with MCS rates */ 2142 rate = ic->ic_sup_rates[ic->ic_curmode]. 2143 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2144 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2145 if (rt2860_rates[ridx].rate == rate) 2146 break; 2147 2148 ni = ieee80211_ref_node(vap->iv_bss); 2149 rn = RUN_NODE(ni); 2150 rn->fix_ridx = ridx; 2151 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2152 rate, rn->fix_ridx); 2153 ieee80211_free_node(ni); 2154 } 2155 2156 #if 0 2157 if ((ifp->if_flags & IFF_UP) && 2158 (ifp->if_drv_flags & RUN_RUNNING)){ 2159 run_init_locked(sc); 2160 } 2161 #endif 2162 2163 RUN_UNLOCK(sc); 2164 2165 return (0); 2166 } 2167 2168 static int 2169 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2170 { 2171 const struct ieee80211_txparam *tp; 2172 struct ieee80211com *ic = vap->iv_ic; 2173 struct run_softc *sc = ic->ic_softc; 2174 struct run_vap *rvp = RUN_VAP(vap); 2175 enum ieee80211_state ostate; 2176 uint32_t sta[3]; 2177 uint8_t ratectl; 2178 uint8_t restart_ratectl = 0; 2179 uint8_t bid = 1 << rvp->rvp_id; 2180 2181 ostate = vap->iv_state; 2182 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2183 ieee80211_state_name[ostate], 2184 ieee80211_state_name[nstate]); 2185 2186 IEEE80211_UNLOCK(ic); 2187 RUN_LOCK(sc); 2188 2189 ratectl = sc->ratectl_run; /* remember current state */ 2190 sc->ratectl_run = RUN_RATECTL_OFF; 2191 usb_callout_stop(&sc->ratectl_ch); 2192 2193 if (ostate == IEEE80211_S_RUN) { 2194 /* turn link LED off */ 2195 run_set_leds(sc, RT2860_LED_RADIO); 2196 } 2197 2198 switch (nstate) { 2199 case IEEE80211_S_INIT: 2200 restart_ratectl = 1; 2201 2202 if (ostate != IEEE80211_S_RUN) 2203 break; 2204 2205 ratectl &= ~bid; 2206 sc->runbmap &= ~bid; 2207 2208 /* abort TSF synchronization if there is no vap running */ 2209 if (--sc->running == 0) 2210 run_disable_tsf(sc); 2211 break; 2212 2213 case IEEE80211_S_RUN: 2214 if (!(sc->runbmap & bid)) { 2215 if(sc->running++) 2216 restart_ratectl = 1; 2217 sc->runbmap |= bid; 2218 } 2219 2220 m_freem(rvp->beacon_mbuf); 2221 rvp->beacon_mbuf = NULL; 2222 2223 switch (vap->iv_opmode) { 2224 case IEEE80211_M_HOSTAP: 2225 case IEEE80211_M_MBSS: 2226 sc->ap_running |= bid; 2227 ic->ic_opmode = vap->iv_opmode; 2228 run_update_beacon_cb(vap); 2229 break; 2230 case IEEE80211_M_IBSS: 2231 sc->adhoc_running |= bid; 2232 if (!sc->ap_running) 2233 ic->ic_opmode = vap->iv_opmode; 2234 run_update_beacon_cb(vap); 2235 break; 2236 case IEEE80211_M_STA: 2237 sc->sta_running |= bid; 2238 if (!sc->ap_running && !sc->adhoc_running) 2239 ic->ic_opmode = vap->iv_opmode; 2240 2241 /* read statistic counters (clear on read) */ 2242 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2243 (uint8_t *)sta, sizeof sta); 2244 2245 break; 2246 default: 2247 ic->ic_opmode = vap->iv_opmode; 2248 break; 2249 } 2250 2251 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2252 struct ieee80211_node *ni; 2253 2254 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2255 RUN_UNLOCK(sc); 2256 IEEE80211_LOCK(ic); 2257 return (-1); 2258 } 2259 run_updateslot(ic); 2260 run_enable_mrr(sc); 2261 run_set_txpreamble(sc); 2262 run_set_basicrates(sc); 2263 ni = ieee80211_ref_node(vap->iv_bss); 2264 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2265 run_set_bssid(sc, sc->sc_bssid); 2266 ieee80211_free_node(ni); 2267 run_enable_tsf_sync(sc); 2268 2269 /* enable automatic rate adaptation */ 2270 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2271 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2272 ratectl |= bid; 2273 } else 2274 run_enable_tsf(sc); 2275 2276 /* turn link LED on */ 2277 run_set_leds(sc, RT2860_LED_RADIO | 2278 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2279 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2280 2281 break; 2282 default: 2283 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2284 break; 2285 } 2286 2287 /* restart amrr for running VAPs */ 2288 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2289 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2290 2291 RUN_UNLOCK(sc); 2292 IEEE80211_LOCK(ic); 2293 2294 return(rvp->newstate(vap, nstate, arg)); 2295 } 2296 2297 static int 2298 run_wme_update(struct ieee80211com *ic) 2299 { 2300 struct chanAccParams chp; 2301 struct run_softc *sc = ic->ic_softc; 2302 const struct wmeParams *ac; 2303 int aci, error = 0; 2304 2305 ieee80211_wme_ic_getparams(ic, &chp); 2306 ac = chp.cap_wmeParams; 2307 2308 /* update MAC TX configuration registers */ 2309 RUN_LOCK(sc); 2310 for (aci = 0; aci < WME_NUM_AC; aci++) { 2311 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2312 ac[aci].wmep_logcwmax << 16 | 2313 ac[aci].wmep_logcwmin << 12 | 2314 ac[aci].wmep_aifsn << 8 | 2315 ac[aci].wmep_txopLimit); 2316 if (error) goto err; 2317 } 2318 2319 /* update SCH/DMA registers too */ 2320 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2321 ac[WME_AC_VO].wmep_aifsn << 12 | 2322 ac[WME_AC_VI].wmep_aifsn << 8 | 2323 ac[WME_AC_BK].wmep_aifsn << 4 | 2324 ac[WME_AC_BE].wmep_aifsn); 2325 if (error) goto err; 2326 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2327 ac[WME_AC_VO].wmep_logcwmin << 12 | 2328 ac[WME_AC_VI].wmep_logcwmin << 8 | 2329 ac[WME_AC_BK].wmep_logcwmin << 4 | 2330 ac[WME_AC_BE].wmep_logcwmin); 2331 if (error) goto err; 2332 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2333 ac[WME_AC_VO].wmep_logcwmax << 12 | 2334 ac[WME_AC_VI].wmep_logcwmax << 8 | 2335 ac[WME_AC_BK].wmep_logcwmax << 4 | 2336 ac[WME_AC_BE].wmep_logcwmax); 2337 if (error) goto err; 2338 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2339 ac[WME_AC_BK].wmep_txopLimit << 16 | 2340 ac[WME_AC_BE].wmep_txopLimit); 2341 if (error) goto err; 2342 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2343 ac[WME_AC_VO].wmep_txopLimit << 16 | 2344 ac[WME_AC_VI].wmep_txopLimit); 2345 2346 err: 2347 RUN_UNLOCK(sc); 2348 if (error) 2349 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2350 2351 return (error); 2352 } 2353 2354 static void 2355 run_key_set_cb(void *arg) 2356 { 2357 struct run_cmdq *cmdq = arg; 2358 struct ieee80211vap *vap = cmdq->arg1; 2359 struct ieee80211_key *k = cmdq->k; 2360 struct ieee80211com *ic = vap->iv_ic; 2361 struct run_softc *sc = ic->ic_softc; 2362 struct ieee80211_node *ni; 2363 u_int cipher = k->wk_cipher->ic_cipher; 2364 uint32_t attr; 2365 uint16_t base, associd; 2366 uint8_t mode, wcid, iv[8]; 2367 2368 RUN_LOCK_ASSERT(sc, MA_OWNED); 2369 2370 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2371 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2372 else 2373 ni = vap->iv_bss; 2374 associd = (ni != NULL) ? ni->ni_associd : 0; 2375 2376 /* map net80211 cipher to RT2860 security mode */ 2377 switch (cipher) { 2378 case IEEE80211_CIPHER_WEP: 2379 if(k->wk_keylen < 8) 2380 mode = RT2860_MODE_WEP40; 2381 else 2382 mode = RT2860_MODE_WEP104; 2383 break; 2384 case IEEE80211_CIPHER_TKIP: 2385 mode = RT2860_MODE_TKIP; 2386 break; 2387 case IEEE80211_CIPHER_AES_CCM: 2388 mode = RT2860_MODE_AES_CCMP; 2389 break; 2390 default: 2391 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2392 return; 2393 } 2394 2395 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2396 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2397 associd, k->wk_keyix, mode, 2398 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2399 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2400 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2401 2402 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2403 wcid = 0; /* NB: update WCID0 for group keys */ 2404 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2405 } else { 2406 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2407 1 : RUN_AID2WCID(associd); 2408 base = RT2860_PKEY(wcid); 2409 } 2410 2411 if (cipher == IEEE80211_CIPHER_TKIP) { 2412 if(run_write_region_1(sc, base, k->wk_key, 16)) 2413 return; 2414 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2415 return; 2416 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2417 return; 2418 } else { 2419 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2420 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2421 return; 2422 } 2423 2424 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2425 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2426 /* set initial packet number in IV+EIV */ 2427 if (cipher == IEEE80211_CIPHER_WEP) { 2428 memset(iv, 0, sizeof iv); 2429 iv[3] = vap->iv_def_txkey << 6; 2430 } else { 2431 if (cipher == IEEE80211_CIPHER_TKIP) { 2432 iv[0] = k->wk_keytsc >> 8; 2433 iv[1] = (iv[0] | 0x20) & 0x7f; 2434 iv[2] = k->wk_keytsc; 2435 } else /* CCMP */ { 2436 iv[0] = k->wk_keytsc; 2437 iv[1] = k->wk_keytsc >> 8; 2438 iv[2] = 0; 2439 } 2440 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2441 iv[4] = k->wk_keytsc >> 16; 2442 iv[5] = k->wk_keytsc >> 24; 2443 iv[6] = k->wk_keytsc >> 32; 2444 iv[7] = k->wk_keytsc >> 40; 2445 } 2446 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2447 return; 2448 } 2449 2450 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2451 /* install group key */ 2452 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2453 return; 2454 attr &= ~(0xf << (k->wk_keyix * 4)); 2455 attr |= mode << (k->wk_keyix * 4); 2456 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2457 return; 2458 } else { 2459 /* install pairwise key */ 2460 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2461 return; 2462 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2463 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2464 return; 2465 } 2466 2467 /* TODO create a pass-thru key entry? */ 2468 2469 /* need wcid to delete the right key later */ 2470 k->wk_pad = wcid; 2471 } 2472 2473 /* 2474 * Don't have to be deferred, but in order to keep order of 2475 * execution, i.e. with run_key_delete(), defer this and let 2476 * run_cmdq_cb() maintain the order. 2477 * 2478 * return 0 on error 2479 */ 2480 static int 2481 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2482 { 2483 struct ieee80211com *ic = vap->iv_ic; 2484 struct run_softc *sc = ic->ic_softc; 2485 uint32_t i; 2486 2487 i = RUN_CMDQ_GET(&sc->cmdq_store); 2488 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2489 sc->cmdq[i].func = run_key_set_cb; 2490 sc->cmdq[i].arg0 = NULL; 2491 sc->cmdq[i].arg1 = vap; 2492 sc->cmdq[i].k = k; 2493 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2494 ieee80211_runtask(ic, &sc->cmdq_task); 2495 2496 /* 2497 * To make sure key will be set when hostapd 2498 * calls iv_key_set() before if_init(). 2499 */ 2500 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2501 RUN_LOCK(sc); 2502 sc->cmdq_key_set = RUN_CMDQ_GO; 2503 RUN_UNLOCK(sc); 2504 } 2505 2506 return (1); 2507 } 2508 2509 /* 2510 * If wlan is destroyed without being brought down i.e. without 2511 * wlan down or wpa_cli terminate, this function is called after 2512 * vap is gone. Don't refer it. 2513 */ 2514 static void 2515 run_key_delete_cb(void *arg) 2516 { 2517 struct run_cmdq *cmdq = arg; 2518 struct run_softc *sc = cmdq->arg1; 2519 struct ieee80211_key *k = &cmdq->key; 2520 uint32_t attr; 2521 uint8_t wcid; 2522 2523 RUN_LOCK_ASSERT(sc, MA_OWNED); 2524 2525 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2526 /* remove group key */ 2527 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2528 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2529 attr &= ~(0xf << (k->wk_keyix * 4)); 2530 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2531 } else { 2532 /* remove pairwise key */ 2533 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2534 "removing key for wcid %x\n", k->wk_pad); 2535 /* matching wcid was written to wk_pad in run_key_set() */ 2536 wcid = k->wk_pad; 2537 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2538 attr &= ~0xf; 2539 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2540 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2541 } 2542 2543 k->wk_pad = 0; 2544 } 2545 2546 /* 2547 * return 0 on error 2548 */ 2549 static int 2550 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2551 { 2552 struct ieee80211com *ic = vap->iv_ic; 2553 struct run_softc *sc = ic->ic_softc; 2554 struct ieee80211_key *k0; 2555 uint32_t i; 2556 2557 /* 2558 * When called back, key might be gone. So, make a copy 2559 * of some values need to delete keys before deferring. 2560 * But, because of LOR with node lock, cannot use lock here. 2561 * So, use atomic instead. 2562 */ 2563 i = RUN_CMDQ_GET(&sc->cmdq_store); 2564 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2565 sc->cmdq[i].func = run_key_delete_cb; 2566 sc->cmdq[i].arg0 = NULL; 2567 sc->cmdq[i].arg1 = sc; 2568 k0 = &sc->cmdq[i].key; 2569 k0->wk_flags = k->wk_flags; 2570 k0->wk_keyix = k->wk_keyix; 2571 /* matching wcid was written to wk_pad in run_key_set() */ 2572 k0->wk_pad = k->wk_pad; 2573 ieee80211_runtask(ic, &sc->cmdq_task); 2574 return (1); /* return fake success */ 2575 2576 } 2577 2578 static void 2579 run_ratectl_to(void *arg) 2580 { 2581 struct run_softc *sc = arg; 2582 2583 /* do it in a process context, so it can go sleep */ 2584 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2585 /* next timeout will be rescheduled in the callback task */ 2586 } 2587 2588 /* ARGSUSED */ 2589 static void 2590 run_ratectl_cb(void *arg, int pending) 2591 { 2592 struct run_softc *sc = arg; 2593 struct ieee80211com *ic = &sc->sc_ic; 2594 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2595 2596 if (vap == NULL) 2597 return; 2598 2599 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2600 /* 2601 * run_reset_livelock() doesn't do anything with AMRR, 2602 * but Ralink wants us to call it every 1 sec. So, we 2603 * piggyback here rather than creating another callout. 2604 * Livelock may occur only in HOSTAP or IBSS mode 2605 * (when h/w is sending beacons). 2606 */ 2607 RUN_LOCK(sc); 2608 run_reset_livelock(sc); 2609 /* just in case, there are some stats to drain */ 2610 run_drain_fifo(sc); 2611 RUN_UNLOCK(sc); 2612 } 2613 2614 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2615 2616 RUN_LOCK(sc); 2617 if(sc->ratectl_run != RUN_RATECTL_OFF) 2618 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2619 RUN_UNLOCK(sc); 2620 } 2621 2622 static void 2623 run_drain_fifo(void *arg) 2624 { 2625 struct run_softc *sc = arg; 2626 uint32_t stat; 2627 uint16_t (*wstat)[3]; 2628 uint8_t wcid, mcs, pid; 2629 int8_t retry; 2630 2631 RUN_LOCK_ASSERT(sc, MA_OWNED); 2632 2633 for (;;) { 2634 /* drain Tx status FIFO (maxsize = 16) */ 2635 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2636 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2637 if (!(stat & RT2860_TXQ_VLD)) 2638 break; 2639 2640 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2641 2642 /* if no ACK was requested, no feedback is available */ 2643 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2644 wcid == 0) 2645 continue; 2646 2647 /* 2648 * Even though each stat is Tx-complete-status like format, 2649 * the device can poll stats. Because there is no guarantee 2650 * that the referring node is still around when read the stats. 2651 * So that, if we use ieee80211_ratectl_tx_update(), we will 2652 * have hard time not to refer already freed node. 2653 * 2654 * To eliminate such page faults, we poll stats in softc. 2655 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2656 */ 2657 wstat = &(sc->wcid_stats[wcid]); 2658 (*wstat)[RUN_TXCNT]++; 2659 if (stat & RT2860_TXQ_OK) 2660 (*wstat)[RUN_SUCCESS]++; 2661 else 2662 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2663 /* 2664 * Check if there were retries, ie if the Tx success rate is 2665 * different from the requested rate. Note that it works only 2666 * because we do not allow rate fallback from OFDM to CCK. 2667 */ 2668 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2669 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2670 if ((retry = pid -1 - mcs) > 0) { 2671 (*wstat)[RUN_TXCNT] += retry; 2672 (*wstat)[RUN_RETRY] += retry; 2673 } 2674 } 2675 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2676 2677 sc->fifo_cnt = 0; 2678 } 2679 2680 static void 2681 run_iter_func(void *arg, struct ieee80211_node *ni) 2682 { 2683 struct run_softc *sc = arg; 2684 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2685 struct ieee80211vap *vap = ni->ni_vap; 2686 struct run_node *rn = RUN_NODE(ni); 2687 union run_stats sta[2]; 2688 uint16_t (*wstat)[3]; 2689 int error, ridx; 2690 2691 RUN_LOCK(sc); 2692 2693 /* Check for special case */ 2694 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2695 ni != vap->iv_bss) 2696 goto fail; 2697 2698 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2699 IEEE80211_RATECTL_TX_STATS_RETRIES; 2700 txs->ni = ni; 2701 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2702 vap->iv_opmode == IEEE80211_M_STA)) { 2703 /* read statistic counters (clear on read) and update AMRR state */ 2704 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2705 sizeof sta); 2706 if (error != 0) 2707 goto fail; 2708 2709 /* count failed TX as errors */ 2710 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2711 le16toh(sta[0].error.fail)); 2712 2713 txs->nretries = le16toh(sta[1].tx.retry); 2714 txs->nsuccess = le16toh(sta[1].tx.success); 2715 /* nretries??? */ 2716 txs->nframes = txs->nretries + txs->nsuccess + 2717 le16toh(sta[0].error.fail); 2718 2719 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2720 "retrycnt=%d success=%d failcnt=%d\n", 2721 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2722 } else { 2723 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2724 2725 if (wstat == &(sc->wcid_stats[0]) || 2726 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2727 goto fail; 2728 2729 txs->nretries = (*wstat)[RUN_RETRY]; 2730 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2731 txs->nframes = (*wstat)[RUN_TXCNT]; 2732 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2733 "retrycnt=%d txcnt=%d success=%d\n", 2734 txs->nretries, txs->nframes, txs->nsuccess); 2735 2736 memset(wstat, 0, sizeof(*wstat)); 2737 } 2738 2739 ieee80211_ratectl_tx_update(vap, txs); 2740 ieee80211_ratectl_rate(ni, NULL, 0); 2741 /* XXX TODO: methodize with MCS rates */ 2742 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2743 if (rt2860_rates[ridx].rate == ni->ni_txrate) 2744 break; 2745 rn->amrr_ridx = ridx; 2746 2747 fail: 2748 RUN_UNLOCK(sc); 2749 2750 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, ridx=%d\n", ni->ni_txrate, rn->amrr_ridx); 2751 } 2752 2753 static void 2754 run_newassoc_cb(void *arg) 2755 { 2756 struct run_cmdq *cmdq = arg; 2757 struct ieee80211_node *ni = cmdq->arg1; 2758 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2759 uint8_t wcid = cmdq->wcid; 2760 2761 RUN_LOCK_ASSERT(sc, MA_OWNED); 2762 2763 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2764 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2765 2766 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2767 } 2768 2769 static void 2770 run_newassoc(struct ieee80211_node *ni, int isnew) 2771 { 2772 struct run_node *rn = RUN_NODE(ni); 2773 struct ieee80211vap *vap = ni->ni_vap; 2774 struct ieee80211com *ic = vap->iv_ic; 2775 struct run_softc *sc = ic->ic_softc; 2776 uint8_t rate; 2777 uint8_t ridx; 2778 uint8_t wcid; 2779 2780 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2781 1 : RUN_AID2WCID(ni->ni_associd); 2782 2783 if (wcid > RT2870_WCID_MAX) { 2784 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2785 return; 2786 } 2787 2788 /* only interested in true associations */ 2789 if (isnew && ni->ni_associd != 0) { 2790 /* 2791 * This function could is called though timeout function. 2792 * Need to defer. 2793 */ 2794 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2795 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2796 sc->cmdq[cnt].func = run_newassoc_cb; 2797 sc->cmdq[cnt].arg0 = NULL; 2798 sc->cmdq[cnt].arg1 = ni; 2799 sc->cmdq[cnt].wcid = wcid; 2800 ieee80211_runtask(ic, &sc->cmdq_task); 2801 } 2802 2803 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2804 "new assoc isnew=%d associd=%x addr=%s\n", 2805 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2806 2807 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2808 /* XXX TODO: methodize with MCS rates */ 2809 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2810 if (rt2860_rates[ridx].rate == rate) 2811 break; 2812 rn->mgt_ridx = ridx; 2813 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2814 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2815 2816 RUN_LOCK(sc); 2817 if(sc->ratectl_run != RUN_RATECTL_OFF) 2818 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2819 RUN_UNLOCK(sc); 2820 } 2821 2822 /* 2823 * Return the Rx chain with the highest RSSI for a given frame. 2824 */ 2825 static __inline uint8_t 2826 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2827 { 2828 uint8_t rxchain = 0; 2829 2830 if (sc->nrxchains > 1) { 2831 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2832 rxchain = 1; 2833 if (sc->nrxchains > 2) 2834 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2835 rxchain = 2; 2836 } 2837 return (rxchain); 2838 } 2839 2840 static void 2841 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2842 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2843 { 2844 struct ieee80211vap *vap = ni->ni_vap; 2845 struct run_softc *sc = vap->iv_ic->ic_softc; 2846 struct run_vap *rvp = RUN_VAP(vap); 2847 uint64_t ni_tstamp, rx_tstamp; 2848 2849 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2850 2851 if (vap->iv_state == IEEE80211_S_RUN && 2852 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2853 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2854 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2855 RUN_LOCK(sc); 2856 run_get_tsf(sc, &rx_tstamp); 2857 RUN_UNLOCK(sc); 2858 rx_tstamp = le64toh(rx_tstamp); 2859 2860 if (ni_tstamp >= rx_tstamp) { 2861 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2862 "ibss merge, tsf %ju tstamp %ju\n", 2863 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2864 (void) ieee80211_ibss_merge(ni); 2865 } 2866 } 2867 } 2868 2869 static void 2870 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2871 { 2872 struct ieee80211com *ic = &sc->sc_ic; 2873 struct ieee80211_frame *wh; 2874 struct ieee80211_node *ni; 2875 struct epoch_tracker et; 2876 struct rt2870_rxd *rxd; 2877 struct rt2860_rxwi *rxwi; 2878 uint32_t flags; 2879 uint16_t len, rxwisize; 2880 uint8_t ant, rssi; 2881 int8_t nf; 2882 2883 rxwisize = sizeof(struct rt2860_rxwi); 2884 if (sc->mac_ver == 0x5592) 2885 rxwisize += sizeof(uint64_t); 2886 else if (sc->mac_ver == 0x3593) 2887 rxwisize += sizeof(uint32_t); 2888 2889 if (__predict_false(dmalen < 2890 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2891 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2892 "payload is too short: dma length %u < %zu\n", 2893 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2894 goto fail; 2895 } 2896 2897 rxwi = mtod(m, struct rt2860_rxwi *); 2898 len = le16toh(rxwi->len) & 0xfff; 2899 2900 if (__predict_false(len > dmalen - rxwisize)) { 2901 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2902 "bad RXWI length %u > %u\n", len, dmalen); 2903 goto fail; 2904 } 2905 2906 /* Rx descriptor is located at the end */ 2907 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2908 flags = le32toh(rxd->flags); 2909 2910 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2911 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2912 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2913 goto fail; 2914 } 2915 2916 if (flags & RT2860_RX_L2PAD) { 2917 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2918 "received RT2860_RX_L2PAD frame\n"); 2919 len += 2; 2920 } 2921 2922 m->m_data += rxwisize; 2923 m->m_pkthdr.len = m->m_len = len; 2924 2925 wh = mtod(m, struct ieee80211_frame *); 2926 2927 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2928 (flags & RT2860_RX_DEC) != 0) { 2929 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2930 m->m_flags |= M_WEP; 2931 } 2932 2933 if (len >= sizeof(struct ieee80211_frame_min)) { 2934 ni = ieee80211_find_rxnode(ic, 2935 mtod(m, struct ieee80211_frame_min *)); 2936 } else 2937 ni = NULL; 2938 2939 if(ni && ni->ni_flags & IEEE80211_NODE_HT) { 2940 m->m_flags |= M_AMPDU; 2941 } 2942 2943 if (__predict_false(flags & RT2860_RX_MICERR)) { 2944 /* report MIC failures to net80211 for TKIP */ 2945 if (ni != NULL) 2946 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2947 rxwi->keyidx); 2948 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2949 "MIC error. Someone is lying.\n"); 2950 goto fail; 2951 } 2952 2953 ant = run_maxrssi_chain(sc, rxwi); 2954 rssi = rxwi->rssi[ant]; 2955 nf = run_rssi2dbm(sc, rssi, ant); 2956 2957 if (__predict_false(ieee80211_radiotap_active(ic))) { 2958 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2959 uint16_t phy; 2960 2961 tap->wr_flags = 0; 2962 if (flags & RT2860_RX_L2PAD) 2963 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2964 tap->wr_antsignal = rssi; 2965 tap->wr_antenna = ant; 2966 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2967 tap->wr_rate = 2; /* in case it can't be found below */ 2968 RUN_LOCK(sc); 2969 run_get_tsf(sc, &tap->wr_tsf); 2970 RUN_UNLOCK(sc); 2971 phy = le16toh(rxwi->phy); 2972 switch (phy & RT2860_PHY_MODE) { 2973 case RT2860_PHY_CCK: 2974 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2975 case 0: tap->wr_rate = 2; break; 2976 case 1: tap->wr_rate = 4; break; 2977 case 2: tap->wr_rate = 11; break; 2978 case 3: tap->wr_rate = 22; break; 2979 } 2980 if (phy & RT2860_PHY_SHPRE) 2981 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2982 break; 2983 case RT2860_PHY_OFDM: 2984 switch (phy & RT2860_PHY_MCS) { 2985 case 0: tap->wr_rate = 12; break; 2986 case 1: tap->wr_rate = 18; break; 2987 case 2: tap->wr_rate = 24; break; 2988 case 3: tap->wr_rate = 36; break; 2989 case 4: tap->wr_rate = 48; break; 2990 case 5: tap->wr_rate = 72; break; 2991 case 6: tap->wr_rate = 96; break; 2992 case 7: tap->wr_rate = 108; break; 2993 } 2994 break; 2995 } 2996 } 2997 2998 NET_EPOCH_ENTER(et); 2999 if (ni != NULL) { 3000 (void)ieee80211_input(ni, m, rssi, nf); 3001 ieee80211_free_node(ni); 3002 } else { 3003 (void)ieee80211_input_all(ic, m, rssi, nf); 3004 } 3005 NET_EPOCH_EXIT(et); 3006 3007 return; 3008 3009 fail: 3010 m_freem(m); 3011 counter_u64_add(ic->ic_ierrors, 1); 3012 } 3013 3014 static void 3015 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 3016 { 3017 struct run_softc *sc = usbd_xfer_softc(xfer); 3018 struct ieee80211com *ic = &sc->sc_ic; 3019 struct mbuf *m = NULL; 3020 struct mbuf *m0; 3021 uint32_t dmalen, mbuf_len; 3022 uint16_t rxwisize; 3023 int xferlen; 3024 3025 rxwisize = sizeof(struct rt2860_rxwi); 3026 if (sc->mac_ver == 0x5592) 3027 rxwisize += sizeof(uint64_t); 3028 else if (sc->mac_ver == 0x3593) 3029 rxwisize += sizeof(uint32_t); 3030 3031 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 3032 3033 switch (USB_GET_STATE(xfer)) { 3034 case USB_ST_TRANSFERRED: 3035 3036 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 3037 "rx done, actlen=%d\n", xferlen); 3038 3039 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 3040 sizeof(struct rt2870_rxd))) { 3041 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3042 "xfer too short %d\n", xferlen); 3043 goto tr_setup; 3044 } 3045 3046 m = sc->rx_m; 3047 sc->rx_m = NULL; 3048 3049 /* FALLTHROUGH */ 3050 case USB_ST_SETUP: 3051 tr_setup: 3052 if (sc->rx_m == NULL) { 3053 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 3054 RUN_MAX_RXSZ); 3055 } 3056 if (sc->rx_m == NULL) { 3057 RUN_DPRINTF(sc, RUN_DEBUG_RECV | 3058 RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3059 "could not allocate mbuf - idle with stall\n"); 3060 counter_u64_add(ic->ic_ierrors, 1); 3061 usbd_xfer_set_stall(xfer); 3062 usbd_xfer_set_frames(xfer, 0); 3063 } else { 3064 /* 3065 * Directly loading a mbuf cluster into DMA to 3066 * save some data copying. This works because 3067 * there is only one cluster. 3068 */ 3069 usbd_xfer_set_frame_data(xfer, 0, 3070 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3071 usbd_xfer_set_frames(xfer, 1); 3072 } 3073 usbd_transfer_submit(xfer); 3074 break; 3075 3076 default: /* Error */ 3077 if (error != USB_ERR_CANCELLED) { 3078 /* try to clear stall first */ 3079 usbd_xfer_set_stall(xfer); 3080 if (error == USB_ERR_TIMEOUT) 3081 device_printf(sc->sc_dev, "device timeout\n"); 3082 counter_u64_add(ic->ic_ierrors, 1); 3083 goto tr_setup; 3084 } 3085 if (sc->rx_m != NULL) { 3086 m_freem(sc->rx_m); 3087 sc->rx_m = NULL; 3088 } 3089 break; 3090 } 3091 3092 if (m == NULL) 3093 return; 3094 3095 /* inputting all the frames must be last */ 3096 3097 RUN_UNLOCK(sc); 3098 3099 m->m_pkthdr.len = m->m_len = xferlen; 3100 3101 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3102 for(;;) { 3103 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3104 3105 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3106 ((dmalen & 3) != 0)) { 3107 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3108 "bad DMA length %u\n", dmalen); 3109 break; 3110 } 3111 if ((dmalen + 8) > (uint32_t)xferlen) { 3112 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3113 "bad DMA length %u > %d\n", 3114 dmalen + 8, xferlen); 3115 break; 3116 } 3117 3118 /* If it is the last one or a single frame, we won't copy. */ 3119 if ((xferlen -= dmalen + 8) <= 8) { 3120 /* trim 32-bit DMA-len header */ 3121 m->m_data += 4; 3122 m->m_pkthdr.len = m->m_len -= 4; 3123 run_rx_frame(sc, m, dmalen); 3124 m = NULL; /* don't free source buffer */ 3125 break; 3126 } 3127 3128 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3129 if (__predict_false(mbuf_len > MCLBYTES)) { 3130 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3131 "payload is too big: mbuf_len %u\n", mbuf_len); 3132 counter_u64_add(ic->ic_ierrors, 1); 3133 break; 3134 } 3135 3136 /* copy aggregated frames to another mbuf */ 3137 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3138 if (__predict_false(m0 == NULL)) { 3139 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3140 "could not allocate mbuf\n"); 3141 counter_u64_add(ic->ic_ierrors, 1); 3142 break; 3143 } 3144 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3145 mbuf_len, mtod(m0, caddr_t)); 3146 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3147 run_rx_frame(sc, m0, dmalen); 3148 3149 /* update data ptr */ 3150 m->m_data += mbuf_len + 4; 3151 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3152 } 3153 3154 /* make sure we free the source buffer, if any */ 3155 m_freem(m); 3156 3157 #ifdef IEEE80211_SUPPORT_SUPERG 3158 ieee80211_ff_age_all(ic, 100); 3159 #endif 3160 RUN_LOCK(sc); 3161 } 3162 3163 static void 3164 run_tx_free(struct run_endpoint_queue *pq, 3165 struct run_tx_data *data, int txerr) 3166 { 3167 3168 ieee80211_tx_complete(data->ni, data->m, txerr); 3169 3170 data->m = NULL; 3171 data->ni = NULL; 3172 3173 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3174 pq->tx_nfree++; 3175 } 3176 3177 static void 3178 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3179 { 3180 struct run_softc *sc = usbd_xfer_softc(xfer); 3181 struct ieee80211com *ic = &sc->sc_ic; 3182 struct run_tx_data *data; 3183 struct ieee80211vap *vap = NULL; 3184 struct usb_page_cache *pc; 3185 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3186 struct mbuf *m; 3187 usb_frlength_t size; 3188 int actlen; 3189 int sumlen; 3190 3191 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3192 3193 switch (USB_GET_STATE(xfer)) { 3194 case USB_ST_TRANSFERRED: 3195 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3196 "transfer complete: %d bytes @ index %d\n", actlen, index); 3197 3198 data = usbd_xfer_get_priv(xfer); 3199 run_tx_free(pq, data, 0); 3200 usbd_xfer_set_priv(xfer, NULL); 3201 3202 /* FALLTHROUGH */ 3203 case USB_ST_SETUP: 3204 tr_setup: 3205 data = STAILQ_FIRST(&pq->tx_qh); 3206 if (data == NULL) 3207 break; 3208 3209 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3210 3211 m = data->m; 3212 size = (sc->mac_ver == 0x5592) ? 3213 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3214 if ((m->m_pkthdr.len + 3215 size + 3 + 8) > RUN_MAX_TXSZ) { 3216 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3217 "data overflow, %u bytes\n", m->m_pkthdr.len); 3218 run_tx_free(pq, data, 1); 3219 goto tr_setup; 3220 } 3221 3222 pc = usbd_xfer_get_frame(xfer, 0); 3223 usbd_copy_in(pc, 0, &data->desc, size); 3224 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3225 size += m->m_pkthdr.len; 3226 /* 3227 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3228 * 4-byte padding), and be sure to zero those trailing 3229 * bytes: 3230 */ 3231 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3232 size += ((-size) & 3) + 8; 3233 3234 vap = data->ni->ni_vap; 3235 if (ieee80211_radiotap_active_vap(vap)) { 3236 const struct ieee80211_frame *wh; 3237 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3238 struct rt2860_txwi *txwi = 3239 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3240 int has_l2pad; 3241 3242 wh = mtod(m, struct ieee80211_frame *); 3243 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3244 IEEE80211_QOS_HAS_SEQ(wh); 3245 3246 tap->wt_flags = 0; 3247 tap->wt_rate = rt2860_rates[data->ridx].rate; 3248 tap->wt_hwqueue = index; 3249 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3250 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3251 if (has_l2pad) 3252 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3253 3254 ieee80211_radiotap_tx(vap, m); 3255 } 3256 3257 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3258 "sending frame len=%u/%u @ index %d\n", 3259 m->m_pkthdr.len, size, index); 3260 3261 usbd_xfer_set_frame_len(xfer, 0, size); 3262 usbd_xfer_set_priv(xfer, data); 3263 usbd_transfer_submit(xfer); 3264 run_start(sc); 3265 3266 break; 3267 3268 default: 3269 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3270 "USB transfer error, %s\n", usbd_errstr(error)); 3271 3272 data = usbd_xfer_get_priv(xfer); 3273 3274 if (data != NULL) { 3275 if(data->ni != NULL) 3276 vap = data->ni->ni_vap; 3277 run_tx_free(pq, data, error); 3278 usbd_xfer_set_priv(xfer, NULL); 3279 } 3280 3281 if (vap == NULL) 3282 vap = TAILQ_FIRST(&ic->ic_vaps); 3283 3284 if (error != USB_ERR_CANCELLED) { 3285 if (error == USB_ERR_TIMEOUT) { 3286 device_printf(sc->sc_dev, "device timeout\n"); 3287 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3288 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3289 "cmdq_store=%d\n", i); 3290 sc->cmdq[i].func = run_usb_timeout_cb; 3291 sc->cmdq[i].arg0 = vap; 3292 ieee80211_runtask(ic, &sc->cmdq_task); 3293 } 3294 3295 /* 3296 * Try to clear stall first, also if other 3297 * errors occur, hence clearing stall 3298 * introduces a 50 ms delay: 3299 */ 3300 usbd_xfer_set_stall(xfer); 3301 goto tr_setup; 3302 } 3303 break; 3304 } 3305 #ifdef IEEE80211_SUPPORT_SUPERG 3306 /* XXX TODO: make this deferred rather than unlock/relock */ 3307 /* XXX TODO: should only do the QoS AC this belongs to */ 3308 if (pq->tx_nfree >= RUN_TX_RING_COUNT) { 3309 RUN_UNLOCK(sc); 3310 ieee80211_ff_flush_all(ic); 3311 RUN_LOCK(sc); 3312 } 3313 #endif 3314 } 3315 3316 static void 3317 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3318 { 3319 run_bulk_tx_callbackN(xfer, error, 0); 3320 } 3321 3322 static void 3323 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3324 { 3325 run_bulk_tx_callbackN(xfer, error, 1); 3326 } 3327 3328 static void 3329 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3330 { 3331 run_bulk_tx_callbackN(xfer, error, 2); 3332 } 3333 3334 static void 3335 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3336 { 3337 run_bulk_tx_callbackN(xfer, error, 3); 3338 } 3339 3340 static void 3341 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3342 { 3343 run_bulk_tx_callbackN(xfer, error, 4); 3344 } 3345 3346 static void 3347 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3348 { 3349 run_bulk_tx_callbackN(xfer, error, 5); 3350 } 3351 3352 static void 3353 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3354 { 3355 struct mbuf *m = data->m; 3356 struct ieee80211com *ic = &sc->sc_ic; 3357 struct ieee80211vap *vap = data->ni->ni_vap; 3358 struct ieee80211_frame *wh; 3359 struct rt2870_txd *txd; 3360 struct rt2860_txwi *txwi; 3361 uint16_t xferlen, txwisize; 3362 uint16_t mcs; 3363 uint8_t ridx = data->ridx; 3364 uint8_t pad; 3365 3366 /* get MCS code from rate index */ 3367 mcs = rt2860_rates[ridx].mcs; 3368 3369 txwisize = (sc->mac_ver == 0x5592) ? 3370 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3371 xferlen = txwisize + m->m_pkthdr.len; 3372 3373 /* roundup to 32-bit alignment */ 3374 xferlen = (xferlen + 3) & ~3; 3375 3376 txd = (struct rt2870_txd *)&data->desc; 3377 txd->len = htole16(xferlen); 3378 3379 wh = mtod(m, struct ieee80211_frame *); 3380 3381 /* 3382 * Ether both are true or both are false, the header 3383 * are nicely aligned to 32-bit. So, no L2 padding. 3384 */ 3385 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3386 pad = 0; 3387 else 3388 pad = 2; 3389 3390 /* setup TX Wireless Information */ 3391 txwi = (struct rt2860_txwi *)(txd + 1); 3392 txwi->len = htole16(m->m_pkthdr.len - pad); 3393 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3394 mcs |= RT2860_PHY_CCK; 3395 if (ridx != RT2860_RIDX_CCK1 && 3396 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3397 mcs |= RT2860_PHY_SHPRE; 3398 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) { 3399 mcs |= RT2860_PHY_OFDM; 3400 } else if (rt2860_rates[ridx].phy == IEEE80211_T_HT) { 3401 /* XXX TODO: [adrian] set short preamble for MCS? */ 3402 mcs |= RT2860_PHY_HT_MIX; /* Mixed, not greenfield */ 3403 } 3404 txwi->phy = htole16(mcs); 3405 3406 /* check if RTS/CTS or CTS-to-self protection is required */ 3407 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3408 ((m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) || 3409 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3410 rt2860_rates[ridx].phy == IEEE80211_T_OFDM) || 3411 ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) && 3412 rt2860_rates[ridx].phy == IEEE80211_T_HT))) 3413 txwi->txop |= RT2860_TX_TXOP_HT; 3414 else 3415 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3416 3417 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3418 txwi->xflags |= RT2860_TX_NSEQ; 3419 } 3420 3421 /* This function must be called locked */ 3422 static int 3423 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3424 { 3425 struct ieee80211com *ic = &sc->sc_ic; 3426 struct ieee80211vap *vap = ni->ni_vap; 3427 struct ieee80211_frame *wh; 3428 const struct ieee80211_txparam *tp = ni->ni_txparms; 3429 struct run_node *rn = RUN_NODE(ni); 3430 struct run_tx_data *data; 3431 struct rt2870_txd *txd; 3432 struct rt2860_txwi *txwi; 3433 uint16_t qos; 3434 uint16_t dur; 3435 uint16_t qid; 3436 uint8_t type; 3437 uint8_t tid; 3438 uint8_t ridx; 3439 uint8_t ctl_ridx; 3440 uint8_t qflags; 3441 uint8_t xflags = 0; 3442 int hasqos; 3443 3444 RUN_LOCK_ASSERT(sc, MA_OWNED); 3445 3446 wh = mtod(m, struct ieee80211_frame *); 3447 3448 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3449 3450 /* 3451 * There are 7 bulk endpoints: 1 for RX 3452 * and 6 for TX (4 EDCAs + HCCA + Prio). 3453 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3454 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3455 */ 3456 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3457 uint8_t *frm; 3458 3459 frm = ieee80211_getqos(wh); 3460 qos = le16toh(*(const uint16_t *)frm); 3461 tid = qos & IEEE80211_QOS_TID; 3462 qid = TID_TO_WME_AC(tid); 3463 } else { 3464 qos = 0; 3465 tid = 0; 3466 qid = WME_AC_BE; 3467 } 3468 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3469 3470 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3471 qos, qid, tid, qflags); 3472 3473 /* pickup a rate index */ 3474 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3475 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3476 /* XXX TODO: methodize for 11n; use MCS0 for 11NA/11NG */ 3477 ridx = (ic->ic_curmode == IEEE80211_MODE_11A || ic->ic_curmode == IEEE80211_MODE_11NA) ? 3478 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3479 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3480 } else { 3481 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3482 ridx = rn->fix_ridx; 3483 else 3484 ridx = rn->amrr_ridx; 3485 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3486 } 3487 3488 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3489 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3490 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3491 xflags |= RT2860_TX_ACK; 3492 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3493 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3494 else 3495 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3496 USETW(wh->i_dur, dur); 3497 } 3498 3499 /* reserve slots for mgmt packets, just in case */ 3500 if (sc->sc_epq[qid].tx_nfree < 3) { 3501 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3502 return (-1); 3503 } 3504 3505 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3506 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3507 sc->sc_epq[qid].tx_nfree--; 3508 3509 txd = (struct rt2870_txd *)&data->desc; 3510 txd->flags = qflags; 3511 txwi = (struct rt2860_txwi *)(txd + 1); 3512 txwi->xflags = xflags; 3513 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3514 txwi->wcid = 0; 3515 else 3516 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3517 1 : RUN_AID2WCID(ni->ni_associd); 3518 3519 /* clear leftover garbage bits */ 3520 txwi->flags = 0; 3521 txwi->txop = 0; 3522 3523 data->m = m; 3524 data->ni = ni; 3525 data->ridx = ridx; 3526 3527 run_set_tx_desc(sc, data); 3528 3529 /* 3530 * The chip keeps track of 2 kind of Tx stats, 3531 * * TX_STAT_FIFO, for per WCID stats, and 3532 * * TX_STA_CNT0 for all-TX-in-one stats. 3533 * 3534 * To use FIFO stats, we need to store MCS into the driver-private 3535 * PacketID field. So that, we can tell whose stats when we read them. 3536 * We add 1 to the MCS because setting the PacketID field to 0 means 3537 * that we don't want feedback in TX_STAT_FIFO. 3538 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3539 * 3540 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3541 */ 3542 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3543 vap->iv_opmode == IEEE80211_M_MBSS) { 3544 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3545 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3546 3547 /* 3548 * Unlike PCI based devices, we don't get any interrupt from 3549 * USB devices, so we simulate FIFO-is-full interrupt here. 3550 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3551 * quickly get fulled. To prevent overflow, increment a counter on 3552 * every FIFO stat request, so we know how many slots are left. 3553 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3554 * are used only in those modes. 3555 * We just drain stats. AMRR gets updated every 1 sec by 3556 * run_ratectl_cb() via callout. 3557 * Call it early. Otherwise overflow. 3558 */ 3559 if (sc->fifo_cnt++ == 10) { 3560 /* 3561 * With multiple vaps or if_bridge, if_start() is called 3562 * with a non-sleepable lock, tcpinp. So, need to defer. 3563 */ 3564 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3565 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3566 sc->cmdq[i].func = run_drain_fifo; 3567 sc->cmdq[i].arg0 = sc; 3568 ieee80211_runtask(ic, &sc->cmdq_task); 3569 } 3570 } 3571 3572 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3573 3574 usbd_transfer_start(sc->sc_xfer[qid]); 3575 3576 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3577 "sending data frame len=%d rate=%d qid=%d\n", 3578 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3579 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3580 3581 return (0); 3582 } 3583 3584 static int 3585 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3586 { 3587 struct ieee80211com *ic = &sc->sc_ic; 3588 struct run_node *rn = RUN_NODE(ni); 3589 struct run_tx_data *data; 3590 struct ieee80211_frame *wh; 3591 struct rt2870_txd *txd; 3592 struct rt2860_txwi *txwi; 3593 uint16_t dur; 3594 uint8_t ridx = rn->mgt_ridx; 3595 uint8_t xflags = 0; 3596 uint8_t wflags = 0; 3597 3598 RUN_LOCK_ASSERT(sc, MA_OWNED); 3599 3600 wh = mtod(m, struct ieee80211_frame *); 3601 3602 /* tell hardware to add timestamp for probe responses */ 3603 if ((wh->i_fc[0] & 3604 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3605 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3606 wflags |= RT2860_TX_TS; 3607 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3608 xflags |= RT2860_TX_ACK; 3609 3610 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3611 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3612 USETW(wh->i_dur, dur); 3613 } 3614 3615 if (sc->sc_epq[0].tx_nfree == 0) 3616 /* let caller free mbuf */ 3617 return (EIO); 3618 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3619 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3620 sc->sc_epq[0].tx_nfree--; 3621 3622 txd = (struct rt2870_txd *)&data->desc; 3623 txd->flags = RT2860_TX_QSEL_EDCA; 3624 txwi = (struct rt2860_txwi *)(txd + 1); 3625 txwi->wcid = 0xff; 3626 txwi->flags = wflags; 3627 txwi->xflags = xflags; 3628 txwi->txop = 0; /* clear leftover garbage bits */ 3629 3630 data->m = m; 3631 data->ni = ni; 3632 data->ridx = ridx; 3633 3634 run_set_tx_desc(sc, data); 3635 3636 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3637 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3638 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3639 3640 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3641 3642 usbd_transfer_start(sc->sc_xfer[0]); 3643 3644 return (0); 3645 } 3646 3647 static int 3648 run_sendprot(struct run_softc *sc, 3649 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3650 { 3651 struct ieee80211com *ic = ni->ni_ic; 3652 struct run_tx_data *data; 3653 struct rt2870_txd *txd; 3654 struct rt2860_txwi *txwi; 3655 struct mbuf *mprot; 3656 int ridx; 3657 int protrate; 3658 uint8_t wflags = 0; 3659 uint8_t xflags = 0; 3660 3661 RUN_LOCK_ASSERT(sc, MA_OWNED); 3662 3663 /* check that there are free slots before allocating the mbuf */ 3664 if (sc->sc_epq[0].tx_nfree == 0) 3665 /* let caller free mbuf */ 3666 return (ENOBUFS); 3667 3668 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3669 if (mprot == NULL) { 3670 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3671 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3672 return (ENOBUFS); 3673 } 3674 3675 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3676 wflags = RT2860_TX_FRAG; 3677 xflags = 0; 3678 if (prot == IEEE80211_PROT_RTSCTS) 3679 xflags |= RT2860_TX_ACK; 3680 3681 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3682 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3683 sc->sc_epq[0].tx_nfree--; 3684 3685 txd = (struct rt2870_txd *)&data->desc; 3686 txd->flags = RT2860_TX_QSEL_EDCA; 3687 txwi = (struct rt2860_txwi *)(txd + 1); 3688 txwi->wcid = 0xff; 3689 txwi->flags = wflags; 3690 txwi->xflags = xflags; 3691 txwi->txop = 0; /* clear leftover garbage bits */ 3692 3693 data->m = mprot; 3694 data->ni = ieee80211_ref_node(ni); 3695 3696 /* XXX TODO: methodize with MCS rates */ 3697 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3698 if (rt2860_rates[ridx].rate == protrate) 3699 break; 3700 data->ridx = ridx; 3701 3702 run_set_tx_desc(sc, data); 3703 3704 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3705 m->m_pkthdr.len, rate); 3706 3707 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3708 3709 usbd_transfer_start(sc->sc_xfer[0]); 3710 3711 return (0); 3712 } 3713 3714 static int 3715 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3716 const struct ieee80211_bpf_params *params) 3717 { 3718 struct ieee80211com *ic = ni->ni_ic; 3719 struct run_tx_data *data; 3720 struct rt2870_txd *txd; 3721 struct rt2860_txwi *txwi; 3722 uint8_t ridx; 3723 uint8_t rate; 3724 uint8_t opflags = 0; 3725 uint8_t xflags = 0; 3726 int error; 3727 3728 RUN_LOCK_ASSERT(sc, MA_OWNED); 3729 3730 KASSERT(params != NULL, ("no raw xmit params")); 3731 3732 rate = params->ibp_rate0; 3733 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3734 /* let caller free mbuf */ 3735 return (EINVAL); 3736 } 3737 3738 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3739 xflags |= RT2860_TX_ACK; 3740 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3741 error = run_sendprot(sc, m, ni, 3742 params->ibp_flags & IEEE80211_BPF_RTS ? 3743 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3744 rate); 3745 if (error) { 3746 /* let caller free mbuf */ 3747 return error; 3748 } 3749 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3750 } 3751 3752 if (sc->sc_epq[0].tx_nfree == 0) { 3753 /* let caller free mbuf */ 3754 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3755 "sending raw frame, but tx ring is full\n"); 3756 return (EIO); 3757 } 3758 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3759 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3760 sc->sc_epq[0].tx_nfree--; 3761 3762 txd = (struct rt2870_txd *)&data->desc; 3763 txd->flags = RT2860_TX_QSEL_EDCA; 3764 txwi = (struct rt2860_txwi *)(txd + 1); 3765 txwi->wcid = 0xff; 3766 txwi->xflags = xflags; 3767 txwi->txop = opflags; 3768 txwi->flags = 0; /* clear leftover garbage bits */ 3769 3770 data->m = m; 3771 data->ni = ni; 3772 /* XXX TODO: methodize with MCS rates */ 3773 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3774 if (rt2860_rates[ridx].rate == rate) 3775 break; 3776 data->ridx = ridx; 3777 3778 run_set_tx_desc(sc, data); 3779 3780 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3781 m->m_pkthdr.len, rate); 3782 3783 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3784 3785 usbd_transfer_start(sc->sc_xfer[0]); 3786 3787 return (0); 3788 } 3789 3790 static int 3791 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3792 const struct ieee80211_bpf_params *params) 3793 { 3794 struct run_softc *sc = ni->ni_ic->ic_softc; 3795 int error = 0; 3796 3797 RUN_LOCK(sc); 3798 3799 /* prevent management frames from being sent if we're not ready */ 3800 if (!(sc->sc_flags & RUN_RUNNING)) { 3801 error = ENETDOWN; 3802 goto done; 3803 } 3804 3805 if (params == NULL) { 3806 /* tx mgt packet */ 3807 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3808 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3809 goto done; 3810 } 3811 } else { 3812 /* tx raw packet with param */ 3813 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3814 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3815 goto done; 3816 } 3817 } 3818 3819 done: 3820 RUN_UNLOCK(sc); 3821 3822 if (error != 0) { 3823 if(m != NULL) 3824 m_freem(m); 3825 } 3826 3827 return (error); 3828 } 3829 3830 static int 3831 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3832 { 3833 struct run_softc *sc = ic->ic_softc; 3834 int error; 3835 3836 RUN_LOCK(sc); 3837 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3838 RUN_UNLOCK(sc); 3839 return (ENXIO); 3840 } 3841 error = mbufq_enqueue(&sc->sc_snd, m); 3842 if (error) { 3843 RUN_UNLOCK(sc); 3844 return (error); 3845 } 3846 run_start(sc); 3847 RUN_UNLOCK(sc); 3848 3849 return (0); 3850 } 3851 3852 static void 3853 run_start(struct run_softc *sc) 3854 { 3855 struct ieee80211_node *ni; 3856 struct mbuf *m; 3857 3858 RUN_LOCK_ASSERT(sc, MA_OWNED); 3859 3860 if ((sc->sc_flags & RUN_RUNNING) == 0) 3861 return; 3862 3863 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3864 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3865 if (run_tx(sc, m, ni) != 0) { 3866 mbufq_prepend(&sc->sc_snd, m); 3867 break; 3868 } 3869 } 3870 } 3871 3872 static void 3873 run_parent(struct ieee80211com *ic) 3874 { 3875 struct run_softc *sc = ic->ic_softc; 3876 int startall = 0; 3877 3878 RUN_LOCK(sc); 3879 if (sc->sc_detached) { 3880 RUN_UNLOCK(sc); 3881 return; 3882 } 3883 3884 if (ic->ic_nrunning > 0) { 3885 if (!(sc->sc_flags & RUN_RUNNING)) { 3886 startall = 1; 3887 run_init_locked(sc); 3888 } else 3889 run_update_promisc_locked(sc); 3890 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3891 run_stop(sc); 3892 RUN_UNLOCK(sc); 3893 if (startall) 3894 ieee80211_start_all(ic); 3895 } 3896 3897 static void 3898 run_iq_calib(struct run_softc *sc, u_int chan) 3899 { 3900 uint16_t val; 3901 3902 /* Tx0 IQ gain. */ 3903 run_bbp_write(sc, 158, 0x2c); 3904 if (chan <= 14) 3905 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3906 else if (chan <= 64) { 3907 run_efuse_read(sc, 3908 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3909 &val, 1); 3910 } else if (chan <= 138) { 3911 run_efuse_read(sc, 3912 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3913 &val, 1); 3914 } else if (chan <= 165) { 3915 run_efuse_read(sc, 3916 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3917 &val, 1); 3918 } else 3919 val = 0; 3920 run_bbp_write(sc, 159, val); 3921 3922 /* Tx0 IQ phase. */ 3923 run_bbp_write(sc, 158, 0x2d); 3924 if (chan <= 14) { 3925 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3926 &val, 1); 3927 } else if (chan <= 64) { 3928 run_efuse_read(sc, 3929 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3930 &val, 1); 3931 } else if (chan <= 138) { 3932 run_efuse_read(sc, 3933 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3934 &val, 1); 3935 } else if (chan <= 165) { 3936 run_efuse_read(sc, 3937 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3938 &val, 1); 3939 } else 3940 val = 0; 3941 run_bbp_write(sc, 159, val); 3942 3943 /* Tx1 IQ gain. */ 3944 run_bbp_write(sc, 158, 0x4a); 3945 if (chan <= 14) { 3946 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3947 &val, 1); 3948 } else if (chan <= 64) { 3949 run_efuse_read(sc, 3950 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3951 &val, 1); 3952 } else if (chan <= 138) { 3953 run_efuse_read(sc, 3954 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3955 &val, 1); 3956 } else if (chan <= 165) { 3957 run_efuse_read(sc, 3958 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3959 &val, 1); 3960 } else 3961 val = 0; 3962 run_bbp_write(sc, 159, val); 3963 3964 /* Tx1 IQ phase. */ 3965 run_bbp_write(sc, 158, 0x4b); 3966 if (chan <= 14) { 3967 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3968 &val, 1); 3969 } else if (chan <= 64) { 3970 run_efuse_read(sc, 3971 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3972 &val, 1); 3973 } else if (chan <= 138) { 3974 run_efuse_read(sc, 3975 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3976 &val, 1); 3977 } else if (chan <= 165) { 3978 run_efuse_read(sc, 3979 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3980 &val, 1); 3981 } else 3982 val = 0; 3983 run_bbp_write(sc, 159, val); 3984 3985 /* RF IQ compensation control. */ 3986 run_bbp_write(sc, 158, 0x04); 3987 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3988 &val, 1); 3989 run_bbp_write(sc, 159, val); 3990 3991 /* RF IQ imbalance compensation control. */ 3992 run_bbp_write(sc, 158, 0x03); 3993 run_efuse_read(sc, 3994 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3995 run_bbp_write(sc, 159, val); 3996 } 3997 3998 static void 3999 run_set_agc(struct run_softc *sc, uint8_t agc) 4000 { 4001 uint8_t bbp; 4002 4003 if (sc->mac_ver == 0x3572) { 4004 run_bbp_read(sc, 27, &bbp); 4005 bbp &= ~(0x3 << 5); 4006 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 4007 run_bbp_write(sc, 66, agc); 4008 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 4009 run_bbp_write(sc, 66, agc); 4010 } else 4011 run_bbp_write(sc, 66, agc); 4012 } 4013 4014 static void 4015 run_select_chan_group(struct run_softc *sc, int group) 4016 { 4017 uint32_t tmp; 4018 uint8_t agc; 4019 4020 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 4021 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 4022 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 4023 if (sc->mac_ver < 0x3572) 4024 run_bbp_write(sc, 86, 0x00); 4025 4026 if (sc->mac_ver == 0x3593) { 4027 run_bbp_write(sc, 77, 0x98); 4028 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 4029 } 4030 4031 if (group == 0) { 4032 if (sc->ext_2ghz_lna) { 4033 if (sc->mac_ver >= 0x5390) 4034 run_bbp_write(sc, 75, 0x52); 4035 else { 4036 run_bbp_write(sc, 82, 0x62); 4037 run_bbp_write(sc, 75, 0x46); 4038 } 4039 } else { 4040 if (sc->mac_ver == 0x5592) { 4041 run_bbp_write(sc, 79, 0x1c); 4042 run_bbp_write(sc, 80, 0x0e); 4043 run_bbp_write(sc, 81, 0x3a); 4044 run_bbp_write(sc, 82, 0x62); 4045 4046 run_bbp_write(sc, 195, 0x80); 4047 run_bbp_write(sc, 196, 0xe0); 4048 run_bbp_write(sc, 195, 0x81); 4049 run_bbp_write(sc, 196, 0x1f); 4050 run_bbp_write(sc, 195, 0x82); 4051 run_bbp_write(sc, 196, 0x38); 4052 run_bbp_write(sc, 195, 0x83); 4053 run_bbp_write(sc, 196, 0x32); 4054 run_bbp_write(sc, 195, 0x85); 4055 run_bbp_write(sc, 196, 0x28); 4056 run_bbp_write(sc, 195, 0x86); 4057 run_bbp_write(sc, 196, 0x19); 4058 } else if (sc->mac_ver >= 0x5390) 4059 run_bbp_write(sc, 75, 0x50); 4060 else { 4061 run_bbp_write(sc, 82, 4062 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 4063 run_bbp_write(sc, 75, 0x50); 4064 } 4065 } 4066 } else { 4067 if (sc->mac_ver == 0x5592) { 4068 run_bbp_write(sc, 79, 0x18); 4069 run_bbp_write(sc, 80, 0x08); 4070 run_bbp_write(sc, 81, 0x38); 4071 run_bbp_write(sc, 82, 0x92); 4072 4073 run_bbp_write(sc, 195, 0x80); 4074 run_bbp_write(sc, 196, 0xf0); 4075 run_bbp_write(sc, 195, 0x81); 4076 run_bbp_write(sc, 196, 0x1e); 4077 run_bbp_write(sc, 195, 0x82); 4078 run_bbp_write(sc, 196, 0x28); 4079 run_bbp_write(sc, 195, 0x83); 4080 run_bbp_write(sc, 196, 0x20); 4081 run_bbp_write(sc, 195, 0x85); 4082 run_bbp_write(sc, 196, 0x7f); 4083 run_bbp_write(sc, 195, 0x86); 4084 run_bbp_write(sc, 196, 0x7f); 4085 } else if (sc->mac_ver == 0x3572) 4086 run_bbp_write(sc, 82, 0x94); 4087 else 4088 run_bbp_write(sc, 82, 4089 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4090 if (sc->ext_5ghz_lna) 4091 run_bbp_write(sc, 75, 0x46); 4092 else 4093 run_bbp_write(sc, 75, 0x50); 4094 } 4095 4096 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4097 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4098 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4099 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4100 4101 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4102 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4103 if (sc->mac_ver == 0x3593) 4104 tmp |= 1 << 29 | 1 << 28; 4105 if (sc->nrxchains > 1) 4106 tmp |= RT2860_LNA_PE1_EN; 4107 if (group == 0) { /* 2GHz */ 4108 tmp |= RT2860_PA_PE_G0_EN; 4109 if (sc->ntxchains > 1) 4110 tmp |= RT2860_PA_PE_G1_EN; 4111 if (sc->mac_ver == 0x3593) { 4112 if (sc->ntxchains > 2) 4113 tmp |= 1 << 25; 4114 } 4115 } else { /* 5GHz */ 4116 tmp |= RT2860_PA_PE_A0_EN; 4117 if (sc->ntxchains > 1) 4118 tmp |= RT2860_PA_PE_A1_EN; 4119 } 4120 if (sc->mac_ver == 0x3572) { 4121 run_rt3070_rf_write(sc, 8, 0x00); 4122 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4123 run_rt3070_rf_write(sc, 8, 0x80); 4124 } else 4125 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4126 4127 if (sc->mac_ver == 0x5592) { 4128 run_bbp_write(sc, 195, 0x8d); 4129 run_bbp_write(sc, 196, 0x1a); 4130 } 4131 4132 if (sc->mac_ver == 0x3593) { 4133 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4134 tmp &= ~0x01010000; 4135 if (group == 0) 4136 tmp |= 0x00010000; 4137 tmp = (tmp & ~0x00009090) | 0x00000090; 4138 run_write(sc, RT2860_GPIO_CTRL, tmp); 4139 } 4140 4141 /* set initial AGC value */ 4142 if (group == 0) { /* 2GHz band */ 4143 if (sc->mac_ver >= 0x3070) 4144 agc = 0x1c + sc->lna[0] * 2; 4145 else 4146 agc = 0x2e + sc->lna[0]; 4147 } else { /* 5GHz band */ 4148 if (sc->mac_ver == 0x5592) 4149 agc = 0x24 + sc->lna[group] * 2; 4150 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4151 agc = 0x22 + (sc->lna[group] * 5) / 3; 4152 else 4153 agc = 0x32 + (sc->lna[group] * 5) / 3; 4154 } 4155 run_set_agc(sc, agc); 4156 } 4157 4158 static void 4159 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4160 { 4161 const struct rfprog *rfprog = rt2860_rf2850; 4162 uint32_t r2, r3, r4; 4163 int8_t txpow1, txpow2; 4164 int i; 4165 4166 /* find the settings for this channel (we know it exists) */ 4167 for (i = 0; rfprog[i].chan != chan; i++); 4168 4169 r2 = rfprog[i].r2; 4170 if (sc->ntxchains == 1) 4171 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4172 if (sc->nrxchains == 1) 4173 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4174 else if (sc->nrxchains == 2) 4175 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4176 4177 /* use Tx power values from EEPROM */ 4178 txpow1 = sc->txpow1[i]; 4179 txpow2 = sc->txpow2[i]; 4180 4181 /* Initialize RF R3 and R4. */ 4182 r3 = rfprog[i].r3 & 0xffffc1ff; 4183 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4184 if (chan > 14) { 4185 if (txpow1 >= 0) { 4186 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4187 r3 |= (txpow1 << 10) | (1 << 9); 4188 } else { 4189 txpow1 += 7; 4190 4191 /* txpow1 is not possible larger than 15. */ 4192 r3 |= (txpow1 << 10); 4193 } 4194 if (txpow2 >= 0) { 4195 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4196 r4 |= (txpow2 << 7) | (1 << 6); 4197 } else { 4198 txpow2 += 7; 4199 r4 |= (txpow2 << 7); 4200 } 4201 } else { 4202 /* Set Tx0 power. */ 4203 r3 |= (txpow1 << 9); 4204 4205 /* Set frequency offset and Tx1 power. */ 4206 r4 |= (txpow2 << 6); 4207 } 4208 4209 run_rt2870_rf_write(sc, rfprog[i].r1); 4210 run_rt2870_rf_write(sc, r2); 4211 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4212 run_rt2870_rf_write(sc, r4); 4213 4214 run_delay(sc, 10); 4215 4216 run_rt2870_rf_write(sc, rfprog[i].r1); 4217 run_rt2870_rf_write(sc, r2); 4218 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4219 run_rt2870_rf_write(sc, r4); 4220 4221 run_delay(sc, 10); 4222 4223 run_rt2870_rf_write(sc, rfprog[i].r1); 4224 run_rt2870_rf_write(sc, r2); 4225 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4226 run_rt2870_rf_write(sc, r4); 4227 } 4228 4229 static void 4230 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4231 { 4232 int8_t txpow1, txpow2; 4233 uint8_t rf; 4234 int i; 4235 4236 /* find the settings for this channel (we know it exists) */ 4237 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4238 4239 /* use Tx power values from EEPROM */ 4240 txpow1 = sc->txpow1[i]; 4241 txpow2 = sc->txpow2[i]; 4242 4243 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4244 4245 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4246 run_rt3070_rf_read(sc, 3, &rf); 4247 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4248 run_rt3070_rf_write(sc, 3, rf); 4249 4250 run_rt3070_rf_read(sc, 6, &rf); 4251 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4252 run_rt3070_rf_write(sc, 6, rf); 4253 4254 /* set Tx0 power */ 4255 run_rt3070_rf_read(sc, 12, &rf); 4256 rf = (rf & ~0x1f) | txpow1; 4257 run_rt3070_rf_write(sc, 12, rf); 4258 4259 /* set Tx1 power */ 4260 run_rt3070_rf_read(sc, 13, &rf); 4261 rf = (rf & ~0x1f) | txpow2; 4262 run_rt3070_rf_write(sc, 13, rf); 4263 4264 run_rt3070_rf_read(sc, 1, &rf); 4265 rf &= ~0xfc; 4266 if (sc->ntxchains == 1) 4267 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4268 else if (sc->ntxchains == 2) 4269 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4270 if (sc->nrxchains == 1) 4271 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4272 else if (sc->nrxchains == 2) 4273 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4274 run_rt3070_rf_write(sc, 1, rf); 4275 4276 /* set RF offset */ 4277 run_rt3070_rf_read(sc, 23, &rf); 4278 rf = (rf & ~0x7f) | sc->freq; 4279 run_rt3070_rf_write(sc, 23, rf); 4280 4281 /* program RF filter */ 4282 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4283 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4284 run_rt3070_rf_write(sc, 24, rf); 4285 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4286 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4287 run_rt3070_rf_write(sc, 31, rf); 4288 4289 /* enable RF tuning */ 4290 run_rt3070_rf_read(sc, 7, &rf); 4291 run_rt3070_rf_write(sc, 7, rf | 0x01); 4292 } 4293 4294 static void 4295 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4296 { 4297 int8_t txpow1, txpow2; 4298 uint32_t tmp; 4299 uint8_t rf; 4300 int i; 4301 4302 /* find the settings for this channel (we know it exists) */ 4303 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4304 4305 /* use Tx power values from EEPROM */ 4306 txpow1 = sc->txpow1[i]; 4307 txpow2 = sc->txpow2[i]; 4308 4309 if (chan <= 14) { 4310 run_bbp_write(sc, 25, sc->bbp25); 4311 run_bbp_write(sc, 26, sc->bbp26); 4312 } else { 4313 /* enable IQ phase correction */ 4314 run_bbp_write(sc, 25, 0x09); 4315 run_bbp_write(sc, 26, 0xff); 4316 } 4317 4318 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4319 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4320 run_rt3070_rf_read(sc, 6, &rf); 4321 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4322 rf |= (chan <= 14) ? 0x08 : 0x04; 4323 run_rt3070_rf_write(sc, 6, rf); 4324 4325 /* set PLL mode */ 4326 run_rt3070_rf_read(sc, 5, &rf); 4327 rf &= ~(0x08 | 0x04); 4328 rf |= (chan <= 14) ? 0x04 : 0x08; 4329 run_rt3070_rf_write(sc, 5, rf); 4330 4331 /* set Tx power for chain 0 */ 4332 if (chan <= 14) 4333 rf = 0x60 | txpow1; 4334 else 4335 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4336 run_rt3070_rf_write(sc, 12, rf); 4337 4338 /* set Tx power for chain 1 */ 4339 if (chan <= 14) 4340 rf = 0x60 | txpow2; 4341 else 4342 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4343 run_rt3070_rf_write(sc, 13, rf); 4344 4345 /* set Tx/Rx streams */ 4346 run_rt3070_rf_read(sc, 1, &rf); 4347 rf &= ~0xfc; 4348 if (sc->ntxchains == 1) 4349 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4350 else if (sc->ntxchains == 2) 4351 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4352 if (sc->nrxchains == 1) 4353 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4354 else if (sc->nrxchains == 2) 4355 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4356 run_rt3070_rf_write(sc, 1, rf); 4357 4358 /* set RF offset */ 4359 run_rt3070_rf_read(sc, 23, &rf); 4360 rf = (rf & ~0x7f) | sc->freq; 4361 run_rt3070_rf_write(sc, 23, rf); 4362 4363 /* program RF filter */ 4364 rf = sc->rf24_20mhz; 4365 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4366 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4367 4368 /* enable RF tuning */ 4369 run_rt3070_rf_read(sc, 7, &rf); 4370 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4371 run_rt3070_rf_write(sc, 7, rf); 4372 4373 /* TSSI */ 4374 rf = (chan <= 14) ? 0xc3 : 0xc0; 4375 run_rt3070_rf_write(sc, 9, rf); 4376 4377 /* set loop filter 1 */ 4378 run_rt3070_rf_write(sc, 10, 0xf1); 4379 /* set loop filter 2 */ 4380 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4381 4382 /* set tx_mx2_ic */ 4383 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4384 /* set tx_mx1_ic */ 4385 if (chan <= 14) 4386 rf = 0x48 | sc->txmixgain_2ghz; 4387 else 4388 rf = 0x78 | sc->txmixgain_5ghz; 4389 run_rt3070_rf_write(sc, 16, rf); 4390 4391 /* set tx_lo1 */ 4392 run_rt3070_rf_write(sc, 17, 0x23); 4393 /* set tx_lo2 */ 4394 if (chan <= 14) 4395 rf = 0x93; 4396 else if (chan <= 64) 4397 rf = 0xb7; 4398 else if (chan <= 128) 4399 rf = 0x74; 4400 else 4401 rf = 0x72; 4402 run_rt3070_rf_write(sc, 19, rf); 4403 4404 /* set rx_lo1 */ 4405 if (chan <= 14) 4406 rf = 0xb3; 4407 else if (chan <= 64) 4408 rf = 0xf6; 4409 else if (chan <= 128) 4410 rf = 0xf4; 4411 else 4412 rf = 0xf3; 4413 run_rt3070_rf_write(sc, 20, rf); 4414 4415 /* set pfd_delay */ 4416 if (chan <= 14) 4417 rf = 0x15; 4418 else if (chan <= 64) 4419 rf = 0x3d; 4420 else 4421 rf = 0x01; 4422 run_rt3070_rf_write(sc, 25, rf); 4423 4424 /* set rx_lo2 */ 4425 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4426 /* set ldo_rf_vc */ 4427 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4428 /* set drv_cc */ 4429 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4430 4431 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4432 tmp &= ~0x8080; 4433 if (chan <= 14) 4434 tmp |= 0x80; 4435 run_write(sc, RT2860_GPIO_CTRL, tmp); 4436 4437 /* enable RF tuning */ 4438 run_rt3070_rf_read(sc, 7, &rf); 4439 run_rt3070_rf_write(sc, 7, rf | 0x01); 4440 4441 run_delay(sc, 2); 4442 } 4443 4444 static void 4445 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4446 { 4447 int8_t txpow1, txpow2, txpow3; 4448 uint8_t h20mhz, rf; 4449 int i; 4450 4451 /* find the settings for this channel (we know it exists) */ 4452 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4453 4454 /* use Tx power values from EEPROM */ 4455 txpow1 = sc->txpow1[i]; 4456 txpow2 = sc->txpow2[i]; 4457 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4458 4459 if (chan <= 14) { 4460 run_bbp_write(sc, 25, sc->bbp25); 4461 run_bbp_write(sc, 26, sc->bbp26); 4462 } else { 4463 /* Enable IQ phase correction. */ 4464 run_bbp_write(sc, 25, 0x09); 4465 run_bbp_write(sc, 26, 0xff); 4466 } 4467 4468 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4469 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4470 run_rt3070_rf_read(sc, 11, &rf); 4471 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4472 run_rt3070_rf_write(sc, 11, rf); 4473 4474 /* Set pll_idoh. */ 4475 run_rt3070_rf_read(sc, 11, &rf); 4476 rf &= ~0x4c; 4477 rf |= (chan <= 14) ? 0x44 : 0x48; 4478 run_rt3070_rf_write(sc, 11, rf); 4479 4480 if (chan <= 14) 4481 rf = txpow1 & 0x1f; 4482 else 4483 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4484 run_rt3070_rf_write(sc, 53, rf); 4485 4486 if (chan <= 14) 4487 rf = txpow2 & 0x1f; 4488 else 4489 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4490 run_rt3070_rf_write(sc, 55, rf); 4491 4492 if (chan <= 14) 4493 rf = txpow3 & 0x1f; 4494 else 4495 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4496 run_rt3070_rf_write(sc, 54, rf); 4497 4498 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4499 if (sc->ntxchains == 3) 4500 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4501 else 4502 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4503 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4504 run_rt3070_rf_write(sc, 1, rf); 4505 4506 run_adjust_freq_offset(sc); 4507 4508 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4509 4510 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4511 run_rt3070_rf_read(sc, 30, &rf); 4512 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4513 run_rt3070_rf_write(sc, 30, rf); 4514 4515 run_rt3070_rf_read(sc, 36, &rf); 4516 if (chan <= 14) 4517 rf |= 0x80; 4518 else 4519 rf &= ~0x80; 4520 run_rt3070_rf_write(sc, 36, rf); 4521 4522 /* Set vcolo_bs. */ 4523 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4524 /* Set pfd_delay. */ 4525 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4526 4527 /* Set vco bias current control. */ 4528 run_rt3070_rf_read(sc, 6, &rf); 4529 rf &= ~0xc0; 4530 if (chan <= 14) 4531 rf |= 0x40; 4532 else if (chan <= 128) 4533 rf |= 0x80; 4534 else 4535 rf |= 0x40; 4536 run_rt3070_rf_write(sc, 6, rf); 4537 4538 run_rt3070_rf_read(sc, 30, &rf); 4539 rf = (rf & ~0x18) | 0x10; 4540 run_rt3070_rf_write(sc, 30, rf); 4541 4542 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4543 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4544 4545 run_rt3070_rf_read(sc, 51, &rf); 4546 rf = (rf & ~0x03) | 0x01; 4547 run_rt3070_rf_write(sc, 51, rf); 4548 /* Set tx_mx1_cc. */ 4549 run_rt3070_rf_read(sc, 51, &rf); 4550 rf &= ~0x1c; 4551 rf |= (chan <= 14) ? 0x14 : 0x10; 4552 run_rt3070_rf_write(sc, 51, rf); 4553 /* Set tx_mx1_ic. */ 4554 run_rt3070_rf_read(sc, 51, &rf); 4555 rf &= ~0xe0; 4556 rf |= (chan <= 14) ? 0x60 : 0x40; 4557 run_rt3070_rf_write(sc, 51, rf); 4558 /* Set tx_lo1_ic. */ 4559 run_rt3070_rf_read(sc, 49, &rf); 4560 rf &= ~0x1c; 4561 rf |= (chan <= 14) ? 0x0c : 0x08; 4562 run_rt3070_rf_write(sc, 49, rf); 4563 /* Set tx_lo1_en. */ 4564 run_rt3070_rf_read(sc, 50, &rf); 4565 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4566 /* Set drv_cc. */ 4567 run_rt3070_rf_read(sc, 57, &rf); 4568 rf &= ~0xfc; 4569 rf |= (chan <= 14) ? 0x6c : 0x3c; 4570 run_rt3070_rf_write(sc, 57, rf); 4571 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4572 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4573 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4574 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4575 /* Enable VCO calibration. */ 4576 run_rt3070_rf_read(sc, 3, &rf); 4577 rf &= ~RT5390_VCOCAL; 4578 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4579 run_rt3070_rf_write(sc, 3, rf); 4580 4581 if (chan <= 14) 4582 rf = 0x23; 4583 else if (chan <= 64) 4584 rf = 0x36; 4585 else if (chan <= 128) 4586 rf = 0x32; 4587 else 4588 rf = 0x30; 4589 run_rt3070_rf_write(sc, 39, rf); 4590 if (chan <= 14) 4591 rf = 0xbb; 4592 else if (chan <= 64) 4593 rf = 0xeb; 4594 else if (chan <= 128) 4595 rf = 0xb3; 4596 else 4597 rf = 0x9b; 4598 run_rt3070_rf_write(sc, 45, rf); 4599 4600 /* Set FEQ/AEQ control. */ 4601 run_bbp_write(sc, 105, 0x34); 4602 } 4603 4604 static void 4605 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4606 { 4607 int8_t txpow1, txpow2; 4608 uint8_t rf; 4609 int i; 4610 4611 /* find the settings for this channel (we know it exists) */ 4612 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4613 4614 /* use Tx power values from EEPROM */ 4615 txpow1 = sc->txpow1[i]; 4616 txpow2 = sc->txpow2[i]; 4617 4618 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4619 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4620 run_rt3070_rf_read(sc, 11, &rf); 4621 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4622 run_rt3070_rf_write(sc, 11, rf); 4623 4624 run_rt3070_rf_read(sc, 49, &rf); 4625 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4626 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4627 if ((rf & 0x3f) > 0x27) 4628 rf = (rf & ~0x3f) | 0x27; 4629 run_rt3070_rf_write(sc, 49, rf); 4630 4631 if (sc->mac_ver == 0x5392) { 4632 run_rt3070_rf_read(sc, 50, &rf); 4633 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4634 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4635 if ((rf & 0x3f) > 0x27) 4636 rf = (rf & ~0x3f) | 0x27; 4637 run_rt3070_rf_write(sc, 50, rf); 4638 } 4639 4640 run_rt3070_rf_read(sc, 1, &rf); 4641 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4642 if (sc->mac_ver == 0x5392) 4643 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4644 run_rt3070_rf_write(sc, 1, rf); 4645 4646 if (sc->mac_ver != 0x5392) { 4647 run_rt3070_rf_read(sc, 2, &rf); 4648 rf |= 0x80; 4649 run_rt3070_rf_write(sc, 2, rf); 4650 run_delay(sc, 10); 4651 rf &= 0x7f; 4652 run_rt3070_rf_write(sc, 2, rf); 4653 } 4654 4655 run_adjust_freq_offset(sc); 4656 4657 if (sc->mac_ver == 0x5392) { 4658 /* Fix for RT5392C. */ 4659 if (sc->mac_rev >= 0x0223) { 4660 if (chan <= 4) 4661 rf = 0x0f; 4662 else if (chan >= 5 && chan <= 7) 4663 rf = 0x0e; 4664 else 4665 rf = 0x0d; 4666 run_rt3070_rf_write(sc, 23, rf); 4667 4668 if (chan <= 4) 4669 rf = 0x0c; 4670 else if (chan == 5) 4671 rf = 0x0b; 4672 else if (chan >= 6 && chan <= 7) 4673 rf = 0x0a; 4674 else if (chan >= 8 && chan <= 10) 4675 rf = 0x09; 4676 else 4677 rf = 0x08; 4678 run_rt3070_rf_write(sc, 59, rf); 4679 } else { 4680 if (chan <= 11) 4681 rf = 0x0f; 4682 else 4683 rf = 0x0b; 4684 run_rt3070_rf_write(sc, 59, rf); 4685 } 4686 } else { 4687 /* Fix for RT5390F. */ 4688 if (sc->mac_rev >= 0x0502) { 4689 if (chan <= 11) 4690 rf = 0x43; 4691 else 4692 rf = 0x23; 4693 run_rt3070_rf_write(sc, 55, rf); 4694 4695 if (chan <= 11) 4696 rf = 0x0f; 4697 else if (chan == 12) 4698 rf = 0x0d; 4699 else 4700 rf = 0x0b; 4701 run_rt3070_rf_write(sc, 59, rf); 4702 } else { 4703 run_rt3070_rf_write(sc, 55, 0x44); 4704 run_rt3070_rf_write(sc, 59, 0x8f); 4705 } 4706 } 4707 4708 /* Enable VCO calibration. */ 4709 run_rt3070_rf_read(sc, 3, &rf); 4710 rf |= RT5390_VCOCAL; 4711 run_rt3070_rf_write(sc, 3, rf); 4712 } 4713 4714 static void 4715 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4716 { 4717 const struct rt5592_freqs *freqs; 4718 uint32_t tmp; 4719 uint8_t reg, rf, txpow_bound; 4720 int8_t txpow1, txpow2; 4721 int i; 4722 4723 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4724 freqs = (tmp & RT5592_SEL_XTAL) ? 4725 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4726 4727 /* find the settings for this channel (we know it exists) */ 4728 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4729 4730 /* use Tx power values from EEPROM */ 4731 txpow1 = sc->txpow1[i]; 4732 txpow2 = sc->txpow2[i]; 4733 4734 run_read(sc, RT3070_LDO_CFG0, &tmp); 4735 tmp &= ~0x1c000000; 4736 if (chan > 14) 4737 tmp |= 0x14000000; 4738 run_write(sc, RT3070_LDO_CFG0, tmp); 4739 4740 /* N setting. */ 4741 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4742 run_rt3070_rf_read(sc, 9, &rf); 4743 rf &= ~(1 << 4); 4744 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4745 run_rt3070_rf_write(sc, 9, rf); 4746 4747 /* K setting. */ 4748 run_rt3070_rf_read(sc, 9, &rf); 4749 rf &= ~0x0f; 4750 rf |= (freqs->k & 0x0f); 4751 run_rt3070_rf_write(sc, 9, rf); 4752 4753 /* Mode setting. */ 4754 run_rt3070_rf_read(sc, 11, &rf); 4755 rf &= ~0x0c; 4756 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4757 run_rt3070_rf_write(sc, 11, rf); 4758 run_rt3070_rf_read(sc, 9, &rf); 4759 rf &= ~(1 << 7); 4760 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4761 run_rt3070_rf_write(sc, 9, rf); 4762 4763 /* R setting. */ 4764 run_rt3070_rf_read(sc, 11, &rf); 4765 rf &= ~0x03; 4766 rf |= (freqs->r - 0x1); 4767 run_rt3070_rf_write(sc, 11, rf); 4768 4769 if (chan <= 14) { 4770 /* Initialize RF registers for 2GHZ. */ 4771 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4772 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4773 rt5592_2ghz_def_rf[i].val); 4774 } 4775 4776 rf = (chan <= 10) ? 0x07 : 0x06; 4777 run_rt3070_rf_write(sc, 23, rf); 4778 run_rt3070_rf_write(sc, 59, rf); 4779 4780 run_rt3070_rf_write(sc, 55, 0x43); 4781 4782 /* 4783 * RF R49/R50 Tx power ALC code. 4784 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4785 */ 4786 reg = 2; 4787 txpow_bound = 0x27; 4788 } else { 4789 /* Initialize RF registers for 5GHZ. */ 4790 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4791 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4792 rt5592_5ghz_def_rf[i].val); 4793 } 4794 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4795 if (chan >= rt5592_chan_5ghz[i].firstchan && 4796 chan <= rt5592_chan_5ghz[i].lastchan) { 4797 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4798 rt5592_chan_5ghz[i].val); 4799 } 4800 } 4801 4802 /* 4803 * RF R49/R50 Tx power ALC code. 4804 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4805 */ 4806 reg = 3; 4807 txpow_bound = 0x2b; 4808 } 4809 4810 /* RF R49 ch0 Tx power ALC code. */ 4811 run_rt3070_rf_read(sc, 49, &rf); 4812 rf &= ~0xc0; 4813 rf |= (reg << 6); 4814 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4815 if ((rf & 0x3f) > txpow_bound) 4816 rf = (rf & ~0x3f) | txpow_bound; 4817 run_rt3070_rf_write(sc, 49, rf); 4818 4819 /* RF R50 ch1 Tx power ALC code. */ 4820 run_rt3070_rf_read(sc, 50, &rf); 4821 rf &= ~(1 << 7 | 1 << 6); 4822 rf |= (reg << 6); 4823 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4824 if ((rf & 0x3f) > txpow_bound) 4825 rf = (rf & ~0x3f) | txpow_bound; 4826 run_rt3070_rf_write(sc, 50, rf); 4827 4828 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4829 run_rt3070_rf_read(sc, 1, &rf); 4830 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4831 if (sc->ntxchains > 1) 4832 rf |= RT3070_TX1_PD; 4833 if (sc->nrxchains > 1) 4834 rf |= RT3070_RX1_PD; 4835 run_rt3070_rf_write(sc, 1, rf); 4836 4837 run_rt3070_rf_write(sc, 6, 0xe4); 4838 4839 run_rt3070_rf_write(sc, 30, 0x10); 4840 run_rt3070_rf_write(sc, 31, 0x80); 4841 run_rt3070_rf_write(sc, 32, 0x80); 4842 4843 run_adjust_freq_offset(sc); 4844 4845 /* Enable VCO calibration. */ 4846 run_rt3070_rf_read(sc, 3, &rf); 4847 rf |= RT5390_VCOCAL; 4848 run_rt3070_rf_write(sc, 3, rf); 4849 } 4850 4851 static void 4852 run_set_rx_antenna(struct run_softc *sc, int aux) 4853 { 4854 uint32_t tmp; 4855 uint8_t bbp152; 4856 4857 if (aux) { 4858 if (sc->rf_rev == RT5390_RF_5370) { 4859 run_bbp_read(sc, 152, &bbp152); 4860 run_bbp_write(sc, 152, bbp152 & ~0x80); 4861 } else { 4862 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4863 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4864 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4865 } 4866 } else { 4867 if (sc->rf_rev == RT5390_RF_5370) { 4868 run_bbp_read(sc, 152, &bbp152); 4869 run_bbp_write(sc, 152, bbp152 | 0x80); 4870 } else { 4871 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4872 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4873 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4874 } 4875 } 4876 } 4877 4878 static int 4879 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4880 { 4881 struct ieee80211com *ic = &sc->sc_ic; 4882 u_int chan, group; 4883 4884 chan = ieee80211_chan2ieee(ic, c); 4885 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4886 return (EINVAL); 4887 4888 if (sc->mac_ver == 0x5592) 4889 run_rt5592_set_chan(sc, chan); 4890 else if (sc->mac_ver >= 0x5390) 4891 run_rt5390_set_chan(sc, chan); 4892 else if (sc->mac_ver == 0x3593) 4893 run_rt3593_set_chan(sc, chan); 4894 else if (sc->mac_ver == 0x3572) 4895 run_rt3572_set_chan(sc, chan); 4896 else if (sc->mac_ver >= 0x3070) 4897 run_rt3070_set_chan(sc, chan); 4898 else 4899 run_rt2870_set_chan(sc, chan); 4900 4901 /* determine channel group */ 4902 if (chan <= 14) 4903 group = 0; 4904 else if (chan <= 64) 4905 group = 1; 4906 else if (chan <= 128) 4907 group = 2; 4908 else 4909 group = 3; 4910 4911 /* XXX necessary only when group has changed! */ 4912 run_select_chan_group(sc, group); 4913 4914 run_delay(sc, 10); 4915 4916 /* Perform IQ calibration. */ 4917 if (sc->mac_ver >= 0x5392) 4918 run_iq_calib(sc, chan); 4919 4920 return (0); 4921 } 4922 4923 static void 4924 run_set_channel(struct ieee80211com *ic) 4925 { 4926 struct run_softc *sc = ic->ic_softc; 4927 4928 RUN_LOCK(sc); 4929 run_set_chan(sc, ic->ic_curchan); 4930 RUN_UNLOCK(sc); 4931 4932 return; 4933 } 4934 4935 static void 4936 run_getradiocaps(struct ieee80211com *ic, 4937 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4938 { 4939 struct run_softc *sc = ic->ic_softc; 4940 uint8_t bands[IEEE80211_MODE_BYTES]; 4941 4942 memset(bands, 0, sizeof(bands)); 4943 setbit(bands, IEEE80211_MODE_11B); 4944 setbit(bands, IEEE80211_MODE_11G); 4945 if (sc->rf_rev != RT3070_RF_2020) 4946 setbit(bands, IEEE80211_MODE_11NG); 4947 4948 /* Note: for now, only support HT20 channels */ 4949 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4950 4951 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4952 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4953 sc->rf_rev == RT5592_RF_5592) { 4954 setbit(bands, IEEE80211_MODE_11A); 4955 if (sc->rf_rev != RT3070_RF_2020) 4956 setbit(bands, IEEE80211_MODE_11NA); 4957 /* Note: for now, only support HT20 channels */ 4958 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4959 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4960 } 4961 } 4962 4963 static void 4964 run_scan_start(struct ieee80211com *ic) 4965 { 4966 struct run_softc *sc = ic->ic_softc; 4967 4968 RUN_LOCK(sc); 4969 4970 /* abort TSF synchronization */ 4971 run_disable_tsf(sc); 4972 run_set_bssid(sc, ieee80211broadcastaddr); 4973 4974 RUN_UNLOCK(sc); 4975 4976 return; 4977 } 4978 4979 static void 4980 run_scan_end(struct ieee80211com *ic) 4981 { 4982 struct run_softc *sc = ic->ic_softc; 4983 4984 RUN_LOCK(sc); 4985 4986 run_enable_tsf_sync(sc); 4987 run_set_bssid(sc, sc->sc_bssid); 4988 4989 RUN_UNLOCK(sc); 4990 4991 return; 4992 } 4993 4994 /* 4995 * Could be called from ieee80211_node_timeout() 4996 * (non-sleepable thread) 4997 */ 4998 static void 4999 run_update_beacon(struct ieee80211vap *vap, int item) 5000 { 5001 struct ieee80211com *ic = vap->iv_ic; 5002 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 5003 struct ieee80211_node *ni = vap->iv_bss; 5004 struct run_softc *sc = ic->ic_softc; 5005 struct run_vap *rvp = RUN_VAP(vap); 5006 int mcast = 0; 5007 uint32_t i; 5008 5009 switch (item) { 5010 case IEEE80211_BEACON_ERP: 5011 run_updateslot(ic); 5012 break; 5013 case IEEE80211_BEACON_HTINFO: 5014 run_updateprot(ic); 5015 break; 5016 case IEEE80211_BEACON_TIM: 5017 mcast = 1; /*TODO*/ 5018 break; 5019 default: 5020 break; 5021 } 5022 5023 setbit(bo->bo_flags, item); 5024 if (rvp->beacon_mbuf == NULL) { 5025 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5026 if (rvp->beacon_mbuf == NULL) 5027 return; 5028 } 5029 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 5030 5031 i = RUN_CMDQ_GET(&sc->cmdq_store); 5032 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5033 sc->cmdq[i].func = run_update_beacon_cb; 5034 sc->cmdq[i].arg0 = vap; 5035 ieee80211_runtask(ic, &sc->cmdq_task); 5036 5037 return; 5038 } 5039 5040 static void 5041 run_update_beacon_cb(void *arg) 5042 { 5043 struct ieee80211vap *vap = arg; 5044 struct ieee80211_node *ni = vap->iv_bss; 5045 struct run_vap *rvp = RUN_VAP(vap); 5046 struct ieee80211com *ic = vap->iv_ic; 5047 struct run_softc *sc = ic->ic_softc; 5048 struct rt2860_txwi txwi; 5049 struct mbuf *m; 5050 uint16_t txwisize; 5051 uint8_t ridx; 5052 5053 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 5054 return; 5055 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 5056 return; 5057 5058 /* 5059 * No need to call ieee80211_beacon_update(), run_update_beacon() 5060 * is taking care of appropriate calls. 5061 */ 5062 if (rvp->beacon_mbuf == NULL) { 5063 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5064 if (rvp->beacon_mbuf == NULL) 5065 return; 5066 } 5067 m = rvp->beacon_mbuf; 5068 5069 memset(&txwi, 0, sizeof(txwi)); 5070 txwi.wcid = 0xff; 5071 txwi.len = htole16(m->m_pkthdr.len); 5072 5073 /* send beacons at the lowest available rate */ 5074 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 5075 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 5076 txwi.phy = htole16(rt2860_rates[ridx].mcs); 5077 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 5078 txwi.phy |= htole16(RT2860_PHY_OFDM); 5079 txwi.txop = RT2860_TX_TXOP_HT; 5080 txwi.flags = RT2860_TX_TS; 5081 txwi.xflags = RT2860_TX_NSEQ; 5082 5083 txwisize = (sc->mac_ver == 0x5592) ? 5084 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 5085 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 5086 txwisize); 5087 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 5088 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5089 } 5090 5091 static void 5092 run_updateprot(struct ieee80211com *ic) 5093 { 5094 struct run_softc *sc = ic->ic_softc; 5095 uint32_t i; 5096 5097 i = RUN_CMDQ_GET(&sc->cmdq_store); 5098 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5099 sc->cmdq[i].func = run_updateprot_cb; 5100 sc->cmdq[i].arg0 = ic; 5101 ieee80211_runtask(ic, &sc->cmdq_task); 5102 } 5103 5104 static void 5105 run_updateprot_cb(void *arg) 5106 { 5107 struct ieee80211com *ic = arg; 5108 struct run_softc *sc = ic->ic_softc; 5109 uint32_t tmp; 5110 5111 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5112 /* setup protection frame rate (MCS code) */ 5113 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5114 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5115 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5116 5117 /* CCK frames don't require protection */ 5118 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5119 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5120 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5121 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5122 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5123 tmp |= RT2860_PROT_CTRL_CTS; 5124 } 5125 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5126 } 5127 5128 static void 5129 run_usb_timeout_cb(void *arg) 5130 { 5131 struct ieee80211vap *vap = arg; 5132 struct run_softc *sc = vap->iv_ic->ic_softc; 5133 5134 RUN_LOCK_ASSERT(sc, MA_OWNED); 5135 5136 if(vap->iv_state == IEEE80211_S_RUN && 5137 vap->iv_opmode != IEEE80211_M_STA) 5138 run_reset_livelock(sc); 5139 else if (vap->iv_state == IEEE80211_S_SCAN) { 5140 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5141 "timeout caused by scan\n"); 5142 /* cancel bgscan */ 5143 ieee80211_cancel_scan(vap); 5144 } else 5145 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5146 "timeout by unknown cause\n"); 5147 } 5148 5149 static void 5150 run_reset_livelock(struct run_softc *sc) 5151 { 5152 uint32_t tmp; 5153 5154 RUN_LOCK_ASSERT(sc, MA_OWNED); 5155 5156 /* 5157 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5158 * can run into a livelock and start sending CTS-to-self frames like 5159 * crazy if protection is enabled. Reset MAC/BBP for a while 5160 */ 5161 run_read(sc, RT2860_DEBUG, &tmp); 5162 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5163 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5164 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5165 "CTS-to-self livelock detected\n"); 5166 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5167 run_delay(sc, 1); 5168 run_write(sc, RT2860_MAC_SYS_CTRL, 5169 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5170 } 5171 } 5172 5173 static void 5174 run_update_promisc_locked(struct run_softc *sc) 5175 { 5176 uint32_t tmp; 5177 5178 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5179 5180 tmp |= RT2860_DROP_UC_NOME; 5181 if (sc->sc_ic.ic_promisc > 0) 5182 tmp &= ~RT2860_DROP_UC_NOME; 5183 5184 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5185 5186 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5187 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5188 } 5189 5190 static void 5191 run_update_promisc(struct ieee80211com *ic) 5192 { 5193 struct run_softc *sc = ic->ic_softc; 5194 5195 if ((sc->sc_flags & RUN_RUNNING) == 0) 5196 return; 5197 5198 RUN_LOCK(sc); 5199 run_update_promisc_locked(sc); 5200 RUN_UNLOCK(sc); 5201 } 5202 5203 static void 5204 run_enable_tsf_sync(struct run_softc *sc) 5205 { 5206 struct ieee80211com *ic = &sc->sc_ic; 5207 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5208 uint32_t tmp; 5209 5210 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5211 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5212 5213 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5214 tmp &= ~0x1fffff; 5215 tmp |= vap->iv_bss->ni_intval * 16; 5216 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5217 5218 if (ic->ic_opmode == IEEE80211_M_STA) { 5219 /* 5220 * Local TSF is always updated with remote TSF on beacon 5221 * reception. 5222 */ 5223 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5224 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5225 tmp |= RT2860_BCN_TX_EN; 5226 /* 5227 * Local TSF is updated with remote TSF on beacon reception 5228 * only if the remote TSF is greater than local TSF. 5229 */ 5230 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5231 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5232 ic->ic_opmode == IEEE80211_M_MBSS) { 5233 tmp |= RT2860_BCN_TX_EN; 5234 /* SYNC with nobody */ 5235 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5236 } else { 5237 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5238 "Enabling TSF failed. undefined opmode\n"); 5239 return; 5240 } 5241 5242 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5243 } 5244 5245 static void 5246 run_enable_tsf(struct run_softc *sc) 5247 { 5248 uint32_t tmp; 5249 5250 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5251 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5252 tmp |= RT2860_TSF_TIMER_EN; 5253 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5254 } 5255 } 5256 5257 static void 5258 run_disable_tsf(struct run_softc *sc) 5259 { 5260 uint32_t tmp; 5261 5262 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5263 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5264 RT2860_TBTT_TIMER_EN); 5265 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5266 } 5267 } 5268 5269 static void 5270 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5271 { 5272 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5273 sizeof(*buf)); 5274 } 5275 5276 static void 5277 run_enable_mrr(struct run_softc *sc) 5278 { 5279 #define CCK(mcs) (mcs) 5280 #define OFDM(mcs) (1 << 3 | (mcs)) 5281 run_write(sc, RT2860_LG_FBK_CFG0, 5282 OFDM(6) << 28 | /* 54->48 */ 5283 OFDM(5) << 24 | /* 48->36 */ 5284 OFDM(4) << 20 | /* 36->24 */ 5285 OFDM(3) << 16 | /* 24->18 */ 5286 OFDM(2) << 12 | /* 18->12 */ 5287 OFDM(1) << 8 | /* 12-> 9 */ 5288 OFDM(0) << 4 | /* 9-> 6 */ 5289 OFDM(0)); /* 6-> 6 */ 5290 5291 run_write(sc, RT2860_LG_FBK_CFG1, 5292 CCK(2) << 12 | /* 11->5.5 */ 5293 CCK(1) << 8 | /* 5.5-> 2 */ 5294 CCK(0) << 4 | /* 2-> 1 */ 5295 CCK(0)); /* 1-> 1 */ 5296 #undef OFDM 5297 #undef CCK 5298 } 5299 5300 static void 5301 run_set_txpreamble(struct run_softc *sc) 5302 { 5303 struct ieee80211com *ic = &sc->sc_ic; 5304 uint32_t tmp; 5305 5306 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5307 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5308 tmp |= RT2860_CCK_SHORT_EN; 5309 else 5310 tmp &= ~RT2860_CCK_SHORT_EN; 5311 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5312 } 5313 5314 static void 5315 run_set_basicrates(struct run_softc *sc) 5316 { 5317 struct ieee80211com *ic = &sc->sc_ic; 5318 5319 /* set basic rates mask */ 5320 if (ic->ic_curmode == IEEE80211_MODE_11B) 5321 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5322 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5323 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5324 else /* 11g */ 5325 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5326 } 5327 5328 static void 5329 run_set_leds(struct run_softc *sc, uint16_t which) 5330 { 5331 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5332 which | (sc->leds & 0x7f)); 5333 } 5334 5335 static void 5336 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5337 { 5338 run_write(sc, RT2860_MAC_BSSID_DW0, 5339 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5340 run_write(sc, RT2860_MAC_BSSID_DW1, 5341 bssid[4] | bssid[5] << 8); 5342 } 5343 5344 static void 5345 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5346 { 5347 run_write(sc, RT2860_MAC_ADDR_DW0, 5348 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5349 run_write(sc, RT2860_MAC_ADDR_DW1, 5350 addr[4] | addr[5] << 8 | 0xff << 16); 5351 } 5352 5353 static void 5354 run_updateslot(struct ieee80211com *ic) 5355 { 5356 struct run_softc *sc = ic->ic_softc; 5357 uint32_t i; 5358 5359 i = RUN_CMDQ_GET(&sc->cmdq_store); 5360 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5361 sc->cmdq[i].func = run_updateslot_cb; 5362 sc->cmdq[i].arg0 = ic; 5363 ieee80211_runtask(ic, &sc->cmdq_task); 5364 5365 return; 5366 } 5367 5368 /* ARGSUSED */ 5369 static void 5370 run_updateslot_cb(void *arg) 5371 { 5372 struct ieee80211com *ic = arg; 5373 struct run_softc *sc = ic->ic_softc; 5374 uint32_t tmp; 5375 5376 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5377 tmp &= ~0xff; 5378 tmp |= IEEE80211_GET_SLOTTIME(ic); 5379 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5380 } 5381 5382 static void 5383 run_update_mcast(struct ieee80211com *ic) 5384 { 5385 } 5386 5387 static int8_t 5388 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5389 { 5390 struct ieee80211com *ic = &sc->sc_ic; 5391 struct ieee80211_channel *c = ic->ic_curchan; 5392 int delta; 5393 5394 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5395 u_int chan = ieee80211_chan2ieee(ic, c); 5396 delta = sc->rssi_5ghz[rxchain]; 5397 5398 /* determine channel group */ 5399 if (chan <= 64) 5400 delta -= sc->lna[1]; 5401 else if (chan <= 128) 5402 delta -= sc->lna[2]; 5403 else 5404 delta -= sc->lna[3]; 5405 } else 5406 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5407 5408 return (-12 - delta - rssi); 5409 } 5410 5411 static void 5412 run_rt5390_bbp_init(struct run_softc *sc) 5413 { 5414 u_int i; 5415 uint8_t bbp; 5416 5417 /* Apply maximum likelihood detection for 2 stream case. */ 5418 run_bbp_read(sc, 105, &bbp); 5419 if (sc->nrxchains > 1) 5420 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5421 5422 /* Avoid data lost and CRC error. */ 5423 run_bbp_read(sc, 4, &bbp); 5424 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5425 5426 if (sc->mac_ver == 0x5592) { 5427 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5428 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5429 rt5592_def_bbp[i].val); 5430 } 5431 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5432 run_bbp_write(sc, 195, i + 0x80); 5433 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5434 } 5435 } else { 5436 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5437 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5438 rt5390_def_bbp[i].val); 5439 } 5440 } 5441 if (sc->mac_ver == 0x5392) { 5442 run_bbp_write(sc, 88, 0x90); 5443 run_bbp_write(sc, 95, 0x9a); 5444 run_bbp_write(sc, 98, 0x12); 5445 run_bbp_write(sc, 106, 0x12); 5446 run_bbp_write(sc, 134, 0xd0); 5447 run_bbp_write(sc, 135, 0xf6); 5448 run_bbp_write(sc, 148, 0x84); 5449 } 5450 5451 run_bbp_read(sc, 152, &bbp); 5452 run_bbp_write(sc, 152, bbp | 0x80); 5453 5454 /* Fix BBP254 for RT5592C. */ 5455 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5456 run_bbp_read(sc, 254, &bbp); 5457 run_bbp_write(sc, 254, bbp | 0x80); 5458 } 5459 5460 /* Disable hardware antenna diversity. */ 5461 if (sc->mac_ver == 0x5390) 5462 run_bbp_write(sc, 154, 0); 5463 5464 /* Initialize Rx CCK/OFDM frequency offset report. */ 5465 run_bbp_write(sc, 142, 1); 5466 run_bbp_write(sc, 143, 57); 5467 } 5468 5469 static int 5470 run_bbp_init(struct run_softc *sc) 5471 { 5472 int i, error, ntries; 5473 uint8_t bbp0; 5474 5475 /* wait for BBP to wake up */ 5476 for (ntries = 0; ntries < 20; ntries++) { 5477 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5478 return error; 5479 if (bbp0 != 0 && bbp0 != 0xff) 5480 break; 5481 } 5482 if (ntries == 20) 5483 return (ETIMEDOUT); 5484 5485 /* initialize BBP registers to default values */ 5486 if (sc->mac_ver >= 0x5390) 5487 run_rt5390_bbp_init(sc); 5488 else { 5489 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5490 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5491 rt2860_def_bbp[i].val); 5492 } 5493 } 5494 5495 if (sc->mac_ver == 0x3593) { 5496 run_bbp_write(sc, 79, 0x13); 5497 run_bbp_write(sc, 80, 0x05); 5498 run_bbp_write(sc, 81, 0x33); 5499 run_bbp_write(sc, 86, 0x46); 5500 run_bbp_write(sc, 137, 0x0f); 5501 } 5502 5503 /* fix BBP84 for RT2860E */ 5504 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5505 run_bbp_write(sc, 84, 0x19); 5506 5507 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5508 sc->mac_ver != 0x5592)) { 5509 run_bbp_write(sc, 79, 0x13); 5510 run_bbp_write(sc, 80, 0x05); 5511 run_bbp_write(sc, 81, 0x33); 5512 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5513 run_bbp_write(sc, 69, 0x16); 5514 run_bbp_write(sc, 73, 0x12); 5515 } 5516 return (0); 5517 } 5518 5519 static int 5520 run_rt3070_rf_init(struct run_softc *sc) 5521 { 5522 uint32_t tmp; 5523 uint8_t bbp4, mingain, rf, target; 5524 u_int i; 5525 5526 run_rt3070_rf_read(sc, 30, &rf); 5527 /* toggle RF R30 bit 7 */ 5528 run_rt3070_rf_write(sc, 30, rf | 0x80); 5529 run_delay(sc, 10); 5530 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5531 5532 /* initialize RF registers to default value */ 5533 if (sc->mac_ver == 0x3572) { 5534 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5535 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5536 rt3572_def_rf[i].val); 5537 } 5538 } else { 5539 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5540 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5541 rt3070_def_rf[i].val); 5542 } 5543 } 5544 5545 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5546 /* 5547 * Change voltage from 1.2V to 1.35V for RT3070. 5548 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5549 * in RT3070(F). 5550 */ 5551 run_read(sc, RT3070_LDO_CFG0, &tmp); 5552 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5553 run_write(sc, RT3070_LDO_CFG0, tmp); 5554 5555 } else if (sc->mac_ver == 0x3071) { 5556 run_rt3070_rf_read(sc, 6, &rf); 5557 run_rt3070_rf_write(sc, 6, rf | 0x40); 5558 run_rt3070_rf_write(sc, 31, 0x14); 5559 5560 run_read(sc, RT3070_LDO_CFG0, &tmp); 5561 tmp &= ~0x1f000000; 5562 if (sc->mac_rev < 0x0211) 5563 tmp |= 0x0d000000; /* 1.3V */ 5564 else 5565 tmp |= 0x01000000; /* 1.2V */ 5566 run_write(sc, RT3070_LDO_CFG0, tmp); 5567 5568 /* patch LNA_PE_G1 */ 5569 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5570 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5571 5572 } else if (sc->mac_ver == 0x3572) { 5573 run_rt3070_rf_read(sc, 6, &rf); 5574 run_rt3070_rf_write(sc, 6, rf | 0x40); 5575 5576 /* increase voltage from 1.2V to 1.35V */ 5577 run_read(sc, RT3070_LDO_CFG0, &tmp); 5578 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5579 run_write(sc, RT3070_LDO_CFG0, tmp); 5580 5581 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5582 run_delay(sc, 1); /* wait for 1msec */ 5583 /* decrease voltage back to 1.2V */ 5584 tmp = (tmp & ~0x1f000000) | 0x01000000; 5585 run_write(sc, RT3070_LDO_CFG0, tmp); 5586 } 5587 } 5588 5589 /* select 20MHz bandwidth */ 5590 run_rt3070_rf_read(sc, 31, &rf); 5591 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5592 5593 /* calibrate filter for 20MHz bandwidth */ 5594 sc->rf24_20mhz = 0x1f; /* default value */ 5595 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5596 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5597 5598 /* select 40MHz bandwidth */ 5599 run_bbp_read(sc, 4, &bbp4); 5600 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5601 run_rt3070_rf_read(sc, 31, &rf); 5602 run_rt3070_rf_write(sc, 31, rf | 0x20); 5603 5604 /* calibrate filter for 40MHz bandwidth */ 5605 sc->rf24_40mhz = 0x2f; /* default value */ 5606 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5607 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5608 5609 /* go back to 20MHz bandwidth */ 5610 run_bbp_read(sc, 4, &bbp4); 5611 run_bbp_write(sc, 4, bbp4 & ~0x18); 5612 5613 if (sc->mac_ver == 0x3572) { 5614 /* save default BBP registers 25 and 26 values */ 5615 run_bbp_read(sc, 25, &sc->bbp25); 5616 run_bbp_read(sc, 26, &sc->bbp26); 5617 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5618 run_rt3070_rf_write(sc, 27, 0x03); 5619 5620 run_read(sc, RT3070_OPT_14, &tmp); 5621 run_write(sc, RT3070_OPT_14, tmp | 1); 5622 5623 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5624 run_rt3070_rf_read(sc, 17, &rf); 5625 rf &= ~RT3070_TX_LO1; 5626 if ((sc->mac_ver == 0x3070 || 5627 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5628 !sc->ext_2ghz_lna) 5629 rf |= 0x20; /* fix for long range Rx issue */ 5630 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5631 if (sc->txmixgain_2ghz >= mingain) 5632 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5633 run_rt3070_rf_write(sc, 17, rf); 5634 } 5635 5636 if (sc->mac_ver == 0x3071) { 5637 run_rt3070_rf_read(sc, 1, &rf); 5638 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5639 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5640 run_rt3070_rf_write(sc, 1, rf); 5641 5642 run_rt3070_rf_read(sc, 15, &rf); 5643 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5644 5645 run_rt3070_rf_read(sc, 20, &rf); 5646 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5647 5648 run_rt3070_rf_read(sc, 21, &rf); 5649 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5650 } 5651 5652 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5653 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5654 run_rt3070_rf_read(sc, 27, &rf); 5655 rf &= ~0x77; 5656 if (sc->mac_rev < 0x0211) 5657 rf |= 0x03; 5658 run_rt3070_rf_write(sc, 27, rf); 5659 } 5660 return (0); 5661 } 5662 5663 static void 5664 run_rt3593_rf_init(struct run_softc *sc) 5665 { 5666 uint32_t tmp; 5667 uint8_t rf; 5668 u_int i; 5669 5670 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5671 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5672 tmp &= ~(1 << 4 | 1 << 7); 5673 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5674 5675 /* Initialize RF registers to default value. */ 5676 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5677 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5678 rt3593_def_rf[i].val); 5679 } 5680 5681 /* Toggle RF R2 to initiate calibration. */ 5682 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5683 5684 /* Initialize RF frequency offset. */ 5685 run_adjust_freq_offset(sc); 5686 5687 run_rt3070_rf_read(sc, 18, &rf); 5688 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5689 5690 /* 5691 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5692 * decrease voltage back to 1.2V. 5693 */ 5694 run_read(sc, RT3070_LDO_CFG0, &tmp); 5695 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5696 run_write(sc, RT3070_LDO_CFG0, tmp); 5697 run_delay(sc, 1); 5698 tmp = (tmp & ~0x1f000000) | 0x01000000; 5699 run_write(sc, RT3070_LDO_CFG0, tmp); 5700 5701 sc->rf24_20mhz = 0x1f; 5702 sc->rf24_40mhz = 0x2f; 5703 5704 /* Save default BBP registers 25 and 26 values. */ 5705 run_bbp_read(sc, 25, &sc->bbp25); 5706 run_bbp_read(sc, 26, &sc->bbp26); 5707 5708 run_read(sc, RT3070_OPT_14, &tmp); 5709 run_write(sc, RT3070_OPT_14, tmp | 1); 5710 } 5711 5712 static void 5713 run_rt5390_rf_init(struct run_softc *sc) 5714 { 5715 uint32_t tmp; 5716 uint8_t rf; 5717 u_int i; 5718 5719 /* Toggle RF R2 to initiate calibration. */ 5720 if (sc->mac_ver == 0x5390) { 5721 run_rt3070_rf_read(sc, 2, &rf); 5722 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5723 run_delay(sc, 10); 5724 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5725 } else { 5726 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5727 run_delay(sc, 10); 5728 } 5729 5730 /* Initialize RF registers to default value. */ 5731 if (sc->mac_ver == 0x5592) { 5732 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5733 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5734 rt5592_def_rf[i].val); 5735 } 5736 /* Initialize RF frequency offset. */ 5737 run_adjust_freq_offset(sc); 5738 } else if (sc->mac_ver == 0x5392) { 5739 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5740 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5741 rt5392_def_rf[i].val); 5742 } 5743 if (sc->mac_rev >= 0x0223) { 5744 run_rt3070_rf_write(sc, 23, 0x0f); 5745 run_rt3070_rf_write(sc, 24, 0x3e); 5746 run_rt3070_rf_write(sc, 51, 0x32); 5747 run_rt3070_rf_write(sc, 53, 0x22); 5748 run_rt3070_rf_write(sc, 56, 0xc1); 5749 run_rt3070_rf_write(sc, 59, 0x0f); 5750 } 5751 } else { 5752 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5753 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5754 rt5390_def_rf[i].val); 5755 } 5756 if (sc->mac_rev >= 0x0502) { 5757 run_rt3070_rf_write(sc, 6, 0xe0); 5758 run_rt3070_rf_write(sc, 25, 0x80); 5759 run_rt3070_rf_write(sc, 46, 0x73); 5760 run_rt3070_rf_write(sc, 53, 0x00); 5761 run_rt3070_rf_write(sc, 56, 0x42); 5762 run_rt3070_rf_write(sc, 61, 0xd1); 5763 } 5764 } 5765 5766 sc->rf24_20mhz = 0x1f; /* default value */ 5767 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5768 5769 if (sc->mac_rev < 0x0211) 5770 run_rt3070_rf_write(sc, 27, 0x3); 5771 5772 run_read(sc, RT3070_OPT_14, &tmp); 5773 run_write(sc, RT3070_OPT_14, tmp | 1); 5774 } 5775 5776 static int 5777 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5778 uint8_t *val) 5779 { 5780 uint8_t rf22, rf24; 5781 uint8_t bbp55_pb, bbp55_sb, delta; 5782 int ntries; 5783 5784 /* program filter */ 5785 run_rt3070_rf_read(sc, 24, &rf24); 5786 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5787 run_rt3070_rf_write(sc, 24, rf24); 5788 5789 /* enable baseband loopback mode */ 5790 run_rt3070_rf_read(sc, 22, &rf22); 5791 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5792 5793 /* set power and frequency of passband test tone */ 5794 run_bbp_write(sc, 24, 0x00); 5795 for (ntries = 0; ntries < 100; ntries++) { 5796 /* transmit test tone */ 5797 run_bbp_write(sc, 25, 0x90); 5798 run_delay(sc, 10); 5799 /* read received power */ 5800 run_bbp_read(sc, 55, &bbp55_pb); 5801 if (bbp55_pb != 0) 5802 break; 5803 } 5804 if (ntries == 100) 5805 return (ETIMEDOUT); 5806 5807 /* set power and frequency of stopband test tone */ 5808 run_bbp_write(sc, 24, 0x06); 5809 for (ntries = 0; ntries < 100; ntries++) { 5810 /* transmit test tone */ 5811 run_bbp_write(sc, 25, 0x90); 5812 run_delay(sc, 10); 5813 /* read received power */ 5814 run_bbp_read(sc, 55, &bbp55_sb); 5815 5816 delta = bbp55_pb - bbp55_sb; 5817 if (delta > target) 5818 break; 5819 5820 /* reprogram filter */ 5821 rf24++; 5822 run_rt3070_rf_write(sc, 24, rf24); 5823 } 5824 if (ntries < 100) { 5825 if (rf24 != init) 5826 rf24--; /* backtrack */ 5827 *val = rf24; 5828 run_rt3070_rf_write(sc, 24, rf24); 5829 } 5830 5831 /* restore initial state */ 5832 run_bbp_write(sc, 24, 0x00); 5833 5834 /* disable baseband loopback mode */ 5835 run_rt3070_rf_read(sc, 22, &rf22); 5836 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5837 5838 return (0); 5839 } 5840 5841 static void 5842 run_rt3070_rf_setup(struct run_softc *sc) 5843 { 5844 uint8_t bbp, rf; 5845 int i; 5846 5847 if (sc->mac_ver == 0x3572) { 5848 /* enable DC filter */ 5849 if (sc->mac_rev >= 0x0201) 5850 run_bbp_write(sc, 103, 0xc0); 5851 5852 run_bbp_read(sc, 138, &bbp); 5853 if (sc->ntxchains == 1) 5854 bbp |= 0x20; /* turn off DAC1 */ 5855 if (sc->nrxchains == 1) 5856 bbp &= ~0x02; /* turn off ADC1 */ 5857 run_bbp_write(sc, 138, bbp); 5858 5859 if (sc->mac_rev >= 0x0211) { 5860 /* improve power consumption */ 5861 run_bbp_read(sc, 31, &bbp); 5862 run_bbp_write(sc, 31, bbp & ~0x03); 5863 } 5864 5865 run_rt3070_rf_read(sc, 16, &rf); 5866 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5867 run_rt3070_rf_write(sc, 16, rf); 5868 5869 } else if (sc->mac_ver == 0x3071) { 5870 if (sc->mac_rev >= 0x0211) { 5871 /* enable DC filter */ 5872 run_bbp_write(sc, 103, 0xc0); 5873 5874 /* improve power consumption */ 5875 run_bbp_read(sc, 31, &bbp); 5876 run_bbp_write(sc, 31, bbp & ~0x03); 5877 } 5878 5879 run_bbp_read(sc, 138, &bbp); 5880 if (sc->ntxchains == 1) 5881 bbp |= 0x20; /* turn off DAC1 */ 5882 if (sc->nrxchains == 1) 5883 bbp &= ~0x02; /* turn off ADC1 */ 5884 run_bbp_write(sc, 138, bbp); 5885 5886 run_write(sc, RT2860_TX_SW_CFG1, 0); 5887 if (sc->mac_rev < 0x0211) { 5888 run_write(sc, RT2860_TX_SW_CFG2, 5889 sc->patch_dac ? 0x2c : 0x0f); 5890 } else 5891 run_write(sc, RT2860_TX_SW_CFG2, 0); 5892 5893 } else if (sc->mac_ver == 0x3070) { 5894 if (sc->mac_rev >= 0x0201) { 5895 /* enable DC filter */ 5896 run_bbp_write(sc, 103, 0xc0); 5897 5898 /* improve power consumption */ 5899 run_bbp_read(sc, 31, &bbp); 5900 run_bbp_write(sc, 31, bbp & ~0x03); 5901 } 5902 5903 if (sc->mac_rev < 0x0201) { 5904 run_write(sc, RT2860_TX_SW_CFG1, 0); 5905 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5906 } else 5907 run_write(sc, RT2860_TX_SW_CFG2, 0); 5908 } 5909 5910 /* initialize RF registers from ROM for >=RT3071*/ 5911 if (sc->mac_ver >= 0x3071) { 5912 for (i = 0; i < 10; i++) { 5913 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5914 continue; 5915 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5916 } 5917 } 5918 } 5919 5920 static void 5921 run_rt3593_rf_setup(struct run_softc *sc) 5922 { 5923 uint8_t bbp, rf; 5924 5925 if (sc->mac_rev >= 0x0211) { 5926 /* Enable DC filter. */ 5927 run_bbp_write(sc, 103, 0xc0); 5928 } 5929 run_write(sc, RT2860_TX_SW_CFG1, 0); 5930 if (sc->mac_rev < 0x0211) { 5931 run_write(sc, RT2860_TX_SW_CFG2, 5932 sc->patch_dac ? 0x2c : 0x0f); 5933 } else 5934 run_write(sc, RT2860_TX_SW_CFG2, 0); 5935 5936 run_rt3070_rf_read(sc, 50, &rf); 5937 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5938 5939 run_rt3070_rf_read(sc, 51, &rf); 5940 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5941 ((sc->txmixgain_2ghz & 0x07) << 2); 5942 run_rt3070_rf_write(sc, 51, rf); 5943 5944 run_rt3070_rf_read(sc, 38, &rf); 5945 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5946 5947 run_rt3070_rf_read(sc, 39, &rf); 5948 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5949 5950 run_rt3070_rf_read(sc, 1, &rf); 5951 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5952 5953 run_rt3070_rf_read(sc, 30, &rf); 5954 rf = (rf & ~0x18) | 0x10; 5955 run_rt3070_rf_write(sc, 30, rf); 5956 5957 /* Apply maximum likelihood detection for 2 stream case. */ 5958 run_bbp_read(sc, 105, &bbp); 5959 if (sc->nrxchains > 1) 5960 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5961 5962 /* Avoid data lost and CRC error. */ 5963 run_bbp_read(sc, 4, &bbp); 5964 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5965 5966 run_bbp_write(sc, 92, 0x02); 5967 run_bbp_write(sc, 82, 0x82); 5968 run_bbp_write(sc, 106, 0x05); 5969 run_bbp_write(sc, 104, 0x92); 5970 run_bbp_write(sc, 88, 0x90); 5971 run_bbp_write(sc, 148, 0xc8); 5972 run_bbp_write(sc, 47, 0x48); 5973 run_bbp_write(sc, 120, 0x50); 5974 5975 run_bbp_write(sc, 163, 0x9d); 5976 5977 /* SNR mapping. */ 5978 run_bbp_write(sc, 142, 0x06); 5979 run_bbp_write(sc, 143, 0xa0); 5980 run_bbp_write(sc, 142, 0x07); 5981 run_bbp_write(sc, 143, 0xa1); 5982 run_bbp_write(sc, 142, 0x08); 5983 run_bbp_write(sc, 143, 0xa2); 5984 5985 run_bbp_write(sc, 31, 0x08); 5986 run_bbp_write(sc, 68, 0x0b); 5987 run_bbp_write(sc, 105, 0x04); 5988 } 5989 5990 static void 5991 run_rt5390_rf_setup(struct run_softc *sc) 5992 { 5993 uint8_t bbp, rf; 5994 5995 if (sc->mac_rev >= 0x0211) { 5996 /* Enable DC filter. */ 5997 run_bbp_write(sc, 103, 0xc0); 5998 5999 if (sc->mac_ver != 0x5592) { 6000 /* Improve power consumption. */ 6001 run_bbp_read(sc, 31, &bbp); 6002 run_bbp_write(sc, 31, bbp & ~0x03); 6003 } 6004 } 6005 6006 run_bbp_read(sc, 138, &bbp); 6007 if (sc->ntxchains == 1) 6008 bbp |= 0x20; /* turn off DAC1 */ 6009 if (sc->nrxchains == 1) 6010 bbp &= ~0x02; /* turn off ADC1 */ 6011 run_bbp_write(sc, 138, bbp); 6012 6013 run_rt3070_rf_read(sc, 38, &rf); 6014 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 6015 6016 run_rt3070_rf_read(sc, 39, &rf); 6017 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 6018 6019 /* Avoid data lost and CRC error. */ 6020 run_bbp_read(sc, 4, &bbp); 6021 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 6022 6023 run_rt3070_rf_read(sc, 30, &rf); 6024 rf = (rf & ~0x18) | 0x10; 6025 run_rt3070_rf_write(sc, 30, rf); 6026 6027 if (sc->mac_ver != 0x5592) { 6028 run_write(sc, RT2860_TX_SW_CFG1, 0); 6029 if (sc->mac_rev < 0x0211) { 6030 run_write(sc, RT2860_TX_SW_CFG2, 6031 sc->patch_dac ? 0x2c : 0x0f); 6032 } else 6033 run_write(sc, RT2860_TX_SW_CFG2, 0); 6034 } 6035 } 6036 6037 static int 6038 run_txrx_enable(struct run_softc *sc) 6039 { 6040 struct ieee80211com *ic = &sc->sc_ic; 6041 uint32_t tmp; 6042 int error, ntries; 6043 6044 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 6045 for (ntries = 0; ntries < 200; ntries++) { 6046 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 6047 return (error); 6048 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6049 break; 6050 run_delay(sc, 50); 6051 } 6052 if (ntries == 200) 6053 return (ETIMEDOUT); 6054 6055 run_delay(sc, 50); 6056 6057 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 6058 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6059 6060 /* enable Rx bulk aggregation (set timeout and limit) */ 6061 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 6062 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 6063 run_write(sc, RT2860_USB_DMA_CFG, tmp); 6064 6065 /* set Rx filter */ 6066 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 6067 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 6068 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 6069 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 6070 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 6071 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 6072 if (ic->ic_opmode == IEEE80211_M_STA) 6073 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 6074 } 6075 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 6076 6077 run_write(sc, RT2860_MAC_SYS_CTRL, 6078 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6079 6080 return (0); 6081 } 6082 6083 static void 6084 run_adjust_freq_offset(struct run_softc *sc) 6085 { 6086 uint8_t rf, tmp; 6087 6088 run_rt3070_rf_read(sc, 17, &rf); 6089 tmp = rf; 6090 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 6091 rf = MIN(rf, 0x5f); 6092 6093 if (tmp != rf) 6094 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6095 } 6096 6097 static void 6098 run_init_locked(struct run_softc *sc) 6099 { 6100 struct ieee80211com *ic = &sc->sc_ic; 6101 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6102 uint32_t tmp; 6103 uint8_t bbp1, bbp3; 6104 int i; 6105 int ridx; 6106 int ntries; 6107 6108 if (ic->ic_nrunning > 1) 6109 return; 6110 6111 run_stop(sc); 6112 6113 if (run_load_microcode(sc) != 0) { 6114 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6115 goto fail; 6116 } 6117 6118 for (ntries = 0; ntries < 100; ntries++) { 6119 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6120 goto fail; 6121 if (tmp != 0 && tmp != 0xffffffff) 6122 break; 6123 run_delay(sc, 10); 6124 } 6125 if (ntries == 100) 6126 goto fail; 6127 6128 for (i = 0; i != RUN_EP_QUEUES; i++) 6129 run_setup_tx_list(sc, &sc->sc_epq[i]); 6130 6131 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6132 6133 for (ntries = 0; ntries < 100; ntries++) { 6134 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6135 goto fail; 6136 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6137 break; 6138 run_delay(sc, 10); 6139 } 6140 if (ntries == 100) { 6141 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6142 goto fail; 6143 } 6144 tmp &= 0xff0; 6145 tmp |= RT2860_TX_WB_DDONE; 6146 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6147 6148 /* turn off PME_OEN to solve high-current issue */ 6149 run_read(sc, RT2860_SYS_CTRL, &tmp); 6150 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6151 6152 run_write(sc, RT2860_MAC_SYS_CTRL, 6153 RT2860_BBP_HRST | RT2860_MAC_SRST); 6154 run_write(sc, RT2860_USB_DMA_CFG, 0); 6155 6156 if (run_reset(sc) != 0) { 6157 device_printf(sc->sc_dev, "could not reset chipset\n"); 6158 goto fail; 6159 } 6160 6161 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6162 6163 /* init Tx power for all Tx rates (from EEPROM) */ 6164 for (ridx = 0; ridx < 5; ridx++) { 6165 if (sc->txpow20mhz[ridx] == 0xffffffff) 6166 continue; 6167 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6168 } 6169 6170 for (i = 0; i < nitems(rt2870_def_mac); i++) 6171 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6172 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6173 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6174 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6175 6176 if (sc->mac_ver >= 0x5390) { 6177 run_write(sc, RT2860_TX_SW_CFG0, 6178 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6179 if (sc->mac_ver >= 0x5392) { 6180 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6181 if (sc->mac_ver == 0x5592) { 6182 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6183 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6184 } else { 6185 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6186 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6187 } 6188 } 6189 } else if (sc->mac_ver == 0x3593) { 6190 run_write(sc, RT2860_TX_SW_CFG0, 6191 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6192 } else if (sc->mac_ver >= 0x3070) { 6193 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6194 run_write(sc, RT2860_TX_SW_CFG0, 6195 4 << RT2860_DLY_PAPE_EN_SHIFT); 6196 } 6197 6198 /* wait while MAC is busy */ 6199 for (ntries = 0; ntries < 100; ntries++) { 6200 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6201 goto fail; 6202 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6203 break; 6204 run_delay(sc, 10); 6205 } 6206 if (ntries == 100) 6207 goto fail; 6208 6209 /* clear Host to MCU mailbox */ 6210 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6211 run_write(sc, RT2860_H2M_MAILBOX, 0); 6212 run_delay(sc, 10); 6213 6214 if (run_bbp_init(sc) != 0) { 6215 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6216 goto fail; 6217 } 6218 6219 /* abort TSF synchronization */ 6220 run_disable_tsf(sc); 6221 6222 /* clear RX WCID search table */ 6223 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6224 /* clear WCID attribute table */ 6225 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6226 6227 /* hostapd sets a key before init. So, don't clear it. */ 6228 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6229 /* clear shared key table */ 6230 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6231 /* clear shared key mode */ 6232 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6233 } 6234 6235 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6236 tmp = (tmp & ~0xff) | 0x1e; 6237 run_write(sc, RT2860_US_CYC_CNT, tmp); 6238 6239 if (sc->mac_rev != 0x0101) 6240 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6241 6242 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6243 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6244 6245 /* write vendor-specific BBP values (from EEPROM) */ 6246 if (sc->mac_ver < 0x3593) { 6247 for (i = 0; i < 10; i++) { 6248 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6249 continue; 6250 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6251 } 6252 } 6253 6254 /* select Main antenna for 1T1R devices */ 6255 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6256 run_set_rx_antenna(sc, 0); 6257 6258 /* send LEDs operating mode to microcontroller */ 6259 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6260 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6261 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6262 6263 if (sc->mac_ver >= 0x5390) 6264 run_rt5390_rf_init(sc); 6265 else if (sc->mac_ver == 0x3593) 6266 run_rt3593_rf_init(sc); 6267 else if (sc->mac_ver >= 0x3070) 6268 run_rt3070_rf_init(sc); 6269 6270 /* disable non-existing Rx chains */ 6271 run_bbp_read(sc, 3, &bbp3); 6272 bbp3 &= ~(1 << 3 | 1 << 4); 6273 if (sc->nrxchains == 2) 6274 bbp3 |= 1 << 3; 6275 else if (sc->nrxchains == 3) 6276 bbp3 |= 1 << 4; 6277 run_bbp_write(sc, 3, bbp3); 6278 6279 /* disable non-existing Tx chains */ 6280 run_bbp_read(sc, 1, &bbp1); 6281 if (sc->ntxchains == 1) 6282 bbp1 &= ~(1 << 3 | 1 << 4); 6283 run_bbp_write(sc, 1, bbp1); 6284 6285 if (sc->mac_ver >= 0x5390) 6286 run_rt5390_rf_setup(sc); 6287 else if (sc->mac_ver == 0x3593) 6288 run_rt3593_rf_setup(sc); 6289 else if (sc->mac_ver >= 0x3070) 6290 run_rt3070_rf_setup(sc); 6291 6292 /* select default channel */ 6293 run_set_chan(sc, ic->ic_curchan); 6294 6295 /* setup initial protection mode */ 6296 run_updateprot_cb(ic); 6297 6298 /* turn radio LED on */ 6299 run_set_leds(sc, RT2860_LED_RADIO); 6300 6301 /* Set up AUTO_RSP_CFG register for auto response */ 6302 run_write(sc, RT2860_AUTO_RSP_CFG, RT2860_AUTO_RSP_EN | 6303 RT2860_BAC_ACKPOLICY_EN | RT2860_CTS_40M_MODE_EN); 6304 6305 sc->sc_flags |= RUN_RUNNING; 6306 sc->cmdq_run = RUN_CMDQ_GO; 6307 6308 for (i = 0; i != RUN_N_XFER; i++) 6309 usbd_xfer_set_stall(sc->sc_xfer[i]); 6310 6311 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6312 6313 if (run_txrx_enable(sc) != 0) 6314 goto fail; 6315 6316 return; 6317 6318 fail: 6319 run_stop(sc); 6320 } 6321 6322 static void 6323 run_stop(void *arg) 6324 { 6325 struct run_softc *sc = (struct run_softc *)arg; 6326 uint32_t tmp; 6327 int i; 6328 int ntries; 6329 6330 RUN_LOCK_ASSERT(sc, MA_OWNED); 6331 6332 if (sc->sc_flags & RUN_RUNNING) 6333 run_set_leds(sc, 0); /* turn all LEDs off */ 6334 6335 sc->sc_flags &= ~RUN_RUNNING; 6336 6337 sc->ratectl_run = RUN_RATECTL_OFF; 6338 sc->cmdq_run = sc->cmdq_key_set; 6339 6340 RUN_UNLOCK(sc); 6341 6342 for(i = 0; i < RUN_N_XFER; i++) 6343 usbd_transfer_drain(sc->sc_xfer[i]); 6344 6345 RUN_LOCK(sc); 6346 6347 run_drain_mbufq(sc); 6348 6349 if (sc->rx_m != NULL) { 6350 m_free(sc->rx_m); 6351 sc->rx_m = NULL; 6352 } 6353 6354 /* Disable Tx/Rx DMA. */ 6355 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6356 return; 6357 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6358 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6359 6360 for (ntries = 0; ntries < 100; ntries++) { 6361 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6362 return; 6363 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6364 break; 6365 run_delay(sc, 10); 6366 } 6367 if (ntries == 100) { 6368 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6369 return; 6370 } 6371 6372 /* disable Tx/Rx */ 6373 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6374 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6375 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6376 6377 /* wait for pending Tx to complete */ 6378 for (ntries = 0; ntries < 100; ntries++) { 6379 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6380 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6381 "Cannot read Tx queue count\n"); 6382 break; 6383 } 6384 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6385 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6386 "All Tx cleared\n"); 6387 break; 6388 } 6389 run_delay(sc, 10); 6390 } 6391 if (ntries >= 100) 6392 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6393 "There are still pending Tx\n"); 6394 run_delay(sc, 10); 6395 run_write(sc, RT2860_USB_DMA_CFG, 0); 6396 6397 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6398 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6399 6400 for (i = 0; i != RUN_EP_QUEUES; i++) 6401 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6402 } 6403 6404 static void 6405 run_delay(struct run_softc *sc, u_int ms) 6406 { 6407 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6408 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6409 } 6410 6411 static void 6412 run_update_chw(struct ieee80211com *ic) 6413 { 6414 6415 printf("%s: TODO\n", __func__); 6416 } 6417 6418 static int 6419 run_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 6420 { 6421 6422 /* For now, no A-MPDU TX support in the driver */ 6423 return (0); 6424 } 6425 6426 static device_method_t run_methods[] = { 6427 /* Device interface */ 6428 DEVMETHOD(device_probe, run_match), 6429 DEVMETHOD(device_attach, run_attach), 6430 DEVMETHOD(device_detach, run_detach), 6431 DEVMETHOD_END 6432 }; 6433 6434 static driver_t run_driver = { 6435 .name = "run", 6436 .methods = run_methods, 6437 .size = sizeof(struct run_softc) 6438 }; 6439 6440 DRIVER_MODULE(run, uhub, run_driver, run_driver_loaded, NULL); 6441 MODULE_DEPEND(run, wlan, 1, 1, 1); 6442 MODULE_DEPEND(run, usb, 1, 1, 1); 6443 MODULE_DEPEND(run, firmware, 1, 1, 1); 6444 MODULE_VERSION(run, 1); 6445 USB_PNP_HOST_INFO(run_devs); 6446