1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/lock.h> 34 #include <sys/mutex.h> 35 #include <sys/mbuf.h> 36 #include <sys/kernel.h> 37 #include <sys/socket.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/module.h> 41 #include <sys/bus.h> 42 #include <sys/endian.h> 43 #include <sys/linker.h> 44 #include <sys/firmware.h> 45 #include <sys/kdb.h> 46 47 #include <net/bpf.h> 48 #include <net/if.h> 49 #include <net/if_var.h> 50 #include <net/if_arp.h> 51 #include <net/ethernet.h> 52 #include <net/if_dl.h> 53 #include <net/if_media.h> 54 #include <net/if_types.h> 55 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/if_ether.h> 60 #include <netinet/ip.h> 61 62 #include <net80211/ieee80211_var.h> 63 #include <net80211/ieee80211_regdomain.h> 64 #include <net80211/ieee80211_radiotap.h> 65 #include <net80211/ieee80211_ratectl.h> 66 67 #include <dev/usb/usb.h> 68 #include <dev/usb/usbdi.h> 69 #include "usbdevs.h" 70 71 #define USB_DEBUG_VAR run_debug 72 #include <dev/usb/usb_debug.h> 73 #include <dev/usb/usb_msctest.h> 74 75 #include <dev/usb/wlan/if_runreg.h> 76 #include <dev/usb/wlan/if_runvar.h> 77 78 #ifdef USB_DEBUG 79 #define RUN_DEBUG 80 #endif 81 82 #ifdef RUN_DEBUG 83 int run_debug = 0; 84 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 85 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 86 "run debug level"); 87 88 enum { 89 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 90 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 91 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 92 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 93 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 94 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 95 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 96 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 97 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 98 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 99 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 100 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 101 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 102 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 103 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 104 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 105 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 106 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 107 RUN_DEBUG_ANY = 0xffffffff 108 }; 109 110 #define RUN_DPRINTF(_sc, _m, ...) do { \ 111 if (run_debug & (_m)) \ 112 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 113 } while(0) 114 #else 115 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 116 #endif 117 118 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 119 120 /* 121 * Because of LOR in run_key_delete(), use atomic instead. 122 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 123 */ 124 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 125 126 static const STRUCT_USB_HOST_ID run_devs[] = { 127 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 128 #define RUN_DEV_EJECT(v,p) \ 129 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 130 #define RUN_EJECT 1 131 RUN_DEV(ABOCOM, RT2770), 132 RUN_DEV(ABOCOM, RT2870), 133 RUN_DEV(ABOCOM, RT3070), 134 RUN_DEV(ABOCOM, RT3071), 135 RUN_DEV(ABOCOM, RT3072), 136 RUN_DEV(ABOCOM2, RT2870_1), 137 RUN_DEV(ACCTON, RT2770), 138 RUN_DEV(ACCTON, RT2870_1), 139 RUN_DEV(ACCTON, RT2870_2), 140 RUN_DEV(ACCTON, RT2870_3), 141 RUN_DEV(ACCTON, RT2870_4), 142 RUN_DEV(ACCTON, RT2870_5), 143 RUN_DEV(ACCTON, RT3070), 144 RUN_DEV(ACCTON, RT3070_1), 145 RUN_DEV(ACCTON, RT3070_2), 146 RUN_DEV(ACCTON, RT3070_3), 147 RUN_DEV(ACCTON, RT3070_4), 148 RUN_DEV(ACCTON, RT3070_5), 149 RUN_DEV(AIRTIES, RT3070), 150 RUN_DEV(ALLWIN, RT2070), 151 RUN_DEV(ALLWIN, RT2770), 152 RUN_DEV(ALLWIN, RT2870), 153 RUN_DEV(ALLWIN, RT3070), 154 RUN_DEV(ALLWIN, RT3071), 155 RUN_DEV(ALLWIN, RT3072), 156 RUN_DEV(ALLWIN, RT3572), 157 RUN_DEV(AMIGO, RT2870_1), 158 RUN_DEV(AMIGO, RT2870_2), 159 RUN_DEV(AMIT, CGWLUSB2GNR), 160 RUN_DEV(AMIT, RT2870_1), 161 RUN_DEV(AMIT2, RT2870), 162 RUN_DEV(ASUS, RT2870_1), 163 RUN_DEV(ASUS, RT2870_2), 164 RUN_DEV(ASUS, RT2870_3), 165 RUN_DEV(ASUS, RT2870_4), 166 RUN_DEV(ASUS, RT2870_5), 167 RUN_DEV(ASUS, USBN13), 168 RUN_DEV(ASUS, RT3070_1), 169 RUN_DEV(ASUS, USBN66), 170 RUN_DEV(ASUS, USB_N53), 171 RUN_DEV(ASUS2, USBN11), 172 RUN_DEV(AZUREWAVE, RT2870_1), 173 RUN_DEV(AZUREWAVE, RT2870_2), 174 RUN_DEV(AZUREWAVE, RT3070_1), 175 RUN_DEV(AZUREWAVE, RT3070_2), 176 RUN_DEV(AZUREWAVE, RT3070_3), 177 RUN_DEV(BELKIN, F9L1103), 178 RUN_DEV(BELKIN, F5D8053V3), 179 RUN_DEV(BELKIN, F5D8055), 180 RUN_DEV(BELKIN, F5D8055V2), 181 RUN_DEV(BELKIN, F6D4050V1), 182 RUN_DEV(BELKIN, F6D4050V2), 183 RUN_DEV(BELKIN, RT2870_1), 184 RUN_DEV(BELKIN, RT2870_2), 185 RUN_DEV(CISCOLINKSYS, AE1000), 186 RUN_DEV(CISCOLINKSYS2, RT3070), 187 RUN_DEV(CISCOLINKSYS3, RT3070), 188 RUN_DEV(CONCEPTRONIC2, RT2870_1), 189 RUN_DEV(CONCEPTRONIC2, RT2870_2), 190 RUN_DEV(CONCEPTRONIC2, RT2870_3), 191 RUN_DEV(CONCEPTRONIC2, RT2870_4), 192 RUN_DEV(CONCEPTRONIC2, RT2870_5), 193 RUN_DEV(CONCEPTRONIC2, RT2870_6), 194 RUN_DEV(CONCEPTRONIC2, RT2870_7), 195 RUN_DEV(CONCEPTRONIC2, RT2870_8), 196 RUN_DEV(CONCEPTRONIC2, RT3070_1), 197 RUN_DEV(CONCEPTRONIC2, RT3070_2), 198 RUN_DEV(CONCEPTRONIC2, VIGORN61), 199 RUN_DEV(COREGA, CGWLUSB300GNM), 200 RUN_DEV(COREGA, RT2870_1), 201 RUN_DEV(COREGA, RT2870_2), 202 RUN_DEV(COREGA, RT2870_3), 203 RUN_DEV(COREGA, RT3070), 204 RUN_DEV(CYBERTAN, RT2870), 205 RUN_DEV(DLINK, RT2870), 206 RUN_DEV(DLINK, RT3072), 207 RUN_DEV(DLINK, DWA125A3), 208 RUN_DEV(DLINK, DWA127), 209 RUN_DEV(DLINK, DWA140B3), 210 RUN_DEV(DLINK, DWA160B2), 211 RUN_DEV(DLINK, DWA140D1), 212 RUN_DEV(DLINK, DWA162), 213 RUN_DEV(DLINK2, DWA130), 214 RUN_DEV(DLINK2, RT2870_1), 215 RUN_DEV(DLINK2, RT2870_2), 216 RUN_DEV(DLINK2, RT3070_1), 217 RUN_DEV(DLINK2, RT3070_2), 218 RUN_DEV(DLINK2, RT3070_3), 219 RUN_DEV(DLINK2, RT3070_4), 220 RUN_DEV(DLINK2, RT3070_5), 221 RUN_DEV(DLINK2, RT3072), 222 RUN_DEV(DLINK2, RT3072_1), 223 RUN_DEV(EDIMAX, EW7717), 224 RUN_DEV(EDIMAX, EW7718), 225 RUN_DEV(EDIMAX, EW7733UND), 226 RUN_DEV(EDIMAX, RT2870_1), 227 RUN_DEV(ENCORE, RT3070_1), 228 RUN_DEV(ENCORE, RT3070_2), 229 RUN_DEV(ENCORE, RT3070_3), 230 RUN_DEV(GIGABYTE, GNWB31N), 231 RUN_DEV(GIGABYTE, GNWB32L), 232 RUN_DEV(GIGABYTE, RT2870_1), 233 RUN_DEV(GIGASET, RT3070_1), 234 RUN_DEV(GIGASET, RT3070_2), 235 RUN_DEV(GUILLEMOT, HWNU300), 236 RUN_DEV(HAWKING, HWUN2), 237 RUN_DEV(HAWKING, RT2870_1), 238 RUN_DEV(HAWKING, RT2870_2), 239 RUN_DEV(HAWKING, RT3070), 240 RUN_DEV(IODATA, RT3072_1), 241 RUN_DEV(IODATA, RT3072_2), 242 RUN_DEV(IODATA, RT3072_3), 243 RUN_DEV(IODATA, RT3072_4), 244 RUN_DEV(LINKSYS4, RT3070), 245 RUN_DEV(LINKSYS4, WUSB100), 246 RUN_DEV(LINKSYS4, WUSB54GCV3), 247 RUN_DEV(LINKSYS4, WUSB600N), 248 RUN_DEV(LINKSYS4, WUSB600NV2), 249 RUN_DEV(LOGITEC, RT2870_1), 250 RUN_DEV(LOGITEC, RT2870_2), 251 RUN_DEV(LOGITEC, RT2870_3), 252 RUN_DEV(LOGITEC, LANW300NU2), 253 RUN_DEV(LOGITEC, LANW150NU2), 254 RUN_DEV(LOGITEC, LANW300NU2S), 255 RUN_DEV(MELCO, WLIUCG300HP), 256 RUN_DEV(MELCO, RT2870_2), 257 RUN_DEV(MELCO, WLIUCAG300N), 258 RUN_DEV(MELCO, WLIUCG300N), 259 RUN_DEV(MELCO, WLIUCG301N), 260 RUN_DEV(MELCO, WLIUCGN), 261 RUN_DEV(MELCO, WLIUCGNM), 262 RUN_DEV(MELCO, WLIUCG300HPV1), 263 RUN_DEV(MELCO, WLIUCGNM2), 264 RUN_DEV(MOTOROLA4, RT2770), 265 RUN_DEV(MOTOROLA4, RT3070), 266 RUN_DEV(MSI, RT3070_1), 267 RUN_DEV(MSI, RT3070_2), 268 RUN_DEV(MSI, RT3070_3), 269 RUN_DEV(MSI, RT3070_4), 270 RUN_DEV(MSI, RT3070_5), 271 RUN_DEV(MSI, RT3070_6), 272 RUN_DEV(MSI, RT3070_7), 273 RUN_DEV(MSI, RT3070_8), 274 RUN_DEV(MSI, RT3070_9), 275 RUN_DEV(MSI, RT3070_10), 276 RUN_DEV(MSI, RT3070_11), 277 RUN_DEV(NETGEAR, WNDA4100), 278 RUN_DEV(OVISLINK, RT3072), 279 RUN_DEV(PARA, RT3070), 280 RUN_DEV(PEGATRON, RT2870), 281 RUN_DEV(PEGATRON, RT3070), 282 RUN_DEV(PEGATRON, RT3070_2), 283 RUN_DEV(PEGATRON, RT3070_3), 284 RUN_DEV(PHILIPS, RT2870), 285 RUN_DEV(PLANEX2, GWUS300MINIS), 286 RUN_DEV(PLANEX2, GWUSMICRON), 287 RUN_DEV(PLANEX2, RT2870), 288 RUN_DEV(PLANEX2, RT3070), 289 RUN_DEV(QCOM, RT2870), 290 RUN_DEV(QUANTA, RT3070), 291 RUN_DEV(RALINK, RT2070), 292 RUN_DEV(RALINK, RT2770), 293 RUN_DEV(RALINK, RT2870), 294 RUN_DEV(RALINK, RT3070), 295 RUN_DEV(RALINK, RT3071), 296 RUN_DEV(RALINK, RT3072), 297 RUN_DEV(RALINK, RT3370), 298 RUN_DEV(RALINK, RT3572), 299 RUN_DEV(RALINK, RT3573), 300 RUN_DEV(RALINK, RT5370), 301 RUN_DEV(RALINK, RT5372), 302 RUN_DEV(RALINK, RT5572), 303 RUN_DEV(RALINK, RT8070), 304 RUN_DEV(SAMSUNG, WIS09ABGN), 305 RUN_DEV(SAMSUNG2, RT2870_1), 306 RUN_DEV(SENAO, RT2870_1), 307 RUN_DEV(SENAO, RT2870_2), 308 RUN_DEV(SENAO, RT2870_3), 309 RUN_DEV(SENAO, RT2870_4), 310 RUN_DEV(SENAO, RT3070), 311 RUN_DEV(SENAO, RT3071), 312 RUN_DEV(SENAO, RT3072_1), 313 RUN_DEV(SENAO, RT3072_2), 314 RUN_DEV(SENAO, RT3072_3), 315 RUN_DEV(SENAO, RT3072_4), 316 RUN_DEV(SENAO, RT3072_5), 317 RUN_DEV(SITECOMEU, RT2770), 318 RUN_DEV(SITECOMEU, RT2870_1), 319 RUN_DEV(SITECOMEU, RT2870_2), 320 RUN_DEV(SITECOMEU, RT2870_3), 321 RUN_DEV(SITECOMEU, RT2870_4), 322 RUN_DEV(SITECOMEU, RT3070), 323 RUN_DEV(SITECOMEU, RT3070_2), 324 RUN_DEV(SITECOMEU, RT3070_3), 325 RUN_DEV(SITECOMEU, RT3070_4), 326 RUN_DEV(SITECOMEU, RT3071), 327 RUN_DEV(SITECOMEU, RT3072_1), 328 RUN_DEV(SITECOMEU, RT3072_2), 329 RUN_DEV(SITECOMEU, RT3072_3), 330 RUN_DEV(SITECOMEU, RT3072_4), 331 RUN_DEV(SITECOMEU, RT3072_5), 332 RUN_DEV(SITECOMEU, RT3072_6), 333 RUN_DEV(SITECOMEU, WL608), 334 RUN_DEV(SPARKLAN, RT2870_1), 335 RUN_DEV(SPARKLAN, RT3070), 336 RUN_DEV(SWEEX2, LW153), 337 RUN_DEV(SWEEX2, LW303), 338 RUN_DEV(SWEEX2, LW313), 339 RUN_DEV(TOSHIBA, RT3070), 340 RUN_DEV(UMEDIA, RT2870_1), 341 RUN_DEV(ZCOM, RT2870_1), 342 RUN_DEV(ZCOM, RT2870_2), 343 RUN_DEV(ZINWELL, RT2870_1), 344 RUN_DEV(ZINWELL, RT2870_2), 345 RUN_DEV(ZINWELL, RT3070), 346 RUN_DEV(ZINWELL, RT3072_1), 347 RUN_DEV(ZINWELL, RT3072_2), 348 RUN_DEV(ZYXEL, RT2870_1), 349 RUN_DEV(ZYXEL, RT2870_2), 350 RUN_DEV(ZYXEL, RT3070), 351 RUN_DEV_EJECT(ZYXEL, NWD2705), 352 RUN_DEV_EJECT(RALINK, RT_STOR), 353 #undef RUN_DEV_EJECT 354 #undef RUN_DEV 355 }; 356 357 static device_probe_t run_match; 358 static device_attach_t run_attach; 359 static device_detach_t run_detach; 360 361 static usb_callback_t run_bulk_rx_callback; 362 static usb_callback_t run_bulk_tx_callback0; 363 static usb_callback_t run_bulk_tx_callback1; 364 static usb_callback_t run_bulk_tx_callback2; 365 static usb_callback_t run_bulk_tx_callback3; 366 static usb_callback_t run_bulk_tx_callback4; 367 static usb_callback_t run_bulk_tx_callback5; 368 369 static void run_autoinst(void *, struct usb_device *, 370 struct usb_attach_arg *); 371 static int run_driver_loaded(struct module *, int, void *); 372 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 373 usb_error_t error, u_int index); 374 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 375 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 376 const uint8_t [IEEE80211_ADDR_LEN], 377 const uint8_t [IEEE80211_ADDR_LEN]); 378 static void run_vap_delete(struct ieee80211vap *); 379 static void run_cmdq_cb(void *, int); 380 static void run_setup_tx_list(struct run_softc *, 381 struct run_endpoint_queue *); 382 static void run_unsetup_tx_list(struct run_softc *, 383 struct run_endpoint_queue *); 384 static int run_load_microcode(struct run_softc *); 385 static int run_reset(struct run_softc *); 386 static usb_error_t run_do_request(struct run_softc *, 387 struct usb_device_request *, void *); 388 static int run_read(struct run_softc *, uint16_t, uint32_t *); 389 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 390 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 391 static int run_write(struct run_softc *, uint16_t, uint32_t); 392 static int run_write_region_1(struct run_softc *, uint16_t, 393 const uint8_t *, int); 394 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 395 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 396 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 397 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 398 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 399 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 400 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 401 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 402 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 403 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 404 static const char *run_get_rf(uint16_t); 405 static void run_rt3593_get_txpower(struct run_softc *); 406 static void run_get_txpower(struct run_softc *); 407 static int run_read_eeprom(struct run_softc *); 408 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 409 const uint8_t mac[IEEE80211_ADDR_LEN]); 410 static int run_media_change(struct ifnet *); 411 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 412 static int run_wme_update(struct ieee80211com *); 413 static void run_key_set_cb(void *); 414 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 415 static void run_key_delete_cb(void *); 416 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 417 static void run_ratectl_to(void *); 418 static void run_ratectl_cb(void *, int); 419 static void run_drain_fifo(void *); 420 static void run_iter_func(void *, struct ieee80211_node *); 421 static void run_newassoc_cb(void *); 422 static void run_newassoc(struct ieee80211_node *, int); 423 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 424 const struct ieee80211_rx_stats *, int, int); 425 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 426 static void run_tx_free(struct run_endpoint_queue *pq, 427 struct run_tx_data *, int); 428 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 429 static int run_tx(struct run_softc *, struct mbuf *, 430 struct ieee80211_node *); 431 static int run_tx_mgt(struct run_softc *, struct mbuf *, 432 struct ieee80211_node *); 433 static int run_sendprot(struct run_softc *, const struct mbuf *, 434 struct ieee80211_node *, int, int); 435 static int run_tx_param(struct run_softc *, struct mbuf *, 436 struct ieee80211_node *, 437 const struct ieee80211_bpf_params *); 438 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 439 const struct ieee80211_bpf_params *); 440 static int run_transmit(struct ieee80211com *, struct mbuf *); 441 static void run_start(struct run_softc *); 442 static void run_parent(struct ieee80211com *); 443 static void run_iq_calib(struct run_softc *, u_int); 444 static void run_set_agc(struct run_softc *, uint8_t); 445 static void run_select_chan_group(struct run_softc *, int); 446 static void run_set_rx_antenna(struct run_softc *, int); 447 static void run_rt2870_set_chan(struct run_softc *, u_int); 448 static void run_rt3070_set_chan(struct run_softc *, u_int); 449 static void run_rt3572_set_chan(struct run_softc *, u_int); 450 static void run_rt3593_set_chan(struct run_softc *, u_int); 451 static void run_rt5390_set_chan(struct run_softc *, u_int); 452 static void run_rt5592_set_chan(struct run_softc *, u_int); 453 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 454 static void run_set_channel(struct ieee80211com *); 455 static void run_getradiocaps(struct ieee80211com *, int, int *, 456 struct ieee80211_channel[]); 457 static void run_scan_start(struct ieee80211com *); 458 static void run_scan_end(struct ieee80211com *); 459 static void run_update_beacon(struct ieee80211vap *, int); 460 static void run_update_beacon_cb(void *); 461 static void run_updateprot(struct ieee80211com *); 462 static void run_updateprot_cb(void *); 463 static void run_usb_timeout_cb(void *); 464 static void run_reset_livelock(struct run_softc *); 465 static void run_enable_tsf_sync(struct run_softc *); 466 static void run_enable_tsf(struct run_softc *); 467 static void run_disable_tsf(struct run_softc *); 468 static void run_get_tsf(struct run_softc *, uint64_t *); 469 static void run_enable_mrr(struct run_softc *); 470 static void run_set_txpreamble(struct run_softc *); 471 static void run_set_basicrates(struct run_softc *); 472 static void run_set_leds(struct run_softc *, uint16_t); 473 static void run_set_bssid(struct run_softc *, const uint8_t *); 474 static void run_set_macaddr(struct run_softc *, const uint8_t *); 475 static void run_updateslot(struct ieee80211com *); 476 static void run_updateslot_cb(void *); 477 static void run_update_mcast(struct ieee80211com *); 478 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 479 static void run_update_promisc_locked(struct run_softc *); 480 static void run_update_promisc(struct ieee80211com *); 481 static void run_rt5390_bbp_init(struct run_softc *); 482 static int run_bbp_init(struct run_softc *); 483 static int run_rt3070_rf_init(struct run_softc *); 484 static void run_rt3593_rf_init(struct run_softc *); 485 static void run_rt5390_rf_init(struct run_softc *); 486 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 487 uint8_t *); 488 static void run_rt3070_rf_setup(struct run_softc *); 489 static void run_rt3593_rf_setup(struct run_softc *); 490 static void run_rt5390_rf_setup(struct run_softc *); 491 static int run_txrx_enable(struct run_softc *); 492 static void run_adjust_freq_offset(struct run_softc *); 493 static void run_init_locked(struct run_softc *); 494 static void run_stop(void *); 495 static void run_delay(struct run_softc *, u_int); 496 497 static eventhandler_tag run_etag; 498 499 static const struct rt2860_rate { 500 uint8_t rate; 501 uint8_t mcs; 502 enum ieee80211_phytype phy; 503 uint8_t ctl_ridx; 504 uint16_t sp_ack_dur; 505 uint16_t lp_ack_dur; 506 } rt2860_rates[] = { 507 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 508 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 509 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 510 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 511 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 512 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 513 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 514 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 515 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 516 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 517 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 518 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 519 }; 520 521 static const struct { 522 uint16_t reg; 523 uint32_t val; 524 } rt2870_def_mac[] = { 525 RT2870_DEF_MAC 526 }; 527 528 static const struct { 529 uint8_t reg; 530 uint8_t val; 531 } rt2860_def_bbp[] = { 532 RT2860_DEF_BBP 533 },rt5390_def_bbp[] = { 534 RT5390_DEF_BBP 535 },rt5592_def_bbp[] = { 536 RT5592_DEF_BBP 537 }; 538 539 /* 540 * Default values for BBP register R196 for RT5592. 541 */ 542 static const uint8_t rt5592_bbp_r196[] = { 543 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 544 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 545 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 546 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 547 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 548 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 549 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 550 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 551 0x2e, 0x36, 0x30, 0x6e 552 }; 553 554 static const struct rfprog { 555 uint8_t chan; 556 uint32_t r1, r2, r3, r4; 557 } rt2860_rf2850[] = { 558 RT2860_RF2850 559 }; 560 561 struct { 562 uint8_t n, r, k; 563 } rt3070_freqs[] = { 564 RT3070_RF3052 565 }; 566 567 static const struct rt5592_freqs { 568 uint16_t n; 569 uint8_t k, m, r; 570 } rt5592_freqs_20mhz[] = { 571 RT5592_RF5592_20MHZ 572 },rt5592_freqs_40mhz[] = { 573 RT5592_RF5592_40MHZ 574 }; 575 576 static const struct { 577 uint8_t reg; 578 uint8_t val; 579 } rt3070_def_rf[] = { 580 RT3070_DEF_RF 581 },rt3572_def_rf[] = { 582 RT3572_DEF_RF 583 },rt3593_def_rf[] = { 584 RT3593_DEF_RF 585 },rt5390_def_rf[] = { 586 RT5390_DEF_RF 587 },rt5392_def_rf[] = { 588 RT5392_DEF_RF 589 },rt5592_def_rf[] = { 590 RT5592_DEF_RF 591 },rt5592_2ghz_def_rf[] = { 592 RT5592_2GHZ_DEF_RF 593 },rt5592_5ghz_def_rf[] = { 594 RT5592_5GHZ_DEF_RF 595 }; 596 597 static const struct { 598 u_int firstchan; 599 u_int lastchan; 600 uint8_t reg; 601 uint8_t val; 602 } rt5592_chan_5ghz[] = { 603 RT5592_CHAN_5GHZ 604 }; 605 606 static const struct usb_config run_config[RUN_N_XFER] = { 607 [RUN_BULK_TX_BE] = { 608 .type = UE_BULK, 609 .endpoint = UE_ADDR_ANY, 610 .ep_index = 0, 611 .direction = UE_DIR_OUT, 612 .bufsize = RUN_MAX_TXSZ, 613 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 614 .callback = run_bulk_tx_callback0, 615 .timeout = 5000, /* ms */ 616 }, 617 [RUN_BULK_TX_BK] = { 618 .type = UE_BULK, 619 .endpoint = UE_ADDR_ANY, 620 .direction = UE_DIR_OUT, 621 .ep_index = 1, 622 .bufsize = RUN_MAX_TXSZ, 623 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 624 .callback = run_bulk_tx_callback1, 625 .timeout = 5000, /* ms */ 626 }, 627 [RUN_BULK_TX_VI] = { 628 .type = UE_BULK, 629 .endpoint = UE_ADDR_ANY, 630 .direction = UE_DIR_OUT, 631 .ep_index = 2, 632 .bufsize = RUN_MAX_TXSZ, 633 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 634 .callback = run_bulk_tx_callback2, 635 .timeout = 5000, /* ms */ 636 }, 637 [RUN_BULK_TX_VO] = { 638 .type = UE_BULK, 639 .endpoint = UE_ADDR_ANY, 640 .direction = UE_DIR_OUT, 641 .ep_index = 3, 642 .bufsize = RUN_MAX_TXSZ, 643 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 644 .callback = run_bulk_tx_callback3, 645 .timeout = 5000, /* ms */ 646 }, 647 [RUN_BULK_TX_HCCA] = { 648 .type = UE_BULK, 649 .endpoint = UE_ADDR_ANY, 650 .direction = UE_DIR_OUT, 651 .ep_index = 4, 652 .bufsize = RUN_MAX_TXSZ, 653 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 654 .callback = run_bulk_tx_callback4, 655 .timeout = 5000, /* ms */ 656 }, 657 [RUN_BULK_TX_PRIO] = { 658 .type = UE_BULK, 659 .endpoint = UE_ADDR_ANY, 660 .direction = UE_DIR_OUT, 661 .ep_index = 5, 662 .bufsize = RUN_MAX_TXSZ, 663 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 664 .callback = run_bulk_tx_callback5, 665 .timeout = 5000, /* ms */ 666 }, 667 [RUN_BULK_RX] = { 668 .type = UE_BULK, 669 .endpoint = UE_ADDR_ANY, 670 .direction = UE_DIR_IN, 671 .bufsize = RUN_MAX_RXSZ, 672 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 673 .callback = run_bulk_rx_callback, 674 } 675 }; 676 677 static void 678 run_autoinst(void *arg, struct usb_device *udev, 679 struct usb_attach_arg *uaa) 680 { 681 struct usb_interface *iface; 682 struct usb_interface_descriptor *id; 683 684 if (uaa->dev_state != UAA_DEV_READY) 685 return; 686 687 iface = usbd_get_iface(udev, 0); 688 if (iface == NULL) 689 return; 690 id = iface->idesc; 691 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 692 return; 693 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 694 return; 695 696 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 697 uaa->dev_state = UAA_DEV_EJECTING; 698 } 699 700 static int 701 run_driver_loaded(struct module *mod, int what, void *arg) 702 { 703 switch (what) { 704 case MOD_LOAD: 705 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 706 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 707 break; 708 case MOD_UNLOAD: 709 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 710 break; 711 default: 712 return (EOPNOTSUPP); 713 } 714 return (0); 715 } 716 717 static int 718 run_match(device_t self) 719 { 720 struct usb_attach_arg *uaa = device_get_ivars(self); 721 722 if (uaa->usb_mode != USB_MODE_HOST) 723 return (ENXIO); 724 if (uaa->info.bConfigIndex != 0) 725 return (ENXIO); 726 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 727 return (ENXIO); 728 729 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 730 } 731 732 static int 733 run_attach(device_t self) 734 { 735 struct run_softc *sc = device_get_softc(self); 736 struct usb_attach_arg *uaa = device_get_ivars(self); 737 struct ieee80211com *ic = &sc->sc_ic; 738 uint32_t ver; 739 uint8_t iface_index; 740 int ntries, error; 741 742 device_set_usb_desc(self); 743 sc->sc_udev = uaa->device; 744 sc->sc_dev = self; 745 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 746 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 747 748 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 749 MTX_NETWORK_LOCK, MTX_DEF); 750 mbufq_init(&sc->sc_snd, ifqmaxlen); 751 752 iface_index = RT2860_IFACE_INDEX; 753 754 error = usbd_transfer_setup(uaa->device, &iface_index, 755 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 756 if (error) { 757 device_printf(self, "could not allocate USB transfers, " 758 "err=%s\n", usbd_errstr(error)); 759 goto detach; 760 } 761 762 RUN_LOCK(sc); 763 764 /* wait for the chip to settle */ 765 for (ntries = 0; ntries < 100; ntries++) { 766 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 767 RUN_UNLOCK(sc); 768 goto detach; 769 } 770 if (ver != 0 && ver != 0xffffffff) 771 break; 772 run_delay(sc, 10); 773 } 774 if (ntries == 100) { 775 device_printf(sc->sc_dev, 776 "timeout waiting for NIC to initialize\n"); 777 RUN_UNLOCK(sc); 778 goto detach; 779 } 780 sc->mac_ver = ver >> 16; 781 sc->mac_rev = ver & 0xffff; 782 783 /* retrieve RF rev. no and various other things from EEPROM */ 784 run_read_eeprom(sc); 785 786 device_printf(sc->sc_dev, 787 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 788 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 789 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 790 791 RUN_UNLOCK(sc); 792 793 ic->ic_softc = sc; 794 ic->ic_name = device_get_nameunit(self); 795 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 796 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 797 798 /* set device capabilities */ 799 ic->ic_caps = 800 IEEE80211_C_STA | /* station mode supported */ 801 IEEE80211_C_MONITOR | /* monitor mode supported */ 802 IEEE80211_C_IBSS | 803 IEEE80211_C_HOSTAP | 804 IEEE80211_C_WDS | /* 4-address traffic works */ 805 IEEE80211_C_MBSS | 806 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 807 IEEE80211_C_SHSLOT | /* short slot time supported */ 808 IEEE80211_C_WME | /* WME */ 809 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 810 811 ic->ic_cryptocaps = 812 IEEE80211_CRYPTO_WEP | 813 IEEE80211_CRYPTO_AES_CCM | 814 IEEE80211_CRYPTO_TKIPMIC | 815 IEEE80211_CRYPTO_TKIP; 816 817 ic->ic_flags |= IEEE80211_F_DATAPAD; 818 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 819 820 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 821 ic->ic_channels); 822 823 ieee80211_ifattach(ic); 824 825 ic->ic_scan_start = run_scan_start; 826 ic->ic_scan_end = run_scan_end; 827 ic->ic_set_channel = run_set_channel; 828 ic->ic_getradiocaps = run_getradiocaps; 829 ic->ic_node_alloc = run_node_alloc; 830 ic->ic_newassoc = run_newassoc; 831 ic->ic_updateslot = run_updateslot; 832 ic->ic_update_mcast = run_update_mcast; 833 ic->ic_wme.wme_update = run_wme_update; 834 ic->ic_raw_xmit = run_raw_xmit; 835 ic->ic_update_promisc = run_update_promisc; 836 ic->ic_vap_create = run_vap_create; 837 ic->ic_vap_delete = run_vap_delete; 838 ic->ic_transmit = run_transmit; 839 ic->ic_parent = run_parent; 840 841 ieee80211_radiotap_attach(ic, 842 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 843 RUN_TX_RADIOTAP_PRESENT, 844 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 845 RUN_RX_RADIOTAP_PRESENT); 846 847 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 848 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 849 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 850 851 if (bootverbose) 852 ieee80211_announce(ic); 853 854 return (0); 855 856 detach: 857 run_detach(self); 858 return (ENXIO); 859 } 860 861 static void 862 run_drain_mbufq(struct run_softc *sc) 863 { 864 struct mbuf *m; 865 struct ieee80211_node *ni; 866 867 RUN_LOCK_ASSERT(sc, MA_OWNED); 868 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 869 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 870 m->m_pkthdr.rcvif = NULL; 871 ieee80211_free_node(ni); 872 m_freem(m); 873 } 874 } 875 876 static int 877 run_detach(device_t self) 878 { 879 struct run_softc *sc = device_get_softc(self); 880 struct ieee80211com *ic = &sc->sc_ic; 881 int i; 882 883 RUN_LOCK(sc); 884 sc->sc_detached = 1; 885 RUN_UNLOCK(sc); 886 887 /* stop all USB transfers */ 888 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 889 890 RUN_LOCK(sc); 891 sc->ratectl_run = RUN_RATECTL_OFF; 892 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 893 894 /* free TX list, if any */ 895 for (i = 0; i != RUN_EP_QUEUES; i++) 896 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 897 898 /* Free TX queue */ 899 run_drain_mbufq(sc); 900 RUN_UNLOCK(sc); 901 902 if (sc->sc_ic.ic_softc == sc) { 903 /* drain tasks */ 904 usb_callout_drain(&sc->ratectl_ch); 905 ieee80211_draintask(ic, &sc->cmdq_task); 906 ieee80211_draintask(ic, &sc->ratectl_task); 907 ieee80211_ifdetach(ic); 908 } 909 910 mtx_destroy(&sc->sc_mtx); 911 912 return (0); 913 } 914 915 static struct ieee80211vap * 916 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 917 enum ieee80211_opmode opmode, int flags, 918 const uint8_t bssid[IEEE80211_ADDR_LEN], 919 const uint8_t mac[IEEE80211_ADDR_LEN]) 920 { 921 struct run_softc *sc = ic->ic_softc; 922 struct run_vap *rvp; 923 struct ieee80211vap *vap; 924 int i; 925 926 if (sc->rvp_cnt >= RUN_VAP_MAX) { 927 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 928 return (NULL); 929 } 930 931 switch (opmode) { 932 case IEEE80211_M_STA: 933 /* enable s/w bmiss handling for sta mode */ 934 flags |= IEEE80211_CLONE_NOBEACONS; 935 /* fall though */ 936 case IEEE80211_M_IBSS: 937 case IEEE80211_M_MONITOR: 938 case IEEE80211_M_HOSTAP: 939 case IEEE80211_M_MBSS: 940 /* other than WDS vaps, only one at a time */ 941 if (!TAILQ_EMPTY(&ic->ic_vaps)) 942 return (NULL); 943 break; 944 case IEEE80211_M_WDS: 945 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 946 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 947 continue; 948 /* WDS vap's always share the local mac address. */ 949 flags &= ~IEEE80211_CLONE_BSSID; 950 break; 951 } 952 if (vap == NULL) { 953 device_printf(sc->sc_dev, 954 "wds only supported in ap mode\n"); 955 return (NULL); 956 } 957 break; 958 default: 959 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 960 return (NULL); 961 } 962 963 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 964 vap = &rvp->vap; 965 966 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 967 bssid) != 0) { 968 /* out of memory */ 969 free(rvp, M_80211_VAP); 970 return (NULL); 971 } 972 973 vap->iv_update_beacon = run_update_beacon; 974 vap->iv_max_aid = RT2870_WCID_MAX; 975 /* 976 * To delete the right key from h/w, we need wcid. 977 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 978 * and matching wcid will be written into there. So, cast 979 * some spells to remove 'const' from ieee80211_key{} 980 */ 981 vap->iv_key_delete = (void *)run_key_delete; 982 vap->iv_key_set = (void *)run_key_set; 983 984 /* override state transition machine */ 985 rvp->newstate = vap->iv_newstate; 986 vap->iv_newstate = run_newstate; 987 if (opmode == IEEE80211_M_IBSS) { 988 rvp->recv_mgmt = vap->iv_recv_mgmt; 989 vap->iv_recv_mgmt = run_recv_mgmt; 990 } 991 992 ieee80211_ratectl_init(vap); 993 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 994 995 /* complete setup */ 996 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 997 mac); 998 999 /* make sure id is always unique */ 1000 for (i = 0; i < RUN_VAP_MAX; i++) { 1001 if((sc->rvp_bmap & 1 << i) == 0){ 1002 sc->rvp_bmap |= 1 << i; 1003 rvp->rvp_id = i; 1004 break; 1005 } 1006 } 1007 if (sc->rvp_cnt++ == 0) 1008 ic->ic_opmode = opmode; 1009 1010 if (opmode == IEEE80211_M_HOSTAP) 1011 sc->cmdq_run = RUN_CMDQ_GO; 1012 1013 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1014 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1015 1016 return (vap); 1017 } 1018 1019 static void 1020 run_vap_delete(struct ieee80211vap *vap) 1021 { 1022 struct run_vap *rvp = RUN_VAP(vap); 1023 struct ieee80211com *ic; 1024 struct run_softc *sc; 1025 uint8_t rvp_id; 1026 1027 if (vap == NULL) 1028 return; 1029 1030 ic = vap->iv_ic; 1031 sc = ic->ic_softc; 1032 1033 RUN_LOCK(sc); 1034 1035 m_freem(rvp->beacon_mbuf); 1036 rvp->beacon_mbuf = NULL; 1037 1038 rvp_id = rvp->rvp_id; 1039 sc->ratectl_run &= ~(1 << rvp_id); 1040 sc->rvp_bmap &= ~(1 << rvp_id); 1041 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1042 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1043 --sc->rvp_cnt; 1044 1045 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1046 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1047 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1048 1049 RUN_UNLOCK(sc); 1050 1051 ieee80211_ratectl_deinit(vap); 1052 ieee80211_vap_detach(vap); 1053 free(rvp, M_80211_VAP); 1054 } 1055 1056 /* 1057 * There are numbers of functions need to be called in context thread. 1058 * Rather than creating taskqueue event for each of those functions, 1059 * here is all-for-one taskqueue callback function. This function 1060 * guarantees deferred functions are executed in the same order they 1061 * were enqueued. 1062 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1063 */ 1064 static void 1065 run_cmdq_cb(void *arg, int pending) 1066 { 1067 struct run_softc *sc = arg; 1068 uint8_t i; 1069 1070 /* call cmdq[].func locked */ 1071 RUN_LOCK(sc); 1072 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1073 i = sc->cmdq_exec, pending--) { 1074 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1075 i, pending); 1076 if (sc->cmdq_run == RUN_CMDQ_GO) { 1077 /* 1078 * If arg0 is NULL, callback func needs more 1079 * than one arg. So, pass ptr to cmdq struct. 1080 */ 1081 if (sc->cmdq[i].arg0) 1082 sc->cmdq[i].func(sc->cmdq[i].arg0); 1083 else 1084 sc->cmdq[i].func(&sc->cmdq[i]); 1085 } 1086 sc->cmdq[i].arg0 = NULL; 1087 sc->cmdq[i].func = NULL; 1088 sc->cmdq_exec++; 1089 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1090 } 1091 RUN_UNLOCK(sc); 1092 } 1093 1094 static void 1095 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1096 { 1097 struct run_tx_data *data; 1098 1099 memset(pq, 0, sizeof(*pq)); 1100 1101 STAILQ_INIT(&pq->tx_qh); 1102 STAILQ_INIT(&pq->tx_fh); 1103 1104 for (data = &pq->tx_data[0]; 1105 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1106 data->sc = sc; 1107 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1108 } 1109 pq->tx_nfree = RUN_TX_RING_COUNT; 1110 } 1111 1112 static void 1113 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1114 { 1115 struct run_tx_data *data; 1116 1117 /* make sure any subsequent use of the queues will fail */ 1118 pq->tx_nfree = 0; 1119 STAILQ_INIT(&pq->tx_fh); 1120 STAILQ_INIT(&pq->tx_qh); 1121 1122 /* free up all node references and mbufs */ 1123 for (data = &pq->tx_data[0]; 1124 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1125 if (data->m != NULL) { 1126 m_freem(data->m); 1127 data->m = NULL; 1128 } 1129 if (data->ni != NULL) { 1130 ieee80211_free_node(data->ni); 1131 data->ni = NULL; 1132 } 1133 } 1134 } 1135 1136 static int 1137 run_load_microcode(struct run_softc *sc) 1138 { 1139 usb_device_request_t req; 1140 const struct firmware *fw; 1141 const u_char *base; 1142 uint32_t tmp; 1143 int ntries, error; 1144 const uint64_t *temp; 1145 uint64_t bytes; 1146 1147 RUN_UNLOCK(sc); 1148 fw = firmware_get("runfw"); 1149 RUN_LOCK(sc); 1150 if (fw == NULL) { 1151 device_printf(sc->sc_dev, 1152 "failed loadfirmware of file %s\n", "runfw"); 1153 return ENOENT; 1154 } 1155 1156 if (fw->datasize != 8192) { 1157 device_printf(sc->sc_dev, 1158 "invalid firmware size (should be 8KB)\n"); 1159 error = EINVAL; 1160 goto fail; 1161 } 1162 1163 /* 1164 * RT3071/RT3072 use a different firmware 1165 * run-rt2870 (8KB) contains both, 1166 * first half (4KB) is for rt2870, 1167 * last half is for rt3071. 1168 */ 1169 base = fw->data; 1170 if ((sc->mac_ver) != 0x2860 && 1171 (sc->mac_ver) != 0x2872 && 1172 (sc->mac_ver) != 0x3070) { 1173 base += 4096; 1174 } 1175 1176 /* cheap sanity check */ 1177 temp = fw->data; 1178 bytes = *temp; 1179 if (bytes != be64toh(0xffffff0210280210ULL)) { 1180 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1181 error = EINVAL; 1182 goto fail; 1183 } 1184 1185 /* write microcode image */ 1186 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1187 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1188 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1189 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1190 } 1191 1192 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1193 req.bRequest = RT2870_RESET; 1194 USETW(req.wValue, 8); 1195 USETW(req.wIndex, 0); 1196 USETW(req.wLength, 0); 1197 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1198 != 0) { 1199 device_printf(sc->sc_dev, "firmware reset failed\n"); 1200 goto fail; 1201 } 1202 1203 run_delay(sc, 10); 1204 1205 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1206 run_write(sc, RT2860_H2M_MAILBOX, 0); 1207 run_write(sc, RT2860_H2M_INTSRC, 0); 1208 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1209 goto fail; 1210 1211 /* wait until microcontroller is ready */ 1212 for (ntries = 0; ntries < 1000; ntries++) { 1213 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1214 goto fail; 1215 if (tmp & RT2860_MCU_READY) 1216 break; 1217 run_delay(sc, 10); 1218 } 1219 if (ntries == 1000) { 1220 device_printf(sc->sc_dev, 1221 "timeout waiting for MCU to initialize\n"); 1222 error = ETIMEDOUT; 1223 goto fail; 1224 } 1225 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1226 (base == fw->data) ? "RT2870" : "RT3071", 1227 *(base + 4092), *(base + 4093)); 1228 1229 fail: 1230 firmware_put(fw, FIRMWARE_UNLOAD); 1231 return (error); 1232 } 1233 1234 static int 1235 run_reset(struct run_softc *sc) 1236 { 1237 usb_device_request_t req; 1238 1239 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1240 req.bRequest = RT2870_RESET; 1241 USETW(req.wValue, 1); 1242 USETW(req.wIndex, 0); 1243 USETW(req.wLength, 0); 1244 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1245 } 1246 1247 static usb_error_t 1248 run_do_request(struct run_softc *sc, 1249 struct usb_device_request *req, void *data) 1250 { 1251 usb_error_t err; 1252 int ntries = 10; 1253 1254 RUN_LOCK_ASSERT(sc, MA_OWNED); 1255 1256 while (ntries--) { 1257 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1258 req, data, 0, NULL, 250 /* ms */); 1259 if (err == 0) 1260 break; 1261 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1262 "Control request failed, %s (retrying)\n", 1263 usbd_errstr(err)); 1264 run_delay(sc, 10); 1265 } 1266 return (err); 1267 } 1268 1269 static int 1270 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1271 { 1272 uint32_t tmp; 1273 int error; 1274 1275 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1276 if (error == 0) 1277 *val = le32toh(tmp); 1278 else 1279 *val = 0xffffffff; 1280 return (error); 1281 } 1282 1283 static int 1284 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1285 { 1286 usb_device_request_t req; 1287 1288 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1289 req.bRequest = RT2870_READ_REGION_1; 1290 USETW(req.wValue, 0); 1291 USETW(req.wIndex, reg); 1292 USETW(req.wLength, len); 1293 1294 return (run_do_request(sc, &req, buf)); 1295 } 1296 1297 static int 1298 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1299 { 1300 usb_device_request_t req; 1301 1302 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1303 req.bRequest = RT2870_WRITE_2; 1304 USETW(req.wValue, val); 1305 USETW(req.wIndex, reg); 1306 USETW(req.wLength, 0); 1307 1308 return (run_do_request(sc, &req, NULL)); 1309 } 1310 1311 static int 1312 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1313 { 1314 int error; 1315 1316 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1317 error = run_write_2(sc, reg + 2, val >> 16); 1318 return (error); 1319 } 1320 1321 static int 1322 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1323 int len) 1324 { 1325 #if 1 1326 int i, error = 0; 1327 /* 1328 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1329 * We thus issue multiple WRITE_2 commands instead. 1330 */ 1331 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1332 for (i = 0; i < len && error == 0; i += 2) 1333 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1334 return (error); 1335 #else 1336 usb_device_request_t req; 1337 int error = 0; 1338 1339 /* 1340 * NOTE: It appears the WRITE_REGION_1 command cannot be 1341 * passed a huge amount of data, which will crash the 1342 * firmware. Limit amount of data passed to 64-bytes at a 1343 * time. 1344 */ 1345 while (len > 0) { 1346 int delta = 64; 1347 if (delta > len) 1348 delta = len; 1349 1350 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1351 req.bRequest = RT2870_WRITE_REGION_1; 1352 USETW(req.wValue, 0); 1353 USETW(req.wIndex, reg); 1354 USETW(req.wLength, delta); 1355 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1356 if (error != 0) 1357 break; 1358 reg += delta; 1359 buf += delta; 1360 len -= delta; 1361 } 1362 return (error); 1363 #endif 1364 } 1365 1366 static int 1367 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1368 { 1369 int i, error = 0; 1370 1371 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1372 for (i = 0; i < len && error == 0; i += 4) 1373 error = run_write(sc, reg + i, val); 1374 return (error); 1375 } 1376 1377 static int 1378 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1379 { 1380 uint32_t tmp; 1381 uint16_t reg; 1382 int error, ntries; 1383 1384 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1385 return (error); 1386 1387 if (count == 2) 1388 addr *= 2; 1389 /*- 1390 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1391 * DATA0: F E D C 1392 * DATA1: B A 9 8 1393 * DATA2: 7 6 5 4 1394 * DATA3: 3 2 1 0 1395 */ 1396 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1397 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1398 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1399 for (ntries = 0; ntries < 100; ntries++) { 1400 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1401 return (error); 1402 if (!(tmp & RT3070_EFSROM_KICK)) 1403 break; 1404 run_delay(sc, 2); 1405 } 1406 if (ntries == 100) 1407 return (ETIMEDOUT); 1408 1409 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1410 *val = 0xffff; /* address not found */ 1411 return (0); 1412 } 1413 /* determine to which 32-bit register our 16-bit word belongs */ 1414 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1415 if ((error = run_read(sc, reg, &tmp)) != 0) 1416 return (error); 1417 1418 tmp >>= (8 * (addr & 0x3)); 1419 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1420 1421 return (0); 1422 } 1423 1424 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1425 static int 1426 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1427 { 1428 return (run_efuse_read(sc, addr, val, 2)); 1429 } 1430 1431 static int 1432 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1433 { 1434 usb_device_request_t req; 1435 uint16_t tmp; 1436 int error; 1437 1438 addr *= 2; 1439 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1440 req.bRequest = RT2870_EEPROM_READ; 1441 USETW(req.wValue, 0); 1442 USETW(req.wIndex, addr); 1443 USETW(req.wLength, sizeof(tmp)); 1444 1445 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1446 if (error == 0) 1447 *val = le16toh(tmp); 1448 else 1449 *val = 0xffff; 1450 return (error); 1451 } 1452 1453 static __inline int 1454 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1455 { 1456 /* either eFUSE ROM or EEPROM */ 1457 return sc->sc_srom_read(sc, addr, val); 1458 } 1459 1460 static int 1461 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1462 { 1463 uint32_t tmp; 1464 int error, ntries; 1465 1466 for (ntries = 0; ntries < 10; ntries++) { 1467 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1468 return (error); 1469 if (!(tmp & RT2860_RF_REG_CTRL)) 1470 break; 1471 } 1472 if (ntries == 10) 1473 return (ETIMEDOUT); 1474 1475 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1476 } 1477 1478 static int 1479 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1480 { 1481 uint32_t tmp; 1482 int error, ntries; 1483 1484 for (ntries = 0; ntries < 100; ntries++) { 1485 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1486 return (error); 1487 if (!(tmp & RT3070_RF_KICK)) 1488 break; 1489 } 1490 if (ntries == 100) 1491 return (ETIMEDOUT); 1492 1493 tmp = RT3070_RF_KICK | reg << 8; 1494 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1495 return (error); 1496 1497 for (ntries = 0; ntries < 100; ntries++) { 1498 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1499 return (error); 1500 if (!(tmp & RT3070_RF_KICK)) 1501 break; 1502 } 1503 if (ntries == 100) 1504 return (ETIMEDOUT); 1505 1506 *val = tmp & 0xff; 1507 return (0); 1508 } 1509 1510 static int 1511 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1512 { 1513 uint32_t tmp; 1514 int error, ntries; 1515 1516 for (ntries = 0; ntries < 10; ntries++) { 1517 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1518 return (error); 1519 if (!(tmp & RT3070_RF_KICK)) 1520 break; 1521 } 1522 if (ntries == 10) 1523 return (ETIMEDOUT); 1524 1525 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1526 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1527 } 1528 1529 static int 1530 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1531 { 1532 uint32_t tmp; 1533 int ntries, error; 1534 1535 for (ntries = 0; ntries < 10; ntries++) { 1536 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1537 return (error); 1538 if (!(tmp & RT2860_BBP_CSR_KICK)) 1539 break; 1540 } 1541 if (ntries == 10) 1542 return (ETIMEDOUT); 1543 1544 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1545 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1546 return (error); 1547 1548 for (ntries = 0; ntries < 10; ntries++) { 1549 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1550 return (error); 1551 if (!(tmp & RT2860_BBP_CSR_KICK)) 1552 break; 1553 } 1554 if (ntries == 10) 1555 return (ETIMEDOUT); 1556 1557 *val = tmp & 0xff; 1558 return (0); 1559 } 1560 1561 static int 1562 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1563 { 1564 uint32_t tmp; 1565 int ntries, error; 1566 1567 for (ntries = 0; ntries < 10; ntries++) { 1568 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1569 return (error); 1570 if (!(tmp & RT2860_BBP_CSR_KICK)) 1571 break; 1572 } 1573 if (ntries == 10) 1574 return (ETIMEDOUT); 1575 1576 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1577 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1578 } 1579 1580 /* 1581 * Send a command to the 8051 microcontroller unit. 1582 */ 1583 static int 1584 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1585 { 1586 uint32_t tmp; 1587 int error, ntries; 1588 1589 for (ntries = 0; ntries < 100; ntries++) { 1590 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1591 return error; 1592 if (!(tmp & RT2860_H2M_BUSY)) 1593 break; 1594 } 1595 if (ntries == 100) 1596 return ETIMEDOUT; 1597 1598 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1599 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1600 error = run_write(sc, RT2860_HOST_CMD, cmd); 1601 return (error); 1602 } 1603 1604 /* 1605 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1606 * Used to adjust per-rate Tx power registers. 1607 */ 1608 static __inline uint32_t 1609 b4inc(uint32_t b32, int8_t delta) 1610 { 1611 int8_t i, b4; 1612 1613 for (i = 0; i < 8; i++) { 1614 b4 = b32 & 0xf; 1615 b4 += delta; 1616 if (b4 < 0) 1617 b4 = 0; 1618 else if (b4 > 0xf) 1619 b4 = 0xf; 1620 b32 = b32 >> 4 | b4 << 28; 1621 } 1622 return (b32); 1623 } 1624 1625 static const char * 1626 run_get_rf(uint16_t rev) 1627 { 1628 switch (rev) { 1629 case RT2860_RF_2820: return "RT2820"; 1630 case RT2860_RF_2850: return "RT2850"; 1631 case RT2860_RF_2720: return "RT2720"; 1632 case RT2860_RF_2750: return "RT2750"; 1633 case RT3070_RF_3020: return "RT3020"; 1634 case RT3070_RF_2020: return "RT2020"; 1635 case RT3070_RF_3021: return "RT3021"; 1636 case RT3070_RF_3022: return "RT3022"; 1637 case RT3070_RF_3052: return "RT3052"; 1638 case RT3593_RF_3053: return "RT3053"; 1639 case RT5592_RF_5592: return "RT5592"; 1640 case RT5390_RF_5370: return "RT5370"; 1641 case RT5390_RF_5372: return "RT5372"; 1642 } 1643 return ("unknown"); 1644 } 1645 1646 static void 1647 run_rt3593_get_txpower(struct run_softc *sc) 1648 { 1649 uint16_t addr, val; 1650 int i; 1651 1652 /* Read power settings for 2GHz channels. */ 1653 for (i = 0; i < 14; i += 2) { 1654 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1655 RT2860_EEPROM_PWR2GHZ_BASE1; 1656 run_srom_read(sc, addr + i / 2, &val); 1657 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1658 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1659 1660 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1661 RT2860_EEPROM_PWR2GHZ_BASE2; 1662 run_srom_read(sc, addr + i / 2, &val); 1663 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1664 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1665 1666 if (sc->ntxchains == 3) { 1667 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1668 &val); 1669 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1670 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1671 } 1672 } 1673 /* Fix broken Tx power entries. */ 1674 for (i = 0; i < 14; i++) { 1675 if (sc->txpow1[i] > 31) 1676 sc->txpow1[i] = 5; 1677 if (sc->txpow2[i] > 31) 1678 sc->txpow2[i] = 5; 1679 if (sc->ntxchains == 3) { 1680 if (sc->txpow3[i] > 31) 1681 sc->txpow3[i] = 5; 1682 } 1683 } 1684 /* Read power settings for 5GHz channels. */ 1685 for (i = 0; i < 40; i += 2) { 1686 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1687 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1688 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1689 1690 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1691 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1692 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1693 1694 if (sc->ntxchains == 3) { 1695 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1696 &val); 1697 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1698 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1699 } 1700 } 1701 } 1702 1703 static void 1704 run_get_txpower(struct run_softc *sc) 1705 { 1706 uint16_t val; 1707 int i; 1708 1709 /* Read power settings for 2GHz channels. */ 1710 for (i = 0; i < 14; i += 2) { 1711 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1712 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1713 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1714 1715 if (sc->mac_ver != 0x5390) { 1716 run_srom_read(sc, 1717 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1718 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1719 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1720 } 1721 } 1722 /* Fix broken Tx power entries. */ 1723 for (i = 0; i < 14; i++) { 1724 if (sc->mac_ver >= 0x5390) { 1725 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1726 sc->txpow1[i] = 5; 1727 } else { 1728 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1729 sc->txpow1[i] = 5; 1730 } 1731 if (sc->mac_ver > 0x5390) { 1732 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1733 sc->txpow2[i] = 5; 1734 } else if (sc->mac_ver < 0x5390) { 1735 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1736 sc->txpow2[i] = 5; 1737 } 1738 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1739 "chan %d: power1=%d, power2=%d\n", 1740 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1741 } 1742 /* Read power settings for 5GHz channels. */ 1743 for (i = 0; i < 40; i += 2) { 1744 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1745 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1746 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1747 1748 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1749 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1750 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1751 } 1752 /* Fix broken Tx power entries. */ 1753 for (i = 0; i < 40; i++ ) { 1754 if (sc->mac_ver != 0x5592) { 1755 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1756 sc->txpow1[14 + i] = 5; 1757 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1758 sc->txpow2[14 + i] = 5; 1759 } 1760 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1761 "chan %d: power1=%d, power2=%d\n", 1762 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1763 sc->txpow2[14 + i]); 1764 } 1765 } 1766 1767 static int 1768 run_read_eeprom(struct run_softc *sc) 1769 { 1770 struct ieee80211com *ic = &sc->sc_ic; 1771 int8_t delta_2ghz, delta_5ghz; 1772 uint32_t tmp; 1773 uint16_t val; 1774 int ridx, ant, i; 1775 1776 /* check whether the ROM is eFUSE ROM or EEPROM */ 1777 sc->sc_srom_read = run_eeprom_read_2; 1778 if (sc->mac_ver >= 0x3070) { 1779 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1780 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1781 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1782 sc->sc_srom_read = run_efuse_read_2; 1783 } 1784 1785 /* read ROM version */ 1786 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1787 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1788 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1789 1790 /* read MAC address */ 1791 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1792 ic->ic_macaddr[0] = val & 0xff; 1793 ic->ic_macaddr[1] = val >> 8; 1794 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1795 ic->ic_macaddr[2] = val & 0xff; 1796 ic->ic_macaddr[3] = val >> 8; 1797 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1798 ic->ic_macaddr[4] = val & 0xff; 1799 ic->ic_macaddr[5] = val >> 8; 1800 1801 if (sc->mac_ver < 0x3593) { 1802 /* read vender BBP settings */ 1803 for (i = 0; i < 10; i++) { 1804 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1805 sc->bbp[i].val = val & 0xff; 1806 sc->bbp[i].reg = val >> 8; 1807 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1808 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1809 } 1810 if (sc->mac_ver >= 0x3071) { 1811 /* read vendor RF settings */ 1812 for (i = 0; i < 10; i++) { 1813 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1814 &val); 1815 sc->rf[i].val = val & 0xff; 1816 sc->rf[i].reg = val >> 8; 1817 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1818 sc->rf[i].reg, sc->rf[i].val); 1819 } 1820 } 1821 } 1822 1823 /* read RF frequency offset from EEPROM */ 1824 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1825 RT3593_EEPROM_FREQ, &val); 1826 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1827 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1828 sc->freq & 0xff); 1829 1830 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1831 RT3593_EEPROM_FREQ_LEDS, &val); 1832 if (val >> 8 != 0xff) { 1833 /* read LEDs operating mode */ 1834 sc->leds = val >> 8; 1835 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1836 RT3593_EEPROM_LED1, &sc->led[0]); 1837 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1838 RT3593_EEPROM_LED2, &sc->led[1]); 1839 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1840 RT3593_EEPROM_LED3, &sc->led[2]); 1841 } else { 1842 /* broken EEPROM, use default settings */ 1843 sc->leds = 0x01; 1844 sc->led[0] = 0x5555; 1845 sc->led[1] = 0x2221; 1846 sc->led[2] = 0x5627; /* differs from RT2860 */ 1847 } 1848 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1849 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1850 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1851 1852 /* read RF information */ 1853 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1854 run_srom_read(sc, 0x00, &val); 1855 else 1856 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1857 1858 if (val == 0xffff) { 1859 device_printf(sc->sc_dev, 1860 "invalid EEPROM antenna info, using default\n"); 1861 if (sc->mac_ver == 0x3572) { 1862 /* default to RF3052 2T2R */ 1863 sc->rf_rev = RT3070_RF_3052; 1864 sc->ntxchains = 2; 1865 sc->nrxchains = 2; 1866 } else if (sc->mac_ver >= 0x3070) { 1867 /* default to RF3020 1T1R */ 1868 sc->rf_rev = RT3070_RF_3020; 1869 sc->ntxchains = 1; 1870 sc->nrxchains = 1; 1871 } else { 1872 /* default to RF2820 1T2R */ 1873 sc->rf_rev = RT2860_RF_2820; 1874 sc->ntxchains = 1; 1875 sc->nrxchains = 2; 1876 } 1877 } else { 1878 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1879 sc->rf_rev = val; 1880 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1881 } else 1882 sc->rf_rev = (val >> 8) & 0xf; 1883 sc->ntxchains = (val >> 4) & 0xf; 1884 sc->nrxchains = val & 0xf; 1885 } 1886 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1887 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1888 1889 /* check if RF supports automatic Tx access gain control */ 1890 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1891 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1892 /* check if driver should patch the DAC issue */ 1893 if ((val >> 8) != 0xff) 1894 sc->patch_dac = (val >> 15) & 1; 1895 if ((val & 0xff) != 0xff) { 1896 sc->ext_5ghz_lna = (val >> 3) & 1; 1897 sc->ext_2ghz_lna = (val >> 2) & 1; 1898 /* check if RF supports automatic Tx access gain control */ 1899 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1900 /* check if we have a hardware radio switch */ 1901 sc->rfswitch = val & 1; 1902 } 1903 1904 /* Read Tx power settings. */ 1905 if (sc->mac_ver == 0x3593) 1906 run_rt3593_get_txpower(sc); 1907 else 1908 run_get_txpower(sc); 1909 1910 /* read Tx power compensation for each Tx rate */ 1911 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1912 delta_2ghz = delta_5ghz = 0; 1913 if ((val & 0xff) != 0xff && (val & 0x80)) { 1914 delta_2ghz = val & 0xf; 1915 if (!(val & 0x40)) /* negative number */ 1916 delta_2ghz = -delta_2ghz; 1917 } 1918 val >>= 8; 1919 if ((val & 0xff) != 0xff && (val & 0x80)) { 1920 delta_5ghz = val & 0xf; 1921 if (!(val & 0x40)) /* negative number */ 1922 delta_5ghz = -delta_5ghz; 1923 } 1924 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1925 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1926 1927 for (ridx = 0; ridx < 5; ridx++) { 1928 uint32_t reg; 1929 1930 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1931 reg = val; 1932 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1933 reg |= (uint32_t)val << 16; 1934 1935 sc->txpow20mhz[ridx] = reg; 1936 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1937 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1938 1939 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1940 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1941 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1942 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1943 } 1944 1945 /* Read RSSI offsets and LNA gains from EEPROM. */ 1946 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1947 RT3593_EEPROM_RSSI1_2GHZ, &val); 1948 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1949 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1950 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1951 RT3593_EEPROM_RSSI2_2GHZ, &val); 1952 if (sc->mac_ver >= 0x3070) { 1953 if (sc->mac_ver == 0x3593) { 1954 sc->txmixgain_2ghz = 0; 1955 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1956 } else { 1957 /* 1958 * On RT3070 chips (limited to 2 Rx chains), this ROM 1959 * field contains the Tx mixer gain for the 2GHz band. 1960 */ 1961 if ((val & 0xff) != 0xff) 1962 sc->txmixgain_2ghz = val & 0x7; 1963 } 1964 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1965 sc->txmixgain_2ghz); 1966 } else 1967 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1968 if (sc->mac_ver == 0x3593) 1969 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1970 sc->lna[2] = val >> 8; /* channel group 2 */ 1971 1972 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1973 RT3593_EEPROM_RSSI1_5GHZ, &val); 1974 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1975 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1976 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1977 RT3593_EEPROM_RSSI2_5GHZ, &val); 1978 if (sc->mac_ver == 0x3572) { 1979 /* 1980 * On RT3572 chips (limited to 2 Rx chains), this ROM 1981 * field contains the Tx mixer gain for the 5GHz band. 1982 */ 1983 if ((val & 0xff) != 0xff) 1984 sc->txmixgain_5ghz = val & 0x7; 1985 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1986 sc->txmixgain_5ghz); 1987 } else 1988 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1989 if (sc->mac_ver == 0x3593) { 1990 sc->txmixgain_5ghz = 0; 1991 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1992 } 1993 sc->lna[3] = val >> 8; /* channel group 3 */ 1994 1995 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1996 RT3593_EEPROM_LNA, &val); 1997 sc->lna[0] = val & 0xff; /* channel group 0 */ 1998 sc->lna[1] = val >> 8; /* channel group 1 */ 1999 2000 /* fix broken 5GHz LNA entries */ 2001 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2002 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2003 "invalid LNA for channel group %d\n", 2); 2004 sc->lna[2] = sc->lna[1]; 2005 } 2006 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2007 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2008 "invalid LNA for channel group %d\n", 3); 2009 sc->lna[3] = sc->lna[1]; 2010 } 2011 2012 /* fix broken RSSI offset entries */ 2013 for (ant = 0; ant < 3; ant++) { 2014 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2015 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2016 "invalid RSSI%d offset: %d (2GHz)\n", 2017 ant + 1, sc->rssi_2ghz[ant]); 2018 sc->rssi_2ghz[ant] = 0; 2019 } 2020 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2021 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2022 "invalid RSSI%d offset: %d (5GHz)\n", 2023 ant + 1, sc->rssi_5ghz[ant]); 2024 sc->rssi_5ghz[ant] = 0; 2025 } 2026 } 2027 return (0); 2028 } 2029 2030 static struct ieee80211_node * 2031 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2032 { 2033 return malloc(sizeof (struct run_node), M_80211_NODE, 2034 M_NOWAIT | M_ZERO); 2035 } 2036 2037 static int 2038 run_media_change(struct ifnet *ifp) 2039 { 2040 struct ieee80211vap *vap = ifp->if_softc; 2041 struct ieee80211com *ic = vap->iv_ic; 2042 const struct ieee80211_txparam *tp; 2043 struct run_softc *sc = ic->ic_softc; 2044 uint8_t rate, ridx; 2045 int error; 2046 2047 RUN_LOCK(sc); 2048 2049 error = ieee80211_media_change(ifp); 2050 if (error != ENETRESET) { 2051 RUN_UNLOCK(sc); 2052 return (error); 2053 } 2054 2055 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2056 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2057 struct ieee80211_node *ni; 2058 struct run_node *rn; 2059 2060 rate = ic->ic_sup_rates[ic->ic_curmode]. 2061 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2062 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2063 if (rt2860_rates[ridx].rate == rate) 2064 break; 2065 ni = ieee80211_ref_node(vap->iv_bss); 2066 rn = RUN_NODE(ni); 2067 rn->fix_ridx = ridx; 2068 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2069 rate, rn->fix_ridx); 2070 ieee80211_free_node(ni); 2071 } 2072 2073 #if 0 2074 if ((ifp->if_flags & IFF_UP) && 2075 (ifp->if_drv_flags & RUN_RUNNING)){ 2076 run_init_locked(sc); 2077 } 2078 #endif 2079 2080 RUN_UNLOCK(sc); 2081 2082 return (0); 2083 } 2084 2085 static int 2086 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2087 { 2088 const struct ieee80211_txparam *tp; 2089 struct ieee80211com *ic = vap->iv_ic; 2090 struct run_softc *sc = ic->ic_softc; 2091 struct run_vap *rvp = RUN_VAP(vap); 2092 enum ieee80211_state ostate; 2093 uint32_t sta[3]; 2094 uint8_t ratectl; 2095 uint8_t restart_ratectl = 0; 2096 uint8_t bid = 1 << rvp->rvp_id; 2097 2098 ostate = vap->iv_state; 2099 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2100 ieee80211_state_name[ostate], 2101 ieee80211_state_name[nstate]); 2102 2103 IEEE80211_UNLOCK(ic); 2104 RUN_LOCK(sc); 2105 2106 ratectl = sc->ratectl_run; /* remember current state */ 2107 sc->ratectl_run = RUN_RATECTL_OFF; 2108 usb_callout_stop(&sc->ratectl_ch); 2109 2110 if (ostate == IEEE80211_S_RUN) { 2111 /* turn link LED off */ 2112 run_set_leds(sc, RT2860_LED_RADIO); 2113 } 2114 2115 switch (nstate) { 2116 case IEEE80211_S_INIT: 2117 restart_ratectl = 1; 2118 2119 if (ostate != IEEE80211_S_RUN) 2120 break; 2121 2122 ratectl &= ~bid; 2123 sc->runbmap &= ~bid; 2124 2125 /* abort TSF synchronization if there is no vap running */ 2126 if (--sc->running == 0) 2127 run_disable_tsf(sc); 2128 break; 2129 2130 case IEEE80211_S_RUN: 2131 if (!(sc->runbmap & bid)) { 2132 if(sc->running++) 2133 restart_ratectl = 1; 2134 sc->runbmap |= bid; 2135 } 2136 2137 m_freem(rvp->beacon_mbuf); 2138 rvp->beacon_mbuf = NULL; 2139 2140 switch (vap->iv_opmode) { 2141 case IEEE80211_M_HOSTAP: 2142 case IEEE80211_M_MBSS: 2143 sc->ap_running |= bid; 2144 ic->ic_opmode = vap->iv_opmode; 2145 run_update_beacon_cb(vap); 2146 break; 2147 case IEEE80211_M_IBSS: 2148 sc->adhoc_running |= bid; 2149 if (!sc->ap_running) 2150 ic->ic_opmode = vap->iv_opmode; 2151 run_update_beacon_cb(vap); 2152 break; 2153 case IEEE80211_M_STA: 2154 sc->sta_running |= bid; 2155 if (!sc->ap_running && !sc->adhoc_running) 2156 ic->ic_opmode = vap->iv_opmode; 2157 2158 /* read statistic counters (clear on read) */ 2159 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2160 (uint8_t *)sta, sizeof sta); 2161 2162 break; 2163 default: 2164 ic->ic_opmode = vap->iv_opmode; 2165 break; 2166 } 2167 2168 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2169 struct ieee80211_node *ni; 2170 2171 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2172 RUN_UNLOCK(sc); 2173 IEEE80211_LOCK(ic); 2174 return (-1); 2175 } 2176 run_updateslot(ic); 2177 run_enable_mrr(sc); 2178 run_set_txpreamble(sc); 2179 run_set_basicrates(sc); 2180 ni = ieee80211_ref_node(vap->iv_bss); 2181 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2182 run_set_bssid(sc, sc->sc_bssid); 2183 ieee80211_free_node(ni); 2184 run_enable_tsf_sync(sc); 2185 2186 /* enable automatic rate adaptation */ 2187 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2188 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2189 ratectl |= bid; 2190 } else 2191 run_enable_tsf(sc); 2192 2193 /* turn link LED on */ 2194 run_set_leds(sc, RT2860_LED_RADIO | 2195 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2196 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2197 2198 break; 2199 default: 2200 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2201 break; 2202 } 2203 2204 /* restart amrr for running VAPs */ 2205 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2206 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2207 2208 RUN_UNLOCK(sc); 2209 IEEE80211_LOCK(ic); 2210 2211 return(rvp->newstate(vap, nstate, arg)); 2212 } 2213 2214 static int 2215 run_wme_update(struct ieee80211com *ic) 2216 { 2217 struct chanAccParams chp; 2218 struct run_softc *sc = ic->ic_softc; 2219 const struct wmeParams *ac; 2220 int aci, error = 0; 2221 2222 ieee80211_wme_ic_getparams(ic, &chp); 2223 ac = chp.cap_wmeParams; 2224 2225 /* update MAC TX configuration registers */ 2226 RUN_LOCK(sc); 2227 for (aci = 0; aci < WME_NUM_AC; aci++) { 2228 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2229 ac[aci].wmep_logcwmax << 16 | 2230 ac[aci].wmep_logcwmin << 12 | 2231 ac[aci].wmep_aifsn << 8 | 2232 ac[aci].wmep_txopLimit); 2233 if (error) goto err; 2234 } 2235 2236 /* update SCH/DMA registers too */ 2237 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2238 ac[WME_AC_VO].wmep_aifsn << 12 | 2239 ac[WME_AC_VI].wmep_aifsn << 8 | 2240 ac[WME_AC_BK].wmep_aifsn << 4 | 2241 ac[WME_AC_BE].wmep_aifsn); 2242 if (error) goto err; 2243 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2244 ac[WME_AC_VO].wmep_logcwmin << 12 | 2245 ac[WME_AC_VI].wmep_logcwmin << 8 | 2246 ac[WME_AC_BK].wmep_logcwmin << 4 | 2247 ac[WME_AC_BE].wmep_logcwmin); 2248 if (error) goto err; 2249 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2250 ac[WME_AC_VO].wmep_logcwmax << 12 | 2251 ac[WME_AC_VI].wmep_logcwmax << 8 | 2252 ac[WME_AC_BK].wmep_logcwmax << 4 | 2253 ac[WME_AC_BE].wmep_logcwmax); 2254 if (error) goto err; 2255 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2256 ac[WME_AC_BK].wmep_txopLimit << 16 | 2257 ac[WME_AC_BE].wmep_txopLimit); 2258 if (error) goto err; 2259 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2260 ac[WME_AC_VO].wmep_txopLimit << 16 | 2261 ac[WME_AC_VI].wmep_txopLimit); 2262 2263 err: 2264 RUN_UNLOCK(sc); 2265 if (error) 2266 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2267 2268 return (error); 2269 } 2270 2271 static void 2272 run_key_set_cb(void *arg) 2273 { 2274 struct run_cmdq *cmdq = arg; 2275 struct ieee80211vap *vap = cmdq->arg1; 2276 struct ieee80211_key *k = cmdq->k; 2277 struct ieee80211com *ic = vap->iv_ic; 2278 struct run_softc *sc = ic->ic_softc; 2279 struct ieee80211_node *ni; 2280 u_int cipher = k->wk_cipher->ic_cipher; 2281 uint32_t attr; 2282 uint16_t base, associd; 2283 uint8_t mode, wcid, iv[8]; 2284 2285 RUN_LOCK_ASSERT(sc, MA_OWNED); 2286 2287 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2288 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2289 else 2290 ni = vap->iv_bss; 2291 associd = (ni != NULL) ? ni->ni_associd : 0; 2292 2293 /* map net80211 cipher to RT2860 security mode */ 2294 switch (cipher) { 2295 case IEEE80211_CIPHER_WEP: 2296 if(k->wk_keylen < 8) 2297 mode = RT2860_MODE_WEP40; 2298 else 2299 mode = RT2860_MODE_WEP104; 2300 break; 2301 case IEEE80211_CIPHER_TKIP: 2302 mode = RT2860_MODE_TKIP; 2303 break; 2304 case IEEE80211_CIPHER_AES_CCM: 2305 mode = RT2860_MODE_AES_CCMP; 2306 break; 2307 default: 2308 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2309 return; 2310 } 2311 2312 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2313 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2314 associd, k->wk_keyix, mode, 2315 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2316 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2317 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2318 2319 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2320 wcid = 0; /* NB: update WCID0 for group keys */ 2321 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2322 } else { 2323 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2324 1 : RUN_AID2WCID(associd); 2325 base = RT2860_PKEY(wcid); 2326 } 2327 2328 if (cipher == IEEE80211_CIPHER_TKIP) { 2329 if(run_write_region_1(sc, base, k->wk_key, 16)) 2330 return; 2331 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2332 return; 2333 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2334 return; 2335 } else { 2336 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2337 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2338 return; 2339 } 2340 2341 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2342 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2343 /* set initial packet number in IV+EIV */ 2344 if (cipher == IEEE80211_CIPHER_WEP) { 2345 memset(iv, 0, sizeof iv); 2346 iv[3] = vap->iv_def_txkey << 6; 2347 } else { 2348 if (cipher == IEEE80211_CIPHER_TKIP) { 2349 iv[0] = k->wk_keytsc >> 8; 2350 iv[1] = (iv[0] | 0x20) & 0x7f; 2351 iv[2] = k->wk_keytsc; 2352 } else /* CCMP */ { 2353 iv[0] = k->wk_keytsc; 2354 iv[1] = k->wk_keytsc >> 8; 2355 iv[2] = 0; 2356 } 2357 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2358 iv[4] = k->wk_keytsc >> 16; 2359 iv[5] = k->wk_keytsc >> 24; 2360 iv[6] = k->wk_keytsc >> 32; 2361 iv[7] = k->wk_keytsc >> 40; 2362 } 2363 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2364 return; 2365 } 2366 2367 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2368 /* install group key */ 2369 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2370 return; 2371 attr &= ~(0xf << (k->wk_keyix * 4)); 2372 attr |= mode << (k->wk_keyix * 4); 2373 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2374 return; 2375 } else { 2376 /* install pairwise key */ 2377 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2378 return; 2379 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2380 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2381 return; 2382 } 2383 2384 /* TODO create a pass-thru key entry? */ 2385 2386 /* need wcid to delete the right key later */ 2387 k->wk_pad = wcid; 2388 } 2389 2390 /* 2391 * Don't have to be deferred, but in order to keep order of 2392 * execution, i.e. with run_key_delete(), defer this and let 2393 * run_cmdq_cb() maintain the order. 2394 * 2395 * return 0 on error 2396 */ 2397 static int 2398 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2399 { 2400 struct ieee80211com *ic = vap->iv_ic; 2401 struct run_softc *sc = ic->ic_softc; 2402 uint32_t i; 2403 2404 i = RUN_CMDQ_GET(&sc->cmdq_store); 2405 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2406 sc->cmdq[i].func = run_key_set_cb; 2407 sc->cmdq[i].arg0 = NULL; 2408 sc->cmdq[i].arg1 = vap; 2409 sc->cmdq[i].k = k; 2410 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2411 ieee80211_runtask(ic, &sc->cmdq_task); 2412 2413 /* 2414 * To make sure key will be set when hostapd 2415 * calls iv_key_set() before if_init(). 2416 */ 2417 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2418 RUN_LOCK(sc); 2419 sc->cmdq_key_set = RUN_CMDQ_GO; 2420 RUN_UNLOCK(sc); 2421 } 2422 2423 return (1); 2424 } 2425 2426 /* 2427 * If wlan is destroyed without being brought down i.e. without 2428 * wlan down or wpa_cli terminate, this function is called after 2429 * vap is gone. Don't refer it. 2430 */ 2431 static void 2432 run_key_delete_cb(void *arg) 2433 { 2434 struct run_cmdq *cmdq = arg; 2435 struct run_softc *sc = cmdq->arg1; 2436 struct ieee80211_key *k = &cmdq->key; 2437 uint32_t attr; 2438 uint8_t wcid; 2439 2440 RUN_LOCK_ASSERT(sc, MA_OWNED); 2441 2442 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2443 /* remove group key */ 2444 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2445 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2446 attr &= ~(0xf << (k->wk_keyix * 4)); 2447 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2448 } else { 2449 /* remove pairwise key */ 2450 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2451 "removing key for wcid %x\n", k->wk_pad); 2452 /* matching wcid was written to wk_pad in run_key_set() */ 2453 wcid = k->wk_pad; 2454 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2455 attr &= ~0xf; 2456 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2457 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2458 } 2459 2460 k->wk_pad = 0; 2461 } 2462 2463 /* 2464 * return 0 on error 2465 */ 2466 static int 2467 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2468 { 2469 struct ieee80211com *ic = vap->iv_ic; 2470 struct run_softc *sc = ic->ic_softc; 2471 struct ieee80211_key *k0; 2472 uint32_t i; 2473 2474 /* 2475 * When called back, key might be gone. So, make a copy 2476 * of some values need to delete keys before deferring. 2477 * But, because of LOR with node lock, cannot use lock here. 2478 * So, use atomic instead. 2479 */ 2480 i = RUN_CMDQ_GET(&sc->cmdq_store); 2481 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2482 sc->cmdq[i].func = run_key_delete_cb; 2483 sc->cmdq[i].arg0 = NULL; 2484 sc->cmdq[i].arg1 = sc; 2485 k0 = &sc->cmdq[i].key; 2486 k0->wk_flags = k->wk_flags; 2487 k0->wk_keyix = k->wk_keyix; 2488 /* matching wcid was written to wk_pad in run_key_set() */ 2489 k0->wk_pad = k->wk_pad; 2490 ieee80211_runtask(ic, &sc->cmdq_task); 2491 return (1); /* return fake success */ 2492 2493 } 2494 2495 static void 2496 run_ratectl_to(void *arg) 2497 { 2498 struct run_softc *sc = arg; 2499 2500 /* do it in a process context, so it can go sleep */ 2501 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2502 /* next timeout will be rescheduled in the callback task */ 2503 } 2504 2505 /* ARGSUSED */ 2506 static void 2507 run_ratectl_cb(void *arg, int pending) 2508 { 2509 struct run_softc *sc = arg; 2510 struct ieee80211com *ic = &sc->sc_ic; 2511 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2512 2513 if (vap == NULL) 2514 return; 2515 2516 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2517 /* 2518 * run_reset_livelock() doesn't do anything with AMRR, 2519 * but Ralink wants us to call it every 1 sec. So, we 2520 * piggyback here rather than creating another callout. 2521 * Livelock may occur only in HOSTAP or IBSS mode 2522 * (when h/w is sending beacons). 2523 */ 2524 RUN_LOCK(sc); 2525 run_reset_livelock(sc); 2526 /* just in case, there are some stats to drain */ 2527 run_drain_fifo(sc); 2528 RUN_UNLOCK(sc); 2529 } 2530 2531 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2532 2533 RUN_LOCK(sc); 2534 if(sc->ratectl_run != RUN_RATECTL_OFF) 2535 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2536 RUN_UNLOCK(sc); 2537 } 2538 2539 static void 2540 run_drain_fifo(void *arg) 2541 { 2542 struct run_softc *sc = arg; 2543 uint32_t stat; 2544 uint16_t (*wstat)[3]; 2545 uint8_t wcid, mcs, pid; 2546 int8_t retry; 2547 2548 RUN_LOCK_ASSERT(sc, MA_OWNED); 2549 2550 for (;;) { 2551 /* drain Tx status FIFO (maxsize = 16) */ 2552 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2553 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2554 if (!(stat & RT2860_TXQ_VLD)) 2555 break; 2556 2557 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2558 2559 /* if no ACK was requested, no feedback is available */ 2560 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2561 wcid == 0) 2562 continue; 2563 2564 /* 2565 * Even though each stat is Tx-complete-status like format, 2566 * the device can poll stats. Because there is no guarantee 2567 * that the referring node is still around when read the stats. 2568 * So that, if we use ieee80211_ratectl_tx_update(), we will 2569 * have hard time not to refer already freed node. 2570 * 2571 * To eliminate such page faults, we poll stats in softc. 2572 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2573 */ 2574 wstat = &(sc->wcid_stats[wcid]); 2575 (*wstat)[RUN_TXCNT]++; 2576 if (stat & RT2860_TXQ_OK) 2577 (*wstat)[RUN_SUCCESS]++; 2578 else 2579 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2580 /* 2581 * Check if there were retries, ie if the Tx success rate is 2582 * different from the requested rate. Note that it works only 2583 * because we do not allow rate fallback from OFDM to CCK. 2584 */ 2585 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2586 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2587 if ((retry = pid -1 - mcs) > 0) { 2588 (*wstat)[RUN_TXCNT] += retry; 2589 (*wstat)[RUN_RETRY] += retry; 2590 } 2591 } 2592 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2593 2594 sc->fifo_cnt = 0; 2595 } 2596 2597 static void 2598 run_iter_func(void *arg, struct ieee80211_node *ni) 2599 { 2600 struct run_softc *sc = arg; 2601 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2602 struct ieee80211vap *vap = ni->ni_vap; 2603 struct run_node *rn = RUN_NODE(ni); 2604 union run_stats sta[2]; 2605 uint16_t (*wstat)[3]; 2606 int error; 2607 2608 RUN_LOCK(sc); 2609 2610 /* Check for special case */ 2611 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2612 ni != vap->iv_bss) 2613 goto fail; 2614 2615 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2616 IEEE80211_RATECTL_TX_STATS_RETRIES; 2617 txs->ni = ni; 2618 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2619 vap->iv_opmode == IEEE80211_M_STA)) { 2620 /* read statistic counters (clear on read) and update AMRR state */ 2621 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2622 sizeof sta); 2623 if (error != 0) 2624 goto fail; 2625 2626 /* count failed TX as errors */ 2627 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2628 le16toh(sta[0].error.fail)); 2629 2630 txs->nretries = le16toh(sta[1].tx.retry); 2631 txs->nsuccess = le16toh(sta[1].tx.success); 2632 /* nretries??? */ 2633 txs->nframes = txs->nretries + txs->nsuccess + 2634 le16toh(sta[0].error.fail); 2635 2636 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2637 "retrycnt=%d success=%d failcnt=%d\n", 2638 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2639 } else { 2640 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2641 2642 if (wstat == &(sc->wcid_stats[0]) || 2643 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2644 goto fail; 2645 2646 txs->nretries = (*wstat)[RUN_RETRY]; 2647 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2648 txs->nframes = (*wstat)[RUN_TXCNT]; 2649 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2650 "retrycnt=%d txcnt=%d success=%d\n", 2651 txs->nretries, txs->nframes, txs->nsuccess); 2652 2653 memset(wstat, 0, sizeof(*wstat)); 2654 } 2655 2656 ieee80211_ratectl_tx_update(vap, txs); 2657 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2658 2659 fail: 2660 RUN_UNLOCK(sc); 2661 2662 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2663 } 2664 2665 static void 2666 run_newassoc_cb(void *arg) 2667 { 2668 struct run_cmdq *cmdq = arg; 2669 struct ieee80211_node *ni = cmdq->arg1; 2670 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2671 uint8_t wcid = cmdq->wcid; 2672 2673 RUN_LOCK_ASSERT(sc, MA_OWNED); 2674 2675 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2676 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2677 2678 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2679 } 2680 2681 static void 2682 run_newassoc(struct ieee80211_node *ni, int isnew) 2683 { 2684 struct run_node *rn = RUN_NODE(ni); 2685 struct ieee80211_rateset *rs = &ni->ni_rates; 2686 struct ieee80211vap *vap = ni->ni_vap; 2687 struct ieee80211com *ic = vap->iv_ic; 2688 struct run_softc *sc = ic->ic_softc; 2689 uint8_t rate; 2690 uint8_t ridx; 2691 uint8_t wcid; 2692 int i, j; 2693 2694 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2695 1 : RUN_AID2WCID(ni->ni_associd); 2696 2697 if (wcid > RT2870_WCID_MAX) { 2698 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2699 return; 2700 } 2701 2702 /* only interested in true associations */ 2703 if (isnew && ni->ni_associd != 0) { 2704 2705 /* 2706 * This function could is called though timeout function. 2707 * Need to defer. 2708 */ 2709 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2710 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2711 sc->cmdq[cnt].func = run_newassoc_cb; 2712 sc->cmdq[cnt].arg0 = NULL; 2713 sc->cmdq[cnt].arg1 = ni; 2714 sc->cmdq[cnt].wcid = wcid; 2715 ieee80211_runtask(ic, &sc->cmdq_task); 2716 } 2717 2718 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2719 "new assoc isnew=%d associd=%x addr=%s\n", 2720 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2721 2722 for (i = 0; i < rs->rs_nrates; i++) { 2723 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2724 /* convert 802.11 rate to hardware rate index */ 2725 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2726 if (rt2860_rates[ridx].rate == rate) 2727 break; 2728 rn->ridx[i] = ridx; 2729 /* determine rate of control response frames */ 2730 for (j = i; j >= 0; j--) { 2731 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2732 rt2860_rates[rn->ridx[i]].phy == 2733 rt2860_rates[rn->ridx[j]].phy) 2734 break; 2735 } 2736 if (j >= 0) { 2737 rn->ctl_ridx[i] = rn->ridx[j]; 2738 } else { 2739 /* no basic rate found, use mandatory one */ 2740 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2741 } 2742 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2743 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2744 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2745 } 2746 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2747 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2748 if (rt2860_rates[ridx].rate == rate) 2749 break; 2750 rn->mgt_ridx = ridx; 2751 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2752 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2753 2754 RUN_LOCK(sc); 2755 if(sc->ratectl_run != RUN_RATECTL_OFF) 2756 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2757 RUN_UNLOCK(sc); 2758 } 2759 2760 /* 2761 * Return the Rx chain with the highest RSSI for a given frame. 2762 */ 2763 static __inline uint8_t 2764 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2765 { 2766 uint8_t rxchain = 0; 2767 2768 if (sc->nrxchains > 1) { 2769 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2770 rxchain = 1; 2771 if (sc->nrxchains > 2) 2772 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2773 rxchain = 2; 2774 } 2775 return (rxchain); 2776 } 2777 2778 static void 2779 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2780 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2781 { 2782 struct ieee80211vap *vap = ni->ni_vap; 2783 struct run_softc *sc = vap->iv_ic->ic_softc; 2784 struct run_vap *rvp = RUN_VAP(vap); 2785 uint64_t ni_tstamp, rx_tstamp; 2786 2787 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2788 2789 if (vap->iv_state == IEEE80211_S_RUN && 2790 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2791 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2792 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2793 RUN_LOCK(sc); 2794 run_get_tsf(sc, &rx_tstamp); 2795 RUN_UNLOCK(sc); 2796 rx_tstamp = le64toh(rx_tstamp); 2797 2798 if (ni_tstamp >= rx_tstamp) { 2799 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2800 "ibss merge, tsf %ju tstamp %ju\n", 2801 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2802 (void) ieee80211_ibss_merge(ni); 2803 } 2804 } 2805 } 2806 2807 static void 2808 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2809 { 2810 struct ieee80211com *ic = &sc->sc_ic; 2811 struct ieee80211_frame *wh; 2812 struct ieee80211_node *ni; 2813 struct rt2870_rxd *rxd; 2814 struct rt2860_rxwi *rxwi; 2815 uint32_t flags; 2816 uint16_t len, rxwisize; 2817 uint8_t ant, rssi; 2818 int8_t nf; 2819 2820 rxwisize = sizeof(struct rt2860_rxwi); 2821 if (sc->mac_ver == 0x5592) 2822 rxwisize += sizeof(uint64_t); 2823 else if (sc->mac_ver == 0x3593) 2824 rxwisize += sizeof(uint32_t); 2825 2826 if (__predict_false(dmalen < 2827 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2828 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2829 "payload is too short: dma length %u < %zu\n", 2830 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2831 goto fail; 2832 } 2833 2834 rxwi = mtod(m, struct rt2860_rxwi *); 2835 len = le16toh(rxwi->len) & 0xfff; 2836 2837 if (__predict_false(len > dmalen - rxwisize)) { 2838 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2839 "bad RXWI length %u > %u\n", len, dmalen); 2840 goto fail; 2841 } 2842 2843 /* Rx descriptor is located at the end */ 2844 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2845 flags = le32toh(rxd->flags); 2846 2847 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2848 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2849 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2850 goto fail; 2851 } 2852 2853 if (flags & RT2860_RX_L2PAD) { 2854 /* 2855 * XXX OpenBSD removes padding between header 2856 * and payload here... 2857 */ 2858 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2859 "received RT2860_RX_L2PAD frame\n"); 2860 len += 2; 2861 } 2862 2863 m->m_data += rxwisize; 2864 m->m_pkthdr.len = m->m_len = len; 2865 2866 wh = mtod(m, struct ieee80211_frame *); 2867 2868 /* XXX wrong for monitor mode */ 2869 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2870 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2871 m->m_flags |= M_WEP; 2872 } 2873 2874 if (len >= sizeof(struct ieee80211_frame_min)) { 2875 ni = ieee80211_find_rxnode(ic, 2876 mtod(m, struct ieee80211_frame_min *)); 2877 } else 2878 ni = NULL; 2879 2880 if (__predict_false(flags & RT2860_RX_MICERR)) { 2881 /* report MIC failures to net80211 for TKIP */ 2882 if (ni != NULL) 2883 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2884 rxwi->keyidx); 2885 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2886 "MIC error. Someone is lying.\n"); 2887 goto fail; 2888 } 2889 2890 ant = run_maxrssi_chain(sc, rxwi); 2891 rssi = rxwi->rssi[ant]; 2892 nf = run_rssi2dbm(sc, rssi, ant); 2893 2894 if (__predict_false(ieee80211_radiotap_active(ic))) { 2895 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2896 uint16_t phy; 2897 2898 tap->wr_flags = 0; 2899 tap->wr_antsignal = rssi; 2900 tap->wr_antenna = ant; 2901 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2902 tap->wr_rate = 2; /* in case it can't be found below */ 2903 RUN_LOCK(sc); 2904 run_get_tsf(sc, &tap->wr_tsf); 2905 RUN_UNLOCK(sc); 2906 phy = le16toh(rxwi->phy); 2907 switch (phy & RT2860_PHY_MODE) { 2908 case RT2860_PHY_CCK: 2909 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2910 case 0: tap->wr_rate = 2; break; 2911 case 1: tap->wr_rate = 4; break; 2912 case 2: tap->wr_rate = 11; break; 2913 case 3: tap->wr_rate = 22; break; 2914 } 2915 if (phy & RT2860_PHY_SHPRE) 2916 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2917 break; 2918 case RT2860_PHY_OFDM: 2919 switch (phy & RT2860_PHY_MCS) { 2920 case 0: tap->wr_rate = 12; break; 2921 case 1: tap->wr_rate = 18; break; 2922 case 2: tap->wr_rate = 24; break; 2923 case 3: tap->wr_rate = 36; break; 2924 case 4: tap->wr_rate = 48; break; 2925 case 5: tap->wr_rate = 72; break; 2926 case 6: tap->wr_rate = 96; break; 2927 case 7: tap->wr_rate = 108; break; 2928 } 2929 break; 2930 } 2931 } 2932 2933 if (ni != NULL) { 2934 (void)ieee80211_input(ni, m, rssi, nf); 2935 ieee80211_free_node(ni); 2936 } else { 2937 (void)ieee80211_input_all(ic, m, rssi, nf); 2938 } 2939 2940 return; 2941 2942 fail: 2943 m_freem(m); 2944 counter_u64_add(ic->ic_ierrors, 1); 2945 } 2946 2947 static void 2948 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2949 { 2950 struct run_softc *sc = usbd_xfer_softc(xfer); 2951 struct ieee80211com *ic = &sc->sc_ic; 2952 struct mbuf *m = NULL; 2953 struct mbuf *m0; 2954 uint32_t dmalen, mbuf_len; 2955 uint16_t rxwisize; 2956 int xferlen; 2957 2958 rxwisize = sizeof(struct rt2860_rxwi); 2959 if (sc->mac_ver == 0x5592) 2960 rxwisize += sizeof(uint64_t); 2961 else if (sc->mac_ver == 0x3593) 2962 rxwisize += sizeof(uint32_t); 2963 2964 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2965 2966 switch (USB_GET_STATE(xfer)) { 2967 case USB_ST_TRANSFERRED: 2968 2969 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2970 "rx done, actlen=%d\n", xferlen); 2971 2972 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2973 sizeof(struct rt2870_rxd))) { 2974 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2975 "xfer too short %d\n", xferlen); 2976 goto tr_setup; 2977 } 2978 2979 m = sc->rx_m; 2980 sc->rx_m = NULL; 2981 2982 /* FALLTHROUGH */ 2983 case USB_ST_SETUP: 2984 tr_setup: 2985 if (sc->rx_m == NULL) { 2986 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2987 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2988 } 2989 if (sc->rx_m == NULL) { 2990 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2991 "could not allocate mbuf - idle with stall\n"); 2992 counter_u64_add(ic->ic_ierrors, 1); 2993 usbd_xfer_set_stall(xfer); 2994 usbd_xfer_set_frames(xfer, 0); 2995 } else { 2996 /* 2997 * Directly loading a mbuf cluster into DMA to 2998 * save some data copying. This works because 2999 * there is only one cluster. 3000 */ 3001 usbd_xfer_set_frame_data(xfer, 0, 3002 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3003 usbd_xfer_set_frames(xfer, 1); 3004 } 3005 usbd_transfer_submit(xfer); 3006 break; 3007 3008 default: /* Error */ 3009 if (error != USB_ERR_CANCELLED) { 3010 /* try to clear stall first */ 3011 usbd_xfer_set_stall(xfer); 3012 if (error == USB_ERR_TIMEOUT) 3013 device_printf(sc->sc_dev, "device timeout\n"); 3014 counter_u64_add(ic->ic_ierrors, 1); 3015 goto tr_setup; 3016 } 3017 if (sc->rx_m != NULL) { 3018 m_freem(sc->rx_m); 3019 sc->rx_m = NULL; 3020 } 3021 break; 3022 } 3023 3024 if (m == NULL) 3025 return; 3026 3027 /* inputting all the frames must be last */ 3028 3029 RUN_UNLOCK(sc); 3030 3031 m->m_pkthdr.len = m->m_len = xferlen; 3032 3033 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3034 for(;;) { 3035 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3036 3037 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3038 ((dmalen & 3) != 0)) { 3039 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3040 "bad DMA length %u\n", dmalen); 3041 break; 3042 } 3043 if ((dmalen + 8) > (uint32_t)xferlen) { 3044 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3045 "bad DMA length %u > %d\n", 3046 dmalen + 8, xferlen); 3047 break; 3048 } 3049 3050 /* If it is the last one or a single frame, we won't copy. */ 3051 if ((xferlen -= dmalen + 8) <= 8) { 3052 /* trim 32-bit DMA-len header */ 3053 m->m_data += 4; 3054 m->m_pkthdr.len = m->m_len -= 4; 3055 run_rx_frame(sc, m, dmalen); 3056 m = NULL; /* don't free source buffer */ 3057 break; 3058 } 3059 3060 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3061 if (__predict_false(mbuf_len > MCLBYTES)) { 3062 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3063 "payload is too big: mbuf_len %u\n", mbuf_len); 3064 counter_u64_add(ic->ic_ierrors, 1); 3065 break; 3066 } 3067 3068 /* copy aggregated frames to another mbuf */ 3069 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3070 if (__predict_false(m0 == NULL)) { 3071 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3072 "could not allocate mbuf\n"); 3073 counter_u64_add(ic->ic_ierrors, 1); 3074 break; 3075 } 3076 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3077 mbuf_len, mtod(m0, caddr_t)); 3078 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3079 run_rx_frame(sc, m0, dmalen); 3080 3081 /* update data ptr */ 3082 m->m_data += mbuf_len + 4; 3083 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3084 } 3085 3086 /* make sure we free the source buffer, if any */ 3087 m_freem(m); 3088 3089 RUN_LOCK(sc); 3090 } 3091 3092 static void 3093 run_tx_free(struct run_endpoint_queue *pq, 3094 struct run_tx_data *data, int txerr) 3095 { 3096 3097 ieee80211_tx_complete(data->ni, data->m, txerr); 3098 3099 data->m = NULL; 3100 data->ni = NULL; 3101 3102 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3103 pq->tx_nfree++; 3104 } 3105 3106 static void 3107 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3108 { 3109 struct run_softc *sc = usbd_xfer_softc(xfer); 3110 struct ieee80211com *ic = &sc->sc_ic; 3111 struct run_tx_data *data; 3112 struct ieee80211vap *vap = NULL; 3113 struct usb_page_cache *pc; 3114 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3115 struct mbuf *m; 3116 usb_frlength_t size; 3117 int actlen; 3118 int sumlen; 3119 3120 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3121 3122 switch (USB_GET_STATE(xfer)) { 3123 case USB_ST_TRANSFERRED: 3124 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3125 "transfer complete: %d bytes @ index %d\n", actlen, index); 3126 3127 data = usbd_xfer_get_priv(xfer); 3128 run_tx_free(pq, data, 0); 3129 usbd_xfer_set_priv(xfer, NULL); 3130 3131 /* FALLTHROUGH */ 3132 case USB_ST_SETUP: 3133 tr_setup: 3134 data = STAILQ_FIRST(&pq->tx_qh); 3135 if (data == NULL) 3136 break; 3137 3138 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3139 3140 m = data->m; 3141 size = (sc->mac_ver == 0x5592) ? 3142 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3143 if ((m->m_pkthdr.len + 3144 size + 3 + 8) > RUN_MAX_TXSZ) { 3145 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3146 "data overflow, %u bytes\n", m->m_pkthdr.len); 3147 run_tx_free(pq, data, 1); 3148 goto tr_setup; 3149 } 3150 3151 pc = usbd_xfer_get_frame(xfer, 0); 3152 usbd_copy_in(pc, 0, &data->desc, size); 3153 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3154 size += m->m_pkthdr.len; 3155 /* 3156 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3157 * 4-byte padding), and be sure to zero those trailing 3158 * bytes: 3159 */ 3160 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3161 size += ((-size) & 3) + 8; 3162 3163 vap = data->ni->ni_vap; 3164 if (ieee80211_radiotap_active_vap(vap)) { 3165 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3166 struct rt2860_txwi *txwi = 3167 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3168 tap->wt_flags = 0; 3169 tap->wt_rate = rt2860_rates[data->ridx].rate; 3170 tap->wt_hwqueue = index; 3171 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3172 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3173 3174 ieee80211_radiotap_tx(vap, m); 3175 } 3176 3177 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3178 "sending frame len=%u/%u @ index %d\n", 3179 m->m_pkthdr.len, size, index); 3180 3181 usbd_xfer_set_frame_len(xfer, 0, size); 3182 usbd_xfer_set_priv(xfer, data); 3183 usbd_transfer_submit(xfer); 3184 run_start(sc); 3185 3186 break; 3187 3188 default: 3189 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3190 "USB transfer error, %s\n", usbd_errstr(error)); 3191 3192 data = usbd_xfer_get_priv(xfer); 3193 3194 if (data != NULL) { 3195 if(data->ni != NULL) 3196 vap = data->ni->ni_vap; 3197 run_tx_free(pq, data, error); 3198 usbd_xfer_set_priv(xfer, NULL); 3199 } 3200 3201 if (vap == NULL) 3202 vap = TAILQ_FIRST(&ic->ic_vaps); 3203 3204 if (error != USB_ERR_CANCELLED) { 3205 if (error == USB_ERR_TIMEOUT) { 3206 device_printf(sc->sc_dev, "device timeout\n"); 3207 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3208 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3209 "cmdq_store=%d\n", i); 3210 sc->cmdq[i].func = run_usb_timeout_cb; 3211 sc->cmdq[i].arg0 = vap; 3212 ieee80211_runtask(ic, &sc->cmdq_task); 3213 } 3214 3215 /* 3216 * Try to clear stall first, also if other 3217 * errors occur, hence clearing stall 3218 * introduces a 50 ms delay: 3219 */ 3220 usbd_xfer_set_stall(xfer); 3221 goto tr_setup; 3222 } 3223 break; 3224 } 3225 } 3226 3227 static void 3228 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3229 { 3230 run_bulk_tx_callbackN(xfer, error, 0); 3231 } 3232 3233 static void 3234 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3235 { 3236 run_bulk_tx_callbackN(xfer, error, 1); 3237 } 3238 3239 static void 3240 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3241 { 3242 run_bulk_tx_callbackN(xfer, error, 2); 3243 } 3244 3245 static void 3246 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3247 { 3248 run_bulk_tx_callbackN(xfer, error, 3); 3249 } 3250 3251 static void 3252 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3253 { 3254 run_bulk_tx_callbackN(xfer, error, 4); 3255 } 3256 3257 static void 3258 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3259 { 3260 run_bulk_tx_callbackN(xfer, error, 5); 3261 } 3262 3263 static void 3264 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3265 { 3266 struct mbuf *m = data->m; 3267 struct ieee80211com *ic = &sc->sc_ic; 3268 struct ieee80211vap *vap = data->ni->ni_vap; 3269 struct ieee80211_frame *wh; 3270 struct rt2870_txd *txd; 3271 struct rt2860_txwi *txwi; 3272 uint16_t xferlen, txwisize; 3273 uint16_t mcs; 3274 uint8_t ridx = data->ridx; 3275 uint8_t pad; 3276 3277 /* get MCS code from rate index */ 3278 mcs = rt2860_rates[ridx].mcs; 3279 3280 txwisize = (sc->mac_ver == 0x5592) ? 3281 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3282 xferlen = txwisize + m->m_pkthdr.len; 3283 3284 /* roundup to 32-bit alignment */ 3285 xferlen = (xferlen + 3) & ~3; 3286 3287 txd = (struct rt2870_txd *)&data->desc; 3288 txd->len = htole16(xferlen); 3289 3290 wh = mtod(m, struct ieee80211_frame *); 3291 3292 /* 3293 * Ether both are true or both are false, the header 3294 * are nicely aligned to 32-bit. So, no L2 padding. 3295 */ 3296 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3297 pad = 0; 3298 else 3299 pad = 2; 3300 3301 /* setup TX Wireless Information */ 3302 txwi = (struct rt2860_txwi *)(txd + 1); 3303 txwi->len = htole16(m->m_pkthdr.len - pad); 3304 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3305 mcs |= RT2860_PHY_CCK; 3306 if (ridx != RT2860_RIDX_CCK1 && 3307 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3308 mcs |= RT2860_PHY_SHPRE; 3309 } else 3310 mcs |= RT2860_PHY_OFDM; 3311 txwi->phy = htole16(mcs); 3312 3313 /* check if RTS/CTS or CTS-to-self protection is required */ 3314 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3315 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3316 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3317 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3318 txwi->txop |= RT2860_TX_TXOP_HT; 3319 else 3320 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3321 3322 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3323 txwi->xflags |= RT2860_TX_NSEQ; 3324 } 3325 3326 /* This function must be called locked */ 3327 static int 3328 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3329 { 3330 struct ieee80211com *ic = &sc->sc_ic; 3331 struct ieee80211vap *vap = ni->ni_vap; 3332 struct ieee80211_frame *wh; 3333 const struct ieee80211_txparam *tp = ni->ni_txparms; 3334 struct run_node *rn = RUN_NODE(ni); 3335 struct run_tx_data *data; 3336 struct rt2870_txd *txd; 3337 struct rt2860_txwi *txwi; 3338 uint16_t qos; 3339 uint16_t dur; 3340 uint16_t qid; 3341 uint8_t type; 3342 uint8_t tid; 3343 uint8_t ridx; 3344 uint8_t ctl_ridx; 3345 uint8_t qflags; 3346 uint8_t xflags = 0; 3347 int hasqos; 3348 3349 RUN_LOCK_ASSERT(sc, MA_OWNED); 3350 3351 wh = mtod(m, struct ieee80211_frame *); 3352 3353 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3354 3355 /* 3356 * There are 7 bulk endpoints: 1 for RX 3357 * and 6 for TX (4 EDCAs + HCCA + Prio). 3358 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3359 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3360 */ 3361 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3362 uint8_t *frm; 3363 3364 frm = ieee80211_getqos(wh); 3365 qos = le16toh(*(const uint16_t *)frm); 3366 tid = qos & IEEE80211_QOS_TID; 3367 qid = TID_TO_WME_AC(tid); 3368 } else { 3369 qos = 0; 3370 tid = 0; 3371 qid = WME_AC_BE; 3372 } 3373 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3374 3375 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3376 qos, qid, tid, qflags); 3377 3378 /* pickup a rate index */ 3379 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3380 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3381 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3382 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3383 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3384 } else { 3385 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3386 ridx = rn->fix_ridx; 3387 else 3388 ridx = rn->amrr_ridx; 3389 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3390 } 3391 3392 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3393 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3394 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3395 xflags |= RT2860_TX_ACK; 3396 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3397 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3398 else 3399 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3400 USETW(wh->i_dur, dur); 3401 } 3402 3403 /* reserve slots for mgmt packets, just in case */ 3404 if (sc->sc_epq[qid].tx_nfree < 3) { 3405 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3406 return (-1); 3407 } 3408 3409 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3410 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3411 sc->sc_epq[qid].tx_nfree--; 3412 3413 txd = (struct rt2870_txd *)&data->desc; 3414 txd->flags = qflags; 3415 txwi = (struct rt2860_txwi *)(txd + 1); 3416 txwi->xflags = xflags; 3417 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3418 txwi->wcid = 0; 3419 else 3420 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3421 1 : RUN_AID2WCID(ni->ni_associd); 3422 3423 /* clear leftover garbage bits */ 3424 txwi->flags = 0; 3425 txwi->txop = 0; 3426 3427 data->m = m; 3428 data->ni = ni; 3429 data->ridx = ridx; 3430 3431 run_set_tx_desc(sc, data); 3432 3433 /* 3434 * The chip keeps track of 2 kind of Tx stats, 3435 * * TX_STAT_FIFO, for per WCID stats, and 3436 * * TX_STA_CNT0 for all-TX-in-one stats. 3437 * 3438 * To use FIFO stats, we need to store MCS into the driver-private 3439 * PacketID field. So that, we can tell whose stats when we read them. 3440 * We add 1 to the MCS because setting the PacketID field to 0 means 3441 * that we don't want feedback in TX_STAT_FIFO. 3442 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3443 * 3444 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3445 */ 3446 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3447 vap->iv_opmode == IEEE80211_M_MBSS) { 3448 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3449 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3450 3451 /* 3452 * Unlike PCI based devices, we don't get any interrupt from 3453 * USB devices, so we simulate FIFO-is-full interrupt here. 3454 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3455 * quickly get fulled. To prevent overflow, increment a counter on 3456 * every FIFO stat request, so we know how many slots are left. 3457 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3458 * are used only in those modes. 3459 * We just drain stats. AMRR gets updated every 1 sec by 3460 * run_ratectl_cb() via callout. 3461 * Call it early. Otherwise overflow. 3462 */ 3463 if (sc->fifo_cnt++ == 10) { 3464 /* 3465 * With multiple vaps or if_bridge, if_start() is called 3466 * with a non-sleepable lock, tcpinp. So, need to defer. 3467 */ 3468 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3469 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3470 sc->cmdq[i].func = run_drain_fifo; 3471 sc->cmdq[i].arg0 = sc; 3472 ieee80211_runtask(ic, &sc->cmdq_task); 3473 } 3474 } 3475 3476 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3477 3478 usbd_transfer_start(sc->sc_xfer[qid]); 3479 3480 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3481 "sending data frame len=%d rate=%d qid=%d\n", 3482 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3483 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3484 3485 return (0); 3486 } 3487 3488 static int 3489 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3490 { 3491 struct ieee80211com *ic = &sc->sc_ic; 3492 struct run_node *rn = RUN_NODE(ni); 3493 struct run_tx_data *data; 3494 struct ieee80211_frame *wh; 3495 struct rt2870_txd *txd; 3496 struct rt2860_txwi *txwi; 3497 uint16_t dur; 3498 uint8_t ridx = rn->mgt_ridx; 3499 uint8_t xflags = 0; 3500 uint8_t wflags = 0; 3501 3502 RUN_LOCK_ASSERT(sc, MA_OWNED); 3503 3504 wh = mtod(m, struct ieee80211_frame *); 3505 3506 /* tell hardware to add timestamp for probe responses */ 3507 if ((wh->i_fc[0] & 3508 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3509 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3510 wflags |= RT2860_TX_TS; 3511 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3512 xflags |= RT2860_TX_ACK; 3513 3514 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3515 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3516 USETW(wh->i_dur, dur); 3517 } 3518 3519 if (sc->sc_epq[0].tx_nfree == 0) 3520 /* let caller free mbuf */ 3521 return (EIO); 3522 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3523 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3524 sc->sc_epq[0].tx_nfree--; 3525 3526 txd = (struct rt2870_txd *)&data->desc; 3527 txd->flags = RT2860_TX_QSEL_EDCA; 3528 txwi = (struct rt2860_txwi *)(txd + 1); 3529 txwi->wcid = 0xff; 3530 txwi->flags = wflags; 3531 txwi->xflags = xflags; 3532 txwi->txop = 0; /* clear leftover garbage bits */ 3533 3534 data->m = m; 3535 data->ni = ni; 3536 data->ridx = ridx; 3537 3538 run_set_tx_desc(sc, data); 3539 3540 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3541 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3542 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3543 3544 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3545 3546 usbd_transfer_start(sc->sc_xfer[0]); 3547 3548 return (0); 3549 } 3550 3551 static int 3552 run_sendprot(struct run_softc *sc, 3553 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3554 { 3555 struct ieee80211com *ic = ni->ni_ic; 3556 struct run_tx_data *data; 3557 struct rt2870_txd *txd; 3558 struct rt2860_txwi *txwi; 3559 struct mbuf *mprot; 3560 int ridx; 3561 int protrate; 3562 uint8_t wflags = 0; 3563 uint8_t xflags = 0; 3564 3565 RUN_LOCK_ASSERT(sc, MA_OWNED); 3566 3567 /* check that there are free slots before allocating the mbuf */ 3568 if (sc->sc_epq[0].tx_nfree == 0) 3569 /* let caller free mbuf */ 3570 return (ENOBUFS); 3571 3572 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3573 if (mprot == NULL) { 3574 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3575 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3576 return (ENOBUFS); 3577 } 3578 3579 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3580 wflags = RT2860_TX_FRAG; 3581 xflags = 0; 3582 if (prot == IEEE80211_PROT_RTSCTS) 3583 xflags |= RT2860_TX_ACK; 3584 3585 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3586 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3587 sc->sc_epq[0].tx_nfree--; 3588 3589 txd = (struct rt2870_txd *)&data->desc; 3590 txd->flags = RT2860_TX_QSEL_EDCA; 3591 txwi = (struct rt2860_txwi *)(txd + 1); 3592 txwi->wcid = 0xff; 3593 txwi->flags = wflags; 3594 txwi->xflags = xflags; 3595 txwi->txop = 0; /* clear leftover garbage bits */ 3596 3597 data->m = mprot; 3598 data->ni = ieee80211_ref_node(ni); 3599 3600 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3601 if (rt2860_rates[ridx].rate == protrate) 3602 break; 3603 data->ridx = ridx; 3604 3605 run_set_tx_desc(sc, data); 3606 3607 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3608 m->m_pkthdr.len, rate); 3609 3610 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3611 3612 usbd_transfer_start(sc->sc_xfer[0]); 3613 3614 return (0); 3615 } 3616 3617 static int 3618 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3619 const struct ieee80211_bpf_params *params) 3620 { 3621 struct ieee80211com *ic = ni->ni_ic; 3622 struct run_tx_data *data; 3623 struct rt2870_txd *txd; 3624 struct rt2860_txwi *txwi; 3625 uint8_t ridx; 3626 uint8_t rate; 3627 uint8_t opflags = 0; 3628 uint8_t xflags = 0; 3629 int error; 3630 3631 RUN_LOCK_ASSERT(sc, MA_OWNED); 3632 3633 KASSERT(params != NULL, ("no raw xmit params")); 3634 3635 rate = params->ibp_rate0; 3636 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3637 /* let caller free mbuf */ 3638 return (EINVAL); 3639 } 3640 3641 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3642 xflags |= RT2860_TX_ACK; 3643 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3644 error = run_sendprot(sc, m, ni, 3645 params->ibp_flags & IEEE80211_BPF_RTS ? 3646 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3647 rate); 3648 if (error) { 3649 /* let caller free mbuf */ 3650 return error; 3651 } 3652 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3653 } 3654 3655 if (sc->sc_epq[0].tx_nfree == 0) { 3656 /* let caller free mbuf */ 3657 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3658 "sending raw frame, but tx ring is full\n"); 3659 return (EIO); 3660 } 3661 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3662 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3663 sc->sc_epq[0].tx_nfree--; 3664 3665 txd = (struct rt2870_txd *)&data->desc; 3666 txd->flags = RT2860_TX_QSEL_EDCA; 3667 txwi = (struct rt2860_txwi *)(txd + 1); 3668 txwi->wcid = 0xff; 3669 txwi->xflags = xflags; 3670 txwi->txop = opflags; 3671 txwi->flags = 0; /* clear leftover garbage bits */ 3672 3673 data->m = m; 3674 data->ni = ni; 3675 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3676 if (rt2860_rates[ridx].rate == rate) 3677 break; 3678 data->ridx = ridx; 3679 3680 run_set_tx_desc(sc, data); 3681 3682 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3683 m->m_pkthdr.len, rate); 3684 3685 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3686 3687 usbd_transfer_start(sc->sc_xfer[0]); 3688 3689 return (0); 3690 } 3691 3692 static int 3693 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3694 const struct ieee80211_bpf_params *params) 3695 { 3696 struct run_softc *sc = ni->ni_ic->ic_softc; 3697 int error = 0; 3698 3699 RUN_LOCK(sc); 3700 3701 /* prevent management frames from being sent if we're not ready */ 3702 if (!(sc->sc_flags & RUN_RUNNING)) { 3703 error = ENETDOWN; 3704 goto done; 3705 } 3706 3707 if (params == NULL) { 3708 /* tx mgt packet */ 3709 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3710 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3711 goto done; 3712 } 3713 } else { 3714 /* tx raw packet with param */ 3715 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3716 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3717 goto done; 3718 } 3719 } 3720 3721 done: 3722 RUN_UNLOCK(sc); 3723 3724 if (error != 0) { 3725 if(m != NULL) 3726 m_freem(m); 3727 } 3728 3729 return (error); 3730 } 3731 3732 static int 3733 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3734 { 3735 struct run_softc *sc = ic->ic_softc; 3736 int error; 3737 3738 RUN_LOCK(sc); 3739 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3740 RUN_UNLOCK(sc); 3741 return (ENXIO); 3742 } 3743 error = mbufq_enqueue(&sc->sc_snd, m); 3744 if (error) { 3745 RUN_UNLOCK(sc); 3746 return (error); 3747 } 3748 run_start(sc); 3749 RUN_UNLOCK(sc); 3750 3751 return (0); 3752 } 3753 3754 static void 3755 run_start(struct run_softc *sc) 3756 { 3757 struct ieee80211_node *ni; 3758 struct mbuf *m; 3759 3760 RUN_LOCK_ASSERT(sc, MA_OWNED); 3761 3762 if ((sc->sc_flags & RUN_RUNNING) == 0) 3763 return; 3764 3765 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3766 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3767 if (run_tx(sc, m, ni) != 0) { 3768 mbufq_prepend(&sc->sc_snd, m); 3769 break; 3770 } 3771 } 3772 } 3773 3774 static void 3775 run_parent(struct ieee80211com *ic) 3776 { 3777 struct run_softc *sc = ic->ic_softc; 3778 int startall = 0; 3779 3780 RUN_LOCK(sc); 3781 if (sc->sc_detached) { 3782 RUN_UNLOCK(sc); 3783 return; 3784 } 3785 3786 if (ic->ic_nrunning > 0) { 3787 if (!(sc->sc_flags & RUN_RUNNING)) { 3788 startall = 1; 3789 run_init_locked(sc); 3790 } else 3791 run_update_promisc_locked(sc); 3792 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3793 run_stop(sc); 3794 RUN_UNLOCK(sc); 3795 if (startall) 3796 ieee80211_start_all(ic); 3797 } 3798 3799 static void 3800 run_iq_calib(struct run_softc *sc, u_int chan) 3801 { 3802 uint16_t val; 3803 3804 /* Tx0 IQ gain. */ 3805 run_bbp_write(sc, 158, 0x2c); 3806 if (chan <= 14) 3807 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3808 else if (chan <= 64) { 3809 run_efuse_read(sc, 3810 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3811 &val, 1); 3812 } else if (chan <= 138) { 3813 run_efuse_read(sc, 3814 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3815 &val, 1); 3816 } else if (chan <= 165) { 3817 run_efuse_read(sc, 3818 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3819 &val, 1); 3820 } else 3821 val = 0; 3822 run_bbp_write(sc, 159, val); 3823 3824 /* Tx0 IQ phase. */ 3825 run_bbp_write(sc, 158, 0x2d); 3826 if (chan <= 14) { 3827 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3828 &val, 1); 3829 } else if (chan <= 64) { 3830 run_efuse_read(sc, 3831 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3832 &val, 1); 3833 } else if (chan <= 138) { 3834 run_efuse_read(sc, 3835 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3836 &val, 1); 3837 } else if (chan <= 165) { 3838 run_efuse_read(sc, 3839 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3840 &val, 1); 3841 } else 3842 val = 0; 3843 run_bbp_write(sc, 159, val); 3844 3845 /* Tx1 IQ gain. */ 3846 run_bbp_write(sc, 158, 0x4a); 3847 if (chan <= 14) { 3848 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3849 &val, 1); 3850 } else if (chan <= 64) { 3851 run_efuse_read(sc, 3852 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3853 &val, 1); 3854 } else if (chan <= 138) { 3855 run_efuse_read(sc, 3856 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3857 &val, 1); 3858 } else if (chan <= 165) { 3859 run_efuse_read(sc, 3860 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3861 &val, 1); 3862 } else 3863 val = 0; 3864 run_bbp_write(sc, 159, val); 3865 3866 /* Tx1 IQ phase. */ 3867 run_bbp_write(sc, 158, 0x4b); 3868 if (chan <= 14) { 3869 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3870 &val, 1); 3871 } else if (chan <= 64) { 3872 run_efuse_read(sc, 3873 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3874 &val, 1); 3875 } else if (chan <= 138) { 3876 run_efuse_read(sc, 3877 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3878 &val, 1); 3879 } else if (chan <= 165) { 3880 run_efuse_read(sc, 3881 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3882 &val, 1); 3883 } else 3884 val = 0; 3885 run_bbp_write(sc, 159, val); 3886 3887 /* RF IQ compensation control. */ 3888 run_bbp_write(sc, 158, 0x04); 3889 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3890 &val, 1); 3891 run_bbp_write(sc, 159, val); 3892 3893 /* RF IQ imbalance compensation control. */ 3894 run_bbp_write(sc, 158, 0x03); 3895 run_efuse_read(sc, 3896 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3897 run_bbp_write(sc, 159, val); 3898 } 3899 3900 static void 3901 run_set_agc(struct run_softc *sc, uint8_t agc) 3902 { 3903 uint8_t bbp; 3904 3905 if (sc->mac_ver == 0x3572) { 3906 run_bbp_read(sc, 27, &bbp); 3907 bbp &= ~(0x3 << 5); 3908 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3909 run_bbp_write(sc, 66, agc); 3910 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3911 run_bbp_write(sc, 66, agc); 3912 } else 3913 run_bbp_write(sc, 66, agc); 3914 } 3915 3916 static void 3917 run_select_chan_group(struct run_softc *sc, int group) 3918 { 3919 uint32_t tmp; 3920 uint8_t agc; 3921 3922 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3923 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3924 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3925 if (sc->mac_ver < 0x3572) 3926 run_bbp_write(sc, 86, 0x00); 3927 3928 if (sc->mac_ver == 0x3593) { 3929 run_bbp_write(sc, 77, 0x98); 3930 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3931 } 3932 3933 if (group == 0) { 3934 if (sc->ext_2ghz_lna) { 3935 if (sc->mac_ver >= 0x5390) 3936 run_bbp_write(sc, 75, 0x52); 3937 else { 3938 run_bbp_write(sc, 82, 0x62); 3939 run_bbp_write(sc, 75, 0x46); 3940 } 3941 } else { 3942 if (sc->mac_ver == 0x5592) { 3943 run_bbp_write(sc, 79, 0x1c); 3944 run_bbp_write(sc, 80, 0x0e); 3945 run_bbp_write(sc, 81, 0x3a); 3946 run_bbp_write(sc, 82, 0x62); 3947 3948 run_bbp_write(sc, 195, 0x80); 3949 run_bbp_write(sc, 196, 0xe0); 3950 run_bbp_write(sc, 195, 0x81); 3951 run_bbp_write(sc, 196, 0x1f); 3952 run_bbp_write(sc, 195, 0x82); 3953 run_bbp_write(sc, 196, 0x38); 3954 run_bbp_write(sc, 195, 0x83); 3955 run_bbp_write(sc, 196, 0x32); 3956 run_bbp_write(sc, 195, 0x85); 3957 run_bbp_write(sc, 196, 0x28); 3958 run_bbp_write(sc, 195, 0x86); 3959 run_bbp_write(sc, 196, 0x19); 3960 } else if (sc->mac_ver >= 0x5390) 3961 run_bbp_write(sc, 75, 0x50); 3962 else { 3963 run_bbp_write(sc, 82, 3964 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3965 run_bbp_write(sc, 75, 0x50); 3966 } 3967 } 3968 } else { 3969 if (sc->mac_ver == 0x5592) { 3970 run_bbp_write(sc, 79, 0x18); 3971 run_bbp_write(sc, 80, 0x08); 3972 run_bbp_write(sc, 81, 0x38); 3973 run_bbp_write(sc, 82, 0x92); 3974 3975 run_bbp_write(sc, 195, 0x80); 3976 run_bbp_write(sc, 196, 0xf0); 3977 run_bbp_write(sc, 195, 0x81); 3978 run_bbp_write(sc, 196, 0x1e); 3979 run_bbp_write(sc, 195, 0x82); 3980 run_bbp_write(sc, 196, 0x28); 3981 run_bbp_write(sc, 195, 0x83); 3982 run_bbp_write(sc, 196, 0x20); 3983 run_bbp_write(sc, 195, 0x85); 3984 run_bbp_write(sc, 196, 0x7f); 3985 run_bbp_write(sc, 195, 0x86); 3986 run_bbp_write(sc, 196, 0x7f); 3987 } else if (sc->mac_ver == 0x3572) 3988 run_bbp_write(sc, 82, 0x94); 3989 else 3990 run_bbp_write(sc, 82, 3991 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3992 if (sc->ext_5ghz_lna) 3993 run_bbp_write(sc, 75, 0x46); 3994 else 3995 run_bbp_write(sc, 75, 0x50); 3996 } 3997 3998 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3999 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4000 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4001 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4002 4003 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4004 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4005 if (sc->mac_ver == 0x3593) 4006 tmp |= 1 << 29 | 1 << 28; 4007 if (sc->nrxchains > 1) 4008 tmp |= RT2860_LNA_PE1_EN; 4009 if (group == 0) { /* 2GHz */ 4010 tmp |= RT2860_PA_PE_G0_EN; 4011 if (sc->ntxchains > 1) 4012 tmp |= RT2860_PA_PE_G1_EN; 4013 if (sc->mac_ver == 0x3593) { 4014 if (sc->ntxchains > 2) 4015 tmp |= 1 << 25; 4016 } 4017 } else { /* 5GHz */ 4018 tmp |= RT2860_PA_PE_A0_EN; 4019 if (sc->ntxchains > 1) 4020 tmp |= RT2860_PA_PE_A1_EN; 4021 } 4022 if (sc->mac_ver == 0x3572) { 4023 run_rt3070_rf_write(sc, 8, 0x00); 4024 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4025 run_rt3070_rf_write(sc, 8, 0x80); 4026 } else 4027 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4028 4029 if (sc->mac_ver == 0x5592) { 4030 run_bbp_write(sc, 195, 0x8d); 4031 run_bbp_write(sc, 196, 0x1a); 4032 } 4033 4034 if (sc->mac_ver == 0x3593) { 4035 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4036 tmp &= ~0x01010000; 4037 if (group == 0) 4038 tmp |= 0x00010000; 4039 tmp = (tmp & ~0x00009090) | 0x00000090; 4040 run_write(sc, RT2860_GPIO_CTRL, tmp); 4041 } 4042 4043 /* set initial AGC value */ 4044 if (group == 0) { /* 2GHz band */ 4045 if (sc->mac_ver >= 0x3070) 4046 agc = 0x1c + sc->lna[0] * 2; 4047 else 4048 agc = 0x2e + sc->lna[0]; 4049 } else { /* 5GHz band */ 4050 if (sc->mac_ver == 0x5592) 4051 agc = 0x24 + sc->lna[group] * 2; 4052 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4053 agc = 0x22 + (sc->lna[group] * 5) / 3; 4054 else 4055 agc = 0x32 + (sc->lna[group] * 5) / 3; 4056 } 4057 run_set_agc(sc, agc); 4058 } 4059 4060 static void 4061 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4062 { 4063 const struct rfprog *rfprog = rt2860_rf2850; 4064 uint32_t r2, r3, r4; 4065 int8_t txpow1, txpow2; 4066 int i; 4067 4068 /* find the settings for this channel (we know it exists) */ 4069 for (i = 0; rfprog[i].chan != chan; i++); 4070 4071 r2 = rfprog[i].r2; 4072 if (sc->ntxchains == 1) 4073 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4074 if (sc->nrxchains == 1) 4075 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4076 else if (sc->nrxchains == 2) 4077 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4078 4079 /* use Tx power values from EEPROM */ 4080 txpow1 = sc->txpow1[i]; 4081 txpow2 = sc->txpow2[i]; 4082 4083 /* Initialize RF R3 and R4. */ 4084 r3 = rfprog[i].r3 & 0xffffc1ff; 4085 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4086 if (chan > 14) { 4087 if (txpow1 >= 0) { 4088 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4089 r3 |= (txpow1 << 10) | (1 << 9); 4090 } else { 4091 txpow1 += 7; 4092 4093 /* txpow1 is not possible larger than 15. */ 4094 r3 |= (txpow1 << 10); 4095 } 4096 if (txpow2 >= 0) { 4097 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4098 r4 |= (txpow2 << 7) | (1 << 6); 4099 } else { 4100 txpow2 += 7; 4101 r4 |= (txpow2 << 7); 4102 } 4103 } else { 4104 /* Set Tx0 power. */ 4105 r3 |= (txpow1 << 9); 4106 4107 /* Set frequency offset and Tx1 power. */ 4108 r4 |= (txpow2 << 6); 4109 } 4110 4111 run_rt2870_rf_write(sc, rfprog[i].r1); 4112 run_rt2870_rf_write(sc, r2); 4113 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4114 run_rt2870_rf_write(sc, r4); 4115 4116 run_delay(sc, 10); 4117 4118 run_rt2870_rf_write(sc, rfprog[i].r1); 4119 run_rt2870_rf_write(sc, r2); 4120 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4121 run_rt2870_rf_write(sc, r4); 4122 4123 run_delay(sc, 10); 4124 4125 run_rt2870_rf_write(sc, rfprog[i].r1); 4126 run_rt2870_rf_write(sc, r2); 4127 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4128 run_rt2870_rf_write(sc, r4); 4129 } 4130 4131 static void 4132 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4133 { 4134 int8_t txpow1, txpow2; 4135 uint8_t rf; 4136 int i; 4137 4138 /* find the settings for this channel (we know it exists) */ 4139 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4140 4141 /* use Tx power values from EEPROM */ 4142 txpow1 = sc->txpow1[i]; 4143 txpow2 = sc->txpow2[i]; 4144 4145 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4146 4147 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4148 run_rt3070_rf_read(sc, 3, &rf); 4149 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4150 run_rt3070_rf_write(sc, 3, rf); 4151 4152 run_rt3070_rf_read(sc, 6, &rf); 4153 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4154 run_rt3070_rf_write(sc, 6, rf); 4155 4156 /* set Tx0 power */ 4157 run_rt3070_rf_read(sc, 12, &rf); 4158 rf = (rf & ~0x1f) | txpow1; 4159 run_rt3070_rf_write(sc, 12, rf); 4160 4161 /* set Tx1 power */ 4162 run_rt3070_rf_read(sc, 13, &rf); 4163 rf = (rf & ~0x1f) | txpow2; 4164 run_rt3070_rf_write(sc, 13, rf); 4165 4166 run_rt3070_rf_read(sc, 1, &rf); 4167 rf &= ~0xfc; 4168 if (sc->ntxchains == 1) 4169 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4170 else if (sc->ntxchains == 2) 4171 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4172 if (sc->nrxchains == 1) 4173 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4174 else if (sc->nrxchains == 2) 4175 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4176 run_rt3070_rf_write(sc, 1, rf); 4177 4178 /* set RF offset */ 4179 run_rt3070_rf_read(sc, 23, &rf); 4180 rf = (rf & ~0x7f) | sc->freq; 4181 run_rt3070_rf_write(sc, 23, rf); 4182 4183 /* program RF filter */ 4184 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4185 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4186 run_rt3070_rf_write(sc, 24, rf); 4187 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4188 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4189 run_rt3070_rf_write(sc, 31, rf); 4190 4191 /* enable RF tuning */ 4192 run_rt3070_rf_read(sc, 7, &rf); 4193 run_rt3070_rf_write(sc, 7, rf | 0x01); 4194 } 4195 4196 static void 4197 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4198 { 4199 int8_t txpow1, txpow2; 4200 uint32_t tmp; 4201 uint8_t rf; 4202 int i; 4203 4204 /* find the settings for this channel (we know it exists) */ 4205 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4206 4207 /* use Tx power values from EEPROM */ 4208 txpow1 = sc->txpow1[i]; 4209 txpow2 = sc->txpow2[i]; 4210 4211 if (chan <= 14) { 4212 run_bbp_write(sc, 25, sc->bbp25); 4213 run_bbp_write(sc, 26, sc->bbp26); 4214 } else { 4215 /* enable IQ phase correction */ 4216 run_bbp_write(sc, 25, 0x09); 4217 run_bbp_write(sc, 26, 0xff); 4218 } 4219 4220 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4221 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4222 run_rt3070_rf_read(sc, 6, &rf); 4223 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4224 rf |= (chan <= 14) ? 0x08 : 0x04; 4225 run_rt3070_rf_write(sc, 6, rf); 4226 4227 /* set PLL mode */ 4228 run_rt3070_rf_read(sc, 5, &rf); 4229 rf &= ~(0x08 | 0x04); 4230 rf |= (chan <= 14) ? 0x04 : 0x08; 4231 run_rt3070_rf_write(sc, 5, rf); 4232 4233 /* set Tx power for chain 0 */ 4234 if (chan <= 14) 4235 rf = 0x60 | txpow1; 4236 else 4237 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4238 run_rt3070_rf_write(sc, 12, rf); 4239 4240 /* set Tx power for chain 1 */ 4241 if (chan <= 14) 4242 rf = 0x60 | txpow2; 4243 else 4244 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4245 run_rt3070_rf_write(sc, 13, rf); 4246 4247 /* set Tx/Rx streams */ 4248 run_rt3070_rf_read(sc, 1, &rf); 4249 rf &= ~0xfc; 4250 if (sc->ntxchains == 1) 4251 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4252 else if (sc->ntxchains == 2) 4253 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4254 if (sc->nrxchains == 1) 4255 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4256 else if (sc->nrxchains == 2) 4257 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4258 run_rt3070_rf_write(sc, 1, rf); 4259 4260 /* set RF offset */ 4261 run_rt3070_rf_read(sc, 23, &rf); 4262 rf = (rf & ~0x7f) | sc->freq; 4263 run_rt3070_rf_write(sc, 23, rf); 4264 4265 /* program RF filter */ 4266 rf = sc->rf24_20mhz; 4267 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4268 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4269 4270 /* enable RF tuning */ 4271 run_rt3070_rf_read(sc, 7, &rf); 4272 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4273 run_rt3070_rf_write(sc, 7, rf); 4274 4275 /* TSSI */ 4276 rf = (chan <= 14) ? 0xc3 : 0xc0; 4277 run_rt3070_rf_write(sc, 9, rf); 4278 4279 /* set loop filter 1 */ 4280 run_rt3070_rf_write(sc, 10, 0xf1); 4281 /* set loop filter 2 */ 4282 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4283 4284 /* set tx_mx2_ic */ 4285 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4286 /* set tx_mx1_ic */ 4287 if (chan <= 14) 4288 rf = 0x48 | sc->txmixgain_2ghz; 4289 else 4290 rf = 0x78 | sc->txmixgain_5ghz; 4291 run_rt3070_rf_write(sc, 16, rf); 4292 4293 /* set tx_lo1 */ 4294 run_rt3070_rf_write(sc, 17, 0x23); 4295 /* set tx_lo2 */ 4296 if (chan <= 14) 4297 rf = 0x93; 4298 else if (chan <= 64) 4299 rf = 0xb7; 4300 else if (chan <= 128) 4301 rf = 0x74; 4302 else 4303 rf = 0x72; 4304 run_rt3070_rf_write(sc, 19, rf); 4305 4306 /* set rx_lo1 */ 4307 if (chan <= 14) 4308 rf = 0xb3; 4309 else if (chan <= 64) 4310 rf = 0xf6; 4311 else if (chan <= 128) 4312 rf = 0xf4; 4313 else 4314 rf = 0xf3; 4315 run_rt3070_rf_write(sc, 20, rf); 4316 4317 /* set pfd_delay */ 4318 if (chan <= 14) 4319 rf = 0x15; 4320 else if (chan <= 64) 4321 rf = 0x3d; 4322 else 4323 rf = 0x01; 4324 run_rt3070_rf_write(sc, 25, rf); 4325 4326 /* set rx_lo2 */ 4327 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4328 /* set ldo_rf_vc */ 4329 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4330 /* set drv_cc */ 4331 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4332 4333 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4334 tmp &= ~0x8080; 4335 if (chan <= 14) 4336 tmp |= 0x80; 4337 run_write(sc, RT2860_GPIO_CTRL, tmp); 4338 4339 /* enable RF tuning */ 4340 run_rt3070_rf_read(sc, 7, &rf); 4341 run_rt3070_rf_write(sc, 7, rf | 0x01); 4342 4343 run_delay(sc, 2); 4344 } 4345 4346 static void 4347 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4348 { 4349 int8_t txpow1, txpow2, txpow3; 4350 uint8_t h20mhz, rf; 4351 int i; 4352 4353 /* find the settings for this channel (we know it exists) */ 4354 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4355 4356 /* use Tx power values from EEPROM */ 4357 txpow1 = sc->txpow1[i]; 4358 txpow2 = sc->txpow2[i]; 4359 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4360 4361 if (chan <= 14) { 4362 run_bbp_write(sc, 25, sc->bbp25); 4363 run_bbp_write(sc, 26, sc->bbp26); 4364 } else { 4365 /* Enable IQ phase correction. */ 4366 run_bbp_write(sc, 25, 0x09); 4367 run_bbp_write(sc, 26, 0xff); 4368 } 4369 4370 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4371 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4372 run_rt3070_rf_read(sc, 11, &rf); 4373 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4374 run_rt3070_rf_write(sc, 11, rf); 4375 4376 /* Set pll_idoh. */ 4377 run_rt3070_rf_read(sc, 11, &rf); 4378 rf &= ~0x4c; 4379 rf |= (chan <= 14) ? 0x44 : 0x48; 4380 run_rt3070_rf_write(sc, 11, rf); 4381 4382 if (chan <= 14) 4383 rf = txpow1 & 0x1f; 4384 else 4385 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4386 run_rt3070_rf_write(sc, 53, rf); 4387 4388 if (chan <= 14) 4389 rf = txpow2 & 0x1f; 4390 else 4391 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4392 run_rt3070_rf_write(sc, 55, rf); 4393 4394 if (chan <= 14) 4395 rf = txpow3 & 0x1f; 4396 else 4397 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4398 run_rt3070_rf_write(sc, 54, rf); 4399 4400 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4401 if (sc->ntxchains == 3) 4402 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4403 else 4404 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4405 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4406 run_rt3070_rf_write(sc, 1, rf); 4407 4408 run_adjust_freq_offset(sc); 4409 4410 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4411 4412 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4413 run_rt3070_rf_read(sc, 30, &rf); 4414 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4415 run_rt3070_rf_write(sc, 30, rf); 4416 4417 run_rt3070_rf_read(sc, 36, &rf); 4418 if (chan <= 14) 4419 rf |= 0x80; 4420 else 4421 rf &= ~0x80; 4422 run_rt3070_rf_write(sc, 36, rf); 4423 4424 /* Set vcolo_bs. */ 4425 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4426 /* Set pfd_delay. */ 4427 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4428 4429 /* Set vco bias current control. */ 4430 run_rt3070_rf_read(sc, 6, &rf); 4431 rf &= ~0xc0; 4432 if (chan <= 14) 4433 rf |= 0x40; 4434 else if (chan <= 128) 4435 rf |= 0x80; 4436 else 4437 rf |= 0x40; 4438 run_rt3070_rf_write(sc, 6, rf); 4439 4440 run_rt3070_rf_read(sc, 30, &rf); 4441 rf = (rf & ~0x18) | 0x10; 4442 run_rt3070_rf_write(sc, 30, rf); 4443 4444 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4445 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4446 4447 run_rt3070_rf_read(sc, 51, &rf); 4448 rf = (rf & ~0x03) | 0x01; 4449 run_rt3070_rf_write(sc, 51, rf); 4450 /* Set tx_mx1_cc. */ 4451 run_rt3070_rf_read(sc, 51, &rf); 4452 rf &= ~0x1c; 4453 rf |= (chan <= 14) ? 0x14 : 0x10; 4454 run_rt3070_rf_write(sc, 51, rf); 4455 /* Set tx_mx1_ic. */ 4456 run_rt3070_rf_read(sc, 51, &rf); 4457 rf &= ~0xe0; 4458 rf |= (chan <= 14) ? 0x60 : 0x40; 4459 run_rt3070_rf_write(sc, 51, rf); 4460 /* Set tx_lo1_ic. */ 4461 run_rt3070_rf_read(sc, 49, &rf); 4462 rf &= ~0x1c; 4463 rf |= (chan <= 14) ? 0x0c : 0x08; 4464 run_rt3070_rf_write(sc, 49, rf); 4465 /* Set tx_lo1_en. */ 4466 run_rt3070_rf_read(sc, 50, &rf); 4467 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4468 /* Set drv_cc. */ 4469 run_rt3070_rf_read(sc, 57, &rf); 4470 rf &= ~0xfc; 4471 rf |= (chan <= 14) ? 0x6c : 0x3c; 4472 run_rt3070_rf_write(sc, 57, rf); 4473 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4474 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4475 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4476 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4477 /* Enable VCO calibration. */ 4478 run_rt3070_rf_read(sc, 3, &rf); 4479 rf &= ~RT5390_VCOCAL; 4480 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4481 run_rt3070_rf_write(sc, 3, rf); 4482 4483 if (chan <= 14) 4484 rf = 0x23; 4485 else if (chan <= 64) 4486 rf = 0x36; 4487 else if (chan <= 128) 4488 rf = 0x32; 4489 else 4490 rf = 0x30; 4491 run_rt3070_rf_write(sc, 39, rf); 4492 if (chan <= 14) 4493 rf = 0xbb; 4494 else if (chan <= 64) 4495 rf = 0xeb; 4496 else if (chan <= 128) 4497 rf = 0xb3; 4498 else 4499 rf = 0x9b; 4500 run_rt3070_rf_write(sc, 45, rf); 4501 4502 /* Set FEQ/AEQ control. */ 4503 run_bbp_write(sc, 105, 0x34); 4504 } 4505 4506 static void 4507 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4508 { 4509 int8_t txpow1, txpow2; 4510 uint8_t rf; 4511 int i; 4512 4513 /* find the settings for this channel (we know it exists) */ 4514 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4515 4516 /* use Tx power values from EEPROM */ 4517 txpow1 = sc->txpow1[i]; 4518 txpow2 = sc->txpow2[i]; 4519 4520 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4521 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4522 run_rt3070_rf_read(sc, 11, &rf); 4523 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4524 run_rt3070_rf_write(sc, 11, rf); 4525 4526 run_rt3070_rf_read(sc, 49, &rf); 4527 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4528 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4529 if ((rf & 0x3f) > 0x27) 4530 rf = (rf & ~0x3f) | 0x27; 4531 run_rt3070_rf_write(sc, 49, rf); 4532 4533 if (sc->mac_ver == 0x5392) { 4534 run_rt3070_rf_read(sc, 50, &rf); 4535 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4536 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4537 if ((rf & 0x3f) > 0x27) 4538 rf = (rf & ~0x3f) | 0x27; 4539 run_rt3070_rf_write(sc, 50, rf); 4540 } 4541 4542 run_rt3070_rf_read(sc, 1, &rf); 4543 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4544 if (sc->mac_ver == 0x5392) 4545 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4546 run_rt3070_rf_write(sc, 1, rf); 4547 4548 if (sc->mac_ver != 0x5392) { 4549 run_rt3070_rf_read(sc, 2, &rf); 4550 rf |= 0x80; 4551 run_rt3070_rf_write(sc, 2, rf); 4552 run_delay(sc, 10); 4553 rf &= 0x7f; 4554 run_rt3070_rf_write(sc, 2, rf); 4555 } 4556 4557 run_adjust_freq_offset(sc); 4558 4559 if (sc->mac_ver == 0x5392) { 4560 /* Fix for RT5392C. */ 4561 if (sc->mac_rev >= 0x0223) { 4562 if (chan <= 4) 4563 rf = 0x0f; 4564 else if (chan >= 5 && chan <= 7) 4565 rf = 0x0e; 4566 else 4567 rf = 0x0d; 4568 run_rt3070_rf_write(sc, 23, rf); 4569 4570 if (chan <= 4) 4571 rf = 0x0c; 4572 else if (chan == 5) 4573 rf = 0x0b; 4574 else if (chan >= 6 && chan <= 7) 4575 rf = 0x0a; 4576 else if (chan >= 8 && chan <= 10) 4577 rf = 0x09; 4578 else 4579 rf = 0x08; 4580 run_rt3070_rf_write(sc, 59, rf); 4581 } else { 4582 if (chan <= 11) 4583 rf = 0x0f; 4584 else 4585 rf = 0x0b; 4586 run_rt3070_rf_write(sc, 59, rf); 4587 } 4588 } else { 4589 /* Fix for RT5390F. */ 4590 if (sc->mac_rev >= 0x0502) { 4591 if (chan <= 11) 4592 rf = 0x43; 4593 else 4594 rf = 0x23; 4595 run_rt3070_rf_write(sc, 55, rf); 4596 4597 if (chan <= 11) 4598 rf = 0x0f; 4599 else if (chan == 12) 4600 rf = 0x0d; 4601 else 4602 rf = 0x0b; 4603 run_rt3070_rf_write(sc, 59, rf); 4604 } else { 4605 run_rt3070_rf_write(sc, 55, 0x44); 4606 run_rt3070_rf_write(sc, 59, 0x8f); 4607 } 4608 } 4609 4610 /* Enable VCO calibration. */ 4611 run_rt3070_rf_read(sc, 3, &rf); 4612 rf |= RT5390_VCOCAL; 4613 run_rt3070_rf_write(sc, 3, rf); 4614 } 4615 4616 static void 4617 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4618 { 4619 const struct rt5592_freqs *freqs; 4620 uint32_t tmp; 4621 uint8_t reg, rf, txpow_bound; 4622 int8_t txpow1, txpow2; 4623 int i; 4624 4625 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4626 freqs = (tmp & RT5592_SEL_XTAL) ? 4627 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4628 4629 /* find the settings for this channel (we know it exists) */ 4630 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4631 4632 /* use Tx power values from EEPROM */ 4633 txpow1 = sc->txpow1[i]; 4634 txpow2 = sc->txpow2[i]; 4635 4636 run_read(sc, RT3070_LDO_CFG0, &tmp); 4637 tmp &= ~0x1c000000; 4638 if (chan > 14) 4639 tmp |= 0x14000000; 4640 run_write(sc, RT3070_LDO_CFG0, tmp); 4641 4642 /* N setting. */ 4643 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4644 run_rt3070_rf_read(sc, 9, &rf); 4645 rf &= ~(1 << 4); 4646 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4647 run_rt3070_rf_write(sc, 9, rf); 4648 4649 /* K setting. */ 4650 run_rt3070_rf_read(sc, 9, &rf); 4651 rf &= ~0x0f; 4652 rf |= (freqs->k & 0x0f); 4653 run_rt3070_rf_write(sc, 9, rf); 4654 4655 /* Mode setting. */ 4656 run_rt3070_rf_read(sc, 11, &rf); 4657 rf &= ~0x0c; 4658 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4659 run_rt3070_rf_write(sc, 11, rf); 4660 run_rt3070_rf_read(sc, 9, &rf); 4661 rf &= ~(1 << 7); 4662 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4663 run_rt3070_rf_write(sc, 9, rf); 4664 4665 /* R setting. */ 4666 run_rt3070_rf_read(sc, 11, &rf); 4667 rf &= ~0x03; 4668 rf |= (freqs->r - 0x1); 4669 run_rt3070_rf_write(sc, 11, rf); 4670 4671 if (chan <= 14) { 4672 /* Initialize RF registers for 2GHZ. */ 4673 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4674 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4675 rt5592_2ghz_def_rf[i].val); 4676 } 4677 4678 rf = (chan <= 10) ? 0x07 : 0x06; 4679 run_rt3070_rf_write(sc, 23, rf); 4680 run_rt3070_rf_write(sc, 59, rf); 4681 4682 run_rt3070_rf_write(sc, 55, 0x43); 4683 4684 /* 4685 * RF R49/R50 Tx power ALC code. 4686 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4687 */ 4688 reg = 2; 4689 txpow_bound = 0x27; 4690 } else { 4691 /* Initialize RF registers for 5GHZ. */ 4692 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4693 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4694 rt5592_5ghz_def_rf[i].val); 4695 } 4696 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4697 if (chan >= rt5592_chan_5ghz[i].firstchan && 4698 chan <= rt5592_chan_5ghz[i].lastchan) { 4699 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4700 rt5592_chan_5ghz[i].val); 4701 } 4702 } 4703 4704 /* 4705 * RF R49/R50 Tx power ALC code. 4706 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4707 */ 4708 reg = 3; 4709 txpow_bound = 0x2b; 4710 } 4711 4712 /* RF R49 ch0 Tx power ALC code. */ 4713 run_rt3070_rf_read(sc, 49, &rf); 4714 rf &= ~0xc0; 4715 rf |= (reg << 6); 4716 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4717 if ((rf & 0x3f) > txpow_bound) 4718 rf = (rf & ~0x3f) | txpow_bound; 4719 run_rt3070_rf_write(sc, 49, rf); 4720 4721 /* RF R50 ch1 Tx power ALC code. */ 4722 run_rt3070_rf_read(sc, 50, &rf); 4723 rf &= ~(1 << 7 | 1 << 6); 4724 rf |= (reg << 6); 4725 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4726 if ((rf & 0x3f) > txpow_bound) 4727 rf = (rf & ~0x3f) | txpow_bound; 4728 run_rt3070_rf_write(sc, 50, rf); 4729 4730 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4731 run_rt3070_rf_read(sc, 1, &rf); 4732 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4733 if (sc->ntxchains > 1) 4734 rf |= RT3070_TX1_PD; 4735 if (sc->nrxchains > 1) 4736 rf |= RT3070_RX1_PD; 4737 run_rt3070_rf_write(sc, 1, rf); 4738 4739 run_rt3070_rf_write(sc, 6, 0xe4); 4740 4741 run_rt3070_rf_write(sc, 30, 0x10); 4742 run_rt3070_rf_write(sc, 31, 0x80); 4743 run_rt3070_rf_write(sc, 32, 0x80); 4744 4745 run_adjust_freq_offset(sc); 4746 4747 /* Enable VCO calibration. */ 4748 run_rt3070_rf_read(sc, 3, &rf); 4749 rf |= RT5390_VCOCAL; 4750 run_rt3070_rf_write(sc, 3, rf); 4751 } 4752 4753 static void 4754 run_set_rx_antenna(struct run_softc *sc, int aux) 4755 { 4756 uint32_t tmp; 4757 uint8_t bbp152; 4758 4759 if (aux) { 4760 if (sc->rf_rev == RT5390_RF_5370) { 4761 run_bbp_read(sc, 152, &bbp152); 4762 run_bbp_write(sc, 152, bbp152 & ~0x80); 4763 } else { 4764 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4765 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4766 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4767 } 4768 } else { 4769 if (sc->rf_rev == RT5390_RF_5370) { 4770 run_bbp_read(sc, 152, &bbp152); 4771 run_bbp_write(sc, 152, bbp152 | 0x80); 4772 } else { 4773 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4774 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4775 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4776 } 4777 } 4778 } 4779 4780 static int 4781 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4782 { 4783 struct ieee80211com *ic = &sc->sc_ic; 4784 u_int chan, group; 4785 4786 chan = ieee80211_chan2ieee(ic, c); 4787 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4788 return (EINVAL); 4789 4790 if (sc->mac_ver == 0x5592) 4791 run_rt5592_set_chan(sc, chan); 4792 else if (sc->mac_ver >= 0x5390) 4793 run_rt5390_set_chan(sc, chan); 4794 else if (sc->mac_ver == 0x3593) 4795 run_rt3593_set_chan(sc, chan); 4796 else if (sc->mac_ver == 0x3572) 4797 run_rt3572_set_chan(sc, chan); 4798 else if (sc->mac_ver >= 0x3070) 4799 run_rt3070_set_chan(sc, chan); 4800 else 4801 run_rt2870_set_chan(sc, chan); 4802 4803 /* determine channel group */ 4804 if (chan <= 14) 4805 group = 0; 4806 else if (chan <= 64) 4807 group = 1; 4808 else if (chan <= 128) 4809 group = 2; 4810 else 4811 group = 3; 4812 4813 /* XXX necessary only when group has changed! */ 4814 run_select_chan_group(sc, group); 4815 4816 run_delay(sc, 10); 4817 4818 /* Perform IQ calibration. */ 4819 if (sc->mac_ver >= 0x5392) 4820 run_iq_calib(sc, chan); 4821 4822 return (0); 4823 } 4824 4825 static void 4826 run_set_channel(struct ieee80211com *ic) 4827 { 4828 struct run_softc *sc = ic->ic_softc; 4829 4830 RUN_LOCK(sc); 4831 run_set_chan(sc, ic->ic_curchan); 4832 RUN_UNLOCK(sc); 4833 4834 return; 4835 } 4836 4837 static void 4838 run_getradiocaps(struct ieee80211com *ic, 4839 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4840 { 4841 struct run_softc *sc = ic->ic_softc; 4842 uint8_t bands[IEEE80211_MODE_BYTES]; 4843 4844 memset(bands, 0, sizeof(bands)); 4845 setbit(bands, IEEE80211_MODE_11B); 4846 setbit(bands, IEEE80211_MODE_11G); 4847 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4848 4849 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4850 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4851 sc->rf_rev == RT5592_RF_5592) { 4852 setbit(bands, IEEE80211_MODE_11A); 4853 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4854 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4855 } 4856 } 4857 4858 static void 4859 run_scan_start(struct ieee80211com *ic) 4860 { 4861 struct run_softc *sc = ic->ic_softc; 4862 4863 RUN_LOCK(sc); 4864 4865 /* abort TSF synchronization */ 4866 run_disable_tsf(sc); 4867 run_set_bssid(sc, ieee80211broadcastaddr); 4868 4869 RUN_UNLOCK(sc); 4870 4871 return; 4872 } 4873 4874 static void 4875 run_scan_end(struct ieee80211com *ic) 4876 { 4877 struct run_softc *sc = ic->ic_softc; 4878 4879 RUN_LOCK(sc); 4880 4881 run_enable_tsf_sync(sc); 4882 run_set_bssid(sc, sc->sc_bssid); 4883 4884 RUN_UNLOCK(sc); 4885 4886 return; 4887 } 4888 4889 /* 4890 * Could be called from ieee80211_node_timeout() 4891 * (non-sleepable thread) 4892 */ 4893 static void 4894 run_update_beacon(struct ieee80211vap *vap, int item) 4895 { 4896 struct ieee80211com *ic = vap->iv_ic; 4897 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4898 struct ieee80211_node *ni = vap->iv_bss; 4899 struct run_softc *sc = ic->ic_softc; 4900 struct run_vap *rvp = RUN_VAP(vap); 4901 int mcast = 0; 4902 uint32_t i; 4903 4904 switch (item) { 4905 case IEEE80211_BEACON_ERP: 4906 run_updateslot(ic); 4907 break; 4908 case IEEE80211_BEACON_HTINFO: 4909 run_updateprot(ic); 4910 break; 4911 case IEEE80211_BEACON_TIM: 4912 mcast = 1; /*TODO*/ 4913 break; 4914 default: 4915 break; 4916 } 4917 4918 setbit(bo->bo_flags, item); 4919 if (rvp->beacon_mbuf == NULL) { 4920 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4921 if (rvp->beacon_mbuf == NULL) 4922 return; 4923 } 4924 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4925 4926 i = RUN_CMDQ_GET(&sc->cmdq_store); 4927 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4928 sc->cmdq[i].func = run_update_beacon_cb; 4929 sc->cmdq[i].arg0 = vap; 4930 ieee80211_runtask(ic, &sc->cmdq_task); 4931 4932 return; 4933 } 4934 4935 static void 4936 run_update_beacon_cb(void *arg) 4937 { 4938 struct ieee80211vap *vap = arg; 4939 struct ieee80211_node *ni = vap->iv_bss; 4940 struct run_vap *rvp = RUN_VAP(vap); 4941 struct ieee80211com *ic = vap->iv_ic; 4942 struct run_softc *sc = ic->ic_softc; 4943 struct rt2860_txwi txwi; 4944 struct mbuf *m; 4945 uint16_t txwisize; 4946 uint8_t ridx; 4947 4948 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4949 return; 4950 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4951 return; 4952 4953 /* 4954 * No need to call ieee80211_beacon_update(), run_update_beacon() 4955 * is taking care of appropriate calls. 4956 */ 4957 if (rvp->beacon_mbuf == NULL) { 4958 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4959 if (rvp->beacon_mbuf == NULL) 4960 return; 4961 } 4962 m = rvp->beacon_mbuf; 4963 4964 memset(&txwi, 0, sizeof(txwi)); 4965 txwi.wcid = 0xff; 4966 txwi.len = htole16(m->m_pkthdr.len); 4967 4968 /* send beacons at the lowest available rate */ 4969 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4970 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4971 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4972 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4973 txwi.phy |= htole16(RT2860_PHY_OFDM); 4974 txwi.txop = RT2860_TX_TXOP_HT; 4975 txwi.flags = RT2860_TX_TS; 4976 txwi.xflags = RT2860_TX_NSEQ; 4977 4978 txwisize = (sc->mac_ver == 0x5592) ? 4979 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4980 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4981 txwisize); 4982 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4983 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4984 } 4985 4986 static void 4987 run_updateprot(struct ieee80211com *ic) 4988 { 4989 struct run_softc *sc = ic->ic_softc; 4990 uint32_t i; 4991 4992 i = RUN_CMDQ_GET(&sc->cmdq_store); 4993 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4994 sc->cmdq[i].func = run_updateprot_cb; 4995 sc->cmdq[i].arg0 = ic; 4996 ieee80211_runtask(ic, &sc->cmdq_task); 4997 } 4998 4999 static void 5000 run_updateprot_cb(void *arg) 5001 { 5002 struct ieee80211com *ic = arg; 5003 struct run_softc *sc = ic->ic_softc; 5004 uint32_t tmp; 5005 5006 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5007 /* setup protection frame rate (MCS code) */ 5008 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5009 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5010 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5011 5012 /* CCK frames don't require protection */ 5013 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5014 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5015 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5016 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5017 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5018 tmp |= RT2860_PROT_CTRL_CTS; 5019 } 5020 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5021 } 5022 5023 static void 5024 run_usb_timeout_cb(void *arg) 5025 { 5026 struct ieee80211vap *vap = arg; 5027 struct run_softc *sc = vap->iv_ic->ic_softc; 5028 5029 RUN_LOCK_ASSERT(sc, MA_OWNED); 5030 5031 if(vap->iv_state == IEEE80211_S_RUN && 5032 vap->iv_opmode != IEEE80211_M_STA) 5033 run_reset_livelock(sc); 5034 else if (vap->iv_state == IEEE80211_S_SCAN) { 5035 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5036 "timeout caused by scan\n"); 5037 /* cancel bgscan */ 5038 ieee80211_cancel_scan(vap); 5039 } else 5040 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5041 "timeout by unknown cause\n"); 5042 } 5043 5044 static void 5045 run_reset_livelock(struct run_softc *sc) 5046 { 5047 uint32_t tmp; 5048 5049 RUN_LOCK_ASSERT(sc, MA_OWNED); 5050 5051 /* 5052 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5053 * can run into a livelock and start sending CTS-to-self frames like 5054 * crazy if protection is enabled. Reset MAC/BBP for a while 5055 */ 5056 run_read(sc, RT2860_DEBUG, &tmp); 5057 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5058 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5059 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5060 "CTS-to-self livelock detected\n"); 5061 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5062 run_delay(sc, 1); 5063 run_write(sc, RT2860_MAC_SYS_CTRL, 5064 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5065 } 5066 } 5067 5068 static void 5069 run_update_promisc_locked(struct run_softc *sc) 5070 { 5071 uint32_t tmp; 5072 5073 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5074 5075 tmp |= RT2860_DROP_UC_NOME; 5076 if (sc->sc_ic.ic_promisc > 0) 5077 tmp &= ~RT2860_DROP_UC_NOME; 5078 5079 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5080 5081 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5082 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5083 } 5084 5085 static void 5086 run_update_promisc(struct ieee80211com *ic) 5087 { 5088 struct run_softc *sc = ic->ic_softc; 5089 5090 if ((sc->sc_flags & RUN_RUNNING) == 0) 5091 return; 5092 5093 RUN_LOCK(sc); 5094 run_update_promisc_locked(sc); 5095 RUN_UNLOCK(sc); 5096 } 5097 5098 static void 5099 run_enable_tsf_sync(struct run_softc *sc) 5100 { 5101 struct ieee80211com *ic = &sc->sc_ic; 5102 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5103 uint32_t tmp; 5104 5105 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5106 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5107 5108 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5109 tmp &= ~0x1fffff; 5110 tmp |= vap->iv_bss->ni_intval * 16; 5111 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5112 5113 if (ic->ic_opmode == IEEE80211_M_STA) { 5114 /* 5115 * Local TSF is always updated with remote TSF on beacon 5116 * reception. 5117 */ 5118 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5119 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5120 tmp |= RT2860_BCN_TX_EN; 5121 /* 5122 * Local TSF is updated with remote TSF on beacon reception 5123 * only if the remote TSF is greater than local TSF. 5124 */ 5125 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5126 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5127 ic->ic_opmode == IEEE80211_M_MBSS) { 5128 tmp |= RT2860_BCN_TX_EN; 5129 /* SYNC with nobody */ 5130 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5131 } else { 5132 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5133 "Enabling TSF failed. undefined opmode\n"); 5134 return; 5135 } 5136 5137 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5138 } 5139 5140 static void 5141 run_enable_tsf(struct run_softc *sc) 5142 { 5143 uint32_t tmp; 5144 5145 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5146 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5147 tmp |= RT2860_TSF_TIMER_EN; 5148 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5149 } 5150 } 5151 5152 static void 5153 run_disable_tsf(struct run_softc *sc) 5154 { 5155 uint32_t tmp; 5156 5157 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5158 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5159 RT2860_TBTT_TIMER_EN); 5160 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5161 } 5162 } 5163 5164 static void 5165 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5166 { 5167 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5168 sizeof(*buf)); 5169 } 5170 5171 static void 5172 run_enable_mrr(struct run_softc *sc) 5173 { 5174 #define CCK(mcs) (mcs) 5175 #define OFDM(mcs) (1 << 3 | (mcs)) 5176 run_write(sc, RT2860_LG_FBK_CFG0, 5177 OFDM(6) << 28 | /* 54->48 */ 5178 OFDM(5) << 24 | /* 48->36 */ 5179 OFDM(4) << 20 | /* 36->24 */ 5180 OFDM(3) << 16 | /* 24->18 */ 5181 OFDM(2) << 12 | /* 18->12 */ 5182 OFDM(1) << 8 | /* 12-> 9 */ 5183 OFDM(0) << 4 | /* 9-> 6 */ 5184 OFDM(0)); /* 6-> 6 */ 5185 5186 run_write(sc, RT2860_LG_FBK_CFG1, 5187 CCK(2) << 12 | /* 11->5.5 */ 5188 CCK(1) << 8 | /* 5.5-> 2 */ 5189 CCK(0) << 4 | /* 2-> 1 */ 5190 CCK(0)); /* 1-> 1 */ 5191 #undef OFDM 5192 #undef CCK 5193 } 5194 5195 static void 5196 run_set_txpreamble(struct run_softc *sc) 5197 { 5198 struct ieee80211com *ic = &sc->sc_ic; 5199 uint32_t tmp; 5200 5201 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5202 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5203 tmp |= RT2860_CCK_SHORT_EN; 5204 else 5205 tmp &= ~RT2860_CCK_SHORT_EN; 5206 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5207 } 5208 5209 static void 5210 run_set_basicrates(struct run_softc *sc) 5211 { 5212 struct ieee80211com *ic = &sc->sc_ic; 5213 5214 /* set basic rates mask */ 5215 if (ic->ic_curmode == IEEE80211_MODE_11B) 5216 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5217 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5218 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5219 else /* 11g */ 5220 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5221 } 5222 5223 static void 5224 run_set_leds(struct run_softc *sc, uint16_t which) 5225 { 5226 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5227 which | (sc->leds & 0x7f)); 5228 } 5229 5230 static void 5231 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5232 { 5233 run_write(sc, RT2860_MAC_BSSID_DW0, 5234 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5235 run_write(sc, RT2860_MAC_BSSID_DW1, 5236 bssid[4] | bssid[5] << 8); 5237 } 5238 5239 static void 5240 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5241 { 5242 run_write(sc, RT2860_MAC_ADDR_DW0, 5243 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5244 run_write(sc, RT2860_MAC_ADDR_DW1, 5245 addr[4] | addr[5] << 8 | 0xff << 16); 5246 } 5247 5248 static void 5249 run_updateslot(struct ieee80211com *ic) 5250 { 5251 struct run_softc *sc = ic->ic_softc; 5252 uint32_t i; 5253 5254 i = RUN_CMDQ_GET(&sc->cmdq_store); 5255 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5256 sc->cmdq[i].func = run_updateslot_cb; 5257 sc->cmdq[i].arg0 = ic; 5258 ieee80211_runtask(ic, &sc->cmdq_task); 5259 5260 return; 5261 } 5262 5263 /* ARGSUSED */ 5264 static void 5265 run_updateslot_cb(void *arg) 5266 { 5267 struct ieee80211com *ic = arg; 5268 struct run_softc *sc = ic->ic_softc; 5269 uint32_t tmp; 5270 5271 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5272 tmp &= ~0xff; 5273 tmp |= IEEE80211_GET_SLOTTIME(ic); 5274 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5275 } 5276 5277 static void 5278 run_update_mcast(struct ieee80211com *ic) 5279 { 5280 } 5281 5282 static int8_t 5283 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5284 { 5285 struct ieee80211com *ic = &sc->sc_ic; 5286 struct ieee80211_channel *c = ic->ic_curchan; 5287 int delta; 5288 5289 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5290 u_int chan = ieee80211_chan2ieee(ic, c); 5291 delta = sc->rssi_5ghz[rxchain]; 5292 5293 /* determine channel group */ 5294 if (chan <= 64) 5295 delta -= sc->lna[1]; 5296 else if (chan <= 128) 5297 delta -= sc->lna[2]; 5298 else 5299 delta -= sc->lna[3]; 5300 } else 5301 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5302 5303 return (-12 - delta - rssi); 5304 } 5305 5306 static void 5307 run_rt5390_bbp_init(struct run_softc *sc) 5308 { 5309 u_int i; 5310 uint8_t bbp; 5311 5312 /* Apply maximum likelihood detection for 2 stream case. */ 5313 run_bbp_read(sc, 105, &bbp); 5314 if (sc->nrxchains > 1) 5315 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5316 5317 /* Avoid data lost and CRC error. */ 5318 run_bbp_read(sc, 4, &bbp); 5319 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5320 5321 if (sc->mac_ver == 0x5592) { 5322 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5323 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5324 rt5592_def_bbp[i].val); 5325 } 5326 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5327 run_bbp_write(sc, 195, i + 0x80); 5328 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5329 } 5330 } else { 5331 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5332 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5333 rt5390_def_bbp[i].val); 5334 } 5335 } 5336 if (sc->mac_ver == 0x5392) { 5337 run_bbp_write(sc, 88, 0x90); 5338 run_bbp_write(sc, 95, 0x9a); 5339 run_bbp_write(sc, 98, 0x12); 5340 run_bbp_write(sc, 106, 0x12); 5341 run_bbp_write(sc, 134, 0xd0); 5342 run_bbp_write(sc, 135, 0xf6); 5343 run_bbp_write(sc, 148, 0x84); 5344 } 5345 5346 run_bbp_read(sc, 152, &bbp); 5347 run_bbp_write(sc, 152, bbp | 0x80); 5348 5349 /* Fix BBP254 for RT5592C. */ 5350 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5351 run_bbp_read(sc, 254, &bbp); 5352 run_bbp_write(sc, 254, bbp | 0x80); 5353 } 5354 5355 /* Disable hardware antenna diversity. */ 5356 if (sc->mac_ver == 0x5390) 5357 run_bbp_write(sc, 154, 0); 5358 5359 /* Initialize Rx CCK/OFDM frequency offset report. */ 5360 run_bbp_write(sc, 142, 1); 5361 run_bbp_write(sc, 143, 57); 5362 } 5363 5364 static int 5365 run_bbp_init(struct run_softc *sc) 5366 { 5367 int i, error, ntries; 5368 uint8_t bbp0; 5369 5370 /* wait for BBP to wake up */ 5371 for (ntries = 0; ntries < 20; ntries++) { 5372 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5373 return error; 5374 if (bbp0 != 0 && bbp0 != 0xff) 5375 break; 5376 } 5377 if (ntries == 20) 5378 return (ETIMEDOUT); 5379 5380 /* initialize BBP registers to default values */ 5381 if (sc->mac_ver >= 0x5390) 5382 run_rt5390_bbp_init(sc); 5383 else { 5384 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5385 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5386 rt2860_def_bbp[i].val); 5387 } 5388 } 5389 5390 if (sc->mac_ver == 0x3593) { 5391 run_bbp_write(sc, 79, 0x13); 5392 run_bbp_write(sc, 80, 0x05); 5393 run_bbp_write(sc, 81, 0x33); 5394 run_bbp_write(sc, 86, 0x46); 5395 run_bbp_write(sc, 137, 0x0f); 5396 } 5397 5398 /* fix BBP84 for RT2860E */ 5399 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5400 run_bbp_write(sc, 84, 0x19); 5401 5402 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5403 sc->mac_ver != 0x5592)) { 5404 run_bbp_write(sc, 79, 0x13); 5405 run_bbp_write(sc, 80, 0x05); 5406 run_bbp_write(sc, 81, 0x33); 5407 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5408 run_bbp_write(sc, 69, 0x16); 5409 run_bbp_write(sc, 73, 0x12); 5410 } 5411 return (0); 5412 } 5413 5414 static int 5415 run_rt3070_rf_init(struct run_softc *sc) 5416 { 5417 uint32_t tmp; 5418 uint8_t bbp4, mingain, rf, target; 5419 u_int i; 5420 5421 run_rt3070_rf_read(sc, 30, &rf); 5422 /* toggle RF R30 bit 7 */ 5423 run_rt3070_rf_write(sc, 30, rf | 0x80); 5424 run_delay(sc, 10); 5425 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5426 5427 /* initialize RF registers to default value */ 5428 if (sc->mac_ver == 0x3572) { 5429 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5430 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5431 rt3572_def_rf[i].val); 5432 } 5433 } else { 5434 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5435 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5436 rt3070_def_rf[i].val); 5437 } 5438 } 5439 5440 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5441 /* 5442 * Change voltage from 1.2V to 1.35V for RT3070. 5443 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5444 * in RT3070(F). 5445 */ 5446 run_read(sc, RT3070_LDO_CFG0, &tmp); 5447 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5448 run_write(sc, RT3070_LDO_CFG0, tmp); 5449 5450 } else if (sc->mac_ver == 0x3071) { 5451 run_rt3070_rf_read(sc, 6, &rf); 5452 run_rt3070_rf_write(sc, 6, rf | 0x40); 5453 run_rt3070_rf_write(sc, 31, 0x14); 5454 5455 run_read(sc, RT3070_LDO_CFG0, &tmp); 5456 tmp &= ~0x1f000000; 5457 if (sc->mac_rev < 0x0211) 5458 tmp |= 0x0d000000; /* 1.3V */ 5459 else 5460 tmp |= 0x01000000; /* 1.2V */ 5461 run_write(sc, RT3070_LDO_CFG0, tmp); 5462 5463 /* patch LNA_PE_G1 */ 5464 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5465 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5466 5467 } else if (sc->mac_ver == 0x3572) { 5468 run_rt3070_rf_read(sc, 6, &rf); 5469 run_rt3070_rf_write(sc, 6, rf | 0x40); 5470 5471 /* increase voltage from 1.2V to 1.35V */ 5472 run_read(sc, RT3070_LDO_CFG0, &tmp); 5473 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5474 run_write(sc, RT3070_LDO_CFG0, tmp); 5475 5476 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5477 run_delay(sc, 1); /* wait for 1msec */ 5478 /* decrease voltage back to 1.2V */ 5479 tmp = (tmp & ~0x1f000000) | 0x01000000; 5480 run_write(sc, RT3070_LDO_CFG0, tmp); 5481 } 5482 } 5483 5484 /* select 20MHz bandwidth */ 5485 run_rt3070_rf_read(sc, 31, &rf); 5486 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5487 5488 /* calibrate filter for 20MHz bandwidth */ 5489 sc->rf24_20mhz = 0x1f; /* default value */ 5490 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5491 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5492 5493 /* select 40MHz bandwidth */ 5494 run_bbp_read(sc, 4, &bbp4); 5495 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5496 run_rt3070_rf_read(sc, 31, &rf); 5497 run_rt3070_rf_write(sc, 31, rf | 0x20); 5498 5499 /* calibrate filter for 40MHz bandwidth */ 5500 sc->rf24_40mhz = 0x2f; /* default value */ 5501 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5502 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5503 5504 /* go back to 20MHz bandwidth */ 5505 run_bbp_read(sc, 4, &bbp4); 5506 run_bbp_write(sc, 4, bbp4 & ~0x18); 5507 5508 if (sc->mac_ver == 0x3572) { 5509 /* save default BBP registers 25 and 26 values */ 5510 run_bbp_read(sc, 25, &sc->bbp25); 5511 run_bbp_read(sc, 26, &sc->bbp26); 5512 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5513 run_rt3070_rf_write(sc, 27, 0x03); 5514 5515 run_read(sc, RT3070_OPT_14, &tmp); 5516 run_write(sc, RT3070_OPT_14, tmp | 1); 5517 5518 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5519 run_rt3070_rf_read(sc, 17, &rf); 5520 rf &= ~RT3070_TX_LO1; 5521 if ((sc->mac_ver == 0x3070 || 5522 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5523 !sc->ext_2ghz_lna) 5524 rf |= 0x20; /* fix for long range Rx issue */ 5525 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5526 if (sc->txmixgain_2ghz >= mingain) 5527 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5528 run_rt3070_rf_write(sc, 17, rf); 5529 } 5530 5531 if (sc->mac_ver == 0x3071) { 5532 run_rt3070_rf_read(sc, 1, &rf); 5533 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5534 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5535 run_rt3070_rf_write(sc, 1, rf); 5536 5537 run_rt3070_rf_read(sc, 15, &rf); 5538 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5539 5540 run_rt3070_rf_read(sc, 20, &rf); 5541 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5542 5543 run_rt3070_rf_read(sc, 21, &rf); 5544 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5545 } 5546 5547 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5548 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5549 run_rt3070_rf_read(sc, 27, &rf); 5550 rf &= ~0x77; 5551 if (sc->mac_rev < 0x0211) 5552 rf |= 0x03; 5553 run_rt3070_rf_write(sc, 27, rf); 5554 } 5555 return (0); 5556 } 5557 5558 static void 5559 run_rt3593_rf_init(struct run_softc *sc) 5560 { 5561 uint32_t tmp; 5562 uint8_t rf; 5563 u_int i; 5564 5565 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5566 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5567 tmp &= ~(1 << 4 | 1 << 7); 5568 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5569 5570 /* Initialize RF registers to default value. */ 5571 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5572 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5573 rt3593_def_rf[i].val); 5574 } 5575 5576 /* Toggle RF R2 to initiate calibration. */ 5577 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5578 5579 /* Initialize RF frequency offset. */ 5580 run_adjust_freq_offset(sc); 5581 5582 run_rt3070_rf_read(sc, 18, &rf); 5583 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5584 5585 /* 5586 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5587 * decrease voltage back to 1.2V. 5588 */ 5589 run_read(sc, RT3070_LDO_CFG0, &tmp); 5590 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5591 run_write(sc, RT3070_LDO_CFG0, tmp); 5592 run_delay(sc, 1); 5593 tmp = (tmp & ~0x1f000000) | 0x01000000; 5594 run_write(sc, RT3070_LDO_CFG0, tmp); 5595 5596 sc->rf24_20mhz = 0x1f; 5597 sc->rf24_40mhz = 0x2f; 5598 5599 /* Save default BBP registers 25 and 26 values. */ 5600 run_bbp_read(sc, 25, &sc->bbp25); 5601 run_bbp_read(sc, 26, &sc->bbp26); 5602 5603 run_read(sc, RT3070_OPT_14, &tmp); 5604 run_write(sc, RT3070_OPT_14, tmp | 1); 5605 } 5606 5607 static void 5608 run_rt5390_rf_init(struct run_softc *sc) 5609 { 5610 uint32_t tmp; 5611 uint8_t rf; 5612 u_int i; 5613 5614 /* Toggle RF R2 to initiate calibration. */ 5615 if (sc->mac_ver == 0x5390) { 5616 run_rt3070_rf_read(sc, 2, &rf); 5617 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5618 run_delay(sc, 10); 5619 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5620 } else { 5621 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5622 run_delay(sc, 10); 5623 } 5624 5625 /* Initialize RF registers to default value. */ 5626 if (sc->mac_ver == 0x5592) { 5627 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5628 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5629 rt5592_def_rf[i].val); 5630 } 5631 /* Initialize RF frequency offset. */ 5632 run_adjust_freq_offset(sc); 5633 } else if (sc->mac_ver == 0x5392) { 5634 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5635 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5636 rt5392_def_rf[i].val); 5637 } 5638 if (sc->mac_rev >= 0x0223) { 5639 run_rt3070_rf_write(sc, 23, 0x0f); 5640 run_rt3070_rf_write(sc, 24, 0x3e); 5641 run_rt3070_rf_write(sc, 51, 0x32); 5642 run_rt3070_rf_write(sc, 53, 0x22); 5643 run_rt3070_rf_write(sc, 56, 0xc1); 5644 run_rt3070_rf_write(sc, 59, 0x0f); 5645 } 5646 } else { 5647 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5648 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5649 rt5390_def_rf[i].val); 5650 } 5651 if (sc->mac_rev >= 0x0502) { 5652 run_rt3070_rf_write(sc, 6, 0xe0); 5653 run_rt3070_rf_write(sc, 25, 0x80); 5654 run_rt3070_rf_write(sc, 46, 0x73); 5655 run_rt3070_rf_write(sc, 53, 0x00); 5656 run_rt3070_rf_write(sc, 56, 0x42); 5657 run_rt3070_rf_write(sc, 61, 0xd1); 5658 } 5659 } 5660 5661 sc->rf24_20mhz = 0x1f; /* default value */ 5662 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5663 5664 if (sc->mac_rev < 0x0211) 5665 run_rt3070_rf_write(sc, 27, 0x3); 5666 5667 run_read(sc, RT3070_OPT_14, &tmp); 5668 run_write(sc, RT3070_OPT_14, tmp | 1); 5669 } 5670 5671 static int 5672 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5673 uint8_t *val) 5674 { 5675 uint8_t rf22, rf24; 5676 uint8_t bbp55_pb, bbp55_sb, delta; 5677 int ntries; 5678 5679 /* program filter */ 5680 run_rt3070_rf_read(sc, 24, &rf24); 5681 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5682 run_rt3070_rf_write(sc, 24, rf24); 5683 5684 /* enable baseband loopback mode */ 5685 run_rt3070_rf_read(sc, 22, &rf22); 5686 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5687 5688 /* set power and frequency of passband test tone */ 5689 run_bbp_write(sc, 24, 0x00); 5690 for (ntries = 0; ntries < 100; ntries++) { 5691 /* transmit test tone */ 5692 run_bbp_write(sc, 25, 0x90); 5693 run_delay(sc, 10); 5694 /* read received power */ 5695 run_bbp_read(sc, 55, &bbp55_pb); 5696 if (bbp55_pb != 0) 5697 break; 5698 } 5699 if (ntries == 100) 5700 return (ETIMEDOUT); 5701 5702 /* set power and frequency of stopband test tone */ 5703 run_bbp_write(sc, 24, 0x06); 5704 for (ntries = 0; ntries < 100; ntries++) { 5705 /* transmit test tone */ 5706 run_bbp_write(sc, 25, 0x90); 5707 run_delay(sc, 10); 5708 /* read received power */ 5709 run_bbp_read(sc, 55, &bbp55_sb); 5710 5711 delta = bbp55_pb - bbp55_sb; 5712 if (delta > target) 5713 break; 5714 5715 /* reprogram filter */ 5716 rf24++; 5717 run_rt3070_rf_write(sc, 24, rf24); 5718 } 5719 if (ntries < 100) { 5720 if (rf24 != init) 5721 rf24--; /* backtrack */ 5722 *val = rf24; 5723 run_rt3070_rf_write(sc, 24, rf24); 5724 } 5725 5726 /* restore initial state */ 5727 run_bbp_write(sc, 24, 0x00); 5728 5729 /* disable baseband loopback mode */ 5730 run_rt3070_rf_read(sc, 22, &rf22); 5731 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5732 5733 return (0); 5734 } 5735 5736 static void 5737 run_rt3070_rf_setup(struct run_softc *sc) 5738 { 5739 uint8_t bbp, rf; 5740 int i; 5741 5742 if (sc->mac_ver == 0x3572) { 5743 /* enable DC filter */ 5744 if (sc->mac_rev >= 0x0201) 5745 run_bbp_write(sc, 103, 0xc0); 5746 5747 run_bbp_read(sc, 138, &bbp); 5748 if (sc->ntxchains == 1) 5749 bbp |= 0x20; /* turn off DAC1 */ 5750 if (sc->nrxchains == 1) 5751 bbp &= ~0x02; /* turn off ADC1 */ 5752 run_bbp_write(sc, 138, bbp); 5753 5754 if (sc->mac_rev >= 0x0211) { 5755 /* improve power consumption */ 5756 run_bbp_read(sc, 31, &bbp); 5757 run_bbp_write(sc, 31, bbp & ~0x03); 5758 } 5759 5760 run_rt3070_rf_read(sc, 16, &rf); 5761 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5762 run_rt3070_rf_write(sc, 16, rf); 5763 5764 } else if (sc->mac_ver == 0x3071) { 5765 if (sc->mac_rev >= 0x0211) { 5766 /* enable DC filter */ 5767 run_bbp_write(sc, 103, 0xc0); 5768 5769 /* improve power consumption */ 5770 run_bbp_read(sc, 31, &bbp); 5771 run_bbp_write(sc, 31, bbp & ~0x03); 5772 } 5773 5774 run_bbp_read(sc, 138, &bbp); 5775 if (sc->ntxchains == 1) 5776 bbp |= 0x20; /* turn off DAC1 */ 5777 if (sc->nrxchains == 1) 5778 bbp &= ~0x02; /* turn off ADC1 */ 5779 run_bbp_write(sc, 138, bbp); 5780 5781 run_write(sc, RT2860_TX_SW_CFG1, 0); 5782 if (sc->mac_rev < 0x0211) { 5783 run_write(sc, RT2860_TX_SW_CFG2, 5784 sc->patch_dac ? 0x2c : 0x0f); 5785 } else 5786 run_write(sc, RT2860_TX_SW_CFG2, 0); 5787 5788 } else if (sc->mac_ver == 0x3070) { 5789 if (sc->mac_rev >= 0x0201) { 5790 /* enable DC filter */ 5791 run_bbp_write(sc, 103, 0xc0); 5792 5793 /* improve power consumption */ 5794 run_bbp_read(sc, 31, &bbp); 5795 run_bbp_write(sc, 31, bbp & ~0x03); 5796 } 5797 5798 if (sc->mac_rev < 0x0201) { 5799 run_write(sc, RT2860_TX_SW_CFG1, 0); 5800 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5801 } else 5802 run_write(sc, RT2860_TX_SW_CFG2, 0); 5803 } 5804 5805 /* initialize RF registers from ROM for >=RT3071*/ 5806 if (sc->mac_ver >= 0x3071) { 5807 for (i = 0; i < 10; i++) { 5808 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5809 continue; 5810 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5811 } 5812 } 5813 } 5814 5815 static void 5816 run_rt3593_rf_setup(struct run_softc *sc) 5817 { 5818 uint8_t bbp, rf; 5819 5820 if (sc->mac_rev >= 0x0211) { 5821 /* Enable DC filter. */ 5822 run_bbp_write(sc, 103, 0xc0); 5823 } 5824 run_write(sc, RT2860_TX_SW_CFG1, 0); 5825 if (sc->mac_rev < 0x0211) { 5826 run_write(sc, RT2860_TX_SW_CFG2, 5827 sc->patch_dac ? 0x2c : 0x0f); 5828 } else 5829 run_write(sc, RT2860_TX_SW_CFG2, 0); 5830 5831 run_rt3070_rf_read(sc, 50, &rf); 5832 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5833 5834 run_rt3070_rf_read(sc, 51, &rf); 5835 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5836 ((sc->txmixgain_2ghz & 0x07) << 2); 5837 run_rt3070_rf_write(sc, 51, rf); 5838 5839 run_rt3070_rf_read(sc, 38, &rf); 5840 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5841 5842 run_rt3070_rf_read(sc, 39, &rf); 5843 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5844 5845 run_rt3070_rf_read(sc, 1, &rf); 5846 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5847 5848 run_rt3070_rf_read(sc, 30, &rf); 5849 rf = (rf & ~0x18) | 0x10; 5850 run_rt3070_rf_write(sc, 30, rf); 5851 5852 /* Apply maximum likelihood detection for 2 stream case. */ 5853 run_bbp_read(sc, 105, &bbp); 5854 if (sc->nrxchains > 1) 5855 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5856 5857 /* Avoid data lost and CRC error. */ 5858 run_bbp_read(sc, 4, &bbp); 5859 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5860 5861 run_bbp_write(sc, 92, 0x02); 5862 run_bbp_write(sc, 82, 0x82); 5863 run_bbp_write(sc, 106, 0x05); 5864 run_bbp_write(sc, 104, 0x92); 5865 run_bbp_write(sc, 88, 0x90); 5866 run_bbp_write(sc, 148, 0xc8); 5867 run_bbp_write(sc, 47, 0x48); 5868 run_bbp_write(sc, 120, 0x50); 5869 5870 run_bbp_write(sc, 163, 0x9d); 5871 5872 /* SNR mapping. */ 5873 run_bbp_write(sc, 142, 0x06); 5874 run_bbp_write(sc, 143, 0xa0); 5875 run_bbp_write(sc, 142, 0x07); 5876 run_bbp_write(sc, 143, 0xa1); 5877 run_bbp_write(sc, 142, 0x08); 5878 run_bbp_write(sc, 143, 0xa2); 5879 5880 run_bbp_write(sc, 31, 0x08); 5881 run_bbp_write(sc, 68, 0x0b); 5882 run_bbp_write(sc, 105, 0x04); 5883 } 5884 5885 static void 5886 run_rt5390_rf_setup(struct run_softc *sc) 5887 { 5888 uint8_t bbp, rf; 5889 5890 if (sc->mac_rev >= 0x0211) { 5891 /* Enable DC filter. */ 5892 run_bbp_write(sc, 103, 0xc0); 5893 5894 if (sc->mac_ver != 0x5592) { 5895 /* Improve power consumption. */ 5896 run_bbp_read(sc, 31, &bbp); 5897 run_bbp_write(sc, 31, bbp & ~0x03); 5898 } 5899 } 5900 5901 run_bbp_read(sc, 138, &bbp); 5902 if (sc->ntxchains == 1) 5903 bbp |= 0x20; /* turn off DAC1 */ 5904 if (sc->nrxchains == 1) 5905 bbp &= ~0x02; /* turn off ADC1 */ 5906 run_bbp_write(sc, 138, bbp); 5907 5908 run_rt3070_rf_read(sc, 38, &rf); 5909 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5910 5911 run_rt3070_rf_read(sc, 39, &rf); 5912 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5913 5914 /* Avoid data lost and CRC error. */ 5915 run_bbp_read(sc, 4, &bbp); 5916 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5917 5918 run_rt3070_rf_read(sc, 30, &rf); 5919 rf = (rf & ~0x18) | 0x10; 5920 run_rt3070_rf_write(sc, 30, rf); 5921 5922 if (sc->mac_ver != 0x5592) { 5923 run_write(sc, RT2860_TX_SW_CFG1, 0); 5924 if (sc->mac_rev < 0x0211) { 5925 run_write(sc, RT2860_TX_SW_CFG2, 5926 sc->patch_dac ? 0x2c : 0x0f); 5927 } else 5928 run_write(sc, RT2860_TX_SW_CFG2, 0); 5929 } 5930 } 5931 5932 static int 5933 run_txrx_enable(struct run_softc *sc) 5934 { 5935 struct ieee80211com *ic = &sc->sc_ic; 5936 uint32_t tmp; 5937 int error, ntries; 5938 5939 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5940 for (ntries = 0; ntries < 200; ntries++) { 5941 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5942 return (error); 5943 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5944 break; 5945 run_delay(sc, 50); 5946 } 5947 if (ntries == 200) 5948 return (ETIMEDOUT); 5949 5950 run_delay(sc, 50); 5951 5952 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5953 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5954 5955 /* enable Rx bulk aggregation (set timeout and limit) */ 5956 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5957 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5958 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5959 5960 /* set Rx filter */ 5961 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5962 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5963 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5964 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5965 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5966 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5967 if (ic->ic_opmode == IEEE80211_M_STA) 5968 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5969 } 5970 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5971 5972 run_write(sc, RT2860_MAC_SYS_CTRL, 5973 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5974 5975 return (0); 5976 } 5977 5978 static void 5979 run_adjust_freq_offset(struct run_softc *sc) 5980 { 5981 uint8_t rf, tmp; 5982 5983 run_rt3070_rf_read(sc, 17, &rf); 5984 tmp = rf; 5985 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5986 rf = MIN(rf, 0x5f); 5987 5988 if (tmp != rf) 5989 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5990 } 5991 5992 static void 5993 run_init_locked(struct run_softc *sc) 5994 { 5995 struct ieee80211com *ic = &sc->sc_ic; 5996 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5997 uint32_t tmp; 5998 uint8_t bbp1, bbp3; 5999 int i; 6000 int ridx; 6001 int ntries; 6002 6003 if (ic->ic_nrunning > 1) 6004 return; 6005 6006 run_stop(sc); 6007 6008 if (run_load_microcode(sc) != 0) { 6009 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6010 goto fail; 6011 } 6012 6013 for (ntries = 0; ntries < 100; ntries++) { 6014 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6015 goto fail; 6016 if (tmp != 0 && tmp != 0xffffffff) 6017 break; 6018 run_delay(sc, 10); 6019 } 6020 if (ntries == 100) 6021 goto fail; 6022 6023 for (i = 0; i != RUN_EP_QUEUES; i++) 6024 run_setup_tx_list(sc, &sc->sc_epq[i]); 6025 6026 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6027 6028 for (ntries = 0; ntries < 100; ntries++) { 6029 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6030 goto fail; 6031 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6032 break; 6033 run_delay(sc, 10); 6034 } 6035 if (ntries == 100) { 6036 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6037 goto fail; 6038 } 6039 tmp &= 0xff0; 6040 tmp |= RT2860_TX_WB_DDONE; 6041 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6042 6043 /* turn off PME_OEN to solve high-current issue */ 6044 run_read(sc, RT2860_SYS_CTRL, &tmp); 6045 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6046 6047 run_write(sc, RT2860_MAC_SYS_CTRL, 6048 RT2860_BBP_HRST | RT2860_MAC_SRST); 6049 run_write(sc, RT2860_USB_DMA_CFG, 0); 6050 6051 if (run_reset(sc) != 0) { 6052 device_printf(sc->sc_dev, "could not reset chipset\n"); 6053 goto fail; 6054 } 6055 6056 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6057 6058 /* init Tx power for all Tx rates (from EEPROM) */ 6059 for (ridx = 0; ridx < 5; ridx++) { 6060 if (sc->txpow20mhz[ridx] == 0xffffffff) 6061 continue; 6062 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6063 } 6064 6065 for (i = 0; i < nitems(rt2870_def_mac); i++) 6066 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6067 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6068 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6069 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6070 6071 if (sc->mac_ver >= 0x5390) { 6072 run_write(sc, RT2860_TX_SW_CFG0, 6073 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6074 if (sc->mac_ver >= 0x5392) { 6075 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6076 if (sc->mac_ver == 0x5592) { 6077 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6078 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6079 } else { 6080 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6081 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6082 } 6083 } 6084 } else if (sc->mac_ver == 0x3593) { 6085 run_write(sc, RT2860_TX_SW_CFG0, 6086 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6087 } else if (sc->mac_ver >= 0x3070) { 6088 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6089 run_write(sc, RT2860_TX_SW_CFG0, 6090 4 << RT2860_DLY_PAPE_EN_SHIFT); 6091 } 6092 6093 /* wait while MAC is busy */ 6094 for (ntries = 0; ntries < 100; ntries++) { 6095 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6096 goto fail; 6097 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6098 break; 6099 run_delay(sc, 10); 6100 } 6101 if (ntries == 100) 6102 goto fail; 6103 6104 /* clear Host to MCU mailbox */ 6105 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6106 run_write(sc, RT2860_H2M_MAILBOX, 0); 6107 run_delay(sc, 10); 6108 6109 if (run_bbp_init(sc) != 0) { 6110 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6111 goto fail; 6112 } 6113 6114 /* abort TSF synchronization */ 6115 run_disable_tsf(sc); 6116 6117 /* clear RX WCID search table */ 6118 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6119 /* clear WCID attribute table */ 6120 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6121 6122 /* hostapd sets a key before init. So, don't clear it. */ 6123 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6124 /* clear shared key table */ 6125 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6126 /* clear shared key mode */ 6127 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6128 } 6129 6130 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6131 tmp = (tmp & ~0xff) | 0x1e; 6132 run_write(sc, RT2860_US_CYC_CNT, tmp); 6133 6134 if (sc->mac_rev != 0x0101) 6135 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6136 6137 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6138 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6139 6140 /* write vendor-specific BBP values (from EEPROM) */ 6141 if (sc->mac_ver < 0x3593) { 6142 for (i = 0; i < 10; i++) { 6143 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6144 continue; 6145 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6146 } 6147 } 6148 6149 /* select Main antenna for 1T1R devices */ 6150 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6151 run_set_rx_antenna(sc, 0); 6152 6153 /* send LEDs operating mode to microcontroller */ 6154 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6155 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6156 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6157 6158 if (sc->mac_ver >= 0x5390) 6159 run_rt5390_rf_init(sc); 6160 else if (sc->mac_ver == 0x3593) 6161 run_rt3593_rf_init(sc); 6162 else if (sc->mac_ver >= 0x3070) 6163 run_rt3070_rf_init(sc); 6164 6165 /* disable non-existing Rx chains */ 6166 run_bbp_read(sc, 3, &bbp3); 6167 bbp3 &= ~(1 << 3 | 1 << 4); 6168 if (sc->nrxchains == 2) 6169 bbp3 |= 1 << 3; 6170 else if (sc->nrxchains == 3) 6171 bbp3 |= 1 << 4; 6172 run_bbp_write(sc, 3, bbp3); 6173 6174 /* disable non-existing Tx chains */ 6175 run_bbp_read(sc, 1, &bbp1); 6176 if (sc->ntxchains == 1) 6177 bbp1 &= ~(1 << 3 | 1 << 4); 6178 run_bbp_write(sc, 1, bbp1); 6179 6180 if (sc->mac_ver >= 0x5390) 6181 run_rt5390_rf_setup(sc); 6182 else if (sc->mac_ver == 0x3593) 6183 run_rt3593_rf_setup(sc); 6184 else if (sc->mac_ver >= 0x3070) 6185 run_rt3070_rf_setup(sc); 6186 6187 /* select default channel */ 6188 run_set_chan(sc, ic->ic_curchan); 6189 6190 /* setup initial protection mode */ 6191 run_updateprot_cb(ic); 6192 6193 /* turn radio LED on */ 6194 run_set_leds(sc, RT2860_LED_RADIO); 6195 6196 sc->sc_flags |= RUN_RUNNING; 6197 sc->cmdq_run = RUN_CMDQ_GO; 6198 6199 for (i = 0; i != RUN_N_XFER; i++) 6200 usbd_xfer_set_stall(sc->sc_xfer[i]); 6201 6202 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6203 6204 if (run_txrx_enable(sc) != 0) 6205 goto fail; 6206 6207 return; 6208 6209 fail: 6210 run_stop(sc); 6211 } 6212 6213 static void 6214 run_stop(void *arg) 6215 { 6216 struct run_softc *sc = (struct run_softc *)arg; 6217 uint32_t tmp; 6218 int i; 6219 int ntries; 6220 6221 RUN_LOCK_ASSERT(sc, MA_OWNED); 6222 6223 if (sc->sc_flags & RUN_RUNNING) 6224 run_set_leds(sc, 0); /* turn all LEDs off */ 6225 6226 sc->sc_flags &= ~RUN_RUNNING; 6227 6228 sc->ratectl_run = RUN_RATECTL_OFF; 6229 sc->cmdq_run = sc->cmdq_key_set; 6230 6231 RUN_UNLOCK(sc); 6232 6233 for(i = 0; i < RUN_N_XFER; i++) 6234 usbd_transfer_drain(sc->sc_xfer[i]); 6235 6236 RUN_LOCK(sc); 6237 6238 run_drain_mbufq(sc); 6239 6240 if (sc->rx_m != NULL) { 6241 m_free(sc->rx_m); 6242 sc->rx_m = NULL; 6243 } 6244 6245 /* Disable Tx/Rx DMA. */ 6246 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6247 return; 6248 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6249 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6250 6251 for (ntries = 0; ntries < 100; ntries++) { 6252 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6253 return; 6254 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6255 break; 6256 run_delay(sc, 10); 6257 } 6258 if (ntries == 100) { 6259 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6260 return; 6261 } 6262 6263 /* disable Tx/Rx */ 6264 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6265 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6266 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6267 6268 /* wait for pending Tx to complete */ 6269 for (ntries = 0; ntries < 100; ntries++) { 6270 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6271 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6272 "Cannot read Tx queue count\n"); 6273 break; 6274 } 6275 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6276 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6277 "All Tx cleared\n"); 6278 break; 6279 } 6280 run_delay(sc, 10); 6281 } 6282 if (ntries >= 100) 6283 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6284 "There are still pending Tx\n"); 6285 run_delay(sc, 10); 6286 run_write(sc, RT2860_USB_DMA_CFG, 0); 6287 6288 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6289 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6290 6291 for (i = 0; i != RUN_EP_QUEUES; i++) 6292 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6293 } 6294 6295 static void 6296 run_delay(struct run_softc *sc, u_int ms) 6297 { 6298 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6299 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6300 } 6301 6302 static device_method_t run_methods[] = { 6303 /* Device interface */ 6304 DEVMETHOD(device_probe, run_match), 6305 DEVMETHOD(device_attach, run_attach), 6306 DEVMETHOD(device_detach, run_detach), 6307 DEVMETHOD_END 6308 }; 6309 6310 static driver_t run_driver = { 6311 .name = "run", 6312 .methods = run_methods, 6313 .size = sizeof(struct run_softc) 6314 }; 6315 6316 static devclass_t run_devclass; 6317 6318 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6319 MODULE_DEPEND(run, wlan, 1, 1, 1); 6320 MODULE_DEPEND(run, usb, 1, 1, 1); 6321 MODULE_DEPEND(run, firmware, 1, 1, 1); 6322 MODULE_VERSION(run, 1); 6323 USB_PNP_HOST_INFO(run_devs); 6324